18476278 Make changes in TX code to accomodate for upcoming changes in audit per 18184297
--- a/open-src/xserver/xorg/sun-src/tsol/auditwrite.c Wed Mar 26 11:32:41 2014 -0700
+++ b/open-src/xserver/xorg/sun-src/tsol/auditwrite.c Mon Apr 07 08:18:34 2014 -0700
@@ -1,5 +1,5 @@
-/*
- * Copyright (c) 2004, 2008, Oracle and/or its affiliates. All rights reserved.
+/*
+ * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
@@ -380,7 +380,20 @@
static void aw_debuglog(char *string, int rc, int param, va_list arglist);
#endif
-extern int cannot_audit(int);
+/* from private <adt_ucred.h> */
+#include <ucred.h>
+extern au_id_t ucred_getauid(const ucred_t *uc);
+extern au_asid_t ucred_getasid(const ucred_t *uc);
+extern const au_mask32_t *ucred_getamask(const ucred_t *uc);
+extern const au_tid64_addr_t *ucred_getatid(const ucred_t *uc);
+
+/* just plain private - hack for now till libbsm delivers the change */
+#if 0
+extern void adt_cpy_tid(au_tid_addr_t *, const au_tid64_addr_t *);
+#else
+#define adt_cpy_tid(dest, src) memcpy(dest, src, sizeof (au_tid_addr_t))
+#endif
+extern int cannot_audit(int);
/*
* a w _ g e t _ a r g s ( )
@@ -574,18 +587,25 @@
break;
case AW_NOPRESELECT_FLAG: {
- auditinfo_addr_t auinfo; /* temporary holder */
-
- pmask.am_success = pmask.am_failure = 0;
+ ucred_t *uc = ucred_get(P_MYID);
+ const au_mask32_t *m32;
+
+ pmask.am_success = pmask.am_failure = AU_MASK_NONE;
/* Get the info from the proc */
- if (getaudit_addr(&auinfo, sizeof (auinfo)) == -1) {
+ if (((uc == NULL) ||
+ (m32 = ucred_getamask(uc)) == NULL)) {
aw_set_err(AW_ERR_GETAUDIT_FAIL);
retval = AW_ERR_RTN;
}
/* Stuff the real values in */
- pmask = auinfo.ai_mask;
+ pmask.am_success = AU_CLASS_64(m32->am_success_lo,
+ m32->am_success_hi);
+ pmask.am_failure = AU_CLASS_64(m32->am_failure_lo,
+ m32->am_failure_hi);
+
+ ucred_free(uc);
aw_static_flags &= ~AW_PRESELECT_FLAG;
break;
@@ -980,7 +1000,9 @@
{
token_t *tokp;
gid_t gidset[NGROUPS_MAX];
- auditinfo_addr_t auinfo;
+ ucred_t *uc;
+ const au_tid64_addr_t *tid64;
+ au_tid_addr_t tid;
bslabel_t label_p;
/*
@@ -990,25 +1012,33 @@
if (AW_REC_SUBJECT_FLAG & aw_recs[rd]->aflags)
return (AW_SUCCESS_RTN);
- if (getaudit_addr(&auinfo, sizeof (auinfo)) != 0)
+ if (((uc = ucred_get(P_MYID)) == NULL) ||
+ ((tid64 = ucred_getatid(uc)) == NULL)) {
+ ucred_free(uc);
AW_GEN_ERR(AW_ERR_GETAUDIT_FAIL);
+ } else {
+ adt_cpy_tid(&tid, tid64);
+ }
/*
* Add the subject token using the values we have.
* Append them to the record under construction
*/
- if ((tokp = au_to_subject_ex(auinfo.ai_auid, geteuid(),
- getegid(), getuid(), getgid(), getpid(),
- auinfo.ai_asid, &auinfo.ai_termid))
+ if ((tokp = au_to_subject_ex(ucred_getauid(uc), ucred_geteuid(uc),
+ ucred_getegid(uc), ucred_getruid(uc), ucred_getrgid(uc),
+ ucred_getpid(uc), ucred_getasid(uc), &tid))
== (token_t *)0)
+ ucred_free(uc);
AW_GEN_ERR(AW_ERR_ALLOC_FAIL);
if (aw_buf_append(&(aw_recs[rd]->buf), &(aw_recs[rd]->len),
tokp->tt_data, (int)tokp->tt_size) ==
AW_ERR_RTN) {
+ ucred_free(uc);
aw_free_tok(tokp);
return (AW_ERR_RTN);
}
+ ucred_free(uc);
aw_free_tok(tokp);
/* Go grab the sensitivity label for this process */
@@ -2221,8 +2251,8 @@
rec->context.static_flags = AW_NO_FLAGS;
rec->context.save_rd = AW_NO_RD;
rec->context.aw_errno = AW_ERR_NO_ERROR;
- rec->context.pmask.am_success = 0;
- rec->context.pmask.am_failure = 0;
+ rec->context.pmask.am_success = AU_MASK_NONE;
+ rec->context.pmask.am_failure = AU_MASK_NONE;
}
/*
* a w _ r e c _ a l l o c ( )
@@ -2429,7 +2459,8 @@
static int
aw_init(void)
{
- auditinfo_addr_t auinfo; /* tmp holder for masks */
+ ucred_t *uc = ucred_get(P_MYID);
+ const au_mask32_t *m32;
aw_errno = AW_ERR_NO_ERROR; /* No error so far */
@@ -2460,11 +2491,17 @@
* to reduce system call overhead. If they change, we will be
* auditing with stale values.
*/
- if (getaudit_addr(&auinfo, sizeof (auinfo)) == -1)
+ if (((uc == NULL) ||
+ (m32 = ucred_getamask(uc)) == NULL)) {
+ ucred_free(uc);
AW_GEN_ERR(AW_ERR_GETAUDIT_FAIL);
+ }
/* Stuff the real values in */
- pmask = auinfo.ai_mask;
+ pmask.am_success = AU_CLASS_64(m32->am_success_lo, m32->am_success_hi);
+ pmask.am_failure = AU_CLASS_64(m32->am_failure_lo, m32->am_failure_hi);
+
+ ucred_free(uc);
if (auditon(A_GETPOLICY, (caddr_t)&audit_policies, 0) == -1)
AW_GEN_ERR(AW_ERR_AUDIT_FAIL);
--- a/open-src/xserver/xorg/sun-src/tsol/tsolextension.c Wed Mar 26 11:32:41 2014 -0700
+++ b/open-src/xserver/xorg/sun-src/tsol/tsolextension.c Mon Apr 07 08:18:34 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
@@ -1539,7 +1539,7 @@
*/
extern au_id_t ucred_getauid(const ucred_t *uc);
extern au_asid_t ucred_getasid(const ucred_t *uc);
-extern const au_mask_t *ucred_getamask(const ucred_t *uc);
+extern const au_mask32_t *ucred_getamask(const ucred_t *uc);
extern tsol_host_type_t tsol_getrhtype(char *);
static void
@@ -1548,10 +1548,8 @@
bslabel_t *sl;
bslabel_t admin_low;
priv_set_t *privs;
- const au_mask_t *amask;
+ const au_mask32_t *amask;
socklen_t namelen;
- struct auditinfo auinfo;
- struct auditinfo *pauinfo;
OsCommPtr oc = (OsCommPtr)client->osPrivate;
int fd = oc->fd;
ucred_t *uc = NULL;
@@ -1661,11 +1659,6 @@
}
/* setup audit context */
- if (getaudit(&auinfo) == 0) {
- pauinfo = &auinfo;
- } else {
- pauinfo = NULL;
- }
/* Audit id */
tsolinfo->auid = ucred_getauid(uc);
@@ -1678,14 +1671,14 @@
/* Audit mask */
if ((amask = ucred_getamask(uc)) != NULL) {
- tsolinfo->amask = *amask;
+ tsolinfo->amask.am_failure = AU_CLASS_64(amask->am_failure_lo,
+ amask->am_failure_hi);
+ tsolinfo->amask.am_success = AU_CLASS_64(amask->am_success_lo,
+ amask->am_success_hi);
} else {
- if (pauinfo != NULL) {
- tsolinfo->amask = pauinfo->ai_mask;
- } else {
- tsolinfo->amask.am_failure = 0; /* clear the masks */
- tsolinfo->amask.am_success = 0;
- }
+ /* clear the masks */
+ tsolinfo->amask.am_failure = AU_MASK_NONE;
+ tsolinfo->amask.am_success = AU_MASK_NONE;
}
tsolinfo->asaverd = 0;