Date: Wed, 16 Jul 2008 22:42:36 GMT From: Diego Giagio <diego@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 145348 for review Message-ID: <200807162242.m6GMga5x032054@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=145348 Change 145348 by diego@diego_black on 2008/07/16 22:42:24 Finish audit support for pf admin events. Affected files ... .. //depot/projects/soc2008/diego-audit/src/sys/contrib/pf/net/pf_ioctl.c#7 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#10 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#8 edit Differences ... ==== //depot/projects/soc2008/diego-audit/src/sys/contrib/pf/net/pf_ioctl.c#7 (text+ko) ==== @@ -2933,6 +2933,8 @@ error = pfr_add_addrs(&io->pfrio_table, io->pfrio_buffer, io->pfrio_size, &io->pfrio_nadd, io->pfrio_flags | PFR_FLAG_USERIOCTL); + AUDIT_CALL(audit_pf_addtable(io->pfrio_table.pfrt_anchor, + io->pfrio_table.pfrt_name, io->pfrio_nadd, error)); break; } @@ -2946,6 +2948,8 @@ error = pfr_del_addrs(&io->pfrio_table, io->pfrio_buffer, io->pfrio_size, &io->pfrio_ndel, io->pfrio_flags | PFR_FLAG_USERIOCTL); + AUDIT_CALL(audit_pf_deltable(io->pfrio_table.pfrt_anchor, + io->pfrio_table.pfrt_name, io->pfrio_ndel, error)); break; } @@ -2960,6 +2964,12 @@ io->pfrio_size, &io->pfrio_size2, &io->pfrio_nadd, &io->pfrio_ndel, &io->pfrio_nchange, io->pfrio_flags | PFR_FLAG_USERIOCTL, 0); + AUDIT_CALL(audit_pf_deltable(io->pfrio_table.pfrt_anchor, + io->pfrio_table.pfrt_name, io->pfrio_ndel + + io->pfrio_nchange, error)); + AUDIT_CALL(audit_pf_addtable(io->pfrio_table.pfrt_anchor, + io->pfrio_table.pfrt_name, io->pfrio_nadd + + io->pfrio_nchange, error)); break; } ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#10 (text) ==== @@ -140,6 +140,8 @@ void audit_pf_addrule(char *anchor, int nrules, int error); void audit_pf_delrule(char *anchor, int error); void audit_pf_flush(char *anchor, int nrules, int error); +void audit_pf_addtable(char *anchor, char *table, int nadd, int error); +void audit_pf_deltable(char *anchor, char *table, int ndel, int error); /* * The remaining kernel functions are conditionally compiled in as they are ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#8 (text+ko) ==== @@ -274,3 +274,49 @@ audit_commit(ar, error, 0); } +static void +pf_table_to_text(char *anchor, char *table, int nentries, struct sbuf *sb) +{ + sbuf_printf(sb, "pf: "); + if (anchor != NULL) + sbuf_printf(sb, "anchor=%s, ", anchor); + if (table != NULL) + sbuf_printf(sb, "table=%s, ", table); + sbuf_printf(sb, "nentries=%u", nentries); + sbuf_finish(sb); +} + +void +audit_pf_addtable(char *anchor, char *table, int nadd, int error) +{ + struct kaudit_record *ar; + struct sbuf sb; + + ar = audit_begin(AUE_PFIL_POLICY_ADDTABLE, curthread); + if (ar == NULL) + return; + + sbuf_new(&sb, NULL, 0, SBUF_AUTOEXTEND); + pf_table_to_text(anchor, table, nadd, &sb); + audit_record_arg_text(ar, sbuf_data(&sb)); + sbuf_delete(&sb); + audit_commit(ar, error, 0); +} + +void +audit_pf_deltable(char *anchor, char *table, int ndel, int error) +{ + struct kaudit_record *ar; + struct sbuf sb; + + ar = audit_begin(AUE_PFIL_POLICY_DELTABLE, curthread); + if (ar == NULL) + return; + + sbuf_new(&sb, NULL, 0, SBUF_AUTOEXTEND); + pf_table_to_text(anchor, table, ndel, &sb); + audit_record_arg_text(ar, sbuf_data(&sb)); + sbuf_delete(&sb); + audit_commit(ar, error, 0); +} +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807162242.m6GMga5x032054>