PERFORCE change 59949 for review

Wed Aug 18 01:40:32 GMT 2004

http://perforce.freebsd.org/chv.cgi?CH=59949

Change 59949 by wsalamon at wsalamon_epi on 2004/08/18 01:39:59

	Audit the fchflags, fchmod, fchown, ftruncate, futimes, fstatfs, and
	getdirentries system calls. Note that auditing of these calls will
	show how vn_getpath() often does not succeed, and hence no path will
	be in the audit log. Also, the sys_au_event table in kern_bsm_klib.c
	is modified to match the above system calls for FreeBSD. However, 
	many of the entries in this table need to be fixed, or the table 
	replaced with something better (adding the audit event to the sysent
	table, for example?).

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#3 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#6 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#3 (text+ko) ====

@@ -279,8 +279,12 @@
 	struct statfs *sp, sb;
 	int error;
 
+	AUDIT_ARG(fd, uap->fd);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	mp = fp->f_vnode->v_mount;
 	fdrop(fp, td);
 	if (mp == NULL)
@@ -2393,8 +2397,13 @@
 	struct file *fp;
 	int error;
 
+	AUDIT_ARG(fd, uap->fd);
+	AUDIT_ARG(fflags, uap->flags);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	error = setfflags(td, fp->f_vnode, uap->flags);
 	fdrop(fp, td);
 	return (error);
@@ -2514,8 +2523,13 @@
 	struct file *fp;
 	int error;
 
+	AUDIT_ARG(fd, uap->fd);
+	AUDIT_ARG(mode, uap->mode);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	error = setfmode(td, fp->f_vnode, uap->mode);
 	fdrop(fp, td);
 	return (error);
@@ -2653,8 +2667,12 @@
 	struct file *fp;
 	int error;
 
+	AUDIT_ARG(owner, uap->uid, uap->gid);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	error = setfown(td, fp->f_vnode, uap->uid, uap->gid);
 	fdrop(fp, td);
 	return (error);
@@ -2846,10 +2864,14 @@
 	struct file *fp;
 	int error;
 
+	AUDIT_ARG(fd, fd);
+	if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0)
+		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	if ((error = getutimes(tptr, tptrseg, ts)) != 0)
 		return (error);
-	if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0)
-		return (error);
 	error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
 	fdrop(fp, td);
 	return (error);
@@ -2942,10 +2964,14 @@
 	struct file *fp;
 	int error;
 
+	AUDIT_ARG(fd, uap->fd);
 	if (uap->length < 0)
 		return(EINVAL);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	if ((fp->f_flag & FWRITE) == 0) {
 		fdrop(fp, td);
 		return (EINVAL);
@@ -3561,8 +3587,12 @@
 	long loff;
 	int error, eofflag;
 
+	AUDIT_ARG(fd, uap->fd);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	if ((fp->f_flag & FREAD) == 0) {
 		fdrop(fp, td);
 		return (EBADF);

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#6 (text+ko) ====

@@ -188,7 +188,7 @@
 	AUE_MKDIR,			/* 136 = mkdir */
 	AUE_RMDIR,			/* 137 = rmdir */
 	AUE_UTIMES,			/* 138 = utimes */
-	AUE_FUTIMES,			/* 139 = futimes */
+	AUE_NULL,			/* 139 = obsolete 4.2 sigreturn */
 	AUE_ADJTIME,			/* 140 = adjtime */
 	AUE_NULL,			/* 141 = getpeername */
 	AUE_NULL,			/* 142 = old gethostid */
@@ -206,8 +206,8 @@
 	AUE_NULL,			/* 154 = pwrite */
 	AUE_NULL,			/* 155 = nfs_svc */
 	AUE_O_GETDIRENTRIES,		/* 156 = old getdirentries */
-	AUE_STATFS,			/* 157 = statfs */
-	AUE_FSTATFS,			/* 158 = fstatfs */
+	AUE_NULL,			/* 157 = old statfs */
+	AUE_NULL,			/* 158 = old fstatfs */
 	AUE_UMOUNT,			/* 159 = unmount */
 	AUE_NULL,			/* 160 was async_daemon */
 	AUE_GETFH,			/* 161 = get file handle */
@@ -263,16 +263,16 @@
 	AUE_MLOCK,			/* 203 = mlock */
 	AUE_MUNLOCK,			/* 204 = munlock */
 	AUE_UNDELETE,			/* 205 = undelete */
-	AUE_NULL,			/* 206 = ATsocket */
-	AUE_NULL,			/* 207 = ATgetmsg*/
-	AUE_NULL,			/* 208 = ATputmsg*/
-	AUE_NULL,			/* 209 = ATPsndreq*/
-	AUE_NULL,			/* 210 = ATPsndrsp*/
-	AUE_NULL,			/* 211 = ATPgetreq*/
-	AUE_NULL,			/* 212 = ATPgetrsp*/
-	AUE_NULL,			/* 213 = Reserved for AppleTalk */
-	AUE_NULL,			/* 214 = Reserved for AppleTalk */
-	AUE_NULL,			/* 215 = Reserved for AppleTalk */
+	AUE_FUTIMES,			/* 206 = futimes */
+	AUE_NULL,			/* 207 = */
+	AUE_NULL,			/* 208 = */
+	AUE_NULL,			/* 209 = */
+	AUE_NULL,			/* 210 = */
+	AUE_NULL,			/* 211 = */
+	AUE_NULL,			/* 212 = */
+	AUE_NULL,			/* 213 = for AppleTalk */
+	AUE_NULL,			/* 214 = for AppleTalk */
+	AUE_NULL,			/* 215 = for AppleTalk */
 	
 	AUE_NULL,	/* 216 = HFS make complex file call (multipel forks */
 	AUE_NULL,	/* 217 = HFS statv extended stat call for HFS */
@@ -427,7 +427,37 @@
 	AUE_NULL,			/* 366 */
 	AUE_NULL,			/* 367 */
 	AUE_NULL,			/* 368 */
-	AUE_NULL			/* 369 */
+	AUE_NULL,			/* 369 */
+	AUE_NULL,			/* 370 */
+	AUE_NULL,			/* 371 */
+	AUE_NULL,			/* 372 */
+	AUE_NULL,			/* 373 */
+	AUE_NULL,			/* 374 */
+	AUE_NULL,			/* 375 */
+	AUE_NULL,			/* 376 */
+	AUE_NULL,			/* 377 */
+	AUE_NULL,			/* 378 */
+	AUE_NULL,			/* 379 */
+	AUE_NULL,			/* 380 */
+	AUE_NULL,			/* 381 */
+	AUE_NULL,			/* 382 */
+	AUE_NULL,			/* 383 */
+	AUE_NULL,			/* 384 */
+	AUE_NULL,			/* 385 */
+	AUE_NULL,			/* 386 */
+	AUE_NULL,			/* 387 */
+	AUE_NULL,			/* 388 */
+	AUE_NULL,			/* 389 */
+	AUE_NULL,			/* 390 */
+	AUE_NULL,			/* 391 */
+	AUE_NULL,			/* 392 */
+	AUE_NULL,			/* 393 */
+	AUE_NULL,			/* 394 */
+	AUE_NULL,			/* 395 */
+	AUE_STATFS,			/* 396 = statfs */
+	AUE_FSTATFS,			/* 397 = fstafs */
+	AUE_NULL,			/* 398 */
+	AUE_NULL			/* 399 */
 };
 int	nsys_au_event = sizeof(sys_au_event) / sizeof(sys_au_event[0]);
 
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

