diff options
| author | csjp <csjp@FreeBSD.org> | 2008-11-11 21:57:03 +0000 |
|---|---|---|
| committer | csjp <csjp@FreeBSD.org> | 2008-11-11 21:57:03 +0000 |
| commit | 91a570b2e4cb1a2f386618178e26b64c72045054 (patch) | |
| tree | 2ceb633e1416058aa83b2e9857eeac5b851912fd /sys/security/audit/audit.c | |
| parent | 83407db259b48d45da4d45d23fe20f2565f89a8b (diff) | |
| download | FreeBSD-src-91a570b2e4cb1a2f386618178e26b64c72045054.zip FreeBSD-src-91a570b2e4cb1a2f386618178e26b64c72045054.tar.gz | |
Add support for extended header BSM tokens. Currently we use the
regular header tokens. The extended header tokens contain an IP
or IPv6 address which makes it possible to identify which host an
audit record came from when audit records are centralized.
If the host information has not been specified, the system will
default to the old style headers. Otherwise, audit records that
are created as a result of system calls will contain host information.
This implemented has been designed to be consistent with the Solaris
implementation. Host information is set/retrieved using the A_GETKAUDIT
and A_SETKAUDIT auditon(2) commands. These commands require that a
pointer to a auditinfo_addr_t object is passed. Currently only IP and
IPv6 address families are supported.
The users pace bits associated with this change will follow in an
openbsm import.
Reviewed by: rwatson, (sson, wsalamon (older version))
MFC after: 1 month
Diffstat (limited to 'sys/security/audit/audit.c')
| -rw-r--r-- | sys/security/audit/audit.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c index 737c693..8680ad3 100644 --- a/sys/security/audit/audit.c +++ b/sys/security/audit/audit.c @@ -158,6 +158,45 @@ struct cv audit_watermark_cv; static struct cv audit_fail_cv; /* + * Kernel audit information. This will store the current audit address + * or host information that the kernel will use when it's generating + * audit records. This data is modified by the A_GET{SET}KAUDIT auditon(2) + * command. + */ +static struct auditinfo_addr audit_kinfo; +static struct rwlock audit_kinfo_lock; + +#define KINFO_LOCK_INIT() rw_init(&audit_kinfo_lock, "kernel audit info lock") +#define KINFO_RLOCK() rw_rlock(&audit_kinfo_lock) +#define KINFO_WLOCK() rw_wlock(&audit_kinfo_lock) +#define KINFO_RUNLOCK() rw_runlock(&audit_kinfo_lock) +#define KINFO_WUNLOCK() rw_wunlock(&audit_kinfo_lock) + +void +audit_set_kinfo(struct auditinfo_addr *ak) +{ + + KASSERT(ak->ai_termid.at_type == AU_IPv4 || + ak->ai_termid.at_type == AU_IPv6, + ("audit_set_kinfo: invalid address type")); + KINFO_WLOCK(); + audit_kinfo = *ak; + KINFO_WUNLOCK(); +} + +void +audit_get_kinfo(struct auditinfo_addr *ak) +{ + + KASSERT(audit_kinfo.ai_termid.at_type == AU_IPv4 || + audit_kinfo.ai_termid.at_type == AU_IPv6, + ("audit_set_kinfo: invalid address type")); + KINFO_RLOCK(); + *ak = audit_kinfo; + KINFO_RUNLOCK(); +} + +/* * Construct an audit record for the passed thread. */ static int @@ -241,7 +280,11 @@ audit_init(void) audit_qctrl.aq_bufsz = AQ_BUFSZ; audit_qctrl.aq_minfree = AU_FS_MINFREE; + audit_kinfo.ai_termid.at_type = AU_IPv4; + audit_kinfo.ai_termid.at_addr[0] = INADDR_ANY; + mtx_init(&audit_mtx, "audit_mtx", NULL, MTX_DEF); + KINFO_LOCK_INIT(); cv_init(&audit_worker_cv, "audit_worker_cv"); cv_init(&audit_watermark_cv, "audit_watermark_cv"); cv_init(&audit_fail_cv, "audit_fail_cv"); |
