Date: Mon, 19 Jul 2010 14:34:20 GMT From: Efstratios Karatzas <gpf@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 181170 for review Message-ID: <201007191434.o6JEYKpo056987@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@181170?ac=10 Change 181170 by gpf@gpf_desktop on 2010/07/19 14:34:02 - The building block of our event tree is going to be the 'kaudit_record' data structure. We need to keep state even for the events that we do not wish to audit; but there's no need to waste memory on the 'audit_record' data structure for those cases, so allocate it on demand. This change simply makes the audit framework work with a heap allocated audit_record. - fixed minor bug with the auditing of nfs op 'symlink'. Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.c#12 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_arg.c#8 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#19 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_private.h#9 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_worker.c#2 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.c#12 (text) ==== @@ -83,6 +83,7 @@ MALLOC_DEFINE(M_AUDITGIDSET, "audit_gidset", "Audit GID set storage"); MALLOC_DEFINE(M_AUDITLOCKOWNER, "audit_lockowner", "Audit lockowner storage"); MALLOC_DEFINE(M_AUDITCLIENTNAME, "audit_clientname", "Audit client name storage"); +MALLOC_DEFINE(M_AUDITRECORD, "audit_record", "Audit Record storage"); SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0, "TrustedBSD audit controls"); @@ -220,22 +221,25 @@ td = arg; ar = mem; bzero(ar, sizeof(*ar)); - ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC; - nanotime(&ar->k_ar.ar_starttime); + /* XXXgpf: we should allocate a k_ar, iff we are auditing this event -> todo */ + ar->k_ar = malloc(sizeof(struct audit_record), M_AUDITRECORD, M_WAITOK); + bzero(ar->k_ar, sizeof(struct audit_record)); + ar->k_ar->ar_magic = AUDIT_RECORD_MAGIC; + nanotime(&ar->k_ar->ar_starttime); /* * Export the subject credential. */ cred = td->td_ucred; - cru2x(cred, &ar->k_ar.ar_subj_cred); - ar->k_ar.ar_subj_ruid = cred->cr_ruid; - ar->k_ar.ar_subj_rgid = cred->cr_rgid; - ar->k_ar.ar_subj_egid = cred->cr_groups[0]; - ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid; - ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid; - ar->k_ar.ar_subj_pid = td->td_proc->p_pid; - ar->k_ar.ar_subj_amask = cred->cr_audit.ai_mask; - ar->k_ar.ar_subj_term_addr = cred->cr_audit.ai_termid; + cru2x(cred, &ar->k_ar->ar_subj_cred); + ar->k_ar->ar_subj_ruid = cred->cr_ruid; + ar->k_ar->ar_subj_rgid = cred->cr_rgid; + ar->k_ar->ar_subj_egid = cred->cr_groups[0]; + ar->k_ar->ar_subj_auid = cred->cr_audit.ai_auid; + ar->k_ar->ar_subj_asid = cred->cr_audit.ai_asid; + ar->k_ar->ar_subj_pid = td->td_proc->p_pid; + ar->k_ar->ar_subj_amask = cred->cr_audit.ai_mask; + ar->k_ar->ar_subj_term_addr = cred->cr_audit.ai_termid; return (0); } @@ -247,24 +251,27 @@ KASSERT(sizeof(*ar) == size, ("audit_record_dtor: wrong size")); ar = mem; - if (ar->k_ar.ar_arg_upath1 != NULL) - free(ar->k_ar.ar_arg_upath1, M_AUDITPATH); - if (ar->k_ar.ar_arg_upath2 != NULL) - free(ar->k_ar.ar_arg_upath2, M_AUDITPATH); - if (ar->k_ar.ar_arg_text != NULL) - free(ar->k_ar.ar_arg_text, M_AUDITTEXT); - if (ar->k_udata != NULL) - free(ar->k_udata, M_AUDITDATA); - if (ar->k_ar.ar_arg_argv != NULL) - free(ar->k_ar.ar_arg_argv, M_AUDITTEXT); - if (ar->k_ar.ar_arg_envv != NULL) - free(ar->k_ar.ar_arg_envv, M_AUDITTEXT); - if (ar->k_ar.ar_arg_groups.gidset != NULL) - free(ar->k_ar.ar_arg_groups.gidset, M_AUDITGIDSET); - if (ar->k_ar.ar_arg_lockowner != NULL) - free(ar->k_ar.ar_arg_lockowner, M_AUDITLOCKOWNER); - if (ar->k_ar.ar_arg_clientname != NULL) - free(ar->k_ar.ar_arg_clientname, M_AUDITCLIENTNAME); + if (ar->k_ar != NULL) { + if (ar->k_ar->ar_arg_upath1 != NULL) + free(ar->k_ar->ar_arg_upath1, M_AUDITPATH); + if (ar->k_ar->ar_arg_upath2 != NULL) + free(ar->k_ar->ar_arg_upath2, M_AUDITPATH); + if (ar->k_ar->ar_arg_text != NULL) + free(ar->k_ar->ar_arg_text, M_AUDITTEXT); + if (ar->k_udata != NULL) + free(ar->k_udata, M_AUDITDATA); + if (ar->k_ar->ar_arg_argv != NULL) + free(ar->k_ar->ar_arg_argv, M_AUDITTEXT); + if (ar->k_ar->ar_arg_envv != NULL) + free(ar->k_ar->ar_arg_envv, M_AUDITTEXT); + if (ar->k_ar->ar_arg_groups.gidset != NULL) + free(ar->k_ar->ar_arg_groups.gidset, M_AUDITGIDSET); + if (ar->k_ar->ar_arg_lockowner != NULL) + free(ar->k_ar->ar_arg_lockowner, M_AUDITLOCKOWNER); + if (ar->k_ar->ar_arg_clientname != NULL) + free(ar->k_ar->ar_arg_clientname, M_AUDITCLIENTNAME); + free(ar->k_ar, M_AUDITRECORD); + } } /* @@ -376,7 +383,8 @@ * in the kernel. */ ar = uma_zalloc_arg(audit_record_zone, td, M_WAITOK); - ar->k_ar.ar_event = event; + if (ar->k_ar != NULL) + ar->k_ar->ar_event = event; mtx_lock(&audit_mtx); audit_pre_q_len++; @@ -408,10 +416,10 @@ * Decide whether to commit the audit record by checking the error * value from the system call and using the appropriate audit mask. */ - if (ar->k_ar.ar_subj_auid == AU_DEFAUDITID) + if (ar->k_ar->ar_subj_auid == AU_DEFAUDITID) aumask = &audit_nae_mask; else - aumask = &ar->k_ar.ar_subj_amask; + aumask = &ar->k_ar->ar_subj_amask; if (error) sorf = AU_PRS_FAILURE; @@ -423,34 +431,34 @@ * we will transform into a more specific event number now that we * have more complete information gathered during the system call. */ - switch(ar->k_ar.ar_event) { + switch(ar->k_ar->ar_event) { case AUE_OPEN_RWTC: - ar->k_ar.ar_event = audit_flags_and_error_to_openevent( - ar->k_ar.ar_arg_fflags, error); + ar->k_ar->ar_event = audit_flags_and_error_to_openevent( + ar->k_ar->ar_arg_fflags, error); break; case AUE_OPENAT_RWTC: - ar->k_ar.ar_event = audit_flags_and_error_to_openatevent( - ar->k_ar.ar_arg_fflags, error); + ar->k_ar->ar_event = audit_flags_and_error_to_openatevent( + ar->k_ar->ar_arg_fflags, error); break; case AUE_SYSCTL: - ar->k_ar.ar_event = audit_ctlname_to_sysctlevent( - ar->k_ar.ar_arg_ctlname, ar->k_ar.ar_valid_arg); + ar->k_ar->ar_event = audit_ctlname_to_sysctlevent( + ar->k_ar->ar_arg_ctlname, ar->k_ar->ar_valid_arg); break; case AUE_AUDITON: /* Convert the auditon() command to an event. */ - ar->k_ar.ar_event = auditon_command_event(ar->k_ar.ar_arg_cmd); + ar->k_ar->ar_event = auditon_command_event(ar->k_ar->ar_arg_cmd); break; case AUE_NFS_OPEN: - ar->k_ar.ar_event = audit_flags_to_nfs_openevent(ar->k_ar.ar_arg_fflags); + ar->k_ar->ar_event = audit_flags_to_nfs_openevent(ar->k_ar->ar_arg_fflags); break; } - auid = ar->k_ar.ar_subj_auid; - event = ar->k_ar.ar_event; + auid = ar->k_ar->ar_subj_auid; + event = ar->k_ar->ar_event; class = au_event_class(event); ar->k_ar_commit |= AR_COMMIT_KERNEL; @@ -468,9 +476,9 @@ return; } - ar->k_ar.ar_errno = error; - ar->k_ar.ar_retval = retval; - nanotime(&ar->k_ar.ar_endtime); + ar->k_ar->ar_errno = error; + ar->k_ar->ar_retval = retval; + nanotime(&ar->k_ar->ar_endtime); /* * Note: it could be that some records initiated while audit was @@ -715,10 +723,7 @@ au_event_t event; au_id_t auid; int error; - - if (td->td_ar != NULL) { - printf("bug event = %d\n", td->td_ar->k_ar.ar_event); - } + KASSERT(td->td_ar == NULL, ("audit_nfs_enter: td->td_ar != NULL")); KASSERT((td->td_pflags & TDP_AUDITREC) == 0, ("audit_nfs_enter: TDP_AUDITREC set")); @@ -793,10 +798,10 @@ * td->td_ucred = orig_cr; */ if (td->td_ar != NULL && user_cr != NULL) { - cru2x(user_cr, &td->td_ar->k_ar.ar_subj_cred); - td->td_ar->k_ar.ar_subj_ruid = user_cr->cr_ruid; - td->td_ar->k_ar.ar_subj_rgid = user_cr->cr_rgid; - td->td_ar->k_ar.ar_subj_egid = user_cr->cr_groups[0]; + cru2x(user_cr, &td->td_ar->k_ar->ar_subj_cred); + td->td_ar->k_ar->ar_subj_ruid = user_cr->cr_ruid; + td->td_ar->k_ar->ar_subj_rgid = user_cr->cr_rgid; + td->td_ar->k_ar->ar_subj_egid = user_cr->cr_groups[0]; } } @@ -926,14 +931,15 @@ * Where possible coredump records should contain a pathname and arg32 * (signal) tokens. */ + td->td_pflags |= TDP_AUDITREC; ar = audit_new(AUE_CORE, td); if (path != NULL) { - pathp = &ar->k_ar.ar_arg_upath1; + pathp = &ar->k_ar->ar_arg_upath1; *pathp = malloc(MAXPATHLEN, M_AUDITPATH, M_WAITOK); audit_canon_path(td, path, *pathp); ARG_SET_VALID(ar, ARG_UPATH1); } - ar->k_ar.ar_arg_signum = td->td_proc->p_sig; + ar->k_ar->ar_arg_signum = td->td_proc->p_sig; ARG_SET_VALID(ar, ARG_SIGNUM); if (errcode != 0) ret = 1; ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_arg.c#8 (text) ==== @@ -69,7 +69,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_addr = addr; + ar->k_ar->ar_arg_addr = addr; ARG_SET_VALID(ar, ARG_ADDR); } @@ -82,8 +82,8 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_exitstatus = status; - ar->k_ar.ar_arg_exitretval = retval; + ar->k_ar->ar_arg_exitstatus = status; + ar->k_ar->ar_arg_exitretval = retval; ARG_SET_VALID(ar, ARG_EXIT); } @@ -96,7 +96,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_len = len; + ar->k_ar->ar_arg_len = len; ARG_SET_VALID(ar, ARG_LEN); } @@ -109,7 +109,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_atfd1 = atfd; + ar->k_ar->ar_arg_atfd1 = atfd; ARG_SET_VALID(ar, ARG_ATFD1); } @@ -122,7 +122,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_atfd2 = atfd; + ar->k_ar->ar_arg_atfd2 = atfd; ARG_SET_VALID(ar, ARG_ATFD2); } @@ -135,7 +135,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_fd = fd; + ar->k_ar->ar_arg_fd = fd; ARG_SET_VALID(ar, ARG_FD); } @@ -148,7 +148,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_fflags = fflags; + ar->k_ar->ar_arg_fflags = fflags; ARG_SET_VALID(ar, ARG_FFLAGS); } @@ -161,7 +161,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_gid = gid; + ar->k_ar->ar_arg_gid = gid; ARG_SET_VALID(ar, ARG_GID); } @@ -174,7 +174,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_uid = uid; + ar->k_ar->ar_arg_uid = uid; ARG_SET_VALID(ar, ARG_UID); } @@ -187,7 +187,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_egid = egid; + ar->k_ar->ar_arg_egid = egid; ARG_SET_VALID(ar, ARG_EGID); } @@ -200,7 +200,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_euid = euid; + ar->k_ar->ar_arg_euid = euid; ARG_SET_VALID(ar, ARG_EUID); } @@ -213,7 +213,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_rgid = rgid; + ar->k_ar->ar_arg_rgid = rgid; ARG_SET_VALID(ar, ARG_RGID); } @@ -226,7 +226,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_ruid = ruid; + ar->k_ar->ar_arg_ruid = ruid; ARG_SET_VALID(ar, ARG_RUID); } @@ -239,7 +239,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_sgid = sgid; + ar->k_ar->ar_arg_sgid = sgid; ARG_SET_VALID(ar, ARG_SGID); } @@ -252,7 +252,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_suid = suid; + ar->k_ar->ar_arg_suid = suid; ARG_SET_VALID(ar, ARG_SUID); } @@ -269,13 +269,13 @@ if (ar == NULL) return; - if (ar->k_ar.ar_arg_groups.gidset == NULL) - ar->k_ar.ar_arg_groups.gidset = malloc( + if (ar->k_ar->ar_arg_groups.gidset == NULL) + ar->k_ar->ar_arg_groups.gidset = malloc( sizeof(gid_t) * gidset_size, M_AUDITGIDSET, M_WAITOK); for (i = 0; i < gidset_size; i++) - ar->k_ar.ar_arg_groups.gidset[i] = gidset[i]; - ar->k_ar.ar_arg_groups.gidset_size = gidset_size; + ar->k_ar->ar_arg_groups.gidset[i] = gidset[i]; + ar->k_ar->ar_arg_groups.gidset_size = gidset_size; ARG_SET_VALID(ar, ARG_GROUPSET); } @@ -288,7 +288,7 @@ if (ar == NULL) return; - strlcpy(ar->k_ar.ar_arg_login, login, MAXLOGNAME); + strlcpy(ar->k_ar->ar_arg_login, login, MAXLOGNAME); ARG_SET_VALID(ar, ARG_LOGIN); } @@ -301,8 +301,8 @@ if (ar == NULL) return; - bcopy(name, &ar->k_ar.ar_arg_ctlname, namelen * sizeof(int)); - ar->k_ar.ar_arg_len = namelen; + bcopy(name, &ar->k_ar->ar_arg_ctlname, namelen * sizeof(int)); + ar->k_ar->ar_arg_len = namelen; ARG_SET_VALID(ar, ARG_CTLNAME | ARG_LEN); } @@ -315,7 +315,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_mask = mask; + ar->k_ar->ar_arg_mask = mask; ARG_SET_VALID(ar, ARG_MASK); } @@ -328,7 +328,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_mode = mode; + ar->k_ar->ar_arg_mode = mode; ARG_SET_VALID(ar, ARG_MODE); } @@ -341,7 +341,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_dev = dev; + ar->k_ar->ar_arg_dev = dev; ARG_SET_VALID(ar, ARG_DEV); } @@ -354,7 +354,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_value = value; + ar->k_ar->ar_arg_value = value; ARG_SET_VALID(ar, ARG_VALUE); } @@ -367,8 +367,8 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_uid = uid; - ar->k_ar.ar_arg_gid = gid; + ar->k_ar->ar_arg_uid = uid; + ar->k_ar->ar_arg_gid = gid; ARG_SET_VALID(ar, ARG_UID | ARG_GID); } @@ -381,7 +381,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_pid = pid; + ar->k_ar->ar_arg_pid = pid; ARG_SET_VALID(ar, ARG_PID); } @@ -400,14 +400,14 @@ return; cred = p->p_ucred; - ar->k_ar.ar_arg_auid = cred->cr_audit.ai_auid; - ar->k_ar.ar_arg_euid = cred->cr_uid; - ar->k_ar.ar_arg_egid = cred->cr_groups[0]; - ar->k_ar.ar_arg_ruid = cred->cr_ruid; - ar->k_ar.ar_arg_rgid = cred->cr_rgid; - ar->k_ar.ar_arg_asid = cred->cr_audit.ai_asid; - ar->k_ar.ar_arg_termid_addr = cred->cr_audit.ai_termid; - ar->k_ar.ar_arg_pid = p->p_pid; + ar->k_ar->ar_arg_auid = cred->cr_audit.ai_auid; + ar->k_ar->ar_arg_euid = cred->cr_uid; + ar->k_ar->ar_arg_egid = cred->cr_groups[0]; + ar->k_ar->ar_arg_ruid = cred->cr_ruid; + ar->k_ar->ar_arg_rgid = cred->cr_rgid; + ar->k_ar->ar_arg_asid = cred->cr_audit.ai_asid; + ar->k_ar->ar_arg_termid_addr = cred->cr_audit.ai_termid; + ar->k_ar->ar_arg_pid = p->p_pid; ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID | ARG_RGID | ARG_ASID | ARG_TERMID_ADDR | ARG_PID | ARG_PROCESS); } @@ -421,7 +421,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_signum = signum; + ar->k_ar->ar_arg_signum = signum; ARG_SET_VALID(ar, ARG_SIGNUM); } @@ -434,9 +434,9 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_sockinfo.so_domain = sodomain; - ar->k_ar.ar_arg_sockinfo.so_type = sotype; - ar->k_ar.ar_arg_sockinfo.so_protocol = soprotocol; + ar->k_ar->ar_arg_sockinfo.so_domain = sodomain; + ar->k_ar->ar_arg_sockinfo.so_type = sotype; + ar->k_ar->ar_arg_sockinfo.so_protocol = soprotocol; ARG_SET_VALID(ar, ARG_SOCKINFO); } @@ -452,7 +452,7 @@ if (ar == NULL) return; - bcopy(sa, &ar->k_ar.ar_arg_sockaddr, sa->sa_len); + bcopy(sa, &ar->k_ar->ar_arg_sockaddr, sa->sa_len); switch (sa->sa_family) { case AF_INET: ARG_SET_VALID(ar, ARG_SADDRINET); @@ -497,7 +497,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_auid = auid; + ar->k_ar->ar_arg_auid = auid; ARG_SET_VALID(ar, ARG_AUID); } @@ -510,12 +510,12 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_auid = au_info->ai_auid; - ar->k_ar.ar_arg_asid = au_info->ai_asid; - ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success; - ar->k_ar.ar_arg_amask.am_failure = au_info->ai_mask.am_failure; - ar->k_ar.ar_arg_termid.port = au_info->ai_termid.port; - ar->k_ar.ar_arg_termid.machine = au_info->ai_termid.machine; + ar->k_ar->ar_arg_auid = au_info->ai_auid; + ar->k_ar->ar_arg_asid = au_info->ai_asid; + ar->k_ar->ar_arg_amask.am_success = au_info->ai_mask.am_success; + ar->k_ar->ar_arg_amask.am_failure = au_info->ai_mask.am_failure; + ar->k_ar->ar_arg_termid.port = au_info->ai_termid.port; + ar->k_ar->ar_arg_termid.machine = au_info->ai_termid.machine; ARG_SET_VALID(ar, ARG_AUID | ARG_ASID | ARG_AMASK | ARG_TERMID); } @@ -528,16 +528,16 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_auid = au_info->ai_auid; - ar->k_ar.ar_arg_asid = au_info->ai_asid; - ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success; - ar->k_ar.ar_arg_amask.am_failure = au_info->ai_mask.am_failure; - ar->k_ar.ar_arg_termid_addr.at_type = au_info->ai_termid.at_type; - ar->k_ar.ar_arg_termid_addr.at_port = au_info->ai_termid.at_port; - ar->k_ar.ar_arg_termid_addr.at_addr[0] = au_info->ai_termid.at_addr[0]; - ar->k_ar.ar_arg_termid_addr.at_addr[1] = au_info->ai_termid.at_addr[1]; - ar->k_ar.ar_arg_termid_addr.at_addr[2] = au_info->ai_termid.at_addr[2]; - ar->k_ar.ar_arg_termid_addr.at_addr[3] = au_info->ai_termid.at_addr[3]; + ar->k_ar->ar_arg_auid = au_info->ai_auid; + ar->k_ar->ar_arg_asid = au_info->ai_asid; + ar->k_ar->ar_arg_amask.am_success = au_info->ai_mask.am_success; + ar->k_ar->ar_arg_amask.am_failure = au_info->ai_mask.am_failure; + ar->k_ar->ar_arg_termid_addr.at_type = au_info->ai_termid.at_type; + ar->k_ar->ar_arg_termid_addr.at_port = au_info->ai_termid.at_port; + ar->k_ar->ar_arg_termid_addr.at_addr[0] = au_info->ai_termid.at_addr[0]; + ar->k_ar->ar_arg_termid_addr.at_addr[1] = au_info->ai_termid.at_addr[1]; + ar->k_ar->ar_arg_termid_addr.at_addr[2] = au_info->ai_termid.at_addr[2]; + ar->k_ar->ar_arg_termid_addr.at_addr[3] = au_info->ai_termid.at_addr[3]; ARG_SET_VALID(ar, ARG_AUID | ARG_ASID | ARG_AMASK | ARG_TERMID_ADDR); } @@ -553,13 +553,13 @@ return; /* Invalidate the text string */ - ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_TEXT); + ar->k_ar->ar_valid_arg &= (ARG_ALL ^ ARG_TEXT); - if (ar->k_ar.ar_arg_text == NULL) - ar->k_ar.ar_arg_text = malloc(MAXPATHLEN, M_AUDITTEXT, + if (ar->k_ar->ar_arg_text == NULL) + ar->k_ar->ar_arg_text = malloc(MAXPATHLEN, M_AUDITTEXT, M_WAITOK); - strncpy(ar->k_ar.ar_arg_text, text, MAXPATHLEN); + strncpy(ar->k_ar->ar_arg_text, text, MAXPATHLEN); ARG_SET_VALID(ar, ARG_TEXT); } @@ -572,7 +572,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_cmd = cmd; + ar->k_ar->ar_arg_cmd = cmd; ARG_SET_VALID(ar, ARG_CMD); } @@ -585,7 +585,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_svipc_cmd = cmd; + ar->k_ar->ar_arg_svipc_cmd = cmd; ARG_SET_VALID(ar, ARG_SVIPC_CMD); } @@ -598,8 +598,8 @@ if (ar == NULL) return; - bcopy(perm, &ar->k_ar.ar_arg_svipc_perm, - sizeof(ar->k_ar.ar_arg_svipc_perm)); + bcopy(perm, &ar->k_ar->ar_arg_svipc_perm, + sizeof(ar->k_ar->ar_arg_svipc_perm)); ARG_SET_VALID(ar, ARG_SVIPC_PERM); } @@ -612,7 +612,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_svipc_id = id; + ar->k_ar->ar_arg_svipc_id = id; ARG_SET_VALID(ar, ARG_SVIPC_ID); } @@ -625,7 +625,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_svipc_addr = addr; + ar->k_ar->ar_arg_svipc_addr = addr; ARG_SET_VALID(ar, ARG_SVIPC_ADDR); } @@ -638,9 +638,9 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_pipc_perm.pipc_uid = uid; - ar->k_ar.ar_arg_pipc_perm.pipc_gid = gid; - ar->k_ar.ar_arg_pipc_perm.pipc_mode = mode; + ar->k_ar->ar_arg_pipc_perm.pipc_uid = uid; + ar->k_ar->ar_arg_pipc_perm.pipc_gid = gid; + ar->k_ar->ar_arg_pipc_perm.pipc_mode = mode; ARG_SET_VALID(ar, ARG_POSIX_IPC_PERM); } @@ -653,8 +653,8 @@ if (ar == NULL) return; - bcopy((void *)udata, &ar->k_ar.ar_arg_auditon, - sizeof(ar->k_ar.ar_arg_auditon)); + bcopy((void *)udata, &ar->k_ar->ar_arg_auditon, + sizeof(ar->k_ar->ar_arg_auditon)); ARG_SET_VALID(ar, ARG_AUDITON); } @@ -693,22 +693,22 @@ so = (struct socket *)fp->f_data; if (INP_CHECK_SOCKAF(so, PF_INET)) { SOCK_LOCK(so); - ar->k_ar.ar_arg_sockinfo.so_type = + ar->k_ar->ar_arg_sockinfo.so_type = so->so_type; - ar->k_ar.ar_arg_sockinfo.so_domain = + ar->k_ar->ar_arg_sockinfo.so_domain = INP_SOCKAF(so); - ar->k_ar.ar_arg_sockinfo.so_protocol = + ar->k_ar->ar_arg_sockinfo.so_protocol = so->so_proto->pr_protocol; SOCK_UNLOCK(so); pcb = (struct inpcb *)so->so_pcb; INP_RLOCK(pcb); - ar->k_ar.ar_arg_sockinfo.so_raddr = + ar->k_ar->ar_arg_sockinfo.so_raddr = pcb->inp_faddr.s_addr; - ar->k_ar.ar_arg_sockinfo.so_laddr = + ar->k_ar->ar_arg_sockinfo.so_laddr = pcb->inp_laddr.s_addr; - ar->k_ar.ar_arg_sockinfo.so_rport = + ar->k_ar->ar_arg_sockinfo.so_rport = pcb->inp_fport; - ar->k_ar.ar_arg_sockinfo.so_lport = + ar->k_ar->ar_arg_sockinfo.so_lport = pcb->inp_lport; INP_RUNLOCK(pcb); ARG_SET_VALID(ar, ARG_SOCKINFO); @@ -745,7 +745,7 @@ if (ar == NULL) return; - audit_arg_upath(td, upath, &ar->k_ar.ar_arg_upath1); + audit_arg_upath(td, upath, &ar->k_ar->ar_arg_upath1); ARG_SET_VALID(ar, ARG_UPATH1); } @@ -758,7 +758,7 @@ if (ar == NULL) return; - audit_arg_upath(td, upath, &ar->k_ar.ar_arg_upath2); + audit_arg_upath(td, upath, &ar->k_ar->ar_arg_upath2); ARG_SET_VALID(ar, ARG_UPATH2); } @@ -820,7 +820,7 @@ return; ARG_CLEAR_VALID(ar, ARG_VNODE1); - error = audit_arg_vnode(vp, &ar->k_ar.ar_arg_vnode1); + error = audit_arg_vnode(vp, &ar->k_ar->ar_arg_vnode1); if (error == 0) ARG_SET_VALID(ar, ARG_VNODE1); } @@ -836,7 +836,7 @@ return; ARG_CLEAR_VALID(ar, ARG_VNODE2); - error = audit_arg_vnode(vp, &ar->k_ar.ar_arg_vnode2); + error = audit_arg_vnode(vp, &ar->k_ar->ar_arg_vnode2); if (error == 0) ARG_SET_VALID(ar, ARG_VNODE2); } @@ -856,9 +856,9 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_argv = malloc(length, M_AUDITTEXT, M_WAITOK); - bcopy(argv, ar->k_ar.ar_arg_argv, length); - ar->k_ar.ar_arg_argc = argc; + ar->k_ar->ar_arg_argv = malloc(length, M_AUDITTEXT, M_WAITOK); + bcopy(argv, ar->k_ar->ar_arg_argv, length); + ar->k_ar->ar_arg_argc = argc; ARG_SET_VALID(ar, ARG_ARGV); } @@ -877,9 +877,9 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_envv = malloc(length, M_AUDITTEXT, M_WAITOK); - bcopy(envv, ar->k_ar.ar_arg_envv, length); - ar->k_ar.ar_arg_envc = envc; + ar->k_ar->ar_arg_envv = malloc(length, M_AUDITTEXT, M_WAITOK); + bcopy(envv, ar->k_ar->ar_arg_envv, length); + ar->k_ar->ar_arg_envc = envc; ARG_SET_VALID(ar, ARG_ENVV); } @@ -928,7 +928,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_protocol = protocol; + ar->k_ar->ar_arg_protocol = protocol; ARG_SET_VALID(ar, ARG_PROTOCOL); } @@ -944,7 +944,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_vtype = vtype; + ar->k_ar->ar_arg_vtype = vtype; ARG_SET_VALID(ar, ARG_VTYPE); } @@ -960,7 +960,7 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_clientid = clientid; + ar->k_ar->ar_arg_clientid = clientid; ARG_SET_VALID(ar, ARG_CLIENTID); } @@ -982,13 +982,13 @@ return; /* Invalidate the lockowner string */ - ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_LOCKOWNER); + ar->k_ar->ar_valid_arg &= (ARG_ALL ^ ARG_LOCKOWNER); - if (ar->k_ar.ar_arg_lockowner == NULL) - ar->k_ar.ar_arg_lockowner = malloc(len, M_AUDITLOCKOWNER, + if (ar->k_ar->ar_arg_lockowner == NULL) + ar->k_ar->ar_arg_lockowner = malloc(len, M_AUDITLOCKOWNER, M_WAITOK); - strlcpy(ar->k_ar.ar_arg_lockowner, lockowner, len); + strlcpy(ar->k_ar->ar_arg_lockowner, lockowner, len); ARG_SET_VALID(ar, ARG_LOCKOWNER); } @@ -1010,13 +1010,13 @@ return; /* Invalidate the clientname string */ - ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_CLIENTNAME); + ar->k_ar->ar_valid_arg &= (ARG_ALL ^ ARG_CLIENTNAME); - if (ar->k_ar.ar_arg_clientname == NULL) - ar->k_ar.ar_arg_clientname = malloc(len, M_AUDITCLIENTNAME, + if (ar->k_ar->ar_arg_clientname == NULL) + ar->k_ar->ar_arg_clientname = malloc(len, M_AUDITCLIENTNAME, M_WAITOK); - strlcpy(ar->k_ar.ar_arg_clientname, clientname, len); + strlcpy(ar->k_ar->ar_arg_clientname, clientname, len); ARG_SET_VALID(ar, ARG_CLIENTNAME); } @@ -1032,6 +1032,6 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_locktype = locktype; + ar->k_ar->ar_arg_locktype = locktype; ARG_SET_VALID(ar, ARG_LOCKTYPE); } ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#19 (text) ==== @@ -471,7 +471,7 @@ KASSERT(kar != NULL, ("kaudit_to_bsm: kar == NULL")); *pau = NULL; - ar = &kar->k_ar; + ar = kar->k_ar; rec = kau_open(); /* @@ -1660,11 +1660,17 @@ tok = au_to_arg32(3, "mode", ar->ar_arg_mode); kau_write(rec, tok); } + UPATH1_VNODE1_TOKENS; + UPATH2_TOKENS; + if (ARG_IS_VALID(kar, ARG_TEXT)) { + tok = au_to_text(ar->ar_arg_text); + kau_write(rec, tok); + } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); kau_write(rec, tok); } - /* FALLTHROUGH */ + break; case AUE_NFS_SETATTR: UPATH1_VNODE1_TOKENS; @@ -1740,7 +1746,6 @@ } break; - /* XXXgpf: temporary fallthrough for nfsv4 events */ case AUE_NFS_OPEN_RC: case AUE_NFS_OPEN_RTC: case AUE_NFS_OPEN_RWC: @@ -1790,7 +1795,6 @@ } break; - /* XXXgpf: temporary fallthrough for nfsv4 events */ case AUE_NFS_DELEGPURGE: case AUE_NFS_RENEW: case AUE_NFS_SETCLIENTIDCFRM: ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_private.h#9 (text) ==== @@ -53,6 +53,7 @@ MALLOC_DECLARE(M_AUDITGIDSET); MALLOC_DECLARE(M_AUDITLOCKOWNER); MALLOC_DECLARE(M_AUDITCLIENTNAME); +MALLOC_DECLARE(M_AUDITRECORD); #endif /* @@ -305,12 +306,12 @@ #define ARG_NONE 0x0000000000000000ULL #define ARG_ALL 0xFFFFFFFFFFFFFFFFULL -#define ARG_IS_VALID(kar, arg) ((kar)->k_ar.ar_valid_arg & (arg)) +#define ARG_IS_VALID(kar, arg) ((kar)->k_ar->ar_valid_arg & (arg)) #define ARG_SET_VALID(kar, arg) do { \ - (kar)->k_ar.ar_valid_arg |= (arg); \ + (kar)->k_ar->ar_valid_arg |= (arg); \ } while (0) #define ARG_CLEAR_VALID(kar, arg) do { \ - (kar)->k_ar.ar_valid_arg &= ~(arg); \ + (kar)->k_ar->ar_valid_arg &= ~(arg); \ } while (0) /* @@ -319,7 +320,7 @@ * passed through to the audit writing mechanism. */ struct kaudit_record { - struct audit_record k_ar; + struct audit_record *k_ar; u_int32_t k_ar_commit; void *k_udata; /* User data. */ u_int k_ulen; /* User data length. */ ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_worker.c#2 (text) ==== @@ -342,10 +342,10 @@ (ar->k_ar_commit & AR_PRESELECT_TRAIL) == 0)) goto out; - auid = ar->k_ar.ar_subj_auid; - event = ar->k_ar.ar_event; + auid = ar->k_ar->ar_subj_auid; + event = ar->k_ar->ar_event; class = au_event_class(event); - if (ar->k_ar.ar_errno == 0) + if (ar->k_ar->ar_errno == 0) sorf = AU_PRS_SUCCESS; else sorf = AU_PRS_FAILURE;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007191434.o6JEYKpo056987>