PERFORCE change 92857 for review
Robert Watson
rwatson at FreeBSD.org
Mon Mar 6 09:04:02 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=92857
Change 92857 by rwatson at rwatson_zoo on 2006/03/06 17:01:52
Integrate TrustedBSD audit3 branch from TrustedBSD base branch:
- OpenBSM 1.0 alpha 5 loop back.
- dwmalone's structural improvements to mac_bsdextended.
Affected files ...
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/FREEBSD-upgrade#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/README#11 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/TODO#7 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#7 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/audit_warn.c#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#8 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#10 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#8 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#9 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/compat/endian.h#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#10 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#12 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_mask.c#10 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_notify.c#9 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#13 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_user.c#9 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#10 integrate
.. //depot/projects/trustedbsd/audit3/lib/libutil/pidfile.3#4 integrate
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#25 integrate
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#8 integrate
.. //depot/projects/trustedbsd/audit3/sys/dev/mpt/mpt.c#8 integrate
.. //depot/projects/trustedbsd/audit3/sys/geom/label/g_label_ufs.c#6 integrate
.. //depot/projects/trustedbsd/audit3/sys/opencrypto/crypto.c#4 integrate
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#16 integrate
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#12 integrate
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#10 integrate
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#19 integrate
.. //depot/projects/trustedbsd/audit3/sys/security/mac_bsdextended/mac_bsdextended.c#6 integrate
.. //depot/projects/trustedbsd/audit3/usr.bin/finger/sprint.c#2 integrate
Differences ...
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/FREEBSD-upgrade#4 (text) ====
@@ -6,12 +6,9 @@
src/contrib/openbsm The OpenBSM distribution itself
src/sys/bsm Modified versions of some bsm/ include files
src/sys/security/audit Kernel audit framework, some OpenBSM-based files
-src/usr.sbin/audit Makefiles for OpenBSM-derived command
-src/usr.sbin/auditd ""
-src/usr.sbin/auditreduce ""
-src/usr.sbin/praudit ""
+src/usr.sbin/*audit* Makefiles for various OpenBSM tools
src/etc/Makefile Installation of /etc OpenBSM files
-src/lib/libbsm Build for OpenBSM library
+src/lib/libbsm/* Build for OpenBSM library
OpenBSM is normally built using an integrated autoconf/automake build
system. For the purposes of tight integration with FreeBSD, we use an
@@ -44,4 +41,4 @@
not on CVS vendor branches, but do have the same local vs. vendor merge
issues.
-$FreeBSD: src/contrib/openbsm/FREEBSD-upgrade,v 1.2 2006/02/06 00:03:39 rwatson Exp $
+$FreeBSD: src/contrib/openbsm/FREEBSD-upgrade,v 1.3 2006/03/04 16:50:04 rwatson Exp $
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/README#11 (text+ko) ====
@@ -95,4 +95,4 @@
http://www.TrustedBSD.org/
-$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/README#10 $
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/README#11 $
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/TODO#7 (text+ko) ====
@@ -14,4 +14,4 @@
on systems that don't have the necessary audit system calls; that would
allow the full libbsm and tool set to build, just not run.
-$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/TODO#6 $
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/TODO#7 $
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#7 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#6 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#7 $
*/
/*
* Program to trigger the audit daemon with a message that is either:
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/audit_warn.c#4 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/audit_warn.c#3 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/audit_warn.c#4 $
*/
#include <sys/types.h>
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#8 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#7 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#8 $
*/
#include <sys/types.h>
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#10 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#9 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#10 $
*/
#ifndef _BSM_AUDIT_H
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#8 (text+ko) ====
@@ -34,7 +34,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#7 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#8 $
*/
#ifndef _AUDIT_INTERNAL_H
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#9 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#8 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#9 $
*/
#ifndef _LIBBSM_H_
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/compat/endian.h#5 (text+ko) ====
@@ -25,7 +25,7 @@
* SUCH DAMAGE.
*
* Derived from FreeBSD src/sys/sys/endian.h:1.6.
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/compat/endian.h#4 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/compat/endian.h#5 $
*/
#ifndef _COMPAT_ENDIAN_H_
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#10 (text+ko) ====
@@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#9 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#10 $
*/
#include <sys/types.h>
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#12 (text+ko) ====
@@ -31,7 +31,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#11 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#12 $
*/
#include <sys/types.h>
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_mask.c#10 (text+ko) ====
@@ -27,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_mask.c#9 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_mask.c#10 $
*/
#include <sys/types.h>
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_notify.c#9 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_notify.c#8 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_notify.c#9 $
*/
/*
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#13 (text+ko) ====
@@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#12 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#13 $
*/
#include <sys/types.h>
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_user.c#9 (text+ko) ====
@@ -27,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_user.c#8 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_user.c#9 $
*/
#include <bsm/libbsm.h>
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#10 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#9 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#10 $
*/
#ifdef __APPLE__
==== //depot/projects/trustedbsd/audit3/lib/libutil/pidfile.3#4 (text+ko) ====
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/lib/libutil/pidfile.3,v 1.4 2006/01/28 14:13:15 pjd Exp $
+.\" $FreeBSD: src/lib/libutil/pidfile.3,v 1.5 2006/03/04 15:20:28 keramida Exp $
.\"
.Dd August 22, 2005
.Dt PIDFILE 3
@@ -120,8 +120,8 @@
pfh = pidfile_open("/var/run/daemon.pid", 0600, &otherpid);
if (pfh == NULL) {
if (errno == EEXIST) {
- errx(EXIT_FAILURE, "Daemon already running, pid: %d.",
- (int)otherpid);
+ errx(EXIT_FAILURE, "Daemon already running, pid: %jd.",
+ (intmax_t)otherpid);
}
/* If we cannot create pidfile from other reasons, only warn. */
warn("Cannot open or create pidfile");
@@ -147,7 +147,7 @@
/* Do child work. */
break;
default:
- syslog(LOG_INFO, "Child %d started.", (int)childpid);
+ syslog(LOG_INFO, "Child %jd started.", (intmax_t)childpid);
break;
}
}
==== //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#25 (text+ko) ====
@@ -30,8 +30,8 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#24 $
- * $FreeBSD: src/sys/bsm/audit.h,v 1.2 2006/02/01 19:54:22 rwatson Exp $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#25 $
+ * $FreeBSD: src/sys/bsm/audit.h,v 1.3 2006/03/04 16:54:21 rwatson Exp $
*/
#ifndef _BSM_AUDIT_H
==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#8 (text+ko) ====
@@ -34,7 +34,8 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#7 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#8 $
+ * $FreeBSD: src/sys/bsm/audit_internal.h,v 1.2 2006/03/04 16:54:21 rwatson Exp $
*/
#ifndef _AUDIT_INTERNAL_H
@@ -68,6 +69,7 @@
typedef struct au_record au_record_t;
+
/* We could determined the header and trailer sizes by
* defining appropriate structures. We hold off that approach
* till we have a consistant way of using structures for all tokens.
==== //depot/projects/trustedbsd/audit3/sys/dev/mpt/mpt.c#8 (text+ko) ====
@@ -92,7 +92,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/dev/mpt/mpt.c,v 1.18 2006/02/28 07:44:50 mjacob Exp $");
+__FBSDID("$FreeBSD: src/sys/dev/mpt/mpt.c,v 1.19 2006/03/04 21:46:34 mjacob Exp $");
#include <dev/mpt/mpt.h>
#include <dev/mpt/mpt_cam.h> /* XXX For static handler registration */
@@ -502,12 +502,12 @@
handled += pers->event(mpt, req, msg);
if (handled == 0 && mpt->mpt_pers_mask == 0) {
- mpt_lprt(mpt, MPT_PRT_WARN,
+ mpt_lprt(mpt, MPT_PRT_INFO,
"No Handlers For Any Event Notify Frames. "
"Event %#x (ACK %sequired).\n",
msg->Event, msg->AckRequired? "r" : "not r");
} else if (handled == 0) {
- mpt_prt(mpt,
+ mpt_lprt(mpt, MPT_PRT_WARN,
"Unhandled Event Notify Frame. Event %#x "
"(ACK %sequired).\n",
msg->Event, msg->AckRequired? "r" : "not r");
==== //depot/projects/trustedbsd/audit3/sys/geom/label/g_label_ufs.c#6 (text+ko) ====
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/geom/label/g_label_ufs.c,v 1.9 2006/02/18 10:59:47 pjd Exp $");
+__FBSDID("$FreeBSD: src/sys/geom/label/g_label_ufs.c,v 1.10 2006/03/04 19:41:54 pjd Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -78,8 +78,13 @@
if (fs == NULL)
continue;
/* Check for magic and make sure things are the right size */
- if (fs->fs_magic != FS_UFS1_MAGIC &&
- fs->fs_magic != FS_UFS2_MAGIC) {
+ if (fs->fs_magic == FS_UFS1_MAGIC &&
+ fs->fs_old_size * fs->fs_fsize == (int32_t)pp->mediasize) {
+ /* Valid UFS1. */
+ } else if (fs->fs_magic == FS_UFS2_MAGIC && fs->fs_fsize > 0 &&
+ pp->mediasize / fs->fs_fsize == fs->fs_size) {
+ /* Valid UFS2. */
+ } else {
g_free(fs);
continue;
}
==== //depot/projects/trustedbsd/audit3/sys/opencrypto/crypto.c#4 (text+ko) ====
@@ -21,7 +21,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.16 2005/01/07 02:29:16 imp Exp $");
+__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.17 2006/03/04 15:50:46 wkoszek Exp $");
#define CRYPTO_TIMING /* enable timing support */
@@ -252,6 +252,7 @@
};
MODULE_VERSION(crypto, 1);
DECLARE_MODULE(crypto, crypto_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST);
+MODULE_DEPEND(crypto, zlib, 1, 1, 1);
/*
* Create a new session.
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#16 (text+ko) ====
@@ -27,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/audit/audit.c,v 1.7 2006/02/11 23:53:00 rwatson Exp $
+ * $FreeBSD: src/sys/security/audit/audit.c,v 1.8 2006/03/04 17:00:55 rwatson Exp $
*/
#include <sys/param.h>
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#12 (text+ko) ====
@@ -30,7 +30,8 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#11 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#12 $
+ * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.2 2006/03/04 17:00:55 rwatson Exp $
*/
#include <sys/types.h>
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#10 (text+ko) ====
@@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/audit/audit_pipe.c,v 1.2 2006/02/07 14:46:26 rwatson Exp $
+ * $FreeBSD: src/sys/security/audit/audit_pipe.c,v 1.3 2006/03/04 17:09:17 rwatson Exp $
*/
#include <sys/param.h>
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#19 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/audit/audit_private.h,v 1.2 2006/02/06 22:50:39 rwatson Exp $
+ * $FreeBSD: src/sys/security/audit/audit_private.h,v 1.3 2006/03/04 17:00:55 rwatson Exp $
*/
/*
==== //depot/projects/trustedbsd/audit3/sys/security/mac_bsdextended/mac_bsdextended.c#6 (text+ko) ====
@@ -33,7 +33,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_bsdextended/mac_bsdextended.c,v 1.27 2006/01/15 01:02:20 csjp Exp $
+ * $FreeBSD: src/sys/security/mac_bsdextended/mac_bsdextended.c,v 1.28 2006/03/04 20:47:19 dwmalone Exp $
*/
/*
@@ -353,11 +353,10 @@
}
static int
-mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp,
- struct label *label)
+mac_bsdextended_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode)
{
+ int error;
struct vattr vap;
- int error;
if (!mac_bsdextended_enabled)
return (0);
@@ -365,75 +364,49 @@
error = VOP_GETATTR(vp, &vap, cred, curthread);
if (error)
return (error);
+
return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE));
+ acc_mode));
+}
+
+static int
+mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp,
+ struct label *label)
+{
+
+ return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
}
static int
mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp,
struct label *label, int acc_mode)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode));
+ return (mac_bsdextended_check_vp(cred, vp, acc_mode));
}
static int
mac_bsdextended_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
struct label *dlabel)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(dvp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_EXEC));
+ return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC));
}
static int
mac_bsdextended_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
struct label *dlabel)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(dvp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_EXEC));
+ return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC));
}
static int
mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct componentname *cnp, struct vattr *vap)
{
- struct vattr dvap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(dvp, &dvap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, dvap.va_uid, dvap.va_gid,
- MBI_WRITE));
+ return (mac_bsdextended_check_vp(cred, dvp, MBI_WRITE));
}
static int
@@ -441,59 +414,29 @@
struct label *dlabel, struct vnode *vp, struct label *label,
struct componentname *cnp)
{
- struct vattr vap;
int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(dvp, &vap, cred, curthread);
+ error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
if (error)
return (error);
- error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE);
- if (error)
- return (error);
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
}
static int
mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
struct label *label, acl_type_t type)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_ADMIN));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
}
static int
mac_bsdextended_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
struct label *label, int attrnamespace, const char *name)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
}
static int
@@ -501,51 +444,24 @@
struct label *label, struct image_params *imgp,
struct label *execlabel)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_READ|MBI_EXEC));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_READ|MBI_EXEC));
}
static int
mac_bsdextended_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
struct label *label, acl_type_t type)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_STAT));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_STAT));
}
static int
mac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
struct label *label, int attrnamespace, const char *name, struct uio *uio)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_READ));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_READ));
}
static int
@@ -553,25 +469,13 @@
struct label *dlabel, struct vnode *vp, struct label *label,
struct componentname *cnp)
{
- struct vattr vap;
int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(dvp, &vap, cred, curthread);
+ error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
if (error)
return (error);
- error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE);
- if (error)
- return (error);
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE);
+ error = mac_bsdextended_check_vp(cred, vp, MBI_WRITE);
if (error)
return (error);
return (0);
@@ -581,84 +485,40 @@
mac_bsdextended_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
struct label *label, int attrnamespace)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_READ));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_READ));
}
static int
mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct componentname *cnp)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(dvp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_EXEC));
+ return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC));
}
static int
mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp,
struct label *filelabel, int acc_mode)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode));
+ return (mac_bsdextended_check_vp(cred, vp, acc_mode));
}
static int
mac_bsdextended_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
struct label *dlabel)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(dvp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_READ));
+ return (mac_bsdextended_check_vp(cred, dvp, MBI_READ));
}
static int
mac_bsdextended_check_vnode_readdlink(struct ucred *cred, struct vnode *vp,
struct label *label)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_READ));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_READ));
}
static int
@@ -666,24 +526,12 @@
struct label *dlabel, struct vnode *vp, struct label *label,
struct componentname *cnp)
{
- struct vattr vap;
int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(dvp, &vap, cred, curthread);
+ error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
if (error)
return (error);
- error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE);
- if (error)
- return (error);
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE);
+ error = mac_bsdextended_check_vp(cred, vp, MBI_WRITE);
return (error);
}
@@ -693,27 +541,14 @@
struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
struct componentname *cnp)
{
- struct vattr vap;
int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(dvp, &vap, cred, curthread);
+ error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
if (error)
return (error);
- error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE);
- if (error)
- return (error);
- if (vp != NULL) {
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE);
- }
+ if (vp != NULL)
+ error = mac_bsdextended_check_vp(cred, vp, MBI_WRITE);
return (error);
}
@@ -722,136 +557,64 @@
mac_bsdextended_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
struct label *label)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_ADMIN));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
}
static int
mac_bsdextended_check_setacl_vnode(struct ucred *cred, struct vnode *vp,
struct label *label, acl_type_t type, struct acl *acl)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_ADMIN));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
}
static int
mac_bsdextended_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
struct label *label, int attrnamespace, const char *name, struct uio *uio)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_WRITE));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
}
static int
mac_bsdextended_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
struct label *label, u_long flags)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_ADMIN));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
}
static int
mac_bsdextended_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t mode)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_ADMIN));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
}
static int
mac_bsdextended_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
struct label *label, uid_t uid, gid_t gid)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_ADMIN));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
}
static int
mac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
struct label *label, struct timespec atime, struct timespec utime)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid,
- MBI_ADMIN));
+ return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
}
static int
mac_bsdextended_check_vnode_stat(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp, struct label *label)
{
- struct vattr vap;
- int error;
- if (!mac_bsdextended_enabled)
- return (0);
-
- error = VOP_GETATTR(vp, &vap, active_cred, curthread);
- if (error)
- return (error);
- return (mac_bsdextended_check(active_cred, vap.va_uid, vap.va_gid,
- MBI_STAT));
+ return (mac_bsdextended_check_vp(active_cred, vp, MBI_STAT));
}
static struct mac_policy_ops mac_bsdextended_ops =
==== //depot/projects/trustedbsd/audit3/usr.bin/finger/sprint.c#2 (text+ko) ====
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list