Menu
▾
▴
[Cerber-commits] cerb-ng/kcerb cerb_syscalls.c,NONE,1.1 cerb_syscalls.h,NONE,1.1 Makefile,1.3,1.4 cerb_action.h,1.2,1.3 cerb_globals.h,1.1,1.2 cerb_main.c,1.1,1.2 cerb_rules.c,1.2,1.3 cerb_rules.h,1.3,1.4 cerb_urules.c,1.3,1.4 cerb_urules.h,1.1,1.2
Update of /cvsroot/cerber/cerb-ng/kcerb
In directory usw-pr-cvs1:/tmp/cvs-serv28380
Modified Files:
Makefile cerb_action.h cerb_globals.h cerb_main.c cerb_rules.c
cerb_rules.h cerb_urules.c cerb_urules.h
Added Files:
cerb_syscalls.c cerb_syscalls.h
Log Message:
- Added two files with funtions that operates on syscalls:
cerb_syscalls.c
cerb_syscalls.h
Added adequate lines to Makefile as well.
- Added v_id field for scb_val structure, beacuse there was no way to
describe type of syscall argument.
- Added two new macros:
MCB_DEBUG(txt) - prints debug informations (txt).
MCB_XDEBUG(txt, ret) - prints debug information (txt) and return
value (ret) and returning it.
- Added debug informations about errors for functions in cerb_urules.c file.
- Fixed all function for use new v_id field from scb_val structure.
- Turned on socket() syscall catching for tests.
--- NEW FILE: cerb_syscalls.c ---
/*
* cerb_syscalls.c - funtions that operates on syscalls
*
* (c) 2002 Pawel Jakub Dawidek <ni...@ga...>
*
* $Id: cerb_syscalls.c,v 1.1 2002/08/31 01:25:45 dawidek Exp $
*
*/
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/module.h>
#include <sys/sysent.h>
#include <sys/kernel.h>
#include <sys/libkern.h>
#include <sys/systm.h>
#include <sys/sysproto.h>
#include <sys/syscall.h>
#include <machine/frame.h>
#include "cerb_syscalls.h"
static sy_call_t *tcb_oldscall[SYS_MAXSYSCALL];
void
fcb_scall_cache(void)
{
u_int i;
for (i = 0; i < SYS_MAXSYSCALL; ++i)
tcb_oldscall[i] = sysent[i].sy_call;
}
void
fcb_scall_restore(void)
{
u_int i;
for (i = 0; i < SYS_MAXSYSCALL; ++i)
sysent[i].sy_call = tcb_oldscall[i];
}
/*
* There are problems (kernel panic) when catching those syscalls:
* select(), wait4(), mmap(), lseek(), sigsuspend()
*/
/*
* This function catch all syscalls.
*/
int
fcb_syscalls(register struct proc *p, register void *uap)
{
int nscall;
nscall = p->p_md.md_regs->tf_eax; /* number of catched syscall */
switch (nscall) {
case SYS_socket:
uprintf("debug:socket: %d %d %d\n",
((struct socket_args *)uap)->domain,
((struct socket_args *)uap)->type,
((struct socket_args *)uap)->protocol);
break;
case SYS_chmod:
case SYS_execve:
case SYS_ptrace:
uprintf("debug: CALL %d [login: %s]\n",
nscall, p->p_pgrp->pg_session->s_login);
}
return tcb_oldscall[nscall](p, uap);
}
--- NEW FILE: cerb_syscalls.h ---
/*
* cerb_syscalls.h - header file for cerb_syscalls.c
*
* (c) 2002 Pawel Jakub Dawidek <ni...@ga...>
*
* $Id: cerb_syscalls.h,v 1.1 2002/08/31 01:25:45 dawidek Exp $
*
*/
#ifndef _CERB_SYSCALLS_H_
#define _CERB_SYSCALLS_H_
void fcb_scall_cache(void);
void fcb_scall_restore(void);
int fcb_syscalls(register struct proc *p, register void *uap);
#endif /* _CERB_SYSCALLS_H_ */
Index: Makefile
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/kcerb/Makefile,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** Makefile 30 Aug 2002 00:40:36 -0000 1.3
--- Makefile 31 Aug 2002 01:25:45 -0000 1.4
***************
*** 3,6 ****
--- 3,8 ----
SRCS = vnode_if.h \
cerb_main.c \
+ cerb_syscalls.c \
+ cerb_syscalls.h \
cerb_globals.h \
cerb_rules.c \
Index: cerb_action.h
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_action.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** cerb_action.h 30 Aug 2002 00:40:36 -0000 1.2
--- cerb_action.h 31 Aug 2002 01:25:45 -0000 1.3
***************
*** 13,77 ****
#include "cerb_globals.h"
- /*
- * Here are defined operations that could be made between two arguments.
- */
- #define CB_SET_O 1 /* = set */
- #define CB_EQUAL_O 2 /* == equal */
- #define CB_NOTEQUAL_O 3 /* != not equal */
- #define CB_MORE_O 4 /* > more */
- #define CB_MOREOREQUAL_O 5 /* >= more or equal */
- #define CB_LESS_O 6 /* < less */
- #define CB_LESSOREQUAL_O 7 /* <= less or equal */
- #define CB_MATCH_O 8 /* ~ match */
- #define CB_NOTMATCH_O 9 /* !~ don't match */
- /*
- * Rest of commands
- */
/* Description for those functions You can find in README file */
- #define CB_CALL_O 10 /* call() */
- #define CB_RETURN_O 11 /* return () */
- #define CB_REALPATH_O 12 /* realpath() */
- #define CB_GETPNAME_O 13 /* getpname() */
- #define CB_SETPNAME_O 14 /* setpname() */
- #define CB_GETPFILE_O 15 /* getpfile() */
- #define CB_SETPFILE_O 16 /* setpfile() */
- #define CB_GETPRUID_O 17 /* getpruid() */
- #define CB_SETPRUID_O 18 /* setpruid() */
- #define CB_GETPRGID_O 19 /* getprgid() */
- #define CB_SETPRGID_O 20 /* setprgid() */
- #define CB_GETPEUID_O 21 /* getpeuid() */
- #define CB_SETPEUID_O 22 /* setpeuid() */
- #define CB_GETPEGID_O 23 /* getpegid() */
- #define CB_SETPEGID_O 24 /* setpegid() */
- #define CB_GETPSVUID_O 25 /* getpsvuid() */
- #define CB_SETPSVUID_O 26 /* setpsvuid() */
- #define CB_GETPSVGID_O 27 /* getpsvgid() */
- #define CB_SETPSVGID_O 28 /* setpsvgid() */
- #define CB_ISMEMBER_O 29 /* ismember() */
- #define CB_ADDGROUP_O 30 /* addgroup() */
- #define CB_DELGROUP_O 31 /* delgroup() */
- #define CB_GETINODE_O 32 /* getinode() */
- #define CB_GETDEV_O 33 /* getdev() */
- #define CB_GETOUID_O 34 /* getouid() */
- #define CB_GETOGID_O 35 /* getogid() */
- #define CB_GETMODE_O 36 /* getmode() */
- #define CB_GETFLAGS_O 37 /* getflags() */
- #define CB_GETNLINKS_O 38 /* getnlinks() */
- #define CB_GETSIZE_O 39 /* getsize() */
- #define CB_FD2NAME_O 40 /* fd2name() */
- #define CB_FD2INODE_O 41 /* fd2inode() */
- #define CB_FD2DEV_O 42 /* fd2dev() */
- #define CB_FD2OUID_O 43 /* fd2ouid() */
- #define CB_FD2OGID_O 44 /* fd2ogid() */
- #define CB_FD2MODE_O 45 /* fd2mode() */
- #define CB_FD2FLAGS_O 46 /* fd2flags() */
- #define CB_FD2NLINKS_O 47 /* fd2nlinks() */
- #define CB_FD2SIZE_O 48 /* fd2size() */
- #define CB_RMENV_O 49 /* rmenv() */
- #define CB_CLEANENV_O 50 /* cleanenv() */
- #define CB_CHKARGS_O 51 /* chkargs() */
- #define CB_CHKENVS_O 52 /* chkenvs() */
-
- #define CB_MAXFUN_O 53 /* number of functions */
struct scb_val *fcb_op_set(struct proc *p, struct scb_val *v);
--- 13,17 ----
***************
*** 132,189 ****
*/
static dcb_op_t *tcb_op[] = {
! NULL, /* first one not used */
! fcb_op_set, /* CB_SET_O */
! fcb_op_equal, /* CB_EQUAL_O */
! fcb_op_notequal, /* CB_NOTEQUAL_O */
! fcb_op_more, /* CB_MORE_O */
! fcb_op_moreorequal, /* CB_MOREOREQUAL_O */
! fcb_op_less, /* CB_LESS_O */
! fcb_op_lessorequal, /* CB_LESSOREQUAL_O */
! fcb_op_match, /* CB_MATCH_O */
! fcb_op_notmatch, /* CB_NOTMATCH_O */
! fcb_op_call, /* CB_CALL_O */
! fcb_op_return, /* CB_RETURN_O */
! fcb_op_realpath, /* CB_REALPATH_O */
! fcb_op_getpname, /* CB_GETPNAME_O */
! fcb_op_setpname, /* CB_SETPNAME_O */
! fcb_op_getpfile, /* CB_GETPFILE_O */
! fcb_op_setpfile, /* CB_SETPFILE_O */
! fcb_op_getpruid, /* CB_GETPRUID_O */
! fcb_op_setpruid, /* CB_SETPRUID_O */
! fcb_op_getprgid, /* CB_GETPRGID_O */
! fcb_op_setprgid, /* CB_SETPRGID_O */
! fcb_op_getpeuid, /* CB_GETPEUID_O */
! fcb_op_setpeuid, /* CB_SETPEUID_O */
! fcb_op_getpegid, /* CB_GETPEGID_O */
! fcb_op_setpegid, /* CB_SETPEGID_O */
! fcb_op_getpsvuid, /* CB_GETPSVUID_O */
! fcb_op_setpsvuid, /* CB_SETPSVUID_O */
! fcb_op_getpsvgid, /* CB_GETPSVGID_O */
! fcb_op_setpsvgid, /* CB_SETPSVGID_O */
! fcb_op_ismember, /* CB_ISMEMBER_O */
! fcb_op_addgroup, /* CB_ADDGROUP_O */
! fcb_op_delgroup, /* CB_DELGROUP_O */
! fcb_op_getinode, /* CB_GETINODE_O */
! fcb_op_getdev, /* CB_GETDEV_O */
! fcb_op_getouid, /* CB_GETOUID_O */
! fcb_op_getogid, /* CB_GETOGID_O */
! fcb_op_getmode, /* CB_GETMODE_O */
! fcb_op_getflags, /* CB_GETFLAGS_O */
! fcb_op_getnlinks, /* CB_GETNLINKS_O */
! fcb_op_getsize, /* CB_GETSIZE_O */
! fcb_op_fd2name, /* CB_FD2NAME_O */
! fcb_op_fd2inode, /* CB_FD2INODE_O */
! fcb_op_fd2dev, /* CB_FD2DEV_O */
! fcb_op_fd2ouid, /* CB_FD2OUID_O */
! fcb_op_fd2ogid, /* CB_FD2OGID_O */
! fcb_op_fd2mode, /* CB_FD2MODE_O */
! fcb_op_fd2flags, /* CB_FD2FLAGS_O */
! fcb_op_fd2nlinks, /* CB_FD2NLINKS_O */
! fcb_op_fd2size, /* CB_FD2SIZE_O */
! fcb_op_rmenv, /* CB_RMENV_O */
! fcb_op_cleanenv, /* CB_CLEANENV_O */
! fcb_op_chkargs, /* CB_CHKARGS_O */
! fcb_op_chkenvs /* CB_CHKENVS_O */
! /* CB_MAXFUN_O */
};
--- 72,182 ----
*/
static dcb_op_t *tcb_op[] = {
! #define CB_EMPTY_O 0 /* empty one to match end of table */
! NULL,
! #define CB_SET_O 1 /* = set */
! fcb_op_set,
! #define CB_EQUAL_O 2 /* == equal */
! fcb_op_equal,
! #define CB_NOTEQUAL_O 3 /* != not equal */
! fcb_op_notequal,
! #define CB_MORE_O 4 /* > more */
! fcb_op_more,
! #define CB_MOREOREQUAL_O 5 /* >= more or equal */
! fcb_op_moreorequal,
! #define CB_LESS_O 6 /* < less */
! fcb_op_less,
! #define CB_LESSOREQUAL_O 7 /* <= less or equal */
! fcb_op_lessorequal,
! #define CB_MATCH_O 8 /* ~ match */
! fcb_op_match,
! #define CB_NOTMATCH_O 9 /* !~ don't match */
! fcb_op_notmatch,
! #define CB_CALL_O 10 /* call() */
! fcb_op_call,
! #define CB_RETURN_O 11 /* return () */
! fcb_op_return,
! #define CB_REALPATH_O 12 /* realpath() */
! fcb_op_realpath,
! #define CB_GETPNAME_O 13 /* getpname() */
! fcb_op_getpname,
! #define CB_SETPNAME_O 14 /* setpname() */
! fcb_op_setpname,
! #define CB_GETPFILE_O 15 /* getpfile() */
! fcb_op_getpfile,
! #define CB_SETPFILE_O 16 /* setpfile() */
! fcb_op_setpfile,
! #define CB_GETPRUID_O 17 /* getpruid() */
! fcb_op_getpruid,
! #define CB_SETPRUID_O 18 /* setpruid() */
! fcb_op_setpruid,
! #define CB_GETPRGID_O 19 /* getprgid() */
! fcb_op_getprgid,
! #define CB_SETPRGID_O 20 /* setprgid() */
! fcb_op_setprgid,
! #define CB_GETPEUID_O 21 /* getpeuid() */
! fcb_op_getpeuid,
! #define CB_SETPEUID_O 22 /* setpeuid() */
! fcb_op_setpeuid,
! #define CB_GETPEGID_O 23 /* getpegid() */
! fcb_op_getpegid,
! #define CB_SETPEGID_O 24 /* setpegid() */
! fcb_op_setpegid,
! #define CB_GETPSVUID_O 25 /* getpsvuid() */
! fcb_op_getpsvuid,
! #define CB_SETPSVUID_O 26 /* setpsvuid() */
! fcb_op_setpsvuid,
! #define CB_GETPSVGID_O 27 /* getpsvgid() */
! fcb_op_getpsvgid,
! #define CB_SETPSVGID_O 28 /* setpsvgid() */
! fcb_op_setpsvgid,
! #define CB_ISMEMBER_O 29 /* ismember() */
! fcb_op_ismember,
! #define CB_ADDGROUP_O 30 /* addgroup() */
! fcb_op_addgroup,
! #define CB_DELGROUP_O 31 /* delgroup() */
! fcb_op_delgroup,
! #define CB_GETINODE_O 32 /* getinode() */
! fcb_op_getinode,
! #define CB_GETDEV_O 33 /* getdev() */
! fcb_op_getdev,
! #define CB_GETOUID_O 34 /* getouid() */
! fcb_op_getouid,
! #define CB_GETOGID_O 35 /* getogid() */
! fcb_op_getogid,
! #define CB_GETMODE_O 36 /* getmode() */
! fcb_op_getmode,
! #define CB_GETFLAGS_O 37 /* getflags() */
! fcb_op_getflags,
! #define CB_GETNLINKS_O 38 /* getnlinks() */
! fcb_op_getnlinks,
! #define CB_GETSIZE_O 39 /* getsize() */
! fcb_op_getsize,
! #define CB_FD2NAME_O 40 /* fd2name() */
! fcb_op_fd2name,
! #define CB_FD2INODE_O 41 /* fd2inode() */
! fcb_op_fd2inode,
! #define CB_FD2DEV_O 42 /* fd2dev() */
! fcb_op_fd2dev,
! #define CB_FD2OUID_O 43 /* fd2ouid() */
! fcb_op_fd2ouid,
! #define CB_FD2OGID_O 44 /* fd2ogid() */
! fcb_op_fd2ogid,
! #define CB_FD2MODE_O 45 /* fd2mode() */
! fcb_op_fd2mode,
! #define CB_FD2FLAGS_O 46 /* fd2flags() */
! fcb_op_fd2flags,
! #define CB_FD2NLINKS_O 47 /* fd2nlinks() */
! fcb_op_fd2nlinks,
! #define CB_FD2SIZE_O 48 /* fd2size() */
! fcb_op_fd2size,
! #define CB_RMENV_O 49 /* rmenv() */
! fcb_op_rmenv,
! #define CB_CLEANENV_O 50 /* cleanenv() */
! fcb_op_cleanenv,
! #define CB_CHKARGS_O 51 /* chkargs() */
! fcb_op_chkargs,
! #define CB_CHKENVS_O 52 /* chkenvs() */
! fcb_op_chkenvs
! #define CB_MAXFUN_O 53 /* number of functions */
};
Index: cerb_globals.h
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_globals.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** cerb_globals.h 30 Aug 2002 00:40:36 -0000 1.1
--- cerb_globals.h 31 Aug 2002 01:25:45 -0000 1.2
***************
*** 20,70 ****
#define CB_MAXVALS_G 64 /* Maxium number of arguments for operation
defined in some rule */
-
/*
! * Types placed in scb_val.v_type.
*/
!
! #define CB_STR_T 1 /* char * */
! #define CB_STRPTR_T 2 /* char ** */
! #define CB_DEF_T 3 /* register_t */
! #define CB_DEFPTR_T 4 /* register_t * */
! #define CB_UDEF_T 5 /* u_register_t */
! #define CB_UDEFPTR_T 6 /* u_register_r * */
! #define CB_LOCAL_T 7 /* values for current process, see below */
! #define CB_FUN_T 8 /* function number in userland rule or
function pointer in kernel rule */
! #define CB_ARG_T 9 /* number of syscall argument */
! #define CB_REG_T 10 /* number of cerb register */
! #define CB_MAXTYPES_T 11
/*
* When scb.v_type is CB_LOCAL_T, then scb_val.v_val should be:
*/
#define CB_SYSCALL_L 0 /* syscall number */
#define CB_NAME_L 1 /* process name */
#define CB_PID_L 2 /* process ID (not parent proces ID) */
#define CB_RUID_L 3 /* process real uid */
#define CB_RGID_L 4 /* process real gid */
#define CB_EUID_L 5 /* process effective uid */
#define CB_EGID_L 6 /* process effective gid */
#define CB_SVUID_L 7 /* process saved uid */
#define CB_SVGID_L 8 /* process saved gid */
#define CB_GROUPS_L 9 /* process owner groups */
#define CB_LOGIN_L 10 /* login of user associated
with process session */
#define CB_PRISON_L 11 /* process is in jail or not? */
#define CB_RETVAL0_L 12 /* process return value */
#define CB_RETVAL1_L 13 /* second process return value */
#define CB_FNAME_L 14 /* file name of executable */
#define CB_FINODE_L 15 /* file inode of executable */
#define CB_FDEV_L 16 /* device inode of executable */
#define CB_FUID_L 17 /* owner uid of executable */
#define CB_FGID_L 18 /* owner gid of executable */
#define CB_FMODE_L 19 /* permission of executable */
#define CB_FFLAGS_L 20 /* flags of executable */
#define CB_FNLINKS_L 21 /* number of hard links of executable */
#define CB_MAXLOCAL_L 22
#endif /* _CERB_GLOBAL_H_ */
--- 20,101 ----
#define CB_MAXVALS_G 64 /* Maxium number of arguments for operation
defined in some rule */
/*
! * Value ID placed in scb_val.v_id.
*/
! #define CB_EMPTY_I 0 /* empty value (the last one) */
! #define CB_CONST_I 1 /* values defined in userland rules */
! #define CB_LOCAL_I 2 /* values for current process, see below */
! #define CB_FUN_I 3 /* function number in userland rule or
function pointer in kernel rule */
! #define CB_ARG_I 4 /* number of syscall argument */
! #define CB_REG_I 5 /* number of cerb register */
! #define CB_MAXIDS_I 6
!
! /*
! * Value type placed in scb_val.v_type.
! */
! #define CB_STR_T 0 /* char * */
! #define CB_STRPTR_T 1 /* char ** */
! #define CB_DEF_T 2 /* register_t */
! #define CB_DEFPTR_T 3 /* register_t * */
! #define CB_UDEF_T 4 /* u_register_t */
! #define CB_UDEFPTR_T 5 /* u_register_r * */
! #define CB_PTR_T 6 /* some other pointer (void *) */
!
! #define CB_MAXTYPES_T 7
/*
* When scb.v_type is CB_LOCAL_T, then scb_val.v_val should be:
*/
+ static u_int tcb_local2type[] = {
#define CB_SYSCALL_L 0 /* syscall number */
+ CB_UDEF_T,
#define CB_NAME_L 1 /* process name */
+ CB_STR_T,
#define CB_PID_L 2 /* process ID (not parent proces ID) */
+ CB_UDEF_T,
#define CB_RUID_L 3 /* process real uid */
+ CB_UDEF_T,
#define CB_RGID_L 4 /* process real gid */
+ CB_UDEF_T,
#define CB_EUID_L 5 /* process effective uid */
+ CB_UDEF_T,
#define CB_EGID_L 6 /* process effective gid */
+ CB_UDEF_T,
#define CB_SVUID_L 7 /* process saved uid */
+ CB_UDEF_T,
#define CB_SVGID_L 8 /* process saved gid */
+ CB_UDEF_T,
#define CB_GROUPS_L 9 /* process owner groups */
+ CB_UDEFPTR_T,
#define CB_LOGIN_L 10 /* login of user associated
with process session */
+ CB_STR_T,
#define CB_PRISON_L 11 /* process is in jail or not? */
+ CB_PTR_T,
#define CB_RETVAL0_L 12 /* process return value */
+ CB_DEF_T,
#define CB_RETVAL1_L 13 /* second process return value */
+ CB_DEF_T,
#define CB_FNAME_L 14 /* file name of executable */
+ CB_STR_T,
#define CB_FINODE_L 15 /* file inode of executable */
+ CB_UDEF_T,
#define CB_FDEV_L 16 /* device inode of executable */
+ CB_UDEF_T,
#define CB_FUID_L 17 /* owner uid of executable */
+ CB_UDEF_T,
#define CB_FGID_L 18 /* owner gid of executable */
+ CB_UDEF_T,
#define CB_FMODE_L 19 /* permission of executable */
+ CB_UDEF_T,
#define CB_FFLAGS_L 20 /* flags of executable */
+ CB_UDEF_T,
#define CB_FNLINKS_L 21 /* number of hard links of executable */
+ CB_UDEF_T
#define CB_MAXLOCAL_L 22
+ };
#endif /* _CERB_GLOBAL_H_ */
Index: cerb_main.c
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_main.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** cerb_main.c 29 Aug 2002 00:23:18 -0000 1.1
--- cerb_main.c 31 Aug 2002 01:25:45 -0000 1.2
***************
*** 20,23 ****
--- 20,24 ----
#include "cerb_urules.h"
#include "cerb_desc.h"
+ #include "cerb_syscalls.h"
static struct sysent cerb_sysent = {
***************
*** 53,61 ****
fcb_malloc_init();
fcb_desc_init();
sysent[SYS_open].sy_call = (sy_call_t *)n_open;
printf ("syscall loaded at %d\n", offset);
break;
case MOD_UNLOAD :
! sysent[SYS_open].sy_call = (sy_call_t *)open;
fcb_desc_clear();
fcb_dclose_clear();
--- 54,64 ----
fcb_malloc_init();
fcb_desc_init();
+ fcb_scall_cache();
sysent[SYS_open].sy_call = (sy_call_t *)n_open;
+ sysent[SYS_socket].sy_call = (sy_call_t *)fcb_syscalls;
printf ("syscall loaded at %d\n", offset);
break;
case MOD_UNLOAD :
! fcb_scall_restore();
fcb_desc_clear();
fcb_dclose_clear();
Index: cerb_rules.c
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_rules.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** cerb_rules.c 30 Aug 2002 00:40:36 -0000 1.2
--- cerb_rules.c 31 Aug 2002 01:25:45 -0000 1.3
***************
*** 44,49 ****
if ((*rule)->r_args != NULL) {
for (i = 0; i < (*rule)->r_nargs; ++i) {
! if ((*rule)->r_args[i].v_type == CB_FUN_T)
MCB_FREE((void *)(*rule)->r_args[i].v_val);
}
MCB_FREE((*rule)->r_args);
--- 44,51 ----
if ((*rule)->r_args != NULL) {
for (i = 0; i < (*rule)->r_nargs; ++i) {
! if ((*rule)->r_args[i].v_id == CB_CONST_I &&
! (*rule)->r_args[i].v_type == CB_STR_T) {
MCB_FREE((void *)(*rule)->r_args[i].v_val);
+ }
}
MCB_FREE((*rule)->r_args);
Index: cerb_rules.h
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_rules.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** cerb_rules.h 30 Aug 2002 00:40:36 -0000 1.3
--- cerb_rules.h 31 Aug 2002 01:25:45 -0000 1.4
***************
*** 17,24 ****
--- 17,27 ----
struct scb_val {
+ u_int v_id; /* value id */
u_int v_type; /* value type */
register_t v_val; /* value */
};
+ #ifdef _KERNEL
+
/*
* Struct for rule in kernel space.
***************
*** 35,38 ****
--- 38,43 ----
void fcb_rule_init(void);
void fcb_rule_free(struct scb_rule **rule);
+
+ #endif /* _KERNEL */
#endif /* _CERB_RULES_H_ */
Index: cerb_urules.c
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_urules.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** cerb_urules.c 30 Aug 2002 00:40:36 -0000 1.3
--- cerb_urules.c 31 Aug 2002 01:25:45 -0000 1.4
***************
*** 38,46 ****
if (ccb_lockrules != 0 || p->p_cred->p_ruid != 0 ||
p->p_prison != NULL) {
! return (EPERM);
}
if (MCB_CHKADDR(uap->tab))
! return (EFAULT);
for (i = 1, nrules = 0; uap->tab[i].ur_op != 0; ++i)
--- 38,46 ----
if (ccb_lockrules != 0 || p->p_cred->p_ruid != 0 ||
p->p_prison != NULL) {
! MCB_XDEBUG("Operation not permitted.", EPERM);
}
if (MCB_CHKADDR(uap->tab))
! MCB_XDEBUG("Bad head address.", EFAULT);
for (i = 1, nrules = 0; uap->tab[i].ur_op != 0; ++i)
***************
*** 48,56 ****
if (nrules > CB_MAXRULES_G)
! return (EFAULT);
if ((addr = fcb_malloc("Adresses of rules in kernel space",
nrules * sizeof(struct scb_rule *), M_NOWAIT)) == NULL) {
! return (ENOMEM);
}
--- 48,56 ----
if (nrules > CB_MAXRULES_G)
! MCB_XDEBUG("Too many rules.", EFAULT);
if ((addr = fcb_malloc("Adresses of rules in kernel space",
nrules * sizeof(struct scb_rule *), M_NOWAIT)) == NULL) {
! MCB_XDEBUG("Can't allocate memory for rules pointers.", ENOMEM);
}
***************
*** 61,65 ****
MCB_FREE(addr[i - 1]);
MCB_FREE(addr);
! return (ENOMEM);
}
addr[i]->r_true = NULL;
--- 61,65 ----
MCB_FREE(addr[i - 1]);
MCB_FREE(addr);
! MCB_XDEBUG("Can't allocate memory for rule.", ENOMEM);
}
addr[i]->r_true = NULL;
***************
*** 77,85 ****
fcb_rule_free(&(addr[i - 1]));
MCB_FREE(addr);
! return (error);
}
}
- uprintf("syscall working, total rules: %d\n", nrules);
return (0);
}
--- 77,84 ----
fcb_rule_free(&(addr[i - 1]));
MCB_FREE(addr);
! MCB_XDEBUG("Error when filling rule.", error);
}
}
return (0);
}
***************
*** 94,110 ****
if (MCB_CHKADDR(urule->ur_args))
! return (EFAULT);
nvals = 0;
if (urule->ur_args != NULL) {
! for (i = 0; urule->ur_args[i].v_type != 0; ++i)
++nvals;
}
if (nvals > CB_MAXVALS_G)
! return (EFAULT);
! if (urule->ur_true >= nrules || urule->ur_true == nrule)
! return (EFAULT);
else if (urule->ur_true == 0)
rule->r_true = NULL;
--- 93,109 ----
if (MCB_CHKADDR(urule->ur_args))
! MCB_XDEBUG("Bad args tab address.", EFAULT);
nvals = 0;
if (urule->ur_args != NULL) {
! for (i = 0; urule->ur_args[i].v_id != CB_EMPTY_I; ++i)
++nvals;
}
if (nvals > CB_MAXVALS_G)
! MCB_XDEBUG("To many arguments.", EFAULT);
! if (urule->ur_true >= nrules || urule->ur_true == nrule + 1)
! MCB_XDEBUG("Incorrect ,,true'' argument.", EFAULT);
else if (urule->ur_true == 0)
rule->r_true = NULL;
***************
*** 112,117 ****
rule->r_true = rules[urule->ur_true - 1];
! if (urule->ur_false >= nrules || urule->ur_false == nrule)
! return (EFAULT);
else if (urule->ur_false == 0)
rule->r_false = NULL;
--- 111,116 ----
rule->r_true = rules[urule->ur_true - 1];
! if (urule->ur_false >= nrules || urule->ur_false == nrule + 1)
! MCB_XDEBUG("Incorrect ,,false'' argument.", EFAULT);
else if (urule->ur_false == 0)
rule->r_false = NULL;
***************
*** 119,124 ****
rule->r_false = rules[urule->ur_false - 1];
! if (urule->ur_next >= nrules || urule->ur_next == nrule)
! return (EFAULT);
else if (urule->ur_next == 0)
rule->r_next = NULL;
--- 118,123 ----
rule->r_false = rules[urule->ur_false - 1];
! if (urule->ur_next >= nrules || urule->ur_next == nrule + 1)
! MCB_XDEBUG("Incorrect ,,next'' argument.", EFAULT);
else if (urule->ur_next == 0)
rule->r_next = NULL;
***************
*** 127,131 ****
if (urule->ur_op >= CB_MAXFUN_O)
! return (EFAULT);
rule->r_fun = tcb_op[urule->ur_op];
--- 126,130 ----
if (urule->ur_op >= CB_MAXFUN_O)
! MCB_XDEBUG("Function number too big.", EFAULT);
rule->r_fun = tcb_op[urule->ur_op];
***************
*** 134,194 ****
if ((rule->r_args = fcb_malloc("urule_fill",
sizeof(struct scb_val) * nvals, M_NOWAIT)) == NULL) {
! return (ENOMEM);
}
/* This is needed if I don't want problems with fcb_rule_free() */
for (i = 0; i < nvals; ++i)
! rule->r_args[i].v_val = NULL;
for (i = 0; i < nvals; ++i) {
! switch (rule->r_args[i].v_type) {
! case CB_STR_T:
! if (MCB_CHKADDR((void *)urule->ur_args[i].v_val))
! return (EFAULT);
! strsize = strlen((char *)urule->ur_args[i].v_val) + 1;
! if ((rule->r_args[i].v_val =
! (register_t)fcb_malloc("urule_fill:str allocation",
! strsize, M_NOWAIT)) == NULL) {
! return (ENOMEM);
}
! if ((error = copyinstr((char *)urule->ur_args[i].v_val,
! (char *)rule->r_args[i].v_val, strsize,
! NULL)) != 0) {
! return (error);
}
break;
! case CB_LOCAL_T:
! if (urule->ur_args[i].v_val >= CB_MAXLOCAL_L)
! return (EFAULT);
! /* FALLTHROUGH */
! case CB_ARG_T:
! if (urule->ur_args[i].v_val < 0)
! return (EFAULT);
! /* FALLTHROUGH */
! case CB_DEF_T:
! case CB_UDEF_T:
rule->r_args[i].v_val = urule->ur_args[i].v_val;
break;
! case CB_REG_T:
if (urule->ur_args[i].v_val >= CB_NREGS_G ||
urule->ur_args[i].v_val < 0) {
! return (EFAULT);
}
rule->r_args[i].v_val = urule->ur_args[i].v_val;
break;
! case CB_FUN_T:
if (urule->ur_args[i].v_val <= 0 ||
urule->ur_args[i].v_val >= nrules ||
! urule->ur_args[i].v_val == nrule) {
! return (EFAULT);
}
rule->r_args[i].v_val =
(register_t)rules[urule->ur_args[i].v_val - 1];
break;
default:
! return (EFAULT);
}
! rule->r_args[i].v_type = urule->ur_args[i].v_type;
}
--- 133,226 ----
if ((rule->r_args = fcb_malloc("urule_fill",
sizeof(struct scb_val) * nvals, M_NOWAIT)) == NULL) {
! MCB_XDEBUG("Can't allocate memory for arguments.", ENOMEM);
}
/* This is needed if I don't want problems with fcb_rule_free() */
for (i = 0; i < nvals; ++i)
! rule->r_args[i].v_id = CB_EMPTY_I;
for (i = 0; i < nvals; ++i) {
! if (urule->ur_args[i].v_type < 0 ||
! urule->ur_args[i].v_type >= CB_MAXTYPES_T) {
! MCB_XDEBUG("Incorrent v_type value.", EFAULT);
! }
!
! switch (rule->r_args[i].v_id) {
! case CB_CONST_I:
! switch (rule->r_args[i].v_type) {
! case CB_STR_T:
! /* Don't fix in 80 chars! */
! if (MCB_CHKADDR((void *)urule->ur_args[i].v_val)) {
! MCB_XDEBUG("Bad string address.",
! EFAULT);
! }
! strsize = strlen((char *)urule->ur_args[i].v_val) + 1;
! if ((rule->r_args[i].v_val =
! (register_t)fcb_malloc("urule_fill:str "
! "allocation", strsize, M_NOWAIT)) == NULL) {
! MCB_XDEBUG("Can't allocate memory for "
! "string.", ENOMEM);
! }
! if ((error =
! copyinstr((char *)urule->ur_args[i].v_val,
! (char *)rule->r_args[i].v_val, strsize,
! NULL)) != 0) {
! MCB_XDEBUG("Error while coping string.",
! error);
! }
! break;
! case CB_DEF_T:
! case CB_UDEF_T:
! rule->r_args[i].v_val = urule->ur_args[i].v_val;
! break;
! default:
! MCB_XDEBUG("Incorrect type.", EFAULT);
}
! break;
! case CB_LOCAL_I:
! if (urule->ur_args[i].v_val < 0 ||
! urule->ur_args[i].v_val >= CB_MAXLOCAL_L) {
! MCB_XDEBUG("Incorrect v_val for CB_LOCAL_I ID.",
! EFAULT);
}
+ rule->r_args[i].v_type =
+ tcb_local2type[urule->ur_args[i].v_val];
+ rule->r_args[i].v_val = urule->ur_args[i].v_val;
break;
! case CB_ARG_I:
! if (urule->ur_args[i].v_val < 0) {
! MCB_XDEBUG("Incorrect v_val for CB_ARG_I ID.",
! EFAULT);
! }
! rule->r_args[i].v_type = urule->ur_args[i].v_type;
rule->r_args[i].v_val = urule->ur_args[i].v_val;
break;
! case CB_REG_I:
if (urule->ur_args[i].v_val >= CB_NREGS_G ||
urule->ur_args[i].v_val < 0) {
! MCB_XDEBUG("Incorrect v_val for CB_REG_I ID.",
! EFAULT);
}
+ /* this field isn't important for CB_REG_I */
+ rule->r_args[i].v_type = 0;
rule->r_args[i].v_val = urule->ur_args[i].v_val;
break;
! case CB_FUN_I:
if (urule->ur_args[i].v_val <= 0 ||
urule->ur_args[i].v_val >= nrules ||
! urule->ur_args[i].v_val == nrule + 1) {
! MCB_XDEBUG("Incorrect v_val for CB_FUN_I ID.",
! EFAULT);
}
+ /* this field isn't important for CB_FUN_I ID */
+ rule->r_args[i].v_type = 0;
rule->r_args[i].v_val =
(register_t)rules[urule->ur_args[i].v_val - 1];
break;
default:
! MCB_XDEBUG("Incorrect v_id value.", EFAULT);
}
! rule->r_args[i].v_id = urule->ur_args[i].v_id;
}
Index: cerb_urules.h
===================================================================
RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_urules.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** cerb_urules.h 29 Aug 2002 00:23:18 -0000 1.1
--- cerb_urules.h 31 Aug 2002 01:25:45 -0000 1.2
***************
*** 24,27 ****
--- 24,29 ----
};
+ #ifdef _KERNEL
+
/*
* Arguments for syscall.
***************
*** 35,38 ****
--- 37,42 ----
int fcb_urule_fill(struct scb_rule *rule, u_int nrule,
struct scb_urule *urule, struct scb_rule *rules[], u_int nrules);
+
+ #endif /* _KERNEL */
#endif /* _CERB_URULES_H_ */
|