From owner-p4-projects@FreeBSD.ORG Sun May 11 16:03:47 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 9F4911065673; Sun, 11 May 2008 16:03:47 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F7611065671 for ; Sun, 11 May 2008 16:03:47 +0000 (UTC) (envelope-from diego@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 4D1E48FC25 for ; Sun, 11 May 2008 16:03:47 +0000 (UTC) (envelope-from diego@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m4BG3lNL087246 for ; Sun, 11 May 2008 16:03:47 GMT (envelope-from diego@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m4BG3l6f087244 for perforce@freebsd.org; Sun, 11 May 2008 16:03:47 GMT (envelope-from diego@FreeBSD.org) Date: Sun, 11 May 2008 16:03:47 GMT Message-Id: <200805111603.m4BG3l6f087244@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to diego@FreeBSD.org using -f From: Diego Giagio To: Perforce Change Reviews Cc: Subject: PERFORCE change 141465 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2008 16:03:47 -0000 http://perforce.freebsd.org/chv.cgi?CH=141465 Change 141465 by diego@diego_black on 2008/05/11 16:03:09 - Added wrappers around audit_arg_xxx to specify which record is being used - Added support for two new events - AUE_PFIL_ENABLE/DISABLE - Moved preselection code to audit_begin() - Imported audit_pfil.c and added it to the build - Created macro AUDIT_CALL to wrap audit functions call Affected files ... .. //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_kevents.h#2 edit .. //depot/projects/soc2008/diego-audit/src/sys/conf/files#5 edit .. //depot/projects/soc2008/diego-audit/src/sys/netinet/ip_fw_pfil.c#2 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.c#2 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#5 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#2 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm.c#2 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#1 add .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#2 edit Differences ... ==== //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_kevents.h#2 (text) ==== @@ -548,6 +548,8 @@ #define AUE_MKNODAT 43150 /* FreeBSD. */ #define AUE_READLINKAT 43151 /* FreeBSD. */ #define AUE_SYMLINKAT 43152 /* FreeBSD. */ +#define AUE_PFIL_ENABLE 43153 /* FreeBSD. */ +#define AUE_PFIL_DISABLE 43154 /* FreeBSD. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the ==== //depot/projects/soc2008/diego-audit/src/sys/conf/files#5 (text+ko) ==== @@ -2260,6 +2260,7 @@ security/audit/audit_bsm.c optional audit security/audit/audit_bsm_klib.c optional audit security/audit/audit_bsm_token.c optional audit +security/audit/audit_pfil.c optional audit security/audit/audit_pipe.c optional audit security/audit/audit_syscalls.c standard security/audit/audit_trigger.c optional audit ==== //depot/projects/soc2008/diego-audit/src/sys/netinet/ip_fw_pfil.c#2 (text+ko) ==== @@ -65,6 +65,8 @@ #include +#include + int fw_enable = 1; #ifdef INET6 int fw6_enable = 1; @@ -542,6 +544,7 @@ break; } #endif + AUDIT_CALL(audit_pfil_enable_ipfw(err)); break; case MOD_UNLOAD: @@ -552,6 +555,7 @@ break; #endif ipfw_destroy(); + AUDIT_CALL(audit_pfil_disable_ipfw(err)); break; default: ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.c#2 (text) ==== @@ -322,6 +322,58 @@ return (ar); } +struct kaudit_record * +audit_begin(int event, struct thread *td) +{ + struct kaudit_record *ar; + struct au_mask *aumask; + au_class_t class; + au_id_t auid; + + KASSERT(event != AUE_NULL, ("audit_begin: event == AUE_NULL")); + + /* + * Check which audit mask to use; either the kernel non-attributable + * event mask or the process audit mask. + */ + auid = td->td_ucred->cr_audit.ai_auid; + if (auid == AU_DEFAUDITID) + aumask = &audit_nae_mask; + else + aumask = &td->td_ucred->cr_audit.ai_mask; + + /* + * Allocate an audit record, if preselection allows it, and store in + * the thread for later use. + */ + class = au_event_class(event); + if (au_preselect(event, class, aumask, AU_PRS_BOTH)) { + /* + * If we're out of space and need to suspend unprivileged + * processes, do that here rather than trying to allocate + * another audit record. + * + * Note: we might wish to be able to continue here in the + * future, if the system recovers. That should be possible + * by means of checking the condition in a loop around + * cv_wait(). It might be desirable to reevaluate whether an + * audit record is still required for this event by + * re-calling au_preselect(). + */ + if (audit_in_failure && + priv_check(td, PRIV_AUDIT_FAILSTOP) != 0) { + cv_wait(&audit_fail_cv, &audit_mtx); + panic("audit_failing_stop: thread continued"); + } + ar = audit_new(event, td); + } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) + ar = audit_new(event, td); + else + ar = NULL; + + return (ar); +} + void audit_free(struct kaudit_record *ar) { @@ -435,10 +487,7 @@ void audit_syscall_enter(unsigned short code, struct thread *td) { - struct au_mask *aumask; - au_class_t class; au_event_t event; - au_id_t auid; KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL")); @@ -457,44 +506,7 @@ if (event == AUE_NULL) return; - /* - * Check which audit mask to use; either the kernel non-attributable - * event mask or the process audit mask. - */ - auid = td->td_ucred->cr_audit.ai_auid; - if (auid == AU_DEFAUDITID) - aumask = &audit_nae_mask; - else - aumask = &td->td_ucred->cr_audit.ai_mask; - - /* - * Allocate an audit record, if preselection allows it, and store in - * the thread for later use. - */ - class = au_event_class(event); - if (au_preselect(event, class, aumask, AU_PRS_BOTH)) { - /* - * If we're out of space and need to suspend unprivileged - * processes, do that here rather than trying to allocate - * another audit record. - * - * Note: we might wish to be able to continue here in the - * future, if the system recovers. That should be possible - * by means of checking the condition in a loop around - * cv_wait(). It might be desirable to reevaluate whether an - * audit record is still required for this event by - * re-calling au_preselect(). - */ - if (audit_in_failure && - priv_check(td, PRIV_AUDIT_FAILSTOP) != 0) { - cv_wait(&audit_fail_cv, &audit_mtx); - panic("audit_failing_stop: thread continued"); - } - td->td_ar = audit_new(event, td); - } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) - td->td_ar = audit_new(event, td); - else - td->td_ar = NULL; + td->td_ar = audit_begin(event, td); } /* ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#5 (text) ==== @@ -117,10 +117,19 @@ #define ARG_NONE 0x0000000000000000ULL #define ARG_ALL 0xFFFFFFFFFFFFFFFFULL +/* + * Functions for auditing syscalls. + */ void audit_syscall_enter(unsigned short code, struct thread *td); void audit_syscall_exit(int error, struct thread *td); /* + * Functions for auditing packet filter events. + */ +void audit_pfil_enable_ipfw(int error); +void audit_pfil_disable_ipfw(int error); + +/* * The remaining kernel functions are conditionally compiled in as they are * wrapped by a macro, and the macro should be the only place in the source * tree where these functions are referenced. @@ -214,6 +223,14 @@ audit_sysclose(td, fd); \ } while (0) +/* + * A macro to wrap audit functions. + */ +#define AUDIT_CALL(func) do { \ + if (audit_enabled) \ + func; \ +} while (0) + #else /* !AUDIT */ #define AUDIT_ARG(op, args...) do { \ @@ -228,6 +245,9 @@ #define AUDIT_SYSCLOSE(p, fd) do { \ } while (0) +#define AUDIT_CALL(func) do { +} while (0) + #endif /* AUDIT */ #endif /* !_SECURITY_AUDIT_KERNEL_H_ */ ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#2 (text) ==== @@ -61,20 +61,16 @@ * hasn't already been filled in? */ void -audit_arg_addr(void *addr) +audit_record_arg_addr(struct kaudit_record *ar, void *addr) { - struct kaudit_record *ar; + KASSERT(ar != NULL, ("audit_record_arg_addr: ar == NULL")); - ar = currecord(); - if (ar == NULL) - return; - ar->k_ar.ar_arg_addr = addr; ARG_SET_VALID(ar, ARG_ADDR); } void -audit_arg_exit(int status, int retval) +audit_arg_addr(void *addr) { struct kaudit_record *ar; @@ -82,13 +78,21 @@ if (ar == NULL) return; + audit_record_arg_addr(ar, addr); +} + +void +audit_record_arg_exit(struct kaudit_record *ar, int status, int retval) +{ + KASSERT(ar != NULL, ("audit_record_arg_exit: ar == NULL")); + ar->k_ar.ar_arg_exitstatus = status; ar->k_ar.ar_arg_exitretval = retval; ARG_SET_VALID(ar, ARG_EXIT); } void -audit_arg_len(int len) +audit_arg_exit(int status, int retval) { struct kaudit_record *ar; @@ -96,12 +100,20 @@ if (ar == NULL) return; + audit_record_arg_exit(ar, status, retval); +} + +void +audit_record_arg_len(struct kaudit_record *ar, int len) +{ + KASSERT(ar != NULL, ("audit_record_arg_len: ar == NULL")); + ar->k_ar.ar_arg_len = len; ARG_SET_VALID(ar, ARG_LEN); } void -audit_arg_fd(int fd) +audit_arg_len(int len) { struct kaudit_record *ar; @@ -109,12 +121,20 @@ if (ar == NULL) return; + audit_record_arg_len(ar, len); +} + +void +audit_record_arg_fd(struct kaudit_record *ar, int fd) +{ + KASSERT(ar != NULL, ("audit_record_arg_fd: ar == NULL")); + ar->k_ar.ar_arg_fd = fd; ARG_SET_VALID(ar, ARG_FD); } void -audit_arg_fflags(int fflags) +audit_arg_fd(int fd) { struct kaudit_record *ar; @@ -122,12 +142,20 @@ if (ar == NULL) return; + audit_record_arg_fd(ar, fd); +} + +void +audit_record_arg_fflags(struct kaudit_record *ar, int fflags) +{ + KASSERT(ar != NULL, ("audit_record_arg_fflags: ar == NULL")); + ar->k_ar.ar_arg_fflags = fflags; ARG_SET_VALID(ar, ARG_FFLAGS); } void -audit_arg_gid(gid_t gid) +audit_arg_fflags(int fflags) { struct kaudit_record *ar; @@ -135,12 +163,20 @@ if (ar == NULL) return; + audit_record_arg_fflags(ar, fflags); +} + +void +audit_record_arg_gid(struct kaudit_record *ar, gid_t gid) +{ + KASSERT(ar != NULL, ("audit_record_arg_gid: ar == NULL")); + ar->k_ar.ar_arg_gid = gid; ARG_SET_VALID(ar, ARG_GID); } void -audit_arg_uid(uid_t uid) +audit_arg_gid(gid_t gid) { struct kaudit_record *ar; @@ -148,12 +184,20 @@ if (ar == NULL) return; + audit_record_arg_gid(ar, gid); +} + +void +audit_record_arg_uid(struct kaudit_record *ar, uid_t uid) +{ + KASSERT(ar != NULL, ("audit_record_arg_uid: ar == NULL")); + ar->k_ar.ar_arg_uid = uid; ARG_SET_VALID(ar, ARG_UID); } void -audit_arg_egid(gid_t egid) +audit_arg_uid(uid_t uid) { struct kaudit_record *ar; @@ -161,12 +205,20 @@ if (ar == NULL) return; + audit_record_arg_uid(ar, uid); +} + +void +audit_record_arg_egid(struct kaudit_record *ar, gid_t egid) +{ + KASSERT(ar != NULL, ("audit_record_arg_egid: ar == NULL")); + ar->k_ar.ar_arg_egid = egid; ARG_SET_VALID(ar, ARG_EGID); } void -audit_arg_euid(uid_t euid) +audit_arg_egid(gid_t egid) { struct kaudit_record *ar; @@ -174,12 +226,20 @@ if (ar == NULL) return; + audit_record_arg_egid(ar, egid); +} + +void +audit_record_arg_euid(struct kaudit_record *ar, uid_t euid) +{ + KASSERT(ar != NULL, ("audit_record_arg_euid: ar == NULL")); + ar->k_ar.ar_arg_euid = euid; ARG_SET_VALID(ar, ARG_EUID); } void -audit_arg_rgid(gid_t rgid) +audit_arg_euid(uid_t euid) { struct kaudit_record *ar; @@ -187,12 +247,20 @@ if (ar == NULL) return; + audit_record_arg_euid(ar, euid); +} + +void +audit_record_arg_rgid(struct kaudit_record *ar, gid_t rgid) +{ + KASSERT(ar != NULL, ("audit_record_arg_rgid: ar == NULL")); + ar->k_ar.ar_arg_rgid = rgid; ARG_SET_VALID(ar, ARG_RGID); } void -audit_arg_ruid(uid_t ruid) +audit_arg_rgid(gid_t rgid) { struct kaudit_record *ar; @@ -200,12 +268,20 @@ if (ar == NULL) return; + audit_record_arg_rgid(ar, rgid); +} + +void +audit_record_arg_ruid(struct kaudit_record *ar, uid_t ruid) +{ + KASSERT(ar != NULL, ("audit_record_arg_ruid: ar == NULL")); + ar->k_ar.ar_arg_ruid = ruid; ARG_SET_VALID(ar, ARG_RUID); } void -audit_arg_sgid(gid_t sgid) +audit_arg_ruid(uid_t ruid) { struct kaudit_record *ar; @@ -213,12 +289,20 @@ if (ar == NULL) return; + audit_record_arg_ruid(ar, ruid); +} + +void +audit_record_arg_sgid(struct kaudit_record *ar, gid_t sgid) +{ + KASSERT(ar != NULL, ("audit_record_arg_sgid: ar == NULL")); + ar->k_ar.ar_arg_sgid = sgid; ARG_SET_VALID(ar, ARG_SGID); } void -audit_arg_suid(uid_t suid) +audit_arg_sgid(gid_t sgid) { struct kaudit_record *ar; @@ -226,20 +310,38 @@ if (ar == NULL) return; + audit_record_arg_sgid(ar, sgid); +} + +void +audit_record_arg_suid(struct kaudit_record *ar, uid_t suid) +{ + KASSERT(ar != NULL, ("audit_record_arg_suid: ar == NULL")); + ar->k_ar.ar_arg_suid = suid; ARG_SET_VALID(ar, ARG_SUID); } void -audit_arg_groupset(gid_t *gidset, u_int gidset_size) +audit_arg_suid(uid_t suid) { - int i; struct kaudit_record *ar; ar = currecord(); if (ar == NULL) return; + audit_record_arg_suid(ar, suid); +} + +void +audit_record_arg_groupset(struct kaudit_record *ar, gid_t *gidset, + u_int gidset_size) +{ + int i; + + KASSERT(ar != NULL, ("audit_record_arg_groupset: ar == NULL")); + for (i = 0; i < gidset_size; i++) ar->k_ar.ar_arg_groups.gidset[i] = gidset[i]; ar->k_ar.ar_arg_groups.gidset_size = gidset_size; @@ -247,7 +349,7 @@ } void -audit_arg_login(char *login) +audit_arg_groupset(gid_t *gidset, u_int gidset_size) { struct kaudit_record *ar; @@ -255,12 +357,20 @@ if (ar == NULL) return; + audit_record_arg_groupset(ar, gidset, gidset_size); +} + +void +audit_record_arg_login(struct kaudit_record *ar, char *login) +{ + KASSERT(ar != NULL, ("audit_record_arg_login: ar == NULL")); + strlcpy(ar->k_ar.ar_arg_login, login, MAXLOGNAME); ARG_SET_VALID(ar, ARG_LOGIN); } void -audit_arg_ctlname(int *name, int namelen) +audit_arg_login(char *login) { struct kaudit_record *ar; @@ -268,13 +378,21 @@ if (ar == NULL) return; + audit_record_arg_login(ar, login); +} + +void +audit_record_arg_ctlname(struct kaudit_record *ar, int *name, int namelen) +{ + KASSERT(ar != NULL, ("audit_record_arg_ctlname: ar == NULL")); + bcopy(name, &ar->k_ar.ar_arg_ctlname, namelen * sizeof(int)); ar->k_ar.ar_arg_len = namelen; ARG_SET_VALID(ar, ARG_CTLNAME | ARG_LEN); } void -audit_arg_mask(int mask) +audit_arg_ctlname(int *name, int namelen) { struct kaudit_record *ar; @@ -282,12 +400,20 @@ if (ar == NULL) return; + audit_record_arg_ctlname(ar, name, namelen); +} + +void +audit_record_arg_mask(struct kaudit_record *ar, int mask) +{ + KASSERT(ar != NULL, ("audit_record_arg_mask: ar == NULL")); + ar->k_ar.ar_arg_mask = mask; ARG_SET_VALID(ar, ARG_MASK); } void -audit_arg_mode(mode_t mode) +audit_arg_mask(int mask) { struct kaudit_record *ar; @@ -295,12 +421,20 @@ if (ar == NULL) return; + audit_record_arg_mask(ar, mask); +} + +void +audit_record_arg_mode(struct kaudit_record *ar, mode_t mode) +{ + KASSERT(ar != NULL, ("audit_record_arg_mode: ar == NULL")); + ar->k_ar.ar_arg_mode = mode; ARG_SET_VALID(ar, ARG_MODE); } void -audit_arg_dev(int dev) +audit_arg_mode(mode_t mode) { struct kaudit_record *ar; @@ -308,12 +442,20 @@ if (ar == NULL) return; + audit_record_arg_mode(ar, mode); +} + +void +audit_record_arg_dev(struct kaudit_record *ar, int dev) +{ + KASSERT(ar != NULL, ("audit_record_arg_dev: ar == NULL")); + ar->k_ar.ar_arg_dev = dev; ARG_SET_VALID(ar, ARG_DEV); } void -audit_arg_value(long value) +audit_arg_dev(int dev) { struct kaudit_record *ar; @@ -321,12 +463,20 @@ if (ar == NULL) return; + audit_record_arg_dev(ar, dev); +} + +void +audit_record_arg_value(struct kaudit_record *ar, long value) +{ + KASSERT(ar != NULL, ("audit_record_arg_value: ar == NULL")); + ar->k_ar.ar_arg_value = value; ARG_SET_VALID(ar, ARG_VALUE); } void -audit_arg_owner(uid_t uid, gid_t gid) +audit_arg_value(long value) { struct kaudit_record *ar; @@ -334,13 +484,21 @@ if (ar == NULL) return; + audit_record_arg_value(ar, value); +} + +void +audit_record_arg_owner(struct kaudit_record *ar, uid_t uid, gid_t gid) +{ + KASSERT(ar != NULL, ("audit_record_arg_owner: ar == NULL")); + ar->k_ar.ar_arg_uid = uid; ar->k_ar.ar_arg_gid = gid; ARG_SET_VALID(ar, ARG_UID | ARG_GID); } void -audit_arg_pid(pid_t pid) +audit_arg_owner(uid_t uid, gid_t gid) { struct kaudit_record *ar; @@ -348,23 +506,38 @@ if (ar == NULL) return; + audit_record_arg_owner(ar, uid, gid); +} + +void +audit_record_arg_pid(struct kaudit_record *ar, pid_t pid) +{ + KASSERT(ar != NULL, ("audit_record_arg_pid: ar == NULL")); + ar->k_ar.ar_arg_pid = pid; ARG_SET_VALID(ar, ARG_PID); } void -audit_arg_process(struct proc *p) +audit_arg_pid(pid_t pid) { struct kaudit_record *ar; - KASSERT(p != NULL, ("audit_arg_process: p == NULL")); - - PROC_LOCK_ASSERT(p, MA_OWNED); - ar = currecord(); if (ar == NULL) return; + audit_record_arg_pid(ar, pid); +} + +void +audit_record_arg_process(struct kaudit_record *ar, struct proc *p) +{ + KASSERT(ar != NULL, ("audit_record_arg_process: ar == NULL")); + KASSERT(p != NULL, ("audit_record_arg_process: p == NULL")); + + PROC_LOCK_ASSERT(p, MA_OWNED); + ar->k_ar.ar_arg_auid = p->p_ucred->cr_audit.ai_auid; ar->k_ar.ar_arg_euid = p->p_ucred->cr_uid; ar->k_ar.ar_arg_egid = p->p_ucred->cr_groups[0]; @@ -378,7 +551,7 @@ } void -audit_arg_signum(u_int signum) +audit_arg_process(struct proc *p) { struct kaudit_record *ar; @@ -386,12 +559,20 @@ if (ar == NULL) return; + audit_record_arg_process(ar, p); +} + +void +audit_record_arg_signum(struct kaudit_record *ar, u_int signum) +{ + KASSERT(ar != NULL, ("audit_record_arg_signum: ar == NULL")); + ar->k_ar.ar_arg_signum = signum; ARG_SET_VALID(ar, ARG_SIGNUM); } void -audit_arg_socket(int sodomain, int sotype, int soprotocol) +audit_arg_signum(u_int signum) { struct kaudit_record *ar; @@ -399,6 +580,15 @@ if (ar == NULL) return; + audit_record_arg_signum(ar, signum); +} + +void +audit_record_arg_socket(struct kaudit_record *ar, int sodomain, int sotype, + int soprotocol) +{ + KASSERT(ar != NULL, ("audit_record_arg_socket: ar == NULL")); + ar->k_ar.ar_arg_sockinfo.so_domain = sodomain; ar->k_ar.ar_arg_sockinfo.so_type = sotype; ar->k_ar.ar_arg_sockinfo.so_protocol = soprotocol; @@ -406,17 +596,25 @@ } void -audit_arg_sockaddr(struct thread *td, struct sockaddr *sa) +audit_arg_socket(int sodomain, int sotype, int soprotocol) { struct kaudit_record *ar; - KASSERT(td != NULL, ("audit_arg_sockaddr: td == NULL")); - KASSERT(sa != NULL, ("audit_arg_sockaddr: sa == NULL")); - ar = currecord(); if (ar == NULL) return; + audit_record_arg_socket(ar, sodomain, sotype, soprotocol); +} + +void +audit_record_arg_sockaddr(struct kaudit_record *ar, struct thread *td, + struct sockaddr *sa) +{ + KASSERT(ar != NULL, ("audit_record_arg_sockaddr: ar == NULL")); + KASSERT(td != NULL, ("audit_record_arg_sockaddr: td == NULL")); + KASSERT(sa != NULL, ("audit_record_arg_sockaddr: sa == NULL")); + bcopy(sa, &ar->k_ar.ar_arg_sockaddr, sa->sa_len); switch (sa->sa_family) { case AF_INET: @@ -428,8 +626,8 @@ break; case AF_UNIX: - audit_arg_upath(td, ((struct sockaddr_un *)sa)->sun_path, - ARG_UPATH1); + audit_record_arg_upath(ar, td, + ((struct sockaddr_un *)sa)->sun_path, ARG_UPATH1); ARG_SET_VALID(ar, ARG_SADDRUNIX); break; /* XXXAUDIT: default:? */ @@ -437,7 +635,7 @@ } void -audit_arg_auid(uid_t auid) +audit_arg_sockaddr(struct thread *td, struct sockaddr *sa) { struct kaudit_record *ar; @@ -445,12 +643,20 @@ if (ar == NULL) return; + audit_record_arg_sockaddr(ar, td, sa); +} + +void +audit_record_arg_auid(struct kaudit_record *ar, uid_t auid) +{ + KASSERT(ar != NULL, ("audit_record_arg_auid: ar == NULL")); + ar->k_ar.ar_arg_auid = auid; ARG_SET_VALID(ar, ARG_AUID); } void -audit_arg_auditinfo(struct auditinfo *au_info) +audit_arg_auid(uid_t auid) { struct kaudit_record *ar; @@ -458,6 +664,14 @@ if (ar == NULL) return; + audit_record_arg_auid(ar, auid); +} + +void +audit_record_arg_auditinfo(struct kaudit_record *ar, struct auditinfo *au_info) +{ + KASSERT(ar != NULL, ("audit_record_arg_auditinfo: ar == NULL")); + ar->k_ar.ar_arg_auid = au_info->ai_auid; ar->k_ar.ar_arg_asid = au_info->ai_asid; ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success; @@ -468,7 +682,7 @@ } void -audit_arg_auditinfo_addr(struct auditinfo_addr *au_info) +audit_arg_auditinfo(struct auditinfo *au_info) { struct kaudit_record *ar; @@ -476,6 +690,15 @@ if (ar == NULL) return; + audit_record_arg_auditinfo(ar, au_info); +} + +void +audit_record_arg_auditinfo_addr(struct kaudit_record *ar, + struct auditinfo_addr *au_info) +{ + KASSERT(ar != NULL, ("audit_record_arg_auditinfo_addr: ar == NULL")); + ar->k_ar.ar_arg_auid = au_info->ai_auid; ar->k_ar.ar_arg_asid = au_info->ai_asid; ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success; @@ -490,16 +713,23 @@ } void -audit_arg_text(char *text) +audit_arg_auditinfo_addr(struct auditinfo_addr *au_info) { struct kaudit_record *ar; - KASSERT(text != NULL, ("audit_arg_text: text == NULL")); - ar = currecord(); if (ar == NULL) return; + audit_record_arg_auditinfo_addr(ar, au_info); +} + +void +audit_record_arg_text(struct kaudit_record *ar, char *text) +{ + KASSERT(ar != NULL, ("audit_record_arg_text: ar == NULL")); + KASSERT(text != NULL, ("audit_record_arg_text: text == NULL")); + /* Invalidate the text string */ ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_TEXT); @@ -512,7 +742,7 @@ } void -audit_arg_cmd(int cmd) +audit_arg_text(char *text) { struct kaudit_record *ar; @@ -520,12 +750,20 @@ if (ar == NULL) return; + audit_record_arg_text(ar, text); +} + +void +audit_record_arg_cmd(struct kaudit_record *ar, int cmd) +{ + KASSERT(ar != NULL, ("audit_record_arg_cmd: ar == NULL")); + ar->k_ar.ar_arg_cmd = cmd; ARG_SET_VALID(ar, ARG_CMD); } void -audit_arg_svipc_cmd(int cmd) +audit_arg_cmd(int cmd) { struct kaudit_record *ar; @@ -533,12 +771,20 @@ if (ar == NULL) return; + audit_record_arg_cmd(ar, cmd); +} + +void +audit_record_arg_svipc_cmd(struct kaudit_record *ar, int cmd) +{ + KASSERT(ar != NULL, ("audit_record_arg_svipc_cmd: ar == NULL")); + ar->k_ar.ar_arg_svipc_cmd = cmd; ARG_SET_VALID(ar, ARG_SVIPC_CMD); } void -audit_arg_svipc_perm(struct ipc_perm *perm) +audit_arg_svipc_cmd(int cmd) { struct kaudit_record *ar; @@ -546,13 +792,21 @@ if (ar == NULL) >>> TRUNCATED FOR MAIL (1000 lines) <<<