From owner-p4-projects@FreeBSD.ORG Mon Jun 22 09:48:49 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 5E9551065678; Mon, 22 Jun 2009 09:48:49 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1A4B21065673 for ; Mon, 22 Jun 2009 09:48:49 +0000 (UTC) (envelope-from marinosi@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 0785E8FC0A for ; Mon, 22 Jun 2009 09:48:49 +0000 (UTC) (envelope-from marinosi@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5M9mmLa078719 for ; Mon, 22 Jun 2009 09:48:48 GMT (envelope-from marinosi@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5M9mmvg078717 for perforce@freebsd.org; Mon, 22 Jun 2009 09:48:48 GMT (envelope-from marinosi@FreeBSD.org) Date: Mon, 22 Jun 2009 09:48:48 GMT Message-Id: <200906220948.n5M9mmvg078717@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to marinosi@FreeBSD.org using -f From: Ilias Marinos To: Perforce Change Reviews Cc: Subject: PERFORCE change 164840 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2009 09:48:50 -0000 http://perforce.freebsd.org/chv.cgi?CH=164840 Change 164840 by marinosi@marinosi_redrum on 2009/06/22 09:48:39 Special device node management added along with slice management (creation/initialization/removal etc). Affected files ... .. //depot/projects/soc2009/marinosi_appaudit/src/sys/conf/files#2 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#6 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#2 edit .. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#4 edit Differences ... ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/conf/files#2 (text+ko) ==== @@ -2537,6 +2537,7 @@ security/audit/audit_syscalls.c standard security/audit/audit_trigger.c optional audit security/audit/audit_worker.c optional audit +security/audit/audit_slice.c optional audit security/mac/mac_atalk.c optional mac netatalk security/mac/mac_audit.c optional mac audit security/mac/mac_cred.c optional mac ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#6 (text) ==== @@ -89,6 +89,9 @@ */ struct audit_slice *audit_base_slice = NULL; +/* Audit slice ptr -helper */ +struct audit_slice *as_ptr = NULL; + /* Audit slices queue */ struct audit_slice_queue audit_slice_q; @@ -631,18 +634,22 @@ audit_slice_create(char *name) { struct audit_slice *as = NULL; - int ret; + int err; - ret = 0; + err = 0; as = malloc(sizeof(*as), M_AUDITSLICE, M_WAITOK | M_ZERO); if ( as == NULL ) - ret = 1; /* Failed to allocate slice */ + err = 1; /* Failed to allocate slice */ + as_ptr = as; TAILQ_INSERT_TAIL(&audit_slice_q, as, as_q); /* Initialize the base slice */ audit_slice_init(as, name); + /* Create the special device node */ + audit_slice_cdev_init(as); + /* Start audit worker thread. */ audit_worker_init(as); } @@ -675,6 +682,8 @@ as->audit_nae_mask.am_success = 0; as->audit_nae_mask.am_failure = 0; + as->as_dev = NULL; + TAILQ_INIT(&(as->audit_q)); as->audit_q_len = 0; as->audit_pre_q_len = 0; @@ -706,6 +715,7 @@ { if (as != NULL) { TAILQ_REMOVE(&audit_slice_q, as, as_q); + destroy_dev(as->as_dev); free(as, M_AUDITSLICE); } } ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#2 (text+ko) ==== @@ -47,9 +47,11 @@ #include -#include +#include + + + -#define AUDIT_SLICE_DEV_MINOR 0 #define AUDIT_SLICE_DEV_NAME "something" @@ -78,14 +80,11 @@ .d_name = "AUDIT_SLICE_DEV_NAME", /* to be changed */ }; -/* For use with make_dev(9)/destroy_dev(9). - */ -static struct cdev *audit_slice_dev; - /* * Special device methods. */ + /* * Audit slice's device open method. Explicit privilege check isn't used as * this allows file permissions on the special device to be used to grant @@ -93,10 +92,19 @@ */ static int audit_slice_dev_open(struct cdev *dev, int oflags, int devtype, - struct thread *td, struct audit_slice *as) + struct thread *td) { + struct audit_slice *as; int error; + /* + * XXX: Using as_ptr to pass the audit_slice that "owns" the device. + * Refine the implementation and check for better ways to achieve + * that. + */ + as = as_ptr; + dev->si_drv1 = as; + /* Only one process may open the device at a time. */ mtx_lock(&(as->as_dev_mtx)); if (!as->as_dev_isopen) { @@ -114,9 +122,11 @@ */ static int audit_slice_dev_close(struct cdev *dev, int fflag, int devtype, - struct thread *td, struct audit_slice *as) + struct thread *td) +{ + struct audit_slice *as; -{ + as = dev->si_drv1; mtx_lock(&(as->as_dev_mtx)); as->as_dev_isopen = 1; /* Do something here */ @@ -145,7 +155,6 @@ { /* Actual work here */ - int c, error = 0; void *audit_slice_dev_buf; @@ -157,7 +166,7 @@ error = uiomove(audit_slice_dev_buf, c, uio); if (error) break; - (*random_systat.write)(random_buf, c); + //(*random_systat.write)(random_buf, c); } free(audit_slice_dev_buf, M_TEMP); @@ -168,32 +177,36 @@ /* * Ioctl method */ -audit_slice_dev_ioctl(struct cdev *dev, int events, struct thread *td) +static int +audit_slice_dev_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, + struct thread *td) { - /* Do we need ioctl ? */ + return (0); } /* - * poll method.(if needed) + * Poll method.(if needed) */ static int audit_slice_dev_poll(struct cdev *dev, int events, struct thread *td) { - + return (0); } /* Init the character device */ -static void +void audit_slice_cdev_init(struct audit_slice *as) { /* Create the special device file. */ - audit_dev = make_dev(&audit_cdevsw, 0, as->uid, as->gid, as->perms, - as->as_dev_name); + as->as_dev = make_dev(&audit_slice_cdevsw, as->unit, as->uid, as->gid, + as->perms, "%s", as->as_dev_name); } -/* Need to find a way to call the following with a new struct as arg every - * time */ -SYSINIT(audit_slice_cdev_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE, - audit_slice_cdev_init, NULL); +/* + * Need to find a way to call the following with a new struct as arg every + * time + */ +//SYSINIT(audit_slice_cdev_init, SI_SUB_DRIVERS, SI_ORDER_MIDDLE, +// audit_slice_cdev_init, NULL); ==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#4 (text+ko) ==== @@ -35,6 +35,7 @@ #define AUDIT_SLICE_NAME_LEN 20 #define AUDIT_DEV_NAME_LEN 20 + struct kaudit_record; /* @@ -146,13 +147,16 @@ * Applications need their slice device to submit their audit records. * Device specific variables here. */ + struct cdev *as_dev; char as_dev_name[AUDIT_DEV_NAME_LEN]; - int as_dev_isopen; - struct mtx as_dev_mtx; + int unit; uid_t uid; gid_t gid; int perms; + struct mtx as_dev_mtx; + int as_dev_isopen; + /* * Keep the several audit slices in a list */ @@ -165,6 +169,9 @@ /* Static allocation of the base slice */ extern struct audit_slice *audit_base_slice; +/* Audit slice ptr - helper */ +extern struct audit_slice *as_ptr; + /* Audit slices queue */ extern struct audit_slice_queue audit_slice_q; @@ -178,3 +185,4 @@ void audit_slice_init(struct audit_slice *as, char *name); void audit_slice_create(char *name); void audit_slice_destroy(struct audit_slice *as); +void audit_slice_cdev_init(struct audit_slice *as);