From owner-p4-projects@FreeBSD.ORG  Wed Nov 19 23:35:51 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 381D61065675; Wed, 19 Nov 2008 23:35:51 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EF88B106564A
	for <perforce@freebsd.org>; Wed, 19 Nov 2008 23:35:50 +0000 (UTC)
	(envelope-from csjp@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id DFE618FC0C
	for <perforce@freebsd.org>; Wed, 19 Nov 2008 23:35:50 +0000 (UTC)
	(envelope-from csjp@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id mAJNZocG087740
	for <perforce@freebsd.org>; Wed, 19 Nov 2008 23:35:50 GMT
	(envelope-from csjp@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id mAJNZop4087738
	for perforce@freebsd.org; Wed, 19 Nov 2008 23:35:50 GMT
	(envelope-from csjp@freebsd.org)
Date: Wed, 19 Nov 2008 23:35:50 GMT
Message-Id: <200811192335.mAJNZop4087738@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	csjp@freebsd.org using -f
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 153250 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Nov 2008 23:35:51 -0000

http://perforce.freebsd.org/chv.cgi?CH=153250

Change 153250 by csjp@hvm02 on 2008/11/19 23:34:57

	Implement file system cache for BSM records.  This makes it possible
	to associate bsm records which reference file descriptiors instead
	of paths with a particular event.
	
	For example:
	If we had a sequence that watched for an open on file /x followed by
	a permission change, we can now detect:
	
	open(2)
	fchmod(2) (which operates on the fd and therefor doesn't audit a path)

Affected files ...

.. //depot/projects/trustedbsd/bsmtrace/bsm.c#3 edit
.. //depot/projects/trustedbsd/bsmtrace/deuce.h#3 edit
.. //depot/projects/trustedbsd/bsmtrace/fcache.c#4 edit
.. //depot/projects/trustedbsd/bsmtrace/fcache.h#3 edit

Differences ...

==== //depot/projects/trustedbsd/bsmtrace/bsm.c#3 (text+ko) ====

@@ -130,6 +130,8 @@
 	ap = &bm->bm_objects;
 	if (ap->a_cnt == 0)
 		return (1);
+	if (bd->br_dev != 0 && bd->br_inode != 0 && bd->br_path == NULL)
+		bd->br_path = fcache_search(bd->br_dev, bd->br_inode);
 	/*
 	 * We are interested in particular objects, but the audit record has
 	 * not supplied any.  We will treat this as a fail to match.
@@ -628,12 +630,19 @@
 			case AUT_RETURN64:
 				bd.br_status = tok.tt.ret64.err;
 				break;
+			case AUT_ATTR:
+			case AUT_ATTR32:
+				bd.br_dev = tok.tt.attr32.fsid;
+				bd.br_inode = tok.tt.attr32.nid;
+				break;
 			case AUT_PATH:
 				bd.br_path = tok.tt.path.path;
 				break;
 			}
 			bytesread += tok.len;
 		}
+		if (bd.br_path != NULL && bd.br_dev != 0 && bd.br_inode != 0)
+			fcache_add_entry(bd.br_dev, bd.br_inode, bd.br_path);
 		bsm_sequence_scan(&bd);
 		free(bsm_rec);
 		recsread++;

==== //depot/projects/trustedbsd/bsmtrace/deuce.h#3 (text+ko) ====

@@ -150,6 +150,8 @@
 	int		 br_raw_len;	/* Raw record length */
 	int		 br_pid;	/* Process ID */
 	int		 br_sid;	/* Session ID */
+	dev_t		 br_dev;	/* For fs objects, the device id. */
+	ino_t		 br_inode;	/* For fs objects, the inode. */
 };
 
 #endif	/* DEUCE_H_ */

==== //depot/projects/trustedbsd/bsmtrace/fcache.c#4 (text+ko) ====

@@ -82,6 +82,7 @@
 	dp = malloc(sizeof(*dp));
 	if (dp == NULL)
 		return (NULL);
+	dp->d_device = device;
 	RB_INIT(&dp->d_btree);
 	TAILQ_INSERT_HEAD(&cache_head, dp, d_glue);
 	return (dp);
@@ -104,14 +105,15 @@
 }
 
 void
-fache_add_entry(dev_t device, ino_t inode, char *pathname)
+fcache_add_entry(dev_t device, ino_t inode, char *pathname)
 {
 	struct dev_list *dp;
 	struct fcache *fcp;
+	char *ret;
 
-	/*
-	 * NB: We need an eviction strategy here.
-	 */
+	ret = fcache_search(device, inode);
+	if (ret != NULL)
+		return;
 	dp = fcache_locate(device);
 	if (dp == NULL) {
 		(void) fprintf(stderr, "failed to allocate cache\n");
@@ -124,6 +126,7 @@
 	}
 	fcp->f_inode = inode;
 	fcp->f_pathname = strdup(pathname);
-	(void) RB_INSERT(btree, &dp->d_btree, fcp);
+	if (RB_INSERT(btree, &dp->d_btree, fcp) != 0)
+		printf("item already existed\n");
 }
 

==== //depot/projects/trustedbsd/bsmtrace/fcache.h#3 (text+ko) ====

@@ -45,6 +45,6 @@
 void		 fcache_destroy(void);
 void		 fcache_init(void);
 char		*fcache_search(dev_t, ino_t);
-void		 fache_add_entry(dev_t, ino_t, char *);
+void		 fcache_add_entry(dev_t, ino_t, char *);
 
 #endif	/* FCACHE_DOT_H_ */