diff options
-rw-r--r-- | sys/security/audit/audit.c | 74 | ||||
-rw-r--r-- | sys/security/audit/audit.h | 16 | ||||
-rw-r--r-- | sys/security/audit/audit_arg.c | 21 | ||||
-rw-r--r-- | sys/security/audit/audit_bsm.c | 5 | ||||
-rw-r--r-- | sys/security/audit/audit_bsm_klib.c | 13 | ||||
-rw-r--r-- | sys/security/audit/audit_pipe.c | 2 | ||||
-rw-r--r-- | sys/security/audit/audit_private.h | 2 | ||||
-rw-r--r-- | sys/security/audit/audit_worker.c | 11 |
8 files changed, 70 insertions, 74 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c index 8a7e47f..6f1fef6 100644 --- a/sys/security/audit/audit.c +++ b/sys/security/audit/audit.c @@ -77,10 +77,9 @@ MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage"); MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage"); /* - * Audit control settings that are set/read by system calls and are - * hence non-static. - */ -/* + * Audit control settings that are set/read by system calls and are hence + * non-static. + * * Define the audit control flags. */ int audit_enabled; @@ -117,12 +116,12 @@ struct au_mask audit_nae_mask; struct mtx audit_mtx; /* - * Queue of audit records ready for delivery to disk. We insert new - * records at the tail, and remove records from the head. Also, - * a count of the number of records used for checking queue depth. - * In addition, a counter of records that we have allocated but are - * not yet in the queue, which is needed to estimate the total - * size of the combined set of records outstanding in the system. + * Queue of audit records ready for delivery to disk. We insert new records + * at the tail, and remove records from the head. Also, a count of the + * number of records used for checking queue depth. In addition, a counter + * of records that we have allocated but are not yet in the queue, which is + * needed to estimate the total size of the combined set of records + * outstanding in the system. */ struct kaudit_queue audit_q; int audit_q_len; @@ -134,9 +133,8 @@ int audit_pre_q_len; struct au_qctrl audit_qctrl; /* - * Condition variable to signal to the worker that it has work to do: - * either new records are in the queue, or a log replacement is taking - * place. + * Condition variable to signal to the worker that it has work to do: either + * new records are in the queue, or a log replacement is taking place. */ struct cv audit_worker_cv; @@ -149,8 +147,8 @@ struct cv audit_watermark_cv; /* * Condition variable for auditing threads wait on when in fail-stop mode. - * Threads wait on this CV forever (and ever), never seeing the light of - * day again. + * Threads wait on this CV forever (and ever), never seeing the light of day + * again. */ static struct cv audit_fail_cv; @@ -185,7 +183,6 @@ audit_record_ctor(void *mem, int size, void *arg, int flags) ar->k_ar.ar_subj_amask = td->td_proc->p_au->ai_mask; ar->k_ar.ar_subj_term_addr = td->td_proc->p_au->ai_termid; PROC_UNLOCK(td->td_proc); - return (0); } @@ -229,7 +226,7 @@ audit_init(void) audit_argv = 0; audit_arge = 0; - audit_fstat.af_filesz = 0; /* '0' means unset, unbounded */ + audit_fstat.af_filesz = 0; /* '0' means unset, unbounded. */ audit_fstat.af_currsz = 0; audit_nae_mask.am_success = AU_NULL; audit_nae_mask.am_failure = AU_NULL; @@ -343,9 +340,8 @@ audit_commit(struct kaudit_record *ar, int error, int retval) return; /* - * Decide whether to commit the audit record by checking the - * error value from the system call and using the appropriate - * audit mask. + * Decide whether to commit the audit record by checking the error + * value from the system call and using the appropriate audit mask. * * XXXAUDIT: Synchronize access to audit_nae_mask? */ @@ -360,11 +356,11 @@ audit_commit(struct kaudit_record *ar, int error, int retval) sorf = AU_PRS_SUCCESS; switch(ar->k_ar.ar_event) { - case AUE_OPEN_RWTC: - /* The open syscall always writes a AUE_OPEN_RWTC event; change - * it to the proper type of event based on the flags and the - * error value. + /* + * The open syscall always writes a AUE_OPEN_RWTC event; + * change it to the proper type of event based on the flags + * and the error value. */ ar->k_ar.ar_event = flags_and_error_to_openevent( ar->k_ar.ar_arg_fflags, error); @@ -404,8 +400,8 @@ audit_commit(struct kaudit_record *ar, int error, int retval) ar->k_ar.ar_retval = retval; /* - * We might want to do some system-wide post-filtering - * here at some point. + * We might want to do some system-wide post-filtering here at some + * point. */ /* @@ -413,12 +409,11 @@ audit_commit(struct kaudit_record *ar, int error, int retval) */ nanotime(&ar->k_ar.ar_endtime); - mtx_lock(&audit_mtx); - /* * Note: it could be that some records initiated while audit was * enabled should still be committed? */ + mtx_lock(&audit_mtx); if (audit_suspended || !audit_enabled) { audit_pre_q_len--; mtx_unlock(&audit_mtx); @@ -482,8 +477,8 @@ audit_syscall_enter(unsigned short code, struct thread *td) aumask = &td->td_proc->p_au->ai_mask; /* - * Allocate an audit record, if preselection allows it, and store - * in the thread for later use. + * Allocate an audit record, if preselection allows it, and store in + * the thread for later use. */ class = au_event_class(event); if (au_preselect(event, class, aumask, AU_PRS_BOTH)) { @@ -522,12 +517,11 @@ audit_syscall_exit(int error, struct thread *td) int retval; /* - * Commit the audit record as desired; once we pass the record - * into audit_commit(), the memory is owned by the audit - * subsystem. - * The return value from the system call is stored on the user - * thread. If there was an error, the return value is set to -1, - * imitating the behavior of the cerror routine. + * Commit the audit record as desired; once we pass the record into + * audit_commit(), the memory is owned by the audit subsystem. The + * return value from the system call is stored on the user thread. + * If there was an error, the return value is set to -1, imitating + * the behavior of the cerror routine. */ if (error) retval = -1; @@ -583,6 +577,7 @@ audit_proc_kproc0(struct proc *p) KASSERT(p->p_au != NULL, ("audit_proc_kproc0: p->p_au == NULL (%d)", p->p_pid)); + bzero(p->p_au, sizeof(*(p)->p_au)); } @@ -592,13 +587,14 @@ audit_proc_init(struct proc *p) KASSERT(p->p_au != NULL, ("audit_proc_init: p->p_au == NULL (%d)", p->p_pid)); + bzero(p->p_au, sizeof(*(p)->p_au)); p->p_au->ai_auid = AU_DEFAUDITID; } /* - * Copy the audit info from the parent process to the child process when - * a fork takes place. + * Copy the audit info from the parent process to the child process when a + * fork takes place. */ void audit_proc_fork(struct proc *parent, struct proc *child) @@ -610,6 +606,7 @@ audit_proc_fork(struct proc *parent, struct proc *child) ("audit_proc_fork: parent->p_au == NULL (%d)", parent->p_pid)); KASSERT(child->p_au != NULL, ("audit_proc_fork: child->p_au == NULL (%d)", child->p_pid)); + bcopy(parent->p_au, child->p_au, sizeof(*child->p_au)); } @@ -621,6 +618,7 @@ audit_proc_free(struct proc *p) { KASSERT(p->p_au != NULL, ("p->p_au == NULL (%d)", p->p_pid)); + free(p->p_au, M_AUDITPROC); p->p_au = NULL; } diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h index 7a616f8..bfb3b58 100644 --- a/sys/security/audit/audit.h +++ b/sys/security/audit/audit.h @@ -48,10 +48,10 @@ /* * Audit subsystem condition flags. The audit_enabled flag is set and - * removed automatically as a result of configuring log files, and - * can be observed but should not be directly manipulated. The audit - * suspension flag permits audit to be temporarily disabled without - * reconfiguring the audit target. + * removed automatically as a result of configuring log files, and can be + * observed but should not be directly manipulated. The audit suspension + * flag permits audit to be temporarily disabled without reconfiguring the + * audit target. */ extern int audit_enabled; extern int audit_suspended; @@ -121,9 +121,9 @@ void audit_syscall_enter(unsigned short code, struct thread *td); void audit_syscall_exit(int error, struct thread *td); /* - * The remaining kernel functions are conditionally compiled in as they - * are wrapped by a macro, and the macro should be the only place in - * the source tree where these functions are referenced. + * The remaining kernel functions are conditionally compiled in as they are + * wrapped by a macro, and the macro should be the only place in the source + * tree where these functions are referenced. */ #ifdef AUDIT struct ipc_perm; @@ -196,7 +196,7 @@ void audit_thread_free(struct thread *td); /* * Wrap the audit_syscall_exit() function so that it is called only when - * auditing is enabled, or we have a audit record on the thread. It is + * auditing is enabled, or we have a audit record on the thread. It is * possible that an audit record was begun before auditing was turned off. */ #define AUDIT_SYSCALL_EXIT(error, td) do { \ diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c index 9d2e241..b5e565a 100644 --- a/sys/security/audit/audit_arg.c +++ b/sys/security/audit/audit_arg.c @@ -51,11 +51,10 @@ /* * Calls to manipulate elements of the audit record structure from system - * call code. Macro wrappers will prevent this functions from being - * entered if auditing is disabled, avoiding the function call cost. We - * check the thread audit record pointer anyway, as the audit condition - * could change, and pre-selection may not have allocated an audit - * record for this event. + * call code. Macro wrappers will prevent this functions from being entered + * if auditing is disabled, avoiding the function call cost. We check the + * thread audit record pointer anyway, as the audit condition could change, + * and pre-selection may not have allocated an audit record for this event. * * XXXAUDIT: Should we assert, in each case, that this field of the record * hasn't already been filled in? @@ -693,11 +692,13 @@ audit_arg_upath(struct thread *td, char *upath, u_int64_t flag) * It is assumed that the caller will hold any vnode locks necessary to * perform a VOP_GETATTR() on the passed vnode. * - * XXX: The attr code is very similar to vfs_vnops.c:vn_stat(), but - * always provides access to the generation number as we need that - * to construct the BSM file ID. - * XXX: We should accept the process argument from the caller, since - * it's very likely they already have a reference. + * XXX: The attr code is very similar to vfs_vnops.c:vn_stat(), but always + * provides access to the generation number as we need that to construct the + * BSM file ID. + * + * XXX: We should accept the process argument from the caller, since it's + * very likely they already have a reference. + * * XXX: Error handling in this function is poor. * * XXXAUDIT: Possibly KASSERT the path pointer is NULL? diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index 5019dd7..365bf2f 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -119,7 +119,7 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event) tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; rec->data = malloc(tot_rec_size, M_AUDITBSM, M_WAITOK | M_ZERO); - /* Create the header token */ + tm.tv_usec = ctime->tv_nsec / 1000; tm.tv_sec = ctime->tv_sec; hdr = au_to_header32_tm(tot_rec_size, event, 0, tm); @@ -128,7 +128,6 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event) trail = au_to_trailer(tot_rec_size); TAILQ_INSERT_TAIL(&rec->token_q, trail, tokens); - /* Serialize token data to the record. */ rec->len = tot_rec_size; dptr = rec->data; TAILQ_FOREACH(cur, &rec->token_q, tokens) { @@ -160,7 +159,7 @@ kau_free(struct au_record *rec) } /* - * XXX May want turn some (or all) of these macros into functions in order + * XXX: May want turn some (or all) of these macros into functions in order * to reduce the generated code sized. * * XXXAUDIT: These macros assume that 'kar', 'ar', 'rec', and 'tok' in the diff --git a/sys/security/audit/audit_bsm_klib.c b/sys/security/audit/audit_bsm_klib.c index 80df557..66ccdd9 100644 --- a/sys/security/audit/audit_bsm_klib.c +++ b/sys/security/audit/audit_bsm_klib.c @@ -311,9 +311,9 @@ flags_and_error_to_openevent(int oflags, int error) #if 0 /* - * Convert chatty errors to better matching events. - * Failures to find a file are really just attribute - * events - so recast them as such. + * Convert chatty errors to better matching events. Failures to + * find a file are really just attribute events -- so recast them as + * such. * * XXXAUDIT: Solaris defines that AUE_OPEN will never be returned, it * is just a placeholder. However, in Darwin we return that in @@ -352,7 +352,7 @@ msgctl_to_event(int cmd) return (AUE_MSGCTL_STAT); default: - /* We will audit a bad command */ + /* We will audit a bad command. */ return (AUE_MSGCTL); } } @@ -472,7 +472,7 @@ auditon_command_event(int cmd) /* * Create a canonical path from given path by prefixing either the root * directory, or the current working directory. If the process working - * directory is NULL, we could use 'rootvnode' to obtain the root directoty, + * directory is NULL, we could use 'rootvnode' to obtain the root directory, * but this results in a volfs name written to the audit log. So we will * leave the filename starting with '/' in the audit log in this case. * @@ -542,7 +542,6 @@ canon_path(struct thread *td, char *path, char *cpath) cpath[0] = '\0'; vput(vnp); VFS_UNLOCK_GIANT(vfslocked); - } else { + } else strlcpy(cpath, bufp, MAXPATHLEN); - } } diff --git a/sys/security/audit/audit_pipe.c b/sys/security/audit/audit_pipe.c index 3cc41ef..5f83404 100644 --- a/sys/security/audit/audit_pipe.c +++ b/sys/security/audit/audit_pipe.c @@ -328,7 +328,7 @@ audit_pipe_preselect_flush(struct audit_pipe *ap) mtx_unlock(&audit_pipe_mtx); } -/* +/*- * Determine whether a specific audit pipe matches a record with these * properties. Algorithm is as follows: * diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h index 541e5af..1e5aa83 100644 --- a/sys/security/audit/audit_private.h +++ b/sys/security/audit/audit_private.h @@ -291,7 +291,7 @@ extern int audit_in_failure; /* * Some of the BSM tokenizer functions take different parameters in the * kernel implementations in order to save the copying of large kernel data - * structures. The prototypes of these functions are declared here. + * structures. The prototypes of these functions are declared here. */ token_t *kau_to_socket(struct socket_au_info *soi); diff --git a/sys/security/audit/audit_worker.c b/sys/security/audit/audit_worker.c index 8f9479e..cdf1cf2 100644 --- a/sys/security/audit/audit_worker.c +++ b/sys/security/audit/audit_worker.c @@ -338,12 +338,11 @@ audit_worker_rotate(struct ucred **audit_credp, struct vnode **audit_vpp, } /* - * Signal that replacement have occurred to wake up and - * start any other replacements started in parallel. We can - * continue about our business in the mean time. We - * broadcast so that both new replacements can be inserted, - * but also so that the source(s) of replacement can return - * successfully. + * Signal that replacement have occurred to wake up and start any + * other replacements started in parallel. We can continue about our + * business in the mean time. We broadcast so that both new + * replacements can be inserted, but also so that the source(s) of + * replacement can return successfully. */ if (do_replacement_signal) cv_broadcast(&audit_replacement_cv); |