From owner-p4-projects@FreeBSD.ORG Sun May 30 17:41:55 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id F32331065675; Sun, 30 May 2010 17:41:54 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F084106566B for ; Sun, 30 May 2010 17:41:54 +0000 (UTC) (envelope-from gpf@FreeBSD.org) Received: from repoman.freebsd.org (unknown [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 566AF8FC14 for ; Sun, 30 May 2010 17:41:54 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o4UHfs7f085349 for ; Sun, 30 May 2010 17:41:54 GMT (envelope-from gpf@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o4UHfrQd085347 for perforce@freebsd.org; Sun, 30 May 2010 17:41:53 GMT (envelope-from gpf@FreeBSD.org) Date: Sun, 30 May 2010 17:41:53 GMT Message-Id: <201005301741.o4UHfrQd085347@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to gpf@FreeBSD.org using -f From: Efstratios Karatzas To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 178979 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 May 2010 17:41:55 -0000 http://p4web.freebsd.org/@@178979?ac=10 Change 178979 by gpf@gpf_desktop on 2010/05/30 17:41:08 - for the current nfs implementation: Keep track of the vap->va_mode attribute when a new file is created via VOP_create/mknod/symlink/mkdir Also, keep track of the flags for VOP_read/write - forgot to ad the new argument to the usage() function of praudit, done. Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/bin/praudit/praudit.c#4 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#13 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#9 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/bin/praudit/praudit.c#4 (text) ==== @@ -59,7 +59,7 @@ usage(void) { - fprintf(stderr, "usage: praudit [-lpx] [-r | -s] [-d del] " + fprintf(stderr, "usage: praudit [-lpxc] [-r | -s] [-d del] " "[file ...]\n"); exit(1); } ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#13 (text+ko) ==== @@ -1359,6 +1359,7 @@ uiop->uio_segflg = UIO_SYSSPACE; uiop->uio_td = NULL; uiop->uio_offset = off; + AUDIT_ARG_FFLAGS(ioflags); error = VOP_WRITE(vp, uiop, ioflags, cred); /* Unlocked write. */ nfsrvstats.srvvop_writes++; @@ -1554,6 +1555,7 @@ break; }; } + AUDIT_ARG_MODE(vap->va_mode); /* * Iff doesn't exist, create it @@ -1808,7 +1810,8 @@ minor = fxdr_unsigned(u_int32_t, *tl); vap->va_rdev = makedev(major, minor); } - + AUDIT_ARG_MODE(vap->va_mode); + /* * Iff doesn't exist, create it. */ @@ -1821,7 +1824,7 @@ vap->va_mode = 0; if (vtyp == VSOCK) { vrele(nd.ni_startdir); - nd.ni_startdir = NULL; + nd.ni_startdir = NULL; error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); AUDIT_vp = nd.ni_vp; @@ -2563,7 +2566,7 @@ if (pathcp != NULL) AUDIT_ARG_UPATH2(curthread, pathcp); - + AUDIT_ARG_MODE(vap->va_mode); /* * issue symlink op. SAVESTART is set so the underlying path component * is only freed by the VOP if an error occurs. @@ -2757,6 +2760,7 @@ error = EEXIST; goto out; } + AUDIT_ARG_MODE(vap->va_mode); /* * Issue mkdir op. Since SAVESTART is not set, the pathname ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#9 (text) ==== @@ -1580,11 +1580,16 @@ tok = au_to_arg32(0, "prev mask", ar->ar_retval); kau_write(rec, tok); break; - + case AUE_NFS_CREATE: - case AUE_NFS_READ: - case AUE_NFS_WRITE: case AUE_NFS_MKDIR: + case AUE_NFS_MKNODE: + if (ARG_IS_VALID(kar, ARG_MODE)) { + tok = au_to_arg32(3, "mode", ar->ar_arg_mode); + kau_write(rec, tok); + } + /* FALLTHROUGH */ + case AUE_NFS_READDIR: case AUE_NFS_READDIR_PLUS: case AUE_NFS_READLINK: @@ -1594,22 +1599,30 @@ case AUE_NFS_SETATTR: case AUE_NFS_ACCESS: case AUE_NFS_LOOKUP: - case AUE_NFS_MKNODE: case AUE_NFS_COMMIT: case AUE_NFS_PATHCONF: case AUE_NFS_STATFS: case AUE_NFS_FSINFO: - if (ARG_IS_VALID(kar, ARG_MODE)) { - tok = au_to_arg32(3, "mode", ar->ar_arg_mode); + UPATH1_VNODE1_TOKENS; + if (ARG_IS_VALID(kar, ARG_TEXT)) { + tok = au_to_text(ar->ar_arg_text); + kau_write(rec, tok); + } + break; + + case AUE_NFS_READ: + case AUE_NFS_WRITE: + if (ARG_IS_VALID(kar, ARG_FFLAGS)) { + tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); kau_write(rec, tok); - } + } UPATH1_VNODE1_TOKENS; if (ARG_IS_VALID(kar, ARG_TEXT)) { tok = au_to_text(ar->ar_arg_text); kau_write(rec, tok); } break; - + case AUE_NFS_NOOP: case AUE_NFS_NULL: if (ARG_IS_VALID(kar, ARG_TEXT)) { @@ -1618,14 +1631,16 @@ } break; - case AUE_NFS_SYMLINK: - case AUE_NFS_LINK: - case AUE_NFS_RENAME: - UPATH1_VNODE1_TOKENS; + case AUE_NFS_SYMLINK: if (ARG_IS_VALID(kar, ARG_MODE)) { tok = au_to_arg32(3, "mode", ar->ar_arg_mode); kau_write(rec, tok); } + /* FALLTHROUGH */ + + case AUE_NFS_LINK: + case AUE_NFS_RENAME: + UPATH1_VNODE1_TOKENS; UPATH2_TOKENS; if (ARG_IS_VALID(kar, ARG_TEXT)) { tok = au_to_text(ar->ar_arg_text);