PERFORCE change 146984 for review
Vincenzo Iozzo
snagg at FreeBSD.org
Sat Aug 9 12:58:34 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=146984
Change 146984 by snagg at snagg_macosx on 2008/08/09 12:58:18
Added test for stat(2). Added a bitmask to check the presence of tokens, all the tests are modified in order to use this feature
Affected files ...
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.c#11 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.h#9 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_close.c#3 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_fork.c#2 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_kill.c#3 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_open.c#7 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_rename.c#2 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setauid.c#2 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setgid.c#5 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setresuid.c#2 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setuid.c#5 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_stat.c#1 add
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_symlink.c#2 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_waitpid.c#2 edit
Differences ...
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.c#11 (text+ko) ====
@@ -203,107 +203,7 @@
return ('\0');
}
-
-/*
- * We fetch every token from auditpipe and eventually dump them to a file
- * Modified version of praudit function.
- */
-
-int
-audit_print_record(FILE *st, char *buffer, int buflen, struct audit_record rec)
-{
- int count;
- u_char type;
- int i, exit;
-
- type = 0;
- count = 0;
- exit = 0;
-
- /* Record must begin with a header token. */
- for( i = 0; i< buflen; i++) {
- type = buffer[i];
- if(type == AU_HEADER_32_TOKEN) {
- buffer +=i;
- buflen -=i;
- break;
- }
- }
- while (buflen > 0) {
-
- /* XXX: Is this an incomplete record? */
- if (au_fetch_tok(&(rec.toks[count]), buffer, buflen) == -1)
- break;
-
- rec.count = count;
- au_print_tok_xml(st, &(rec.toks[count]), ",", 0, 0);
- buflen -= rec.toks[count].len;
- buffer += rec.toks[count].len;
- fprintf(st, "\n");
- count++;
- if(count == 20)
- return (-1);
- if(exit)
- break;
- if(*buffer == AU_TRAILER_TOKEN)
- exit = 1;
- }
-
- fflush(st);
- return (0);
-}
-
-
-struct audit_record *dump(char *path)
-{
- int i, ret, reclen, bytesread, to_parse;
- struct audit_record *p;
- u_char *buf;
- u_char type = 0;
- FILE *fp;
-
- to_parse = NOT;
-
- fp = fopen(path, "r");
- if(fp == NULL)
- return;
-
- p = malloc(sizeof(struct audit_record));
- if (p == NULL)
- err(-1, "MALLOC");
-
- p->count = 0;
- while(1) {
-
- /* Record must begin with a header token. */
- do {
- type = fgetc(fp);
- } while(type != AU_HEADER_32_TOKEN);
- ungetc(type, fp);
-
- while ((reclen = au_read_rec(fp, &buf)) != -1) {
- bytesread = 0;
- while (bytesread < reclen) {
-
- /* Is this an incomplete record? */
- if (au_fetch_tok(&(p->toks[p->count]), buf + bytesread,
- reclen - bytesread) == -1)
- break;
-
-
- bytesread += p->toks[p->count].len;
-
- }
- p->count++;
- }
- if (p->count >= 20)
- break;
- }
-
- return (p);
-}
-
/*
* Init log file for evaluation
*/
@@ -321,6 +221,13 @@
return (f);
}
+void report_error_string(char *str, FILE *f)
+{
+ fprintf(f, "ERROR:***\n");
+ fprintf(f, str);
+ fprintf(f, "\n");
+}
+
void report_error(tokenstr_t tok, FILE *f)
{
@@ -329,7 +236,15 @@
fprintf(f, "\n");
}
-
+
+int check_exit(au_exit_t ex, int val)
+{
+ if(ex.status == val)
+ return (1);
+
+ return (0);
+}
+
/*
* Check the return value of a bsm-token
*/
@@ -390,22 +305,40 @@
/*
* Check the pid and privilege of a bsm-token
*/
-int check_priv(au_proc32ex_t priv, pid_t pid)
+int check_priv(au_proc32ex_t pr, pid_t pid)
{
- if(priv.pid == pid && priv.euid == geteuid() && priv.ruid == getuid() &&
- priv.rgid == getgid() && priv.egid == getegid())
+ int auid;
+
+ if(getauid(&auid) == -1)
+ return (0);
+
+ if(pr.pid == pid && pr.euid == geteuid() && pr.ruid == getuid() &&
+ pr.rgid == getgid() && pr.egid == getegid() && pr.auid == auid)
return (1);
return (0);
}
/*
+ * Check privilege of a child with different credential from parent.
+ */
+int check_priv_child(au_proc32ex_t pr, struct priv p)
+{
+
+ if(pr.pid == p.pid && pr.euid == p.euid && pr.ruid == p.ruid &&
+ pr.rgid == p.rgid && pr.egid == p.egid && pr.auid == p.auid)
+ return (1);
+
+ return (0);
+}
+
+/*
* Check the pid and privilege of an external process
*/
-int check_ext_priv(au_proc32_t priv, struct ext_priv p)
+int check_ext_priv(au_proc32_t pr, struct priv p)
{
- if(priv.pid == p.pid && priv.euid == p.euid && priv.ruid == p.ruid &&
- priv.rgid == p.rgid && priv.egid == p.egid)
+ if(pr.pid == p.pid && pr.euid == p.euid && pr.ruid == p.ruid &&
+ pr.rgid == p.rgid && pr.egid == p.egid && pr.auid == p.auid)
return (1);
return (0);
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.h#9 (text+ko) ====
@@ -52,6 +52,30 @@
#define SHMSZ 512
#define SEM_NAME "/audit-test"
#define SEM_CLIENT_NAME "/client"
+
+#define TOKEN_FLAG_ISSET(bitmask, flag) \
+ (bitmask & flag)
+#define TOKEN_FLAG_SET(bitmask, flag) \
+ (bitmask |= flag)
+
+#define TOKEN_ARG 0x0000001
+#define TOKEN_PATH 0x0000002
+#define TOKEN_ATTR 0x0000004
+#define TOKEN_SUBJECT 0x0000008
+#define TOKEN_RETURN 0x0000010
+#define TOKEN_EXIT 0x0000020
+#define TOKEN_EXEC_ARG 0x0000040
+#define TOKEN_EXEC_ENV 0x0000080
+#define TOKEN_GROUP 0x0000100
+#define TOKEN_ADDR 0x0000200
+#define TOKEN_IP 0x0000400
+#define TOKEN_IPC 0x0000800
+#define TOKEN_PORT 0x0001000
+#define TOKEN_PROCESS 0x0002000
+#define TOKEN_SOCKET 0x0004000
+#define TOKEN_TEXT 0x0008000
+#define TOKEN_DATA 0x0010000
+
sem_t *mutex, *mutex_client;
char *shm;
int shmid;
@@ -64,31 +88,23 @@
/*
* NOT = do not validate anything
- * GOT_READLINK = we took the last function (a readlink) of the standard
- * "prologue" of every process
* VALID = we need to validate stuff
* WAITING = this is not the right syscall to parse
*/
enum VALIDATE {
NOT,
- GOT_READLINK,
VALID,
WAITING
};
-
-struct audit_record
-{
- tokenstr_t toks[20];
- int count;
-};
-struct ext_priv
+struct priv
{
int pid;
int euid;
int ruid;
int rgid;
int egid;
+ int auid;
};
void init_channel();
@@ -103,15 +119,15 @@
int parse_string(char *string);
long get_int(char *string);
char get_c(char *string);
-int audit_print_record(FILE *st, char *buffer, int buflen,
- struct audit_record rec);
FILE *init_log(pid_t pid);
void report_error(tokenstr_t tok, FILE *f);
+int check_exit(au_exit_t ex, int val);
int check_text(au_text_t text, char *val);
int check_ret(au_ret32_t ret, int r, char *val);
int check_path(au_path_t path, char *val);
int check_arg(au_arg32_t arg, long val);
-int check_priv(au_proc32ex_t priv, pid_t pid);
+int check_priv(au_proc32ex_t pr, pid_t pid);
int check_fd(au_attr32_t attr, int fd);
-int check_ext_priv(au_proc32_t priv, struct ext_priv p);
-int check_attr_path(au_attr32_t attr, char *path);+int check_ext_priv(au_proc32_t pr, struct priv p);
+int check_priv_child(au_proc32ex_t pr, struct priv p);
+int check_attr_path(au_attr32_t attr, char *path);
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_close.c#3 (text+ko) ====
@@ -36,27 +36,6 @@
struct close_record *next;
};
-struct close_record *del_record(struct close_record *head, int index)
-{
- struct close_record *tmp;
- struct close_record *p;
-
- tmp = head;
- if(tmp == NULL)
- return NULL;
- for(; tmp->next != NULL; tmp = tmp->next)
- {
- if(tmp->next->index == index) {
- p = tmp->next;
- tmp->next = tmp->next->next;
- free(p);
- return head;
- }
- }
-
- return NULL;
-}
-
struct close_record *
add_field(struct close_record *head, struct close_record *new)
{
@@ -130,13 +109,13 @@
{
int i, ret, reclen, bytesread, to_parse;
struct close_record *tmp, *elem;
- struct audit_record *p, *el;
int err = -1;
tokenstr_t tok;
u_char *buf;
u_char type = 0;
FILE *fp;
-
+ long control_flag;
+
to_parse = WAITING;
fp = fopen(path, "r");
@@ -181,18 +160,21 @@
if(to_parse == VALID) {
switch(tok.id) {
case AUT_ATTR32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_ATTR);
ret = check_fd(tok.tt.attr32, tmp->fd);
if(!ret)
report_error(tok, f);
break;
case AUT_SUBJECT32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT);
ret = check_priv(tok.tt.proc32_ex, pid);
if(!ret)
report_error(tok, f);
break;
case AUT_ARG32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_ARG);
ret = check_arg(tok.tt.arg32, tmp->fd);
if(!ret)
report_error(tok, f);
@@ -200,6 +182,7 @@
break;
case AUT_RETURN32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_RETURN);
ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val);
if(!ret)
report_error(tok, f);
@@ -207,6 +190,15 @@
case AUT_TRAILER:
to_parse = WAITING;
+ if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_ATTR))
+ report_error_string("Missing Attribute token", f);
+ else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT))
+ report_error_string("Missing Subject token", f);
+ else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_ARG))
+ report_error_string("Missing Argument token", f);
+ else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN))
+ report_error_string("Missing Return token", f);
+ control_flag = 0;
if(tmp->next != NULL)
tmp = tmp->next;
break;
@@ -266,8 +258,7 @@
if(elem == NULL)
err(-1, "MALLOC");
- while((count = parse_string(shared_string)) != -1)
- {
+ while((count = parse_string(shared_string)) != -1) {
descr = get_descr(shared_string);
if(count == INT_TYPE) {
if(!strncmp(descr, "fd", 2))
@@ -275,8 +266,7 @@
else
elem->ret = get_int(shared_string);
}
- else if ( count == STRING_TYPE)
- {
+ else if ( count == STRING_TYPE) {
snprintf(elem->err_val, sizeof(elem->err_val) >
strlen(shared_string) +1 ?
strlen(shared_string) +1 :
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_fork.c#2 (text+ko) ====
@@ -36,25 +36,6 @@
struct fork_record *next;
};
-struct fork_record *del_record(struct fork_record *head, int index)
-{
- struct fork_record *tmp, *p;
-
- tmp = head;
- if(tmp == NULL)
- return (NULL);
- for(; tmp->next != NULL; tmp = tmp->next) {
- if(tmp->next->index == index) {
- p = tmp->next;
- tmp->next = tmp->next->next;
- free(p);
- return (head);
- }
- }
-
- return (NULL);
-}
-
struct fork_record *
add_field(struct fork_record *head, struct fork_record *new)
{
@@ -106,13 +87,13 @@
{
int i, ret, reclen, bytesread, to_parse;
struct fork_record *tmp, *elem;
- struct audit_record *p, *el;
int err = -1;
tokenstr_t tok;
u_char *buf;
u_char type = 0;
FILE *fp;
-
+ long control_flag;
+
to_parse = WAITING;
fp = fopen(path, "r");
@@ -154,18 +135,21 @@
if(to_parse == VALID) {
switch(tok.id) {
case AUT_SUBJECT32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT);
ret = check_priv(tok.tt.proc32_ex, pid);
if(!ret)
report_error(tok, f);
break;
case AUT_ARG32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_ARG);
ret = check_arg(tok.tt.arg32, tmp->pid);
if(!ret)
report_error(tok, f);
break;
case AUT_RETURN32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_RETURN);
ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val);
if(!ret)
report_error(tok, f);
@@ -173,6 +157,13 @@
case AUT_TRAILER:
to_parse = WAITING;
+ if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT))
+ report_error_string("Missing Subject token", f);
+ else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_ARG))
+ report_error_string("Missing Argument token", f);
+ else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN))
+ report_error_string("Missing Return token", f);
+ control_flag = 0;
if(tmp->next != NULL)
tmp = tmp->next;
break;
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_kill.c#3 (text+ko) ====
@@ -38,25 +38,6 @@
struct kill_record *next;
};
-struct kill_record *del_record(struct kill_record *head, int index)
-{
- struct kill_record *tmp, *p;
-
- tmp = head;
- if(tmp == NULL)
- return (NULL);
- for(; tmp->next != NULL; tmp = tmp->next) {
- if(tmp->next->index == index) {
- p = tmp->next;
- tmp->next = tmp->next->next;
- free(p);
- return (head);
- }
- }
-
- return (NULL);
-}
-
struct kill_record *
add_field(struct kill_record *head, struct kill_record *new)
{
@@ -165,17 +146,18 @@
void validate(FILE *f, struct kill_record *head, char *path, pid_t pid)
{
- int i, ret, reclen, bytesread, to_parse;
+ int i, ret, reclen, bytesread, to_parse, arg_counter;
struct kill_record *tmp, *elem;
- struct audit_record *p, *el;
int err = -1;
tokenstr_t tok;
u_char *buf;
u_char type = 0;
FILE *fp;
-
+ long control_flag;
+
to_parse = WAITING;
-
+ arg_counter = 0;
+
fp = fopen(path, "r");
if(fp == NULL)
return;
@@ -215,35 +197,41 @@
if(to_parse == VALID) {
switch(tok.id) {
case AUT_SUBJECT32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT);
ret = check_priv(tok.tt.proc32_ex, pid);
if(!ret)
report_error(tok, f);
break;
case AUT_ARG32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_ARG);
switch(tok.tt.arg32.no)
{
case 1:
ret = check_arg(tok.tt.arg32, tmp->pid);
if(!ret)
report_error(tok, f);
+ arg_counter++;
break;
case 2:
ret = check_arg(tok.tt.arg32, tmp->signal);
if(!ret)
report_error(tok, f);
+ arg_counter++;
break;
}
break;
case AUT_PROCESS32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_PROCESS);
ret = check_ext_priv(tok.tt.proc32, tmp->p);
if(!ret)
report_error(tok, f);
break;
case AUT_RETURN32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_RETURN);
ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val);
if(!ret)
report_error(tok, f);
@@ -251,6 +239,16 @@
case AUT_TRAILER:
to_parse = WAITING;
+ if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_PROCESS))
+ report_error_string("Missing Process token", f);
+ else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT))
+ report_error_string("Missing Subject token", f);
+ else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_ARG) || arg_counter != 2)
+ report_error_string("Missing Argument token", f);
+ else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN))
+ report_error_string("Missing Return token", f);
+ control_flag = 0;
+ arg_counter = 0;
if(tmp->next != NULL)
tmp = tmp->next;
break;
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_open.c#7 (text+ko) ====
@@ -39,27 +39,6 @@
struct open_record *next;
};
-struct open_record *del_record(struct open_record *head, int index)
-{
- struct open_record *tmp;
- struct open_record *p;
-
- tmp = head;
- if(tmp == NULL)
- return NULL;
- for(; tmp->next != NULL; tmp = tmp->next)
- {
- if(tmp->next->index == index) {
- p = tmp->next;
- tmp->next = tmp->next->next;
- free(p);
- return head;
- }
- }
-
- return NULL;
-}
-
struct open_record *
add_field(struct open_record *head, struct open_record *new)
{
@@ -68,7 +47,7 @@
tmp = head;
if(tmp == NULL) {
new->next = NULL;
- return new;
+ return (new);
}
/* Reach the last element of the list*/
@@ -78,7 +57,7 @@
tmp->next= new;
new->next = NULL;
- return head;
+ return (head);
}
void test_open()
@@ -136,17 +115,18 @@
void validate(FILE *f, struct open_record *head, char *path, pid_t pid)
{
- int i, ret, reclen, bytesread, to_parse;
+ int i, ret, reclen, bytesread, to_parse, arg_counter;
struct open_record *tmp, *elem;
- struct audit_record *p, *el;
int err = -1;
tokenstr_t tok;
u_char *buf;
u_char type = 0;
FILE *fp;
-
+ long control_flag;
+
to_parse = WAITING;
-
+ arg_counter = 0;
+
fp = fopen(path, "r");
if(fp == NULL)
return;
@@ -179,31 +159,36 @@
}
bytesread += tok.len;
- /* Check only open syscals */
+ /* Check only open syscalls */
if(tok.tt.hdr32.e_type >= 72 && tok.tt.hdr32.e_type <= 83)
to_parse = VALID;
if(to_parse == VALID) {
switch(tok.id) {
case AUT_PATH:
+ TOKEN_FLAG_SET(control_flag, TOKEN_PATH);
ret = check_path(tok.tt.path, tmp->path);
if(!ret)
report_error(tok, f);
break;
case AUT_ATTR32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_ATTR);
ret = check_fd(tok.tt.attr32, tmp->fd);
if(!ret)
report_error(tok, f);
break;
case AUT_SUBJECT32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT);
ret = check_priv(tok.tt.proc32_ex, pid);
if(!ret)
report_error(tok, f);
break;
case AUT_ARG32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_ARG);
+ arg_counter++;
if(tok.tt.arg32.no == 2) {
ret = check_arg(tok.tt.arg32, tmp->arg2);
if(!ret)
@@ -216,6 +201,7 @@
break;
case AUT_RETURN32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_RETURN);
ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val);
if(!ret)
report_error(tok, f);
@@ -223,6 +209,21 @@
case AUT_TRAILER:
to_parse = WAITING;
+ if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_ATTR))
+ report_error_string("Missing Attribute token", f);
+ else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT))
+ report_error_string("Missing Subject token", f);
+ else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_ARG) ||
+ tmp->arg3 && arg_counter != 2 ||
+ !tmp->arg3 && arg_counter != 1)
+ report_error_string("Missing Argument token", f);
+ else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN))
+ report_error_string("Missing Return token", f);
+ else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_PATH))
+ report_error_string("Missing Path token", f);
+
+ control_flag = 0;
+ arg_counter = 0;
if(tmp->next != NULL)
tmp = tmp->next;
break;
@@ -282,8 +283,7 @@
if(elem == NULL)
err(-1, "MALLOC");
- while((count = parse_string(shared_string)) != -1)
- {
+ while((count = parse_string(shared_string)) != -1) {
descr = get_descr(shared_string);
if(count == INT_TYPE) {
if(!strncmp(descr, "fd", 2))
@@ -295,8 +295,7 @@
else
elem->arg3 = get_int(shared_string);
}
- else if ( count == STRING_TYPE)
- {
+ else if ( count == STRING_TYPE) {
if(!strncmp(descr, "path", 4))
snprintf(elem->path, sizeof(elem->path) >
strlen(shared_string) +1 ?
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_rename.c#2 (text+ko) ====
@@ -37,26 +37,6 @@
struct rename_record *next;
};
-struct rename_record *del_record(struct rename_record *head, int index)
-{
- struct rename_record *tmp, *p;
-
- tmp = head;
- if(tmp == NULL)
- return (NULL);
- for(; tmp->next != NULL; tmp = tmp->next)
- {
- if(tmp->next->index == index) {
- p = tmp->next;
- tmp->next = tmp->next->next;
- free(p);
- return (head);
- }
- }
-
- return (NULL);
-}
-
struct rename_record *
add_field(struct rename_record *head, struct rename_record *new)
{
@@ -137,18 +117,19 @@
void validate(FILE *f, struct rename_record *head, char *path, pid_t pid)
{
- int i, ret, reclen, bytesread, to_parse;
+ int i, ret, reclen, bytesread, to_parse, path_counter;
struct rename_record *tmp, *elem;
- struct audit_record *p, *el;
int err = -1;
tokenstr_t tok;
u_char *buf;
u_char type = 0;
FILE *fp;
int which = 0;
+ long control_flag;
to_parse = WAITING;
-
+ path_counter = 0;
+
fp = fopen(path, "r");
if(fp == NULL)
return;
@@ -188,6 +169,8 @@
if(to_parse == VALID) {
switch(tok.id) {
case AUT_PATH:
+ TOKEN_FLAG_SET(control_flag, TOKEN_PATH);
+ path_counter++;
if(!which)
ret = check_path(tok.tt.path, tmp->path);
else {
@@ -200,6 +183,7 @@
break;
case AUT_ATTR32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_ATTR);
which = 1;
ret = check_attr_path(tok.tt.attr32, tmp->path);
if(!ret)
@@ -207,12 +191,14 @@
break;
case AUT_SUBJECT32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT);
ret = check_priv(tok.tt.proc32_ex, pid);
if(!ret)
report_error(tok, f);
break;
case AUT_RETURN32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_RETURN);
ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val);
if(!ret)
report_error(tok, f);
@@ -220,6 +206,16 @@
case AUT_TRAILER:
to_parse = WAITING;
+ if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_ATTR))
+ report_error_string("Missing Attribute token", f);
+ else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT))
+ report_error_string("Missing Subject token", f);
+ else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_PATH) || path_counter != 2)
+ report_error_string("Missing Path token", f);
+ else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN))
+ report_error_string("Missing Return token", f);
+ control_flag = 0;
+ path_counter = 0;
if(tmp->next != NULL)
tmp = tmp->next;
break;
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setauid.c#2 (text+ko) ====
@@ -37,26 +37,6 @@
struct setauid_record *next;
};
-struct setauid_record *del_record(struct setauid_record *head, int index)
-{
- struct setauid_record *tmp;
- struct setauid_record *p;
-
- tmp = head;
- if(tmp == NULL)
- return NULL;
- for(; tmp->next != NULL; tmp = tmp->next) {
- if(tmp->next->index == index) {
- p = tmp->next;
- tmp->next = tmp->next->next;
- free(p);
- return head;
- }
- }
-
- return NULL;
-}
-
struct setauid_record *
add_field(struct setauid_record *head, struct setauid_record *new)
{
@@ -65,7 +45,7 @@
tmp = head;
if(tmp == NULL) {
new->next = NULL;
- return new;
+ return (new);
}
/* Reach the last element of the list*/
@@ -75,7 +55,7 @@
tmp->next= new;
new->next = NULL;
- return head;
+ return (head);
}
void test_setauid()
@@ -130,13 +110,13 @@
{
int i, ret, reclen, bytesread, to_parse;
struct setauid_record *tmp, *elem;
- struct audit_record *p, *el;
int err = -1;
tokenstr_t tok;
u_char *buf;
u_char type = 0;
FILE *fp;
-
+ long control_flag;
+
to_parse = WAITING;
fp = fopen(path, "r");
@@ -178,18 +158,21 @@
if(to_parse == VALID) {
switch(tok.id) {
case AUT_SUBJECT32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT);
ret = check_priv_child(tok.tt.proc32_ex, tmp->p);
if(!ret)
report_error(tok, f);
break;
case AUT_ARG32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_ARG);
ret = check_arg(tok.tt.arg32, tmp->auid);
if(!ret)
report_error(tok, f);
break;
case AUT_RETURN32:
+ TOKEN_FLAG_SET(control_flag, TOKEN_RETURN);
ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val);
if(!ret)
report_error(tok, f);
@@ -197,6 +180,14 @@
case AUT_TRAILER:
to_parse = WAITING;
+ if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT))
+ report_error_string("Missing Subject token", f);
+ else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_ARG))
+ report_error_string("Missing Argument token", f);
+ else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN))
+ report_error_string("Missing Return token", f);
+ control_flag = 0;
+
if(tmp->next != NULL)
tmp = tmp->next;
break;
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setgid.c#5 (text+ko) ====
@@ -37,25 +37,6 @@
struct setgid_record *next;
};
-struct setgid_record *del_record(struct setgid_record *head, int index)
-{
- struct setgid_record *tmp, *p;
-
- tmp = head;
- if(tmp == NULL)
- return NULL;
- for(; tmp->next != NULL; tmp = tmp->next) {
- if(tmp->next->index == index) {
- p = tmp->next;
- tmp->next = tmp->next->next;
- free(p);
- return head;
- }
- }
-
- return NULL;
-}
-
struct setgid_record *
add_field(struct setgid_record *head, struct setgid_record *new)
{
@@ -64,7 +45,7 @@
tmp = head;
if(tmp == NULL) {
new->next = NULL;
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list