Date: Thu, 14 Sep 2006 15:19:31 GMT From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 106100 for review Message-ID: <200609141519.k8EFJUgS020156@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=106100 Change 106100 by csjp@csjp_xor on 2006/09/14 15:19:12 Fix processing of userspace records, Right now, if the kernel record is not selected, then the userspace record is thrown away along with it, even if the userspace record itself was selected. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#36 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#32 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#22 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_worker.c#15 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#36 (text+ko) ==== @@ -399,8 +399,8 @@ if (audit_pipe_preselect(auid, event, class, sorf, ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0) ar->k_ar_commit |= AR_PRESELECT_PIPE; - if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE)) == - 0) { + if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE | + AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE)) == 0) { mtx_lock(&audit_mtx); audit_pre_q_len--; mtx_unlock(&audit_mtx); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#32 (text+ko) ==== @@ -96,6 +96,8 @@ #define AR_PRESELECT_TRAIL 0x00001000U #define AR_PRESELECT_PIPE 0x00002000U +#define AR_PRESELECT_USER_TRAIL 0x00004000U +#define AR_PRESELECT_USER_PIPE 0x00008000U /* * Audit data is generated as a stream of struct audit_record structures, * linked by struct kaudit_record, and contain storage for possible audit so ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#22 (text+ko) ==== @@ -139,6 +139,13 @@ ar->k_udata = rec; ar->k_ulen = uap->length; ar->k_ar_commit |= AR_COMMIT_USER; + /* + * Currently we assume that all preselection has been performed in + * userspace. We unconditionally set these masks so that the records + * get committed both to the trail and pipe. In the future we will + * want to setup kernel based preselection. + */ + ar->k_ar_commit |= (AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE); return (0); free_out: ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_worker.c#15 (text+ko) ==== @@ -322,8 +322,8 @@ au_id_t auid; int sorf; - if ((ar->k_ar_commit & AR_COMMIT_USER) && - (ar->k_ar_commit & AR_PRESELECT_TRAIL)) { + if ((ar->k_ar_commit & AR_COMMIT_USER) != 0 && + (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) { error = audit_record_write(audit_vp, audit_cred, audit_td, ar->k_udata, ar->k_ulen); if (error && audit_panic_on_write_fail) @@ -331,11 +331,14 @@ else if (error) printf("audit_worker: write error %d\n", error); } - if ((ar->k_ar_commit & AR_COMMIT_USER) && - (ar->k_ar_commit & AR_PRESELECT_PIPE)) + if ((ar->k_ar_commit & AR_COMMIT_USER) != 0 && + (ar->k_ar_commit & AR_PRESELECT_USER_PIPE)) { audit_pipe_submit_user(ar->k_udata, ar->k_ulen); + } - if (!(ar->k_ar_commit & AR_COMMIT_KERNEL)) + if (!(ar->k_ar_commit & AR_COMMIT_KERNEL) || + ((ar->k_ar_commit & AR_PRESELECT_PIPE) == 0 && + (ar->k_ar_commit & AR_PRESELECT_TRAIL) == 0)) return; auid = ar->k_ar.ar_subj_auid;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609141519.k8EFJUgS020156>