PERFORCE change 106100 for review

Christian S.J. Peron csjp at FreeBSD.org
Thu Sep 14 08:20:00 PDT 2006 

http://perforce.freebsd.org/chv.cgi?CH=106100

Change 106100 by csjp at csjp_xor on 2006/09/14 15:19:12

	Fix processing of userspace records, Right now, if the kernel record is not
	selected, then the userspace record is thrown away along with it, even if
	the userspace record itself was selected.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#36 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#32 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#22 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_worker.c#15 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#36 (text+ko) ====

@@ -399,8 +399,8 @@
 	if (audit_pipe_preselect(auid, event, class, sorf,
 	    ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0)
 		ar->k_ar_commit |= AR_PRESELECT_PIPE;
-	if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE)) ==
-	    0) {
+	if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE |
+	    AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE)) == 0) {
 		mtx_lock(&audit_mtx);
 		audit_pre_q_len--;
 		mtx_unlock(&audit_mtx);

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#32 (text+ko) ====

@@ -96,6 +96,8 @@
 #define	AR_PRESELECT_TRAIL	0x00001000U
 #define	AR_PRESELECT_PIPE	0x00002000U
 
+#define	AR_PRESELECT_USER_TRAIL	0x00004000U
+#define	AR_PRESELECT_USER_PIPE	0x00008000U
 /*
  * Audit data is generated as a stream of struct audit_record structures,
  * linked by struct kaudit_record, and contain storage for possible audit so

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#22 (text+ko) ====

@@ -139,6 +139,13 @@
 	ar->k_udata = rec;
 	ar->k_ulen  = uap->length;
 	ar->k_ar_commit |= AR_COMMIT_USER;
+	/*
+	 * Currently we assume that all preselection has been performed in
+	 * userspace. We unconditionally set these masks so that the records
+	 * get committed both to the trail and pipe. In the future we will
+	 * want to setup kernel based preselection.
+	 */
+	ar->k_ar_commit |= (AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE);
 	return (0);
 
 free_out:

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_worker.c#15 (text+ko) ====

@@ -322,8 +322,8 @@
 	au_id_t auid;
 	int sorf;
 
-	if ((ar->k_ar_commit & AR_COMMIT_USER) &&
-	    (ar->k_ar_commit & AR_PRESELECT_TRAIL)) {
+	if ((ar->k_ar_commit & AR_COMMIT_USER) != 0 &&
+	    (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) {
 		error = audit_record_write(audit_vp, audit_cred, audit_td,
 		    ar->k_udata, ar->k_ulen);
 		if (error && audit_panic_on_write_fail)
@@ -331,11 +331,14 @@
 		else if (error)
 			printf("audit_worker: write error %d\n", error);
 	}
-	if ((ar->k_ar_commit & AR_COMMIT_USER) &&
-	    (ar->k_ar_commit & AR_PRESELECT_PIPE))
+	if ((ar->k_ar_commit & AR_COMMIT_USER) != 0 &&
+	    (ar->k_ar_commit & AR_PRESELECT_USER_PIPE)) {
 		audit_pipe_submit_user(ar->k_udata, ar->k_ulen);
+	}
 
-	if (!(ar->k_ar_commit & AR_COMMIT_KERNEL))
+	if (!(ar->k_ar_commit & AR_COMMIT_KERNEL) ||
+	    ((ar->k_ar_commit & AR_PRESELECT_PIPE) == 0 &&
+	    (ar->k_ar_commit & AR_PRESELECT_TRAIL) == 0))
 		return;
 
 	auid = ar->k_ar.ar_subj_auid;

More information about the trustedbsd-cvs mailing list