Mercurial Mercurial > upstream > oracle > x-cons > x-s12-clone / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
18476278 Make changes in TX code to accomodate for upcoming changes in audit per 18184297 s12_46
authorNiveditha Rau <Niveditha.Rau@Oracle.COM>
Mon, 07 Apr 2014 08:18:34 -0700
changeset 1445 4b74f97a5d45
parent 1444 0778085d334a
child 1446 9a89d757680a
18476278 Make changes in TX code to accomodate for upcoming changes in audit per 18184297
open-src/xserver/xorg/sun-src/tsol/auditwrite.c file | annotate | diff | comparison | revisions
open-src/xserver/xorg/sun-src/tsol/tsolextension.c file | annotate | diff | comparison | revisions 
--- a/open-src/xserver/xorg/sun-src/tsol/auditwrite.c	Wed Mar 26 11:32:41 2014 -0700
+++ b/open-src/xserver/xorg/sun-src/tsol/auditwrite.c	Mon Apr 07 08:18:34 2014 -0700
@@ -1,5 +1,5 @@
-/*
- * Copyright (c) 2004, 2008, Oracle and/or its affiliates. All rights reserved.
+/* 
+ * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the "Software"),
@@ -380,7 +380,20 @@
 static void aw_debuglog(char *string, int rc, int param, va_list arglist);
 #endif
 
-extern int	cannot_audit(int);
+/* from private <adt_ucred.h> */
+#include <ucred.h>
+extern	au_id_t ucred_getauid(const ucred_t *uc);
+extern	au_asid_t ucred_getasid(const ucred_t *uc);
+extern	const au_mask32_t *ucred_getamask(const ucred_t *uc);
+extern	const au_tid64_addr_t *ucred_getatid(const ucred_t *uc);
+
+/* just plain private - hack for now till libbsm delivers the change */
+#if 0
+extern	void adt_cpy_tid(au_tid_addr_t *, const au_tid64_addr_t *);
+#else
+#define adt_cpy_tid(dest, src) memcpy(dest, src, sizeof (au_tid_addr_t)) 
+#endif
+extern	int cannot_audit(int);
 
 /*
  * a w _ g e t _ a r g s ( )
@@ -574,18 +587,25 @@
 		break;
 
 	case AW_NOPRESELECT_FLAG: {
-		auditinfo_addr_t auinfo;	/* temporary holder */
-
-		pmask.am_success = pmask.am_failure = 0;
+		ucred_t *uc = ucred_get(P_MYID);
+		const au_mask32_t *m32;
+
+		pmask.am_success = pmask.am_failure = AU_MASK_NONE;
 
 		/* Get the info from the proc */
-		if (getaudit_addr(&auinfo, sizeof (auinfo)) == -1) {
+		if (((uc == NULL) ||
+		    (m32 = ucred_getamask(uc)) == NULL)) {
 			aw_set_err(AW_ERR_GETAUDIT_FAIL);
 			retval = AW_ERR_RTN;
 		}
 
 		/* Stuff the real values in */
-		pmask = auinfo.ai_mask;
+		pmask.am_success = AU_CLASS_64(m32->am_success_lo,
+		    m32->am_success_hi);
+		pmask.am_failure = AU_CLASS_64(m32->am_failure_lo,
+		    m32->am_failure_hi);
+
+		ucred_free(uc);
 
 		aw_static_flags &= ~AW_PRESELECT_FLAG;
 		break;
@@ -980,7 +1000,9 @@
 {
 	token_t *tokp;
 	gid_t gidset[NGROUPS_MAX];
-	auditinfo_addr_t auinfo;
+	ucred_t *uc;
+	const au_tid64_addr_t *tid64;
+	au_tid_addr_t tid;
 	bslabel_t label_p;
 
 	/*
@@ -990,25 +1012,33 @@
 	if (AW_REC_SUBJECT_FLAG & aw_recs[rd]->aflags)
 		return (AW_SUCCESS_RTN);
 
-	if (getaudit_addr(&auinfo, sizeof (auinfo)) != 0)
+	if (((uc = ucred_get(P_MYID)) == NULL) ||
+	    ((tid64 = ucred_getatid(uc)) == NULL)) {
+		ucred_free(uc);
 		AW_GEN_ERR(AW_ERR_GETAUDIT_FAIL);
+	} else {
+		adt_cpy_tid(&tid, tid64);
+	}
 
 	/*
 	 * Add the subject token using the values we have.
 	 * Append them to the record under construction
 	 */
 
-	if ((tokp = au_to_subject_ex(auinfo.ai_auid, geteuid(),
-		    getegid(), getuid(), getgid(), getpid(),
-		    auinfo.ai_asid, &auinfo.ai_termid))
+	if ((tokp = au_to_subject_ex(ucred_getauid(uc), ucred_geteuid(uc),
+		    ucred_getegid(uc), ucred_getruid(uc), ucred_getrgid(uc),
+		    ucred_getpid(uc), ucred_getasid(uc), &tid))
 		    == (token_t *)0)
+		ucred_free(uc);
 		AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
 	if (aw_buf_append(&(aw_recs[rd]->buf), &(aw_recs[rd]->len),
 		tokp->tt_data, (int)tokp->tt_size) ==
 		AW_ERR_RTN) {
+		ucred_free(uc);
 		aw_free_tok(tokp);
 		return (AW_ERR_RTN);
 	}
+	ucred_free(uc);
 	aw_free_tok(tokp);
 
 	/* Go grab the sensitivity label for this process */
@@ -2221,8 +2251,8 @@
 	rec->context.static_flags = AW_NO_FLAGS;
 	rec->context.save_rd = AW_NO_RD;
 	rec->context.aw_errno = AW_ERR_NO_ERROR;
-	rec->context.pmask.am_success = 0;
-	rec->context.pmask.am_failure = 0;
+	rec->context.pmask.am_success = AU_MASK_NONE;
+	rec->context.pmask.am_failure = AU_MASK_NONE;
 }
 /*
  * a w _ r e c _ a l l o c ( )
@@ -2429,7 +2459,8 @@
 static int
 aw_init(void)
 {
-	auditinfo_addr_t auinfo;	/* tmp holder for masks */
+	ucred_t *uc = ucred_get(P_MYID);
+	const au_mask32_t *m32;
 
 	aw_errno = AW_ERR_NO_ERROR;	/* No error so far */
 
@@ -2460,11 +2491,17 @@
 	 * to reduce system call overhead. If they change, we will be
 	 * auditing with stale values.
 	 */
-	if (getaudit_addr(&auinfo, sizeof (auinfo)) == -1)
+	if (((uc == NULL) ||
+	    (m32 = ucred_getamask(uc)) == NULL)) {
+		ucred_free(uc);
 		AW_GEN_ERR(AW_ERR_GETAUDIT_FAIL);
+	}
 
 	/* Stuff the real values in */
-	pmask = auinfo.ai_mask;
+	pmask.am_success = AU_CLASS_64(m32->am_success_lo, m32->am_success_hi);
+	pmask.am_failure = AU_CLASS_64(m32->am_failure_lo, m32->am_failure_hi);
+
+	ucred_free(uc);
 
 	if (auditon(A_GETPOLICY, (caddr_t)&audit_policies, 0) == -1)
 		AW_GEN_ERR(AW_ERR_AUDIT_FAIL);
--- a/open-src/xserver/xorg/sun-src/tsol/tsolextension.c	Wed Mar 26 11:32:41 2014 -0700
+++ b/open-src/xserver/xorg/sun-src/tsol/tsolextension.c	Mon Apr 07 08:18:34 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the "Software"),
@@ -1539,7 +1539,7 @@
  */
 extern au_id_t ucred_getauid(const ucred_t *uc);
 extern au_asid_t ucred_getasid(const ucred_t *uc);
-extern const au_mask_t *ucred_getamask(const ucred_t *uc);
+extern const au_mask32_t *ucred_getamask(const ucred_t *uc);
 extern tsol_host_type_t tsol_getrhtype(char *);
 
 static void
@@ -1548,10 +1548,8 @@
 	bslabel_t *sl;
 	bslabel_t admin_low;
 	priv_set_t *privs;
-	const au_mask_t *amask;
+	const au_mask32_t *amask;
 	socklen_t namelen;
-	struct auditinfo auinfo;
-	struct auditinfo *pauinfo;
 	OsCommPtr oc = (OsCommPtr)client->osPrivate;
 	int fd = oc->fd;
 	ucred_t *uc = NULL;
@@ -1661,11 +1659,6 @@
 	}
 
 	/* setup audit context */
-	if (getaudit(&auinfo) == 0) {
-	    pauinfo = &auinfo;
-	} else {
-	    pauinfo = NULL;
-	}
 
 	/* Audit id */
 	tsolinfo->auid = ucred_getauid(uc);
@@ -1678,14 +1671,14 @@
 
 	/* Audit mask */
 	if ((amask = ucred_getamask(uc)) != NULL) {
-	    tsolinfo->amask = *amask;
+	    tsolinfo->amask.am_failure = AU_CLASS_64(amask->am_failure_lo,
+	        amask->am_failure_hi);
+	    tsolinfo->amask.am_success = AU_CLASS_64(amask->am_success_lo,
+	        amask->am_success_hi);
 	} else {
-	    if (pauinfo != NULL) {
-	        tsolinfo->amask = pauinfo->ai_mask;
-	    } else {
-	        tsolinfo->amask.am_failure = 0; /* clear the masks */
-	        tsolinfo->amask.am_success = 0;
-	    }
+	    /* clear the masks */
+	    tsolinfo->amask.am_failure = AU_MASK_NONE;
+	    tsolinfo->amask.am_success = AU_MASK_NONE;
 	}
 
 	tsolinfo->asaverd = 0;
upstream/oracle/x-cons/x-s12-clone