PERFORCE change 85492 for review
Robert Watson
rwatson at FreeBSD.org
Tue Oct 18 13:03:17 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=85492
Change 85492 by rwatson at rwatson_zoo on 2005/10/18 13:02:25
Two more cases of ARG_SET_VALID(), and use ARG_IS_VALID() when
testing for bits.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#6 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#24 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#6 (text+ko) ====
@@ -771,9 +771,9 @@
}
if (flags & ARG_VNODE1)
- ar->k_ar.ar_valid_arg |= ARG_KPATH1;
+ ARG_SET_VALID(ar, ARG_KPATH1);
else
- ar->k_ar.ar_valid_arg |= ARG_KPATH2;
+ ARG_SET_VALID(ar, ARG_KPATH2);
error = VOP_GETATTR(vp, &vattr, td->td_ucred, td);
if (error) {
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#24 (text+ko) ====
@@ -159,61 +159,64 @@
/*
* XXX May want turn some (or all) of these macros into functions in order
* to reduce the generated code sized.
+ *
+ * XXXAUDIT: These macros assume that 'kar', 'ar', 'rec', and 'tok' in the
+ * caller are OK with this.
*/
#define UPATH1_TOKENS do { \
- if (ar->ar_valid_arg & ARG_UPATH1) { \
+ if (ARG_IS_VALID(kar, ARG_UPATH1)) { \
tok = au_to_path(ar->ar_arg_upath1); \
kau_write(rec, tok); \
} \
} while (0)
#define UPATH2_TOKENS do { \
- if (ar->ar_valid_arg & ARG_UPATH2) { \
+ if (ARG_IS_VALID(kar, ARG_UPATH2)) { \
tok = au_to_path(ar->ar_arg_upath2); \
kau_write(rec, tok); \
} \
} while (0)
#define KPATH1_VNODE1_TOKENS do { \
- if (ar->ar_valid_arg & ARG_KPATH1) { \
+ if (ARG_IS_VALID(kar, ARG_KPATH1)) { \
tok = au_to_path(ar->ar_arg_kpath1); \
kau_write(rec, tok); \
} \
- if (ar->ar_valid_arg & ARG_VNODE1) { \
+ if (ARG_IS_VALID(kar, ARG_VNODE1)) { \
tok = au_to_attr32(&ar->ar_arg_vnode1); \
kau_write(rec, tok); \
} \
} while (0)
#define KPATH1_VNODE1_OR_UPATH1_TOKENS do { \
- if (ar->ar_valid_arg & ARG_KPATH1) { \
+ if (ARG_IS_VALID(kar, ARG_KPATH1)) { \
tok = au_to_path(ar->ar_arg_kpath1); \
kau_write(rec, tok); \
} else { \
UPATH1_TOKENS; \
} \
- if (ar->ar_valid_arg & ARG_VNODE1) { \
+ if (ARG_IS_VALID(kar, ARG_VNODE1)) { \
tok = au_to_attr32(&ar->ar_arg_vnode1); \
kau_write(rec, tok); \
} \
} while (0)
#define KPATH2_VNODE2_TOKENS do { \
- if (ar->ar_valid_arg & ARG_KPATH2) { \
+ if (ARG_IS_VALID(kar, ARG_KPATH2)) { \
tok = au_to_path(ar->ar_arg_kpath2); \
kau_write(rec, tok); \
} \
- if (ar->ar_valid_arg & ARG_VNODE2) { \
+ if (ARG_IS_VALID(kar, ARG_VNODE2)) { \
tok = au_to_attr32(&ar->ar_arg_vnode2); \
kau_write(rec, tok); \
} \
} while (0)
#define FD_KPATH1_VNODE1_TOKENS do { \
- if (ar->ar_valid_arg & ARG_KPATH1) { \
+ if (ARG_IS_VALID(kar, ARG_KPATH1)) { \
tok = au_to_path(ar->ar_arg_kpath1); \
kau_write(rec, tok); \
- if (ar->ar_valid_arg & ARG_VNODE1) { \
+ if (ARG_IS_VALID(kar, ARG_VNODE1)) { \
tok = au_to_attr32(&ar->ar_arg_vnode1); \
kau_write(rec, tok); \
} \
@@ -223,9 +226,12 @@
} \
} while (0)
+/*
+ * XXXAUDIT: We read ar_arg_pid without testing that it is valid first.
+ */
#define PROCESS_PID_TOKENS(argn) do { \
if ((ar->ar_arg_pid > 0) /* Kill a single process */ \
- && (ar->ar_valid_arg & ARG_PROCESS)) { \
+ && (ARG_IS_VALID(kar, ARG_PROCESS))) { \
tok = au_to_process(ar->ar_arg_auid, \
ar->ar_arg_euid, ar->ar_arg_egid, \
ar->ar_arg_ruid, ar->ar_arg_rgid, \
@@ -399,12 +405,12 @@
case AUE_SENDTO:
tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
kau_write(rec, tok);
- if (ar->ar_valid_arg & ARG_SADDRINET) {
+ if (ARG_IS_VALID(kar, ARG_SADDRINET)) {
tok = au_to_sock_inet(
(struct sockaddr_in *)&ar->ar_arg_sockaddr);
kau_write(rec, tok);
}
- if (ar->ar_valid_arg & ARG_SADDRUNIX) {
+ if (ARG_IS_VALID(kar, ARG_SADDRUNIX)) {
tok = au_to_sock_unix(
(struct sockaddr_un *)&ar->ar_arg_sockaddr);
kau_write(rec, tok);
@@ -430,7 +436,7 @@
break;
case AUE_ACCT:
- if (ar->ar_valid_arg & (ARG_KPATH1 | ARG_UPATH1)) {
+ if (ARG_IS_VALID(kar, ARG_KPATH1 | ARG_UPATH1)) {
KPATH1_VNODE1_OR_UPATH1_TOKENS;
} else {
tok = au_to_arg32(1, "accounting off", 0);
@@ -444,7 +450,7 @@
break;
case AUE_SETAUDIT:
- if (ar->ar_valid_arg & ARG_AUID) {
+ if (ARG_IS_VALID(kar, ARG_AUID)) {
tok = au_to_arg32(1, "setaudit:auid", ar->ar_arg_auid);
kau_write(rec, tok);
tok = au_to_arg32(1, "setaudit:port",
@@ -489,7 +495,7 @@
case AUE_AUDITON_SETUMASK:
case AUE_AUDITON_SPOLICY:
case AUE_AUDITON_SQCTRL:
- if (ar->ar_valid_arg & ARG_AUDITON) {
+ if (ARG_IS_VALID(kar, ARG_AUDITON)) {
audit_sys_auditon(ar, rec);
}
break;
@@ -636,10 +642,10 @@
kau_write(rec, tok);
tok = au_to_arg32(1, "arg", (u_int32_t)ar->ar_arg_addr);
kau_write(rec, tok);
- if (ar->ar_valid_arg & ARG_VNODE1) {
+ if (ARG_IS_VALID(kar, ARG_VNODE1)) {
FD_KPATH1_VNODE1_TOKENS;
} else {
- if (ar->ar_valid_arg & ARG_SOCKINFO) {
+ if (ARG_IS_VALID(kar, ARG_SOCKINFO)) {
tok = kau_to_socket(&ar->ar_arg_sockinfo);
kau_write(rec, tok);
} else {
@@ -716,7 +722,7 @@
/* XXX Need to handle NFS mounts */
tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
kau_write(rec, tok);
- if (ar->ar_valid_arg & ARG_TEXT) {
+ if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
}
@@ -858,7 +864,7 @@
kau_write(rec, tok);
break;
case AUE_SETGROUPS:
- if (ar->ar_valid_arg & ARG_GROUPSET) {
+ if (ARG_IS_VALID(kar, ARG_GROUPSET)) {
for(ctr = 0; ctr < ar->ar_arg_groups.gidset_size; ctr++)
{
tok = au_to_arg32(1, "setgroups", ar->ar_arg_groups.gidset[ctr]);
@@ -868,7 +874,7 @@
break;
case AUE_SETLOGIN:
- if (ar->ar_valid_arg & ARG_TEXT) {
+ if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
}
@@ -894,7 +900,7 @@
kau_write(rec, tok);
tok = au_to_arg32(2, "shmaddr", (int)ar->ar_arg_svipc_addr);
kau_write(rec, tok);
- if (ar->ar_valid_arg & ARG_SVIPC_PERM) {
+ if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
kau_write(rec, tok);
tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
@@ -908,7 +914,7 @@
switch (ar->ar_arg_svipc_cmd) {
case IPC_STAT:
ar->ar_event = AUE_SHMCTL_STAT;
- if (ar->ar_valid_arg & ARG_SVIPC_PERM) {
+ if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
tok = au_to_ipc(AT_IPC_SHM,
ar->ar_arg_svipc_id);
kau_write(rec, tok);
@@ -916,7 +922,7 @@
break;
case IPC_RMID:
ar->ar_event = AUE_SHMCTL_RMID;
- if (ar->ar_valid_arg & ARG_SVIPC_PERM) {
+ if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
tok = au_to_ipc(AT_IPC_SHM,
ar->ar_arg_svipc_id);
kau_write(rec, tok);
@@ -924,7 +930,7 @@
break;
case IPC_SET:
ar->ar_event = AUE_SHMCTL_SET;
- if (ar->ar_valid_arg & ARG_SVIPC_PERM) {
+ if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
tok = au_to_ipc(AT_IPC_SHM,
ar->ar_arg_svipc_id);
kau_write(rec, tok);
@@ -946,7 +952,7 @@
/* This is unusual; the return value is in an argument token */
tok = au_to_arg32(0, "shmid", ar->ar_arg_svipc_id);
kau_write(rec, tok);
- if (ar->ar_valid_arg & ARG_SVIPC_PERM) {
+ if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
kau_write(rec, tok);
tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
@@ -962,11 +968,11 @@
tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
kau_write(rec, tok);
case AUE_SHMUNLINK:
- if (ar->ar_valid_arg & ARG_TEXT) {
+ if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
}
- if (ar->ar_valid_arg & ARG_POSIX_IPC_PERM) {
+ if (ARG_IS_VALID(kar, ARG_POSIX_IPC_PERM)) {
/* Create an ipc_perm token */
struct ipc_perm perm;
perm.uid = ar->ar_arg_pipc_perm.pipc_uid;
@@ -990,11 +996,11 @@
kau_write(rec, tok);
/* fall through */
case AUE_SEMUNLINK:
- if (ar->ar_valid_arg & ARG_TEXT) {
+ if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
}
- if (ar->ar_valid_arg & ARG_POSIX_IPC_PERM) {
+ if (ARG_IS_VALID(kar, ARG_POSIX_IPC_PERM)) {
/* Create an ipc_perm token */
struct ipc_perm perm;
perm.uid = ar->ar_arg_pipc_perm.pipc_uid;
@@ -1015,7 +1021,7 @@
break;
case AUE_SYMLINK:
- if (ar->ar_valid_arg & ARG_TEXT) {
+ if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
}
@@ -1023,17 +1029,17 @@
break;
case AUE_SYSCTL:
- if (ar->ar_valid_arg & (ARG_CTLNAME | ARG_LEN)) {
+ if (ARG_IS_VALID(kar, ARG_CTLNAME | ARG_LEN)) {
for (ctr = 0; ctr < ar->ar_arg_len; ctr++) {
tok = au_to_arg32(1, "name", ar->ar_arg_ctlname[ctr]);
kau_write(rec, tok);
}
}
- if (ar->ar_valid_arg & ARG_VALUE) {
+ if (ARG_IS_VALID(kar, ARG_VALUE)) {
tok = au_to_arg32(5, "newval", ar->ar_arg_value);
kau_write(rec, tok);
}
- if (ar->ar_valid_arg & ARG_TEXT) {
+ if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list