PERFORCE change 96700 for review
Robert Watson
rwatson at FreeBSD.org
Fri May 5 13:36:40 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=96700
Change 96700 by rwatson at rwatson_zoo on 2006/05/05 13:34:03
Add three new ioctls to audit pipes: AUDITPIPE_DELETE_AUID, which
will delete the preselection state for a particular auid on the
pipe, and AUDITPIPE_{GET/SET}_PRESELECT_TRAIL, which set the
AUDIT_PIPE_TRAIL flag on the pipe, which indicates that the pipe
will follow the trail preselection model, rather than using its
own preselection settings. This is now the default, restoring the
behavior of praudit(1) on /dev/auditpipe to its default prior to
adding preselection magic.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#28 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_ioctl.h#8 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#19 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#27 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_worker.c#11 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#28 (text+ko) ====
@@ -389,7 +389,8 @@
ar->k_ar_commit |= AR_COMMIT_KERNEL;
if (au_preselect(event, class, aumask, sorf) != 0)
ar->k_ar_commit |= AR_PRESELECT_TRAIL;
- if (audit_pipe_preselect(auid, event, class, sorf) != 0)
+ if (audit_pipe_preselect(auid, event, class, sorf,
+ ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0)
ar->k_ar_commit |= AR_PRESELECT_PIPE;
if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE)) ==
0) {
@@ -511,7 +512,7 @@
panic("audit_failing_stop: thread continued");
}
td->td_ar = audit_new(event, td);
- } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH))
+ } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0))
td->td_ar = audit_new(event, td);
else
td->td_ar = NULL;
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_ioctl.h#8 (text+ko) ====
@@ -59,8 +59,11 @@
struct auditpipe_preselect)
#define AUDITPIPE_SET_PRESELECT_AUID _IOW(AUDITPIPE_IOBASE, 11, \
struct auditpipe_preselect)
-#define AUDITPIPE_FLUSH_PRESELECT_AUID _IO(AUDITPIPE_IOBASE, 12)
-#define AUDITPIPE_FLUSH _IO(AUDITPIPE_IOBASE, 13)
+#define AUDITPIPE_DELETE_PRESELECT_AUID _IOW(AUDITPIPE_IOBASE, 12, au_id_t)
+#define AUDITPIPE_FLUSH_PRESELECT_AUID _IO(AUDITPIPE_IOBASE, 13)
+#define AUDITPIPE_GET_PRESELECT_TRAIL _IOR(AUDITPIPE_IOBASE, 14, int)
+#define AUDITPIPE_SET_PRESELECT_TRAIL _IOW(AUDITPIPE_IOBASE, 14, int)
+#define AUDITPIPE_FLUSH _IO(AUDITPIPE_IOBASE, 15)
/*
* Ioctls to retrieve audit pipe statistics.
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#19 (text+ko) ====
@@ -103,6 +103,7 @@
*/
#define AUDIT_PIPE_ASYNC 0x00000001
#define AUDIT_PIPE_NBIO 0x00000002
+#define AUDIT_PIPE_TRAIL 0x00000004 /* Use trail preselection. */
struct audit_pipe {
int ap_open; /* Device open? */
u_int ap_flags;
@@ -200,16 +201,25 @@
/*
* Determine whether a specific audit pipe matches a record with these
- * properties.
+ * properties. Algorithm is as follows:
+ *
+ * - If the pipe is configured to track the default trail configuration, then
+ * use that.
+ * - If not, search for a specifically configured auid entry matching the
+ * event. If it is found, use that.
+ * - Otherwise, use the default flags or naflags configured for the pipe.
*/
static int
audit_pipe_preselect_check(struct audit_pipe *ap, au_id_t auid,
- au_event_t event, au_class_t class, int sorf)
+ au_event_t event, au_class_t class, int sorf, int trail_preselect)
{
struct audit_pipe_preselect *app;
mtx_assert(&audit_pipe_mtx, MA_OWNED);
+ if ((ap->ap_flags & AUDIT_PIPE_TRAIL) && trail_preselect)
+ return (1);
+
TAILQ_FOREACH(app, &ap->ap_preselect_list, app_list) {
if (app->app_auid == auid)
break;
@@ -232,13 +242,14 @@
*/
int
audit_pipe_preselect(au_id_t auid, au_event_t event, au_class_t class,
- int sorf)
+ int sorf, int trail_preselect)
{
struct audit_pipe *ap;
mtx_lock(&audit_pipe_mtx);
TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) {
- if (audit_pipe_preselect_check(ap, auid, event, class, sorf)) {
+ if (audit_pipe_preselect_check(ap, auid, event, class, sorf,
+ trail_preselect)) {
mtx_unlock(&audit_pipe_mtx);
return (1);
}
@@ -301,7 +312,7 @@
*/
void
audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, int sorf,
- void *record, u_int record_len)
+ int trail_select, void *record, u_int record_len)
{
struct audit_pipe *ap;
@@ -313,7 +324,8 @@
mtx_lock(&audit_pipe_mtx);
TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) {
- if (audit_pipe_preselect_check(ap, auid, event, class, sorf))
+ if (audit_pipe_preselect_check(ap, auid, event, class, sorf,
+ trail_select))
audit_pipe_append(ap, record, record_len);
}
audit_pipe_records++;
@@ -387,20 +399,15 @@
TAILQ_INIT(&ap->ap_queue);
/*
- * Initialize pre-selection state to match all events by default, and
- * have no particular auid-specific entries. This allows praudit(1)
- * to be run directly on an audit pipe without any configuration or
- * special handling. However, it also requires that applications
- * flush the pipe after specifying preselection prequirements so that
- * they don't see events captured before they completed
- * configuration.
+ * Default flags, naflags, and auid-specific preselection settings to
+ * 0. Initialize the AUDIT_PIPE_TRAIL flag so that if praudit(1) is
+ * run on /dev/auditpipe, it sees events associated with the default
+ * trail. Pipe-aware application can clear the flag, set custom
+ * masks, and flush the pipe as needed.
*/
bzero(&ap->ap_preselect_flags, sizeof(ap->ap_preselect_flags));
- ap->ap_preselect_flags.am_success = 0xffffffff;
- ap->ap_preselect_flags.am_failure = 0xffffffff;
bzero(&ap->ap_preselect_naflags, sizeof(ap->ap_preselect_naflags));
- ap->ap_preselect_naflags.am_success = 0xffffffff;
- ap->ap_preselect_naflags.am_failure = 0xffffffff;
+ ap->ap_flags |= AUDIT_PIPE_TRAIL;
TAILQ_INIT(&ap->ap_preselect_list);
TAILQ_INSERT_HEAD(&audit_pipe_list, ap, ap_list);
@@ -535,6 +542,7 @@
struct auditpipe_preselect *aps;
struct audit_pipe *ap;
au_mask_t *maskp;
+ au_id_t auid;
int error;
ap = dev->si_drv1;
@@ -650,10 +658,28 @@
error = EOPNOTSUPP;
break;
+ case AUDITPIPE_DELETE_PRESELECT_AUID:
+ auid = *(au_id_t *)data;
+ error = EOPNOTSUPP;
+ break;
+
case AUDITPIPE_FLUSH_PRESELECT_AUID:
error = EOPNOTSUPP;
break;
+ case AUDITPIPE_GET_PRESELECT_TRAIL:
+ *(int *)data = (ap->ap_flags & AUDIT_PIPE_TRAIL) ? 1 : 0;
+ error = 0;
+ break;
+
+ case AUDITPIPE_SET_PRESELECT_TRAIL:
+ if (*(int *)data)
+ ap->ap_flags |= AUDIT_PIPE_TRAIL;
+ else
+ ap->ap_flags &= ~AUDIT_PIPE_TRAIL;
+ error = 0;
+ break;
+
case AUDITPIPE_FLUSH:
audit_pipe_flush(ap);
error = 0;
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#27 (text+ko) ====
@@ -344,9 +344,9 @@
* Audit pipe functions.
*/
int audit_pipe_preselect(au_id_t auid, au_event_t event,
- au_class_t class, int sorf);
+ au_class_t class, int sorf, int trail_select);
void audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class,
- int sorf, void *record, u_int record_len);
+ int sorf, int trail_select, void *record, u_int record_len);
void audit_pipe_submit_user(void *record, u_int record_len);
#endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_worker.c#11 (text+ko) ====
@@ -373,7 +373,8 @@
}
if (ar->k_ar_commit & AR_PRESELECT_PIPE)
audit_pipe_submit(auid, event, class, sorf,
- bsm->data, bsm->len);
+ ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data,
+ bsm->len);
kau_free(bsm);
}
More information about the trustedbsd-cvs
mailing list