Audit the remaining parameters to the extattr system calls. Generate
the audit records for those calls. Obtained from: TrustedBSD Project Approved by: rwatson (mentor)
This commit is contained in:
Wayne Salamon
parent
6435cdafa3
commit
65ee602e0c
@ -4371,6 +4371,8 @@ extattrctl(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, fnvfslocked, error;
|
||||
|
||||
AUDIT_ARG(cmd, uap->cmd);
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
/*
|
||||
* uap->attrname is not always defined. We check again later when we
|
||||
* invoke the VFS call so as to pass in NULL there if needed.
|
||||
@ -4381,6 +4383,7 @@ extattrctl(td, uap)
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
vfslocked = fnvfslocked = 0;
|
||||
/*
|
||||
@ -4509,9 +4512,12 @@ extattr_set_fd(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(fd, uap->fd);
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
||||
if (error)
|
||||
@ -4541,9 +4547,11 @@ extattr_set_file(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4576,9 +4584,11 @@ extattr_set_link(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4683,9 +4693,12 @@ extattr_get_fd(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(fd, uap->fd);
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
||||
if (error)
|
||||
@ -4715,9 +4728,11 @@ extattr_get_file(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4750,9 +4765,11 @@ extattr_get_link(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4827,9 +4844,12 @@ extattr_delete_fd(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(fd, uap->fd);
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
||||
if (error)
|
||||
@ -4856,9 +4876,11 @@ extattr_delete_file(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return(error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4887,9 +4909,11 @@ extattr_delete_link(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return(error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4985,6 +5009,8 @@ extattr_list_fd(td, uap)
|
||||
struct file *fp;
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(fd, uap->fd);
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
||||
if (error)
|
||||
return (error);
|
||||
@ -5011,6 +5037,7 @@ extattr_list_file(td, uap)
|
||||
struct nameidata nd;
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
error = namei(&nd);
|
||||
@ -5040,6 +5067,7 @@ extattr_list_link(td, uap)
|
||||
struct nameidata nd;
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
error = namei(&nd);
|
||||
|
||||
@ -4371,6 +4371,8 @@ extattrctl(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, fnvfslocked, error;
|
||||
|
||||
AUDIT_ARG(cmd, uap->cmd);
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
/*
|
||||
* uap->attrname is not always defined. We check again later when we
|
||||
* invoke the VFS call so as to pass in NULL there if needed.
|
||||
@ -4381,6 +4383,7 @@ extattrctl(td, uap)
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
vfslocked = fnvfslocked = 0;
|
||||
/*
|
||||
@ -4509,9 +4512,12 @@ extattr_set_fd(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(fd, uap->fd);
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
||||
if (error)
|
||||
@ -4541,9 +4547,11 @@ extattr_set_file(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4576,9 +4584,11 @@ extattr_set_link(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4683,9 +4693,12 @@ extattr_get_fd(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(fd, uap->fd);
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
||||
if (error)
|
||||
@ -4715,9 +4728,11 @@ extattr_get_file(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4750,9 +4765,11 @@ extattr_get_link(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4827,9 +4844,12 @@ extattr_delete_fd(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(fd, uap->fd);
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return (error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
||||
if (error)
|
||||
@ -4856,9 +4876,11 @@ extattr_delete_file(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return(error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4887,9 +4909,11 @@ extattr_delete_link(td, uap)
|
||||
char attrname[EXTATTR_MAXNAMELEN];
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
||||
if (error)
|
||||
return(error);
|
||||
AUDIT_ARG(text, attrname);
|
||||
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
@ -4985,6 +5009,8 @@ extattr_list_fd(td, uap)
|
||||
struct file *fp;
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(fd, uap->fd);
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
||||
if (error)
|
||||
return (error);
|
||||
@ -5011,6 +5037,7 @@ extattr_list_file(td, uap)
|
||||
struct nameidata nd;
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
error = namei(&nd);
|
||||
@ -5040,6 +5067,7 @@ extattr_list_link(td, uap)
|
||||
struct nameidata nd;
|
||||
int vfslocked, error;
|
||||
|
||||
AUDIT_ARG(value, uap->attrnamespace);
|
||||
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
||||
uap->path, td);
|
||||
error = namei(&nd);
|
||||
|
||||
@ -36,6 +36,7 @@
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/extattr.h>
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/user.h>
|
||||
#include <sys/systm.h>
|
||||
@ -237,6 +238,29 @@ kau_free(struct au_record *rec)
|
||||
} \
|
||||
} while (0) \
|
||||
|
||||
#define EXTATTR_TOKENS do { \
|
||||
if (ARG_IS_VALID(kar, ARG_VALUE)) { \
|
||||
switch (ar->ar_arg_value) { \
|
||||
case EXTATTR_NAMESPACE_USER: \
|
||||
tok = au_to_text(EXTATTR_NAMESPACE_USER_STRING);\
|
||||
break; \
|
||||
case EXTATTR_NAMESPACE_SYSTEM: \
|
||||
tok = au_to_text(EXTATTR_NAMESPACE_SYSTEM_STRING);\
|
||||
break; \
|
||||
default: \
|
||||
tok = au_to_arg32(3, "attrnamespace", \
|
||||
ar->ar_arg_value); \
|
||||
break; \
|
||||
} \
|
||||
kau_write(rec, tok); \
|
||||
} \
|
||||
/* attrname is in the text field */ \
|
||||
if (ARG_IS_VALID(kar, ARG_TEXT)) { \
|
||||
tok = au_to_text(ar->ar_arg_text); \
|
||||
kau_write(rec, tok); \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* Implement auditing for the auditon() system call. The audit tokens that
|
||||
* are generated depend on the command that was sent into the auditon()
|
||||
@ -612,6 +636,41 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
|
||||
UPATH1_VNODE1_TOKENS;
|
||||
break;
|
||||
|
||||
case AUE_EXTATTRCTL:
|
||||
UPATH1_VNODE1_TOKENS;
|
||||
if (ARG_IS_VALID(kar, ARG_CMD)) {
|
||||
tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
|
||||
kau_write(rec, tok);
|
||||
}
|
||||
/* extattrctl(2) filename parameter is in upath2/vnode2 */
|
||||
UPATH2_TOKENS;
|
||||
VNODE2_TOKENS;
|
||||
EXTATTR_TOKENS;
|
||||
break;
|
||||
|
||||
case AUE_EXTATTR_GET_FILE:
|
||||
case AUE_EXTATTR_SET_FILE:
|
||||
case AUE_EXTATTR_LIST_FILE:
|
||||
case AUE_EXTATTR_DELETE_FILE:
|
||||
case AUE_EXTATTR_GET_LINK:
|
||||
case AUE_EXTATTR_SET_LINK:
|
||||
case AUE_EXTATTR_LIST_LINK:
|
||||
case AUE_EXTATTR_DELETE_LINK:
|
||||
UPATH1_VNODE1_TOKENS;
|
||||
EXTATTR_TOKENS;
|
||||
break;
|
||||
|
||||
case AUE_EXTATTR_GET_FD:
|
||||
case AUE_EXTATTR_SET_FD:
|
||||
case AUE_EXTATTR_LIST_FD:
|
||||
case AUE_EXTATTR_DELETE_FD:
|
||||
if (ARG_IS_VALID(kar, ARG_FD)) {
|
||||
tok = au_to_arg32(2, "fd", ar->ar_arg_fd);
|
||||
kau_write(rec, tok);
|
||||
}
|
||||
EXTATTR_TOKENS;
|
||||
break;
|
||||
|
||||
case AUE_FCHMOD:
|
||||
if (ARG_IS_VALID(kar, ARG_MODE)) {
|
||||
tok = au_to_arg32(2, "new file mode",
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user