PERFORCE change 61876 for review
Wayne Salamon
wsalamon at FreeBSD.org
Tue Sep 21 00:03:04 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=61876
Change 61876 by wsalamon at wsalamon_epi on 2004/09/21 00:02:49
Change the auditctl(0 system call to be command-oriented. This change
is in preparation of implementing the kernel-userspace IPC mechanism
to handle audit events from the kernel (audit log rotate, etc.)
Affected files ...
.. //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.c#3 edit
.. //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.h#2 edit
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#4 edit
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#6 edit
.. //depot/projects/trustedbsd/audit3/sys/kern/init_sysent.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/kern/syscalls.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/kern/syscalls.master#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#9 edit
.. //depot/projects/trustedbsd/audit3/sys/sys/syscall.h#4 edit
.. //depot/projects/trustedbsd/audit3/sys/sys/syscall.mk#4 edit
.. //depot/projects/trustedbsd/audit3/sys/sys/sysproto.h#5 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.c#3 (text+ko) ====
@@ -52,13 +52,8 @@
static int allhardcount = 0;
-#ifndef __BSM_INTERNAL_NOTIFY_KEY
-#define __BSM_INTERNAL_NOTIFY_KEY "com.apple.audit.change"
-#endif /* __BSM_INTERNAL_NOTIFY_KEY */
-
TAILQ_HEAD(, dir_ent) dir_q;
-
/* Error starting auditd */
void fail_exit()
{
@@ -189,9 +184,11 @@
if (open(fn, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP) < 0) {
perror("File open");
}
- /* else if (auditctl(fn) != 0) { */
- else if (syscall(SYS_auditctl, fn) != 0) {
- syslog(LOG_ERR, "auditctl failed! : %s\n",
+ /* else if (auditctl(AC_SETLOGFILE, fn, strlen(fn)) != 0) { */
+ else if (syscall(SYS_auditctl, AC_SETLOGFILE, fn,
+ strlen(fn)) != 0) {
+ syslog(LOG_ERR,
+ "auditctl failed setting log file! : %s\n",
strerror(errno));
}
else {
@@ -309,7 +306,7 @@
/* flush contents */
/* err_ret = auditctl(NULL); */
- err_ret = syscall(SYS_auditctl, NULL);
+ err_ret = syscall(SYS_auditctl, NULL, sizeof(char));
if (err_ret != 0) {
syslog(LOG_ERR, "auditctl failed! : %s\n",
strerror(errno));
@@ -599,6 +596,12 @@
return 0;
}
+int config_auditd_ipc()
+{
+ int fd;
+
+}
+
void setup(long flags)
{
int aufd;
@@ -626,9 +629,14 @@
}
if (config_audit_controls(flags) == 0)
- syslog(LOG_INFO, "Initialization successful\n");
+ syslog(LOG_INFO, "Audit controls init successful\n");
+ else
+ syslog(LOG_INFO, "Audit controls init failed\n");
+
+ if (config_auditd_ipc() == 0)
+ syslog(LOG_INFO, "auditd control socket created\n");
else
- syslog(LOG_INFO, "Initialization failed\n");
+ syslog(LOG_INFO, "auditd control socket not created\n");
}
==== //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.h#2 (text+ko) ====
@@ -7,6 +7,7 @@
#define MAX_DIR_SIZE 255
#define AUDITD_NAME "auditd"
+#define AUDITD_SOCK_FILE "/etc/security/auditd_control"
#define POSTFIX_LEN 16
#define NOT_TERMINATED ".not_terminated"
==== //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#4 (text+ko) ====
@@ -153,6 +153,12 @@
#define AU_FS_MINFREE 20 /* default min filesystem freespace, in percent */
+/*
+ * auditctl(2) commands
+ */
+#define AC_SETLOGFILE 1
+#define AC_SETCTLFD 2
+
__BEGIN_DECLS
typedef uid_t au_id_t;
@@ -288,7 +294,7 @@
int audit (const void *, int);
int auditon (int, void *, int);
-int auditctl (const char *);
+int auditctl (int, void *, int);
int getauid (au_id_t *);
int setauid (const au_id_t *);
int getaudit (struct auditinfo *);
==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#6 (text+ko) ====
@@ -131,6 +131,11 @@
u_short so_lport; /* local port */
};
+union auditctl_udata {
+ char ac_path[MAXPATHLEN];
+ int ac_fd;
+};
+
union auditon_udata {
char au_path[MAXPATHLEN];
long au_cond;
==== //depot/projects/trustedbsd/audit3/sys/kern/init_sysent.c#4 (text+ko) ====
==== //depot/projects/trustedbsd/audit3/sys/kern/syscalls.c#4 (text+ko) ====
==== //depot/projects/trustedbsd/audit3/sys/kern/syscalls.master#4 (text+ko) ====
@@ -705,6 +705,6 @@
*auditinfo_addr, u_int length); } AUE_GETAUDIT_ADDR
451 MSTD { int setaudit_addr(struct auditinfo_addr \
*auditinfo_addr, u_int length); } AUE_SETAUDIT_ADDR
-452 MSTD { int auditctl(char *path); } AUE_AUDITCTL
+452 MSTD { int auditctl(int cmd, void *data, u_int length); } AUE_AUDITCTL
; Please copy any additions and changes to the following compatability tables:
; sys/compat/freebsd32/syscalls.master
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#9 (text+ko) ====
@@ -756,7 +756,6 @@
auditon(struct thread *td, struct auditon_args *uap)
{
int error;
- int len;
union auditon_udata udata;
struct proc *tp;
@@ -765,8 +764,7 @@
if (error)
return (error);
- len = uap->length;
- if ((len <= 0) || (len > sizeof(union auditon_udata)))
+ if ((uap->length <= 0) || (uap->length > sizeof(union auditon_udata)))
return (EINVAL);
memset((void *)&udata, 0, sizeof(udata));
@@ -1091,6 +1089,7 @@
struct ucred *cred;
struct vnode *vp;
int error, flags;
+ union auditctl_udata udata;
error = suser(td);
if (error)
@@ -1099,35 +1098,52 @@
vp = NULL;
cred = NULL;
- /*
- * If a path is specified, open the replacement vnode, perform
- * validity checks, and grab another reference to the current
- * credential.
- */
- if (uap->path != NULL) {
- mtx_lock(&Giant);
- NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
- uap->path, td);
- flags = audit_open_flags;
- error = vn_open(&nd, &flags, 0, -1);
- if (error) {
+ memset((void *)&udata, 0, sizeof(udata));
+
+ switch (uap->cmd) {
+ case AC_SETLOGFILE:
+ /*
+ * If a path is specified, open the replacement vnode, perform
+ * validity checks, and grab another reference to the current
+ * credential.
+ */
+ if (uap->data != NULL) {
+
+ if ((uap->length <= 0) || (uap->length > MAXPATHLEN))
+ return (EINVAL);
+
+ error = copyin(uap->data, (void *)&udata, uap->length);
+ if (error)
+ return (error);
+
+ mtx_lock(&Giant);
+ NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE,
+ udata.ac_path, td);
+ flags = audit_open_flags;
+ error = vn_open(&nd, &flags, 0, -1);
+ if (error) {
+ mtx_unlock(&Giant);
+ return (error);
+ }
+ VOP_UNLOCK(nd.ni_vp, 0, td);
+ vp = nd.ni_vp;
+ if (vp->v_type != VREG) {
+ vn_close(vp, audit_close_flags,
+ td->td_ucred, td);
+ mtx_unlock(&Giant);
+ return (EINVAL);
+ }
+ cred = td->td_ucred;
+ crhold(cred);
+ audit_suspended = 0;
mtx_unlock(&Giant);
- return (error);
}
- VOP_UNLOCK(nd.ni_vp, 0, td);
- vp = nd.ni_vp;
- if (vp->v_type != VREG) {
- vn_close(vp, audit_close_flags, td->td_ucred, td);
- mtx_unlock(&Giant);
- return (EINVAL);
- }
- cred = td->td_ucred;
- crhold(cred);
- audit_suspended = 0;
- mtx_unlock(&Giant);
+
+ audit_rotate_vnode(cred, vp);
+ break;
+ case AC_SETCTLFD: /* Set control file descriptor */
+ break;
}
-
- audit_rotate_vnode(cred, vp);
return (0);
}
==== //depot/projects/trustedbsd/audit3/sys/sys/syscall.h#4 (text+ko) ====
==== //depot/projects/trustedbsd/audit3/sys/sys/syscall.mk#4 (text+ko) ====
==== //depot/projects/trustedbsd/audit3/sys/sys/sysproto.h#5 (text+ko) ====
@@ -1333,7 +1333,9 @@
char length_l_[PADL_(u_int)]; u_int length; char length_r_[PADR_(u_int)];
};
struct auditctl_args {
- char path_l_[PADL_(char *)]; char * path; char path_r_[PADR_(char *)];
+ char cmd_l_[PADL_(int)]; int cmd; char cmd_r_[PADR_(int)];
+ char data_l_[PADL_(void *)]; void * data; char data_r_[PADR_(void *)];
+ char length_l_[PADL_(u_int)]; u_int length; char length_r_[PADR_(u_int)];
};
int nosys(struct thread *, struct nosys_args *);
void sys_exit(struct thread *, struct sys_exit_args *);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list