diff options
| author | rwatson <rwatson@FreeBSD.org> | 2009-04-19 14:53:17 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2009-04-19 14:53:17 +0000 |
| commit | 7e3aff1dc199846d15b3c479bff793353b8cfe8f (patch) | |
| tree | 34d6b55d9d4235f31e08a9864553465396f0a407 | |
| parent | ada9604fd24dc29bff6c92bc0943439bc14011f2 (diff) | |
| download | FreeBSD-src-7e3aff1dc199846d15b3c479bff793353b8cfe8f.zip FreeBSD-src-7e3aff1dc199846d15b3c479bff793353b8cfe8f.tar.gz | |
Merge OpenBSM 1.1 changes to the FreeBSD 8.x kernel:
- Add and use mapping of fcntl(2) commands to new BSM constant space.
- Adopt (int) rather than (long) arguments to a number of auditon(2)
commands, as has happened in Solaris, and add compatibility code to
handle the old comments.
Note that BSM_PF_IEEE80211 is partially but not fully removed, as the
userspace OpenBSM 1.1alpha5 code still depends on it. Once userspace
is updated, I'll GCC the kernel constant.
MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project
Portions submitted by: sson
| -rw-r--r-- | sys/bsm/audit.h | 64 | ||||
| -rw-r--r-- | sys/bsm/audit_kevents.h | 14 | ||||
| -rw-r--r-- | sys/bsm/audit_record.h | 6 | ||||
| -rw-r--r-- | sys/conf/files | 1 | ||||
| -rw-r--r-- | sys/security/audit/audit.c | 4 | ||||
| -rw-r--r-- | sys/security/audit/audit_bsm.c | 91 | ||||
| -rw-r--r-- | sys/security/audit/audit_bsm_domain.c | 9 | ||||
| -rw-r--r-- | sys/security/audit/audit_bsm_fcntl.c | 8 | ||||
| -rw-r--r-- | sys/security/audit/audit_bsm_token.c | 4 | ||||
| -rw-r--r-- | sys/security/audit/audit_private.h | 26 | ||||
| -rw-r--r-- | sys/security/audit/audit_syscalls.c | 127 |
11 files changed, 278 insertions, 76 deletions
diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h index 24cc583..dd7dffc 100644 --- a/sys/bsm/audit.h +++ b/sys/bsm/audit.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Apple Inc. + * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,21 +26,15 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#5 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 * $FreeBSD$ */ -#ifndef _BSM_AUDIT_H +#ifndef _BSM_AUDIT_H #define _BSM_AUDIT_H -#ifdef __APPLE__ -/* Temporary until rdar://problem/6133383 is resolved. */ -#include <sys/types.h> #include <sys/param.h> -#include <sys/socket.h> -#include <sys/cdefs.h> -#include <sys/queue.h> -#endif /* __APPLE__ */ +#include <sys/types.h> #define AUDIT_RECORD_MAGIC 0x828a0f1b #define MAX_AUDIT_RECORDS 20 @@ -101,20 +95,20 @@ /* * auditon(2) commands. */ -#define A_GETPOLICY 2 -#define A_SETPOLICY 3 +#define A_OLDGETPOLICY 2 +#define A_OLDSETPOLICY 3 #define A_GETKMASK 4 #define A_SETKMASK 5 -#define A_GETQCTRL 6 -#define A_SETQCTRL 7 +#define A_OLDGETQCTRL 6 +#define A_OLDSETQCTRL 7 #define A_GETCWD 8 #define A_GETCAR 9 #define A_GETSTAT 12 #define A_SETSTAT 13 #define A_SETUMASK 14 #define A_SETSMASK 15 -#define A_GETCOND 20 -#define A_SETCOND 21 +#define A_OLDGETCOND 20 +#define A_OLDSETCOND 21 #define A_GETCLASS 22 #define A_SETCLASS 23 #define A_GETPINFO 24 @@ -126,6 +120,12 @@ #define A_SETKAUDIT 30 #define A_SENDTRIGGER 31 #define A_GETSINFO_ADDR 32 +#define A_GETPOLICY 33 +#define A_SETPOLICY 34 +#define A_GETQCTRL 35 +#define A_SETQCTRL 36 +#define A_GETCOND 37 +#define A_SETCOND 38 /* * Audit policy controls. @@ -216,7 +216,6 @@ struct auditpinfo { au_mask_t ap_mask; /* Audit masks. */ au_tid_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ - u_int64_t ap_flags; /* Audit session flags. */ }; typedef struct auditpinfo auditpinfo_t; @@ -226,15 +225,12 @@ struct auditpinfo_addr { au_mask_t ap_mask; /* Audit masks. */ au_tid_addr_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ + u_int64_t ap_flags; /* Audit session flags. */ }; typedef struct auditpinfo_addr auditpinfo_addr_t; struct au_session { auditinfo_addr_t *as_aia_p; /* Ptr to full audit info. */ -#define as_asid as_aia_p->ai_asid -#define as_auid as_aia_p->ai_auid -#define as_termid as_aia_p->ai_termid - au_mask_t as_mask; /* Process Audit Masks. */ }; typedef struct au_session au_session_t; @@ -245,13 +241,22 @@ typedef struct au_session au_session_t; typedef struct au_token token_t; /* - * Kernel audit queue control parameters. + * Kernel audit queue control parameters: + * Default: Maximum: + * aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000) + * aq_lowater: AQ_LOWATER (10) <aq_hiwater + * aq_bufsz: AQ_BUFSZ (32767) AQ_MAXBUFSZ (1048576) + * aq_delay: 20 20000 (not used) */ struct au_qctrl { - size_t aq_hiwater; - size_t aq_lowater; - size_t aq_bufsz; - clock_t aq_delay; + int aq_hiwater; /* Max # of audit recs in queue when */ + /* threads with new ARs get blocked. */ + + int aq_lowater; /* # of audit recs in queue when */ + /* blocked threads get unblocked. */ + + int aq_bufsz; /* Max size of audit record for audit(2). */ + int aq_delay; /* Queue delay (not used). */ int aq_minfree; /* Minimum filesystem percent free space. */ }; typedef struct au_qctrl au_qctrl_t; @@ -308,6 +313,13 @@ int getaudit(struct auditinfo *); int setaudit(const struct auditinfo *); int getaudit_addr(struct auditinfo_addr *, int); int setaudit_addr(const struct auditinfo_addr *, int); + +#ifdef __APPLE_API_PRIVATE +#include <mach/port.h> +mach_port_name_t audit_session_self(void); +au_asid_t audit_session_join(mach_port_name_t port); +#endif /* __APPLE_API_PRIVATE */ + #endif /* defined(_KERNEL) || defined(KERNEL) */ __END_DECLS diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h index 40aec77..c583718 100644 --- a/sys/bsm/audit_kevents.h +++ b/sys/bsm/audit_kevents.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Apple Inc. + * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#5 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#6 * $FreeBSD$ */ @@ -34,6 +34,12 @@ #define _BSM_AUDIT_KEVENTS_H_ /* + * The reserved event numbers for kernel events are 1...2047 and 43001..44900. + */ +#define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \ + ((e) > 43000 && (e) < 45000)) + +/* * Values marked as AUE_NULL are not required to be audited as per CAPP. * * Some conflicts exist in the assignment of name to event number mappings @@ -589,6 +595,8 @@ #define AUE_FSGETPATH 43191 /* Darwin. */ #define AUE_PREAD 43192 /* Darwin/FreeBSD. */ #define AUE_PWRITE 43193 /* Darwin/FreeBSD. */ +#define AUE_FSCTL 43194 /* Darwin. */ +#define AUE_FFSCTL 43195 /* Darwin. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the @@ -674,12 +682,10 @@ #define AUE_CSOPS AUE_NULL #define AUE_DUP AUE_NULL #define AUE_FDATASYNC AUE_NULL -#define AUE_FFSCTL AUE_NULL #define AUE_FGETATTRLIST AUE_NULL #define AUE_FGETXATTR AUE_NULL #define AUE_FLISTXATTR AUE_NULL #define AUE_FREMOVEXATTR AUE_NULL -#define AUE_FSCTL AUE_NULL #define AUE_FSETATTRLIST AUE_NULL #define AUE_FSETXATTR AUE_NULL #define AUE_FSTATFS64 AUE_NULL diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h index 5d9306a..9d6be04 100644 --- a/sys/bsm/audit_record.h +++ b/sys/bsm/audit_record.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005-2008 Apple Inc. + * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#9 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#10 * $FreeBSD$ */ @@ -286,10 +286,12 @@ token_t *au_to_zonename(const char *zonename); */ int au_bsm_to_domain(u_short bsm_domain, int *local_domainp); int au_bsm_to_errno(u_char bsm_error, int *errorp); +int au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp); int au_bsm_to_socket_type(u_short bsm_socket_type, int *local_socket_typep); u_short au_domain_to_bsm(int local_domain); u_char au_errno_to_bsm(int local_errno); +u_short au_fcntl_cmd_to_bsm(int local_fcntl_command); u_short au_socket_type_to_bsm(int local_socket_type); __END_DECLS diff --git a/sys/conf/files b/sys/conf/files index 17847b4..0a997b3 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -2528,6 +2528,7 @@ security/audit/audit_arg.c optional audit security/audit/audit_bsm.c optional audit security/audit/audit_bsm_domain.c optional audit security/audit/audit_bsm_errno.c optional audit +security/audit/audit_bsm_fcntl.c optional audit security/audit/audit_bsm_klib.c optional audit security/audit/audit_bsm_socket_type.c optional audit security/audit/audit_bsm_token.c optional audit diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c index b46c02c..da47d25 100644 --- a/sys/security/audit/audit.c +++ b/sys/security/audit/audit.c @@ -129,8 +129,8 @@ struct mtx audit_mtx; * outstanding in the system. */ struct kaudit_queue audit_q; -size_t audit_q_len; -size_t audit_pre_q_len; +int audit_q_len; +int audit_pre_q_len; /* * Audit queue control settings (minimum free, low/high water marks, etc.) diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index 3326961..80fbd74 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -287,13 +287,20 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec) struct au_token *tok; switch (ar->ar_arg_cmd) { + case A_OLDSETPOLICY: + if ((size_t)ar->ar_arg_len == sizeof(int64_t)) { + tok = au_to_arg32(3, "length", ar->ar_arg_len); + kau_write(rec, tok); + tok = au_to_arg64(2, "policy", + ar->ar_arg_auditon.au_policy64); + kau_write(rec, tok); + break; + } + /* FALLTHROUGH */ case A_SETPOLICY: - if (sizeof(ar->ar_arg_auditon.au_flags) > 4) - tok = au_to_arg64(1, "policy", - ar->ar_arg_auditon.au_flags); - else - tok = au_to_arg32(1, "policy", - ar->ar_arg_auditon.au_flags); + tok = au_to_arg32(3, "length", ar->ar_arg_len); + kau_write(rec, tok); + tok = au_to_arg32(1, "policy", ar->ar_arg_auditon.au_policy); kau_write(rec, tok); break; @@ -306,20 +313,42 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec) kau_write(rec, tok); break; + case A_OLDSETQCTRL: + if ((size_t)ar->ar_arg_len == sizeof(au_qctrl64_t)) { + tok = au_to_arg32(3, "length", ar->ar_arg_len); + kau_write(rec, tok); + tok = au_to_arg64(2, "setqctrl:aq_hiwater", + ar->ar_arg_auditon.au_qctrl64.aq64_hiwater); + kau_write(rec, tok); + tok = au_to_arg64(2, "setqctrl:aq_lowater", + ar->ar_arg_auditon.au_qctrl64.aq64_lowater); + kau_write(rec, tok); + tok = au_to_arg64(2, "setqctrl:aq_bufsz", + ar->ar_arg_auditon.au_qctrl64.aq64_bufsz); + kau_write(rec, tok); + tok = au_to_arg64(2, "setqctrl:aq_delay", + ar->ar_arg_auditon.au_qctrl64.aq64_delay); + kau_write(rec, tok); + tok = au_to_arg64(2, "setqctrl:aq_minfree", + ar->ar_arg_auditon.au_qctrl64.aq64_minfree); + kau_write(rec, tok); + break; + } + /* FALLTHROUGH */ case A_SETQCTRL: tok = au_to_arg32(3, "setqctrl:aq_hiwater", ar->ar_arg_auditon.au_qctrl.aq_hiwater); kau_write(rec, tok); - tok = au_to_arg32(3, "setqctrl:aq_lowater", + tok = au_to_arg32(2, "setqctrl:aq_lowater", ar->ar_arg_auditon.au_qctrl.aq_lowater); kau_write(rec, tok); - tok = au_to_arg32(3, "setqctrl:aq_bufsz", + tok = au_to_arg32(2, "setqctrl:aq_bufsz", ar->ar_arg_auditon.au_qctrl.aq_bufsz); kau_write(rec, tok); - tok = au_to_arg32(3, "setqctrl:aq_delay", + tok = au_to_arg32(2, "setqctrl:aq_delay", ar->ar_arg_auditon.au_qctrl.aq_delay); kau_write(rec, tok); - tok = au_to_arg32(3, "setqctrl:aq_minfree", + tok = au_to_arg32(2, "setqctrl:aq_minfree", ar->ar_arg_auditon.au_qctrl.aq_minfree); kau_write(rec, tok); break; @@ -334,34 +363,47 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec) break; case A_SETSMASK: - tok = au_to_arg32(3, "setsmask:as_success", + tok = au_to_arg32(3, "length", ar->ar_arg_len); + kau_write(rec, tok); + tok = au_to_arg32(2, "setsmask:as_success", ar->ar_arg_auditon.au_auinfo.ai_mask.am_success); kau_write(rec, tok); - tok = au_to_arg32(3, "setsmask:as_failure", + tok = au_to_arg32(2, "setsmask:as_failure", ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure); kau_write(rec, tok); break; + case A_OLDSETCOND: + if ((size_t)ar->ar_arg_len == sizeof(int64_t)) { + tok = au_to_arg32(3, "length", ar->ar_arg_len); + kau_write(rec, tok); + tok = au_to_arg64(2, "setcond", + ar->ar_arg_auditon.au_cond64); + kau_write(rec, tok); + break; + } + /* FALLTHROUGH */ case A_SETCOND: - if (sizeof(ar->ar_arg_auditon.au_cond) > 4) - tok = au_to_arg64(3, "setcond", - ar->ar_arg_auditon.au_cond); - else - tok = au_to_arg32(3, "setcond", - ar->ar_arg_auditon.au_cond); + tok = au_to_arg32(3, "length", ar->ar_arg_len); + kau_write(rec, tok); + tok = au_to_arg32(3, "setcond", ar->ar_arg_auditon.au_cond); kau_write(rec, tok); break; case A_SETCLASS: + tok = au_to_arg32(3, "length", ar->ar_arg_len); + kau_write(rec, tok); tok = au_to_arg32(2, "setclass:ec_event", ar->ar_arg_auditon.au_evclass.ec_number); kau_write(rec, tok); - tok = au_to_arg32(3, "setclass:ec_class", + tok = au_to_arg32(2, "setclass:ec_class", ar->ar_arg_auditon.au_evclass.ec_class); kau_write(rec, tok); break; case A_SETPMASK: + tok = au_to_arg32(3, "length", ar->ar_arg_len); + kau_write(rec, tok); tok = au_to_arg32(2, "setpmask:as_success", ar->ar_arg_auditon.au_aupinfo.ap_mask.am_success); kau_write(rec, tok); @@ -371,6 +413,8 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec) break; case A_SETFSIZE: + tok = au_to_arg32(3, "length", ar->ar_arg_len); + kau_write(rec, tok); tok = au_to_arg32(2, "setfsize:filesize", ar->ar_arg_auditon.au_fstat.af_filesz); kau_write(rec, tok); @@ -847,12 +891,13 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) break; case AUE_FCNTL: + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(2, "cmd", + au_fcntl_cmd_to_bsm(ar->ar_arg_cmd)); + kau_write(rec, tok); + } if (ar->ar_arg_cmd == F_GETLK || ar->ar_arg_cmd == F_SETLK || ar->ar_arg_cmd == F_SETLKW) { - if (ARG_IS_VALID(kar, ARG_CMD)) { - tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd); - kau_write(rec, tok); - } FD_VNODE1_TOKENS; } break; diff --git a/sys/security/audit/audit_bsm_domain.c b/sys/security/audit/audit_bsm_domain.c index 6f43a77..cb5939f 100644 --- a/sys/security/audit/audit_bsm_domain.c +++ b/sys/security/audit/audit_bsm_domain.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#2 + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#3 */ #include <sys/cdefs.h> @@ -324,13 +324,6 @@ static const struct bsm_domain bsm_domains[] = { PF_NO_LOCAL_MAPPING #endif }, - { BSM_PF_IEEE80211, -#ifdef PF_IEEE80211 - PF_IEEE80211 -#else - PF_NO_LOCAL_MAPPING -#endif - }, { BSM_PF_AX25, #ifdef PF_AX25 PF_AX25 diff --git a/sys/security/audit/audit_bsm_fcntl.c b/sys/security/audit/audit_bsm_fcntl.c index 899e631..1e7e68f 100644 --- a/sys/security/audit/audit_bsm_fcntl.c +++ b/sys/security/audit/audit_bsm_fcntl.c @@ -27,16 +27,18 @@ * POSSIBILITY OF SUCH DAMAGE. * * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_fcntl.c#2 - * $FreeBSD$ */ +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + #include <sys/param.h> #include <sys/fcntl.h> -#include <config/config.h> +#include <security/audit/audit.h> #include <bsm/audit_fcntl.h> -#include <bsm/libbsm.h> +#include <bsm/audit_record.h> struct bsm_fcntl_cmd { u_short bfc_bsm_fcntl_cmd; diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c index 56f0ceb..131abf5 100644 --- a/sys/security/audit/audit_bsm_token.c +++ b/sys/security/audit/audit_bsm_token.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#90 + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#91 */ #include <sys/cdefs.h> @@ -1460,7 +1460,7 @@ au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) if (gettimeofday(&tm, NULL) == -1) return (NULL); - if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) { + if (audit_get_kaudit(&aia, sizeof(aia)) != 0) { if (errno != ENOSYS) return (NULL); return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h index ec5beb5..0116f4d 100644 --- a/sys/security/audit/audit_private.h +++ b/sys/security/audit/audit_private.h @@ -118,18 +118,34 @@ struct socket_au_info { u_short so_lport; /* Local port. */ }; +/* + * The following is used for A_OLDSETQCTRL and AU_OLDGETQCTRL and a 64-bit + * userland. + */ +struct au_qctrl64 { + u_int64_t aq64_hiwater; + u_int64_t aq64_lowater; + u_int64_t aq64_bufsz; + u_int64_t aq64_delay; + u_int64_t aq64_minfree; +}; +typedef struct au_qctrl64 au_qctrl64_t; + union auditon_udata { char *au_path; - long au_cond; - long au_flags; - long au_policy; + int au_cond; + int au_flags; + int au_policy; int au_trigger; + int64_t au_cond64; + int64_t au_policy64; au_evclass_map_t au_evclass; au_mask_t au_mask; auditinfo_t au_auinfo; auditpinfo_t au_aupinfo; auditpinfo_addr_t au_aupinfo_addr; au_qctrl_t au_qctrl; + au_qctrl64_t au_qctrl64; au_stat_t au_stat; au_fstat_t au_fstat; auditinfo_addr_t au_kau_info; @@ -275,8 +291,8 @@ extern struct mtx audit_mtx; extern struct cv audit_watermark_cv; extern struct cv audit_worker_cv; extern struct kaudit_queue audit_q; -extern size_t audit_q_len; -extern size_t audit_pre_q_len; +extern int audit_q_len; +extern int audit_pre_q_len; extern int audit_in_failure; /* diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index 7ca797d..7465dc8 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2005 Apple Inc. + * Copyright (c) 1999-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -187,12 +187,15 @@ auditon(struct thread *td, struct auditon_args *uap) */ switch (uap->cmd) { case A_SETPOLICY: + case A_OLDSETPOLICY: case A_SETKMASK: case A_SETQCTRL: + case A_OLDSETQCTRL: case A_SETSTAT: case A_SETUMASK: case A_SETSMASK: case A_SETCOND: + case A_OLDSETCOND: case A_SETCLASS: case A_SETPMASK: case A_SETFSIZE: @@ -212,7 +215,22 @@ auditon(struct thread *td, struct auditon_args *uap) * XXXAUDIT: Locking? */ switch (uap->cmd) { + case A_OLDGETPOLICY: + if (uap->length == sizeof(udata.au_policy64)) { + if (!audit_fail_stop) + udata.au_policy64 |= AUDIT_CNT; + if (audit_panic_on_write_fail) + udata.au_policy64 |= AUDIT_AHLT; + if (audit_argv) + udata.au_policy64 |= AUDIT_ARGV; + if (audit_arge) + udata.au_policy64 |= AUDIT_ARGE; + break; + } + /* FALLTHROUGH */ case A_GETPOLICY: + if (uap->length != sizeof(udata.au_policy)) + return (EINVAL); if (!audit_fail_stop) udata.au_policy |= AUDIT_CNT; if (audit_panic_on_write_fail) @@ -223,7 +241,23 @@ auditon(struct thread *td, struct auditon_args *uap) udata.au_policy |= AUDIT_ARGE; break; + case A_OLDSETPOLICY: + if (uap->length == sizeof(udata.au_policy64)) { + if (udata.au_policy & (~AUDIT_CNT|AUDIT_AHLT| + AUDIT_ARGV|AUDIT_ARGE)) + return (EINVAL); + audit_fail_stop = ((udata.au_policy64 & AUDIT_CNT) == + 0); + audit_panic_on_write_fail = (udata.au_policy64 & + AUDIT_AHLT); + audit_argv = (udata.au_policy64 & AUDIT_ARGV); + audit_arge = (udata.au_policy64 & AUDIT_ARGE); + break; + } + /* FALLTHROUGH */ case A_SETPOLICY: + if (uap->length != sizeof(udata.au_policy)) + return (EINVAL); if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV| AUDIT_ARGE)) return (EINVAL); @@ -237,18 +271,60 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_GETKMASK: + if (uap->length != sizeof(udata.au_mask)) + return (EINVAL); udata.au_mask = audit_nae_mask; break; case A_SETKMASK: + if (uap->length != sizeof(udata.au_mask)) + return (EINVAL); audit_nae_mask = udata.au_mask; break; + case A_OLDGETQCTRL: + if (uap->length == sizeof(udata.au_qctrl64)) { + udata.au_qctrl64.aq64_hiwater = + (u_int64_t)audit_qctrl.aq_hiwater; + udata.au_qctrl64.aq64_lowater = + (u_int64_t)audit_qctrl.aq_lowater; + udata.au_qctrl64.aq64_bufsz = + (u_int64_t)audit_qctrl.aq_bufsz; + udata.au_qctrl64.aq64_minfree = + (u_int64_t)audit_qctrl.aq_minfree; + break; + } + /* FALLTHROUGH */ case A_GETQCTRL: + if (uap->length != sizeof(udata.au_qctrl)) + return (EINVAL); udata.au_qctrl = audit_qctrl; break; + case A_OLDSETQCTRL: + if (uap->length == sizeof(udata.au_qctrl64)) { + if ((udata.au_qctrl64.aq64_hiwater > AQ_MAXHIGH) || + (udata.au_qctrl64.aq64_lowater >= + udata.au_qctrl.aq_hiwater) || + (udata.au_qctrl64.aq64_bufsz > AQ_MAXBUFSZ) || + (udata.au_qctrl64.aq64_minfree < 0) || + (udata.au_qctrl64.aq64_minfree > 100)) + return (EINVAL); + audit_qctrl.aq_hiwater = + (int)udata.au_qctrl64.aq64_hiwater; + audit_qctrl.aq_lowater = + (int)udata.au_qctrl64.aq64_lowater; + audit_qctrl.aq_bufsz = + (int)udata.au_qctrl64.aq64_bufsz; + audit_qctrl.aq_minfree = + (int)udata.au_qctrl64.aq64_minfree; + audit_qctrl.aq_delay = -1; /* Not used. */ + break; + } + /* FALLTHROUGH */ case A_SETQCTRL: + if (uap->length != sizeof(udata.au_qctrl)) + return (EINVAL); if ((udata.au_qctrl.aq_hiwater > AQ_MAXHIGH) || (udata.au_qctrl.aq_lowater >= udata.au_qctrl.aq_hiwater) || (udata.au_qctrl.aq_bufsz > AQ_MAXBUFSZ) || @@ -285,14 +361,40 @@ auditon(struct thread *td, struct auditon_args *uap) return (ENOSYS); break; + case A_OLDGETCOND: + if (uap->length == sizeof(udata.au_cond64)) { + if (audit_enabled && !audit_suspended) + udata.au_cond64 = AUC_AUDITING; + else + udata.au_cond64 = AUC_NOAUDIT; + break; + } + /* FALLTHROUGH */ case A_GETCOND: + if (uap->length != sizeof(udata.au_cond)) + return (EINVAL); if (audit_enabled && !audit_suspended) udata.au_cond = AUC_AUDITING; else udata.au_cond = AUC_NOAUDIT; break; + case A_OLDSETCOND: + if (uap->length == sizeof(udata.au_cond64)) { + if (udata.au_cond64 == AUC_NOAUDIT) + audit_suspended = 1; + if (udata.au_cond64 == AUC_AUDITING) + audit_suspended = 0; + if (udata.au_cond64 == AUC_DISABLED) { + audit_suspended = 1; + audit_shutdown(NULL, 0); + } + break; + } + /* FALLTHROUGH */ case A_SETCOND: + if (uap->length != sizeof(udata.au_cond)) + return (EINVAL); if (udata.au_cond == AUC_NOAUDIT) audit_suspended = 1; if (udata.au_cond == AUC_AUDITING) @@ -304,16 +406,22 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_GETCLASS: + if (uap->length != sizeof(udata.au_evclass)) + return (EINVAL); udata.au_evclass.ec_class = au_event_class( udata.au_evclass.ec_number); break; case A_SETCLASS: + if (uap->length != sizeof(udata.au_evclass)) + return (EINVAL); au_evclassmap_insert(udata.au_evclass.ec_number, udata.au_evclass.ec_class); break; case A_GETPINFO: + if (uap->length != sizeof(udata.au_aupinfo)) + return (EINVAL); if (udata.au_aupinfo.ap_pid < 1) return (ESRCH); if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL) @@ -341,6 +449,8 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_SETPMASK: + if (uap->length != sizeof(udata.au_aupinfo)) + return (EINVAL); if (udata.au_aupinfo.ap_pid < 1) return (ESRCH); newcred = crget(); @@ -365,6 +475,8 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_SETFSIZE: + if (uap->length != sizeof(udata.au_fstat)) + return (EINVAL); if ((udata.au_fstat.af_filesz != 0) && (udata.au_fstat.af_filesz < MIN_AUDIT_FILE_SIZE)) return (EINVAL); @@ -372,11 +484,15 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_GETFSIZE: + if (uap->length != sizeof(udata.au_fstat)) + return (EINVAL); udata.au_fstat.af_filesz = audit_fstat.af_filesz; udata.au_fstat.af_currsz = audit_fstat.af_currsz; break; case A_GETPINFO_ADDR: + if (uap->length != sizeof(udata.au_aupinfo_addr)) + return (EINVAL); if (udata.au_aupinfo_addr.ap_pid < 1) return (ESRCH); if ((tp = pfind(udata.au_aupinfo_addr.ap_pid)) == NULL) @@ -393,10 +509,14 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_GETKAUDIT: + if (uap->length != sizeof(udata.au_kau_info)) + return (EINVAL); audit_get_kinfo(&udata.au_kau_info); break; case A_SETKAUDIT: + if (uap->length != sizeof(udata.au_kau_info)) + return (EINVAL); if (udata.au_kau_info.ai_termid.at_type != AU_IPv4 && udata.au_kau_info.ai_termid.at_type != AU_IPv6) return (EINVAL); @@ -404,6 +524,8 @@ auditon(struct thread *td, struct auditon_args *uap) break; case A_SENDTRIGGER: + if (uap->length != sizeof(udata.au_trigger)) + return (EINVAL); if ((udata.au_trigger < AUDIT_TRIGGER_MIN) || (udata.au_trigger > AUDIT_TRIGGER_MAX)) return (EINVAL); @@ -418,12 +540,15 @@ auditon(struct thread *td, struct auditon_args *uap) */ switch (uap->cmd) { case A_GETPOLICY: + case A_OLDGETPOLICY: case A_GETKMASK: case A_GETQCTRL: + case A_OLDGETQCTRL: case A_GETCWD: case A_GETCAR: case A_GETSTAT: case A_GETCOND: + case A_OLDGETCOND: case A_GETCLASS: case A_GETPINFO: case A_GETFSIZE: |
