d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clean up audit comments--formatting, spelling, etc.

Browse Source
This commit is contained in:
Robert Watson 2007-06-01 21:58:59 +00:00
parent fcd7ed0e3a
commit d8c0f4dc21
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=170196
8 changed files with 70 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
sys/security/audit/audit.c
View File

@ -77,10 +77,9 @@ MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage");
MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage");
/*
* Audit control settings that are set/read by system calls and are
* hence non-static.
*/
/*
* Audit control settings that are set/read by system calls and are hence
* non-static.
*
* Define the audit control flags.
*/
int audit_enabled;
@ -117,12 +116,12 @@ struct au_mask audit_nae_mask;
struct mtx audit_mtx;
/*
* Queue of audit records ready for delivery to disk. We insert new
* records at the tail, and remove records from the head. Also,
* a count of the number of records used for checking queue depth.
* In addition, a counter of records that we have allocated but are
* not yet in the queue, which is needed to estimate the total
* size of the combined set of records outstanding in the system.
* Queue of audit records ready for delivery to disk. We insert new records
* at the tail, and remove records from the head. Also, a count of the
* number of records used for checking queue depth. In addition, a counter
* of records that we have allocated but are not yet in the queue, which is
* needed to estimate the total size of the combined set of records
* outstanding in the system.
*/
struct kaudit_queue audit_q;
int audit_q_len;
@ -134,9 +133,8 @@ int audit_pre_q_len;
struct au_qctrl audit_qctrl;
/*
* Condition variable to signal to the worker that it has work to do:
* either new records are in the queue, or a log replacement is taking
* place.
* Condition variable to signal to the worker that it has work to do: either
* new records are in the queue, or a log replacement is taking place.
*/
struct cv audit_worker_cv;
@ -149,8 +147,8 @@ struct cv audit_watermark_cv;
/*
* Condition variable for auditing threads wait on when in fail-stop mode.
* Threads wait on this CV forever (and ever), never seeing the light of
* day again.
* Threads wait on this CV forever (and ever), never seeing the light of day
* again.
*/
static struct cv audit_fail_cv;
@ -185,7 +183,6 @@ audit_record_ctor(void *mem, int size, void *arg, int flags)
ar->k_ar.ar_subj_amask = td->td_proc->p_au->ai_mask;
ar->k_ar.ar_subj_term_addr = td->td_proc->p_au->ai_termid;
PROC_UNLOCK(td->td_proc);
return (0);
}
@ -229,7 +226,7 @@ audit_init(void)
audit_argv = 0;
audit_arge = 0;
audit_fstat.af_filesz = 0; /* '0' means unset, unbounded */
audit_fstat.af_filesz = 0; /* '0' means unset, unbounded. */
audit_fstat.af_currsz = 0;
audit_nae_mask.am_success = AU_NULL;
audit_nae_mask.am_failure = AU_NULL;
@ -343,9 +340,8 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
return;
/*
* Decide whether to commit the audit record by checking the
* error value from the system call and using the appropriate
* audit mask.
* Decide whether to commit the audit record by checking the error
* value from the system call and using the appropriate audit mask.
*
* XXXAUDIT: Synchronize access to audit_nae_mask?
*/
@ -360,11 +356,11 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
sorf = AU_PRS_SUCCESS;
switch(ar->k_ar.ar_event) {
case AUE_OPEN_RWTC:
/* The open syscall always writes a AUE_OPEN_RWTC event; change
* it to the proper type of event based on the flags and the
* error value.
/*
* The open syscall always writes a AUE_OPEN_RWTC event;
* change it to the proper type of event based on the flags
* and the error value.
*/
ar->k_ar.ar_event = flags_and_error_to_openevent(
ar->k_ar.ar_arg_fflags, error);
@ -404,8 +400,8 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
ar->k_ar.ar_retval = retval;
/*
* We might want to do some system-wide post-filtering
* here at some point.
* We might want to do some system-wide post-filtering here at some
* point.
*/
/*
@ -413,12 +409,11 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
*/
nanotime(&ar->k_ar.ar_endtime);
mtx_lock(&audit_mtx);
/*
* Note: it could be that some records initiated while audit was
* enabled should still be committed?
*/
mtx_lock(&audit_mtx);
if (audit_suspended || !audit_enabled) {
audit_pre_q_len--;
mtx_unlock(&audit_mtx);
@ -482,8 +477,8 @@ audit_syscall_enter(unsigned short code, struct thread *td)
aumask = &td->td_proc->p_au->ai_mask;
/*
* Allocate an audit record, if preselection allows it, and store
* in the thread for later use.
* Allocate an audit record, if preselection allows it, and store in
* the thread for later use.
*/
class = au_event_class(event);
if (au_preselect(event, class, aumask, AU_PRS_BOTH)) {
@ -522,12 +517,11 @@ audit_syscall_exit(int error, struct thread *td)
int retval;
/*
* Commit the audit record as desired; once we pass the record
* into audit_commit(), the memory is owned by the audit
* subsystem.
* The return value from the system call is stored on the user
* thread. If there was an error, the return value is set to -1,
* imitating the behavior of the cerror routine.
* Commit the audit record as desired; once we pass the record into
* audit_commit(), the memory is owned by the audit subsystem. The
* return value from the system call is stored on the user thread.
* If there was an error, the return value is set to -1, imitating
* the behavior of the cerror routine.
*/
if (error)
retval = -1;
@ -583,6 +577,7 @@ audit_proc_kproc0(struct proc *p)
KASSERT(p->p_au != NULL, ("audit_proc_kproc0: p->p_au == NULL (%d)",
p->p_pid));
bzero(p->p_au, sizeof(*(p)->p_au));
}
@ -592,13 +587,14 @@ audit_proc_init(struct proc *p)
KASSERT(p->p_au != NULL, ("audit_proc_init: p->p_au == NULL (%d)",
p->p_pid));
bzero(p->p_au, sizeof(*(p)->p_au));
p->p_au->ai_auid = AU_DEFAUDITID;
}
/*
* Copy the audit info from the parent process to the child process when
* a fork takes place.
* Copy the audit info from the parent process to the child process when a
* fork takes place.
*/
void
audit_proc_fork(struct proc *parent, struct proc *child)
@ -610,6 +606,7 @@ audit_proc_fork(struct proc *parent, struct proc *child)
("audit_proc_fork: parent->p_au == NULL (%d)", parent->p_pid));
KASSERT(child->p_au != NULL,
("audit_proc_fork: child->p_au == NULL (%d)", child->p_pid));
bcopy(parent->p_au, child->p_au, sizeof(*child->p_au));
}
@ -621,6 +618,7 @@ audit_proc_free(struct proc *p)
{
KASSERT(p->p_au != NULL, ("p->p_au == NULL (%d)", p->p_pid));
free(p->p_au, M_AUDITPROC);
p->p_au = NULL;
}

16
sys/security/audit/audit.h
View File

@ -48,10 +48,10 @@
/*
* Audit subsystem condition flags. The audit_enabled flag is set and
* removed automatically as a result of configuring log files, and
* can be observed but should not be directly manipulated. The audit
* suspension flag permits audit to be temporarily disabled without
* reconfiguring the audit target.
* removed automatically as a result of configuring log files, and can be
* observed but should not be directly manipulated. The audit suspension
* flag permits audit to be temporarily disabled without reconfiguring the
* audit target.
*/
extern int audit_enabled;
extern int audit_suspended;
@ -121,9 +121,9 @@ void audit_syscall_enter(unsigned short code, struct thread *td);
void audit_syscall_exit(int error, struct thread *td);
/*
* The remaining kernel functions are conditionally compiled in as they
* are wrapped by a macro, and the macro should be the only place in
* the source tree where these functions are referenced.
* The remaining kernel functions are conditionally compiled in as they are
* wrapped by a macro, and the macro should be the only place in the source
* tree where these functions are referenced.
*/
#ifdef AUDIT
struct ipc_perm;
@ -196,7 +196,7 @@ void audit_thread_free(struct thread *td);
/*
* Wrap the audit_syscall_exit() function so that it is called only when
* auditing is enabled, or we have a audit record on the thread. It is
* auditing is enabled, or we have a audit record on the thread. It is
* possible that an audit record was begun before auditing was turned off.
*/
#define AUDIT_SYSCALL_EXIT(error, td) do { \

21
sys/security/audit/audit_arg.c
View File

@ -51,11 +51,10 @@
/*
* Calls to manipulate elements of the audit record structure from system
* call code. Macro wrappers will prevent this functions from being
* entered if auditing is disabled, avoiding the function call cost. We
* check the thread audit record pointer anyway, as the audit condition
* could change, and pre-selection may not have allocated an audit
* record for this event.
* call code. Macro wrappers will prevent this functions from being entered
* if auditing is disabled, avoiding the function call cost. We check the
* thread audit record pointer anyway, as the audit condition could change,
* and pre-selection may not have allocated an audit record for this event.
*
* XXXAUDIT: Should we assert, in each case, that this field of the record
* hasn't already been filled in?
@ -693,11 +692,13 @@ audit_arg_upath(struct thread *td, char *upath, u_int64_t flag)
* It is assumed that the caller will hold any vnode locks necessary to
* perform a VOP_GETATTR() on the passed vnode.
*
* XXX: The attr code is very similar to vfs_vnops.c:vn_stat(), but
* always provides access to the generation number as we need that
* to construct the BSM file ID.
* XXX: We should accept the process argument from the caller, since
* it's very likely they already have a reference.
* XXX: The attr code is very similar to vfs_vnops.c:vn_stat(), but always
* provides access to the generation number as we need that to construct the
* BSM file ID.
*
* XXX: We should accept the process argument from the caller, since it's
* very likely they already have a reference.
*
* XXX: Error handling in this function is poor.
*
* XXXAUDIT: Possibly KASSERT the path pointer is NULL?

5
sys/security/audit/audit_bsm.c
View File

@ -119,7 +119,7 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event)
tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
rec->data = malloc(tot_rec_size, M_AUDITBSM, M_WAITOK | M_ZERO);
/* Create the header token */
tm.tv_usec = ctime->tv_nsec / 1000;
tm.tv_sec = ctime->tv_sec;
hdr = au_to_header32_tm(tot_rec_size, event, 0, tm);
@ -128,7 +128,6 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event)
trail = au_to_trailer(tot_rec_size);
TAILQ_INSERT_TAIL(&rec->token_q, trail, tokens);
/* Serialize token data to the record. */
rec->len = tot_rec_size;
dptr = rec->data;
TAILQ_FOREACH(cur, &rec->token_q, tokens) {
@ -160,7 +159,7 @@ kau_free(struct au_record *rec)
}
/*
* XXX May want turn some (or all) of these macros into functions in order
* XXX: May want turn some (or all) of these macros into functions in order
* to reduce the generated code sized.
*
* XXXAUDIT: These macros assume that 'kar', 'ar', 'rec', and 'tok' in the

13
sys/security/audit/audit_bsm_klib.c
View File

@ -311,9 +311,9 @@ flags_and_error_to_openevent(int oflags, int error)
#if 0
/*
* Convert chatty errors to better matching events.
* Failures to find a file are really just attribute
* events - so recast them as such.
* Convert chatty errors to better matching events. Failures to
* find a file are really just attribute events -- so recast them as
* such.
*
* XXXAUDIT: Solaris defines that AUE_OPEN will never be returned, it
* is just a placeholder. However, in Darwin we return that in
@ -352,7 +352,7 @@ msgctl_to_event(int cmd)
return (AUE_MSGCTL_STAT);
default:
/* We will audit a bad command */
/* We will audit a bad command. */
return (AUE_MSGCTL);
}
}
@ -472,7 +472,7 @@ auditon_command_event(int cmd)
/*
* Create a canonical path from given path by prefixing either the root
* directory, or the current working directory. If the process working
* directory is NULL, we could use 'rootvnode' to obtain the root directoty,
* directory is NULL, we could use 'rootvnode' to obtain the root directory,
* but this results in a volfs name written to the audit log. So we will
* leave the filename starting with '/' in the audit log in this case.
*
@ -542,7 +542,6 @@ canon_path(struct thread *td, char *path, char *cpath)
cpath[0] = '\0';
vput(vnp);
VFS_UNLOCK_GIANT(vfslocked);
} else {
} else
strlcpy(cpath, bufp, MAXPATHLEN);
}
}

2
sys/security/audit/audit_pipe.c
View File

@ -328,7 +328,7 @@ audit_pipe_preselect_flush(struct audit_pipe *ap)
mtx_unlock(&audit_pipe_mtx);
}
/*
/*-
* Determine whether a specific audit pipe matches a record with these
* properties. Algorithm is as follows:
*

2
sys/security/audit/audit_private.h
View File

@ -291,7 +291,7 @@ extern int audit_in_failure;
/*
* Some of the BSM tokenizer functions take different parameters in the
* kernel implementations in order to save the copying of large kernel data
* structures. The prototypes of these functions are declared here.
* structures. The prototypes of these functions are declared here.
*/
token_t *kau_to_socket(struct socket_au_info *soi);

11
sys/security/audit/audit_worker.c
View File

@ -338,12 +338,11 @@ audit_worker_rotate(struct ucred **audit_credp, struct vnode **audit_vpp,
}
/*
* Signal that replacement have occurred to wake up and
* start any other replacements started in parallel. We can
* continue about our business in the mean time. We
* broadcast so that both new replacements can be inserted,
* but also so that the source(s) of replacement can return
* successfully.
* Signal that replacement have occurred to wake up and start any
* other replacements started in parallel. We can continue about our
* business in the mean time. We broadcast so that both new
* replacements can be inserted, but also so that the source(s) of
* replacement can return successfully.
*/
if (do_replacement_signal)
cv_broadcast(&audit_replacement_cv);