PERFORCE change 84576 for review
Robert Watson
rwatson at FreeBSD.org
Fri Sep 30 18:32:41 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=84576
Change 84576 by rwatson at rwatson_peppercorn on 2005/09/30 18:32:16
Audit additional path data in name lookups associated with VFS
system calls. In almost all cases, audit arguments as the first
path in the record.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#16 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#16 (text+ko) ====
@@ -195,7 +195,8 @@
if (jailed(td->td_ucred) && !prison_quotas)
return (EPERM);
mtx_lock(&Giant);
- NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1, UIO_USERSPACE, uap->path,
+ td);
if ((error = namei(&nd)) != 0) {
mtx_unlock(&Giant);
return (error);
@@ -847,7 +848,7 @@
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
if (error)
return (error);
- NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE,
+ NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1,
UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error)
@@ -1197,7 +1198,8 @@
return (error);
restart:
bwillwrite();
- NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE, pathseg, path, td);
+ NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNPATH1,
+ pathseg, path, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -1301,7 +1303,8 @@
restart:
bwillwrite();
- NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE, pathseg, path, td);
+ NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNPATH1,
+ pathseg, path, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -1424,7 +1427,7 @@
int error;
bwillwrite();
- NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE, segflg, path, td);
+ NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNPATH1, segflg, path, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -1440,7 +1443,8 @@
VFS_UNLOCK_GIANT(vfslocked);
return (error);
}
- NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE, segflg, link, td);
+ NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNPATH2,
+ segflg, link, td);
if ((error = namei(&nd)) == 0) {
lvfslocked = NDHASGIANT(&nd);
if (nd.ni_vp != NULL) {
@@ -1514,7 +1518,7 @@
}
restart:
bwillwrite();
- NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE,
+ NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNPATH1,
segflg, link, td);
if ((error = namei(&nd)) != 0)
goto out;
@@ -1583,8 +1587,8 @@
restart:
bwillwrite();
- NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | MPSAFE, UIO_USERSPACE,
- uap->path, td);
+ NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | MPSAFE | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error)
return (error);
@@ -1650,7 +1654,8 @@
restart:
bwillwrite();
- NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE, pathseg, path, td);
+ NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNPATH1,
+ pathseg, path, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -1892,7 +1897,8 @@
tmpcred->cr_uid = cred->cr_ruid;
tmpcred->cr_groups[0] = cred->cr_rgid;
td->td_ucred = tmpcred;
- NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE, pathseg, path, td);
+ NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1,
+ pathseg, path, td);
if ((error = namei(&nd)) != 0)
goto out1;
vfslocked = NDHASGIANT(&nd);
@@ -1930,8 +1936,8 @@
int vfslocked;
int error;
- NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE, UIO_USERSPACE,
- uap->path, td);
+ NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, td);
if ((error = namei(&nd)) != 0)
return (error);
vp = nd.ni_vp;
@@ -2241,7 +2247,8 @@
struct nameidata nd;
int error, vfslocked;
- NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE, pathseg, path, td);
+ NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1,
+ pathseg, path, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -2292,7 +2299,8 @@
struct nameidata nd;
int vfslocked;
- NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE, pathseg, path, td);
+ NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1,
+ pathseg, path, td);
if ((error = namei(&nd)) != 0)
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
@@ -2866,7 +2874,8 @@
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
return (error);
- NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE, pathseg, path, td);
+ NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNPATH1, pathseg, path,
+ td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -2910,7 +2919,8 @@
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
return (error);
- NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE, pathseg, path, td);
+ NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNPATH1, pathseg, path,
+ td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -2999,7 +3009,8 @@
if (length < 0)
return(EINVAL);
- NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE, pathseg, path, td);
+ NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNPATH1, pathseg, path,
+ td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -3228,11 +3239,11 @@
bwillwrite();
#ifdef MAC
- NDINIT(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | MPSAFE,
- pathseg, from, td);
+ NDINIT(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | MPSAFE |
+ AUDITVNPATH1, pathseg, from, td);
#else
- NDINIT(&fromnd, DELETE, WANTPARENT | SAVESTART | MPSAFE,
- pathseg, from, td);
+ NDINIT(&fromnd, DELETE, WANTPARENT | SAVESTART | MPSAFE |
+ AUDITVNPATH1, pathseg, from, td);
#endif
if ((error = namei(&fromnd)) != 0)
return (error);
@@ -3254,7 +3265,7 @@
goto out1;
}
NDINIT(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART |
- MPSAFE, pathseg, to, td);
+ MPSAFE | AUDITVNPATH2, pathseg, to, td);
if (fromnd.ni_vp->v_type == VDIR)
tond.ni_cnd.cn_flags |= WILLBEDIR;
if ((error = namei(&tond)) != 0) {
@@ -3362,7 +3373,8 @@
restart:
bwillwrite();
- NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE, segflg, path, td);
+ NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNPATH1,
+ segflg, path, td);
nd.ni_cnd.cn_flags |= WILLBEDIR;
if ((error = namei(&nd)) != 0)
return (error);
@@ -3446,7 +3458,8 @@
restart:
bwillwrite();
- NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE, pathseg, path, td);
+ NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNPATH1,
+ pathseg, path, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -3835,8 +3848,8 @@
struct nameidata nd;
int vfslocked;
- NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE, UIO_USERSPACE,
- uap->path, td);
+ NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -3924,7 +3937,7 @@
error = suser(td);
if (error)
return (error);
- NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE,
+ NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1,
UIO_USERSPACE, uap->fname, td);
error = namei(&nd);
if (error)
@@ -3963,7 +3976,7 @@
error = suser(td);
if (error)
return (error);
- NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE,
+ NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNPATH1,
UIO_USERSPACE, uap->fname, td);
error = namei(&nd);
if (error)
@@ -4351,8 +4364,8 @@
*/
filename_vp = NULL;
if (uap->filename != NULL) {
- NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | LOCKLEAF,
- UIO_USERSPACE, uap->filename, td);
+ NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | LOCKLEAF |
+ AUDITVNPATH2, UIO_USERSPACE, uap->filename, td);
error = namei(&nd);
if (error)
return (error);
@@ -4362,7 +4375,8 @@
}
/* uap->path is always defined. */
- NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
error = namei(&nd);
if (error) {
if (filename_vp != NULL)
@@ -4506,7 +4520,8 @@
if (error)
return (error);
- NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
error = namei(&nd);
if (error)
return (error);
@@ -4540,7 +4555,8 @@
if (error)
return (error);
- NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
error = namei(&nd);
if (error)
return (error);
@@ -4678,7 +4694,8 @@
if (error)
return (error);
- NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
error = namei(&nd);
if (error)
return (error);
@@ -4712,7 +4729,8 @@
if (error)
return (error);
- NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
error = namei(&nd);
if (error)
return (error);
@@ -4817,7 +4835,8 @@
if (error)
return(error);
- NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
error = namei(&nd);
if (error)
return(error);
@@ -4847,7 +4866,8 @@
if (error)
return(error);
- NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
error = namei(&nd);
if (error)
return(error);
@@ -4966,7 +4986,8 @@
struct nameidata nd;
int vfslocked, error;
- NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
error = namei(&nd);
if (error)
return (error);
@@ -4994,7 +5015,8 @@
struct nameidata nd;
int vfslocked, error;
- NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW, UIO_USERSPACE, uap->path, td);
+ NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, td);
error = namei(&nd);
if (error)
return (error);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list