Merge Perforce change 93506 from TrustedBSD audit3 branch:

  Add ioctls to audit pipes in order to allow querying of the current
  record queue state, setting of the queue limit, and querying of pipe
  statistics.

Obtained from:	TrustedBSD Project

2 files changed, 98 insertions, 2 deletions

diff --git a/sys/security/audit/audit_ioctl.h b/sys/security/audit/audit_ioctl.h
new file mode 100644
index 0000000..0826836
--- /dev/null
+++ b/sys/security/audit/audit_ioctl.h
@@ -0,0 +1,53 @@
+/*-
+ * Copyright (c) 2006 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef	_SECURITY_AUDIT_AUDIT_IOCTL_H_
+#define	_SECURITY_AUDIT_AUDIT_IOCTL_H_
+
+#define	AUDITPIPE_IOBASE	'A'
+
+/*
+ * Ioctls to read and control the behavior of individual audit pipe devices.
+ */
+#define	AUDITPIPE_GET_QLEN		_IOR(AUDITPIPE_IOBASE, 1, u_int)
+#define	AUDITPIPE_GET_QLIMIT		_IOR(AUDITPIPE_IOBASE, 2, u_int)
+#define	AUDITPIPE_SET_QLIMIT		_IOW(AUDITPIPE_IOBASE, 3, u_int)
+#define	AUDITPIPE_GET_QLIMIT_MIN	_IOR(AUDITPIPE_IOBASE, 4, u_int)
+#define	AUDITPIPE_GET_QLIMIT_MAX	_IOR(AUDITPIPE_IOBASE, 5, u_int)
+
+/*
+ * Ioctls to retrieve audit pipe statistics.
+ */
+#define	AUDITPIPE_GET_INSERTS		_IOR(AUDITPIPE_IOBASE, 100, u_int64_t)
+#define	AUDITPIPE_GET_READS		_IOR(AUDITPIPE_IOBASE, 101, u_int64_t)
+#define	AUDITPIPE_GET_DROPS		_IOR(AUDITPIPE_IOBASE, 102, u_int64_t)
+#define	AUDITPIPE_GET_TRUNCATES		_IOR(AUDITPIPE_IOBASE, 103, u_int64_t)
+
+#endif /* _SECURITY_AUDIT_AUDIT_IOCTL_H_ */
diff --git a/sys/security/audit/audit_pipe.c b/sys/security/audit/audit_pipe.c
index 73da682..2514a8a 100644
--- a/sys/security/audit/audit_pipe.c
+++ b/sys/security/audit/audit_pipe.c
@@ -48,6 +48,7 @@
 #include <sys/uio.h>
 
 #include <security/audit/audit.h>
+#include <security/audit/audit_ioctl.h>
 #include <security/audit/audit_private.h>
 
 /*
@@ -68,6 +69,7 @@ static MALLOC_DEFINE(M_AUDIT_PIPE_ENTRY, "audit_pipeent",
  * Audit pipe buffer parameters.
  */
 #define	AUDIT_PIPE_QLIMIT_DEFAULT	(32)
+#define	AUDIT_PIPE_QLIMIT_MIN		(0)
 #define	AUDIT_PIPE_QLIMIT_MAX		(1024)
 
 /*
@@ -379,8 +381,8 @@ audit_pipe_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
 }
 
 /*
- * Audit pipe ioctl() routine.  Nothing for now, but eventually will allow
- * setting and retrieval of current queue depth, queue limit, flush, etc.
+ * Audit pipe ioctl() routine.  Handle file descriptor and audit pipe layer
+ * commands.
  *
  * Would be desirable to support filtering, although perhaps something simple
  * like an event mask, as opposed to something complicated like BPF.
@@ -433,6 +435,47 @@ audit_pipe_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag,
 	case FIOGETOWN:
 		*(int *)data = fgetown(&ap->ap_sigio);
 		error = 0;
+		break;
+
+	case AUDITPIPE_GET_QLEN:
+		*(u_int *)data = ap->ap_qlen;
+		error = 0;
+		break;
+
+	case AUDITPIPE_GET_QLIMIT:
+		*(u_int *)data = ap->ap_qlimit;
+		error = 0;
+		break;
+
+	case AUDITPIPE_SET_QLIMIT:
+		/* Lockless integer write. */
+		if (*(u_int *)data >= AUDIT_PIPE_QLIMIT_MIN ||
+		    *(u_int *)data <= AUDIT_PIPE_QLIMIT_MAX) {
+			ap->ap_qlimit = *(u_int *)data;
+			error = 0;
+		} else
+			error = EINVAL;
+		break;
+
+	case AUDITPIPE_GET_INSERTS:
+		*(u_int *)data = ap->ap_inserts;
+		error = 0;
+		break;
+
+	case AUDITPIPE_GET_READS:
+		*(u_int *)data = ap->ap_reads;
+		error = 0;
+		break;
+
+	case AUDITPIPE_GET_DROPS:
+		*(u_int *)data = ap->ap_drops;
+		error = 0;
+		break;
+
+	case AUDITPIPE_GET_TRUNCATES:
+		*(u_int *)data = ap->ap_truncates;
+		error = 0;
+		break;
 
 	default:
 		error = ENOTTY;