summaryrefslogtreecommitdiffstats
path: root/sys/security
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2006-03-19 17:34:00 +0000
committerrwatson <rwatson@FreeBSD.org>2006-03-19 17:34:00 +0000
commit9c0a4e82f3f7381e1fde26b4c69cfc31e480bd53 (patch)
tree4546d95e1fa0f362af8a9b34794af5a895124e33 /sys/security
parent6163ee5a7b865b66b1dd7f437ade09ea314d0b68 (diff)
downloadFreeBSD-src-9c0a4e82f3f7381e1fde26b4c69cfc31e480bd53.zip
FreeBSD-src-9c0a4e82f3f7381e1fde26b4c69cfc31e480bd53.tar.gz
Merge Perforce change 93581 from TrustedBSD audit3 branch:
Mega-style patch. Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security')
-rw-r--r--sys/security/audit/audit.c68
-rw-r--r--sys/security/audit/audit.h135
-rw-r--r--sys/security/audit/audit_arg.c54
-rw-r--r--sys/security/audit/audit_bsm.c286
-rw-r--r--sys/security/audit/audit_bsm_klib.c84
-rw-r--r--sys/security/audit/audit_ioctl.h2
-rw-r--r--sys/security/audit/audit_private.h191
-rw-r--r--sys/security/audit/audit_syscalls.c98
-rw-r--r--sys/security/audit/audit_worker.c149
9 files changed, 541 insertions, 526 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index cb5b3fa..bf3f4ca 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -76,43 +76,43 @@ MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage");
MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage");
/*
- * Audit control settings that are set/read by system calls and are
+ * Audit control settings that are set/read by system calls and are
* hence non-static.
*/
-/*
+/*
* Define the audit control flags.
*/
-int audit_enabled;
-int audit_suspended;
+int audit_enabled;
+int audit_suspended;
/*
* Flags controlling behavior in low storage situations.
* Should we panic if a write fails? Should we fail stop
* if we're out of disk space?
*/
-int audit_panic_on_write_fail;
-int audit_fail_stop;
+int audit_panic_on_write_fail;
+int audit_fail_stop;
/*
* Are we currently "failing stop" due to out of disk space?
*/
-int audit_in_failure;
+int audit_in_failure;
/*
- * Global audit statistiscs.
+ * Global audit statistiscs.
*/
-struct audit_fstat audit_fstat;
+struct audit_fstat audit_fstat;
/*
* Preselection mask for non-attributable events.
*/
-struct au_mask audit_nae_mask;
+struct au_mask audit_nae_mask;
/*
* Mutex to protect global variables shared between various threads and
* processes.
*/
-struct mtx audit_mtx;
+struct mtx audit_mtx;
/*
* Queue of audit records ready for delivery to disk. We insert new
@@ -122,21 +122,21 @@ struct mtx audit_mtx;
* not yet in the queue, which is needed to estimate the total
* size of the combined set of records outstanding in the system.
*/
-struct kaudit_queue audit_q;
-int audit_q_len;
-int audit_pre_q_len;
+struct kaudit_queue audit_q;
+int audit_q_len;
+int audit_pre_q_len;
/*
* Audit queue control settings (minimum free, low/high water marks, etc.)
*/
-struct au_qctrl audit_qctrl;
+struct au_qctrl audit_qctrl;
/*
* Condition variable to signal to the worker that it has work to do:
* either new records are in the queue, or a log replacement is taking
* place.
*/
-struct cv audit_cv;
+struct cv audit_cv;
/*
* Condition variable to signal to the worker that it has work to do:
@@ -145,14 +145,14 @@ struct cv audit_cv;
*
* XXXRW: This description is incorrect.
*/
-struct cv audit_commit_cv;
+struct cv audit_commit_cv;
-/*
- * Condition variable for auditing threads wait on when in fail-stop mode.
- * Threads wait on this CV forever (and ever), never seeing the light of
+/*
+ * Condition variable for auditing threads wait on when in fail-stop mode.
+ * Threads wait on this CV forever (and ever), never seeing the light of
* day again.
*/
-static struct cv audit_fail_cv;
+static struct cv audit_fail_cv;
/*
* Construct an audit record for the passed thread.
@@ -226,7 +226,7 @@ audit_init(void)
audit_in_failure = 0;
audit_fstat.af_filesz = 0; /* '0' means unset, unbounded */
- audit_fstat.af_currsz = 0;
+ audit_fstat.af_currsz = 0;
audit_nae_mask.am_success = AU_NULL;
audit_nae_mask.am_failure = AU_NULL;
@@ -351,7 +351,7 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
aumask = &audit_nae_mask;
else
aumask = &ar->k_ar.ar_subj_amask;
-
+
if (error)
sorf = AU_PRS_FAILURE;
else
@@ -361,7 +361,7 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
case AUE_OPEN_RWTC:
/* The open syscall always writes a AUE_OPEN_RWTC event; change
- * it to the proper type of event based on the flags and the
+ * it to the proper type of event based on the flags and the
* error value.
*/
ar->k_ar.ar_event = flags_and_error_to_openevent(
@@ -419,7 +419,7 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
uma_zfree(audit_record_zone, ar);
return;
}
-
+
/*
* Constrain the number of committed audit records based on
* the configurable parameter.
@@ -478,9 +478,9 @@ audit_syscall_enter(unsigned short code, struct thread *td)
aumask = &audit_nae_mask;
else
aumask = &td->td_proc->p_au->ai_mask;
-
+
/*
- * Allocate an audit record, if preselection allows it, and store
+ * Allocate an audit record, if preselection allows it, and store
* in the thread for later use.
*/
if (au_preselect(audit_event, aumask,
@@ -531,7 +531,7 @@ audit_syscall_exit(int error, struct thread *td)
audit_commit(td->td_ar, error, retval);
if (td->td_ar != NULL)
- AUDIT_PRINTF(("audit record committed by pid %d\n",
+ AUDIT_PRINTF(("audit record committed by pid %d\n",
td->td_proc->p_pid));
td->td_ar = NULL;
@@ -571,11 +571,11 @@ audit_thread_free(struct thread *td)
KASSERT(td->td_ar == NULL, ("audit_thread_free: td_ar != NULL"));
}
-/*
- * Initialize the audit information for the a process, presumably the first
+/*
+ * Initialize the audit information for the a process, presumably the first
* process in the system.
- * XXX It is not clear what the initial values should be for audit ID,
- * session ID, etc.
+ * XXX It is not clear what the initial values should be for audit ID,
+ * session ID, etc.
*/
void
audit_proc_kproc0(struct proc *p)
@@ -598,7 +598,7 @@ audit_proc_init(struct proc *p)
p->p_au->ai_auid = AU_DEFAUDITID;
}
-/*
+/*
* Copy the audit info from the parent process to the child process when
* a fork takes place.
*/
@@ -624,7 +624,7 @@ audit_proc_fork(struct proc *parent, struct proc *child)
}
/*
- * Free the auditing structure for the process.
+ * Free the auditing structure for the process.
*/
void
audit_proc_free(struct proc *p)
diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h
index b63ed12..df74e9a 100644
--- a/sys/security/audit/audit.h
+++ b/sys/security/audit/audit.h
@@ -75,7 +75,7 @@ extern int audit_suspended;
#define ARG_AUID 0x0000000000000100ULL
#define ARG_GID 0x0000000000000200ULL
#define ARG_FD 0x0000000000000400ULL
-#define ARG_POSIX_IPC_PERM 0x0000000000000800ULL
+#define ARG_POSIX_IPC_PERM 0x0000000000000800ULL
#define ARG_FFLAGS 0x0000000000001000ULL
#define ARG_MODE 0x0000000000002000ULL
#define ARG_DEV 0x0000000000004000ULL
@@ -114,73 +114,65 @@ extern int audit_suspended;
#define ARG_NONE 0x0000000000000000ULL
#define ARG_ALL 0xFFFFFFFFFFFFFFFFULL
-void audit_syscall_enter(unsigned short code,
- struct thread *td);
-void audit_syscall_exit(int error, struct thread *td);
+void audit_syscall_enter(unsigned short code, struct thread *td);
+void audit_syscall_exit(int error, struct thread *td);
/*
* The remaining kernel functions are conditionally compiled in as they
- * are wrapped by a macro, and the macro should be the only place in
+ * are wrapped by a macro, and the macro should be the only place in
* the source tree where these functions are referenced.
*/
#ifdef AUDIT
struct ipc_perm;
struct sockaddr;
union auditon_udata;
-void audit_arg_addr(void * addr);
-void audit_arg_exit(int status, int retval);
-void audit_arg_len(int len);
-void audit_arg_fd(int fd);
-void audit_arg_fflags(int fflags);
-void audit_arg_gid(gid_t gid);
-void audit_arg_uid(uid_t uid);
-void audit_arg_egid(gid_t egid);
-void audit_arg_euid(uid_t euid);
-void audit_arg_rgid(gid_t rgid);
-void audit_arg_ruid(uid_t ruid);
-void audit_arg_sgid(gid_t sgid);
-void audit_arg_suid(uid_t suid);
-void audit_arg_groupset(gid_t *gidset, u_int gidset_size);
-void audit_arg_login(char *login);
-void audit_arg_ctlname(int *name, int namelen);
-void audit_arg_mask(int mask);
-void audit_arg_mode(mode_t mode);
-void audit_arg_dev(int dev);
-void audit_arg_value(long value);
-void audit_arg_owner(uid_t uid, gid_t gid);
-void audit_arg_pid(pid_t pid);
-void audit_arg_process(struct proc *p);
-void audit_arg_signum(u_int signum);
-void audit_arg_socket(int sodomain, int sotype,
- int soprotocol);
-void audit_arg_sockaddr(struct thread *td,
- struct sockaddr *so);
-void audit_arg_auid(uid_t auid);
-void audit_arg_auditinfo(struct auditinfo *au_info);
-void audit_arg_upath(struct thread *td, char *upath,
- u_int64_t flags);
-void audit_arg_vnode(struct vnode *vp, u_int64_t flags);
-void audit_arg_text(char *text);
-void audit_arg_cmd(int cmd);
-void audit_arg_svipc_cmd(int cmd);
-void audit_arg_svipc_perm(struct ipc_perm *perm);
-void audit_arg_svipc_id(int id);
-void audit_arg_svipc_addr(void *addr);
-void audit_arg_posix_ipc_perm(uid_t uid, gid_t gid,
- mode_t mode);
-void audit_arg_auditon(union auditon_udata *udata);
-void audit_arg_file(struct proc *p, struct file *fp);
-
-void audit_sysclose(struct thread *td, int fd);
-
-void audit_proc_alloc(struct proc *p);
-void audit_proc_kproc0(struct proc *p);
-void audit_proc_init(struct proc *p);
-void audit_proc_fork(struct proc *parent,
- struct proc *child);
-void audit_proc_free(struct proc *p);
-void audit_thread_alloc(struct thread *td);
-void audit_thread_free(struct thread *td);
+void audit_arg_addr(void * addr);
+void audit_arg_exit(int status, int retval);
+void audit_arg_len(int len);
+void audit_arg_fd(int fd);
+void audit_arg_fflags(int fflags);
+void audit_arg_gid(gid_t gid);
+void audit_arg_uid(uid_t uid);
+void audit_arg_egid(gid_t egid);
+void audit_arg_euid(uid_t euid);
+void audit_arg_rgid(gid_t rgid);
+void audit_arg_ruid(uid_t ruid);
+void audit_arg_sgid(gid_t sgid);
+void audit_arg_suid(uid_t suid);
+void audit_arg_groupset(gid_t *gidset, u_int gidset_size);
+void audit_arg_login(char *login);
+void audit_arg_ctlname(int *name, int namelen);
+void audit_arg_mask(int mask);
+void audit_arg_mode(mode_t mode);
+void audit_arg_dev(int dev);
+void audit_arg_value(long value);
+void audit_arg_owner(uid_t uid, gid_t gid);
+void audit_arg_pid(pid_t pid);
+void audit_arg_process(struct proc *p);
+void audit_arg_signum(u_int signum);
+void audit_arg_socket(int sodomain, int sotype, int soprotocol);
+void audit_arg_sockaddr(struct thread *td, struct sockaddr *so);
+void audit_arg_auid(uid_t auid);
+void audit_arg_auditinfo(struct auditinfo *au_info);
+void audit_arg_upath(struct thread *td, char *upath, u_int64_t flags);
+void audit_arg_vnode(struct vnode *vp, u_int64_t flags);
+void audit_arg_text(char *text);
+void audit_arg_cmd(int cmd);
+void audit_arg_svipc_cmd(int cmd);
+void audit_arg_svipc_perm(struct ipc_perm *perm);
+void audit_arg_svipc_id(int id);
+void audit_arg_svipc_addr(void *addr);
+void audit_arg_posix_ipc_perm(uid_t uid, gid_t gid, mode_t mode);
+void audit_arg_auditon(union auditon_udata *udata);
+void audit_arg_file(struct proc *p, struct file *fp);
+void audit_sysclose(struct thread *td, int fd);
+void audit_proc_alloc(struct proc *p);
+void audit_proc_kproc0(struct proc *p);
+void audit_proc_init(struct proc *p);
+void audit_proc_fork(struct proc *parent, struct proc *child);
+void audit_proc_free(struct proc *p);
+void audit_thread_alloc(struct thread *td);
+void audit_thread_free(struct thread *td);
/*
* Define a macro to wrap the audit_arg_* calls by checking the global
@@ -189,23 +181,23 @@ void audit_thread_free(struct thread *td);
#define AUDIT_ARG(op, args...) do { \
if (audit_enabled) \
audit_arg_ ## op (args); \
- } while (0)
+} while (0)
#define AUDIT_SYSCALL_ENTER(code, td) do { \
if (audit_enabled) { \
audit_syscall_enter(code, td); \
} \
- } while (0)
+} while (0)
/*
* Wrap the audit_syscall_exit() function so that it is called only when
- * auditing is enabled, or we have a audit record on the thread. It is
+ * auditing is enabled, or we have a audit record on the thread. It is
* possible that an audit record was begun before auditing was turned off.
*/
#define AUDIT_SYSCALL_EXIT(error, td) do { \
if (audit_enabled | (td->td_ar != NULL)) \
audit_syscall_exit(error, td); \
- } while (0)
+} while (0)
/*
* A Macro to wrap the audit_sysclose() function.
@@ -213,26 +205,25 @@ void audit_thread_free(struct thread *td);
#define AUDIT_SYSCLOSE(td, fd) do { \
if (audit_enabled) \
audit_sysclose(td, fd); \
- } while (0)
+} while (0)
#else /* !AUDIT */
-void audit_proc_init(struct proc *p);
-void audit_proc_fork(struct proc *parent,
- struct proc *child);
-void audit_proc_free(struct proc *p);
+void audit_proc_init(struct proc *p);
+void audit_proc_fork(struct proc *parent, struct proc *child);
+void audit_proc_free(struct proc *p);
#define AUDIT_ARG(op, args...) do { \
- } while (0)
+} while (0)
#define AUDIT_SYSCALL_ENTER(code, td) do { \
- } while (0)
+} while (0)
#define AUDIT_SYSCALL_EXIT(error, td) do { \
- } while (0)
+} while (0)
#define AUDIT_SYSCLOSE(p, fd) do { \
- } while (0)
+} while (0)
#endif /* AUDIT */
diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c
index 34daa1c..8cf85ba 100644
--- a/sys/security/audit/audit_arg.c
+++ b/sys/security/audit/audit_arg.c
@@ -391,7 +391,7 @@ void
audit_arg_socket(int sodomain, int sotype, int soprotocol)
{
struct kaudit_record *ar;
-
+
ar = currecord();
if (ar == NULL)
return;
@@ -426,7 +426,7 @@ audit_arg_sockaddr(struct thread *td, struct sockaddr *so)
break;
case AF_UNIX:
- audit_arg_upath(td, ((struct sockaddr_un *)so)->sun_path,
+ audit_arg_upath(td, ((struct sockaddr_un *)so)->sun_path,
ARG_UPATH1);
ARG_SET_VALID(ar, ARG_SADDRUNIX);
break;
@@ -480,7 +480,7 @@ audit_arg_text(char *text)
/* Invalidate the text string */
ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_TEXT);
if (text == NULL)
- return;
+ return;
if (ar->k_ar.ar_arg_text == NULL)
ar->k_ar.ar_arg_text = malloc(MAXPATHLEN, M_AUDITTEXT,
@@ -525,8 +525,8 @@ audit_arg_svipc_perm(struct ipc_perm *perm)
if (ar == NULL)
return;
- bcopy(perm, &ar->k_ar.ar_arg_svipc_perm,
- sizeof(ar->k_ar.ar_arg_svipc_perm));
+ bcopy(perm, &ar->k_ar.ar_arg_svipc_perm,
+ sizeof(ar->k_ar.ar_arg_svipc_perm));
ARG_SET_VALID(ar, ARG_SVIPC_PERM);
}
@@ -580,8 +580,8 @@ audit_arg_auditon(union auditon_udata *udata)
if (ar == NULL)
return;
- bcopy((void *)udata, &ar->k_ar.ar_arg_auditon,
- sizeof(ar->k_ar.ar_arg_auditon));
+ bcopy((void *)udata, &ar->k_ar.ar_arg_auditon,
+ sizeof(ar->k_ar.ar_arg_auditon));
ARG_SET_VALID(ar, ARG_AUDITON);
}
@@ -628,20 +628,20 @@ audit_arg_file(struct proc *p, struct file *fp)
if (so->so_pcb == NULL)
return;
ar->k_ar.ar_arg_sockinfo.so_type =
- so->so_type;
+ so->so_type;
ar->k_ar.ar_arg_sockinfo.so_domain =
- INP_SOCKAF(so);
+ INP_SOCKAF(so);
ar->k_ar.ar_arg_sockinfo.so_protocol =
- so->so_proto->pr_protocol;
+ so->so_proto->pr_protocol;
pcb = (struct inpcb *)so->so_pcb;
ar->k_ar.ar_arg_sockinfo.so_raddr =
- pcb->inp_faddr.s_addr;
+ pcb->inp_faddr.s_addr;
ar->k_ar.ar_arg_sockinfo.so_laddr =
- pcb->inp_laddr.s_addr;
+ pcb->inp_laddr.s_addr;
ar->k_ar.ar_arg_sockinfo.so_rport =
- pcb->inp_fport;
+ pcb->inp_fport;
ar->k_ar.ar_arg_sockinfo.so_lport =
- pcb->inp_lport;
+ pcb->inp_lport;
ARG_SET_VALID(ar, ARG_SOCKINFO);
}
break;
@@ -653,11 +653,11 @@ audit_arg_file(struct proc *p, struct file *fp)
}
-/*
- * Store a path as given by the user process for auditing into the audit
- * record stored on the user thread. This function will allocate the memory to
- * store the path info if not already available. This memory will be
- * freed when the audit record is freed.
+/*
+ * Store a path as given by the user process for auditing into the audit
+ * record stored on the user thread. This function will allocate the memory
+ * to store the path info if not already available. This memory will be freed
+ * when the audit record is freed.
*
* XXXAUDIT: Possibly assert that the memory isn't already allocated?
*/
@@ -667,7 +667,7 @@ audit_arg_upath(struct thread *td, char *upath, u_int64_t flag)
struct kaudit_record *ar;
char **pathp;
- if (td == NULL || upath == NULL)
+ if (td == NULL || upath == NULL)
return; /* nothing to do! */
/*
@@ -696,8 +696,8 @@ audit_arg_upath(struct thread *td, char *upath, u_int64_t flag)
}
/*
- * Function to save the path and vnode attr information into the audit
- * record.
+ * Function to save the path and vnode attr information into the audit
+ * record.
*
* It is assumed that the caller will hold any vnode locks necessary to
* perform a VOP_GETATTR() on the passed vnode.
@@ -734,7 +734,7 @@ audit_arg_vnode(struct vnode *vp, u_int64_t flags)
ASSERT_VOP_LOCKED(vp, "audit_arg_vnode");
ar = currecord();
- if (ar == NULL) /* This will be the case for unaudited system calls */
+ if (ar == NULL)
return;
/*
@@ -777,9 +777,9 @@ audit_arg_vnode(struct vnode *vp, u_int64_t flags)
}
/*
- * The close() system call uses it's own audit call to capture the
- * path/vnode information because those pieces are not easily obtained
- * within the system call itself.
+ * The close() system call uses it's own audit call to capture the path/vnode
+ * information because those pieces are not easily obtained within the system
+ * call itself.
*/
void
audit_sysclose(struct thread *td, int fd)
@@ -800,4 +800,4 @@ audit_sysclose(struct thread *td, int fd)
VOP_UNLOCK(vp, 0, td);
VFS_UNLOCK_GIANT(vfslocked);
fdrop(fp, td);
-}
+}
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c
index 14b1d5a..25d49a3 100644
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@@ -54,7 +54,7 @@
MALLOC_DEFINE(M_AUDITBSM, "audit_bsm", "Audit BSM data");
-/*
+/*
* Forward declares.
*/
static void audit_sys_auditon(struct audit_record *ar,
@@ -72,18 +72,16 @@ kau_init(void)
}
/*
- * This call reserves memory for the audit record.
- * Memory must be guaranteed before any auditable event can be
- * generated.
- * The au_record structure maintains a reference to the
- * memory allocated above and also the list of tokens associated
- * with this record
- */
-static struct au_record *
+ * This call reserves memory for the audit record. Memory must be guaranteed
+ * before any auditable event can be generated. The au_record structure
+ * maintains a reference to the memory allocated above and also the list of
+ * tokens associated with this record
+ */
+static struct au_record *
kau_open(void)
-{
+{
struct au_record *rec;
-
+
rec = malloc(sizeof(*rec), M_AUDITBSM, M_WAITOK);
rec->data = malloc(MAX_AUDIT_RECORD_SIZE * sizeof(u_char),
M_AUDITBSM, M_WAITOK | M_ZERO);
@@ -96,7 +94,7 @@ kau_open(void)
/*
* Store the token with the record descriptor.
- */
+ */
static void
kau_write(struct au_record *rec, struct au_token *tok)
{
@@ -118,7 +116,7 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event)
size_t tot_rec_size;
token_t *cur, *hdr, *trail;
struct timeval tm;
-
+
tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
if (tot_rec_size <= MAX_AUDIT_RECORD_SIZE) {
/* Create the header token */
@@ -131,34 +129,33 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event)
TAILQ_INSERT_TAIL(&rec->token_q, trail, tokens);
/* Serialize token data to the record. */
-
rec->len = tot_rec_size;
dptr = rec->data;
TAILQ_FOREACH(cur, &rec->token_q, tokens) {
- memcpy(dptr, cur->t_data, cur->len);
+ memcpy(dptr, cur->t_data, cur->len);
dptr += cur->len;
}
}
}
/*
- * Free a BSM audit record by releasing all the tokens and clearing the
- * audit record information.
+ * Free a BSM audit record by releasing all the tokens and clearing the audit
+ * record information.
*/
void
kau_free(struct au_record *rec)
{
struct au_token *tok;
- /* Free the token list */
+ /* Free the token list. */
while ((tok = TAILQ_FIRST(&rec->token_q))) {
TAILQ_REMOVE(&rec->token_q, tok, tokens);
free(tok->t_data, M_AUDITBSM);
free(tok, M_AUDITBSM);
- }
+ }
rec->used = 0;
- rec->len = 0;
+ rec->len = 0;
free(rec->data, M_AUDITBSM);
free(rec, M_AUDITBSM);
}
@@ -218,7 +215,8 @@ kau_free(struct au_record *rec)
kau_write(rec, tok); \
} else { \
if (ARG_IS_VALID(kar, ARG_FD)) { \
- tok = au_to_arg32(1, "non-file: fd", ar->ar_arg_fd);\
+ tok = au_to_arg32(1, "non-file: fd", \
+ ar->ar_arg_fd); \
kau_write(rec, tok); \
} \
} \
@@ -253,92 +251,92 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
struct au_token *tok;
switch (ar->ar_arg_cmd) {
- case A_SETPOLICY:
+ case A_SETPOLICY:
if (sizeof(ar->ar_arg_auditon.au_flags) > 4)
- tok = au_to_arg64(1, "policy",
- ar->ar_arg_auditon.au_flags);
+ tok = au_to_arg64(1, "policy",
+ ar->ar_arg_auditon.au_flags);
else
- tok = au_to_arg32(1, "policy",
- ar->ar_arg_auditon.au_flags);
+ tok = au_to_arg32(1, "policy",
+ ar->ar_arg_auditon.au_flags);
kau_write(rec, tok);
break;
- case A_SETKMASK:
- tok = au_to_arg32(2, "setkmask:as_success",
- ar->ar_arg_auditon.au_mask.am_success);
+ case A_SETKMASK:
+ tok = au_to_arg32(2, "setkmask:as_success",
+ ar->ar_arg_auditon.au_mask.am_success);
kau_write(rec, tok);
- tok = au_to_arg32(2, "setkmask:as_failure",
- ar->ar_arg_auditon.au_mask.am_failure);
+ tok = au_to_arg32(2, "setkmask:as_failure",
+ ar->ar_arg_auditon.au_mask.am_failure);
kau_write(rec, tok);
break;
- case A_SETQCTRL:
- tok = au_to_arg32(3, "setqctrl:aq_hiwater",
- ar->ar_arg_auditon.au_qctrl.aq_hiwater);
+ case A_SETQCTRL:
+ tok = au_to_arg32(3, "setqctrl:aq_hiwater",
+ ar->ar_arg_auditon.au_qctrl.aq_hiwater);
kau_write(rec, tok);
- tok = au_to_arg32(3, "setqctrl:aq_lowater",
- ar->ar_arg_auditon.au_qctrl.aq_lowater);
+ tok = au_to_arg32(3, "setqctrl:aq_lowater",
+ ar->ar_arg_auditon.au_qctrl.aq_lowater);
kau_write(rec, tok);
- tok = au_to_arg32(3, "setqctrl:aq_bufsz",
- ar->ar_arg_auditon.au_qctrl.aq_bufsz);
+ tok = au_to_arg32(3, "setqctrl:aq_bufsz",
+ ar->ar_arg_auditon.au_qctrl.aq_bufsz);
kau_write(rec, tok);
- tok = au_to_arg32(3, "setqctrl:aq_delay",
- ar->ar_arg_auditon.au_qctrl.aq_delay);
+ tok = au_to_arg32(3, "setqctrl:aq_delay",
+ ar->ar_arg_auditon.au_qctrl.aq_delay);
kau_write(rec, tok);
- tok = au_to_arg32(3, "setqctrl:aq_minfree",
- ar->ar_arg_auditon.au_qctrl.aq_minfree);
+ tok = au_to_arg32(3, "setqctrl:aq_minfree",
+ ar->ar_arg_auditon.au_qctrl.aq_minfree);
kau_write(rec, tok);
break;
- case A_SETUMASK:
- tok = au_to_arg32(3, "setumask:as_success",
- ar->ar_arg_auditon.au_auinfo.ai_mask.am_success);
+ case A_SETUMASK:
+ tok = au_to_arg32(3, "setumask:as_success",
+ ar->ar_arg_auditon.au_auinfo.ai_mask.am_success);
kau_write(rec, tok);
- tok = au_to_arg32(3, "setumask:as_failure",
- ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure);
+ tok = au_to_arg32(3, "setumask:as_failure",
+ ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure);
kau_write(rec, tok);
break;
- case A_SETSMASK:
- tok = au_to_arg32(3, "setsmask:as_success",
- ar->ar_arg_auditon.au_auinfo.ai_mask.am_success);
+ case A_SETSMASK:
+ tok = au_to_arg32(3, "setsmask:as_success",
+ ar->ar_arg_auditon.au_auinfo.ai_mask.am_success);
kau_write(rec, tok);
- tok = au_to_arg32(3, "setsmask:as_failure",
- ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure);
+ tok = au_to_arg32(3, "setsmask:as_failure",
+ ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure);
kau_write(rec, tok);
break;
- case A_SETCOND:
+ case A_SETCOND:
if (sizeof(ar->ar_arg_auditon.au_cond) > 4)
- tok = au_to_arg64(3, "setcond",
- ar->ar_arg_auditon.au_cond);
+ tok = au_to_arg64(3, "setcond",
+ ar->ar_arg_auditon.au_cond);
else
- tok = au_to_arg32(3, "setcond",
- ar->ar_arg_auditon.au_cond);
+ tok = au_to_arg32(3, "setcond",
+ ar->ar_arg_auditon.au_cond);
kau_write(rec, tok);
break;
- case A_SETCLASS:
+ case A_SETCLASS:
tok = au_to_arg32(2, "setclass:ec_event",
- ar->ar_arg_auditon.au_evclass.ec_number);
+ ar->ar_arg_auditon.au_evclass.ec_number);
kau_write(rec, tok);
tok = au_to_arg32(3, "setclass:ec_class",
- ar->ar_arg_auditon.au_evclass.ec_class);
+ ar->ar_arg_auditon.au_evclass.ec_class);
kau_write(rec, tok);
break;
- case A_SETPMASK:
- tok = au_to_arg32(2, "setpmask:as_success",
- ar->ar_arg_auditon.au_aupinfo.ap_mask.am_success);
+ case A_SETPMASK:
+ tok = au_to_arg32(2, "setpmask:as_success",
+ ar->ar_arg_auditon.au_aupinfo.ap_mask.am_success);
kau_write(rec, tok);
- tok = au_to_arg32(2, "setpmask:as_failure",
- ar->ar_arg_auditon.au_aupinfo.ap_mask.am_failure);
+ tok = au_to_arg32(2, "setpmask:as_failure",
+ ar->ar_arg_auditon.au_aupinfo.ap_mask.am_failure);
kau_write(rec, tok);
break;
- case A_SETFSIZE:
- tok = au_to_arg32(2, "setfsize:filesize",
- ar->ar_arg_auditon.au_fstat.af_filesz);
+ case A_SETFSIZE:
+ tok = au_to_arg32(2, "setfsize:filesize",
+ ar->ar_arg_auditon.au_fstat.af_filesz);
kau_write(rec, tok);
break;
@@ -348,13 +346,14 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
}
/*
- * Convert an internal kernel audit record to a BSM record and return
- * a success/failure indicator. The BSM record is passed as an out
- * parameter to this function.
+ * Convert an internal kernel audit record to a BSM record and return a
+ * success/failure indicator. The BSM record is passed as an out parameter to
+ * this function.
+ *
* Return conditions:
* BSM_SUCCESS: The BSM record is valid
* BSM_FAILURE: Failure; the BSM record is NULL.
- * BSM_NOAUDIT: The event is not auditable for BSM; the BSM record is NULL.
+ * BSM_NOAUDIT: The event is not auditable for BSM; the BSM record is NULL.
*/
int
kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
@@ -383,35 +382,35 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
ar->ar_subj_asid, /* session ID */
&tid);
- /* The logic inside each case fills in the tokens required for the
- * event, except for the header, trailer, and return tokens. The
+ /*
+ * The logic inside each case fills in the tokens required for the
+ * event, except for the header, trailer, and return tokens. The
* header and trailer tokens are added by the kau_close() function.
* The return token is added outside of the switch statement.
- */
- switch(ar->ar_event) {
-
- /*
- * Socket-related events.
*/
+ switch(ar->ar_event) {
case AUE_ACCEPT:
case AUE_BIND:
case AUE_CONNECT:
case AUE_RECVFROM:
- case AUE_RECVMSG:
+ case AUE_RECVMSG:
case AUE_SENDMSG:
case AUE_SENDTO:
+ /*
+ * Socket-related events.
+ */
if (ARG_IS_VALID(kar, ARG_FD)) {
tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
kau_write(rec, tok);
}
if (ARG_IS_VALID(kar, ARG_SADDRINET)) {
- tok = au_to_sock_inet(
- (struct sockaddr_in *)&ar->ar_arg_sockaddr);
+ tok = au_to_sock_inet((struct sockaddr_in *)
+ &ar->ar_arg_sockaddr);
kau_write(rec, tok);
}
if (ARG_IS_VALID(kar, ARG_SADDRUNIX)) {
- tok = au_to_sock_unix(
- (struct sockaddr_un *)&ar->ar_arg_sockaddr);
+ tok = au_to_sock_unix((struct sockaddr_un *)
+ &ar->ar_arg_sockaddr);
kau_write(rec, tok);
UPATH1_TOKENS;
}
@@ -459,21 +458,23 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_SETAUDIT:
if (ARG_IS_VALID(kar, ARG_AUID)) {
- tok = au_to_arg32(1, "setaudit:auid", ar->ar_arg_auid);
+ tok = au_to_arg32(1, "setaudit:auid",
+ ar->ar_arg_auid);
kau_write(rec, tok);
- tok = au_to_arg32(1, "setaudit:port",
- ar->ar_arg_termid.port);
+ tok = au_to_arg32(1, "setaudit:port",
+ ar->ar_arg_termid.port);
kau_write(rec, tok);
- tok = au_to_arg32(1, "setaudit:machine",
- ar->ar_arg_termid.machine);
+ tok = au_to_arg32(1, "setaudit:machine",
+ ar->ar_arg_termid.machine);
kau_write(rec, tok);
- tok = au_to_arg32(1, "setaudit:as_success",
- ar->ar_arg_amask.am_success);
+ tok = au_to_arg32(1, "setaudit:as_success",
+ ar->ar_arg_amask.am_success);
kau_write(rec, tok);
- tok = au_to_arg32(1, "setaudit:as_failure",
- ar->ar_arg_amask.am_failure);
+ tok = au_to_arg32(1, "setaudit:as_failure",
+ ar->ar_arg_amask.am_failure);
kau_write(rec, tok);
- tok = au_to_arg32(1, "setaudit:asid", ar->ar_arg_asid);
+ tok = au_to_arg32(1, "setaudit:asid",
+ ar->ar_arg_asid);
kau_write(rec, tok);
}
break;
@@ -482,7 +483,9 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
break; /* XXX need to add arguments */
case AUE_AUDITON:
- /* For AUDITON commands without own event, audit the cmd */
+ /*
+ * For AUDITON commands without own event, audit the cmd.
+ */
if (ARG_IS_VALID(kar, ARG_CMD)) {
tok = au_to_arg32(1, "cmd", ar->ar_arg_cmd);
kau_write(rec, tok);
@@ -505,11 +508,10 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_AUDITON_SETUMASK:
case AUE_AUDITON_SPOLICY:
case AUE_AUDITON_SQCTRL:
- if (ARG_IS_VALID(kar, ARG_AUDITON)) {
+ if (ARG_IS_VALID(kar, ARG_AUDITON))
audit_sys_auditon(ar, rec);
- }
break;
-
+
case AUE_AUDITCTL:
UPATH1_VNODE1_TOKENS;
break;
@@ -534,7 +536,9 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_SETSID:
case AUE_SETTIMEOFDAY:
case AUE_NEWSYSTEMSHREG:
- /* Header, subject, and return tokens added at end */
+ /*
+ * Header, subject, and return tokens added at end.
+ */
break;
case AUE_ACCESS:
@@ -569,16 +573,17 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
UPATH1_VNODE1_TOKENS;
break;
-
+
case AUE_CHMOD:
case AUE_LCHMOD:
if (ARG_IS_VALID(kar, ARG_MODE)) {
- tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode);
+ tok = au_to_arg32(2, "new file mode",
+ ar->ar_arg_mode);
kau_write(rec, tok);
}
UPATH1_VNODE1_TOKENS;
break;
-
+
case AUE_CHOWN:
case AUE_LCHOWN:
if (ARG_IS_VALID(kar, ARG_UID)) {
@@ -591,7 +596,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
UPATH1_VNODE1_TOKENS;
break;
-
+
case AUE_EXCHANGEDATA:
UPATH1_VNODE1_TOKENS;
UPATH2_TOKENS;
@@ -607,12 +612,13 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_FCHMOD:
if (ARG_IS_VALID(kar, ARG_MODE)) {
- tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode);
+ tok = au_to_arg32(2, "new file mode",
+ ar->ar_arg_mode);
kau_write(rec, tok);
}
FD_VNODE1_TOKENS;
break;
-
+
case AUE_FCHDIR:
case AUE_FPATHCONF:
case AUE_FSTAT: /* XXX Need to handle sockets and shm */
@@ -624,7 +630,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_GETDIRENTRIESATTR:
FD_VNODE1_TOKENS;
break;
-
+
case AUE_FCHOWN:
if (ARG_IS_VALID(kar, ARG_UID)) {
tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid);
@@ -636,7 +642,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
FD_VNODE1_TOKENS;
break;
-
+
case AUE_FCNTL:
if (ar->ar_arg_cmd == F_GETLK || ar->ar_arg_cmd == F_SETLK ||
ar->ar_arg_cmd == F_SETLKW) {
@@ -647,7 +653,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
FD_VNODE1_TOKENS;
}
break;
-
+
case AUE_FCHFLAGS:
if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
@@ -655,7 +661,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
FD_VNODE1_TOKENS;
break;
-
+
case AUE_FLOCK:
if (ARG_IS_VALID(kar, ARG_CMD)) {
tok = au_to_arg32(2, "operation", ar->ar_arg_cmd);
@@ -663,7 +669,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
FD_VNODE1_TOKENS;
break;
-
+
case AUE_RFORK:
if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
tok = au_to_arg32(1, "flags", ar->ar_arg_fflags);
@@ -677,7 +683,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
kau_write(rec, tok);
}
break;
-
+
case AUE_IOCTL:
if (ARG_IS_VALID(kar, ARG_CMD)) {
tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
@@ -688,11 +694,11 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
(u_int32_t)(uintptr_t)ar->ar_arg_addr);
kau_write(rec, tok);
}
- if (ARG_IS_VALID(kar, ARG_VNODE1)) {
+ if (ARG_IS_VALID(kar, ARG_VNODE1))
FD_VNODE1_TOKENS;
- } else {
+ else {
if (ARG_IS_VALID(kar, ARG_SOCKINFO)) {
- tok = kau_to_socket(&ar->ar_arg_sockinfo);
+ tok = kau_to_socket(&ar->ar_arg_sockinfo);
kau_write(rec, tok);
} else {
if (ARG_IS_VALID(kar, ARG_FD)) {
@@ -739,7 +745,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
UPATH1_VNODE1_TOKENS;
break;
-
+
case AUE_MKDIR:
if (ARG_IS_VALID(kar, ARG_MODE)) {
tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
@@ -804,6 +810,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
kau_write(rec, tok);
}
/* fall through */
+
case AUE_UMOUNT:
UPATH1_VNODE1_TOKENS;
break;
@@ -811,6 +818,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_MSGCTL:
ar->ar_event = msgctl_to_event(ar->ar_arg_svipc_cmd);
/* Fall through */
+
case AUE_MSGRCV:
case AUE_MSGSND:
tok = au_to_arg32(1, "msg ID", ar->ar_arg_svipc_id);
@@ -838,7 +846,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
kau_write(rec, tok);
}
break;
-
+
case AUE_OPEN_RC:
case AUE_OPEN_RTC:
case AUE_OPEN_RWC:
@@ -904,6 +912,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_SEMCTL:
ar->ar_event = semctl_to_event(ar->ar_arg_svipc_cmd);
/* Fall through */
+
case AUE_SEMOP:
if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) {
tok = au_to_arg32(1, "sem ID", ar->ar_arg_svipc_id);
@@ -915,6 +924,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
}
break;
+
case AUE_SEMGET:
if (ar->ar_errno == 0) {
if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) {
@@ -924,18 +934,21 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
}
break;
+
case AUE_SETEGID:
if (ARG_IS_VALID(kar, ARG_EGID)) {
tok = au_to_arg32(1, "gid", ar->ar_arg_egid);
kau_write(rec, tok);
}
break;
+
case AUE_SETEUID:
if (ARG_IS_VALID(kar, ARG_EUID)) {
tok = au_to_arg32(1, "uid", ar->ar_arg_euid);
kau_write(rec, tok);
}
break;
+
case AUE_SETREGID:
if (ARG_IS_VALID(kar, ARG_RGID)) {
tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
@@ -946,6 +959,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
kau_write(rec, tok);
}
break;
+
case AUE_SETREUID:
if (ARG_IS_VALID(kar, ARG_RUID)) {
tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
@@ -956,6 +970,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
kau_write(rec, tok);
}
break;
+
case AUE_SETRESGID:
if (ARG_IS_VALID(kar, ARG_RGID)) {
tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
@@ -970,6 +985,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
kau_write(rec, tok);
}
break;
+
case AUE_SETRESUID:
if (ARG_IS_VALID(kar, ARG_RUID)) {
tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
@@ -984,18 +1000,21 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
kau_write(rec, tok);
}
break;
+
case AUE_SETGID:
if (ARG_IS_VALID(kar, ARG_GID)) {
tok = au_to_arg32(1, "gid", ar->ar_arg_gid);
kau_write(rec, tok);
}
break;
+
case AUE_SETUID:
if (ARG_IS_VALID(kar, ARG_UID)) {
tok = au_to_arg32(1, "uid", ar->ar_arg_uid);
kau_write(rec, tok);
}
break;
+
case AUE_SETGROUPS:
if (ARG_IS_VALID(kar, ARG_GROUPSET)) {
for(ctr = 0; ctr < ar->ar_arg_groups.gidset_size; ctr++)
@@ -1104,7 +1123,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
break;
- /* AUE_SHMOPEN, AUE_SHMUNLINK, AUE_SEMOPEN, AUE_SEMCLOSE
+ /* AUE_SHMOPEN, AUE_SHMUNLINK, AUE_SEMOPEN, AUE_SEMCLOSE
* and AUE_SEMUNLINK are Posix IPC */
case AUE_SHMOPEN:
if (ARG_IS_VALID(kar, ARG_SVIPC_ADDR)) {
@@ -1149,6 +1168,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
kau_write(rec, tok);
}
/* fall through */
+
case AUE_SEMUNLINK:
if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
@@ -1187,8 +1207,9 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
case AUE_SYSCTL:
if (ARG_IS_VALID(kar, ARG_CTLNAME | ARG_LEN)) {
for (ctr = 0; ctr < ar->ar_arg_len; ctr++) {
- tok = au_to_arg32(1, "name", ar->ar_arg_ctlname[ctr]);
- kau_write(rec, tok);
+ tok = au_to_arg32(1, "name",
+ ar->ar_arg_ctlname[ctr]);
+ kau_write(rec, tok);
}
}
if (ARG_IS_VALID(kar, ARG_VALUE)) {
@@ -1217,16 +1238,16 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
break;
- default: /* We shouldn't fall through to here. */
+ default:
printf("BSM conversion requested for unknown event %d\n",
- ar->ar_event);
+ ar->ar_event);
/* Write the subject token so it is properly freed here. */
kau_write(rec, subj_tok);
kau_free(rec);
return (BSM_NOAUDIT);
}
- kau_write(rec, subj_tok);
+ kau_write(rec, subj_tok);
tok = au_to_return32((char)ar->ar_errno, ar->ar_retval);
kau_write(rec, tok); /* Every record gets a return token */
@@ -1237,27 +1258,24 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
}
/*
- * Verify that a record is a valid BSM record. This verification is
- * simple now, but may be expanded on sometime in the future.
- * Return 1 if the record is good, 0 otherwise.
- *
+ * Verify that a record is a valid BSM record. This verification is simple
+ * now, but may be expanded on sometime in the future. Return 1 if the
+ * record is good, 0 otherwise.
*/
int
bsm_rec_verify(void *rec)
{
char c = *(char *)rec;
- /*
+
+ /*
* Check the token ID of the first token; it has to be a header
* token.
- */
- /* XXXAUDIT There needs to be a token structure to map a token.
+ *
+ * XXXAUDIT There needs to be a token structure to map a token.
* XXXAUDIT 'Shouldn't be simply looking at the first char.
*/
- if ( (c != AUT_HEADER32) &&
- (c != AUT_HEADER32_EX) &&
- (c != AUT_HEADER64) &&
- (c != AUT_HEADER64_EX) ) {
+ if ((c != AUT_HEADER32) && (c != AUT_HEADER32_EX) &&
+ (c != AUT_HEADER64) && (c != AUT_HEADER64_EX))
return (0);
- }
return (1);
}
diff --git a/sys/security/audit/audit_bsm_klib.c b/sys/security/audit/audit_bsm_klib.c
index abd78d3..5489a2e 100644
--- a/sys/security/audit/audit_bsm_klib.c
+++ b/sys/security/audit/audit_bsm_klib.c
@@ -63,8 +63,8 @@ struct evclass_list {
};
static MALLOC_DEFINE(M_AUDITEVCLASS, "audit_evclass", "Audit event class");
-static struct mtx evclass_mtx;
-static struct evclass_list evclass_hash[EVCLASSMAP_HASH_TABLE_SIZE];
+static struct mtx evclass_mtx;
+static struct evclass_list evclass_hash[EVCLASSMAP_HASH_TABLE_SIZE];
/*
* Look up the class for an audit event in the class mapping table.
@@ -90,14 +90,15 @@ out:
return (class);
}
-/*
+/*
* Insert a event to class mapping. If the event already exists in the
* mapping, then replace the mapping with the new one.
+ *
* XXX There is currently no constraints placed on the number of mappings.
- * May want to either limit to a number, or in terms of memory usage.
+ * May want to either limit to a number, or in terms of memory usage.
*/
void
-au_evclassmap_insert(au_event_t event, au_class_t class)
+au_evclassmap_insert(au_event_t event, au_class_t class)
{
struct evclass_list *evcl;
struct evclass_elem *evc, *evc_new;
@@ -126,7 +127,7 @@ au_evclassmap_insert(au_event_t event, au_class_t class)
}
void
-au_evclassmap_init(void)
+au_evclassmap_init(void)
{
int i;
@@ -141,7 +142,7 @@ au_evclassmap_init(void)
* native ABI system calls, as there may be audit events reachable
* only through non-native system calls. It also seems a shame to
* frob the mutex this early.
- */
+ */
for (i = 0; i < SYS_MAXSYSCALL; i++) {
if (sysent[i].sy_auevent != AUE_NULL)
au_evclassmap_insert(sysent[i].sy_auevent, AU_NULL);
@@ -163,31 +164,30 @@ au_preselect(au_event_t event, au_mask_t *mask_p, int sorf)
ae_class = au_event_class(event);
- /*
+ /*
* Perform the actual check of the masks against the event.
*/
if (sorf & AU_PRS_SUCCESS)
effmask |= (mask_p->am_success & ae_class);
-
+
if (sorf & AU_PRS_FAILURE)
effmask |= (mask_p->am_failure & ae_class);
-
+
if (effmask)
return (1);
- else
+ else
return (0);
}
/*
- * Convert sysctl names and present arguments to events
+ * Convert sysctl names and present arguments to events.
*/
au_event_t
ctlname_to_sysctlevent(int name[], uint64_t valid_arg)
{
/* can't parse it - so return the worst case */
- if ((valid_arg & (ARG_CTLNAME | ARG_LEN)) !=
- (ARG_CTLNAME | ARG_LEN))
+ if ((valid_arg & (ARG_CTLNAME | ARG_LEN)) != (ARG_CTLNAME | ARG_LEN))
return (AUE_SYSCTL);
switch (name[0]) {
@@ -241,14 +241,17 @@ ctlname_to_sysctlevent(int name[], uint64_t valid_arg)
}
/*
- * Convert an open flags specifier into a specific type of open event for
+ * Convert an open flags specifier into a specific type of open event for
* auditing purposes.
*/
au_event_t
-flags_and_error_to_openevent(int oflags, int error) {
+flags_and_error_to_openevent(int oflags, int error)
+{
au_event_t aevent;
- /* Need to check only those flags we care about. */
+ /*
+ * Need to check only those flags we care about.
+ */
oflags = oflags & (O_RDONLY | O_CREAT | O_TRUNC | O_RDWR | O_WRONLY);
/*
@@ -310,7 +313,7 @@ flags_and_error_to_openevent(int oflags, int error) {
}
#if 0
- /*
+ /*
* Convert chatty errors to better matching events.
* Failures to find a file are really just attribute
* events - so recast them as such.
@@ -469,13 +472,12 @@ auditon_command_event(int cmd)
}
}
-/*
- * Create a canonical path from given path by prefixing either the
- * root directory, or the current working directory.
- * If the process working directory is NULL, we could use 'rootvnode'
- * to obtain the root directoty, but this results in a volfs name
- * written to the audit log. So we will leave the filename starting
- * with '/' in the audit log in this case.
+/*
+ * Create a canonical path from given path by prefixing either the root
+ * directory, or the current working directory. If the process working
+ * directory is NULL, we could use 'rootvnode' to obtain the root directoty,
+ * but this results in a volfs name written to the audit log. So we will
+ * leave the filename starting with '/' in the audit log in this case.
*
* XXXRW: Since we combine two paths here, ideally a buffer of size
* MAXPATHLEN * 2 would be passed in.
@@ -493,43 +495,43 @@ canon_path(struct thread *td, char *path, char *cpath)
bufp = path;
FILEDESC_LOCK(fdp);
if (*(path) == '/') {
- while (*(bufp) == '/')
- bufp++; /* skip leading '/'s */
- /* If no process root, or it is the same as the system root,
+ while (*(bufp) == '/')
+ bufp++; /* Skip leading '/'s. */
+ /*
+ * If no process root, or it is the same as the system root,
* audit the path as passed in with a single '/'.
*/
if ((fdp->fd_rdir == NULL) ||
- (fdp->fd_rdir == rootvnode)) {
+ (fdp->fd_rdir == rootvnode)) {
vnp = NULL;
- bufp--; /* restore one '/' */
+ bufp--; /* Restore one '/'. */
} else {
- vnp = fdp->fd_rdir; /* use process root */
+ vnp = fdp->fd_rdir; /* Use process root. */
vref(vnp);
}
} else {
- vnp = fdp->fd_cdir; /* prepend the current dir */
+ vnp = fdp->fd_cdir; /* Prepend the current dir. */
vref(vnp);
bufp = path;
}
FILEDESC_UNLOCK(fdp);
if (vnp != NULL) {
/*
- * XXX: vn_fullpath() on FreeBSD is "less reliable"
- * than vn_getpath() on Darwin, so this will need more
- * attention in the future. Also, the question and
- * string bounding here seems a bit questionable and
- * will also require attention.
+ * XXX: vn_fullpath() on FreeBSD is "less reliable" than
+ * vn_getpath() on Darwin, so this will need more attention
+ * in the future. Also, the question and string bounding
+ * here seems a bit questionable and will also require
+ * attention.
*/
vfslocked = VFS_LOCK_GIANT(vnp->v_mount);
vn_lock(vnp, LK_EXCLUSIVE | LK_RETRY, td);
error = vn_fullpath(td, vnp, &retbuf, &freebuf);
if (error == 0) {
- /* Copy and free buffer allocated by vn_fullpath() */
+ /* Copy and free buffer allocated by vn_fullpath(). */
snprintf(cpath, MAXPATHLEN, "%s/%s", retbuf, bufp);
- free(freebuf, M_TEMP);
- } else {
+ free(freebuf, M_TEMP);
+ } else
cpath[0] = '\0';
- }
vput(vnp);
VFS_UNLOCK_GIANT(vfslocked);
} else {
diff --git a/sys/security/audit/audit_ioctl.h b/sys/security/audit/audit_ioctl.h
index 0826836..af0a389 100644
--- a/sys/security/audit/audit_ioctl.h
+++ b/sys/security/audit/audit_ioctl.h
@@ -28,7 +28,7 @@
* $FreeBSD$
*/
-#ifndef _SECURITY_AUDIT_AUDIT_IOCTL_H_
+#ifndef _SECURITY_AUDIT_AUDIT_IOCTL_H_
#define _SECURITY_AUDIT_AUDIT_IOCTL_H_
#define AUDITPIPE_IOBASE 'A'
diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h
index 2ad7afc..e8ae41e 100644
--- a/sys/security/audit/audit_private.h
+++ b/sys/security/audit/audit_private.h
@@ -66,8 +66,8 @@ MALLOC_DECLARE(M_AUDITTEXT);
#endif
/*
- * Audit control variables that are usually set/read via system calls
- * and used to control various aspects of auditing.
+ * Audit control variables that are usually set/read via system calls and
+ * used to control various aspects of auditing.
*/
extern struct au_qctrl audit_qctrl;
extern struct audit_fstat audit_fstat;
@@ -79,9 +79,9 @@ extern int audit_fail_stop;
* Success/failure conditions for the conversion of a kernel audit record to
* BSM format.
*/
-#define BSM_SUCCESS 0
-#define BSM_FAILURE 1
-#define BSM_NOAUDIT 2
+#define BSM_SUCCESS 0
+#define BSM_FAILURE 1
+#define BSM_NOAUDIT 2
/*
* Defines for the kernel audit record k_ar_commit field.
@@ -97,13 +97,13 @@ extern int audit_fail_stop;
* This structure is converted to BSM format before being written to disk.
*/
struct vnode_au_info {
- mode_t vn_mode;
- uid_t vn_uid;
- gid_t vn_gid;
- dev_t vn_dev;
- long vn_fsid;
- long vn_fileid;
- long vn_gen;
+ mode_t vn_mode;
+ uid_t vn_uid;
+ gid_t vn_gid;
+ dev_t vn_dev;
+ long vn_fsid;
+ long vn_fileid;
+ long vn_gen;
};
struct groupset {
@@ -115,10 +115,10 @@ struct socket_au_info {
int so_domain;
int so_type;
int so_protocol;
- in_addr_t so_raddr; /* remote address if INET socket */
- in_addr_t so_laddr; /* local address if INET socket */
- u_short so_rport; /* remote port */
- u_short so_lport; /* local port */
+ in_addr_t so_raddr; /* Remote address if INET socket. */
+ in_addr_t so_laddr; /* Local address if INET socket. */
+ u_short so_rport; /* Remote port. */
+ u_short so_lport; /* Local port. */
};
union auditon_udata {
@@ -138,9 +138,9 @@ union auditon_udata {
};
struct posix_ipc_perm {
- uid_t pipc_uid;
- gid_t pipc_gid;
- mode_t pipc_mode;
+ uid_t pipc_uid;
+ gid_t pipc_gid;
+ mode_t pipc_mode;
};
struct audit_record {
@@ -154,59 +154,59 @@ struct audit_record {
u_int64_t ar_valid_arg; /* Bitmask of valid arguments */
/* Audit subject information. */
- struct xucred ar_subj_cred;
- uid_t ar_subj_ruid;
- gid_t ar_subj_rgid;
- gid_t ar_subj_egid;
- uid_t ar_subj_auid; /* Audit user ID */
- pid_t ar_subj_asid; /* Audit session ID */
- pid_t ar_subj_pid;
- struct au_tid ar_subj_term;
- char ar_subj_comm[MAXCOMLEN + 1];
- struct au_mask ar_subj_amask;
+ struct xucred ar_subj_cred;
+ uid_t ar_subj_ruid;
+ gid_t ar_subj_rgid;
+ gid_t ar_subj_egid;
+ uid_t ar_subj_auid; /* Audit user ID */
+ pid_t ar_subj_asid; /* Audit session ID */
+ pid_t ar_subj_pid;
+ struct au_tid ar_subj_term;
+ char ar_subj_comm[MAXCOMLEN + 1];
+ struct au_mask ar_subj_amask;
/* Operation arguments. */
- uid_t ar_arg_euid;
- uid_t ar_arg_ruid;
- uid_t ar_arg_suid;
- gid_t ar_arg_egid;
- gid_t ar_arg_rgid;
- gid_t ar_arg_sgid;
- pid_t ar_arg_pid;
- pid_t ar_arg_asid;
- struct au_tid ar_arg_termid;
- uid_t ar_arg_uid;
- uid_t ar_arg_auid;
- gid_t ar_arg_gid;
- struct groupset ar_arg_groups;
- int ar_arg_fd;
- int ar_arg_fflags;
- mode_t ar_arg_mode;
- int ar_arg_dev;
- long ar_arg_value;
- void * ar_arg_addr;
- int ar_arg_len;
- int ar_arg_mask;
- u_int ar_arg_signum;
- char ar_arg_login[MAXLOGNAME];
- int ar_arg_ctlname[CTL_MAXNAME];
- struct sockaddr ar_arg_sockaddr;
- struct socket_au_info ar_arg_sockinfo;
- char *ar_arg_upath1;
- char *ar_arg_upath2;
- char *ar_arg_text;
- struct au_mask ar_arg_amask;
- struct vnode_au_info ar_arg_vnode1;
- struct vnode_au_info ar_arg_vnode2;
- int ar_arg_cmd;
- int ar_arg_svipc_cmd;
- struct ipc_perm ar_arg_svipc_perm;
- int ar_arg_svipc_id;
- void * ar_arg_svipc_addr;
- struct posix_ipc_perm ar_arg_pipc_perm;
- union auditon_udata ar_arg_auditon;
- int ar_arg_exitstatus;
- int ar_arg_exitretval;
+ uid_t ar_arg_euid;
+ uid_t ar_arg_ruid;
+ uid_t ar_arg_suid;
+ gid_t ar_arg_egid;
+ gid_t ar_arg_rgid;
+ gid_t ar_arg_sgid;
+ pid_t ar_arg_pid;
+ pid_t ar_arg_asid;
+ struct au_tid ar_arg_termid;
+ uid_t ar_arg_uid;
+ uid_t ar_arg_auid;
+ gid_t ar_arg_gid;
+ struct groupset ar_arg_groups;
+ int ar_arg_fd;
+ int ar_arg_fflags;
+ mode_t ar_arg_mode;
+ int ar_arg_dev;
+ long ar_arg_value;
+ void * ar_arg_addr;
+ int ar_arg_len;
+ int ar_arg_mask;
+ u_int ar_arg_signum;
+ char ar_arg_login[MAXLOGNAME];
+ int ar_arg_ctlname[CTL_MAXNAME];
+ struct sockaddr ar_arg_sockaddr;
+ struct socket_au_info ar_arg_sockinfo;
+ char *ar_arg_upath1;
+ char *ar_arg_upath2;
+ char *ar_arg_text;
+ struct au_mask ar_arg_amask;
+ struct vnode_au_info ar_arg_vnode1;
+ struct vnode_au_info ar_arg_vnode2;
+ int ar_arg_cmd;
+ int ar_arg_svipc_cmd;
+ struct ipc_perm ar_arg_svipc_perm;
+ int ar_arg_svipc_id;
+ void * ar_arg_svipc_addr;
+ struct posix_ipc_perm ar_arg_pipc_perm;
+ union auditon_udata ar_arg_auditon;
+ int ar_arg_exitstatus;
+ int ar_arg_exitretval;
};
/*
@@ -221,16 +221,16 @@ struct audit_record {
/*
* In-kernel version of audit record; the basic record plus queue meta-data.
- * This record can also have a pointer set to some opaque data that will
- * be passed through to the audit writing mechanism.
+ * This record can also have a pointer set to some opaque data that will be
+ * passed through to the audit writing mechanism.
*/
struct kaudit_record {
- struct audit_record k_ar;
- u_int32_t k_ar_commit;
- void *k_udata; /* user data */
- u_int k_ulen; /* user data length */
- struct uthread *k_uthread; /* thread we are auditing */
- TAILQ_ENTRY(kaudit_record) k_q;
+ struct audit_record k_ar;
+ u_int32_t k_ar_commit;
+ void *k_udata; /* User data. */
+ u_int k_ulen; /* User data length. */
+ struct uthread *k_uthread; /* Audited thread. */
+ TAILQ_ENTRY(kaudit_record) k_q;
};
TAILQ_HEAD(kaudit_queue, kaudit_record);
@@ -248,34 +248,33 @@ struct kaudit_record *audit_new(int event, struct thread *td);
* the BSM file format.
*/
struct au_record;
-int kaudit_to_bsm(struct kaudit_record *kar,
- struct au_record **pau);
-int bsm_rec_verify(void *rec);
+int kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau);
+int bsm_rec_verify(void *rec);
/*
* Kernel versions of the libbsm audit record functions.
*/
-void kau_free(struct au_record *rec);
-void kau_init(void);
+void kau_free(struct au_record *rec);
+void kau_init(void);
/*
* Return values for pre-selection and post-selection decisions.
*/
-#define AU_PRS_SUCCESS 1
-#define AU_PRS_FAILURE 2
-#define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE)
+#define AU_PRS_SUCCESS 1
+#define AU_PRS_FAILURE 2
+#define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE)
/*
* Data structures relating to the kernel audit queue. Ideally, these might
* be abstracted so that only accessor methods are exposed.
*/
-extern struct mtx audit_mtx;
-extern struct cv audit_commit_cv;
-extern struct cv audit_cv;
-extern struct kaudit_queue audit_q;
-extern int audit_q_len;
-extern int audit_pre_q_len;
-extern int audit_in_failure;
+extern struct mtx audit_mtx;
+extern struct cv audit_commit_cv;
+extern struct cv audit_cv;
+extern struct kaudit_queue audit_q;
+extern int audit_q_len;
+extern int audit_pre_q_len;
+extern int audit_in_failure;
/*
* Flags to use on audit files when opening and closing.
@@ -289,8 +288,8 @@ extern int audit_in_failure;
/*
* Some of the BSM tokenizer functions take different parameters in the
- * kernel implementations in order to save the copying of large kernel
- * data structures. The prototypes of these functions are declared here.
+ * kernel implementations in order to save the copying of large kernel data
+ * structures. The prototypes of these functions are declared here.
*/
token_t *kau_to_socket(struct socket_au_info *soi);
@@ -328,6 +327,6 @@ void audit_worker_init(void);
/*
* Audit pipe functions.
*/
-void audit_pipe_submit(void *record, u_int record_len);
+void audit_pipe_submit(void *record, u_int record_len);
#endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c
index 091e023..c5be11a 100644
--- a/sys/security/audit/audit_syscalls.c
+++ b/sys/security/audit/audit_syscalls.c
@@ -46,13 +46,13 @@
/*
* MPSAFE
*
- * System call to allow a user space application to submit a BSM audit
- * record to the kernel for inclusion in the audit log. This function
- * does little verification on the audit record that is submitted.
+ * System call to allow a user space application to submit a BSM audit record
+ * to the kernel for inclusion in the audit log. This function does little
+ * verification on the audit record that is submitted.
*
- * XXXAUDIT: Audit preselection for user records does not currently
- * work, since we pre-select only based on the AUE_audit event type,
- * not the event type submitted as part of the user audit data.
+ * XXXAUDIT: Audit preselection for user records does not currently work,
+ * since we pre-select only based on the AUE_audit event type, not the event
+ * type submitted as part of the user audit data.
*/
/* ARGSUSED */
int
@@ -71,14 +71,16 @@ audit(struct thread *td, struct audit_args *uap)
ar = currecord();
- /* If there's no current audit record (audit() itself not audited)
+ /*
+ * If there's no current audit record (audit() itself not audited)
* commit the user audit record.
*/
if (ar == NULL) {
- /* This is not very efficient; we're required to allocate
- * a complete kernel audit record just so the user record
- * can tag along.
+ /*
+ * This is not very efficient; we're required to allocate a
+ * complete kernel audit record just so the user record can
+ * tag along.
*
* XXXAUDIT: Maybe AUE_AUDIT in the system call context and
* special pre-select handling?
@@ -89,7 +91,7 @@ audit(struct thread *td, struct audit_args *uap)
ar = td->td_ar;
}
- if (uap->length > MAX_AUDIT_RECORD_SIZE)
+ if (uap->length > MAX_AUDIT_RECORD_SIZE)
return (EINVAL);
rec = malloc(uap->length, M_AUDITDATA, M_WAITOK);
@@ -98,13 +100,14 @@ audit(struct thread *td, struct audit_args *uap)
if (error)
goto free_out;
- /* Verify the record */
+ /* Verify the record. */
if (bsm_rec_verify(rec) == 0) {
error = EINVAL;
goto free_out;
}
- /* Attach the user audit record to the kernel audit record. Because
+ /*
+ * Attach the user audit record to the kernel audit record. Because
* this system call is an auditable event, we will write the user
* record along with the record for this audit event.
*
@@ -117,8 +120,9 @@ audit(struct thread *td, struct audit_args *uap)
return (0);
free_out:
- /* audit_syscall_exit() will free the audit record on the thread
- * even if we allocated it above.
+ /*
+ * audit_syscall_exit() will free the audit record on the thread even
+ * if we allocated it above.
*/
free(rec, M_AUDITDATA);
return (error);
@@ -147,8 +151,10 @@ auditon(struct thread *td, struct auditon_args *uap)
memset((void *)&udata, 0, sizeof(udata));
+ /*
+ * Some of the GET commands use the arguments too.
+ */
switch (uap->cmd) {
- /* Some of the GET commands use the arguments too */
case A_SETPOLICY:
case A_SETKMASK:
case A_SETQCTRL:
@@ -171,7 +177,8 @@ auditon(struct thread *td, struct auditon_args *uap)
break;
}
- /* XXX Need to implement these commands by accessing the global
+ /*
+ * XXX Need to implement these commands by accessing the global
* values associated with the commands.
*
* XXXAUDIT: Locking?
@@ -251,9 +258,9 @@ auditon(struct thread *td, struct auditon_args *uap)
break;
case A_SETCOND:
- if (udata.au_cond == AUC_NOAUDIT)
+ if (udata.au_cond == AUC_NOAUDIT)
audit_suspended = 1;
- if (udata.au_cond == AUC_AUDITING)
+ if (udata.au_cond == AUC_AUDITING)
audit_suspended = 0;
if (udata.au_cond == AUC_DISABLED) {
audit_suspended = 1;
@@ -262,17 +269,17 @@ auditon(struct thread *td, struct auditon_args *uap)
break;
case A_GETCLASS:
- udata.au_evclass.ec_class =
- au_event_class(udata.au_evclass.ec_number);
+ udata.au_evclass.ec_class = au_event_class(
+ udata.au_evclass.ec_number);
break;
case A_SETCLASS:
au_evclassmap_insert(udata.au_evclass.ec_number,
- udata.au_evclass.ec_class);
+ udata.au_evclass.ec_class);
break;
case A_GETPINFO:
- if (udata.au_aupinfo.ap_pid < 1)
+ if (udata.au_aupinfo.ap_pid < 1)
return (EINVAL);
/* XXXAUDIT: p_cansee()? */
@@ -280,30 +287,29 @@ auditon(struct thread *td, struct auditon_args *uap)
return (EINVAL);
udata.au_aupinfo.ap_auid = tp->p_au->ai_auid;
- udata.au_aupinfo.ap_mask.am_success =
- tp->p_au->ai_mask.am_success;
- udata.au_aupinfo.ap_mask.am_failure =
- tp->p_au->ai_mask.am_failure;
- udata.au_aupinfo.ap_termid.machine =
- tp->p_au->ai_termid.machine;
- udata.au_aupinfo.ap_termid.port =
- tp->p_au->ai_termid.port;
+ udata.au_aupinfo.ap_mask.am_success =
+ tp->p_au->ai_mask.am_success;
+ udata.au_aupinfo.ap_mask.am_failure =
+ tp->p_au->ai_mask.am_failure;
+ udata.au_aupinfo.ap_termid.machine =
+ tp->p_au->ai_termid.machine;
+ udata.au_aupinfo.ap_termid.port = tp->p_au->ai_termid.port;
udata.au_aupinfo.ap_asid = tp->p_au->ai_asid;
PROC_UNLOCK(tp);
break;
case A_SETPMASK:
- if (udata.au_aupinfo.ap_pid < 1)
+ if (udata.au_aupinfo.ap_pid < 1)
return (EINVAL);
/* XXXAUDIT: p_cansee()? */
if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL)
return (EINVAL);
- tp->p_au->ai_mask.am_success =
- udata.au_aupinfo.ap_mask.am_success;
- tp->p_au->ai_mask.am_failure =
- udata.au_aupinfo.ap_mask.am_failure;
+ tp->p_au->ai_mask.am_success =
+ udata.au_aupinfo.ap_mask.am_success;
+ tp->p_au->ai_mask.am_failure =
+ udata.au_aupinfo.ap_mask.am_failure;
PROC_UNLOCK(tp);
break;
@@ -336,9 +342,11 @@ auditon(struct thread *td, struct auditon_args *uap)
(udata.au_trigger > AUDIT_TRIGGER_MAX))
return (EINVAL);
return (send_trigger(udata.au_trigger));
- break;
}
- /* Copy data back to userspace for the GET comands */
+
+ /*
+ * Copy data back to userspace for the GET comands.
+ */
switch (uap->cmd) {
case A_GETPOLICY:
case A_GETKMASK:
@@ -361,7 +369,7 @@ auditon(struct thread *td, struct auditon_args *uap)
return (0);
}
-/*
+/*
* MPSAFE
*
* System calls to manage the user audit information.
@@ -378,8 +386,8 @@ getauid(struct thread *td, struct getauid_args *uap)
return (error);
/*
- * XXX:
- * Integer read on static pointer dereference: doesn't need locking?
+ * XXX: Integer read on static pointer dereference: doesn't need
+ * locking?
*/
PROC_LOCK(td->td_proc);
id = td->td_proc->p_au->ai_auid;
@@ -406,15 +414,15 @@ setauid(struct thread *td, struct setauid_args *uap)
audit_arg_auid(id);
/*
- * XXX:
- * Integer write on static pointer dereference: doesn't need locking?
+ * XXX: Integer write on static pointer dereference: doesn't need
+ * locking?
*
* XXXAUDIT: Might need locking to serialize audit events in the same
* order as change events? Or maybe that's an under-solveable
* problem.
*
* XXXRW: Test privilege while holding the proc lock?
- */
+ */
PROC_LOCK(td->td_proc);
td->td_proc->p_au->ai_auid = id;
PROC_UNLOCK(td->td_proc);
@@ -424,7 +432,7 @@ setauid(struct thread *td, struct setauid_args *uap)
/*
* MPSAFE
- * System calls to get and set process audit information.
+ * System calls to get and set process audit information.
*/
/* ARGSUSED */
int
diff --git a/sys/security/audit/audit_worker.c b/sys/security/audit/audit_worker.c
index f975800..97ea66f 100644
--- a/sys/security/audit/audit_worker.c
+++ b/sys/security/audit/audit_worker.c
@@ -71,22 +71,22 @@
/*
* Worker thread that will schedule disk I/O, etc.
- */
+ */
static struct proc *audit_thread;
/*
- * When an audit log is rotated, the actual rotation must be performed
- * by the audit worker thread, as it may have outstanding writes on the
- * current audit log. audit_replacement_vp holds the vnode replacing
- * the current vnode. We can't let more than one replacement occur
- * at a time, so if more than one thread requests a replacement, only
- * one can have the replacement "in progress" at any given moment. If
- * a thread tries to replace the audit vnode and discovers a replacement
- * is already in progress (i.e., audit_replacement_flag != 0), then it
- * will sleep on audit_replacement_cv waiting its turn to perform a
- * replacement. When a replacement is completed, this cv is signalled
- * by the worker thread so a waiting thread can start another replacement.
- * We also store a credential to perform audit log write operations with.
+ * When an audit log is rotated, the actual rotation must be performed by the
+ * audit worker thread, as it may have outstanding writes on the current
+ * audit log. audit_replacement_vp holds the vnode replacing the current
+ * vnode. We can't let more than one replacement occur at a time, so if more
+ * than one thread requests a replacement, only one can have the replacement
+ * "in progress" at any given moment. If a thread tries to replace the audit
+ * vnode and discovers a replacement is already in progress (i.e.,
+ * audit_replacement_flag != 0), then it will sleep on audit_replacement_cv
+ * waiting its turn to perform a replacement. When a replacement is
+ * completed, this cv is signalled by the worker thread so a waiting thread
+ * can start another replacement. We also store a credential to perform
+ * audit log write operations with.
*
* The current credential and vnode are thread-local to audit_worker.
*/
@@ -103,13 +103,13 @@ static int audit_file_rotate_wait;
/*
* XXXAUDIT: Should adjust comments below to make it clear that we get to
- * this point only if we believe we have storage, so not having space here
- * is a violation of invariants derived from administrative procedures.
- * I.e., someone else has written to the audit partition, leaving less space
- * than we accounted for.
+ * this point only if we believe we have storage, so not having space here is
+ * a violation of invariants derived from administrative procedures. I.e.,
+ * someone else has written to the audit partition, leaving less space than
+ * we accounted for.
*/
static int
-audit_record_write(struct vnode *vp, struct kaudit_record *ar,
+audit_record_write(struct vnode *vp, struct kaudit_record *ar,
struct ucred *cred, struct thread *td)
{
int ret;
@@ -122,10 +122,10 @@ audit_record_write(struct vnode *vp, struct kaudit_record *ar,
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
/*
- * First, gather statistics on the audit log file and file system
- * so that we know how we're doing on space. In both cases,
- * if we're unable to perform the operation, we drop the record
- * and return. However, this is arguably an assertion failure.
+ * First, gather statistics on the audit log file and file system so
+ * that we know how we're doing on space. In both cases, if we're
+ * unable to perform the operation, we drop the record and return.
+ * However, this is arguably an assertion failure.
* XXX Need a FreeBSD equivalent.
*/
ret = VFS_STATFS(vp->v_mount, mnt_stat, td);
@@ -139,23 +139,24 @@ audit_record_write(struct vnode *vp, struct kaudit_record *ar,
goto out;
/* update the global stats struct */
- audit_fstat.af_currsz = vattr.va_size;
+ audit_fstat.af_currsz = vattr.va_size;
/*
* XXX Need to decide what to do if the trigger to the audit daemon
* fails.
*/
- /*
+ /*
* If we fall below minimum free blocks (hard limit), tell the audit
* daemon to force a rotation off of the file system. We also stop
- * writing, which means this audit record is probably lost.
- * If we fall below the minimum percent free blocks (soft limit),
- * then kindly suggest to the audit daemon to do something.
+ * writing, which means this audit record is probably lost. If we
+ * fall below the minimum percent free blocks (soft limit), then
+ * kindly suggest to the audit daemon to do something.
*/
if (mnt_stat->f_bfree < AUDIT_HARD_LIMIT_FREE_BLOCKS) {
(void)send_trigger(AUDIT_TRIGGER_NO_SPACE);
- /* Hopefully userspace did something about all the previous
+ /*
+ * Hopefully userspace did something about all the previous
* triggers that were sent prior to this critical condition.
* If fail-stop is set, then we're done; goodnight Gracie.
*/
@@ -167,26 +168,27 @@ audit_record_write(struct vnode *vp, struct kaudit_record *ar,
goto out;
}
} else
- /*
- * Send a message to the audit daemon that disk space
- * is getting low.
+ /*
+ * Send a message to the audit daemon that disk space is
+ * getting low.
*
* XXXAUDIT: Check math and block size calculation here.
*/
if (audit_qctrl.aq_minfree != 0) {
- temp = mnt_stat->f_blocks / (100 /
+ temp = mnt_stat->f_blocks / (100 /
audit_qctrl.aq_minfree);
if (mnt_stat->f_bfree < temp)
(void)send_trigger(AUDIT_TRIGGER_LOW_SPACE);
}
- /* Check if the current log file is full; if so, call for
- * a log rotate. This is not an exact comparison; we may
- * write some records over the limit. If that's not
- * acceptable, then add a fudge factor here.
+ /*
+ * Check if the current log file is full; if so, call for a log
+ * rotate. This is not an exact comparison; we may write some records
+ * over the limit. If that's not acceptable, then add a fudge factor
+ * here.
*/
if ((audit_fstat.af_filesz != 0) &&
- (audit_file_rotate_wait == 0) &&
+ (audit_file_rotate_wait == 0) &&
(vattr.va_size >= audit_fstat.af_filesz)) {
audit_file_rotate_wait = 1;
(void)send_trigger(AUDIT_TRIGGER_OPEN_NEW);
@@ -194,15 +196,14 @@ audit_record_write(struct vnode *vp, struct kaudit_record *ar,
/*
* If the estimated amount of audit data in the audit event queue
- * (plus records allocated but not yet queued) has reached the
- * amount of free space on the disk, then we need to go into an
- * audit fail stop state, in which we do not permit the
- * allocation/committing of any new audit records. We continue to
- * process packets but don't allow any activities that might
- * generate new records. In the future, we might want to detect
- * when space is available again and allow operation to continue,
- * but this behavior is sufficient to meet fail stop requirements
- * in CAPP.
+ * (plus records allocated but not yet queued) has reached the amount
+ * of free space on the disk, then we need to go into an audit fail
+ * stop state, in which we do not permit the allocation/committing of
+ * any new audit records. We continue to process packets but don't
+ * allow any activities that might generate new records. In the
+ * future, we might want to detect when space is available again and
+ * allow operation to continue, but this behavior is sufficient to
+ * meet fail stop requirements in CAPP.
*/
if (audit_fail_stop &&
(unsigned long)
@@ -213,15 +214,14 @@ audit_record_write(struct vnode *vp, struct kaudit_record *ar,
audit_in_failure = 1;
}
- /*
+ /*
* If there is a user audit record attached to the kernel record,
* then write the user record.
- */
- /* XXX Need to decide a few things here: IF the user audit
- * record is written, but the write of the kernel record fails,
- * what to do? Should the kernel record come before or after the
- * user record? For now, we write the user record first, and
- * we ignore errors.
+ *
+ * XXX Need to decide a few things here: IF the user audit record is
+ * written, but the write of the kernel record fails, what to do?
+ * Should the kernel record come before or after the user record?
+ * For now, we write the user record first, and we ignore errors.
*/
if (ar->k_ar_commit & AR_COMMIT_USER) {
/*
@@ -233,15 +233,15 @@ audit_record_write(struct vnode *vp, struct kaudit_record *ar,
* And to disk.
*/
ret = vn_rdwr(UIO_WRITE, vp, (void *)ar->k_udata, ar->k_ulen,
- (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, cred, NULL,
- NULL, td);
+ (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, cred, NULL,
+ NULL, td);
if (ret)
goto out;
}
- /*
- * Convert the internal kernel record to BSM format and write it
- * out if everything's OK.
+ /*
+ * Convert the internal kernel record to BSM format and write it out
+ * if everything's OK.
*/
if (!(ar->k_ar_commit & AR_COMMIT_KERNEL)) {
ret = 0;
@@ -259,8 +259,8 @@ audit_record_write(struct vnode *vp, struct kaudit_record *ar,
}
/*
- * XXX: We drop the record on BSM conversion failure, but really
- * this is an assertion failure.
+ * XXX: We drop the record on BSM conversion failure, but really this
+ * is an assertion failure.
*/
if (ret == BSM_FAILURE) {
AUDIT_PRINTF(("BSM conversion failure\n"));
@@ -272,28 +272,25 @@ audit_record_write(struct vnode *vp, struct kaudit_record *ar,
* Try submitting the record to any active audit pipes.
*/
audit_pipe_submit((void *)bsm->data, bsm->len);
-
+
/*
- * XXX
- * We should break the write functionality away from the BSM record
- * generation and have the BSM generation done before this function
- * is called. This function will then take the BSM record as a
- * parameter.
+ * XXX We should break the write functionality away from the BSM
+ * record generation and have the BSM generation done before this
+ * function is called. This function will then take the BSM record as
+ * a parameter.
*/
- ret = (vn_rdwr(UIO_WRITE, vp, (void *)bsm->data, bsm->len,
- (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, cred, NULL, NULL, td));
-
+ ret = (vn_rdwr(UIO_WRITE, vp, (void *)bsm->data, bsm->len, (off_t)0,
+ UIO_SYSSPACE, IO_APPEND|IO_UNIT, cred, NULL, NULL, td));
kau_free(bsm);
out:
/*
- * When we're done processing the current record, we have to
- * check to see if we're in a failure mode, and if so, whether
- * this was the last record left to be drained. If we're done
- * draining, then we fsync the vnode and panic.
+ * When we're done processing the current record, we have to check to
+ * see if we're in a failure mode, and if so, whether this was the
+ * last record left to be drained. If we're done draining, then we
+ * fsync the vnode and panic.
*/
- if (audit_in_failure &&
- audit_q_len == 0 && audit_pre_q_len == 0) {
+ if (audit_in_failure && audit_q_len == 0 && audit_pre_q_len == 0) {
VOP_LOCK(vp, LK_DRAIN | LK_INTERLOCK, td);
(void)VOP_FSYNC(vp, MNT_WAIT, td);
VOP_UNLOCK(vp, 0, td);
@@ -469,7 +466,7 @@ audit_worker(void *arg)
while ((ar = TAILQ_FIRST(&ar_worklist))) {
TAILQ_REMOVE(&ar_worklist, ar, k_q);
if (audit_vp != NULL) {
- error = audit_record_write(audit_vp, ar,
+ error = audit_record_write(audit_vp, ar,
audit_cred, audit_td);
if (error && audit_panic_on_write_fail)
panic("audit_worker: write error %d\n",
OpenPOWER on IntegriCloud