PERFORCE change 59360 for review

Wayne Salamon wsalamon at FreeBSD.org
Wed Aug 11 00:39:21 GMT 2004 

http://perforce.freebsd.org/chv.cgi?CH=59360

Change 59360 by wsalamon at wsalamon_epi on 2004/08/11 00:38:27

	Fix the usage of vn_getpath(). Test that the path is written to the
	audit log by auditing the fchdir() system call. Add a needed include
	to audit_kernel.h.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#5 edit
.. //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#2 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#7 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#5 (text+ko) ====

@@ -28,6 +28,7 @@
 
 #include <bsm/audit.h>
 
+#include <sys/file.h>
 #include <sys/sysctl.h>
 #include <sys/user.h>
 

==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#2 (text+ko) ====

@@ -40,6 +40,9 @@
 #include "opt_compat.h"
 #include "opt_mac.h"
 
+#include <bsm/audit_kernel.h>
+#include <bsm/audit_kevents.h>
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/bio.h>
@@ -679,6 +682,9 @@
 	VREF(vp);
 	fdrop(fp, td);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+
+	AUDIT_ARG(vnpath, vp, ARG_VNODE1);
+
 	if (vp->v_type != VDIR)
 		error = ENOTDIR;
 #ifdef MAC

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#7 (text+ko) ====

@@ -62,7 +62,7 @@
  * volume, it should be left off unless you want your system
  * to churn a lot whenever the audit record flow gets high.
  */
-/* #define	AUDIT_EXCESSIVELY_VERBOSE */
+#define	AUDIT_EXCESSIVELY_VERBOSE
 #ifdef AUDIT_EXCESSIVELY_VERBOSE
 #define	AUDIT_PRINTF(x)	printf x
 #else
@@ -2027,7 +2027,7 @@
 	struct kaudit_record *ar;
 	struct vattr vattr;
 	int error;
-	char **pathp, **retbuf, **freebuf;
+	char **pathp, *retbuf, *freebuf;
 	struct vnode_au_info *vnp;
 	struct thread *td;
 
@@ -2069,10 +2069,9 @@
 	 * it fails, we just have a zero-length string.  Perhaps instead
 	 * we should not include a path token...?
 	 */
-	retbuf = freebuf = NULL;
-	if (vn_fullpath(td, vp, retbuf, freebuf) == 0) {
+	if (vn_fullpath(td, vp, &retbuf, &freebuf) == 0) {
 		/* Copy and free buffer allocated by vn_fullpath() */
-		bcopy(*retbuf, *pathp, MAXPATHLEN);
+		bcopy(retbuf, *pathp, MAXPATHLEN);
 		free(freebuf, M_TEMP); 
 	} else {
 		(*pathp)[0] = '\0';

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#5 (text+ko) ====

@@ -814,7 +814,7 @@
 void canon_path(struct thread *td, char *path, char *cpath)
 {
 	char *bufp;
-	char **retbuf, **freebuf;
+	char *retbuf, *freebuf;
 	int len;
 	struct vnode *vnp;
 	struct filedesc *fdp;
@@ -855,11 +855,10 @@
 		 * string bounding here seems a bit questionable and
 		 * will also require attention.
 		 */
-		retbuf = freebuf = NULL;
 		vn_lock(vnp, LK_EXCLUSIVE | LK_RETRY, td);
-		if (vn_fullpath(td, vnp, retbuf, freebuf) == 0) {
+		if (vn_fullpath(td, vnp, &retbuf, &freebuf) == 0) {
 			/* Copy and free buffer allocated by vn_fullpath() */
-			bcopy(*retbuf, cpath, MAXPATHLEN);
+			bcopy(retbuf, cpath, MAXPATHLEN);
 			free(freebuf, M_TEMP); 
 		}
 		else {
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list