PERFORCE change 45237 for review
Robert Watson
rwatson at FreeBSD.org
Tue Jan 13 00:02:05 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=45237
Change 45237 by rwatson at rwatson_paprika on 2004/01/12 16:01:31
Keep kaudit_record and related structures kernel-internal;
remove from kern_audit.h, and keep only in audit_private.h.
Include audit_private.h in audit subsystem c files.
Affected files ...
.. //depot/projects/trustedbsd/audit2/sys/security/audit/audit.c#10 edit
.. //depot/projects/trustedbsd/audit2/sys/security/audit/audit_private.h#2 edit
.. //depot/projects/trustedbsd/audit2/sys/security/audit/bsm_audit.c#7 edit
.. //depot/projects/trustedbsd/audit2/sys/security/audit/bsm_klib.c#7 edit
.. //depot/projects/trustedbsd/audit2/sys/security/audit/kern_audit.h#6 edit
Differences ...
==== //depot/projects/trustedbsd/audit2/sys/security/audit/audit.c#10 (text+ko) ====
@@ -43,6 +43,7 @@
#include <sys/un.h>
#include <sys/vnode.h>
+#include <security/audit/audit_private.h>
#include <security/audit/kern_audit.h>
#include <security/audit/bsm_klib.h>
==== //depot/projects/trustedbsd/audit2/sys/security/audit/audit_private.h#2 (text+ko) ====
@@ -23,71 +23,8 @@
* @APPLE_LICENSE_HEADER_END@
*/
-#ifndef _SYS_KERN_AUDIT_H
-#define _SYS_KERN_AUDIT_H
-
-#ifdef _KERNEL
-
-/*
- * Audit subsystem condition flags. The audit_enabled flag is set and
- * removed automatically as a result of configuring log files, and
- * can be observed but should not be directly manipulated. The audit
- * suspension flag permits audit to be temporarily disabled without
- * reconfiguring the audit target.
- */
-extern int audit_enabled;
-extern int audit_suspended;
-
-#define BSM_SUCCESS 0
-#define BSM_FAILURE 1
-#define BSM_NOAUDIT 2
-
-/*
- * Define the masks for the audited arguments.
- */
-#define ARG_EUID 0x0000000000000001ULL
-#define ARG_RUID 0x0000000000000002ULL
-#define ARG_SUID 0x0000000000000004ULL
-#define ARG_EGID 0x0000000000000008ULL
-#define ARG_RGID 0x0000000000000010ULL
-#define ARG_SGID 0x0000000000000020ULL
-#define ARG_PID 0x0000000000000040ULL
-#define ARG_UID 0x0000000000000080ULL
-#define ARG_AUID 0x0000000000000100ULL
-#define ARG_GID 0x0000000000000200ULL
-#define ARG_FD 0x0000000000000400ULL
-#define UNUSED 0x0000000000000800ULL
-#define ARG_FFLAGS 0x0000000000001000ULL
-#define ARG_MODE 0x0000000000002000ULL
-#define ARG_DEV 0x0000000000004000ULL
-#define ARG_ACCMODE 0x0000000000008000ULL
-#define ARG_CMODE 0x0000000000010000ULL
-#define ARG_MASK 0x0000000000020000ULL
-#define ARG_SIGNUM 0x0000000000040000ULL
-#define ARG_LOGIN 0x0000000000080000ULL
-#define ARG_SADDRINET 0x0000000000100000ULL
-#define ARG_SADDRINET6 0x0000000000200000ULL
-#define ARG_SADDRUNIX 0x0000000000400000ULL
-#define ARG_KPATH1 0x0000000000800000ULL
-#define ARG_KPATH2 0x0000000001000000ULL
-#define ARG_UPATH1 0x0000000002000000ULL
-#define ARG_UPATH2 0x0000000004000000ULL
-#define ARG_TEXT 0x0000000008000000ULL
-#define ARG_VNODE1 0x0000000010000000ULL
-#define ARG_VNODE2 0x0000000020000000ULL
-#define ARG_SVIPC_CMD 0x0000000040000000ULL
-#define ARG_SVIPC_PERM 0x0000000080000000ULL
-#define ARG_SVIPC_ID 0x0000000100000000ULL
-#define ARG_SVIPC_ADDR 0x0000000200000000ULL
-#define ARG_GROUPSET 0x0000000400000000ULL
-#define ARG_CMD 0x0000000800000000ULL
-#define ARG_SOCKINFO 0x0000001000000000ULL
-#define ARG_NONE 0x0000000000000000ULL
-#define ARG_ALL 0xFFFFFFFFFFFFFFFFULL
-
-#ifdef MALLOC_DECLARE
-MALLOC_DECLARE(M_AUDIT);
-#endif
+#ifndef _SYS_AUDIT_PRIVATE_H
+#define _SYS_AUDIT_PRIVATE_H
struct vnode_au_info {
mode_t vn_mode;
@@ -186,110 +123,4 @@
TAILQ_ENTRY(kaudit_record) k_q;
};
-struct proc;
-struct vnode;
-struct componentname;
-
-void audit_abort(struct kaudit_record *ar);
-void audit_commit(struct kaudit_record *ar, int error,
- int retval);
-void audit_init(void);
-void audit_shutdown(void);
-
-struct kaudit_record *audit_new(int event, struct proc *p,
- struct thread *td);
-
-void audit_syscall_enter(unsigned short code, struct proc *proc, struct thread *td);
-void audit_syscall_exit(int error, struct proc *proc,
- struct thread *td);
-
-int kaudit_to_bsm(struct kaudit_record *kar,
- struct au_record **pau);
-
-int bsm_rec_verify(caddr_t rec);
-
-/*
- * Kernel versions of the BSM audit record functions.
- */
-struct au_record *kau_open(void);
-int kau_write(struct au_record *rec, token_t *m);
-int kau_close(struct au_record *rec,
- struct timespec *endtime, short event);
-void kau_free(struct au_record *rec);
-void kau_init(void);
-token_t *kau_to_file(char *file, struct timeval *tv);
-token_t *kau_to_header(struct timespec *ctime, int rec_size,
- au_event_t e_type, au_emod_t e_mod);
-token_t *kau_to_header32(struct timespec *ctime, int rec_size,
- au_event_t e_type, au_emod_t e_mod);
-token_t *kau_to_header64(struct timespec *ctime, int rec_size,
- au_event_t e_type, au_emod_t e_mod);
-/*
- * The remaining kernel functions are conditionally compiled in as they
- * are wrapped by a macro, and the macro should be the only place in
- * the source tree where these functions are referenced.
- */
-#ifdef AUDIT
-void audit_arg_accmode(int mode);
-void audit_arg_cmode(int cmode);
-void audit_arg_fd(int fd);
-void audit_arg_fflags(int fflags);
-void audit_arg_gid(gid_t gid, gid_t egid, gid_t rgid,
- gid_t sgid);
-void audit_arg_uid(uid_t uid, uid_t euid, uid_t ruid,
- uid_t suid);
-void audit_arg_groupset(gid_t *gidset, u_int gidset_size);
-void audit_arg_login(char[MAXLOGNAME]);
-void audit_arg_mask(int mask);
-void audit_arg_mode(mode_t mode);
-void audit_arg_dev(int dev);
-void audit_arg_owner(uid_t uid, gid_t gid);
-void audit_arg_pid(pid_t pid);
-void audit_arg_signum(u_int signum);
-void audit_arg_socket(int sodomain, int sotype,
- int soprotocol);
-void audit_arg_sockaddr(struct proc *p,
- struct sockaddr *so);
-void audit_arg_auid(uid_t auid);
-void audit_arg_upath(struct proc *p, char *upath,
- u_int64_t flags);
-void audit_arg_vnpath(struct vnode *vp, u_int64_t flags);
-void audit_arg_text(char *text);
-void audit_arg_cmd(int cmd);
-void audit_arg_svipc_cmd(int cmd);
-void audit_arg_svipc_perm(struct ipc_perm *perm);
-void audit_arg_svipc_id(int id);
-void audit_arg_svipc_addr(void *addr);
-
-void audit_proc_init(struct proc *p);
-void audit_proc_fork(struct proc *parent,
- struct proc *child);
-void audit_proc_free(struct proc *p);
-
-/*
- * Define a macro to wrap the audit_arg_* calls by checking the global
- * audit_enabled flag before performing the actual call.
- */
-#define AUDIT_ARG(op, args...) do { \
- if (audit_enabled) \
- audit_arg_ ## op (args); \
- } while (0)
-
-#define AUDIT_CMD(audit_cmd) do { \
- if (audit_enabled) { \
- audit_cmd; \
- } \
- } while (0)
-
-#else /* !AUDIT */
-#define AUDIT_ARG(op, args...) do { \
- } while (0)
-
-#define AUDIT_CMD(audit_cmd) do { \
- } while (0)
-
-#endif /* AUDIT */
-
-#endif /* _KERNEL */
-
-#endif /* !_SYS_KERN_AUDIT_H */
+#endif /* !_SYS_AUDIT_PRIVATE_H */
==== //depot/projects/trustedbsd/audit2/sys/security/audit/bsm_audit.c#7 (text+ko) ====
@@ -41,6 +41,7 @@
#include <netinet/in.h>
#include <netinet/ip.h>
+#include <security/audit/audit_private.h>
#include <security/audit/kern_audit.h>
#include <security/audit/bsm_klib.h>
==== //depot/projects/trustedbsd/audit2/sys/security/audit/bsm_klib.c#7 (text+ko) ====
@@ -36,6 +36,7 @@
#include <sys/ucred.h>
#include <sys/vnode.h>
+#include <security/audit/audit_private.h>
#include <security/audit/kern_audit.h>
#include <security/audit/bsm_klib.h>
==== //depot/projects/trustedbsd/audit2/sys/security/audit/kern_audit.h#6 (text+ko) ====
@@ -89,103 +89,7 @@
MALLOC_DECLARE(M_AUDIT);
#endif
-struct vnode_au_info {
- mode_t vn_mode;
- uid_t vn_uid;
- gid_t vn_gid;
- udev_t vn_dev;
- long vn_fsid;
- long vn_fileid;
- long vn_gen;
-};
-
-struct groupset {
- gid_t gidset[NGROUPS];
- u_int gidset_size;
-};
-
-struct socket_info {
- int sodomain;
- int sotype;
- int soprotocol;
-};
-
-struct xucred;
-struct sockaddr;
-struct ipc_perm;
-struct audit_record {
- /* Audit record header. */
- u_int32_t ar_magic;
- int ar_event;
- int ar_retval; /* value returned to the process */
- int ar_errno; /* return status of system call */
- struct timespec ar_starttime;
- struct timespec ar_endtime;
- u_int64_t ar_valid_arg; /* Bitmask of valid arguments */
-
- /* Audit subject information. */
- struct xucred ar_subj_cred;
- uid_t ar_subj_ruid;
- gid_t ar_subj_rgid;
- gid_t ar_subj_egid;
- uid_t ar_subj_auid; /* Audit user ID */
- pid_t ar_subj_asid; /* Audit session ID */
- pid_t ar_subj_pid;
- struct au_tid ar_subj_term;
- char ar_subj_comm[MAXCOMLEN + 1];
- struct au_mask ar_subj_amask;
-
- /* Operation arguments. */
- uid_t ar_arg_euid;
- uid_t ar_arg_ruid;
- uid_t ar_arg_suid;
- gid_t ar_arg_egid;
- gid_t ar_arg_rgid;
- gid_t ar_arg_sgid;
- pid_t ar_arg_pid;
- uid_t ar_arg_uid;
- uid_t ar_arg_auid;
- gid_t ar_arg_gid;
- struct groupset ar_arg_groups;
- int ar_arg_fd;
- int ar_arg_fflags;
- mode_t ar_arg_mode;
- int ar_arg_dev;
- int ar_arg_accmode;
- int ar_arg_cmode;
- int ar_arg_mask;
- u_int ar_arg_signum;
- char ar_arg_login[MAXLOGNAME];
- struct sockaddr ar_arg_sockaddr;
- struct socket_info ar_arg_sockinfo;
- char *ar_arg_upath1;
- char *ar_arg_upath2;
- char *ar_arg_kpath1;
- char *ar_arg_kpath2;
- char *ar_arg_text;
- struct au_mask ar_arg_amask;
- struct vnode_au_info ar_arg_vnode1;
- struct vnode_au_info ar_arg_vnode2;
- int ar_arg_cmd;
- int ar_arg_svipc_cmd;
- struct ipc_perm ar_arg_svipc_perm;
- int ar_arg_svipc_id;
- void * ar_arg_svipc_addr;
-};
-
-/*
- * In-kernel version of audit record; the basic record plus queue meta-data.
- * This record can also have a pointer set to some opaque data that will
- * be passed through to the audit writing mechanism.
- */
-struct kaudit_record {
- struct audit_record k_ar;
- caddr_t k_udata; /* user data */
- u_int k_ulen; /* user data length */
- struct uthread *k_uthread; /* thread we are auditing */
- TAILQ_ENTRY(kaudit_record) k_q;
-};
-
+struct kaudit_record;
struct proc;
struct vnode;
struct componentname;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list