From owner-p4-projects@FreeBSD.ORG Thu Oct 20 00:12:53 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 5DD8416A421; Thu, 20 Oct 2005 00:12:52 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 107BD16A41F for ; Thu, 20 Oct 2005 00:12:52 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id B24BE43D62 for ; Thu, 20 Oct 2005 00:12:51 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j9K0CpdF032985 for ; Thu, 20 Oct 2005 00:12:51 GMT (envelope-from wsalamon@computer.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j9K0CpU4032982 for perforce@freebsd.org; Thu, 20 Oct 2005 00:12:51 GMT (envelope-from wsalamon@computer.org) Date: Thu, 20 Oct 2005 00:12:51 GMT Message-Id: <200510200012.j9K0CpU4032982@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to wsalamon@computer.org using -f From: Wayne Salamon To: Perforce Change Reviews Cc: Subject: PERFORCE change 85581 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2005 00:12:53 -0000 http://perforce.freebsd.org/chv.cgi?CH=85581 Change 85581 by wsalamon@gretsch on 2005/10/20 00:12:34 Remove the adding of a path when auditing a vnode. For system calls that use a path, that path is audited, along with the vnode, if found. For calls that use a file descriptor, only the vnode info is audited if appropriate (non-file ops have other auditing). The reason this path auditing was removed is that there is no simple method to associate a vnode to a path; what is in the name cache may not have any relation to the process activity that is being audited, leading to confusion. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/kern/kern_acct.c#6 edit .. //depot/projects/trustedbsd/audit3/sys/kern/kern_exec.c#6 edit .. //depot/projects/trustedbsd/audit3/sys/kern/vfs_lookup.c#8 edit .. //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#18 edit .. //depot/projects/trustedbsd/audit3/sys/kern/vfs_vnops.c#7 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#5 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#7 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#10 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#48 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#25 edit .. //depot/projects/trustedbsd/audit3/sys/sys/namei.h#4 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/kern/kern_acct.c#6 (text+ko) ==== @@ -143,7 +143,7 @@ * appending and make sure it's a 'normal'. */ if (uap->path != NULL) { - NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); flags = FWRITE | O_APPEND; error = vn_open(&nd, &flags, 0, -1); ==== //depot/projects/trustedbsd/audit3/sys/kern/kern_exec.c#6 (text+ko) ==== @@ -356,7 +356,7 @@ */ ndp = &nd; NDINIT(ndp, LOOKUP, ISOPEN | LOCKLEAF | FOLLOW | SAVENAME | MPSAFE | - AUDITVNPATH1, UIO_SYSSPACE, args->fname, td); + AUDITVNODE1, UIO_SYSSPACE, args->fname, td); interpret: error = namei(ndp); ==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_lookup.c#8 (text+ko) ==== @@ -148,9 +148,9 @@ MAXPATHLEN, (size_t *)&ndp->ni_pathlen); /* If we are auditing the kernel pathname, save the user pathname */ - if (cnp->cn_flags & AUDITVNPATH1) + if (cnp->cn_flags & AUDITVNODE1) AUDIT_ARG(upath, td, cnp->cn_pnbuf, ARG_UPATH1); - if (cnp->cn_flags & AUDITVNPATH2) + if (cnp->cn_flags & AUDITVNODE2) AUDIT_ARG(upath, td, cnp->cn_pnbuf, ARG_UPATH2); /* @@ -467,10 +467,10 @@ } ndp->ni_vp = dp; - if (cnp->cn_flags & AUDITVNPATH1) - AUDIT_ARG(vnpath, dp, ARG_VNODE1); - else if (cnp->cn_flags & AUDITVNPATH2) - AUDIT_ARG(vnpath, dp, ARG_VNODE2); + if (cnp->cn_flags & AUDITVNODE1) + AUDIT_ARG(vnode, dp, ARG_VNODE1); + else if (cnp->cn_flags & AUDITVNODE2) + AUDIT_ARG(vnode, dp, ARG_VNODE2); if (!(cnp->cn_flags & (LOCKPARENT | LOCKLEAF))) VOP_UNLOCK(dp, 0, td); @@ -716,10 +716,10 @@ } else if ((cnp->cn_flags & LOCKPARENT) == 0 && ndp->ni_dvp != dp) VOP_UNLOCK(ndp->ni_dvp, 0, td); - if (cnp->cn_flags & AUDITVNPATH1) - AUDIT_ARG(vnpath, dp, ARG_VNODE1); - else if (cnp->cn_flags & AUDITVNPATH2) - AUDIT_ARG(vnpath, dp, ARG_VNODE2); + if (cnp->cn_flags & AUDITVNODE1) + AUDIT_ARG(vnode, dp, ARG_VNODE1); + else if (cnp->cn_flags & AUDITVNODE2) + AUDIT_ARG(vnode, dp, ARG_VNODE2); if ((cnp->cn_flags & LOCKLEAF) == 0) VOP_UNLOCK(dp, 0, td); ==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#18 (text+ko) ==== @@ -195,7 +195,7 @@ if (jailed(td->td_ucred) && !prison_quotas) return (EPERM); mtx_lock(&Giant); - NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1, UIO_USERSPACE, uap->path, + NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); if ((error = namei(&nd)) != 0) { mtx_unlock(&Giant); @@ -251,7 +251,7 @@ struct nameidata nd; mtx_lock(&Giant); - NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1, pathseg, path, td); + NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td); error = namei(&nd); if (error) { mtx_unlock(&Giant); @@ -332,7 +332,7 @@ #ifdef AUDIT vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1); + AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); VOP_UNLOCK(fp->f_vnode, 0, td); #endif @@ -696,7 +696,7 @@ fdrop(fp, td); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnpath, vp, ARG_VNODE1); + AUDIT_ARG(vnode, vp, ARG_VNODE1); if (vp->v_type != VDIR) error = ENOTDIR; @@ -765,7 +765,7 @@ struct vnode *vp; int vfslocked; - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNPATH1 | MPSAFE, + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1 | MPSAFE, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -848,7 +848,7 @@ error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL); if (error) return (error); - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) @@ -992,7 +992,7 @@ /* An extra reference on `nfp' has been held for us by falloc(). */ fp = nfp; cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) &~ S_ISTXT; - NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1, pathseg, path, td); + NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td); td->td_dupfd = -1; /* XXX check for fdopen */ error = vn_open(&nd, &flags, cmode, indx); if (error) { @@ -1200,7 +1200,7 @@ return (error); restart: bwillwrite(); - NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -1305,7 +1305,7 @@ restart: bwillwrite(); - NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -1429,7 +1429,7 @@ int error; bwillwrite(); - NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNPATH1, segflg, path, td); + NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, segflg, path, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); @@ -1445,7 +1445,7 @@ VFS_UNLOCK_GIANT(vfslocked); return (error); } - NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNPATH2, + NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE2, segflg, link, td); if ((error = namei(&nd)) == 0) { lvfslocked = NDHASGIANT(&nd); @@ -1520,7 +1520,7 @@ } restart: bwillwrite(); - NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, segflg, link, td); if ((error = namei(&nd)) != 0) goto out; @@ -1589,7 +1589,7 @@ restart: bwillwrite(); - NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | MPSAFE | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) @@ -1656,7 +1656,7 @@ restart: bwillwrite(); - NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -1899,7 +1899,7 @@ tmpcred->cr_uid = cred->cr_ruid; tmpcred->cr_groups[0] = cred->cr_rgid; td->td_ucred = tmpcred; - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) goto out1; @@ -1938,7 +1938,7 @@ int vfslocked; int error; - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, UIO_USERSPACE, uap->path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2074,7 +2074,7 @@ int error, vfslocked; NDINIT(&nd, LOOKUP, - FOLLOW | LOCKSHARED | LOCKLEAF | MPSAFE | AUDITVNPATH1, + FOLLOW | LOCKSHARED | LOCKLEAF | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2124,7 +2124,7 @@ int error, vfslocked; NDINIT(&nd, LOOKUP, - NOFOLLOW | LOCKLEAF | LOCKSHARED | MPSAFE | AUDITVNPATH1, + NOFOLLOW | LOCKLEAF | LOCKSHARED | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2249,7 +2249,7 @@ struct nameidata nd; int error, vfslocked; - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2301,7 +2301,7 @@ struct nameidata nd; int vfslocked; - NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2365,7 +2365,7 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnpath, vp, ARG_VNODE1); + AUDIT_ARG(vnode, vp, ARG_VNODE1); VATTR_NULL(&vattr); vattr.va_flags = flags; #ifdef MAC @@ -2400,7 +2400,7 @@ int vfslocked; AUDIT_ARG(fflags, uap->flags); - NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE, uap->path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2428,7 +2428,7 @@ int vfslocked; AUDIT_ARG(fflags, uap->flags); - NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE, uap->path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2531,7 +2531,7 @@ int vfslocked; AUDIT_ARG(mode, mode); - NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNPATH1, pathseg, path, + NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2565,7 +2565,7 @@ int vfslocked; AUDIT_ARG(mode, (mode_t)uap->mode); - NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE, uap->path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2604,7 +2604,7 @@ return (error); vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); - AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1); + AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); error = setfmode(td, fp->f_vnode, uap->mode); fdrop(fp, td); @@ -2630,7 +2630,7 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnpath, vp, ARG_VNODE1); + AUDIT_ARG(vnode, vp, ARG_VNODE1); VATTR_NULL(&vattr); vattr.va_uid = uid; vattr.va_gid = gid; @@ -2677,7 +2677,7 @@ int vfslocked; AUDIT_ARG(owner, uid, gid); - NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNPATH1, pathseg, path, + NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2721,7 +2721,7 @@ int vfslocked; AUDIT_ARG(owner, uid, gid); - NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNPATH1, pathseg, path, + NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2818,7 +2818,7 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnpath, vp, ARG_VNODE1); + AUDIT_ARG(vnode, vp, ARG_VNODE1); setbirthtime = 0; if (numtimes < 3 && VOP_GETATTR(vp, &vattr, td->td_ucred, td) == 0 && timespeccmp(&ts[1], &vattr.va_birthtime, < )) @@ -2876,7 +2876,7 @@ if ((error = getutimes(tptr, tptrseg, ts)) != 0) return (error); - NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNPATH1, pathseg, path, + NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -2921,7 +2921,7 @@ if ((error = getutimes(tptr, tptrseg, ts)) != 0) return (error); - NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNPATH1, pathseg, path, + NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -3011,7 +3011,7 @@ if (length < 0) return(EINVAL); - NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNPATH1, pathseg, path, + NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -3085,7 +3085,7 @@ goto drop; VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1); + AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); if (vp->v_type == VDIR) error = EISDIR; #ifdef MAC @@ -3242,10 +3242,10 @@ bwillwrite(); #ifdef MAC NDINIT(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | MPSAFE | - AUDITVNPATH1, pathseg, from, td); + AUDITVNODE1, pathseg, from, td); #else NDINIT(&fromnd, DELETE, WANTPARENT | SAVESTART | MPSAFE | - AUDITVNPATH1, pathseg, from, td); + AUDITVNODE1, pathseg, from, td); #endif if ((error = namei(&fromnd)) != 0) return (error); @@ -3267,7 +3267,7 @@ goto out1; } NDINIT(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART | - MPSAFE | AUDITVNPATH2, pathseg, to, td); + MPSAFE | AUDITVNODE2, pathseg, to, td); if (fromnd.ni_vp->v_type == VDIR) tond.ni_cnd.cn_flags |= WILLBEDIR; if ((error = namei(&tond)) != 0) { @@ -3377,7 +3377,7 @@ restart: bwillwrite(); - NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, segflg, path, td); nd.ni_cnd.cn_flags |= WILLBEDIR; if ((error = namei(&nd)) != 0) @@ -3462,7 +3462,7 @@ restart: bwillwrite(); - NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); @@ -3728,7 +3728,7 @@ auio.uio_resid = uap->count; /* vn_lock(vp, LK_SHARED | LK_RETRY, td); */ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1); + AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1); loff = auio.uio_offset = fp->f_offset; #ifdef MAC @@ -3852,7 +3852,7 @@ struct nameidata nd; int vfslocked; - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, UIO_USERSPACE, uap->path, td); if ((error = namei(&nd)) != 0) return (error); @@ -3941,7 +3941,7 @@ error = suser(td); if (error) return (error); - NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, UIO_USERSPACE, uap->fname, td); error = namei(&nd); if (error) @@ -3980,7 +3980,7 @@ error = suser(td); if (error) return (error); - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1, + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, UIO_USERSPACE, uap->fname, td); error = namei(&nd); if (error) @@ -4369,7 +4369,7 @@ filename_vp = NULL; if (uap->filename != NULL) { NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | LOCKLEAF | - AUDITVNPATH2, UIO_USERSPACE, uap->filename, td); + AUDITVNODE2, UIO_USERSPACE, uap->filename, td); error = namei(&nd); if (error) return (error); @@ -4379,7 +4379,7 @@ } /* uap->path is always defined. */ - NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) { @@ -4524,7 +4524,7 @@ if (error) return (error); - NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) @@ -4559,7 +4559,7 @@ if (error) return (error); - NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) @@ -4698,7 +4698,7 @@ if (error) return (error); - NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) @@ -4733,7 +4733,7 @@ if (error) return (error); - NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) @@ -4839,7 +4839,7 @@ if (error) return(error); - NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) @@ -4870,7 +4870,7 @@ if (error) return(error); - NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) @@ -4990,7 +4990,7 @@ struct nameidata nd; int vfslocked, error; - NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) @@ -5019,7 +5019,7 @@ struct nameidata nd; int vfslocked, error; - NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE, + NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, td); error = namei(&nd); if (error) ==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_vnops.c#7 (text+ko) ==== @@ -119,7 +119,7 @@ if (fmode & O_CREAT) { ndp->ni_cnd.cn_nameiop = CREATE; ndp->ni_cnd.cn_flags = ISOPEN | LOCKPARENT | LOCKLEAF | - MPSAFE | AUDITVNPATH1; + MPSAFE | AUDITVNODE1; if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0) ndp->ni_cnd.cn_flags |= FOLLOW; bwillwrite(); @@ -179,7 +179,7 @@ ndp->ni_cnd.cn_nameiop = LOOKUP; ndp->ni_cnd.cn_flags = ISOPEN | ((fmode & O_NOFOLLOW) ? NOFOLLOW : FOLLOW) | - LOCKSHARED | LOCKLEAF | MPSAFE | AUDITVNPATH1; + LOCKSHARED | LOCKLEAF | MPSAFE | AUDITVNODE1; if ((error = namei(ndp)) != 0) return (error); ndp->ni_cnd.cn_flags &= ~MPSAFE; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#5 (text+ko) ==== @@ -80,8 +80,8 @@ #define ARG_SADDRINET 0x0000000000100000ULL #define ARG_SADDRINET6 0x0000000000200000ULL #define ARG_SADDRUNIX 0x0000000000400000ULL -#define ARG_KPATH1 0x0000000000800000ULL -#define ARG_KPATH2 0x0000000001000000ULL +#define ARG_UNUSED1 0x0000000000800000ULL +#define ARG_UNUSED2 0x0000000001000000ULL #define ARG_UPATH1 0x0000000002000000ULL #define ARG_UPATH2 0x0000000004000000ULL #define ARG_TEXT 0x0000000008000000ULL @@ -152,7 +152,7 @@ void audit_arg_auditinfo(struct auditinfo *au_info); void audit_arg_upath(struct thread *td, char *upath, u_int64_t flags); -void audit_arg_vnpath(struct vnode *vp, u_int64_t flags); +void audit_arg_vnode(struct vnode *vp, u_int64_t flags); void audit_arg_text(char *text); void audit_arg_cmd(int cmd); void audit_arg_svipc_cmd(int cmd); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#7 (text+ko) ==== @@ -600,7 +600,7 @@ vp = fp->f_vnode; vfslocked = VFS_LOCK_GIANT(vp->v_mount); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, curthread); - audit_arg_vnpath(vp, ARG_VNODE1); + audit_arg_vnode(vp, ARG_VNODE1); VOP_UNLOCK(vp, 0, curthread); VFS_UNLOCK_GIANT(vfslocked); break; @@ -702,12 +702,11 @@ * XXXAUDIT: Possibly KASSERT the path pointer is NULL? */ void -audit_arg_vnpath(struct vnode *vp, u_int64_t flags) +audit_arg_vnode(struct vnode *vp, u_int64_t flags) { struct kaudit_record *ar; struct vattr vattr; int error; - char **pathp, *retbuf, *freebuf; struct vnode_au_info *vnp; struct thread *td; @@ -718,11 +717,11 @@ return; /* - * Assume that if the caller is calling audit_arg_vnpath() on a + * Assume that if the caller is calling audit_arg_vnode() on a * non-MPSAFE vnode, then it will have acquired Giant. */ VFS_ASSERT_GIANT(vp->v_mount); - ASSERT_VOP_LOCKED(vp, "audit_arg_vnpath"); + ASSERT_VOP_LOCKED(vp, "audit_arg_vnode"); ar = currecord(); if (ar == NULL) /* This will be the case for unaudited system calls */ @@ -732,7 +731,7 @@ * XXXAUDIT: KASSERT argument validity instead? * * XXXAUDIT: The below clears, and then resets the flags for valid - * arguments. Ideally, either the new path is used, or the old one + * arguments. Ideally, either the new vnode is used, or the old one * would be. */ if ((flags & (ARG_VNODE1 | ARG_VNODE2)) == 0) @@ -741,40 +740,13 @@ td = curthread; if (flags & ARG_VNODE1) { - ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_KPATH1); ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_VNODE1); - pathp = &ar->k_ar.ar_arg_kpath1; vnp = &ar->k_ar.ar_arg_vnode1; } else { - ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_KPATH2); ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_VNODE2); - pathp = &ar->k_ar.ar_arg_kpath2; vnp = &ar->k_ar.ar_arg_vnode2; } - if (*pathp == NULL) - *pathp = malloc(MAXPATHLEN, M_AUDIT, M_WAITOK); - - /* - * Copy the path looked up by the vn_fullpath() function. - * - * XXX: Note that in FreeBSD, vn_fullpath() is unreliable, so if - * it fails, we just have a zero-length string. Perhaps instead - * we should not include a path token...? - */ - if (vn_fullpath(td, vp, &retbuf, &freebuf) == 0) { - /* Copy and free buffer allocated by vn_fullpath() */ - strlcpy(*pathp, retbuf, MAXPATHLEN); - free(freebuf, M_TEMP); - } else { - (*pathp)[0] = '\0'; - } - - if (flags & ARG_VNODE1) - ARG_SET_VALID(ar, ARG_KPATH1); - else - ARG_SET_VALID(ar, ARG_KPATH2); - error = VOP_GETATTR(vp, &vattr, td->td_ucred, td); if (error) { /* XXX: How to handle this case? */ @@ -814,7 +786,7 @@ vp = fp->f_vnode; vfslocked = VFS_LOCK_GIANT(vp->v_mount); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - audit_arg_vnpath(vp, ARG_VNODE1); + audit_arg_vnode(vp, ARG_VNODE1); VOP_UNLOCK(vp, 0, td); VFS_UNLOCK_GIANT(vfslocked); fdrop(fp, td); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#10 (text+ko) ==== @@ -170,8 +170,6 @@ struct socket_au_info ar_arg_sockinfo; char *ar_arg_upath1; char *ar_arg_upath2; - char *ar_arg_kpath1; - char *ar_arg_kpath2; char *ar_arg_text; struct au_mask ar_arg_amask; struct vnode_au_info ar_arg_vnode1; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#48 (text+ko) ==== @@ -192,12 +192,6 @@ if (ar->k_ar.ar_arg_upath2 != NULL) { free(ar->k_ar.ar_arg_upath2, M_AUDIT); } - if (ar->k_ar.ar_arg_kpath1 != NULL) { - free(ar->k_ar.ar_arg_kpath1, M_AUDIT); - } - if (ar->k_ar.ar_arg_kpath2 != NULL) { - free(ar->k_ar.ar_arg_kpath2, M_AUDIT); - } if (ar->k_ar.ar_arg_text != NULL) { free(ar->k_ar.ar_arg_text, M_AUDIT); } ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#25 (text+ko) ==== @@ -177,22 +177,15 @@ } \ } while (0) -#define KPATH1_VNODE1_TOKENS do { \ - if (ARG_IS_VALID(kar, ARG_KPATH1)) { \ - tok = au_to_path(ar->ar_arg_kpath1); \ - kau_write(rec, tok); \ - } \ +#define VNODE1_TOKENS do { \ if (ARG_IS_VALID(kar, ARG_VNODE1)) { \ tok = au_to_attr32(&ar->ar_arg_vnode1); \ kau_write(rec, tok); \ } \ } while (0) -#define KPATH1_VNODE1_OR_UPATH1_TOKENS do { \ - if (ARG_IS_VALID(kar, ARG_KPATH1)) { \ - tok = au_to_path(ar->ar_arg_kpath1); \ - kau_write(rec, tok); \ - } else { \ +#define UPATH1_VNODE1_TOKENS do { \ + if (ARG_IS_VALID(kar, ARG_UPATH1)) { \ UPATH1_TOKENS; \ } \ if (ARG_IS_VALID(kar, ARG_VNODE1)) { \ @@ -201,28 +194,26 @@ } \ } while (0) -#define KPATH2_VNODE2_TOKENS do { \ - if (ARG_IS_VALID(kar, ARG_KPATH2)) { \ - tok = au_to_path(ar->ar_arg_kpath2); \ - kau_write(rec, tok); \ - } \ +#define VNODE2_TOKENS do { \ if (ARG_IS_VALID(kar, ARG_VNODE2)) { \ tok = au_to_attr32(&ar->ar_arg_vnode2); \ kau_write(rec, tok); \ } \ } while (0) -#define FD_KPATH1_VNODE1_TOKENS do { \ - if (ARG_IS_VALID(kar, ARG_KPATH1)) { \ - tok = au_to_path(ar->ar_arg_kpath1); \ +#define FD_VNODE1_TOKENS do { \ + if (ARG_IS_VALID(kar, ARG_VNODE1)) { \ + tok = au_to_attr32(&ar->ar_arg_vnode1); \ kau_write(rec, tok); \ - if (ARG_IS_VALID(kar, ARG_VNODE1)) { \ - tok = au_to_attr32(&ar->ar_arg_vnode1); \ + if (ARG_IS_VALID(kar, ARG_FD)) { \ + tok = au_to_arg32(1, "fd", ar->ar_arg_fd); \ kau_write(rec, tok); \ } \ } else { \ - tok = au_to_arg32(1, "no path: fd", ar->ar_arg_fd); \ - kau_write(rec, tok); \ + if (ARG_IS_VALID(kar, ARG_FD)) { \ + tok = au_to_arg32(1, "non-file: fd", ar->ar_arg_fd);\ + kau_write(rec, tok); \ + } \ } \ } while (0) @@ -436,8 +427,8 @@ break; case AUE_ACCT: - if (ARG_IS_VALID(kar, ARG_KPATH1 | ARG_UPATH1)) { - KPATH1_VNODE1_OR_UPATH1_TOKENS; + if (ARG_IS_VALID(kar, ARG_UPATH1)) { + UPATH1_VNODE1_TOKENS; } else { tok = au_to_arg32(1, "accounting off", 0); kau_write(rec, tok); @@ -501,7 +492,7 @@ break; case AUE_AUDITCTL: - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_EXIT: @@ -544,21 +535,21 @@ case AUE_UNDELETE: case AUE_UNLINK: case AUE_UTIMES: - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_CHFLAGS: case AUE_LCHFLAGS: tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); kau_write(rec, tok); - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_CHMOD: case AUE_LCHMOD: tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode); kau_write(rec, tok); - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_CHOWN: @@ -567,24 +558,24 @@ kau_write(rec, tok); tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid); kau_write(rec, tok); - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_EXCHANGEDATA: - KPATH1_VNODE1_OR_UPATH1_TOKENS; - KPATH2_VNODE2_TOKENS; + UPATH1_VNODE1_TOKENS; + UPATH2_TOKENS; break; case AUE_CLOSE: tok = au_to_arg32(2, "fd", ar->ar_arg_fd); kau_write(rec, tok); - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_FCHMOD: tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode); kau_write(rec, tok); - FD_KPATH1_VNODE1_TOKENS; + FD_VNODE1_TOKENS; break; case AUE_FCHDIR: @@ -595,7 +586,7 @@ case AUE_FUTIMES: case AUE_GETDIRENTRIES: case AUE_GETDIRENTRIESATTR: - FD_KPATH1_VNODE1_TOKENS; + FD_VNODE1_TOKENS; break; case AUE_FCHOWN: @@ -603,7 +594,7 @@ kau_write(rec, tok); tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid); kau_write(rec, tok); - FD_KPATH1_VNODE1_TOKENS; + FD_VNODE1_TOKENS; break; case AUE_FCNTL: @@ -611,20 +602,20 @@ ar->ar_arg_cmd == F_SETLKW) { tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd); kau_write(rec, tok); - FD_KPATH1_VNODE1_TOKENS; + FD_VNODE1_TOKENS; } break; case AUE_FCHFLAGS: tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); kau_write(rec, tok); - FD_KPATH1_VNODE1_TOKENS; + FD_VNODE1_TOKENS; break; case AUE_FLOCK: tok = au_to_arg32(2, "operation", ar->ar_arg_cmd); kau_write(rec, tok); - FD_KPATH1_VNODE1_TOKENS; + FD_VNODE1_TOKENS; break; case AUE_RFORK: @@ -643,7 +634,7 @@ tok = au_to_arg32(1, "arg", (u_int32_t)ar->ar_arg_addr); kau_write(rec, tok); if (ARG_IS_VALID(kar, ARG_VNODE1)) { - FD_KPATH1_VNODE1_TOKENS; + FD_VNODE1_TOKENS; } else { if (ARG_IS_VALID(kar, ARG_SOCKINFO)) { tok = kau_to_socket(&ar->ar_arg_sockinfo); @@ -667,25 +658,25 @@ tok = au_to_arg32(3, "trpoints", ar->ar_arg_value); kau_write(rec, tok); PROCESS_PID_TOKENS(4); - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_LINK: case AUE_RENAME: - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; UPATH2_TOKENS; break; case AUE_LOADSHFILE: tok = au_to_arg32(4, "base addr", (u_int32_t)ar->ar_arg_addr); kau_write(rec, tok); - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_MKDIR: tok = au_to_arg32(2, "mode", ar->ar_arg_mode); kau_write(rec, tok); - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_MKNOD: @@ -693,7 +684,7 @@ kau_write(rec, tok); tok = au_to_arg32(3, "dev", ar->ar_arg_dev); kau_write(rec, tok); - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_MMAP: @@ -707,7 +698,7 @@ tok = au_to_arg32(2, "len", ar->ar_arg_len); kau_write(rec, tok); if (ar->ar_event == AUE_MMAP) - FD_KPATH1_VNODE1_TOKENS; + FD_VNODE1_TOKENS; if (ar->ar_event == AUE_MPROTECT) { tok = au_to_arg32(3, "protection", ar->ar_arg_value); kau_write(rec, tok); @@ -728,7 +719,7 @@ } /* fall through */ case AUE_UMOUNT: - KPATH1_VNODE1_OR_UPATH1_TOKENS; + UPATH1_VNODE1_TOKENS; break; case AUE_MSGCTL: @@ -775,8 +766,7 @@ case AUE_OPEN_WT: tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); kau_write(rec, tok); - UPATH1_TOKENS; /* Save the user space path */ - KPATH1_VNODE1_TOKENS; /* Audit the kernel path as well */ + UPATH1_VNODE1_TOKENS; break; >>> TRUNCATED FOR MAIL (1000 lines) <<<