mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-03 16:39:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

bpo-39184: Add audit events to functions in fcntl, msvcrt, os, resource, shutil, signal, syslog (GH-18407)

Browse source
This commit is contained in:
Saiyang Gou 2020-02-12 23:47:42 -08:00 committed by GitHub
parent 597ebed748
commit 7514f4f625
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 320 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

151
Modules/posixmodule.c
View file

@ -2911,6 +2911,10 @@ os_chdir_impl(PyObject *module, path_t *path)
{
int result;
if (PySys_Audit("os.chdir", "(O)", path->object) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS
#ifdef MS_WINDOWS
/* on unix, success = 0, on windows, success = !0 */
@ -2950,6 +2954,9 @@ static PyObject *
os_fchdir_impl(PyObject *module, int fd)
/*[clinic end generated code: output=42e064ec4dc00ab0 input=18e816479a2fa985]*/
{
if (PySys_Audit("os.chdir", "(i)", fd) < 0) {
return NULL;
}
return posix_fildes_fd(fd, fchdir);
}
#endif /* HAVE_FCHDIR */
@ -3007,6 +3014,11 @@ os_chmod_impl(PyObject *module, path_t *path, int mode, int dir_fd,
return NULL;
#endif
if (PySys_Audit("os.chmod", "Oii", path->object, mode,
dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
return NULL;
}
#ifdef MS_WINDOWS
Py_BEGIN_ALLOW_THREADS
attr = GetFileAttributesW(path->wide);
@ -3103,6 +3115,10 @@ os_fchmod_impl(PyObject *module, int fd, int mode)
int res;
int async_err = 0;
if (PySys_Audit("os.chmod", "iii", fd, mode, -1) < 0) {
return NULL;
}
do {
Py_BEGIN_ALLOW_THREADS
res = fchmod(fd, mode);
@ -3134,6 +3150,9 @@ os_lchmod_impl(PyObject *module, path_t *path, int mode)
/*[clinic end generated code: output=082344022b51a1d5 input=90c5663c7465d24f]*/
{
int res;
if (PySys_Audit("os.chmod", "Oii", path->object, mode, -1) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS
res = lchmod(path->narrow, mode);
Py_END_ALLOW_THREADS
@ -3176,6 +3195,10 @@ os_chflags_impl(PyObject *module, path_t *path, unsigned long flags,
return NULL;
#endif
if (PySys_Audit("os.chflags", "Ok", path->object, flags) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS
#ifdef HAVE_LCHFLAGS
if (!follow_symlinks)
@ -3211,6 +3234,9 @@ os_lchflags_impl(PyObject *module, path_t *path, unsigned long flags)
/*[clinic end generated code: output=30ae958695c07316 input=f9f82ea8b585ca9d]*/
{
int res;
if (PySys_Audit("os.chflags", "Ok", path->object, flags) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS
res = lchflags(path->narrow, flags);
Py_END_ALLOW_THREADS
@ -3373,6 +3399,11 @@ os_chown_impl(PyObject *module, path_t *path, uid_t uid, gid_t gid,
}
#endif
if (PySys_Audit("os.chown", "OIIi", path->object, uid, gid,
dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS
#ifdef HAVE_FCHOWN
if (path->fd != -1)
@ -3422,6 +3453,10 @@ os_fchown_impl(PyObject *module, int fd, uid_t uid, gid_t gid)
int res;
int async_err = 0;
if (PySys_Audit("os.chown", "iIIi", fd, uid, gid, -1) < 0) {
return NULL;
}
do {
Py_BEGIN_ALLOW_THREADS
res = fchown(fd, uid, gid);
@ -3454,6 +3489,9 @@ os_lchown_impl(PyObject *module, path_t *path, uid_t uid, gid_t gid)
/*[clinic end generated code: output=25eaf6af412fdf2f input=b1c6014d563a7161]*/
{
int res;
if (PySys_Audit("os.chown", "OIIi", path->object, uid, gid, -1) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS
res = lchown(path->narrow, uid, gid);
Py_END_ALLOW_THREADS
@ -3647,6 +3685,12 @@ os_link_impl(PyObject *module, path_t *src, path_t *dst, int src_dir_fd,
}
#endif
if (PySys_Audit("os.link", "OOii", src->object, dst->object,
src_dir_fd == DEFAULT_DIR_FD ? -1 : src_dir_fd,
dst_dir_fd == DEFAULT_DIR_FD ? -1 : dst_dir_fd) < 0) {
return NULL;
}
#ifdef MS_WINDOWS
Py_BEGIN_ALLOW_THREADS
result = CreateHardLinkW(dst->wide, src->wide, NULL);
@ -4114,6 +4158,11 @@ os_mkdir_impl(PyObject *module, path_t *path, int mode, int dir_fd)
{
int result;
if (PySys_Audit("os.mkdir", "Oii", path->object, mode,
dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
return NULL;
}
#ifdef MS_WINDOWS
Py_BEGIN_ALLOW_THREADS
result = CreateDirectoryW(path->wide, NULL);
@ -4259,6 +4308,12 @@ internal_rename(path_t *src, path_t *dst, int src_dir_fd, int dst_dir_fd, int is
}
#endif
if (PySys_Audit("os.rename", "OOii", src->object, dst->object,
src_dir_fd == DEFAULT_DIR_FD ? -1 : src_dir_fd,
dst_dir_fd == DEFAULT_DIR_FD ? -1 : dst_dir_fd) < 0) {
return NULL;
}
#ifdef MS_WINDOWS
Py_BEGIN_ALLOW_THREADS
result = MoveFileExW(src->wide, dst->wide, flags);
@ -4359,6 +4414,11 @@ os_rmdir_impl(PyObject *module, path_t *path, int dir_fd)
{
int result;
if (PySys_Audit("os.rmdir", "Oi", path->object,
dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS
#ifdef MS_WINDOWS
/* Windows, success=1, UNIX, success=0 */
@ -4517,6 +4577,11 @@ os_unlink_impl(PyObject *module, path_t *path, int dir_fd)
{
int result;
if (PySys_Audit("os.remove", "Oi", path->object,
dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS
_Py_BEGIN_SUPPRESS_IPH
#ifdef MS_WINDOWS
@ -4933,6 +4998,11 @@ os_utime_impl(PyObject *module, path_t *path, PyObject *times, PyObject *ns,
}
#endif
if (PySys_Audit("os.utime", "OOOi", path->object, times, ns ? ns : Py_None,
dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
return NULL;
}
#ifdef MS_WINDOWS
Py_BEGIN_ALLOW_THREADS
hFile = CreateFileW(path->wide, FILE_WRITE_ATTRIBUTES, 0,
@ -5234,8 +5304,7 @@ os_execv_impl(PyObject *module, path_t *path, PyObject *argv)
return NULL;
}
if (PySys_Audit("os.exec", "OOO", path->object ? path->object : Py_None,
argv, Py_None) < 0) {
if (PySys_Audit("os.exec", "OOO", path->object, argv, Py_None) < 0) {
free_string_array(argvlist, argc);
return NULL;
}
@ -5311,8 +5380,7 @@ os_execve_impl(PyObject *module, path_t *path, PyObject *argv, PyObject *env)
if (envlist == NULL)
goto fail_0;
if (PySys_Audit("os.exec", "OOO", path->object ? path->object : Py_None,
argv, env) < 0) {
if (PySys_Audit("os.exec", "OOO", path->object, argv, env) < 0) {
goto fail_1;
}
@ -5665,8 +5733,7 @@ py_posix_spawn(int use_posix_spawnp, PyObject *module, path_t *path, PyObject *a
}
attrp = &attr;
if (PySys_Audit("os.posix_spawn", "OOO",
path->object ? path->object : Py_None, argv, env) < 0) {
if (PySys_Audit("os.posix_spawn", "OOO", path->object, argv, env) < 0) {
goto exit;
}
@ -5910,8 +5977,7 @@ os_spawnv_impl(PyObject *module, int mode, path_t *path, PyObject *argv)
mode = _P_OVERLAY;
#endif
if (PySys_Audit("os.spawn", "iOOO", mode,
path->object ? path->object : Py_None, argv,
if (PySys_Audit("os.spawn", "iOOO", mode, path->object, argv,
Py_None) < 0) {
free_string_array(argvlist, argc);
return NULL;
@ -6026,8 +6092,7 @@ os_spawnve_impl(PyObject *module, int mode, path_t *path, PyObject *argv,
mode = _P_OVERLAY;
#endif
if (PySys_Audit("os.spawn", "iOOO", mode,
path->object ? path->object : Py_None, argv, env) < 0) {
if (PySys_Audit("os.spawn", "iOOO", mode, path->object, argv, env) < 0) {
goto fail_2;
}
@ -6182,6 +6247,9 @@ os_fork_impl(PyObject *module)
PyErr_SetString(PyExc_RuntimeError, "fork not supported for subinterpreters");
return NULL;
}
if (PySys_Audit("os.fork", NULL) < 0) {
return NULL;
}
PyOS_BeforeFork();
pid = fork();
if (pid == 0) {
@ -6788,6 +6856,9 @@ os_forkpty_impl(PyObject *module)
PyErr_SetString(PyExc_RuntimeError, "fork not supported for subinterpreters");
return NULL;
}
if (PySys_Audit("os.forkpty", NULL) < 0) {
return NULL;
}
PyOS_BeforeFork();
pid = forkpty(&master_fd, NULL, NULL, NULL);
if (pid == 0) {
@ -7309,14 +7380,15 @@ Kill a process with a signal.
static PyObject *
os_kill_impl(PyObject *module, pid_t pid, Py_ssize_t signal)
/*[clinic end generated code: output=8e346a6701c88568 input=61a36b86ca275ab9]*/
#ifndef MS_WINDOWS
{
if (PySys_Audit("os.kill", "in", pid, signal) < 0) {
return NULL;
}
#ifndef MS_WINDOWS
if (kill(pid, (int)signal) == -1)
return posix_error();
Py_RETURN_NONE;
}
#else /* !MS_WINDOWS */
{
PyObject *result;
DWORD sig = (DWORD)signal;
DWORD err;
@ -7351,8 +7423,8 @@ os_kill_impl(PyObject *module, pid_t pid, Py_ssize_t signal)
CloseHandle(handle);
return result;
}
#endif /* !MS_WINDOWS */
}
#endif /* HAVE_KILL */
@ -7371,6 +7443,9 @@ static PyObject *
os_killpg_impl(PyObject *module, pid_t pgid, int signal)
/*[clinic end generated code: output=6dbcd2f1fdf5fdba input=38b5449eb8faec19]*/
{
if (PySys_Audit("os.killpg", "ii", pgid, signal) < 0) {
return NULL;
}
/* XXX some man pages make the `pgid` parameter an int, others
a pid_t. Since getpgrp() returns a pid_t, we assume killpg should
take the same type. Moreover, pid_t is always at least as wide as
@ -8143,6 +8218,11 @@ os_symlink_impl(PyObject *module, path_t *src, path_t *dst,
int result;
#endif
if (PySys_Audit("os.symlink", "OOi", src->object, dst->object,
dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
return NULL;
}
#ifdef MS_WINDOWS
if (windows_has_symlink_unprivileged_flag) {
@ -8745,6 +8825,10 @@ os_lockf_impl(PyObject *module, int fd, int command, Py_off_t length)
{
int res;
if (PySys_Audit("os.lockf", "iiL", fd, command, length) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS
res = lockf(fd, command, length);
Py_END_ALLOW_THREADS
@ -10147,6 +10231,9 @@ static PyObject *
os_putenv_impl(PyObject *module, PyObject *name, PyObject *value)
/*[clinic end generated code: output=d29a567d6b2327d2 input=ba586581c2e6105f]*/
{
if (PySys_Audit("os.putenv", "OO", name, value) < 0) {
return NULL;
}
return win32_putenv(name, value);
}
#else
@ -10172,6 +10259,10 @@ os_putenv_impl(PyObject *module, PyObject *name, PyObject *value)
return NULL;
}
if (PySys_Audit("os.putenv", "OO", name, value) < 0) {
return NULL;
}
if (setenv(name_string, value_string, 1)) {
return posix_error();
}
@ -10193,6 +10284,9 @@ static PyObject *
os_unsetenv_impl(PyObject *module, PyObject *name)
/*[clinic end generated code: output=54c4137ab1834f02 input=4d6a1747cc526d2f]*/
{
if (PySys_Audit("os.unsetenv", "(O)", name) < 0) {
return NULL;
}
return win32_putenv(name, NULL);
}
#else
@ -10208,6 +10302,9 @@ static PyObject *
os_unsetenv_impl(PyObject *module, PyObject *name)
/*[clinic end generated code: output=54c4137ab1834f02 input=2bb5288a599c7107]*/
{
if (PySys_Audit("os.unsetenv", "(O)", name) < 0) {
return NULL;
}
#ifdef HAVE_BROKEN_UNSETENV
unsetenv(PyBytes_AS_STRING(name));
#else
@ -11730,9 +11827,7 @@ os_startfile_impl(PyObject *module, path_t *filepath,
"startfile not available on this platform");
}
if (PySys_Audit("os.startfile", "Ou",
filepath->object ? filepath->object : Py_None,
operation) < 0) {
if (PySys_Audit("os.startfile", "Ou", filepath->object, operation) < 0) {
return NULL;
}
@ -11910,6 +12005,10 @@ os_getxattr_impl(PyObject *module, path_t *path, path_t *attribute,
if (fd_and_follow_symlinks_invalid("getxattr", path->fd, follow_symlinks))
return NULL;
if (PySys_Audit("os.getxattr", "OO", path->object, attribute->object) < 0) {
return NULL;
}
for (i = 0; ; i++) {
void *ptr;
ssize_t result;
@ -11981,6 +12080,11 @@ os_setxattr_impl(PyObject *module, path_t *path, path_t *attribute,
if (fd_and_follow_symlinks_invalid("setxattr", path->fd, follow_symlinks))
return NULL;
if (PySys_Audit("os.setxattr", "OOy#i", path->object, attribute->object,
value->buf, value->len, flags) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS;
if (path->fd > -1)
result = fsetxattr(path->fd, attribute->narrow,
@ -12029,6 +12133,10 @@ os_removexattr_impl(PyObject *module, path_t *path, path_t *attribute,
if (fd_and_follow_symlinks_invalid("removexattr", path->fd, follow_symlinks))
return NULL;
if (PySys_Audit("os.removexattr", "OO", path->object, attribute->object) < 0) {
return NULL;
}
Py_BEGIN_ALLOW_THREADS;
if (path->fd > -1)
result = fremovexattr(path->fd, attribute->narrow);
@ -12074,6 +12182,11 @@ os_listxattr_impl(PyObject *module, path_t *path, int follow_symlinks)
if (fd_and_follow_symlinks_invalid("listxattr", path->fd, follow_symlinks))
goto exit;
if (PySys_Audit("os.listxattr", "(O)",
path->object ? path->object : Py_None) < 0) {
return NULL;
}
name = path->narrow ? path->narrow : ".";
for (i = 0; ; i++) {
@ -13550,6 +13663,10 @@ os__add_dll_directory_impl(PyObject *module, path_t *path)
DLL_DIRECTORY_COOKIE cookie = 0;
DWORD err = 0;
if (PySys_Audit("os.add_dll_directory", "(O)", path->object) < 0) {
return NULL;
}
/* For Windows 7, we have to load this. As this will be a fairly
infrequent operation, just do it each time. Kernel32 is always
loaded. */