PERFORCE change 85487 for review

Tue Oct 18 10:58:46 GMT 2005

http://perforce.freebsd.org/chv.cgi?CH=85487

Change 85487 by rwatson at rwatson_zoo on 2005/10/18 10:58:29

	Break out audit_arg_uid() and audit_arg_gid(), which each accepted
	all possible *uid and *gid arguments, into separate arg methods for
	each of {uid,gid,euid,egid,ruid,rgid,suid,sgid}, and invoke them as
	needed for the various credential frobbing system calls in the base
	system call table.  Record these entries, as appropriate, when
	converting the internal audit record to BSM for these system calls. 
	
	Invoke audit_arg_groupset() for setgroups().

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/kern/kern_prot.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#23 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/kern/kern_prot.c#4 (text+ko) ====

@@ -64,6 +64,8 @@
 #include <sys/socketvar.h>
 #include <sys/sysctl.h>
 
+#include <security/audit/audit.h>
+
 static MALLOC_DEFINE(M_CRED, "cred", "credentials");
 
 SYSCTL_DECL(_security);
@@ -495,6 +497,7 @@
 	int error;
 
 	uid = uap->uid;
+	AUDIT_ARG(uid, uid);
 	newcred = crget();
 	uip = uifind(uid);
 	PROC_LOCK(p);
@@ -608,6 +611,7 @@
 	int error;
 
 	euid = uap->euid;
+	AUDIT_ARG(euid, euid);
 	newcred = crget();
 	euip = uifind(euid);
 	PROC_LOCK(p);
@@ -664,6 +668,7 @@
 	int error;
 
 	gid = uap->gid;
+	AUDIT_ARG(gid, gid);
 	newcred = crget();
 	PROC_LOCK(p);
 	oldcred = p->p_ucred;
@@ -764,6 +769,7 @@
 	int error;
 
 	egid = uap->egid;
+	AUDIT_ARG(egid, egid);
 	newcred = crget();
 	PROC_LOCK(p);
 	oldcred = p->p_ucred;
@@ -822,6 +828,7 @@
 		crfree(tempcred);
 		return (error);
 	}
+	AUDIT_ARG(groupset, tempcred->cr_groups, ngrp);
 	newcred = crget();
 	PROC_LOCK(p);
 	oldcred = p->p_ucred;
@@ -890,6 +897,8 @@
 
 	euid = uap->euid;
 	ruid = uap->ruid;
+	AUDIT_ARG(euid, euid);
+	AUDIT_ARG(ruid, ruid);
 	newcred = crget();
 	euip = uifind(euid);
 	ruip = uifind(ruid);
@@ -958,6 +967,8 @@
 
 	egid = uap->egid;
 	rgid = uap->rgid;
+	AUDIT_ARG(egid, egid);
+	AUDIT_ARG(rgid, rgid);
 	newcred = crget();
 	PROC_LOCK(p);
 	oldcred = p->p_ucred;
@@ -1028,6 +1039,9 @@
 	euid = uap->euid;
 	ruid = uap->ruid;
 	suid = uap->suid;
+	AUDIT_ARG(euid, euid);
+	AUDIT_ARG(ruid, ruid);
+	AUDIT_ARG(suid, suid);
 	newcred = crget();
 	euip = uifind(euid);
 	ruip = uifind(ruid);
@@ -1108,6 +1122,9 @@
 	egid = uap->egid;
 	rgid = uap->rgid;
 	sgid = uap->sgid;
+	AUDIT_ARG(egid, egid);
+	AUDIT_ARG(rgid, rgid);
+	AUDIT_ARG(sgid, sgid);
 	newcred = crget();
 	PROC_LOCK(p);
 	oldcred = p->p_ucred;

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#4 (text+ko) ====

@@ -125,10 +125,14 @@
 void			 audit_arg_len(int len);
 void			 audit_arg_fd(int fd);
 void			 audit_arg_fflags(int fflags);
-void			 audit_arg_gid(gid_t gid, gid_t egid, gid_t rgid, 
-					gid_t sgid);
-void			 audit_arg_uid(uid_t uid, uid_t euid, uid_t ruid, 
-					uid_t suid);
+void			 audit_arg_gid(gid_t gid);
+void			 audit_arg_uid(uid_t uid);
+void			 audit_arg_egid(gid_t egid);
+void			 audit_arg_euid(uid_t euid);
+void			 audit_arg_rgid(gid_t rgid);
+void			 audit_arg_ruid(uid_t ruid);
+void			 audit_arg_sgid(gid_t sgid);
+void			 audit_arg_suid(uid_t suid);
 void			 audit_arg_groupset(gid_t *gidset, u_int gidset_size);
 void			 audit_arg_login(char *login);
 void			 audit_arg_ctlname(int *name, int namelen);

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#4 (text+ko) ====

@@ -117,7 +117,7 @@
 }
 
 void
-audit_arg_gid(gid_t gid, gid_t egid, gid_t rgid, gid_t sgid)
+audit_arg_gid(gid_t gid)
 {
 	struct kaudit_record *ar;
 
@@ -126,14 +126,89 @@
 		return;
 
 	ar->k_ar.ar_arg_gid = gid;
+	ar->k_ar.ar_valid_arg |= ARG_GID;
+}
+
+void
+audit_arg_uid(uid_t uid)
+{
+	struct kaudit_record *ar;
+
+	ar = currecord();
+	if (ar == NULL)
+		return;
+
+	ar->k_ar.ar_arg_uid = uid;
+	ar->k_ar.ar_valid_arg |= ARG_UID;
+}
+
+void
+audit_arg_egid(gid_t egid)
+{
+	struct kaudit_record *ar;
+
+	ar = currecord();
+	if (ar == NULL)
+		return;
+
 	ar->k_ar.ar_arg_egid = egid;
+	ar->k_ar.ar_valid_arg |= ARG_EGID;
+}
+
+void
+audit_arg_euid(uid_t euid)
+{
+	struct kaudit_record *ar;
+
+	ar = currecord();
+	if (ar == NULL)
+		return;
+
+	ar->k_ar.ar_arg_euid = euid;
+	ar->k_ar.ar_valid_arg |= ARG_EUID;
+}
+
+void
+audit_arg_rgid(gid_t rgid)
+{
+	struct kaudit_record *ar;
+
+	ar = currecord();
+	if (ar == NULL)
+		return;
+
 	ar->k_ar.ar_arg_rgid = rgid;
+	ar->k_ar.ar_valid_arg |= ARG_RGID;
+}
+
+void
+audit_arg_ruid(uid_t ruid)
+{
+	struct kaudit_record *ar;
+
+	ar = currecord();
+	if (ar == NULL)
+		return;
+
+	ar->k_ar.ar_arg_ruid = ruid;
+	ar->k_ar.ar_valid_arg |= ARG_RUID;
+}
+
+void
+audit_arg_sgid(gid_t sgid)
+{
+	struct kaudit_record *ar;
+
+	ar = currecord();
+	if (ar == NULL)
+		return;
+
 	ar->k_ar.ar_arg_sgid = sgid;
-	ar->k_ar.ar_valid_arg |= (ARG_GID | ARG_EGID | ARG_RGID | ARG_SGID);
+	ar->k_ar.ar_valid_arg |= ARG_SGID;
 }
 
 void
-audit_arg_uid(uid_t uid, uid_t euid, uid_t ruid, uid_t suid)
+audit_arg_suid(uid_t suid)
 {
 	struct kaudit_record *ar;
 
@@ -141,11 +216,8 @@
 	if (ar == NULL)
 		return;
 
-	ar->k_ar.ar_arg_uid = uid;
-	ar->k_ar.ar_arg_euid = euid;
-	ar->k_ar.ar_arg_ruid = ruid;
 	ar->k_ar.ar_arg_suid = suid;
-	ar->k_ar.ar_valid_arg |= (ARG_UID | ARG_EUID | ARG_RUID | ARG_SUID);
+	ar->k_ar.ar_valid_arg |= ARG_SUID;
 }
 
 void

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#23 (text+ko) ====

@@ -821,6 +821,34 @@
 		tok = au_to_arg32(1, "uid", ar->ar_arg_euid);
 		kau_write(rec, tok);
 		break;
+	case AUE_SETREGID:
+		tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
+		kau_write(rec, tok);
+		tok = au_to_arg32(2, "egid", ar->ar_arg_egid);
+		kau_write(rec, tok);
+		break;
+	case AUE_SETREUID:
+		tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
+		kau_write(rec, tok);
+		tok = au_to_arg32(2, "euid", ar->ar_arg_euid);
+		kau_write(rec, tok);
+		break;
+	case AUE_SETRESGID:
+		tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
+		kau_write(rec, tok);
+		tok = au_to_arg32(2, "egid", ar->ar_arg_egid);
+		kau_write(rec, tok);
+		tok = au_to_arg32(3, "sgid", ar->ar_arg_sgid);
+		kau_write(rec, tok);
+		break;
+	case AUE_SETRESUID:
+		tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
+		kau_write(rec, tok);
+		tok = au_to_arg32(2, "euid", ar->ar_arg_euid);
+		kau_write(rec, tok);
+		tok = au_to_arg32(3, "suid", ar->ar_arg_suid);
+		kau_write(rec, tok);
+		break;
 	case AUE_SETGID:
 		tok = au_to_arg32(1, "gid", ar->ar_arg_gid);
 		kau_write(rec, tok);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

