Change 208451 by pjd@pjd_slayer on 2012/03/24 00:33:17 Fix path handling for *at() syscalls. Before the change directory descriptor was totally ignored, so the relative path argument was appended to current working directory path and not to the path provided by descriptor, thus wrong paths were stored in audit logs. Affected files ... ... //depot/user/pjd/auditdistd/sys/kern/vfs_lookup.c#4 edit ... //depot/user/pjd/auditdistd/sys/security/audit/audit.c#3 edit ... //depot/user/pjd/auditdistd/sys/security/audit/audit.h#3 edit ... //depot/user/pjd/auditdistd/sys/security/audit/audit_arg.c#3 edit ... //depot/user/pjd/auditdistd/sys/security/audit/audit_bsm_klib.c#2 edit ... //depot/user/pjd/auditdistd/sys/security/audit/audit_private.h#3 edit Differences ... ==== //depot/user/pjd/auditdistd/sys/kern/vfs_lookup.c#4 (text+ko) ==== @@ -169,9 +169,9 @@ * pathname. */ if (cnp->cn_flags & AUDITVNODE1) - AUDIT_ARG_UPATH1(td, cnp->cn_pnbuf); + AUDIT_ARG_UPATH1(td, ndp->ni_dirfd, cnp->cn_pnbuf); if (cnp->cn_flags & AUDITVNODE2) - AUDIT_ARG_UPATH2(td, cnp->cn_pnbuf); + AUDIT_ARG_UPATH2(td, ndp->ni_dirfd, cnp->cn_pnbuf); } /* ==== //depot/user/pjd/auditdistd/sys/security/audit/audit.c#3 (text) ==== @@ -691,7 +691,7 @@ if (path != NULL) { pathp = &ar->k_ar.ar_arg_upath1; *pathp = malloc(MAXPATHLEN, M_AUDITPATH, M_WAITOK); - audit_canon_path(td, path, *pathp); + audit_canon_path(td, AT_FDCWD, path, *pathp); ARG_SET_VALID(ar, ARG_UPATH1); } ar->k_ar.ar_arg_signum = td->td_proc->p_sig; ==== //depot/user/pjd/auditdistd/sys/security/audit/audit.h#3 (text) ==== @@ -99,8 +99,8 @@ void audit_arg_auid(uid_t auid); void audit_arg_auditinfo(struct auditinfo *au_info); void audit_arg_auditinfo_addr(struct auditinfo_addr *au_info); -void audit_arg_upath1(struct thread *td, char *upath); -void audit_arg_upath2(struct thread *td, char *upath); +void audit_arg_upath1(struct thread *td, int dirfd, char *upath); +void audit_arg_upath2(struct thread *td, int dirfd, char *upath); void audit_arg_vnode1(struct vnode *vp); void audit_arg_vnode2(struct vnode *vp); void audit_arg_text(char *text); @@ -276,14 +276,14 @@ audit_arg_uid((uid)); \ } while (0) -#define AUDIT_ARG_UPATH1(td, upath) do { \ +#define AUDIT_ARG_UPATH1(td, dirfd, upath) do { \ if (AUDITING_TD(curthread)) \ - audit_arg_upath1((td), (upath)); \ + audit_arg_upath1((td), (dirfd), (upath)); \ } while (0) -#define AUDIT_ARG_UPATH2(td, upath) do { \ +#define AUDIT_ARG_UPATH2(td, dirfd, upath) do { \ if (AUDITING_TD(curthread)) \ - audit_arg_upath2((td), (upath)); \ + audit_arg_upath2((td), (dirfd), (upath)); \ } while (0) #define AUDIT_ARG_VALUE(value) do { \ @@ -356,8 +356,8 @@ #define AUDIT_ARG_SUID(suid) #define AUDIT_ARG_TEXT(text) #define AUDIT_ARG_UID(uid) -#define AUDIT_ARG_UPATH1(td, upath) -#define AUDIT_ARG_UPATH2(td, upath) +#define AUDIT_ARG_UPATH1(td, dirfd, upath) +#define AUDIT_ARG_UPATH2(td, dirfd, upath) #define AUDIT_ARG_VALUE(value) #define AUDIT_ARG_VNODE1(vp) #define AUDIT_ARG_VNODE2(vp) ==== //depot/user/pjd/auditdistd/sys/security/audit/audit_arg.c#3 (text) ==== @@ -463,7 +463,8 @@ break; case AF_UNIX: - audit_arg_upath1(td, ((struct sockaddr_un *)sa)->sun_path); + audit_arg_upath1(td, AT_FDCWD, + ((struct sockaddr_un *)sa)->sun_path); ARG_SET_VALID(ar, ARG_SADDRUNIX); break; /* XXXAUDIT: default:? */ @@ -710,16 +711,16 @@ * freed when the audit record is freed. */ static void -audit_arg_upath(struct thread *td, char *upath, char **pathp) +audit_arg_upath(struct thread *td, int dirfd, char *upath, char **pathp) { if (*pathp == NULL) *pathp = malloc(MAXPATHLEN, M_AUDITPATH, M_WAITOK); - audit_canon_path(td, upath, *pathp); + audit_canon_path(td, dirfd, upath, *pathp); } void -audit_arg_upath1(struct thread *td, char *upath) +audit_arg_upath1(struct thread *td, int dirfd, char *upath) { struct kaudit_record *ar; @@ -727,12 +728,12 @@ if (ar == NULL) return; - audit_arg_upath(td, upath, &ar->k_ar.ar_arg_upath1); + audit_arg_upath(td, dirfd, upath, &ar->k_ar.ar_arg_upath1); ARG_SET_VALID(ar, ARG_UPATH1); } void -audit_arg_upath2(struct thread *td, char *upath) +audit_arg_upath2(struct thread *td, int dirfd, char *upath) { struct kaudit_record *ar; @@ -740,7 +741,7 @@ if (ar == NULL) return; - audit_arg_upath(td, upath, &ar->k_ar.ar_arg_upath2); + audit_arg_upath(td, dirfd, upath, &ar->k_ar.ar_arg_upath2); ARG_SET_VALID(ar, ARG_UPATH2); } ==== //depot/user/pjd/auditdistd/sys/security/audit/audit_bsm_klib.c#2 (text) ==== @@ -462,13 +462,13 @@ * leave the filename starting with '/' in the audit log in this case. */ void -audit_canon_path(struct thread *td, char *path, char *cpath) +audit_canon_path(struct thread *td, int dirfd, char *path, char *cpath) { struct vnode *cvnp, *rvnp; char *rbuf, *fbuf, *copy; struct filedesc *fdp; struct sbuf sbf; - int error, cwir; + int error, needslash, vfslocked; WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "%s: at %s:%d", __func__, __FILE__, __LINE__); @@ -491,10 +491,27 @@ * path. */ if (*path != '/') { - cvnp = fdp->fd_cdir; - vhold(cvnp); + if (dirfd == AT_FDCWD) { + cvnp = fdp->fd_cdir; + vhold(cvnp); + } else { + /* XXX: fgetvp() that vhold()s vnode instead of vref()ing it would be better */ + error = fgetvp(td, dirfd, 0, &cvnp); + if (error) { + cpath[0] = '\0'; + if (rvnp != NULL) + vdrop(rvnp); + return; + } + vhold(cvnp); + vfslocked = VFS_LOCK_GIANT(cvnp->v_mount); + vrele(cvnp); + VFS_UNLOCK_GIANT(vfslocked); + } + needslash = (fdp->fd_rdir != cvnp); + } else { + needslash = 1; } - cwir = (fdp->fd_rdir == fdp->fd_cdir); FILEDESC_SUNLOCK(fdp); /* * NB: We require that the supplied array be at least MAXPATHLEN bytes @@ -536,7 +553,7 @@ (void) sbuf_cat(&sbf, rbuf); free(fbuf, M_TEMP); } - if (cwir == 0 || (cwir != 0 && cvnp == NULL)) + if (needslash) (void) sbuf_putc(&sbf, '/'); /* * Now that we have processed any alternate root and relative path ==== //depot/user/pjd/auditdistd/sys/security/audit/audit_private.h#3 (text) ==== @@ -388,7 +388,8 @@ au_event_t audit_flags_and_error_to_openatevent(int oflags, int error); au_event_t audit_msgctl_to_event(int cmd); au_event_t audit_semctl_to_event(int cmr); -void audit_canon_path(struct thread *td, char *path, char *cpath); +void audit_canon_path(struct thread *td, int dirfd, char *path, + char *cpath); au_event_t auditon_command_event(int cmd); /*