Audit arguments to POSIX message queues, semaphores, and shared memory.

This requires minor changes to the audit framework to allow capturing
paths that are not filesystem paths (i.e., will not be canonicalised
relative to the process current working directory and/or filesystem
root).

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
Sponsored by:	DARPA, AFRL

2 files changed, 56 insertions, 0 deletions

diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h
index 181fc725f76d..184e79ae3765 100644
--- a/sys/security/audit/audit.h
+++ b/sys/security/audit/audit.h
@@ -106,7 +106,9 @@ void	 audit_arg_auid(uid_t auid);
 void	 audit_arg_auditinfo(struct auditinfo *au_info);
 void	 audit_arg_auditinfo_addr(struct auditinfo_addr *au_info);
 void	 audit_arg_upath1(struct thread *td, int dirfd, char *upath);
+void	 audit_arg_upath1_canon(char *upath);
 void	 audit_arg_upath2(struct thread *td, int dirfd, char *upath);
+void	 audit_arg_upath2_canon(char *upath);
 void	 audit_arg_vnode1(struct vnode *vp);
 void	 audit_arg_vnode2(struct vnode *vp);
 void	 audit_arg_text(char *text);
@@ -334,11 +336,21 @@ void	 audit_thread_free(struct thread *td);
 		audit_arg_upath1((td), (dirfd), (upath));		\
 } while (0)
 
+#define	AUDIT_ARG_UPATH1_CANON(upath) do {				\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_upath1_canon((upath));			\
+} while (0)
+
 #define	AUDIT_ARG_UPATH2(td, dirfd, upath) do {				\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_upath2((td), (dirfd), (upath));		\
 } while (0)
 
+#define	AUDIT_ARG_UPATH2_CANON(upath) do {				\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_upath2_canon((upath));			\
+} while (0)
+
 #define	AUDIT_ARG_VALUE(value) do {					\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_value((value));				\
@@ -419,7 +431,9 @@ void	 audit_thread_free(struct thread *td);
 #define	AUDIT_ARG_TEXT(text)
 #define	AUDIT_ARG_UID(uid)
 #define	AUDIT_ARG_UPATH1(td, dirfd, upath)
+#define	AUDIT_ARG_UPATH1_NONCANON(td, upath)
 #define	AUDIT_ARG_UPATH2(td, dirfd, upath)
+#define	AUDIT_ARG_UPATH2_NONCANON(td, upath)
 #define	AUDIT_ARG_VALUE(value)
 #define	AUDIT_ARG_VNODE1(vp)
 #define	AUDIT_ARG_VNODE2(vp)
diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c
index c5da731c4691..0c106bfecbd1 100644
--- a/sys/security/audit/audit_arg.c
+++ b/sys/security/audit/audit_arg.c
@@ -766,6 +766,48 @@ audit_arg_upath2(struct thread *td, int dirfd, char *upath)
 }
 
 /*
+ * Variants on path auditing that do not canonicalise the path passed in;
+ * these are for use with filesystem-like subsystems that employ string names,
+ * but do not support a hierarchical namespace -- for example, POSIX IPC
+ * objects.  The subsystem should have performed any necessary
+ * canonicalisation required to make the paths useful to audit analysis.
+ */
+static void
+audit_arg_upath_canon(char *upath, char **pathp)
+{
+
+	if (*pathp == NULL)
+		*pathp = malloc(MAXPATHLEN, M_AUDITPATH, M_WAITOK);
+	(void)snprintf(*pathp, MAXPATHLEN, "%s", upath);
+}
+
+void
+audit_arg_upath1_canon(char *upath)
+{
+	struct kaudit_record *ar;
+
+	ar = currecord();
+	if (ar == NULL)
+		return;
+
+	audit_arg_upath_canon(upath, &ar->k_ar.ar_arg_upath1);
+	ARG_SET_VALID(ar, ARG_UPATH1);
+}
+
+void
+audit_arg_upath2_canon(char *upath)
+{
+	struct kaudit_record *ar;
+
+	ar = currecord();
+	if (ar == NULL)
+		return;
+
+	audit_arg_upath_canon(upath, &ar->k_ar.ar_arg_upath2);
+	ARG_SET_VALID(ar, ARG_UPATH2);
+}
+
+/*
  * Function to save the path and vnode attr information into the audit
  * record.
  *