1/*
2 * Copyright (c) 1999-2005 Apple Computer, Inc.
3 * Copyright (c) 2006 Robert N. M. Watson
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
--- 13 unchanged lines hidden (view full) ---
22 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 *
30 * $FreeBSD: head/sys/security/audit/audit_worker.c 159265 2006-06-05 14:09:59Z rwatson $
31 */
32
33#include <sys/param.h>
34#include <sys/condvar.h>
35#include <sys/conf.h>
36#include <sys/file.h>
37#include <sys/filedesc.h>
38#include <sys/fcntl.h>
--- 271 unchanged lines hidden (view full) ---
310 * converted to BSM before they can be written out. Both types will be
311 * written to disk, and audit pipes.
312 */
313static void
314audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred,
315 struct thread *audit_td, struct kaudit_record *ar)
316{
317 struct au_record *bsm;
318 int error, ret;
319
320 if (ar->k_ar_commit & AR_COMMIT_USER) {
321 error = audit_record_write(audit_vp, audit_cred, audit_td,
322 ar->k_udata, ar->k_ulen);
323 if (error && audit_panic_on_write_fail)
324 panic("audit_worker: write error %d\n", error);
325 else if (error)
326 printf("audit_worker: write error %d\n", error);
327 audit_pipe_submit(ar->k_udata, ar->k_ulen);
328 }
329
330 if (ar->k_ar_commit & AR_COMMIT_KERNEL) {
331 ret = kaudit_to_bsm(ar, &bsm);
332 switch (ret) {
333 case BSM_NOAUDIT:
334 break;
335
336 case BSM_FAILURE:
337 printf("audit_worker_process_record: BSM_FAILURE\n");
338 break;
339
340 case BSM_SUCCESS:
341 error = audit_record_write(audit_vp, audit_cred,
342 audit_td, bsm->data, bsm->len);
343 if (error && audit_panic_on_write_fail)
344 panic("audit_worker: write error %d\n",
345 error);
346 else if (error)
347 printf("audit_worker: write error %d\n",
348 error);
349 audit_pipe_submit(bsm->data, bsm->len);
350 kau_free(bsm);
351 break;
352
353 default:
354 panic("kaudit_to_bsm returned %d", ret);
355 }
356 }
357}
358
359/*
360 * The audit_worker thread is responsible for watching the event queue,
361 * dequeueing records, converting them to BSM format, and committing them to
362 * disk. In order to minimize lock thrashing, records are dequeued in sets
363 * to a thread-local work queue. In addition, the audit_work performs the
364 * actual exchange of audit log vnode pointer, as audit_vp is a thread-local
--- 144 unchanged lines hidden ---
2 * Copyright (c) 1999-2005 Apple Computer, Inc.
3 * Copyright (c) 2006 Robert N. M. Watson
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
--- 13 unchanged lines hidden (view full) ---
22 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 *
30 * $FreeBSD: head/sys/security/audit/audit_worker.c 159265 2006-06-05 14:09:59Z rwatson $
31 */
32
33#include <sys/param.h>
34#include <sys/condvar.h>
35#include <sys/conf.h>
36#include <sys/file.h>
37#include <sys/filedesc.h>
38#include <sys/fcntl.h>
--- 271 unchanged lines hidden (view full) ---
310 * converted to BSM before they can be written out. Both types will be
311 * written to disk, and audit pipes.
312 */
313static void
314audit_worker_process_record(struct vnode *audit_vp, struct ucred *audit_cred,
315 struct thread *audit_td, struct kaudit_record *ar)
316{
317 struct au_record *bsm;
318 int error, ret;
319
320 if (ar->k_ar_commit & AR_COMMIT_USER) {
321 error = audit_record_write(audit_vp, audit_cred, audit_td,
322 ar->k_udata, ar->k_ulen);
323 if (error && audit_panic_on_write_fail)
324 panic("audit_worker: write error %d\n", error);
325 else if (error)
326 printf("audit_worker: write error %d\n", error);
327 audit_pipe_submit(ar->k_udata, ar->k_ulen);
328 }
329
330 if (ar->k_ar_commit & AR_COMMIT_KERNEL) {
331 ret = kaudit_to_bsm(ar, &bsm);
332 switch (ret) {
333 case BSM_NOAUDIT:
334 break;
335
336 case BSM_FAILURE:
337 printf("audit_worker_process_record: BSM_FAILURE\n");
338 break;
339
340 case BSM_SUCCESS:
341 error = audit_record_write(audit_vp, audit_cred,
342 audit_td, bsm->data, bsm->len);
343 if (error && audit_panic_on_write_fail)
344 panic("audit_worker: write error %d\n",
345 error);
346 else if (error)
347 printf("audit_worker: write error %d\n",
348 error);
349 audit_pipe_submit(bsm->data, bsm->len);
350 kau_free(bsm);
351 break;
352
353 default:
354 panic("kaudit_to_bsm returned %d", ret);
355 }
356 }
357}
358
359/*
360 * The audit_worker thread is responsible for watching the event queue,
361 * dequeueing records, converting them to BSM format, and committing them to
362 * disk. In order to minimize lock thrashing, records are dequeued in sets
363 * to a thread-local work queue. In addition, the audit_work performs the
364 * actual exchange of audit log vnode pointer, as audit_vp is a thread-local
--- 144 unchanged lines hidden ---