diff options
| -rw-r--r-- | usr/src/cmd/truss/actions.c | 12 | ||||
| -rw-r--r-- | usr/src/uts/common/c2/audit.c | 24 | ||||
| -rw-r--r-- | usr/src/uts/common/c2/audit_event.c | 33 | ||||
| -rw-r--r-- | usr/src/uts/common/c2/audit_kernel.h | 1 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/vnode.c | 4 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/access.c | 5 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/chown.c | 5 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/open.c | 60 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/stat.c | 7 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/unlink.c | 5 | ||||
| -rw-r--r-- | usr/src/uts/common/syscall/utime.c | 5 |
11 files changed, 90 insertions, 71 deletions
diff --git a/usr/src/cmd/truss/actions.c b/usr/src/cmd/truss/actions.c index 2dda60fb3e..52c75e5d3e 100644 --- a/usr/src/cmd/truss/actions.c +++ b/usr/src/cmd/truss/actions.c @@ -482,9 +482,11 @@ sysentry(private_t *pri, int dotrace) ((i == 0 && x == STG) || (i == 1 && (what == SYS_openat || what == SYS_openat64)))) { /* already fetched */ + if (argprinted) + outstring(pri, ", "); escape_string(pri, pri->sys_path); argprinted = TRUE; - } else if (x != HID || raw) { + } else if (x != NOV && (x != HID || raw)) { if (argprinted) outstring(pri, ", "); if (x == LLO) @@ -492,13 +494,7 @@ sysentry(private_t *pri, int dotrace) pri->sys_args[++i]); else (*Print[x])(pri, raw, arg); - /* - * if nothing printed, then don't print ", " - */ - if (x == NOV) - argprinted = FALSE; - else - argprinted = TRUE; + argprinted = TRUE; } } outstring(pri, ")"); diff --git a/usr/src/uts/common/c2/audit.c b/usr/src/uts/common/c2/audit.c index 1f1b204f9d..aa3fd4e1b9 100644 --- a/usr/src/uts/common/c2/audit.c +++ b/usr/src/uts/common/c2/audit.c @@ -1008,6 +1008,7 @@ audit_setfsat_path(int argnum) t_audit_data_t *tad; struct f_audit_data *fad; p_audit_data_t *pad; /* current process */ + uint_t fm; struct a { long arg1; long arg2; @@ -1042,6 +1043,10 @@ audit_setfsat_path(int argnum) case SYS_utimesys: fd = uap->arg2; break; + case SYS_open: + case SYS_open64: + fd = AT_FDCWD; + break; default: return; } @@ -1050,7 +1055,18 @@ audit_setfsat_path(int argnum) au_pathrele(tad->tad_atpath); tad->tad_atpath = NULL; } + if (fd != AT_FDCWD) { + tad->tad_ctrl |= TAD_ATCALL; + + if (tad->tad_scid == SYS_openat || + tad->tad_scid == SYS_openat64) { + fm = (uint_t)uap->arg3; + if (fm & (FXATTR | FXATTRDIROPEN)) { + tad->tad_ctrl |= TAD_ATTPATH; + } + } + if ((fp = getf(fd)) == NULL) { tad->tad_ctrl |= TAD_NOPATH; return; @@ -1066,6 +1082,14 @@ audit_setfsat_path(int argnum) tad->tad_atpath = fad->fad_aupath; releasef(fd); } else { + if (tad->tad_scid == SYS_open || + tad->tad_scid == SYS_open64) { + fm = (uint_t)uap->arg2; + if (fm & FXATTR) { + tad->tad_ctrl |= TAD_ATTPATH; + } + return; + } pad = P2A(curproc); mutex_enter(&pad->pad_lock); au_pathhold(pad->pad_cwd); diff --git a/usr/src/uts/common/c2/audit_event.c b/usr/src/uts/common/c2/audit_event.c index 68975f00aa..270fa59c96 100644 --- a/usr/src/uts/common/c2/audit_event.c +++ b/usr/src/uts/common/c2/audit_event.c @@ -287,7 +287,7 @@ aui_null, AUE_NULL, aus_null, /* 43 times */ aui_null, AUE_NULL, aus_null, /* 44 profil */ auf_null, 0, aui_null, AUE_ACCESS, aus_null, /* 45 faccessat */ - auf_null, S2E_PUB | S2E_ATC, + auf_null, S2E_PUB, aui_null, AUE_SETGID, aus_setgid, /* 46 setgid */ auf_null, 0, aui_null, AUE_NULL, aus_null, /* 47 getgid */ @@ -314,7 +314,7 @@ aui_null, AUE_IOCTL, aus_ioctl, /* 54 ioctl */ aui_null, AUE_NULL, aus_null, /* 55 uadmin */ auf_null, 0, aui_fchownat, AUE_NULL, aus_fchownat, /* 56 fchownat */ - auf_null, S2E_ATC, + auf_null, 0, aui_utssys, AUE_FUSERS, aus_null, /* 57 utssys */ auf_null, 0, aui_null, AUE_NULL, aus_null, /* 58 fsync */ @@ -330,17 +330,17 @@ aui_fcntl, AUE_FCNTL, aus_fcntl, /* 62 fcntl */ aui_null, AUE_NULL, aus_null, /* 63 ulimit */ auf_null, 0, aui_null, AUE_RENAME, aus_null, /* 64 renameat */ - auf_null, S2E_ATC, + auf_null, 0, aui_unlinkat, AUE_NULL, aus_null, /* 65 unlinkat */ - auf_null, S2E_ATC, + auf_null, 0, aui_fstatat, AUE_NULL, aus_null, /* 66 fstatat */ - auf_null, S2E_PUB | S2E_ATC, + auf_null, S2E_PUB, aui_fstatat, AUE_NULL, aus_null, /* 67 fstatat64 */ - auf_null, S2E_PUB | S2E_ATC, + auf_null, S2E_PUB, aui_openat, AUE_OPEN, aus_openat, /* 68 openat */ - auf_null, S2E_SP | S2E_ATC, + auf_null, S2E_SP, aui_openat, AUE_OPEN, aus_openat, /* 69 openat64 */ - auf_null, S2E_SP | S2E_ATC, + auf_null, S2E_SP, aui_null, AUE_NULL, aus_null, /* 70 tasksys */ auf_null, 0, aui_null, AUE_NULL, aus_null, /* 71 (loadable) acctctl */ @@ -427,7 +427,7 @@ aui_null, AUE_NULL, aus_null, /* 109 (loadable) */ auf_null, 0, #endif /* __x86 */ aui_null, AUE_UTIMES, aus_null, /* 110 utimesys */ - auf_null, S2E_ATC, + auf_null, 0, aui_null, AUE_NULL, aus_null, /* 111 sigresend */ auf_null, 0, aui_null, AUE_PRIOCNTLSYS, aus_priocntlsys, /* 112 priocntlsys */ @@ -1008,7 +1008,6 @@ open_event(uint_t fm) static au_event_t aui_open(au_event_t e) { - t_audit_data_t *tad = T2A(curthread); klwp_t *clwp = ttolwp(curthread); uint_t fm; @@ -1020,10 +1019,6 @@ aui_open(au_event_t e) fm = (uint_t)uap->fmode; - /* convert to appropriate au_ctrl */ - if (fm & (FXATTR | FXATTRDIROPEN)) - tad->tad_ctrl |= TAD_ATTPATH; - return (open_event(fm)); } @@ -1063,9 +1058,13 @@ aui_openat(au_event_t e) fm = (uint_t)uap->fmode; - /* convert to appropriate au_ctrl */ - if (fm & (FXATTR | FXATTRDIROPEN)) - tad->tad_ctrl |= TAD_ATTPATH; + /* + * __openattrdirat() does an extra pathname lookup in order to + * enter the extended system attribute namespace of the referenced + * extended attribute filename. + */ + if (fm & FXATTRDIROPEN) + tad->tad_ctrl |= TAD_MLD; return (open_event(fm)); } diff --git a/usr/src/uts/common/c2/audit_kernel.h b/usr/src/uts/common/c2/audit_kernel.h index 78355d8f3b..fe158b8b9a 100644 --- a/usr/src/uts/common/c2/audit_kernel.h +++ b/usr/src/uts/common/c2/audit_kernel.h @@ -83,7 +83,6 @@ extern "C" { #define S2E_MLD TAD_MLD /* only one lookup per system call */ #define S2E_NPT TAD_NOPATH /* force no path in audit record */ #define S2E_PUB TAD_PUBLIC_EV /* syscall is defined as a public op */ -#define S2E_ATC TAD_ATCALL /* syscall is one of the *at() family */ /* * At present, we are using the audit classes imbedded with in the kernel. Each diff --git a/usr/src/uts/common/fs/vnode.c b/usr/src/uts/common/fs/vnode.c index 8ba373ad19..4c5e1b3da3 100644 --- a/usr/src/uts/common/fs/vnode.c +++ b/usr/src/uts/common/fs/vnode.c @@ -1652,7 +1652,7 @@ top: * use the lib directory for the rename. */ - if (auditing) + if (auditing && (fdvp != NULL)) audit_setfsat_path(1); /* * Lookup to and from directories. @@ -1669,7 +1669,7 @@ top: goto out; } - if (auditing) + if (auditing && (tdvp != NULL)) audit_setfsat_path(3); if (error = lookuppnat(&tpn, NULL, NO_FOLLOW, &tovp, &targvp, tdvp)) { goto out; diff --git a/usr/src/uts/common/syscall/access.c b/usr/src/uts/common/syscall/access.c index 16b7ff7534..9e4f1aac84 100644 --- a/usr/src/uts/common/syscall/access.c +++ b/usr/src/uts/common/syscall/access.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -152,7 +151,7 @@ faccessat(int fd, char *fname, int fmode, int flag) } } - if (AU_AUDITING()) + if (AU_AUDITING() && (dirvp != NULL)) audit_setfsat_path(1); /* Do not allow E_OK unless AT_EACCESS flag is set */ diff --git a/usr/src/uts/common/syscall/chown.c b/usr/src/uts/common/syscall/chown.c index a0a5821374..ccb0b584ee 100644 --- a/usr/src/uts/common/syscall/chown.c +++ b/usr/src/uts/common/syscall/chown.c @@ -20,8 +20,7 @@ */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -106,7 +105,7 @@ fchownat(int fd, char *name, uid_t uid, gid_t gid, int flags) } } - if (AU_AUDITING()) + if (AU_AUDITING() && (startvp != NULL)) audit_setfsat_path(1); /* diff --git a/usr/src/uts/common/syscall/open.c b/usr/src/uts/common/syscall/open.c index 695cda863c..154c1a6953 100644 --- a/usr/src/uts/common/syscall/open.c +++ b/usr/src/uts/common/syscall/open.c @@ -67,6 +67,7 @@ copen(int startfd, char *fname, int filemode, int createmode) uio_seg_t seg = UIO_USERSPACE; char *open_filename = fname; uint32_t auditing = AU_AUDITING(); + char startchar; if (startfd == AT_FDCWD) { /* @@ -77,8 +78,6 @@ copen(int startfd, char *fname, int filemode, int createmode) /* * We're here via openat() */ - char startchar; - if (copyin(fname, &startchar, sizeof (char))) return (set_errno(EFAULT)); @@ -97,19 +96,17 @@ copen(int startfd, char *fname, int filemode, int createmode) } /* - * Handle openattrdirat request + * Handle __openattrdirat() requests */ if (filemode & FXATTRDIROPEN) { - if (auditing) + if (auditing && (startvp != NULL)) audit_setfsat_path(1); if (error = lookupnameat(fname, seg, FOLLOW, NULLVPP, &vp, startvp)) return (set_errno(error)); - if (startvp) { + if (startvp != NULL) VN_RELE(startvp); - startvp = NULL; - } startvp = vp; } @@ -117,35 +114,46 @@ copen(int startfd, char *fname, int filemode, int createmode) /* * Do we need to go into extended attribute space? */ - if (filemode & (FXATTR|FXATTRDIROPEN)) { - vattr_t vattr; + if (filemode & FXATTR) { + if (startfd == AT_FDCWD) { + if (copyin(fname, &startchar, sizeof (char))) + return (set_errno(EFAULT)); + + /* + * If startchar == '/' then no extended attributes + * are looked up. + */ + if (startchar == '/') { + startvp = NULL; + } else { + mutex_enter(&p->p_lock); + startvp = PTOU(p)->u_cdir; + VN_HOLD(startvp); + mutex_exit(&p->p_lock); + } + } /* - * Make sure we have a valid request. - * We must either have a real fd or AT_FDCWD + * Make sure we have a valid extended attribute request. + * We must either have a real fd or AT_FDCWD and a relative + * pathname. */ - - if (startfd != AT_FDCWD && startvp == NULL) { - error = EINVAL; - goto out; + if (startvp == NULL) { + goto noxattr; } + } + + if (filemode & (FXATTR|FXATTRDIROPEN)) { + vattr_t vattr; if (error = pn_get(fname, UIO_USERSPACE, &pn)) { goto out; } - if (startfd == AT_FDCWD && !(filemode & FXATTRDIROPEN)) { - mutex_enter(&p->p_lock); - startvp = PTOU(p)->u_cdir; - VN_HOLD(startvp); - mutex_exit(&p->p_lock); - } - /* * In order to access hidden attribute directory the * user must be able to stat() the file */ - vattr.va_mask = AT_ALL; if (error = VOP_GETATTR(startvp, &vattr, 0, CRED(), NULL)) { pn_free(&pn); @@ -163,7 +171,7 @@ copen(int startfd, char *fname, int filemode, int createmode) } /* - * For openattrdirat use "." as filename to open + * For __openattrdirat() use "." as filename to open * as part of vn_openat() */ if (error == 0 && (filemode & FXATTRDIROPEN)) { @@ -179,18 +187,18 @@ copen(int startfd, char *fname, int filemode, int createmode) startvp = sdvp; } +noxattr: if ((filemode & (FREAD|FWRITE|FXATTRDIROPEN)) != 0) { if ((filemode & (FNONBLOCK|FNDELAY)) == (FNONBLOCK|FNDELAY)) filemode &= ~FNDELAY; error = falloc((vnode_t *)NULL, filemode, &fp, &fd); if (error == 0) { - if (auditing) + if (auditing && (startvp != NULL)) audit_setfsat_path(1); /* * Last arg is a don't-care term if * !(filemode & FCREAT). */ - error = vn_openat(open_filename, seg, filemode, (int)(createmode & MODEMASK), &vp, CRCREAT, PTOU(curproc)->u_cmask, diff --git a/usr/src/uts/common/syscall/stat.c b/usr/src/uts/common/syscall/stat.c index 90d191bd9e..d636b1c720 100644 --- a/usr/src/uts/common/syscall/stat.c +++ b/usr/src/uts/common/syscall/stat.c @@ -20,8 +20,7 @@ */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -103,7 +102,7 @@ cstatat_getvp(int fd, char *name, int follow, vnode_t **vp, cred_t **cred) } *cred = cr; - if (AU_AUDITING()) + if (AU_AUDITING() && (startvp != NULL)) audit_setfsat_path(1); lookup: @@ -144,8 +143,6 @@ static int cstat(vnode_t *vp, struct stat *, int, cred_t *); return (set_errno(EFAULT)); \ if ((fp = getf(fd)) == NULL) \ return (set_errno(EBADF)); \ - if (AU_AUDITING()) \ - audit_setfsat_path(1); \ error = statfn(fp->f_vnode, sb, 0, fp->f_cred); \ releasef(fd); \ if (error) \ diff --git a/usr/src/uts/common/syscall/unlink.c b/usr/src/uts/common/syscall/unlink.c index d8ba91ac9b..8ee0b9ff0d 100644 --- a/usr/src/uts/common/syscall/unlink.c +++ b/usr/src/uts/common/syscall/unlink.c @@ -20,8 +20,7 @@ */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -80,7 +79,7 @@ unlinkat(int fd, char *name, int flags) } } - if (AU_AUDITING()) + if (AU_AUDITING() && (dirvp != NULL)) audit_setfsat_path(1); error = vn_removeat(dirvp, name, diff --git a/usr/src/uts/common/syscall/utime.c b/usr/src/uts/common/syscall/utime.c index d0ccd869e3..19ce7bb972 100644 --- a/usr/src/uts/common/syscall/utime.c +++ b/usr/src/uts/common/syscall/utime.c @@ -20,8 +20,7 @@ */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -84,7 +83,7 @@ cfutimesat(int fd, char *fname, int nmflag, vattr_t *vap, int flags, int follow) } } - if (AU_AUDITING()) + if (AU_AUDITING() && (startvp != NULL)) audit_setfsat_path(1); if ((nmflag == 1) || ((nmflag == 2) && (fname != NULL))) { |