diff options
author | csjp <csjp@FreeBSD.org> | 2007-06-27 17:01:15 +0000 |
---|---|---|
committer | csjp <csjp@FreeBSD.org> | 2007-06-27 17:01:15 +0000 |
commit | 94aa9c0f8b63e76f554e76d5ec581082203c4478 (patch) | |
tree | ff21f1ad4087308d421c4f0f749dd35dbdc69f8f /sys/security/audit | |
parent | b6308c8f7001f33f151abce3acba2f74d9a3614f (diff) | |
download | FreeBSD-src-94aa9c0f8b63e76f554e76d5ec581082203c4478.zip FreeBSD-src-94aa9c0f8b63e76f554e76d5ec581082203c4478.tar.gz |
- Add audit_arg_audinfo_addr() for auditing the arguments for setaudit_addr(2)
- In audit_bsm.c, make sure all the arguments: ARG_AUID, ARG_ASID, ARG_AMASK,
and ARG_TERMID{_ADDR} are valid before auditing their arguments. (This is done
for both setaudit and setaudit_addr.
- Audit the arguments passed to setaudit_addr(2)
- AF_INET6 does not equate to AU_IPv6. Change this in au_to_in_addr_ex() so the
audit token is created with the correct type. This fixes the processing of the
in_addr_ex token in users pace.
- Change the size of the token (as generated by the kernel) from 5*4 bytes to
4*4 bytes (the correct size of an ip6 address)
- Correct regression from ucred work which resulted in getaudit() not returning
E2BIG if the subject had an ip6 termid
- Correct slight regression in getaudit(2) which resulted in the size of a pointer
being passed instead of the size of the structure. (This resulted in invalid
auditinfo data being returned via getaudit(2))
Reviewed by: rwatson
Approved by: re@ (kensmith)
Obtained from: TrustedBSD Project
MFC after: 1 month
Diffstat (limited to 'sys/security/audit')
-rw-r--r-- | sys/security/audit/audit.h | 1 | ||||
-rw-r--r-- | sys/security/audit/audit_arg.c | 22 | ||||
-rw-r--r-- | sys/security/audit/audit_bsm.c | 37 | ||||
-rw-r--r-- | sys/security/audit/audit_bsm_token.c | 4 | ||||
-rw-r--r-- | sys/security/audit/audit_syscalls.c | 9 |
5 files changed, 67 insertions, 6 deletions
diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h index 6550b09..9442a1d 100644 --- a/sys/security/audit/audit.h +++ b/sys/security/audit/audit.h @@ -157,6 +157,7 @@ void audit_arg_socket(int sodomain, int sotype, int soprotocol); void audit_arg_sockaddr(struct thread *td, struct sockaddr *sa); void audit_arg_auid(uid_t auid); void audit_arg_auditinfo(struct auditinfo *au_info); +void audit_arg_auditinfo_addr(struct auditinfo_addr *au_info); void audit_arg_upath(struct thread *td, char *upath, u_int64_t flags); void audit_arg_vnode(struct vnode *vp, u_int64_t flags); void audit_arg_text(char *text); diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c index 6cf0d5c..678076d 100644 --- a/sys/security/audit/audit_arg.c +++ b/sys/security/audit/audit_arg.c @@ -467,6 +467,28 @@ audit_arg_auditinfo(struct auditinfo *au_info) } void +audit_arg_auditinfo_addr(struct auditinfo_addr *au_info) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + + ar->k_ar.ar_arg_auid = au_info->ai_auid; + ar->k_ar.ar_arg_asid = au_info->ai_asid; + ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success; + ar->k_ar.ar_arg_amask.am_failure = au_info->ai_mask.am_failure; + ar->k_ar.ar_arg_termid_addr.at_type = au_info->ai_termid.at_type; + ar->k_ar.ar_arg_termid_addr.at_port = au_info->ai_termid.at_port; + ar->k_ar.ar_arg_termid_addr.at_addr[0] = au_info->ai_termid.at_addr[0]; + ar->k_ar.ar_arg_termid_addr.at_addr[1] = au_info->ai_termid.at_addr[1]; + ar->k_ar.ar_arg_termid_addr.at_addr[2] = au_info->ai_termid.at_addr[2]; + ar->k_ar.ar_arg_termid_addr.at_addr[3] = au_info->ai_termid.at_addr[3]; + ARG_SET_VALID(ar, ARG_AUID | ARG_ASID | ARG_AMASK | ARG_TERMID_ADDR); +} + +void audit_arg_text(char *text) { struct kaudit_record *ar; diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index 4de9c31..522b1b8 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -499,7 +499,10 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) break; case AUE_SETAUDIT: - if (ARG_IS_VALID(kar, ARG_AUID)) { + if (ARG_IS_VALID(kar, ARG_AUID) && + ARG_IS_VALID(kar, ARG_ASID) && + ARG_IS_VALID(kar, ARG_AMASK) && + ARG_IS_VALID(kar, ARG_TERMID)) { tok = au_to_arg32(1, "setaudit:auid", ar->ar_arg_auid); kau_write(rec, tok); @@ -522,7 +525,37 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) break; case AUE_SETAUDIT_ADDR: - break; /* XXX need to add arguments */ + if (ARG_IS_VALID(kar, ARG_AUID) && + ARG_IS_VALID(kar, ARG_ASID) && + ARG_IS_VALID(kar, ARG_AMASK) && + ARG_IS_VALID(kar, ARG_TERMID_ADDR)) { + tok = au_to_arg32(1, "setaudit_addr:auid", + ar->ar_arg_auid); + kau_write(rec, tok); + tok = au_to_arg32(1, "setaudit_addr:as_success", + ar->ar_arg_amask.am_success); + kau_write(rec, tok); + tok = au_to_arg32(1, "setaudit_addr:as_failure", + ar->ar_arg_amask.am_failure); + kau_write(rec, tok); + tok = au_to_arg32(1, "setaudit_addr:asid", + ar->ar_arg_asid); + kau_write(rec, tok); + tok = au_to_arg32(1, "setaudit_addr:type", + ar->ar_arg_termid_addr.at_type); + kau_write(rec, tok); + tok = au_to_arg32(1, "setaudit_addr:port", + ar->ar_arg_termid_addr.at_port); + kau_write(rec, tok); + if (ar->ar_arg_termid_addr.at_type == AU_IPv6) + tok = au_to_in_addr_ex((struct in6_addr *) + &ar->ar_arg_termid_addr.at_addr[0]); + if (ar->ar_arg_termid_addr.at_type == AU_IPv4) + tok = au_to_in_addr((struct in_addr *) + &ar->ar_arg_termid_addr.at_addr[0]); + kau_write(rec, tok); + } + break; case AUE_AUDITON: /* diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c index 8b2956a..b36e456 100644 --- a/sys/security/audit/audit_bsm_token.c +++ b/sys/security/audit/audit_bsm_token.c @@ -358,13 +358,13 @@ au_to_in_addr_ex(struct in6_addr *internet_addr) { token_t *t; u_char *dptr = NULL; - u_int32_t type = AF_INET6; + u_int32_t type = AU_IPv6; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); ADD_U_INT32(dptr, type); - ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t)); + ADD_MEM(dptr, internet_addr, 4 * sizeof(uint32_t)); return (t); } diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index 660c2ee..fa037ab 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -503,13 +503,15 @@ getaudit(struct thread *td, struct getaudit_args *uap) error = priv_check(td, PRIV_AUDIT_GETAUDIT); if (error) return (error); + if (td->td_ucred->cr_audit.ai_termid.at_type == AU_IPv6) + return (E2BIG); bzero(&ai, sizeof(ai)); ai.ai_auid = td->td_ucred->cr_audit.ai_auid; ai.ai_mask = td->td_ucred->cr_audit.ai_mask; ai.ai_asid = td->td_ucred->cr_audit.ai_asid; ai.ai_termid.machine = td->td_ucred->cr_audit.ai_termid.at_addr[0]; ai.ai_termid.port = td->td_ucred->cr_audit.ai_termid.at_port; - return (copyout(&ai, uap->auditinfo, sizeof(&ai))); + return (copyout(&ai, uap->auditinfo, sizeof(ai))); } /* ARGSUSED */ @@ -585,7 +587,10 @@ setaudit_addr(struct thread *td, struct setaudit_addr_args *uap) error = copyin(uap->auditinfo_addr, &aia, sizeof(aia)); if (error) return (error); - /* XXXRW: Audit argument. */ + audit_arg_auditinfo_addr(&aia); + if (aia.ai_termid.at_type != AU_IPv6 && + aia.ai_termid.at_type != AU_IPv4) + return (EINVAL); newcred = crget(); PROC_LOCK(td->td_proc); oldcred = td->td_proc->p_ucred; |