PERFORCE change 146174 for review

Tue Jul 29 01:28:17 UTC 2008

http://perforce.freebsd.org/chv.cgi?CH=146174

Change 146174 by diego at diego_black on 2008/07/29 01:27:57

	Add support for socket-token, as described by Sun.
	This is needed for network event records generation.

Affected files ...

.. //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_record.h#2 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#11 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#3 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm_token.c#2 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#3 edit

Differences ...

==== //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_record.h#2 (text) ====

@@ -296,10 +296,10 @@
 
 #if defined(_KERNEL) || defined(KERNEL)
 token_t	*au_to_socket(struct socket *so);
-token_t	*au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la,
-	    struct sockaddr *ta);
-token_t	*au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la,
-	    struct sockaddr *ta);
+token_t	*au_to_socket_ex_32(uint16_t domain, uint16_t type, uint16_t lp,
+    uint16_t rp, struct sockaddr *la, struct sockaddr *ta);
+token_t	*au_to_socket_ex_128(uint16_t domain, uint16_t type, uint16_t lp,
+    uint16_t rp, struct sockaddr *la, struct sockaddr *ta);
 #endif
 
 token_t	*au_to_sock_inet(struct sockaddr_in *so);

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#11 (text) ====

@@ -114,6 +114,7 @@
 #define	ARG_IOVECSTR		0x0000800000000000ULL
 #define	ARG_ARGV		0x0001000000000000ULL
 #define	ARG_ENVV		0x0002000000000000ULL
+#define	ARG_SOCKCONN		0x0004000000000000ULL
 #define	ARG_NONE		0x0000000000000000ULL
 #define	ARG_ALL			0xFFFFFFFFFFFFFFFFULL
 
@@ -177,6 +178,8 @@
 void	 audit_arg_process(struct proc *p);
 void	 audit_arg_signum(u_int signum);
 void	 audit_arg_socket(int sodomain, int sotype, int soprotocol);
+void	 audit_arg_socket_ex(int sodomain, int sotype, int lport, int rport,
+	struct sockaddr *la, struct sockaddr *ra);
 void	 audit_arg_sockaddr(struct thread *td, struct sockaddr *sa);
 void	 audit_arg_auid(uid_t auid);
 void	 audit_arg_auditinfo(struct auditinfo *au_info);

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#3 (text) ====

@@ -608,6 +608,36 @@
 }
 
 void
+audit_record_arg_socket_ex(struct kaudit_record *ar, int sodomain, int sotype,
+    int lport, int rport, struct sockaddr *la, struct sockaddr *ra)
+{
+	KASSERT(ar != NULL, ("audit_record_arg_socket_ex: ar == NULL"));
+	KASSERT(la != NULL, ("audit_record_arg_socket_ex: la == NULL"));
+	KASSERT(ra != NULL, ("audit_record_arg_socket_ex: ra == NULL"));
+
+	ar->k_ar.ar_arg_sockconn.sc_domain = sodomain;
+	ar->k_ar.ar_arg_sockconn.sc_type = sotype;
+	ar->k_ar.ar_arg_sockconn.sc_lport = lport;
+	ar->k_ar.ar_arg_sockconn.sc_rport = rport;
+	bcopy(la, &ar->k_ar.ar_arg_sockconn.sc_laddr, la->sa_len);
+	bcopy(ra, &ar->k_ar.ar_arg_sockconn.sc_raddr, ra->sa_len);
+	ARG_SET_VALID(ar, ARG_SOCKCONN);
+}
+
+void
+audit_arg_socket_ex(int sodomain, int sotype, int lport, int rport,
+    struct sockaddr *la, struct sockaddr *ra)
+{
+	struct kaudit_record *ar;
+
+	ar = currecord();
+	if (ar == NULL)
+		return;
+
+	audit_record_arg_socket_ex(ar, sodomain, sotype, lport, rport, la, ra);
+}
+
+void
 audit_record_arg_sockaddr(struct kaudit_record *ar, struct thread *td,
     struct sockaddr *sa)
 {

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm_token.c#2 (text) ====

@@ -846,28 +846,58 @@
 
 /*
  * token ID                1 byte
+ * socket domain           2 bytes
  * socket type             2 bytes
+ * ip address type         2 bytes
  * local port              2 bytes
- * address type/length     4 bytes
- * local Internet address  4 bytes/16 bytes (IPv4/IPv6 address)
- * remote port             4 bytes
- * address type/length     4 bytes
- * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
+ * local address           4 bytes/16 bytes (IPv4/IPv6 address)
+ * remote port             2 bytes
+ * remote address          4 bytes/16 bytes (IPv4/IPv6 address)
  */
 token_t *
-au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, struct sockaddr *la,
-    struct sockaddr *ra)
+au_to_socket_ex_32(u_int16_t domain, u_int16_t type, u_int16_t lp, u_int16_t rp,
+    struct sockaddr *la, struct sockaddr *ra)
 {
+	token_t *t;
+	u_char *dptr = NULL;
+
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
+	    sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) +
+	    sizeof(u_int32_t) + sizeof(u_int16_t) + sizeof(u_int32_t));
+
+	ADD_U_CHAR(dptr, AUT_SOCKET_EX);
+	ADD_U_INT16(dptr, domain);
+	ADD_U_INT16(dptr, type);
+	ADD_U_INT16(dptr, AU_IPv4);
+	ADD_U_INT16(dptr, lp);
+	ADD_MEM(dptr, &la->sa_data, AU_IPv4);
+	ADD_U_INT16(dptr, rp);
+	ADD_MEM(dptr, &ra->sa_data, AU_IPv4);
 
-	return (NULL);
+	return (t);
 }
 
 token_t *
-au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, struct sockaddr *la,
-    struct sockaddr *ra)
-{
+au_to_socket_ex_128(u_int16_t domain, u_int16_t type, u_int16_t lp,
+    u_int16_t rp, struct sockaddr *la, struct sockaddr *ra)
+{	
+	token_t *t;
+	u_char *dptr = NULL;
+
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
+	    sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) +
+	    4 * sizeof(u_int32_t) + sizeof(u_int16_t) + 4 * sizeof(u_int32_t));
+
+	ADD_U_CHAR(dptr, AUT_SOCKET_EX);
+	ADD_U_INT16(dptr, domain);
+	ADD_U_INT16(dptr, type);
+	ADD_U_INT16(dptr, AU_IPv6);
+	ADD_U_INT16(dptr, lp);
+	ADD_MEM(dptr, &la->sa_data, AU_IPv6);
+	ADD_U_INT16(dptr, rp);
+	ADD_MEM(dptr, &ra->sa_data, AU_IPv6);
 
-	return (NULL);
+	return (t);
 }
 
 /*

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#3 (text) ====

@@ -118,6 +118,15 @@
 	u_short		so_lport;	/* Local port. */
 };
 
+struct sockconn_au_info {
+	int 		sc_domain;
+	int		sc_type;
+	u_short		sc_lport;
+	u_short		sc_rport;
+	struct	sockaddr_storage sc_laddr;
+	struct	sockaddr_storage sc_raddr;
+};
+
 union auditon_udata {
 	char			*au_path;
 	long			au_cond;
@@ -189,6 +198,7 @@
 	char			ar_arg_login[MAXLOGNAME];
 	int			ar_arg_ctlname[CTL_MAXNAME];
 	struct socket_au_info	ar_arg_sockinfo;
+	struct sockconn_au_info	ar_arg_sockconn;
 	char			*ar_arg_upath1;
 	char			*ar_arg_upath2;
 	char			*ar_arg_text;
@@ -277,6 +287,8 @@
 void	 audit_record_arg_signum(struct kaudit_record *ar, u_int signum);
 void	 audit_record_arg_socket(struct kaudit_record *ar, int sodomain,
     int sotype, int soprotocol);
+void	 audit_record_arg_socket_ex(struct kaudit_record *ar, int sodomain,
+    int sotype, int lport, int rport, struct sockaddr *la, struct sockaddr *ra);
 void	 audit_record_arg_sockaddr(struct kaudit_record *ar, struct thread *td,
     struct sockaddr *sa);
 void	 audit_record_arg_auid(struct kaudit_record *ar, uid_t auid);
