FreeBSD Bugzilla – Attachment 137127 Details for
Bug 182521
[openbsm] [patch] BSM subsystem modifications
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 30.66 KB, created by
Chariton Karamitas
on 2013-09-30 20:50:00 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Chariton Karamitas
Created:
2013-09-30 20:50:00 UTC
Size:
30.66 KB
patch
obsolete
>diff -ur src.orig/contrib/openbsm/bsm/libbsm.h src/contrib/openbsm/bsm/libbsm.h >--- src.orig/contrib/openbsm/bsm/libbsm.h 2012-01-03 05:24:43.000000000 +0200 >+++ src/contrib/openbsm/bsm/libbsm.h 2013-01-14 00:19:18.000000000 +0200 >@@ -601,6 +601,7 @@ > u_int32_t egid; > u_int32_t ruid; > u_int32_t rgid; >+ u_int32_t lwpid; > u_int32_t pid; > u_int32_t sid; > au_tid32_t tid; >@@ -612,6 +613,7 @@ > u_int32_t egid; > u_int32_t ruid; > u_int32_t rgid; >+ u_int32_t lwpid; > u_int32_t pid; > u_int32_t sid; > au_tid64_t tid; >@@ -636,6 +638,7 @@ > u_int32_t egid; > u_int32_t ruid; > u_int32_t rgid; >+ u_int32_t lwpid; > u_int32_t pid; > u_int32_t sid; > au_tidaddr32_t tid; >@@ -647,6 +650,7 @@ > u_int32_t egid; > u_int32_t ruid; > u_int32_t rgid; >+ u_int32_t lwpid; > u_int32_t pid; > u_int32_t sid; > au_tidaddr64_t tid; >@@ -1088,8 +1092,8 @@ > * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. > */ > int audit_write_success(short event_code, token_t *misctok, au_id_t auid, >- uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, >- au_asid_t sid, au_tid_t *tid); >+ uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, lwpid_t lwpid, >+ pid_t pid, au_asid_t sid, au_tid_t *tid); > > /* > * audit_write_success_self() >@@ -1158,7 +1162,7 @@ > */ > int audit_write_failure(short event_code, char *errmsg, int errret, > au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, >- pid_t pid, au_asid_t sid, au_tid_t *tid); >+ lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid); > > /* > * audit_write_failure_self() >@@ -1215,7 +1219,7 @@ > * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. > */ > int audit_write_failure_na(short event_code, char *errmsg, int errret, >- uid_t euid, gid_t egid, pid_t pid, au_tid_t *tid); >+ uid_t euid, gid_t egid, lwpid_t lwpid, pid_t pid, au_tid_t *tid); > > /* END au_write() WRAPPERS */ > >diff -ur src.orig/contrib/openbsm/libauditd/auditd_lib.c src/contrib/openbsm/libauditd/auditd_lib.c >--- src.orig/contrib/openbsm/libauditd/auditd_lib.c 2012-01-03 05:24:43.000000000 +0200 >+++ src/contrib/openbsm/libauditd/auditd_lib.c 2013-01-14 00:41:51.000000000 +0200 >@@ -44,6 +44,7 @@ > > #include <sys/stat.h> > #include <sys/time.h> >+#include <sys/thr.h> > > #include <netinet/in.h> > >@@ -943,10 +944,13 @@ > int aufd; > uid_t uid; > pid_t pid; >+ long lwpid = -1; > char *autext = NULL; > token_t *tok; > struct auditinfo_addr aia; > >+ thr_self(&lwpid); >+ > if (event == AUE_audit_startup) > asprintf(&autext, "%s::Audit startup", getprogname()); > else if (event == AUE_audit_shutdown) >@@ -965,7 +969,7 @@ > bzero(&aia, sizeof(aia)); > uid = getuid(); pid = getpid(); > if ((tok = au_to_subject32_ex(uid, geteuid(), getegid(), uid, getgid(), >- pid, pid, &aia.ai_termid)) != NULL) >+ (lwpid_t)lwpid, pid, pid, &aia.ai_termid)) != NULL) > au_write(aufd, tok); > if ((tok = au_to_text(autext)) != NULL) > au_write(aufd, tok); >diff -ur src.orig/contrib/openbsm/libbsm/bsm_io.c src/contrib/openbsm/libbsm/bsm_io.c >--- src.orig/contrib/openbsm/libbsm/bsm_io.c 2012-01-03 05:24:43.000000000 +0200 >+++ src/contrib/openbsm/libbsm/bsm_io.c 2013-01-13 22:36:37.000000000 +0200 >@@ -544,19 +544,19 @@ > fprintf(fp, "<socket-inet6 "); > > case AUT_SUBJECT32: >- fprintf(fp, "<subject "); >+ fprintf(fp, "<subject type=\"32\" "); > break; > > case AUT_SUBJECT64: >- fprintf(fp, "<subject "); >+ fprintf(fp, "<subject type=\"64\" "); > break; > > case AUT_SUBJECT32_EX: >- fprintf(fp, "<subject "); >+ fprintf(fp, "<subject type=\"32_ex\" "); > break; > > case AUT_SUBJECT64_EX: >- fprintf(fp, "<subject "); >+ fprintf(fp, "<subject type=\"64_ex\" "); > break; > > case AUT_TEXT: >@@ -3340,6 +3340,10 @@ > if (err) > return (-1); > >+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.lwpid, tok->len, err); >+ if (err) >+ return (-1); >+ > READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.pid, tok->len, err); > if (err) > return (-1); >@@ -3382,6 +3386,9 @@ > open_attr(fp, "rgid"); > print_group(fp, tok->tt.subj32.rgid, raw); > close_attr(fp); >+ open_attr(fp, "lwpid"); >+ print_user(fp, tok->tt.subj32.lwpid, raw); >+ close_attr(fp); > open_attr(fp,"pid"); > print_4_bytes(fp, tok->tt.subj32.pid, "%u"); > close_attr(fp); >@@ -3405,6 +3412,8 @@ > print_delim(fp, del); > print_group(fp, tok->tt.subj32.rgid, raw); > print_delim(fp, del); >+ print_4_bytes(fp, tok->tt.subj32.lwpid, "%u"); >+ print_delim(fp, del); > print_4_bytes(fp, tok->tt.subj32.pid, "%u"); > print_delim(fp, del); > print_4_bytes(fp, tok->tt.subj32.sid, "%u"); >@@ -3452,6 +3461,10 @@ > if (err) > return (-1); > >+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.lwpid, tok->len, err); >+ if (err) >+ return (-1); >+ > READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.pid, tok->len, err); > if (err) > return (-1); >@@ -3494,6 +3507,9 @@ > open_attr(fp, "rgid"); > print_group(fp, tok->tt.subj64.rgid, raw); > close_attr(fp); >+ open_attr(fp, "lwpid"); >+ print_4_bytes(fp, tok->tt.subj64.lwpid, "%u"); >+ close_attr(fp); > open_attr(fp, "pid"); > print_4_bytes(fp, tok->tt.subj64.pid, "%u"); > close_attr(fp); >@@ -3517,6 +3533,8 @@ > print_delim(fp, del); > print_group(fp, tok->tt.subj64.rgid, raw); > print_delim(fp, del); >+ print_4_bytes(fp, tok->tt.subj64.lwpid, "%u"); >+ print_delim(fp, del); > print_4_bytes(fp, tok->tt.subj64.pid, "%u"); > print_delim(fp, del); > print_4_bytes(fp, tok->tt.subj64.sid, "%u"); >@@ -3565,6 +3583,10 @@ > if (err) > return (-1); > >+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.lwpid, tok->len, err); >+ if (err) >+ return (-1); >+ > READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.pid, tok->len, err); > if (err) > return (-1); >@@ -3621,6 +3643,9 @@ > open_attr(fp, "rgid"); > print_group(fp, tok->tt.subj32_ex.rgid, raw); > close_attr(fp); >+ open_attr(fp, "lwpid"); >+ print_4_bytes(fp, tok->tt.subj32_ex.lwpid, "%u"); >+ close_attr(fp); > open_attr(fp, "pid"); > print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u"); > close_attr(fp); >@@ -3645,6 +3670,8 @@ > print_delim(fp, del); > print_group(fp, tok->tt.subj32_ex.rgid, raw); > print_delim(fp, del); >+ print_4_bytes(fp, tok->tt.subj32_ex.lwpid, "%u"); >+ print_delim(fp, del); > print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u"); > print_delim(fp, del); > print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u"); >@@ -3694,6 +3721,10 @@ > if (err) > return (-1); > >+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.lwpid, tok->len, err); >+ if (err) >+ return (-1); >+ > READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.pid, tok->len, err); > if (err) > return (-1); >@@ -3749,6 +3780,9 @@ > open_attr(fp, "rgid"); > print_group(fp, tok->tt.subj64_ex.rgid, raw); > close_attr(fp); >+ open_attr(fp, "lwpid"); >+ print_4_bytes(fp, tok->tt.subj64_ex.lwpid, "%u"); >+ close_attr(fp); > open_attr(fp, "pid"); > print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); > close_attr(fp); >@@ -3773,6 +3807,8 @@ > print_delim(fp, del); > print_group(fp, tok->tt.subj64_ex.rgid, raw); > print_delim(fp, del); >+ print_4_bytes(fp, tok->tt.subj64_ex.lwpid, "%u"); >+ print_delim(fp, del); > print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); > print_delim(fp, del); > print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u"); >diff -ur src.orig/contrib/openbsm/libbsm/bsm_token.c src/contrib/openbsm/libbsm/bsm_token.c >--- src.orig/contrib/openbsm/libbsm/bsm_token.c 2012-01-03 05:24:43.000000000 +0200 >+++ src/contrib/openbsm/libbsm/bsm_token.c 2013-01-14 00:16:28.000000000 +0200 >@@ -59,6 +59,7 @@ > #include <sys/socket.h> > #include <sys/time.h> > #include <sys/un.h> >+#include <sys/thr.h> > > #include <sys/ipc.h> > >@@ -75,6 +76,7 @@ > #include <bsm/audit_internal.h> > #include <bsm/libbsm.h> > >+ > #define GET_TOKEN_AREA(t, dptr, length) do { \ > (t) = malloc(sizeof(token_t)); \ > if ((t) != NULL) { \ >@@ -1102,12 +1104,12 @@ > */ > token_t * > au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, >- pid_t pid, au_asid_t sid, au_tid_t *tid) >+ lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid) > { > token_t *t; > u_char *dptr = NULL; > >- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); >+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * sizeof(u_int32_t)); > if (t == NULL) > return (NULL); > >@@ -1117,6 +1119,7 @@ > ADD_U_INT32(dptr, egid); > ADD_U_INT32(dptr, ruid); > ADD_U_INT32(dptr, rgid); >+ ADD_U_INT32(dptr, lwpid); > ADD_U_INT32(dptr, pid); > ADD_U_INT32(dptr, sid); > ADD_U_INT32(dptr, tid->port); >@@ -1127,12 +1130,12 @@ > > token_t * > au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, >- pid_t pid, au_asid_t sid, au_tid_t *tid) >+ lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid) > { > token_t *t; > u_char *dptr = NULL; > >- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + >+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) + > sizeof(u_int64_t) + sizeof(u_int32_t)); > if (t == NULL) > return (NULL); >@@ -1143,6 +1146,7 @@ > ADD_U_INT32(dptr, egid); > ADD_U_INT32(dptr, ruid); > ADD_U_INT32(dptr, rgid); >+ ADD_U_INT32(dptr, lwpid); > ADD_U_INT32(dptr, pid); > ADD_U_INT32(dptr, sid); > ADD_U_INT64(dptr, tid->port); >@@ -1153,11 +1157,11 @@ > > token_t * > au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, >- pid_t pid, au_asid_t sid, au_tid_t *tid) >+ lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid) > { > >- return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, >- tid)); >+ return (au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid, >+ sid, tid)); > } > > /* >@@ -1176,16 +1180,16 @@ > */ > token_t * > au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) > { > token_t *t; > u_char *dptr = NULL; > > if (tid->at_type == AU_IPv4) >- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * >+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 11 * > sizeof(u_int32_t)); > else if (tid->at_type == AU_IPv6) >- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * >+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 14 * > sizeof(u_int32_t)); > else { > errno = EINVAL; >@@ -1200,6 +1204,7 @@ > ADD_U_INT32(dptr, egid); > ADD_U_INT32(dptr, ruid); > ADD_U_INT32(dptr, rgid); >+ ADD_U_INT32(dptr, lwpid); > ADD_U_INT32(dptr, pid); > ADD_U_INT32(dptr, sid); > ADD_U_INT32(dptr, tid->at_port); >@@ -1214,18 +1219,18 @@ > > token_t * > au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) > { > token_t *t; > u_char *dptr = NULL; > > if (tid->at_type == AU_IPv4) > GET_TOKEN_AREA(t, dptr, sizeof(u_char) + >- 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + >+ 8 * sizeof(u_int32_t) + sizeof(u_int64_t) + > 2 * sizeof(u_int32_t)); > else if (tid->at_type == AU_IPv6) > GET_TOKEN_AREA(t, dptr, sizeof(u_char) + >- 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + >+ 8 * sizeof(u_int32_t) + sizeof(u_int64_t) + > 5 * sizeof(u_int32_t)); > else { > errno = EINVAL; >@@ -1240,6 +1245,7 @@ > ADD_U_INT32(dptr, egid); > ADD_U_INT32(dptr, ruid); > ADD_U_INT32(dptr, rgid); >+ ADD_U_INT32(dptr, lwpid); > ADD_U_INT32(dptr, pid); > ADD_U_INT32(dptr, sid); > ADD_U_INT64(dptr, tid->at_port); >@@ -1254,11 +1260,11 @@ > > token_t * > au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) > { > >- return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid, >- tid)); >+ return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, lwpid, pid, >+ sid, tid)); > } > > #if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) >@@ -1271,6 +1277,9 @@ > { > auditinfo_t auinfo; > auditinfo_addr_t aia; >+ long lwpid = -1; >+ >+ thr_self(&lwpid); > > /* > * Try to use getaudit_addr(2) first. If this kernel does not support >@@ -1281,8 +1290,8 @@ > if (getaudit(&auinfo) != 0) > return (NULL); > return (au_to_subject32(auinfo.ai_auid, geteuid(), >- getegid(), getuid(), getgid(), getpid(), >- auinfo.ai_asid, &auinfo.ai_termid)); >+ getegid(), getuid(), getgid(), (lwpid_t)lwpid, >+ getpid(), auinfo.ai_asid, &auinfo.ai_termid)); > } else { > /* getaudit_addr(2) failed for some other reason. */ > return (NULL); >@@ -1290,7 +1299,8 @@ > } > > return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), >- getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); >+ getgid(), (lwpid_t)lwpid, getpid(), aia.ai_asid, >+ &aia.ai_termid)); > } > #endif > >diff -ur src.orig/contrib/openbsm/libbsm/bsm_wrappers.c src/contrib/openbsm/libbsm/bsm_wrappers.c >--- src.orig/contrib/openbsm/libbsm/bsm_wrappers.c 2012-01-03 05:24:43.000000000 +0200 >+++ src/contrib/openbsm/libbsm/bsm_wrappers.c 2013-01-14 00:18:12.000000000 +0200 >@@ -41,6 +41,7 @@ > #endif > > #include <sys/sysctl.h> >+#include <sys/thr.h> > > #include <bsm/libbsm.h> > >@@ -66,6 +67,7 @@ > int acond; > va_list ap; > pid_t pid; >+ long lwpid = -1; > int error, afd, subj_ex; > struct auditinfo ai; > struct auditinfo_addr aia; >@@ -134,14 +136,16 @@ > if (aia.ai_termid.at_type == AU_IPv6) > subj_ex = 1; > pid = getpid(); >+ thr_self(&lwpid); > if (subj_ex == 0) { > atid.port = aia.ai_termid.at_port; > atid.machine = aia.ai_termid.at_addr[0]; > token = au_to_subject32(auid, geteuid(), getegid(), >- getuid(), getgid(), pid, pid, &atid); >+ getuid(), getgid(), (lwpid_t)lwpid, pid, pid, &atid); > } else > token = au_to_subject_ex(auid, geteuid(), getegid(), >- getuid(), getgid(), pid, pid, &aia.ai_termid); >+ getuid(), getgid(), (lwpid_t)lwpid, pid, pid, >+ &aia.ai_termid); > if (token == NULL) { > syslog(LOG_AUTH | LOG_ERR, > "audit: unable to build subject token"); >@@ -351,14 +355,14 @@ > */ > int > audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid, >- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, >+ gid_t egid, uid_t ruid, gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, > au_tid_t *tid) > { > char *func = "audit_write_success()"; > token_t *subject = NULL; > > /* Tokenize and save subject. */ >- subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, >+ subject = au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid, sid, > tid); > if (subject == NULL) { > syslog(LOG_ERR, "%s: au_to_subject32() failed", func); >@@ -395,13 +399,14 @@ > */ > int > audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid, >- uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, >- au_tid_t *tid) >+ uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, lwpid_t lwpid, pid_t pid, >+ au_asid_t sid, au_tid_t *tid) > { > char *func = "audit_write_failure()"; > token_t *subject, *errtok; > >- subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); >+ subject = au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid, >+ sid, tid); > if (subject == NULL) { > syslog(LOG_ERR, "%s: au_to_subject32() failed", func); > return (kAUMakeSubjectTokErr); >@@ -452,11 +457,11 @@ > */ > int > audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid, >- uid_t egid, pid_t pid, au_tid_t *tid) >+ uid_t egid, lwpid_t lwpid, pid_t pid, au_tid_t *tid) > { > > return (audit_write_failure(event_code, errmsg, errret, -1, euid, >- egid, -1, -1, pid, -1, tid)); >+ egid, -1, -1, lwpid, pid, -1, tid)); > } > > /* END OF au_write() WRAPPERS */ >diff -ur src.orig/sys/bsm/audit_record.h src/sys/bsm/audit_record.h >--- src.orig/sys/bsm/audit_record.h 2012-01-03 05:26:45.000000000 +0200 >+++ src/sys/bsm/audit_record.h 2013-01-13 21:13:26.000000000 +0200 >@@ -258,17 +258,17 @@ > token_t *au_to_sock_inet128(struct sockaddr_in6 *so); > token_t *au_to_sock_unix(struct sockaddr_un *so); > token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid); > token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid); > token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid); > token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); > token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); > token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); > #if defined(_KERNEL) || defined(KERNEL) > token_t *au_to_exec_args(char *args, int argc); > token_t *au_to_exec_env(char *envs, int envc); >diff -ur src.orig/sys/kern/kern_thr.c src/sys/kern/kern_thr.c >--- src.orig/sys/kern/kern_thr.c 2012-01-03 05:26:16.000000000 +0200 >+++ src/sys/kern/kern_thr.c 2013-08-16 04:47:07.000000000 +0300 >@@ -318,6 +318,8 @@ > PROC_LOCK(p); > racct_sub(p, RACCT_NTHR, 1); > >+ AUDIT_ARG_PROCESS(p); >+ > /* > * Shutting down last thread in the proc. This will actually > * call exit() in the trampoline when it returns. >diff -ur src.orig/sys/kern/uipc_socket.c src/sys/kern/uipc_socket.c >--- src.orig/sys/kern/uipc_socket.c 2012-01-03 05:26:16.000000000 +0200 >+++ src/sys/kern/uipc_socket.c 2013-09-30 04:01:22.000000000 +0300 >@@ -138,6 +138,7 @@ > > #include <net/vnet.h> > >+#include <security/audit/audit.h> > #include <security/mac/mac_framework.h> > > #include <vm/uma.h> >@@ -2399,8 +2400,29 @@ > if (valsize > len) > sopt->sopt_valsize = valsize = len; > >+ /* This if block indicates a request coming from userland. */ > if (sopt->sopt_td != NULL) >- return (copyin(sopt->sopt_val, buf, valsize)); >+ { >+ int ret = copyin(sopt->sopt_val, buf, valsize); >+ >+ /* Unfortunately, there's no AUDIT_ARG_*() macro that can be used >+ * to copy arbitrary buffers in audit records. However, we can use >+ * the following switch-case to catch some common valsize values. >+ */ >+ switch(valsize) >+ { >+ case 1: >+ AUDIT_ARG_VALUE(*(int8_t *)buf); >+ break; >+ case 2: >+ AUDIT_ARG_VALUE(*(int16_t *)buf); >+ break; >+ case 4: >+ AUDIT_ARG_VALUE(*(int32_t *)buf); >+ break; >+ } >+ return (ret); >+ } > > bcopy(sopt->sopt_val, buf, valsize); > return (0); >diff -ur src.orig/sys/kern/uipc_syscalls.c src/sys/kern/uipc_syscalls.c >--- src.orig/sys/kern/uipc_syscalls.c 2012-01-03 05:26:16.000000000 +0200 >+++ src/sys/kern/uipc_syscalls.c 2013-09-30 03:20:29.000000000 +0300 >@@ -240,6 +240,7 @@ > int error; > > AUDIT_ARG_FD(fd); >+ AUDIT_ARG_SOCKADDR(td, sa); > error = getsock_cap(td->td_proc->p_fd, fd, CAP_BIND, &fp, NULL); > if (error) > return (error); >@@ -440,6 +441,9 @@ > (void) fo_ioctl(nfp, FIOASYNC, &tmp, td->td_ucred, td); > sa = 0; > error = soaccept(so, &sa); >+ if (sa) >+ AUDIT_ARG_SOCKADDR(td, sa); >+ > if (error) { > /* > * return a namelen of zero for older code which might >@@ -549,6 +553,7 @@ > int interrupted = 0; > > AUDIT_ARG_FD(fd); >+ AUDIT_ARG_SOCKADDR(td, sa); > error = getsock_cap(td->td_proc->p_fd, fd, CAP_CONNECT, &fp, NULL); > if (error) > return (error); >@@ -1349,9 +1354,16 @@ > } > > AUDIT_ARG_FD(s); >+ /* There are no specific AUDIT_ARG_*() macros for setsockopt(), but we >+ * can use AUDIT_ARG_VALUE() and AUDIT_ARG_CMD(). >+ */ >+ AUDIT_ARG_CMD(((level & 0xffff) << 16) | (name & 0xffff)); > error = getsock_cap(td->td_proc->p_fd, s, CAP_SETSOCKOPT, &fp, NULL); > if (error == 0) { > so = fp->f_data; >+ /* To audit the option itself we need to issue a copyin(). Postpone >+ * that until sooptcopyin() is called. >+ */ > error = sosetopt(so, &sopt); > fdrop(fp, td); > } >@@ -1428,6 +1440,8 @@ > } > > AUDIT_ARG_FD(s); >+ /* See kern_setsockopt() above... */ >+ AUDIT_ARG_CMD(((level & 0xffff) << 16) | (name & 0xffff)); > error = getsock_cap(td->td_proc->p_fd, s, CAP_GETSOCKOPT, &fp, NULL); > if (error == 0) { > so = fp->f_data; >diff -ur src.orig/sys/security/audit/audit.c src/sys/security/audit/audit.c >--- src.orig/sys/security/audit/audit.c 2012-01-03 05:26:57.000000000 +0200 >+++ src/sys/security/audit/audit.c 2013-09-29 22:42:05.000000000 +0300 >@@ -220,6 +220,11 @@ > ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC; > nanotime(&ar->k_ar.ar_starttime); > >+ /* I think this is the most appropriate place to initialize k_uthread >+ * which otherwise remains unused. >+ */ >+ ar->k_uthread = (struct uthread *)td; >+ > /* > * Export the subject credential. > */ >diff -ur src.orig/sys/security/audit/audit.h src/sys/security/audit/audit.h >--- src.orig/sys/security/audit/audit.h 2012-01-03 05:26:57.000000000 +0200 >+++ src/sys/security/audit/audit.h 2013-09-22 21:06:11.000000000 +0300 >@@ -191,6 +191,11 @@ > audit_arg_fd((fd)); \ > } while (0) > >+#define AUDIT_ARG_SOCKADDR(td, sa) do { \ >+ if (AUDITING_TD(curthread)) \ >+ audit_arg_sockaddr((td), (sa)); \ >+} while(0) >+ > #define AUDIT_ARG_FILE(p, fp) do { \ > if (AUDITING_TD(curthread)) \ > audit_arg_file((p), (fp)); \ >diff -ur src.orig/sys/security/audit/audit_bsm.c src/sys/security/audit/audit_bsm.c >--- src.orig/sys/security/audit/audit_bsm.c 2012-01-03 05:26:57.000000000 +0200 >+++ src/sys/security/audit/audit_bsm.c 2013-09-30 03:55:24.000000000 +0300 >@@ -41,6 +41,7 @@ > #include <sys/fcntl.h> > #include <sys/user.h> > #include <sys/systm.h> >+#include <sys/proc.h> > > #include <bsm/audit.h> > #include <bsm/audit_internal.h> >@@ -486,6 +487,7 @@ > ar->ar_subj_egid, /* eff group id */ > ar->ar_subj_ruid, /* real uid */ > ar->ar_subj_rgid, /* real group id */ >+ ((struct thread *)kar->k_uthread)->td_tid, > ar->ar_subj_pid, /* process id */ > ar->ar_subj_asid, /* session ID */ > &tid); >@@ -496,6 +498,7 @@ > ar->ar_subj_egid, > ar->ar_subj_ruid, > ar->ar_subj_rgid, >+ ((struct thread *)kar->k_uthread)->td_tid, > ar->ar_subj_pid, > ar->ar_subj_asid, > &ar->ar_subj_term_addr); >@@ -507,6 +510,7 @@ > ar->ar_subj_egid, > ar->ar_subj_ruid, > ar->ar_subj_rgid, >+ ((struct thread *)kar->k_uthread)->td_tid, > ar->ar_subj_pid, > ar->ar_subj_asid, > &tid); >@@ -548,7 +552,14 @@ > kau_write(rec, tok); > UPATH1_TOKENS; > } >- /* XXX Need to handle ARG_SADDRINET6 */ >+ /* XXX: I think it would be better to modify au_to_sock_inet() >+ * rather than calling au_to_sock_inet128() directly here. >+ */ >+ if (ARG_IS_VALID(kar, ARG_SADDRINET6)) { >+ tok = au_to_sock_inet128((struct sockaddr_in6 *) >+ &ar->ar_arg_sockaddr); >+ kau_write(rec, tok); >+ } > break; > > case AUE_SOCKET: >@@ -567,6 +578,20 @@ > break; > > case AUE_SETSOCKOPT: >+ if (ARG_IS_VALID(kar, ARG_FD)) { >+ tok = au_to_arg32(1, "fd", ar->ar_arg_fd); >+ kau_write(rec, tok); >+ } >+ if (ARG_IS_VALID(kar, ARG_CMD)) { >+ tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd); >+ kau_write(rec, tok); >+ } >+ if (ARG_IS_VALID(kar, ARG_VALUE)) { >+ tok = au_to_arg32(3, "value", ar->ar_arg_value); >+ kau_write(rec, tok); >+ } >+ break; >+ > case AUE_SHUTDOWN: > if (ARG_IS_VALID(kar, ARG_FD)) { > tok = au_to_arg32(1, "fd", ar->ar_arg_fd); >diff -ur src.orig/sys/security/audit/audit_bsm_token.c src/sys/security/audit/audit_bsm_token.c >--- src.orig/sys/security/audit/audit_bsm_token.c 2012-01-03 05:26:57.000000000 +0200 >+++ src/sys/security/audit/audit_bsm_token.c 2013-09-30 04:30:03.000000000 +0300 >@@ -1003,7 +1003,11 @@ > ADD_U_CHAR(dptr, 0); > ADD_U_CHAR(dptr, so->sin6_family); > >- ADD_U_INT16(dptr, so->sin6_port); >+ /* No, it should be ADD_MEM() instead, otherwise AF_INET6 related >+ * tokens, get a port number with reversed endianness. >+ */ >+ /* ADD_U_INT16(dptr, so->sin6_port); */ >+ ADD_MEM(dptr, &so->sin6_port, sizeof(uint16_t)); > ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); > > return (t); >@@ -1031,12 +1035,12 @@ > */ > token_t * > au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, >- pid_t pid, au_asid_t sid, au_tid_t *tid) >+ lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid) > { > token_t *t; > u_char *dptr = NULL; > >- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); >+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * sizeof(u_int32_t)); > > ADD_U_CHAR(dptr, AUT_SUBJECT32); > ADD_U_INT32(dptr, auid); >@@ -1044,6 +1048,7 @@ > ADD_U_INT32(dptr, egid); > ADD_U_INT32(dptr, ruid); > ADD_U_INT32(dptr, rgid); >+ ADD_U_INT32(dptr, lwpid); > ADD_U_INT32(dptr, pid); > ADD_U_INT32(dptr, sid); > ADD_U_INT32(dptr, tid->port); >@@ -1054,12 +1059,12 @@ > > token_t * > au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, >- pid_t pid, au_asid_t sid, au_tid_t *tid) >+ lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid) > { > token_t *t; > u_char *dptr = NULL; > >- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + >+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) + > sizeof(u_int64_t) + sizeof(u_int32_t)); > > ADD_U_CHAR(dptr, AUT_SUBJECT64); >@@ -1068,6 +1073,7 @@ > ADD_U_INT32(dptr, egid); > ADD_U_INT32(dptr, ruid); > ADD_U_INT32(dptr, rgid); >+ ADD_U_INT32(dptr, lwpid); > ADD_U_INT32(dptr, pid); > ADD_U_INT32(dptr, sid); > ADD_U_INT64(dptr, tid->port); >@@ -1078,11 +1084,11 @@ > > token_t * > au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, >- pid_t pid, au_asid_t sid, au_tid_t *tid) >+ lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid) > { > >- return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, >- tid)); >+ return (au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid, >+ sid, tid)); > } > > /* >@@ -1101,7 +1107,7 @@ > */ > token_t * > au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) > { > token_t *t; > u_char *dptr = NULL; >@@ -1110,10 +1116,10 @@ > ("au_to_subject32_ex: type %u", (unsigned int)tid->at_type)); > > if (tid->at_type == AU_IPv4) >- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * >+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 11 * > sizeof(u_int32_t)); > else >- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * >+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 14 * > sizeof(u_int32_t)); > > ADD_U_CHAR(dptr, AUT_SUBJECT32_EX); >@@ -1122,6 +1128,7 @@ > ADD_U_INT32(dptr, egid); > ADD_U_INT32(dptr, ruid); > ADD_U_INT32(dptr, rgid); >+ ADD_U_INT32(dptr, lwpid); > ADD_U_INT32(dptr, pid); > ADD_U_INT32(dptr, sid); > ADD_U_INT32(dptr, tid->at_port); >@@ -1136,7 +1143,7 @@ > > token_t * > au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) > { > token_t *t; > u_char *dptr = NULL; >@@ -1146,11 +1153,11 @@ > > if (tid->at_type == AU_IPv4) > GET_TOKEN_AREA(t, dptr, sizeof(u_char) + >- 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + >+ 8 * sizeof(u_int32_t) + sizeof(u_int64_t) + > 2 * sizeof(u_int32_t)); > else > GET_TOKEN_AREA(t, dptr, sizeof(u_char) + >- 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + >+ 8 * sizeof(u_int32_t) + sizeof(u_int64_t) + > 5 * sizeof(u_int32_t)); > > ADD_U_CHAR(dptr, AUT_SUBJECT64_EX); >@@ -1159,6 +1166,7 @@ > ADD_U_INT32(dptr, egid); > ADD_U_INT32(dptr, ruid); > ADD_U_INT32(dptr, rgid); >+ ADD_U_INT32(dptr, lwpid); > ADD_U_INT32(dptr, pid); > ADD_U_INT32(dptr, sid); > ADD_U_INT64(dptr, tid->at_port); >@@ -1173,11 +1181,11 @@ > > token_t * > au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, >- gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) >+ gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) > { > >- return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid, >- tid)); >+ return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, lwpid, pid, >+ sid, tid)); > } > > #if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) >diff -ur src.orig/usr.bin/login/login_audit.c src/usr.bin/login/login_audit.c >--- src.orig/usr.bin/login/login_audit.c 2012-01-03 05:23:42.000000000 +0200 >+++ src/usr.bin/login/login_audit.c 2013-01-14 00:48:55.000000000 +0200 >@@ -35,6 +35,7 @@ > __FBSDID("$FreeBSD: release/9.0.0/usr.bin/login/login_audit.c 191297 2009-04-19 23:34:22Z rwatson $"); > > #include <sys/types.h> >+#include <sys/thr.h> > > #include <bsm/libbsm.h> > #include <bsm/audit_uevents.h> >@@ -67,8 +68,11 @@ > uid_t uid = pwd->pw_uid; > gid_t gid = pwd->pw_gid; > pid_t pid = getpid(); >+ long lwpid = -1; > int au_cond; > >+ thr_self(&lwpid); >+ > /* If we are not auditing, don't cut an audit record; just return. */ > if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { > if (errno == ENOSYS) >@@ -93,8 +97,8 @@ > if ((aufd = au_open()) == -1) > errx(1,"login: Audit Error: au_open() failed"); > >- if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid, >- pid, &tid)) == NULL) >+ if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, >+ (lwpid_t)lwpid, pid, pid, &tid)) == NULL) > errx(1, "login: Audit Error: au_to_subject32() failed"); > au_write(aufd, tok); > >@@ -119,6 +123,9 @@ > uid_t uid; > gid_t gid; > pid_t pid = getpid(); >+ long lwpid = -1; >+ >+ thr_self(&lwpid); > > /* If we are not auditing, don't cut an audit record; just return. */ > if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { >@@ -138,14 +145,14 @@ > * within a user's session => auid,asid == -1. > */ > if ((tok = au_to_subject32(-1, geteuid(), getegid(), -1, -1, >- pid, -1, &tid)) == NULL) >+ (lwpid_t)lwpid, pid, -1, &tid)) == NULL) > errx(1, "login: Audit Error: au_to_subject32() failed"); > } else { > /* We know the subject -- so use its value instead. */ > uid = pwd->pw_uid; > gid = pwd->pw_gid; > if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, >- gid, pid, pid, &tid)) == NULL) >+ gid, (lwpid_t)lwpid, pid, pid, &tid)) == NULL) > errx(1, "login: Audit Error: au_to_subject32() failed"); > } > au_write(aufd, tok); >@@ -175,8 +182,11 @@ > uid_t uid = pwd->pw_uid; > gid_t gid = pwd->pw_gid; > pid_t pid = getpid(); >+ long lwpid = -1; > int au_cond; > >+ thr_self(&lwpid); >+ > /* If we are not auditing, don't cut an audit record; just return. */ > if (auditon(A_GETCOND, &au_cond, sizeof(int)) < 0) { > if (errno == ENOSYS) >@@ -190,8 +200,8 @@ > errx(1, "login: Audit Error: au_open() failed"); > > /* The subject that is created (euid, egid of the current process). */ >- if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid, >- pid, &tid)) == NULL) >+ if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, >+ (lwpid_t)lwpid, pid, pid, &tid)) == NULL) > errx(1, "login: Audit Error: au_to_subject32() failed"); > au_write(aufd, tok);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 182521
: 137127