summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authorcsjp <csjp@FreeBSD.org>2006-09-17 17:52:57 +0000
committercsjp <csjp@FreeBSD.org>2006-09-17 17:52:57 +0000
commitd271a339201865bf8e6b9972ae175529a0382651 (patch)
treee0678a975ebf26a2cc0524f678c60042bf18962d /sys
parent36d05684e77bc80a444da3110fb255b3a664aed9 (diff)
downloadFreeBSD-src-d271a339201865bf8e6b9972ae175529a0382651.zip
FreeBSD-src-d271a339201865bf8e6b9972ae175529a0382651.tar.gz
Correct a slight regression which was introduced with the implementation of
audit pipes. If the kernel record was not selected for the trail or the pipe, any user supplied record attached to it would be tossed away, resulting in otherwise selected events being lost. - Introduce two new masks: AR_PRESELECT_USER_TRAIL AR_PRESELECT_USER_PIPE, currently we have AR_PRESELECT_TRAIL and AR_PRESELECT_PIPE, which tells the audit worker that we are interested in the kernel record, with the additional masks we can determine if either the pipe or trail is interested in seeing the kernel or user record. - In audit(2), we unconditionally set the AR_PRESELECT_USER_TRAIL and AR_PRESELECT_USER_PIPE masks under the assumption that userspace has done the preselection [1]. Currently, there is work being done that allows the kernel to parse and preselect user supplied records, so in the future preselection could occur in either layer. But there is still a few details to work out here. [1] At some point we need to teach au_preselect(3) about the interests of all the individual audit pipes. This is a RELENG_6 candidate. Reviewed by: rwatson Obtained from: TrustedBSD Project MFC after: 1 week
Diffstat (limited to 'sys')
-rw-r--r--sys/security/audit/audit.c4
-rw-r--r--sys/security/audit/audit_private.h3
-rw-r--r--sys/security/audit/audit_syscalls.c8
-rw-r--r--sys/security/audit/audit_worker.c10
4 files changed, 20 insertions, 5 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index 813d0fa..31b6178 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -396,8 +396,8 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
if (audit_pipe_preselect(auid, event, class, sorf,
ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0)
ar->k_ar_commit |= AR_PRESELECT_PIPE;
- if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE)) ==
- 0) {
+ if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE |
+ AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE)) == 0) {
mtx_lock(&audit_mtx);
audit_pre_q_len--;
mtx_unlock(&audit_mtx);
diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h
index f6cd17a..e232bcd 100644
--- a/sys/security/audit/audit_private.h
+++ b/sys/security/audit/audit_private.h
@@ -96,6 +96,9 @@ extern int audit_arge;
#define AR_PRESELECT_TRAIL 0x00001000U
#define AR_PRESELECT_PIPE 0x00002000U
+#define AR_PRESELECT_USER_TRAIL 0x00004000U
+#define AR_PRESELECT_USER_PIPE 0x00008000U
+
/*
* Audit data is generated as a stream of struct audit_record structures,
* linked by struct kaudit_record, and contain storage for possible audit so
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c
index eb18c76..03884b2 100644
--- a/sys/security/audit/audit_syscalls.c
+++ b/sys/security/audit/audit_syscalls.c
@@ -118,6 +118,14 @@ audit(struct thread *td, struct audit_args *uap)
ar->k_udata = rec;
ar->k_ulen = uap->length;
ar->k_ar_commit |= AR_COMMIT_USER;
+
+ /*
+ * Currently we assume that all preselection has been performed in
+ * userspace. We unconditionally set these masks so that the records
+ * get committed both to the trail and pipe. In the future we will
+ * want to setup kernel based preselection.
+ */
+ ar->k_ar_commit |= (AR_PRESELECT_USER_TRAIL | AR_PRESELECT_USER_PIPE);
return (0);
free_out:
diff --git a/sys/security/audit/audit_worker.c b/sys/security/audit/audit_worker.c
index d4cef64..cfe46fa 100644
--- a/sys/security/audit/audit_worker.c
+++ b/sys/security/audit/audit_worker.c
@@ -323,7 +323,7 @@ audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred,
int sorf;
if ((ar->k_ar_commit & AR_COMMIT_USER) &&
- (ar->k_ar_commit & AR_PRESELECT_TRAIL)) {
+ (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) {
error = audit_record_write(audit_vp, audit_cred, audit_td,
ar->k_udata, ar->k_ulen);
if (error && audit_panic_on_write_fail)
@@ -331,11 +331,14 @@ audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred,
else if (error)
printf("audit_worker: write error %d\n", error);
}
+
if ((ar->k_ar_commit & AR_COMMIT_USER) &&
- (ar->k_ar_commit & AR_PRESELECT_PIPE))
+ (ar->k_ar_commit & AR_PRESELECT_USER_PIPE))
audit_pipe_submit_user(ar->k_udata, ar->k_ulen);
- if (!(ar->k_ar_commit & AR_COMMIT_KERNEL))
+ if (!(ar->k_ar_commit & AR_COMMIT_KERNEL) ||
+ ((ar->k_ar_commit & AR_PRESELECT_PIPE) == 0 &&
+ (ar->k_ar_commit & AR_PRESELECT_TRAIL) == 0))
return;
auid = ar->k_ar.ar_subj_auid;
@@ -372,6 +375,7 @@ audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred,
printf("audit_worker: write error %d\n",
error);
}
+
if (ar->k_ar_commit & AR_PRESELECT_PIPE)
audit_pipe_submit(auid, event, class, sorf,
ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data,
OpenPOWER on IntegriCloud