Date: Sat, 10 Jul 2004 00:36:33 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 56936 for review Message-ID: <200407100036.i6A0aXeZ003405@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=56936 Change 56936 by wsalamon@wsalamon_epi on 2004/07/10 00:35:35 Merge in the remaining changes from the audit2 versions. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#2 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_klib.h#3 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#4 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#4 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#4 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#4 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#2 (text+ko) ==== @@ -282,10 +282,8 @@ token_t *au_to_return64(char status, u_int64_t ret); token_t *au_to_seq(long audit_count); token_t *au_to_socket(struct socket *so); -token_t *au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, - struct sockaddr *la, struct sockaddr *ta); -token_t *au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, - struct sockaddr *la, struct sockaddr *ta); +token_t *au_to_socket_ex_32(struct socket *so); +token_t *au_to_socket_ex_128(struct socket *so); token_t *au_to_sock_inet(struct sockaddr_in *so); token_t *au_to_sock_inet32(struct sockaddr_in *so); token_t *au_to_sock_inet128(struct sockaddr_in6 *so); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_klib.h#3 (text+ko) ==== @@ -37,7 +37,10 @@ */ token_t *kau_to_socket(struct socket_au_info *soi); token_t *kau_to_attr32(struct vnode_au_info *vni); -token_t *kau_to_attr64(struct vnode_au_info *vni); + +/* + * audit_klib prototypes + */ int au_preselect(au_event_t event, au_mask_t *mask_p, int sorf); au_event_t flags_and_error_to_openevent(int oflags, int error); void au_evclassmap_init(void); @@ -47,8 +50,8 @@ int auditon_command_event(int cmd); int msgctl_to_event(int cmd); int semctl_to_event(int cmr); +void canon_path(struct thread *td, char *path, char *cpath); -int canon_path(struct thread *td, char *path, char *cpath); /* * Define a system call to audit event mapping table. */ ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#4 (text+ko) ==== @@ -631,7 +631,7 @@ "flag\n")); cv_wait(&audit_replacement_cv, &audit_mtx); AUDIT_PRINTF(("audit_rotate_vnode: woken up (flag %d)\n", - audit_replacement_flag)); + audit_replacement_flag)); } audit_replacement_cred = cred; audit_replacement_flag = 1; @@ -1678,6 +1678,9 @@ if (ar == NULL || td == NULL || so == NULL) return; + /* + * XXX: Do we need to lock the socket? + */ bcopy(so, &ar->k_ar.ar_arg_sockaddr, sizeof(ar->k_ar.ar_arg_sockaddr)); switch (so->sa_family) { case AF_INET: @@ -2027,6 +2030,9 @@ if (vp == NULL) return; + mtx_assert(&Giant, MA_OWNED); + ASSERT_VOP_LOCKED(vp, "audit_arg_vnpath") + ar = currecord(); if (ar == NULL) /* This will be the case for unaudited system calls */ return; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#4 (text+ko) ==== @@ -151,7 +151,8 @@ * Close out the audit record by adding the header token, identifying * any missing tokens. Write out the tokens to the record memory. */ -void kau_close(struct au_record *rec, struct timespec *ctime, short event) +void +kau_close(struct au_record *rec, struct timespec *ctime, short event) { u_char *dptr; size_t tot_rec_size; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#4 (text+ko) ==== @@ -21,14 +21,14 @@ */ #include <sys/param.h> -#include <sys/vnode.h> #include <sys/fcntl.h> #include <sys/filedesc.h> +#include <sys/libkern.h> +#include <sys/malloc.h> +#include <sys/proc.h> #include <sys/sem.h> -#include <sys/malloc.h> #include <sys/sysctl.h> -#include <sys/libkern.h> -#include <sys/proc.h> +#include <sys/vnode.h> #include <bsm/audit.h> #include <bsm/audit_kernel.h> @@ -545,7 +545,7 @@ /* * Perform the actual check of the masks against the event. */ - if (sorf & AU_PRS_SUCCESS) { + if(sorf & AU_PRS_SUCCESS) { effmask |= (mask_p->am_success & ae_class); } @@ -811,7 +811,7 @@ * written to the audit log. So we will leave the filename starting * with '/' in the audit log in this case. */ -int canon_path(struct thread *td, char *path, char *cpath) +void canon_path(struct thread *td, char *path, char *cpath) { char *bufp; char **retbuf, **freebuf; @@ -819,6 +819,8 @@ struct vnode *vnp; struct filedesc *fdp; + mtx_assert(&Giant, MA_OWNED); + fdp = td->td_proc->p_fd; bufp = path; FILEDESC_LOCK(fdp); @@ -844,6 +846,9 @@ FILEDESC_UNLOCK(fdp); if (vnp != NULL) { /* + * XXX: Should lock vnode! + */ + /* * XXX: vn_fullpath() on FreeBSD is "less reliable" * than vn_getpath() on Darwin, so this will need more * attention in the future. Also, the question and @@ -866,5 +871,4 @@ } else { strncpy(cpath, bufp, MAXPATHLEN); } - return (0); } ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#4 (text+ko) ==== @@ -20,25 +20,25 @@ * @APPLE_LICENSE_HEADER_END@ */ -#include <sys/param.h> -#include <sys/un.h> +#include <sys/param.h> #include <sys/event.h> #include <sys/libkern.h> #include <sys/malloc.h> +#include <sys/un.h> #include <bsm/audit.h> #include <bsm/audit_record.h> #include <bsm/audit_kernel.h> #include <security/audit/audit_klib.h> -#define GET_TOKEN_AREA(tok, dptr, length) \ +#define GET_TOKEN_AREA(tok, dptr, length) \ do { \ tok = malloc(sizeof(*tok), M_AUDIT, M_WAITOK); \ tok->len = length; \ dptr = tok->t_data = malloc(length * sizeof(u_char), \ M_AUDIT, M_WAITOK); \ memset(tok->t_data, 0, length); \ - }while(0) + } while(0) /* * token ID 1 byte @@ -137,8 +137,6 @@ { token_t *t; u_char *dptr; - u_int64_t fileid; - u_int16_t pad0_16 = 0; u_int32_t pad0_32 = 0; if(vni == NULL) { @@ -151,27 +149,14 @@ } ADD_U_CHAR(dptr, AU_ATTR32_TOKEN); - - /* - * Darwin defines the size for the file mode as 2 bytes; - * BSM defines 4. So we copy in a 0 first. - */ - ADD_U_INT16(dptr, pad0_16); - ADD_U_INT16(dptr, vni->vn_mode); - + ADD_U_INT32(dptr, vni->vn_mode); ADD_U_INT32(dptr, vni->vn_uid); ADD_U_INT32(dptr, vni->vn_gid); ADD_U_INT32(dptr, vni->vn_fsid); - - /* - * Darwin defines the size for fileid as 4 bytes; - * BSM defines 8. So we copy in a 0 first. - */ - fileid = vni->vn_fileid; + /* Pad four bytes for the file ID due to BSM's need for 8 bytes */ ADD_U_INT32(dptr, pad0_32); - ADD_U_INT32(dptr, fileid); - - ADD_U_INT32(dptr, vni->vn_dev); + ADD_U_INT32(dptr, vni->vn_fileid); + ADD_U_INT32(dptr, vni->vn_gen); return t; } @@ -202,15 +187,9 @@ return t; } -token_t *kau_to_attr64(struct vnode_au_info *vni) -{ - return NULL; -} - token_t *au_to_attr(struct vattr *attr) { return au_to_attr32(attr); - } @@ -438,7 +417,6 @@ { token_t *t; u_char *dptr; - u_int16_t pad0 = 0; if(perm == NULL) { return NULL; @@ -448,34 +426,16 @@ if(t == NULL) { return NULL; } - - /* - * Darwin defines the sizes for ipc_perm members - * as 2 bytes; BSM defines 4. So we copy in a 0 first. - */ + ADD_U_CHAR(dptr, AU_IPCPERM_TOKEN); - - ADD_U_INT16(dptr, pad0); - ADD_U_INT16(dptr, perm->uid); - - ADD_U_INT16(dptr, pad0); - ADD_U_INT16(dptr, perm->gid); + ADD_U_INT32(dptr, perm->uid); + ADD_U_INT32(dptr, perm->gid); + ADD_U_INT32(dptr, perm->cuid); + ADD_U_INT32(dptr, perm->cgid); + ADD_U_INT32(dptr, perm->mode); + ADD_U_INT32(dptr, perm->seq); + ADD_U_INT32(dptr, perm->key); - ADD_U_INT16(dptr, pad0); - ADD_U_INT16(dptr, perm->cuid); - - ADD_U_INT16(dptr, pad0); - ADD_U_INT16(dptr, perm->cgid); - - ADD_U_INT16(dptr, pad0); - ADD_U_INT16(dptr, perm->mode); - - ADD_U_INT16(dptr, pad0); - ADD_U_INT16(dptr, perm->seq); - - ADD_U_INT16(dptr, pad0); - ADD_U_INT16(dptr, perm->key); - return t; } @@ -528,6 +488,7 @@ return t; } +#ifdef _KERNEL /* * Kernel version of the add file token function, where the time value * is passed in as an additional parameter. @@ -570,8 +531,8 @@ ADD_STRING(dptr, file, filelen); return t; - } +#endif /* * token ID 1 byte @@ -688,7 +649,30 @@ uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { - return NULL; + token_t *t; + u_char *dptr; + + if(tid == NULL) { + return NULL; + } + + GET_TOKEN_AREA(t, dptr, 41); + if(t == NULL) { + return NULL; + } + + ADD_U_CHAR(dptr, AU_PROCESS_64_TOKEN); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->port); + ADD_U_INT32(dptr, tid->machine); + + return t; } token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, @@ -752,7 +736,34 @@ uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { - return NULL; + token_t *t; + u_char *dptr; + + if(tid == NULL) { + return NULL; + } + + GET_TOKEN_AREA(t, dptr, 57); + if(t == NULL) { + return NULL; + } + + ADD_U_CHAR(dptr, AU_PROCESS_64_EX_TOKEN); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->at_port); + ADD_U_INT32(dptr, tid->at_type); + ADD_U_INT32(dptr, tid->at_addr[0]); + ADD_U_INT32(dptr, tid->at_addr[1]); + ADD_U_INT32(dptr, tid->at_addr[2]); + ADD_U_INT32(dptr, tid->at_addr[3]); + + return t; } token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, @@ -840,12 +851,13 @@ */ token_t *au_to_socket(struct socket *so) { - return NULL; + return au_to_socket_ex_32(so); } /* * Kernel-specific version of the above function. */ +#ifdef _KERNEL token_t *kau_to_socket(struct socket_au_info *soi) { token_t *t; @@ -872,6 +884,7 @@ return t; } +#endif /* * token ID 1 byte @@ -883,14 +896,12 @@ * address type/length 4 bytes * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address) */ -token_t *au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, - struct sockaddr *la, struct sockaddr *ra) +token_t *au_to_socket_ex_32(struct socket *so) { return NULL; } -token_t *au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, - struct sockaddr *la, struct sockaddr *ra) +token_t *au_to_socket_ex_128(struct socket *so) { return NULL; } @@ -1038,15 +1049,38 @@ } token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid) + uid_t ruid, gid_t rgid, pid_t pid, + au_asid_t sid, au_tid_t *tid) { - return NULL; + token_t *t; + u_char *dptr; + + if(tid == NULL) { + return NULL; + } + + GET_TOKEN_AREA(t, dptr, 41); + if(t == NULL) { + return NULL; + } + + ADD_U_CHAR(dptr, AU_SUBJECT_64_TOKEN); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->port); + ADD_U_INT32(dptr, tid->machine); + + return t; } token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid) + uid_t ruid, gid_t rgid, pid_t pid, + au_asid_t sid, au_tid_t *tid) { return au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); @@ -1105,7 +1139,34 @@ gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { - return NULL; + token_t *t; + u_char *dptr; + + if(tid == NULL) { + return NULL; + } + + GET_TOKEN_AREA(t, dptr, 57); + if(t == NULL) { + return NULL; + } + + ADD_U_CHAR(dptr, AU_SUBJECT_64_EX_TOKEN); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->at_port); + ADD_U_INT32(dptr, tid->at_type); + ADD_U_INT32(dptr, tid->at_addr[0]); + ADD_U_INT32(dptr, tid->at_addr[1]); + ADD_U_INT32(dptr, tid->at_addr[2]); + ADD_U_INT32(dptr, tid->at_addr[3]); + + return t; } token_t *au_to_subject_ex(au_id_t auid, uid_t euid, @@ -1216,7 +1277,7 @@ return t; } - +#ifdef _KERNEL /* * Kernel version of the BSM header token functions. These versions take * a timespec struct as an additional parameter in order to obtain the @@ -1257,7 +1318,26 @@ token_t *kau_to_header64(struct timespec *ctime, int rec_size, au_event_t e_type, au_emod_t e_mod) { - return NULL; + token_t *t; + u_char *dptr; + u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */ + + GET_TOKEN_AREA(t, dptr, 26); + if(t == NULL) { + return NULL; + } + + ADD_U_CHAR(dptr, AU_HEADER_64_TOKEN); + ADD_U_INT32(dptr, rec_size); + ADD_U_CHAR(dptr, HEADER_VERSION); + ADD_U_INT16(dptr, e_type); + ADD_U_INT16(dptr, e_mod); + + /* Add the timestamp */ + ADD_U_INT32(dptr, ctime->tv_sec); + ADD_U_INT32(dptr, timems); + + return t; } token_t *kau_to_header(struct timespec *ctime, int rec_size, @@ -1265,6 +1345,7 @@ { return kau_to_header32(ctime, rec_size, e_type, e_mod); } +#endif /* * token ID 1 byte
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407100036.i6A0aXeZ003405>