Update of /cvsroot/cerber/cerb-ng/kcerb In directory usw-pr-cvs1:/tmp/cvs-serv28380 Modified Files: Makefile cerb_action.h cerb_globals.h cerb_main.c cerb_rules.c cerb_rules.h cerb_urules.c cerb_urules.h Added Files: cerb_syscalls.c cerb_syscalls.h Log Message: - Added two files with funtions that operates on syscalls: cerb_syscalls.c cerb_syscalls.h Added adequate lines to Makefile as well. - Added v_id field for scb_val structure, beacuse there was no way to describe type of syscall argument. - Added two new macros: MCB_DEBUG(txt) - prints debug informations (txt). MCB_XDEBUG(txt, ret) - prints debug information (txt) and return value (ret) and returning it. - Added debug informations about errors for functions in cerb_urules.c file. - Fixed all function for use new v_id field from scb_val structure. - Turned on socket() syscall catching for tests. --- NEW FILE: cerb_syscalls.c --- /* * cerb_syscalls.c - funtions that operates on syscalls * * (c) 2002 Pawel Jakub Dawidek <ni...@ga...> * * $Id: cerb_syscalls.c,v 1.1 2002/08/31 01:25:45 dawidek Exp $ * */ #include <sys/param.h> #include <sys/proc.h> #include <sys/module.h> #include <sys/sysent.h> #include <sys/kernel.h> #include <sys/libkern.h> #include <sys/systm.h> #include <sys/sysproto.h> #include <sys/syscall.h> #include <machine/frame.h> #include "cerb_syscalls.h" static sy_call_t *tcb_oldscall[SYS_MAXSYSCALL]; void fcb_scall_cache(void) { u_int i; for (i = 0; i < SYS_MAXSYSCALL; ++i) tcb_oldscall[i] = sysent[i].sy_call; } void fcb_scall_restore(void) { u_int i; for (i = 0; i < SYS_MAXSYSCALL; ++i) sysent[i].sy_call = tcb_oldscall[i]; } /* * There are problems (kernel panic) when catching those syscalls: * select(), wait4(), mmap(), lseek(), sigsuspend() */ /* * This function catch all syscalls. */ int fcb_syscalls(register struct proc *p, register void *uap) { int nscall; nscall = p->p_md.md_regs->tf_eax; /* number of catched syscall */ switch (nscall) { case SYS_socket: uprintf("debug:socket: %d %d %d\n", ((struct socket_args *)uap)->domain, ((struct socket_args *)uap)->type, ((struct socket_args *)uap)->protocol); break; case SYS_chmod: case SYS_execve: case SYS_ptrace: uprintf("debug: CALL %d [login: %s]\n", nscall, p->p_pgrp->pg_session->s_login); } return tcb_oldscall[nscall](p, uap); } --- NEW FILE: cerb_syscalls.h --- /* * cerb_syscalls.h - header file for cerb_syscalls.c * * (c) 2002 Pawel Jakub Dawidek <ni...@ga...> * * $Id: cerb_syscalls.h,v 1.1 2002/08/31 01:25:45 dawidek Exp $ * */ #ifndef _CERB_SYSCALLS_H_ #define _CERB_SYSCALLS_H_ void fcb_scall_cache(void); void fcb_scall_restore(void); int fcb_syscalls(register struct proc *p, register void *uap); #endif /* _CERB_SYSCALLS_H_ */ Index: Makefile =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/Makefile,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** Makefile 30 Aug 2002 00:40:36 -0000 1.3 --- Makefile 31 Aug 2002 01:25:45 -0000 1.4 *************** *** 3,6 **** --- 3,8 ---- SRCS = vnode_if.h \ cerb_main.c \ + cerb_syscalls.c \ + cerb_syscalls.h \ cerb_globals.h \ cerb_rules.c \ Index: cerb_action.h =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_action.h,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** cerb_action.h 30 Aug 2002 00:40:36 -0000 1.2 --- cerb_action.h 31 Aug 2002 01:25:45 -0000 1.3 *************** *** 13,77 **** #include "cerb_globals.h" - /* - * Here are defined operations that could be made between two arguments. - */ - #define CB_SET_O 1 /* = set */ - #define CB_EQUAL_O 2 /* == equal */ - #define CB_NOTEQUAL_O 3 /* != not equal */ - #define CB_MORE_O 4 /* > more */ - #define CB_MOREOREQUAL_O 5 /* >= more or equal */ - #define CB_LESS_O 6 /* < less */ - #define CB_LESSOREQUAL_O 7 /* <= less or equal */ - #define CB_MATCH_O 8 /* ~ match */ - #define CB_NOTMATCH_O 9 /* !~ don't match */ - /* - * Rest of commands - */ /* Description for those functions You can find in README file */ - #define CB_CALL_O 10 /* call() */ - #define CB_RETURN_O 11 /* return () */ - #define CB_REALPATH_O 12 /* realpath() */ - #define CB_GETPNAME_O 13 /* getpname() */ - #define CB_SETPNAME_O 14 /* setpname() */ - #define CB_GETPFILE_O 15 /* getpfile() */ - #define CB_SETPFILE_O 16 /* setpfile() */ - #define CB_GETPRUID_O 17 /* getpruid() */ - #define CB_SETPRUID_O 18 /* setpruid() */ - #define CB_GETPRGID_O 19 /* getprgid() */ - #define CB_SETPRGID_O 20 /* setprgid() */ - #define CB_GETPEUID_O 21 /* getpeuid() */ - #define CB_SETPEUID_O 22 /* setpeuid() */ - #define CB_GETPEGID_O 23 /* getpegid() */ - #define CB_SETPEGID_O 24 /* setpegid() */ - #define CB_GETPSVUID_O 25 /* getpsvuid() */ - #define CB_SETPSVUID_O 26 /* setpsvuid() */ - #define CB_GETPSVGID_O 27 /* getpsvgid() */ - #define CB_SETPSVGID_O 28 /* setpsvgid() */ - #define CB_ISMEMBER_O 29 /* ismember() */ - #define CB_ADDGROUP_O 30 /* addgroup() */ - #define CB_DELGROUP_O 31 /* delgroup() */ - #define CB_GETINODE_O 32 /* getinode() */ - #define CB_GETDEV_O 33 /* getdev() */ - #define CB_GETOUID_O 34 /* getouid() */ - #define CB_GETOGID_O 35 /* getogid() */ - #define CB_GETMODE_O 36 /* getmode() */ - #define CB_GETFLAGS_O 37 /* getflags() */ - #define CB_GETNLINKS_O 38 /* getnlinks() */ - #define CB_GETSIZE_O 39 /* getsize() */ - #define CB_FD2NAME_O 40 /* fd2name() */ - #define CB_FD2INODE_O 41 /* fd2inode() */ - #define CB_FD2DEV_O 42 /* fd2dev() */ - #define CB_FD2OUID_O 43 /* fd2ouid() */ - #define CB_FD2OGID_O 44 /* fd2ogid() */ - #define CB_FD2MODE_O 45 /* fd2mode() */ - #define CB_FD2FLAGS_O 46 /* fd2flags() */ - #define CB_FD2NLINKS_O 47 /* fd2nlinks() */ - #define CB_FD2SIZE_O 48 /* fd2size() */ - #define CB_RMENV_O 49 /* rmenv() */ - #define CB_CLEANENV_O 50 /* cleanenv() */ - #define CB_CHKARGS_O 51 /* chkargs() */ - #define CB_CHKENVS_O 52 /* chkenvs() */ - - #define CB_MAXFUN_O 53 /* number of functions */ struct scb_val *fcb_op_set(struct proc *p, struct scb_val *v); --- 13,17 ---- *************** *** 132,189 **** */ static dcb_op_t *tcb_op[] = { ! NULL, /* first one not used */ ! fcb_op_set, /* CB_SET_O */ ! fcb_op_equal, /* CB_EQUAL_O */ ! fcb_op_notequal, /* CB_NOTEQUAL_O */ ! fcb_op_more, /* CB_MORE_O */ ! fcb_op_moreorequal, /* CB_MOREOREQUAL_O */ ! fcb_op_less, /* CB_LESS_O */ ! fcb_op_lessorequal, /* CB_LESSOREQUAL_O */ ! fcb_op_match, /* CB_MATCH_O */ ! fcb_op_notmatch, /* CB_NOTMATCH_O */ ! fcb_op_call, /* CB_CALL_O */ ! fcb_op_return, /* CB_RETURN_O */ ! fcb_op_realpath, /* CB_REALPATH_O */ ! fcb_op_getpname, /* CB_GETPNAME_O */ ! fcb_op_setpname, /* CB_SETPNAME_O */ ! fcb_op_getpfile, /* CB_GETPFILE_O */ ! fcb_op_setpfile, /* CB_SETPFILE_O */ ! fcb_op_getpruid, /* CB_GETPRUID_O */ ! fcb_op_setpruid, /* CB_SETPRUID_O */ ! fcb_op_getprgid, /* CB_GETPRGID_O */ ! fcb_op_setprgid, /* CB_SETPRGID_O */ ! fcb_op_getpeuid, /* CB_GETPEUID_O */ ! fcb_op_setpeuid, /* CB_SETPEUID_O */ ! fcb_op_getpegid, /* CB_GETPEGID_O */ ! fcb_op_setpegid, /* CB_SETPEGID_O */ ! fcb_op_getpsvuid, /* CB_GETPSVUID_O */ ! fcb_op_setpsvuid, /* CB_SETPSVUID_O */ ! fcb_op_getpsvgid, /* CB_GETPSVGID_O */ ! fcb_op_setpsvgid, /* CB_SETPSVGID_O */ ! fcb_op_ismember, /* CB_ISMEMBER_O */ ! fcb_op_addgroup, /* CB_ADDGROUP_O */ ! fcb_op_delgroup, /* CB_DELGROUP_O */ ! fcb_op_getinode, /* CB_GETINODE_O */ ! fcb_op_getdev, /* CB_GETDEV_O */ ! fcb_op_getouid, /* CB_GETOUID_O */ ! fcb_op_getogid, /* CB_GETOGID_O */ ! fcb_op_getmode, /* CB_GETMODE_O */ ! fcb_op_getflags, /* CB_GETFLAGS_O */ ! fcb_op_getnlinks, /* CB_GETNLINKS_O */ ! fcb_op_getsize, /* CB_GETSIZE_O */ ! fcb_op_fd2name, /* CB_FD2NAME_O */ ! fcb_op_fd2inode, /* CB_FD2INODE_O */ ! fcb_op_fd2dev, /* CB_FD2DEV_O */ ! fcb_op_fd2ouid, /* CB_FD2OUID_O */ ! fcb_op_fd2ogid, /* CB_FD2OGID_O */ ! fcb_op_fd2mode, /* CB_FD2MODE_O */ ! fcb_op_fd2flags, /* CB_FD2FLAGS_O */ ! fcb_op_fd2nlinks, /* CB_FD2NLINKS_O */ ! fcb_op_fd2size, /* CB_FD2SIZE_O */ ! fcb_op_rmenv, /* CB_RMENV_O */ ! fcb_op_cleanenv, /* CB_CLEANENV_O */ ! fcb_op_chkargs, /* CB_CHKARGS_O */ ! fcb_op_chkenvs /* CB_CHKENVS_O */ ! /* CB_MAXFUN_O */ }; --- 72,182 ---- */ static dcb_op_t *tcb_op[] = { ! #define CB_EMPTY_O 0 /* empty one to match end of table */ ! NULL, ! #define CB_SET_O 1 /* = set */ ! fcb_op_set, ! #define CB_EQUAL_O 2 /* == equal */ ! fcb_op_equal, ! #define CB_NOTEQUAL_O 3 /* != not equal */ ! fcb_op_notequal, ! #define CB_MORE_O 4 /* > more */ ! fcb_op_more, ! #define CB_MOREOREQUAL_O 5 /* >= more or equal */ ! fcb_op_moreorequal, ! #define CB_LESS_O 6 /* < less */ ! fcb_op_less, ! #define CB_LESSOREQUAL_O 7 /* <= less or equal */ ! fcb_op_lessorequal, ! #define CB_MATCH_O 8 /* ~ match */ ! fcb_op_match, ! #define CB_NOTMATCH_O 9 /* !~ don't match */ ! fcb_op_notmatch, ! #define CB_CALL_O 10 /* call() */ ! fcb_op_call, ! #define CB_RETURN_O 11 /* return () */ ! fcb_op_return, ! #define CB_REALPATH_O 12 /* realpath() */ ! fcb_op_realpath, ! #define CB_GETPNAME_O 13 /* getpname() */ ! fcb_op_getpname, ! #define CB_SETPNAME_O 14 /* setpname() */ ! fcb_op_setpname, ! #define CB_GETPFILE_O 15 /* getpfile() */ ! fcb_op_getpfile, ! #define CB_SETPFILE_O 16 /* setpfile() */ ! fcb_op_setpfile, ! #define CB_GETPRUID_O 17 /* getpruid() */ ! fcb_op_getpruid, ! #define CB_SETPRUID_O 18 /* setpruid() */ ! fcb_op_setpruid, ! #define CB_GETPRGID_O 19 /* getprgid() */ ! fcb_op_getprgid, ! #define CB_SETPRGID_O 20 /* setprgid() */ ! fcb_op_setprgid, ! #define CB_GETPEUID_O 21 /* getpeuid() */ ! fcb_op_getpeuid, ! #define CB_SETPEUID_O 22 /* setpeuid() */ ! fcb_op_setpeuid, ! #define CB_GETPEGID_O 23 /* getpegid() */ ! fcb_op_getpegid, ! #define CB_SETPEGID_O 24 /* setpegid() */ ! fcb_op_setpegid, ! #define CB_GETPSVUID_O 25 /* getpsvuid() */ ! fcb_op_getpsvuid, ! #define CB_SETPSVUID_O 26 /* setpsvuid() */ ! fcb_op_setpsvuid, ! #define CB_GETPSVGID_O 27 /* getpsvgid() */ ! fcb_op_getpsvgid, ! #define CB_SETPSVGID_O 28 /* setpsvgid() */ ! fcb_op_setpsvgid, ! #define CB_ISMEMBER_O 29 /* ismember() */ ! fcb_op_ismember, ! #define CB_ADDGROUP_O 30 /* addgroup() */ ! fcb_op_addgroup, ! #define CB_DELGROUP_O 31 /* delgroup() */ ! fcb_op_delgroup, ! #define CB_GETINODE_O 32 /* getinode() */ ! fcb_op_getinode, ! #define CB_GETDEV_O 33 /* getdev() */ ! fcb_op_getdev, ! #define CB_GETOUID_O 34 /* getouid() */ ! fcb_op_getouid, ! #define CB_GETOGID_O 35 /* getogid() */ ! fcb_op_getogid, ! #define CB_GETMODE_O 36 /* getmode() */ ! fcb_op_getmode, ! #define CB_GETFLAGS_O 37 /* getflags() */ ! fcb_op_getflags, ! #define CB_GETNLINKS_O 38 /* getnlinks() */ ! fcb_op_getnlinks, ! #define CB_GETSIZE_O 39 /* getsize() */ ! fcb_op_getsize, ! #define CB_FD2NAME_O 40 /* fd2name() */ ! fcb_op_fd2name, ! #define CB_FD2INODE_O 41 /* fd2inode() */ ! fcb_op_fd2inode, ! #define CB_FD2DEV_O 42 /* fd2dev() */ ! fcb_op_fd2dev, ! #define CB_FD2OUID_O 43 /* fd2ouid() */ ! fcb_op_fd2ouid, ! #define CB_FD2OGID_O 44 /* fd2ogid() */ ! fcb_op_fd2ogid, ! #define CB_FD2MODE_O 45 /* fd2mode() */ ! fcb_op_fd2mode, ! #define CB_FD2FLAGS_O 46 /* fd2flags() */ ! fcb_op_fd2flags, ! #define CB_FD2NLINKS_O 47 /* fd2nlinks() */ ! fcb_op_fd2nlinks, ! #define CB_FD2SIZE_O 48 /* fd2size() */ ! fcb_op_fd2size, ! #define CB_RMENV_O 49 /* rmenv() */ ! fcb_op_rmenv, ! #define CB_CLEANENV_O 50 /* cleanenv() */ ! fcb_op_cleanenv, ! #define CB_CHKARGS_O 51 /* chkargs() */ ! fcb_op_chkargs, ! #define CB_CHKENVS_O 52 /* chkenvs() */ ! fcb_op_chkenvs ! #define CB_MAXFUN_O 53 /* number of functions */ }; Index: cerb_globals.h =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_globals.h,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** cerb_globals.h 30 Aug 2002 00:40:36 -0000 1.1 --- cerb_globals.h 31 Aug 2002 01:25:45 -0000 1.2 *************** *** 20,70 **** #define CB_MAXVALS_G 64 /* Maxium number of arguments for operation defined in some rule */ - /* ! * Types placed in scb_val.v_type. */ ! ! #define CB_STR_T 1 /* char * */ ! #define CB_STRPTR_T 2 /* char ** */ ! #define CB_DEF_T 3 /* register_t */ ! #define CB_DEFPTR_T 4 /* register_t * */ ! #define CB_UDEF_T 5 /* u_register_t */ ! #define CB_UDEFPTR_T 6 /* u_register_r * */ ! #define CB_LOCAL_T 7 /* values for current process, see below */ ! #define CB_FUN_T 8 /* function number in userland rule or function pointer in kernel rule */ ! #define CB_ARG_T 9 /* number of syscall argument */ ! #define CB_REG_T 10 /* number of cerb register */ ! #define CB_MAXTYPES_T 11 /* * When scb.v_type is CB_LOCAL_T, then scb_val.v_val should be: */ #define CB_SYSCALL_L 0 /* syscall number */ #define CB_NAME_L 1 /* process name */ #define CB_PID_L 2 /* process ID (not parent proces ID) */ #define CB_RUID_L 3 /* process real uid */ #define CB_RGID_L 4 /* process real gid */ #define CB_EUID_L 5 /* process effective uid */ #define CB_EGID_L 6 /* process effective gid */ #define CB_SVUID_L 7 /* process saved uid */ #define CB_SVGID_L 8 /* process saved gid */ #define CB_GROUPS_L 9 /* process owner groups */ #define CB_LOGIN_L 10 /* login of user associated with process session */ #define CB_PRISON_L 11 /* process is in jail or not? */ #define CB_RETVAL0_L 12 /* process return value */ #define CB_RETVAL1_L 13 /* second process return value */ #define CB_FNAME_L 14 /* file name of executable */ #define CB_FINODE_L 15 /* file inode of executable */ #define CB_FDEV_L 16 /* device inode of executable */ #define CB_FUID_L 17 /* owner uid of executable */ #define CB_FGID_L 18 /* owner gid of executable */ #define CB_FMODE_L 19 /* permission of executable */ #define CB_FFLAGS_L 20 /* flags of executable */ #define CB_FNLINKS_L 21 /* number of hard links of executable */ #define CB_MAXLOCAL_L 22 #endif /* _CERB_GLOBAL_H_ */ --- 20,101 ---- #define CB_MAXVALS_G 64 /* Maxium number of arguments for operation defined in some rule */ /* ! * Value ID placed in scb_val.v_id. */ ! #define CB_EMPTY_I 0 /* empty value (the last one) */ ! #define CB_CONST_I 1 /* values defined in userland rules */ ! #define CB_LOCAL_I 2 /* values for current process, see below */ ! #define CB_FUN_I 3 /* function number in userland rule or function pointer in kernel rule */ ! #define CB_ARG_I 4 /* number of syscall argument */ ! #define CB_REG_I 5 /* number of cerb register */ ! #define CB_MAXIDS_I 6 ! ! /* ! * Value type placed in scb_val.v_type. ! */ ! #define CB_STR_T 0 /* char * */ ! #define CB_STRPTR_T 1 /* char ** */ ! #define CB_DEF_T 2 /* register_t */ ! #define CB_DEFPTR_T 3 /* register_t * */ ! #define CB_UDEF_T 4 /* u_register_t */ ! #define CB_UDEFPTR_T 5 /* u_register_r * */ ! #define CB_PTR_T 6 /* some other pointer (void *) */ ! ! #define CB_MAXTYPES_T 7 /* * When scb.v_type is CB_LOCAL_T, then scb_val.v_val should be: */ + static u_int tcb_local2type[] = { #define CB_SYSCALL_L 0 /* syscall number */ + CB_UDEF_T, #define CB_NAME_L 1 /* process name */ + CB_STR_T, #define CB_PID_L 2 /* process ID (not parent proces ID) */ + CB_UDEF_T, #define CB_RUID_L 3 /* process real uid */ + CB_UDEF_T, #define CB_RGID_L 4 /* process real gid */ + CB_UDEF_T, #define CB_EUID_L 5 /* process effective uid */ + CB_UDEF_T, #define CB_EGID_L 6 /* process effective gid */ + CB_UDEF_T, #define CB_SVUID_L 7 /* process saved uid */ + CB_UDEF_T, #define CB_SVGID_L 8 /* process saved gid */ + CB_UDEF_T, #define CB_GROUPS_L 9 /* process owner groups */ + CB_UDEFPTR_T, #define CB_LOGIN_L 10 /* login of user associated with process session */ + CB_STR_T, #define CB_PRISON_L 11 /* process is in jail or not? */ + CB_PTR_T, #define CB_RETVAL0_L 12 /* process return value */ + CB_DEF_T, #define CB_RETVAL1_L 13 /* second process return value */ + CB_DEF_T, #define CB_FNAME_L 14 /* file name of executable */ + CB_STR_T, #define CB_FINODE_L 15 /* file inode of executable */ + CB_UDEF_T, #define CB_FDEV_L 16 /* device inode of executable */ + CB_UDEF_T, #define CB_FUID_L 17 /* owner uid of executable */ + CB_UDEF_T, #define CB_FGID_L 18 /* owner gid of executable */ + CB_UDEF_T, #define CB_FMODE_L 19 /* permission of executable */ + CB_UDEF_T, #define CB_FFLAGS_L 20 /* flags of executable */ + CB_UDEF_T, #define CB_FNLINKS_L 21 /* number of hard links of executable */ + CB_UDEF_T #define CB_MAXLOCAL_L 22 + }; #endif /* _CERB_GLOBAL_H_ */ Index: cerb_main.c =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_main.c,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** cerb_main.c 29 Aug 2002 00:23:18 -0000 1.1 --- cerb_main.c 31 Aug 2002 01:25:45 -0000 1.2 *************** *** 20,23 **** --- 20,24 ---- #include "cerb_urules.h" #include "cerb_desc.h" + #include "cerb_syscalls.h" static struct sysent cerb_sysent = { *************** *** 53,61 **** fcb_malloc_init(); fcb_desc_init(); sysent[SYS_open].sy_call = (sy_call_t *)n_open; printf ("syscall loaded at %d\n", offset); break; case MOD_UNLOAD : ! sysent[SYS_open].sy_call = (sy_call_t *)open; fcb_desc_clear(); fcb_dclose_clear(); --- 54,64 ---- fcb_malloc_init(); fcb_desc_init(); + fcb_scall_cache(); sysent[SYS_open].sy_call = (sy_call_t *)n_open; + sysent[SYS_socket].sy_call = (sy_call_t *)fcb_syscalls; printf ("syscall loaded at %d\n", offset); break; case MOD_UNLOAD : ! fcb_scall_restore(); fcb_desc_clear(); fcb_dclose_clear(); Index: cerb_rules.c =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_rules.c,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** cerb_rules.c 30 Aug 2002 00:40:36 -0000 1.2 --- cerb_rules.c 31 Aug 2002 01:25:45 -0000 1.3 *************** *** 44,49 **** if ((*rule)->r_args != NULL) { for (i = 0; i < (*rule)->r_nargs; ++i) { ! if ((*rule)->r_args[i].v_type == CB_FUN_T) MCB_FREE((void *)(*rule)->r_args[i].v_val); } MCB_FREE((*rule)->r_args); --- 44,51 ---- if ((*rule)->r_args != NULL) { for (i = 0; i < (*rule)->r_nargs; ++i) { ! if ((*rule)->r_args[i].v_id == CB_CONST_I && ! (*rule)->r_args[i].v_type == CB_STR_T) { MCB_FREE((void *)(*rule)->r_args[i].v_val); + } } MCB_FREE((*rule)->r_args); Index: cerb_rules.h =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_rules.h,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** cerb_rules.h 30 Aug 2002 00:40:36 -0000 1.3 --- cerb_rules.h 31 Aug 2002 01:25:45 -0000 1.4 *************** *** 17,24 **** --- 17,27 ---- struct scb_val { + u_int v_id; /* value id */ u_int v_type; /* value type */ register_t v_val; /* value */ }; + #ifdef _KERNEL + /* * Struct for rule in kernel space. *************** *** 35,38 **** --- 38,43 ---- void fcb_rule_init(void); void fcb_rule_free(struct scb_rule **rule); + + #endif /* _KERNEL */ #endif /* _CERB_RULES_H_ */ Index: cerb_urules.c =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_urules.c,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** cerb_urules.c 30 Aug 2002 00:40:36 -0000 1.3 --- cerb_urules.c 31 Aug 2002 01:25:45 -0000 1.4 *************** *** 38,46 **** if (ccb_lockrules != 0 || p->p_cred->p_ruid != 0 || p->p_prison != NULL) { ! return (EPERM); } if (MCB_CHKADDR(uap->tab)) ! return (EFAULT); for (i = 1, nrules = 0; uap->tab[i].ur_op != 0; ++i) --- 38,46 ---- if (ccb_lockrules != 0 || p->p_cred->p_ruid != 0 || p->p_prison != NULL) { ! MCB_XDEBUG("Operation not permitted.", EPERM); } if (MCB_CHKADDR(uap->tab)) ! MCB_XDEBUG("Bad head address.", EFAULT); for (i = 1, nrules = 0; uap->tab[i].ur_op != 0; ++i) *************** *** 48,56 **** if (nrules > CB_MAXRULES_G) ! return (EFAULT); if ((addr = fcb_malloc("Adresses of rules in kernel space", nrules * sizeof(struct scb_rule *), M_NOWAIT)) == NULL) { ! return (ENOMEM); } --- 48,56 ---- if (nrules > CB_MAXRULES_G) ! MCB_XDEBUG("Too many rules.", EFAULT); if ((addr = fcb_malloc("Adresses of rules in kernel space", nrules * sizeof(struct scb_rule *), M_NOWAIT)) == NULL) { ! MCB_XDEBUG("Can't allocate memory for rules pointers.", ENOMEM); } *************** *** 61,65 **** MCB_FREE(addr[i - 1]); MCB_FREE(addr); ! return (ENOMEM); } addr[i]->r_true = NULL; --- 61,65 ---- MCB_FREE(addr[i - 1]); MCB_FREE(addr); ! MCB_XDEBUG("Can't allocate memory for rule.", ENOMEM); } addr[i]->r_true = NULL; *************** *** 77,85 **** fcb_rule_free(&(addr[i - 1])); MCB_FREE(addr); ! return (error); } } - uprintf("syscall working, total rules: %d\n", nrules); return (0); } --- 77,84 ---- fcb_rule_free(&(addr[i - 1])); MCB_FREE(addr); ! MCB_XDEBUG("Error when filling rule.", error); } } return (0); } *************** *** 94,110 **** if (MCB_CHKADDR(urule->ur_args)) ! return (EFAULT); nvals = 0; if (urule->ur_args != NULL) { ! for (i = 0; urule->ur_args[i].v_type != 0; ++i) ++nvals; } if (nvals > CB_MAXVALS_G) ! return (EFAULT); ! if (urule->ur_true >= nrules || urule->ur_true == nrule) ! return (EFAULT); else if (urule->ur_true == 0) rule->r_true = NULL; --- 93,109 ---- if (MCB_CHKADDR(urule->ur_args)) ! MCB_XDEBUG("Bad args tab address.", EFAULT); nvals = 0; if (urule->ur_args != NULL) { ! for (i = 0; urule->ur_args[i].v_id != CB_EMPTY_I; ++i) ++nvals; } if (nvals > CB_MAXVALS_G) ! MCB_XDEBUG("To many arguments.", EFAULT); ! if (urule->ur_true >= nrules || urule->ur_true == nrule + 1) ! MCB_XDEBUG("Incorrect ,,true'' argument.", EFAULT); else if (urule->ur_true == 0) rule->r_true = NULL; *************** *** 112,117 **** rule->r_true = rules[urule->ur_true - 1]; ! if (urule->ur_false >= nrules || urule->ur_false == nrule) ! return (EFAULT); else if (urule->ur_false == 0) rule->r_false = NULL; --- 111,116 ---- rule->r_true = rules[urule->ur_true - 1]; ! if (urule->ur_false >= nrules || urule->ur_false == nrule + 1) ! MCB_XDEBUG("Incorrect ,,false'' argument.", EFAULT); else if (urule->ur_false == 0) rule->r_false = NULL; *************** *** 119,124 **** rule->r_false = rules[urule->ur_false - 1]; ! if (urule->ur_next >= nrules || urule->ur_next == nrule) ! return (EFAULT); else if (urule->ur_next == 0) rule->r_next = NULL; --- 118,123 ---- rule->r_false = rules[urule->ur_false - 1]; ! if (urule->ur_next >= nrules || urule->ur_next == nrule + 1) ! MCB_XDEBUG("Incorrect ,,next'' argument.", EFAULT); else if (urule->ur_next == 0) rule->r_next = NULL; *************** *** 127,131 **** if (urule->ur_op >= CB_MAXFUN_O) ! return (EFAULT); rule->r_fun = tcb_op[urule->ur_op]; --- 126,130 ---- if (urule->ur_op >= CB_MAXFUN_O) ! MCB_XDEBUG("Function number too big.", EFAULT); rule->r_fun = tcb_op[urule->ur_op]; *************** *** 134,194 **** if ((rule->r_args = fcb_malloc("urule_fill", sizeof(struct scb_val) * nvals, M_NOWAIT)) == NULL) { ! return (ENOMEM); } /* This is needed if I don't want problems with fcb_rule_free() */ for (i = 0; i < nvals; ++i) ! rule->r_args[i].v_val = NULL; for (i = 0; i < nvals; ++i) { ! switch (rule->r_args[i].v_type) { ! case CB_STR_T: ! if (MCB_CHKADDR((void *)urule->ur_args[i].v_val)) ! return (EFAULT); ! strsize = strlen((char *)urule->ur_args[i].v_val) + 1; ! if ((rule->r_args[i].v_val = ! (register_t)fcb_malloc("urule_fill:str allocation", ! strsize, M_NOWAIT)) == NULL) { ! return (ENOMEM); } ! if ((error = copyinstr((char *)urule->ur_args[i].v_val, ! (char *)rule->r_args[i].v_val, strsize, ! NULL)) != 0) { ! return (error); } break; ! case CB_LOCAL_T: ! if (urule->ur_args[i].v_val >= CB_MAXLOCAL_L) ! return (EFAULT); ! /* FALLTHROUGH */ ! case CB_ARG_T: ! if (urule->ur_args[i].v_val < 0) ! return (EFAULT); ! /* FALLTHROUGH */ ! case CB_DEF_T: ! case CB_UDEF_T: rule->r_args[i].v_val = urule->ur_args[i].v_val; break; ! case CB_REG_T: if (urule->ur_args[i].v_val >= CB_NREGS_G || urule->ur_args[i].v_val < 0) { ! return (EFAULT); } rule->r_args[i].v_val = urule->ur_args[i].v_val; break; ! case CB_FUN_T: if (urule->ur_args[i].v_val <= 0 || urule->ur_args[i].v_val >= nrules || ! urule->ur_args[i].v_val == nrule) { ! return (EFAULT); } rule->r_args[i].v_val = (register_t)rules[urule->ur_args[i].v_val - 1]; break; default: ! return (EFAULT); } ! rule->r_args[i].v_type = urule->ur_args[i].v_type; } --- 133,226 ---- if ((rule->r_args = fcb_malloc("urule_fill", sizeof(struct scb_val) * nvals, M_NOWAIT)) == NULL) { ! MCB_XDEBUG("Can't allocate memory for arguments.", ENOMEM); } /* This is needed if I don't want problems with fcb_rule_free() */ for (i = 0; i < nvals; ++i) ! rule->r_args[i].v_id = CB_EMPTY_I; for (i = 0; i < nvals; ++i) { ! if (urule->ur_args[i].v_type < 0 || ! urule->ur_args[i].v_type >= CB_MAXTYPES_T) { ! MCB_XDEBUG("Incorrent v_type value.", EFAULT); ! } ! ! switch (rule->r_args[i].v_id) { ! case CB_CONST_I: ! switch (rule->r_args[i].v_type) { ! case CB_STR_T: ! /* Don't fix in 80 chars! */ ! if (MCB_CHKADDR((void *)urule->ur_args[i].v_val)) { ! MCB_XDEBUG("Bad string address.", ! EFAULT); ! } ! strsize = strlen((char *)urule->ur_args[i].v_val) + 1; ! if ((rule->r_args[i].v_val = ! (register_t)fcb_malloc("urule_fill:str " ! "allocation", strsize, M_NOWAIT)) == NULL) { ! MCB_XDEBUG("Can't allocate memory for " ! "string.", ENOMEM); ! } ! if ((error = ! copyinstr((char *)urule->ur_args[i].v_val, ! (char *)rule->r_args[i].v_val, strsize, ! NULL)) != 0) { ! MCB_XDEBUG("Error while coping string.", ! error); ! } ! break; ! case CB_DEF_T: ! case CB_UDEF_T: ! rule->r_args[i].v_val = urule->ur_args[i].v_val; ! break; ! default: ! MCB_XDEBUG("Incorrect type.", EFAULT); } ! break; ! case CB_LOCAL_I: ! if (urule->ur_args[i].v_val < 0 || ! urule->ur_args[i].v_val >= CB_MAXLOCAL_L) { ! MCB_XDEBUG("Incorrect v_val for CB_LOCAL_I ID.", ! EFAULT); } + rule->r_args[i].v_type = + tcb_local2type[urule->ur_args[i].v_val]; + rule->r_args[i].v_val = urule->ur_args[i].v_val; break; ! case CB_ARG_I: ! if (urule->ur_args[i].v_val < 0) { ! MCB_XDEBUG("Incorrect v_val for CB_ARG_I ID.", ! EFAULT); ! } ! rule->r_args[i].v_type = urule->ur_args[i].v_type; rule->r_args[i].v_val = urule->ur_args[i].v_val; break; ! case CB_REG_I: if (urule->ur_args[i].v_val >= CB_NREGS_G || urule->ur_args[i].v_val < 0) { ! MCB_XDEBUG("Incorrect v_val for CB_REG_I ID.", ! EFAULT); } + /* this field isn't important for CB_REG_I */ + rule->r_args[i].v_type = 0; rule->r_args[i].v_val = urule->ur_args[i].v_val; break; ! case CB_FUN_I: if (urule->ur_args[i].v_val <= 0 || urule->ur_args[i].v_val >= nrules || ! urule->ur_args[i].v_val == nrule + 1) { ! MCB_XDEBUG("Incorrect v_val for CB_FUN_I ID.", ! EFAULT); } + /* this field isn't important for CB_FUN_I ID */ + rule->r_args[i].v_type = 0; rule->r_args[i].v_val = (register_t)rules[urule->ur_args[i].v_val - 1]; break; default: ! MCB_XDEBUG("Incorrect v_id value.", EFAULT); } ! rule->r_args[i].v_id = urule->ur_args[i].v_id; } Index: cerb_urules.h =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_urules.h,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** cerb_urules.h 29 Aug 2002 00:23:18 -0000 1.1 --- cerb_urules.h 31 Aug 2002 01:25:45 -0000 1.2 *************** *** 24,27 **** --- 24,29 ---- }; + #ifdef _KERNEL + /* * Arguments for syscall. *************** *** 35,38 **** --- 37,42 ---- int fcb_urule_fill(struct scb_rule *rule, u_int nrule, struct scb_urule *urule, struct scb_rule *rules[], u_int nrules); + + #endif /* _KERNEL */ #endif /* _CERB_URULES_H_ */ |