2007-01-04 21:44:45 +03:00
|
|
|
/* $NetBSD: verified_exec.c,v 1.53 2007/01/04 18:44:45 elad Exp $ */
|
2002-10-29 15:31:20 +03:00
|
|
|
|
|
|
|
|
/*-
|
2006-07-15 20:48:51 +04:00
|
|
|
* Copyright 2005 Elad Efrat <elad@NetBSD.org>
|
2005-04-20 17:44:45 +04:00
|
|
|
* Copyright 2005 Brett Lymn <blymn@netbsd.org>
|
2002-10-29 15:31:20 +03:00
|
|
|
*
|
2005-04-20 17:44:45 +04:00
|
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
|
* by Brett Lymn and Elad Efrat
|
2002-10-29 15:31:20 +03:00
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
2005-04-20 17:44:45 +04:00
|
|
|
* 2. Neither the name of The NetBSD Foundation nor the names of its
|
|
|
|
|
* contributors may be used to endorse or promote products derived
|
|
|
|
|
* from this software without specific prior written permission.
|
2002-10-29 15:31:20 +03:00
|
|
|
*
|
2005-04-20 17:44:45 +04:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
2002-10-29 15:31:20 +03:00
|
|
|
*/
|
|
|
|
|
|
2003-07-14 19:47:00 +04:00
|
|
|
#include <sys/cdefs.h>
|
2005-04-20 17:44:45 +04:00
|
|
|
#if defined(__NetBSD__)
|
2007-01-04 21:44:45 +03:00
|
|
|
__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.53 2007/01/04 18:44:45 elad Exp $");
|
2005-04-20 17:44:45 +04:00
|
|
|
#else
|
2007-01-04 21:44:45 +03:00
|
|
|
__RCSID("$Id: verified_exec.c,v 1.53 2007/01/04 18:44:45 elad Exp $\n$NetBSD: verified_exec.c,v 1.53 2007/01/04 18:44:45 elad Exp $");
|
2005-04-20 17:44:45 +04:00
|
|
|
#endif
|
2003-07-14 19:47:00 +04:00
|
|
|
|
2002-10-29 15:31:20 +03:00
|
|
|
#include <sys/param.h>
|
|
|
|
|
#include <sys/errno.h>
|
Massive restructuring and cleanup of Veriexec, mainly in preparation
for work on some future functionality.
- Veriexec data-structures are no longer exposed.
- Thanks to using proplib for data passing now, the interface
changes further to accomodate that.
Introduce four new functions. First, veriexec_file_add(), to add
a new file to be monitored by Veriexec, to replace both
veriexec_load() and veriexec_hashadd(). veriexec_table_add(), to
replace veriexec_newtable(), will be used to optimize hash table
size (during preload), and finally, veriexec_convert(), to convert
an internal entry to one userland can read.
- Introduce veriexec_unmountchk(), to enforce Veriexec unmount
policy. This cleans up a bit of code in kern/vfs_syscalls.c.
- Rename veriexec_tblfind() with veriexec_table_lookup(), and make
it static. More functions that became static: veriexec_fp_cmp(),
veriexec_fp_calc().
- veriexec_verify() no longer returns the entry as well, but just
sets a boolean indicating whether an entry was found or not.
- veriexec_purge() now takes a struct vnode *.
- veriexec_add_fp_name() was merged into veriexec_add_fp_ops(), that
changed its name to veriexec_fpops_add(). veriexec_find_ops() was
also renamed to veriexec_fpops_lookup().
Also on the fp-ops front, the three function types used to initialize,
update, and finalize a hash context were renamed to
veriexec_fpop_init_t, veriexec_fpop_update_t, and veriexec_fpop_final_t
respectively.
- Introduce a new malloc(9) type, M_VERIEXEC, and use it instead of
M_TEMP, so we can tell exactly how much memory is used by Veriexec.
- And, most importantly, whitespace and indentation nits.
Built successfuly for amd64, i386, sparc, and sparc64. Tested on amd64.
2006-11-30 04:09:47 +03:00
|
|
|
#include <sys/conf.h>
|
|
|
|
|
#include <sys/vnode.h>
|
|
|
|
|
#include <sys/fcntl.h>
|
|
|
|
|
#include <sys/namei.h>
|
|
|
|
|
#include <sys/verified_exec.h>
|
|
|
|
|
#include <sys/kauth.h>
|
|
|
|
|
#include <sys/syslog.h>
|
2005-04-20 17:44:45 +04:00
|
|
|
|
|
|
|
|
#ifdef __FreeBSD__
|
|
|
|
|
#include <sys/kernel.h>
|
|
|
|
|
#include <sys/device_port.h>
|
|
|
|
|
#include <sys/ioccom.h>
|
|
|
|
|
#else
|
2002-10-29 15:31:20 +03:00
|
|
|
#include <sys/ioctl.h>
|
|
|
|
|
#include <sys/device.h>
|
2005-04-20 17:44:45 +04:00
|
|
|
#define DEVPORT_DEVICE struct device
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-11-29 01:22:02 +03:00
|
|
|
#include <prop/proplib.h>
|
|
|
|
|
|
2005-04-20 17:44:45 +04:00
|
|
|
struct veriexec_softc {
|
|
|
|
|
DEVPORT_DEVICE veriexec_dev;
|
2002-10-29 15:31:20 +03:00
|
|
|
};
|
|
|
|
|
|
2005-04-20 17:44:45 +04:00
|
|
|
#if defined(__FreeBSD__)
|
|
|
|
|
# define CDEV_MAJOR 216
|
|
|
|
|
# define BDEV_MAJOR -1
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
const struct cdevsw veriexec_cdevsw = {
|
|
|
|
|
veriexecopen,
|
|
|
|
|
veriexecclose,
|
|
|
|
|
noread,
|
|
|
|
|
nowrite,
|
|
|
|
|
veriexecioctl,
|
|
|
|
|
#ifdef __NetBSD__
|
|
|
|
|
nostop,
|
|
|
|
|
notty,
|
|
|
|
|
#endif
|
|
|
|
|
nopoll,
|
|
|
|
|
nommap,
|
|
|
|
|
#if defined(__NetBSD__)
|
|
|
|
|
nokqfilter,
|
2006-09-04 01:38:23 +04:00
|
|
|
D_OTHER,
|
2005-04-20 17:44:45 +04:00
|
|
|
#elif defined(__FreeBSD__)
|
|
|
|
|
nostrategy,
|
|
|
|
|
"veriexec",
|
|
|
|
|
CDEV_MAJOR,
|
|
|
|
|
nodump,
|
|
|
|
|
nopsize,
|
|
|
|
|
0, /* flags */
|
|
|
|
|
BDEV_MAJOR
|
|
|
|
|
#endif
|
|
|
|
|
};
|
2002-10-29 15:31:20 +03:00
|
|
|
|
2006-11-29 01:22:02 +03:00
|
|
|
static int veriexec_query(prop_dictionary_t, prop_dictionary_t, struct lwp *);
|
2006-11-30 19:53:47 +03:00
|
|
|
static int veriexec_delete(prop_dictionary_t, struct lwp *);
|
2006-11-29 01:22:02 +03:00
|
|
|
|
Massive restructuring and cleanup of Veriexec, mainly in preparation
for work on some future functionality.
- Veriexec data-structures are no longer exposed.
- Thanks to using proplib for data passing now, the interface
changes further to accomodate that.
Introduce four new functions. First, veriexec_file_add(), to add
a new file to be monitored by Veriexec, to replace both
veriexec_load() and veriexec_hashadd(). veriexec_table_add(), to
replace veriexec_newtable(), will be used to optimize hash table
size (during preload), and finally, veriexec_convert(), to convert
an internal entry to one userland can read.
- Introduce veriexec_unmountchk(), to enforce Veriexec unmount
policy. This cleans up a bit of code in kern/vfs_syscalls.c.
- Rename veriexec_tblfind() with veriexec_table_lookup(), and make
it static. More functions that became static: veriexec_fp_cmp(),
veriexec_fp_calc().
- veriexec_verify() no longer returns the entry as well, but just
sets a boolean indicating whether an entry was found or not.
- veriexec_purge() now takes a struct vnode *.
- veriexec_add_fp_name() was merged into veriexec_add_fp_ops(), that
changed its name to veriexec_fpops_add(). veriexec_find_ops() was
also renamed to veriexec_fpops_lookup().
Also on the fp-ops front, the three function types used to initialize,
update, and finalize a hash context were renamed to
veriexec_fpop_init_t, veriexec_fpop_update_t, and veriexec_fpop_final_t
respectively.
- Introduce a new malloc(9) type, M_VERIEXEC, and use it instead of
M_TEMP, so we can tell exactly how much memory is used by Veriexec.
- And, most importantly, whitespace and indentation nits.
Built successfuly for amd64, i386, sparc, and sparc64. Tested on amd64.
2006-11-30 04:09:47 +03:00
|
|
|
/* count of number of times device is open (we really only allow one open) */
|
|
|
|
|
static unsigned int veriexec_dev_usage;
|
|
|
|
|
|
2005-04-20 17:44:45 +04:00
|
|
|
void
|
2006-11-16 04:32:37 +03:00
|
|
|
veriexecattach(DEVPORT_DEVICE *parent, DEVPORT_DEVICE *self,
|
|
|
|
|
void *aux)
|
2002-10-29 15:31:20 +03:00
|
|
|
{
|
2005-04-20 17:44:45 +04:00
|
|
|
veriexec_dev_usage = 0;
|
2005-06-20 19:32:29 +04:00
|
|
|
|
|
|
|
|
if (veriexec_verbose >= 2)
|
2006-07-15 20:33:16 +04:00
|
|
|
log(LOG_DEBUG, "Veriexec: Pseudo-device attached.\n");
|
2002-10-29 15:31:20 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2006-11-16 04:32:37 +03:00
|
|
|
veriexecopen(dev_t dev, int flags,
|
|
|
|
|
int fmt, struct lwp *l)
|
2002-10-29 15:31:20 +03:00
|
|
|
{
|
2005-06-20 19:06:18 +04:00
|
|
|
if (veriexec_verbose >= 2) {
|
2006-07-15 20:33:16 +04:00
|
|
|
log(LOG_DEBUG, "Veriexec: Pseudo-device open attempt by "
|
|
|
|
|
"uid=%u, pid=%u. (dev=%u)\n",
|
2006-07-21 20:48:45 +04:00
|
|
|
kauth_cred_geteuid(l->l_cred), l->l_proc->p_pid,
|
2006-07-15 20:33:16 +04:00
|
|
|
dev);
|
2005-06-20 19:06:18 +04:00
|
|
|
}
|
2002-10-29 15:31:20 +03:00
|
|
|
|
2007-01-04 21:44:45 +03:00
|
|
|
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL))
|
2005-06-16 19:41:36 +04:00
|
|
|
return (EPERM);
|
|
|
|
|
|
2005-04-20 17:44:45 +04:00
|
|
|
if (veriexec_dev_usage > 0) {
|
2005-06-20 19:32:29 +04:00
|
|
|
if (veriexec_verbose >= 2)
|
2006-07-15 20:33:16 +04:00
|
|
|
log(LOG_ERR, "Veriexec: pseudo-device already in "
|
|
|
|
|
"use.\n");
|
2005-06-20 19:32:29 +04:00
|
|
|
|
2005-04-20 17:44:45 +04:00
|
|
|
return(EBUSY);
|
2002-10-29 15:31:20 +03:00
|
|
|
}
|
|
|
|
|
|
2005-04-20 17:44:45 +04:00
|
|
|
veriexec_dev_usage++;
|
|
|
|
|
return (0);
|
2002-10-29 15:31:20 +03:00
|
|
|
}
|
|
|
|
|
|
2005-04-20 17:44:45 +04:00
|
|
|
int
|
2006-11-16 04:32:37 +03:00
|
|
|
veriexecclose(dev_t dev, int flags, int fmt,
|
|
|
|
|
struct lwp *l)
|
2002-10-29 15:31:20 +03:00
|
|
|
{
|
2005-04-20 17:44:45 +04:00
|
|
|
if (veriexec_dev_usage > 0)
|
|
|
|
|
veriexec_dev_usage--;
|
|
|
|
|
return (0);
|
2002-10-29 15:31:20 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2006-11-16 04:32:37 +03:00
|
|
|
veriexecioctl(dev_t dev, u_long cmd, caddr_t data, int flags,
|
2006-07-15 20:33:16 +04:00
|
|
|
struct lwp *l)
|
2002-10-29 15:31:20 +03:00
|
|
|
{
|
2006-11-29 01:22:02 +03:00
|
|
|
struct plistref *plistref;
|
|
|
|
|
prop_dictionary_t dict;
|
2005-04-20 17:44:45 +04:00
|
|
|
int error = 0;
|
2002-10-29 15:31:20 +03:00
|
|
|
|
2006-07-25 01:32:39 +04:00
|
|
|
if (veriexec_strict > VERIEXEC_LEARNING) {
|
2006-07-15 20:33:16 +04:00
|
|
|
log(LOG_WARNING, "Veriexec: Strict mode, modifying tables not "
|
|
|
|
|
"permitted.\n");
|
2005-02-27 03:26:58 +03:00
|
|
|
|
2005-04-20 17:44:45 +04:00
|
|
|
return (EPERM);
|
|
|
|
|
}
|
2006-05-25 15:24:00 +04:00
|
|
|
|
2006-11-29 01:22:02 +03:00
|
|
|
plistref = (struct plistref *)data;
|
|
|
|
|
|
2002-10-29 15:31:20 +03:00
|
|
|
switch (cmd) {
|
2005-12-10 04:04:17 +03:00
|
|
|
case VERIEXEC_TABLESIZE:
|
2006-11-29 01:22:02 +03:00
|
|
|
error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict);
|
|
|
|
|
if (error)
|
|
|
|
|
break;
|
|
|
|
|
|
Massive restructuring and cleanup of Veriexec, mainly in preparation
for work on some future functionality.
- Veriexec data-structures are no longer exposed.
- Thanks to using proplib for data passing now, the interface
changes further to accomodate that.
Introduce four new functions. First, veriexec_file_add(), to add
a new file to be monitored by Veriexec, to replace both
veriexec_load() and veriexec_hashadd(). veriexec_table_add(), to
replace veriexec_newtable(), will be used to optimize hash table
size (during preload), and finally, veriexec_convert(), to convert
an internal entry to one userland can read.
- Introduce veriexec_unmountchk(), to enforce Veriexec unmount
policy. This cleans up a bit of code in kern/vfs_syscalls.c.
- Rename veriexec_tblfind() with veriexec_table_lookup(), and make
it static. More functions that became static: veriexec_fp_cmp(),
veriexec_fp_calc().
- veriexec_verify() no longer returns the entry as well, but just
sets a boolean indicating whether an entry was found or not.
- veriexec_purge() now takes a struct vnode *.
- veriexec_add_fp_name() was merged into veriexec_add_fp_ops(), that
changed its name to veriexec_fpops_add(). veriexec_find_ops() was
also renamed to veriexec_fpops_lookup().
Also on the fp-ops front, the three function types used to initialize,
update, and finalize a hash context were renamed to
veriexec_fpop_init_t, veriexec_fpop_update_t, and veriexec_fpop_final_t
respectively.
- Introduce a new malloc(9) type, M_VERIEXEC, and use it instead of
M_TEMP, so we can tell exactly how much memory is used by Veriexec.
- And, most importantly, whitespace and indentation nits.
Built successfuly for amd64, i386, sparc, and sparc64. Tested on amd64.
2006-11-30 04:09:47 +03:00
|
|
|
error = veriexec_table_add(l, dict);
|
2006-11-29 01:22:02 +03:00
|
|
|
prop_object_release(dict);
|
2005-04-20 17:44:45 +04:00
|
|
|
break;
|
|
|
|
|
|
2005-12-10 04:04:17 +03:00
|
|
|
case VERIEXEC_LOAD:
|
2006-11-29 01:22:02 +03:00
|
|
|
error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict);
|
|
|
|
|
if (error)
|
|
|
|
|
break;
|
|
|
|
|
|
Massive restructuring and cleanup of Veriexec, mainly in preparation
for work on some future functionality.
- Veriexec data-structures are no longer exposed.
- Thanks to using proplib for data passing now, the interface
changes further to accomodate that.
Introduce four new functions. First, veriexec_file_add(), to add
a new file to be monitored by Veriexec, to replace both
veriexec_load() and veriexec_hashadd(). veriexec_table_add(), to
replace veriexec_newtable(), will be used to optimize hash table
size (during preload), and finally, veriexec_convert(), to convert
an internal entry to one userland can read.
- Introduce veriexec_unmountchk(), to enforce Veriexec unmount
policy. This cleans up a bit of code in kern/vfs_syscalls.c.
- Rename veriexec_tblfind() with veriexec_table_lookup(), and make
it static. More functions that became static: veriexec_fp_cmp(),
veriexec_fp_calc().
- veriexec_verify() no longer returns the entry as well, but just
sets a boolean indicating whether an entry was found or not.
- veriexec_purge() now takes a struct vnode *.
- veriexec_add_fp_name() was merged into veriexec_add_fp_ops(), that
changed its name to veriexec_fpops_add(). veriexec_find_ops() was
also renamed to veriexec_fpops_lookup().
Also on the fp-ops front, the three function types used to initialize,
update, and finalize a hash context were renamed to
veriexec_fpop_init_t, veriexec_fpop_update_t, and veriexec_fpop_final_t
respectively.
- Introduce a new malloc(9) type, M_VERIEXEC, and use it instead of
M_TEMP, so we can tell exactly how much memory is used by Veriexec.
- And, most importantly, whitespace and indentation nits.
Built successfuly for amd64, i386, sparc, and sparc64. Tested on amd64.
2006-11-30 04:09:47 +03:00
|
|
|
error = veriexec_file_add(l, dict);
|
2006-11-29 01:22:02 +03:00
|
|
|
prop_object_release(dict);
|
2002-10-29 15:31:20 +03:00
|
|
|
break;
|
|
|
|
|
|
2005-12-10 05:10:00 +03:00
|
|
|
case VERIEXEC_DELETE:
|
2006-11-29 01:22:02 +03:00
|
|
|
error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict);
|
|
|
|
|
if (error)
|
|
|
|
|
break;
|
|
|
|
|
|
2006-11-30 19:53:47 +03:00
|
|
|
error = veriexec_delete(dict, l);
|
2006-11-29 01:22:02 +03:00
|
|
|
prop_object_release(dict);
|
2005-12-10 05:10:00 +03:00
|
|
|
break;
|
|
|
|
|
|
2006-11-29 01:22:02 +03:00
|
|
|
case VERIEXEC_QUERY: {
|
|
|
|
|
prop_dictionary_t rdict;
|
|
|
|
|
|
|
|
|
|
error = prop_dictionary_copyin_ioctl(plistref, cmd, &dict);
|
|
|
|
|
if (error)
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
rdict = prop_dictionary_create();
|
|
|
|
|
if (rdict == NULL) {
|
|
|
|
|
error = ENOMEM;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
error = veriexec_query(dict, rdict, l);
|
|
|
|
|
if (error == 0) {
|
|
|
|
|
error = prop_dictionary_copyout_ioctl(plistref, cmd,
|
|
|
|
|
rdict);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prop_object_release(rdict);
|
|
|
|
|
prop_object_release(dict);
|
|
|
|
|
|
2005-12-13 00:47:58 +03:00
|
|
|
break;
|
2006-11-29 01:22:02 +03:00
|
|
|
}
|
2005-12-13 00:47:58 +03:00
|
|
|
|
2002-10-29 15:31:20 +03:00
|
|
|
default:
|
2005-04-20 17:44:45 +04:00
|
|
|
/* Invalid operation. */
|
2002-10-29 15:31:20 +03:00
|
|
|
error = ENODEV;
|
2005-04-20 17:44:45 +04:00
|
|
|
break;
|
2002-10-29 15:31:20 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-20 17:44:45 +04:00
|
|
|
#if defined(__FreeBSD__)
|
|
|
|
|
static void
|
2006-11-16 04:32:37 +03:00
|
|
|
veriexec_drvinit(void *unused)
|
2005-04-20 17:44:45 +04:00
|
|
|
{
|
|
|
|
|
make_dev(&verifiedexec_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600,
|
2006-07-15 20:33:16 +04:00
|
|
|
"veriexec");
|
2005-04-20 17:44:45 +04:00
|
|
|
verifiedexecattach(0, 0, 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SYSINIT(veriexec, SI_SUB_PSEUDO, SI_ORDER_ANY, veriexec_drvinit, NULL);
|
|
|
|
|
#endif
|
2005-12-10 04:04:17 +03:00
|
|
|
|
2006-11-29 01:22:02 +03:00
|
|
|
static int
|
2006-11-30 19:53:47 +03:00
|
|
|
veriexec_delete(prop_dictionary_t dict, struct lwp *l)
|
2005-12-13 00:47:58 +03:00
|
|
|
{
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
struct nameidata nid;
|
2005-12-13 00:47:58 +03:00
|
|
|
int error;
|
|
|
|
|
|
2006-11-29 01:22:02 +03:00
|
|
|
NDINIT(&nid, LOOKUP, FOLLOW, UIO_SYSSPACE,
|
|
|
|
|
prop_string_cstring_nocopy(prop_dictionary_get(dict, "file")), l);
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
error = namei(&nid);
|
|
|
|
|
if (error)
|
|
|
|
|
return (error);
|
|
|
|
|
|
2006-11-30 19:53:47 +03:00
|
|
|
/* XXX this should be done differently... */
|
|
|
|
|
if (nid.ni_vp->v_type == VREG)
|
|
|
|
|
error = veriexec_file_delete(nid.ni_vp);
|
|
|
|
|
else if (nid.ni_vp->v_type == VDIR)
|
|
|
|
|
error = veriexec_table_delete(nid.ni_vp->v_mount);
|
|
|
|
|
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
vrele(nid.ni_vp);
|
|
|
|
|
|
2006-11-30 19:53:47 +03:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
veriexec_query(prop_dictionary_t dict, prop_dictionary_t rdict, struct lwp *l)
|
|
|
|
|
{
|
|
|
|
|
struct nameidata nid;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
NDINIT(&nid, LOOKUP, FOLLOW, UIO_SYSSPACE,
|
|
|
|
|
prop_string_cstring_nocopy(prop_dictionary_get(dict, "file")), l);
|
|
|
|
|
error = namei(&nid);
|
|
|
|
|
if (error)
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
error = veriexec_convert(nid.ni_vp, rdict);
|
|
|
|
|
|
|
|
|
|
vrele(nid.ni_vp);
|
Massive restructuring and cleanup of Veriexec, mainly in preparation
for work on some future functionality.
- Veriexec data-structures are no longer exposed.
- Thanks to using proplib for data passing now, the interface
changes further to accomodate that.
Introduce four new functions. First, veriexec_file_add(), to add
a new file to be monitored by Veriexec, to replace both
veriexec_load() and veriexec_hashadd(). veriexec_table_add(), to
replace veriexec_newtable(), will be used to optimize hash table
size (during preload), and finally, veriexec_convert(), to convert
an internal entry to one userland can read.
- Introduce veriexec_unmountchk(), to enforce Veriexec unmount
policy. This cleans up a bit of code in kern/vfs_syscalls.c.
- Rename veriexec_tblfind() with veriexec_table_lookup(), and make
it static. More functions that became static: veriexec_fp_cmp(),
veriexec_fp_calc().
- veriexec_verify() no longer returns the entry as well, but just
sets a boolean indicating whether an entry was found or not.
- veriexec_purge() now takes a struct vnode *.
- veriexec_add_fp_name() was merged into veriexec_add_fp_ops(), that
changed its name to veriexec_fpops_add(). veriexec_find_ops() was
also renamed to veriexec_fpops_lookup().
Also on the fp-ops front, the three function types used to initialize,
update, and finalize a hash context were renamed to
veriexec_fpop_init_t, veriexec_fpop_update_t, and veriexec_fpop_final_t
respectively.
- Introduce a new malloc(9) type, M_VERIEXEC, and use it instead of
M_TEMP, so we can tell exactly how much memory is used by Veriexec.
- And, most importantly, whitespace and indentation nits.
Built successfuly for amd64, i386, sparc, and sparc64. Tested on amd64.
2006-11-30 04:09:47 +03:00
|
|
|
|
2005-12-13 00:47:58 +03:00
|
|
|
return (error);
|
|
|
|
|
}
|