diff --git a/contrib/openbsm/HISTORY b/contrib/openbsm/HISTORY index 18b9dcae3d84..7b249ae63155 100644 --- a/contrib/openbsm/HISTORY +++ b/contrib/openbsm/HISTORY @@ -1,3 +1,9 @@ +OpenBSM 1.0 alpha 10 + +- auditd now generates complete audit records for its events, as required for + application-submitted audit records in the the FreeBSD kernel audit + implementation. + OpenBSM 1.0 alpha 9 - Rename many OpenBSM-specific constants and API elements containing the @@ -203,4 +209,4 @@ OpenBSM 1.0 alpha 1 to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/HISTORY#25 $ +$P4: //depot/projects/trustedbsd/openbsm/HISTORY#26 $ diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c index 39960810674c..838424e2bc7d 100644 --- a/contrib/openbsm/bin/auditd/auditd.c +++ b/contrib/openbsm/bin/auditd/auditd.c @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#17 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 $ */ #include @@ -366,6 +366,7 @@ read_control_file(void) static int close_all(void) { + struct auditinfo ai; int err_ret = 0; char TS[POSTFIX_LEN]; int aufd; @@ -378,6 +379,17 @@ close_all(void) else { if ((tok = au_to_text("auditd::Audit shutdown")) != NULL) au_write(aufd, tok); + /* + * XXX we need to implement extended subject tokens so we can + * effectively represent terminal lines with this token type. + */ + bzero(&ai, sizeof(ai)); + if ((tok = au_to_subject32(getuid(), geteuid(), getegid(), + getuid(), getgid(), getpid(), getpid(), &ai.ai_termid)) + != NULL) + au_write(aufd, tok); + if ((tok = au_to_return32(0, 0)) != NULL) + au_write(aufd, tok); if (au_close(aufd, 1, AUE_audit_shutdown) == -1) syslog(LOG_ERR, "Could not close audit shutdown event."); @@ -745,6 +757,7 @@ config_audit_controls(void) static void setup(void) { + struct auditinfo ai; auditinfo_t auinfo; int aufd; token_t *tok; @@ -781,8 +794,20 @@ setup(void) if ((aufd = au_open()) == -1) syslog(LOG_ERR, "Could not create audit startup event."); else { + /* + * XXXCSJP Perhaps we wan't more robust audit records for + * audit start up and shutdown. This might include capturing + * failures to initialize the audit subsystem? + */ + bzero(&ai, sizeof(ai)); + if ((tok = au_to_subject32(getuid(), geteuid(), getegid(), + getuid(), getgid(), getpid(), getpid(), &ai.ai_termid)) + != NULL) + au_write(aufd, tok); if ((tok = au_to_text("auditd::Audit startup")) != NULL) au_write(aufd, tok); + if ((tok = au_to_return32(0, 0)) != NULL) + au_write(aufd, tok); if (au_close(aufd, 1, AUE_audit_startup) == -1) syslog(LOG_ERR, "Could not close audit startup event."); diff --git a/contrib/openbsm/configure b/contrib/openbsm/configure index c7e1c35403d7..c6394ade3025 100755 --- a/contrib/openbsm/configure +++ b/contrib/openbsm/configure @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#27 . +# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a9. +# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a10. # # Report bugs to . # @@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='OpenBSM' PACKAGE_TARNAME='openbsm' -PACKAGE_VERSION='1.0a9' -PACKAGE_STRING='OpenBSM 1.0a9' +PACKAGE_VERSION='1.0a10' +PACKAGE_STRING='OpenBSM 1.0a10' PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org' ac_unique_file="bin/auditreduce/auditreduce.c" @@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenBSM 1.0a9 to adapt to many kinds of systems. +\`configure' configures OpenBSM 1.0a10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1021,7 +1021,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenBSM 1.0a9:";; + short | recursive ) echo "Configuration of OpenBSM 1.0a10:";; esac cat <<\_ACEOF @@ -1162,7 +1162,7 @@ fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -OpenBSM configure 1.0a9 +OpenBSM configure 1.0a10 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenBSM $as_me 1.0a9, which was +It was created by OpenBSM $as_me 1.0a10, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -19278,7 +19278,7 @@ fi # Define the identity of the package. PACKAGE=OpenBSM - VERSION=1.0a9 + VERSION=1.0a10 cat >>confdefs.h <<_ACEOF @@ -23478,7 +23478,7 @@ _ASBOX } >&5 cat >&5 <<_CSEOF -This file was extended by OpenBSM $as_me 1.0a9, which was +This file was extended by OpenBSM $as_me 1.0a10, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23541,7 +23541,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -OpenBSM config.status 1.0a9 +OpenBSM config.status 1.0a10 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff --git a/contrib/openbsm/configure.ac b/contrib/openbsm/configure.ac index 9302b2a39456..cd708bedecca 100644 --- a/contrib/openbsm/configure.ac +++ b/contrib/openbsm/configure.ac @@ -2,8 +2,8 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([OpenBSM], [1.0a9], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) -AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 $]) +AC_INIT([OpenBSM], [1.0a10], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) +AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#29 $]) AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_HEADER([config/config.h])