PERFORCE change 110391 for review

Christian S.J. Peron csjp at FreeBSD.org
Wed Nov 22 15:14:50 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=110391

Change 110391 by csjp at csjp_xor on 2006/11/22 15:06:52

	
	Take first crack at implementing extended subject tokens in the kernel.
	This allows us to use IPv6 addresses in our subject tokens essentially.
	We accomplish this mainly by replacing the auditinfo portion of the
	process with an auditinfo_addr, a slighy larger, but more flexible type.
	
	When setaudit(2) is called, we parse out the relevant information of the
	supplied auditinfo structure and store it inside the auditinfo_addr
	structure. For getaudit(2), we convert the auditinfo_addr data into an
	auditinfo structure (assuming that it's an IPv4 address).
	
	If getaudit(2) is called and the process has an IPv6 address, an error
	of E2BIG is returned. This is consistent with what Solaris is doing.
	This can be an indicator to the caller that they should be using
	getaudit_addr(2) instead.
	
	Implement set{get}audit_addr(2) system calls effectively the same way
	that setaudit(2)/getaudit(2) were implemented. Only main difference is
	in getaudit_addr(2), if the size of the supplied buffer is not large
	enough to store the IPv6 data, we return EOVERFLOW.
	
	Since set{get}audit_addr(2) have been implemented, add support for
	auditon(A_GETPINFO_ADDR), which will return audit settings for the
	process.
	
	NOTES:
	
	- Before we commit kernel generated records, we convert them to BSM
	  format. When building the subject token, we inspect the type of
	  address: For AU_IPv4, we still use a regular subject token. For
	  AU_IPv6, we use the extended token. In the future, we might just
	  want to do away witH the use of the regular subject token in the
	  kernel all together.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#38 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#21 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#23 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#24 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#27 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#36 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#26 edit
.. //depot/projects/trustedbsd/audit3/sys/sys/proc.h#17 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#38 (text+ko) ====

@@ -182,7 +182,7 @@
 	ar->k_ar.ar_subj_asid = td->td_proc->p_au->ai_asid;
 	ar->k_ar.ar_subj_pid = td->td_proc->p_pid;
 	ar->k_ar.ar_subj_amask = td->td_proc->p_au->ai_mask;
-	ar->k_ar.ar_subj_term = td->td_proc->p_au->ai_termid;
+	ar->k_ar.ar_subj_term_addr = td->td_proc->p_au->ai_termid;
 	bcopy(td->td_proc->p_comm, ar->k_ar.ar_subj_comm, MAXCOMLEN);
 	PROC_UNLOCK(td->td_proc);
 

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#21 (text+ko) ====

@@ -88,7 +88,7 @@
 #define	ARG_SADDRINET		0x0000000000100000ULL
 #define	ARG_SADDRINET6		0x0000000000200000ULL
 #define	ARG_SADDRUNIX		0x0000000000400000ULL
-#define	ARG_UNUSED1		0x0000000000800000ULL
+#define	ARG_TERMID_ADDR		0x0000000000400000ULL
 #define	ARG_UNUSED2		0x0000000001000000ULL
 #define	ARG_UPATH1		0x0000000002000000ULL
 #define	ARG_UPATH2		0x0000000004000000ULL

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#23 (text+ko) ====

@@ -371,10 +371,10 @@
 	ar->k_ar.ar_arg_ruid = p->p_ucred->cr_ruid;
 	ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid;
 	ar->k_ar.ar_arg_asid = p->p_au->ai_asid;
-	ar->k_ar.ar_arg_termid = p->p_au->ai_termid;
+	ar->k_ar.ar_arg_termid_addr = p->p_au->ai_termid;
 	ar->k_ar.ar_arg_pid = p->p_pid;
 	ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID |
-	    ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PID | ARG_PROCESS);
+	    ARG_RGID | ARG_ASID | ARG_TERMID_ADDR | ARG_PID | ARG_PROCESS);
 }
 
 void

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#24 (text+ko) ====

@@ -392,16 +392,40 @@
 	rec = kau_open();
 
 	/* Create the subject token */
-	tid.port = ar->ar_subj_term.port;
-	tid.machine = ar->ar_subj_term.machine;
-	subj_tok = au_to_subject32(ar->ar_subj_auid,  /* audit ID */
-		ar->ar_subj_cred.cr_uid, /* eff uid */
-		ar->ar_subj_egid,	/* eff group id */
-		ar->ar_subj_ruid, 	/* real uid */
-		ar->ar_subj_rgid, 	/* real group id */
-		ar->ar_subj_pid,	/* process id */
-		ar->ar_subj_asid,	/* session ID */
-		&tid);
+	switch (ar->ar_subj_term_addr.at_type) {
+	case AU_IPv4:
+		tid.port = ar->ar_subj_term_addr.at_port;
+		tid.machine = ar->ar_subj_term_addr.at_addr[0];
+		subj_tok = au_to_subject32(ar->ar_subj_auid,  /* audit ID */
+		    ar->ar_subj_cred.cr_uid, /* eff uid */
+		    ar->ar_subj_egid,	/* eff group id */
+		    ar->ar_subj_ruid, 	/* real uid */
+		    ar->ar_subj_rgid, 	/* real group id */
+		    ar->ar_subj_pid,	/* process id */
+		    ar->ar_subj_asid,	/* session ID */
+		    &tid);
+		break;
+	case AU_IPv6:
+		subj_tok = au_to_subject32_ex(ar->ar_subj_auid,
+		    ar->ar_subj_cred.cr_uid,
+		    ar->ar_subj_egid,
+		    ar->ar_subj_ruid,
+		    ar->ar_subj_rgid,
+		    ar->ar_subj_pid,
+		    ar->ar_subj_asid,
+		    &ar->ar_subj_term_addr);
+		break;
+	default:
+		bzero(&tid, sizeof(tid));
+		subj_tok = au_to_subject32(ar->ar_subj_auid,
+		    ar->ar_subj_cred.cr_uid,
+		    ar->ar_subj_egid,
+		    ar->ar_subj_ruid,
+		    ar->ar_subj_rgid,
+		    ar->ar_subj_pid,
+		    ar->ar_subj_asid,
+		    &tid);
+	}
 
 	/*
 	 * The logic inside each case fills in the tokens required for the

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#27 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#26 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#27 $
  * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.7 2006/09/01 11:45:40 wsalamon Exp $
  */
 
@@ -973,12 +973,10 @@
 	ADD_U_INT32(dptr, sid);
 	ADD_U_INT32(dptr, tid->at_port);
 	ADD_U_INT32(dptr, tid->at_type);
-	ADD_U_INT32(dptr, tid->at_addr[0]);
-	if (tid->at_type == AU_IPv6) {
-		ADD_U_INT32(dptr, tid->at_addr[1]);
-		ADD_U_INT32(dptr, tid->at_addr[2]);
-		ADD_U_INT32(dptr, tid->at_addr[3]);
-	}
+	if (tid->at_type == AU_IPv6)  
+		ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t));
+	else    
+		ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t));
 	return (t);
 }
 

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#36 (text+ko) ====

@@ -180,6 +180,7 @@
 	pid_t			ar_subj_asid; /* Audit session ID */
 	pid_t			ar_subj_pid;
 	struct au_tid		ar_subj_term;
+	struct au_tid_addr	ar_subj_term_addr;
 	char			ar_subj_comm[MAXCOMLEN + 1];
 	struct au_mask		ar_subj_amask;
 
@@ -193,6 +194,7 @@
 	pid_t			ar_arg_pid;
 	pid_t			ar_arg_asid;
 	struct au_tid		ar_arg_termid;
+	struct au_tid_addr	ar_arg_termid_addr;
 	uid_t			ar_arg_uid;
 	uid_t			ar_arg_auid;
 	gid_t			ar_arg_gid;

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#26 (text+ko) ====


==== //depot/projects/trustedbsd/audit3/sys/sys/proc.h#17 (text+ko) ====

@@ -621,7 +621,7 @@
 	struct p_sched	*p_sched;	/* (*) Scheduler-specific data. */
 	STAILQ_HEAD(, ktr_request)	p_ktr;	/* (o) KTR event queue. */
 	LIST_HEAD(, mqueue_notifier)	p_mqnotifier; /* (c) mqueue notifiers.*/
-	struct auditinfo	*p_au;	/* (c) Process audit properties. */
+	struct auditinfo_addr	*p_au;	/* (c) Process audit properties. */
 };
 
 #define	p_session	p_pgrp->pg_session

More information about the trustedbsd-cvs mailing list