From bb97b41819ea5a5e5315006cdad6902bfa2b7eb6 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Thu, 21 Sep 2006 07:07:33 +0000 Subject: [PATCH] Vendor import of OpenBSM 1.0 alpha 11, with the following change history notes since the last import: OpenBSM 1.0 alpha 11 - Reclassify certain read/write operations as having no class rather than the fr/fw class; our default classes audit intent (open) not operations (read, write). - Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads and writes of sysctls as separate events. Add additional kernel environment and jail events for FreeBSD. - Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued by the kernel audit implementation) so that they can be distinguished. - Disable rate limiting of rotate requests; as the kernel doesn't retransmit a dropped request, the log file will otherwise grow indefinitely if the trigger is dropped. - Improve auditd debugging output. - Fix a number of threading related bugs in audit_control file reading routines. - Add APIs au_poltostr() and au_strtopol() to convert between text representations of audit_control policy flags and the flags passed to auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY). - Add API getacpol() to return the 'policy:' entry from audit_control, an extension to the Solaris file format to allow specification of policy persistent flags. - Update audump to print the audit_control policy field. - Update auditd to read the audit_control policy field and set the kernel policy to match it when configuring/reconfiguring. Remove the -s and -h arguments as these policies are now set via the configuration file. If a policy line is not found in the configuration file, continue with the current default of setting AUDIT_CNT. - Fix bugs in the parsing of large execve(2) arguments and environmental variable tokens; increase maximum parsed argument and variable count. - configure now detects strlcat(), used by policy-related functions. - Reference token and record sample files added to test tree. Obtained from: TrustedBSD Project --- contrib/openbsm/HISTORY | 36 +- contrib/openbsm/TODO | 7 +- contrib/openbsm/VERSION | 2 +- contrib/openbsm/bin/audit/audit.c | 4 +- contrib/openbsm/bin/auditd/auditd.8 | 22 +- contrib/openbsm/bin/auditd/auditd.c | 126 ++++--- contrib/openbsm/bin/auditd/auditd.h | 4 +- contrib/openbsm/bsm/audit.h | 25 +- contrib/openbsm/bsm/audit_kevents.h | 5 +- contrib/openbsm/bsm/libbsm.h | 27 +- contrib/openbsm/compat/strlcat.h | 66 ++++ contrib/openbsm/config/config.h.in | 3 + contrib/openbsm/configure | 25 +- contrib/openbsm/configure.ac | 6 +- contrib/openbsm/etc/audit_control | 3 +- contrib/openbsm/etc/audit_event | 15 +- contrib/openbsm/libbsm/au_control.3 | 42 ++- contrib/openbsm/libbsm/au_open.3 | 10 +- contrib/openbsm/libbsm/bsm_control.c | 343 ++++++++++++++---- contrib/openbsm/libbsm/bsm_io.c | 14 +- contrib/openbsm/libbsm/bsm_token.c | 3 +- contrib/openbsm/libbsm/libbsm.3 | 15 +- contrib/openbsm/man/audit_control.5 | 58 ++- contrib/openbsm/man/auditon.2 | 4 +- contrib/openbsm/test/reference/arg32_record | Bin 0 -> 50 bytes contrib/openbsm/test/reference/arg32_token | Bin 0 -> 25 bytes contrib/openbsm/test/reference/data_record | Bin 0 -> 39 bytes contrib/openbsm/test/reference/data_token | Bin 0 -> 14 bytes contrib/openbsm/test/reference/file_record | Bin 0 -> 41 bytes contrib/openbsm/test/reference/file_token | Bin 0 -> 16 bytes contrib/openbsm/test/reference/header32_token | Bin 0 -> 18 bytes contrib/openbsm/test/reference/in_addr_record | Bin 0 -> 30 bytes contrib/openbsm/test/reference/in_addr_token | 1 + contrib/openbsm/test/reference/ip_record | Bin 0 -> 46 bytes contrib/openbsm/test/reference/ip_token | Bin 0 -> 21 bytes contrib/openbsm/test/reference/ipc_record | Bin 0 -> 31 bytes contrib/openbsm/test/reference/ipc_token | 1 + contrib/openbsm/test/reference/iport_record | Bin 0 -> 28 bytes contrib/openbsm/test/reference/iport_token | Bin 0 -> 3 bytes contrib/openbsm/test/reference/opaque_record | Bin 0 -> 32 bytes contrib/openbsm/test/reference/opaque_token | Bin 0 -> 7 bytes contrib/openbsm/test/reference/path_record | Bin 0 -> 49 bytes contrib/openbsm/test/reference/path_token | Bin 0 -> 24 bytes .../openbsm/test/reference/process32_record | Bin 0 -> 62 bytes .../openbsm/test/reference/process32_token | Bin 0 -> 37 bytes .../openbsm/test/reference/process32ex_record | Bin 0 -> 66 bytes .../openbsm/test/reference/process32ex_token | Bin 0 -> 41 bytes .../openbsm/test/reference/return32_record | Bin 0 -> 31 bytes contrib/openbsm/test/reference/return32_token | 1 + contrib/openbsm/test/reference/seq_record | Bin 0 -> 30 bytes contrib/openbsm/test/reference/seq_token | 1 + .../openbsm/test/reference/subject32_record | Bin 0 -> 62 bytes .../openbsm/test/reference/subject32_token | Bin 0 -> 37 bytes .../openbsm/test/reference/subject32ex_record | Bin 0 -> 78 bytes .../test/reference/subject32ex_token-IPv4 | Bin 0 -> 41 bytes .../test/reference/subject32ex_token-IPv6 | Bin 0 -> 53 bytes contrib/openbsm/test/reference/text_record | Bin 0 -> 44 bytes contrib/openbsm/test/reference/text_token | Bin 0 -> 19 bytes contrib/openbsm/test/reference/trailer_token | 1 + .../test/samples/execve-long-args.trail | Bin 0 -> 714 bytes contrib/openbsm/tools/audump.c | 16 +- 61 files changed, 694 insertions(+), 192 deletions(-) create mode 100644 contrib/openbsm/compat/strlcat.h create mode 100644 contrib/openbsm/test/reference/arg32_record create mode 100644 contrib/openbsm/test/reference/arg32_token create mode 100644 contrib/openbsm/test/reference/data_record create mode 100644 contrib/openbsm/test/reference/data_token create mode 100644 contrib/openbsm/test/reference/file_record create mode 100644 contrib/openbsm/test/reference/file_token create mode 100644 contrib/openbsm/test/reference/header32_token create mode 100644 contrib/openbsm/test/reference/in_addr_record create mode 100644 contrib/openbsm/test/reference/in_addr_token create mode 100644 contrib/openbsm/test/reference/ip_record create mode 100644 contrib/openbsm/test/reference/ip_token create mode 100644 contrib/openbsm/test/reference/ipc_record create mode 100644 contrib/openbsm/test/reference/ipc_token create mode 100644 contrib/openbsm/test/reference/iport_record create mode 100644 contrib/openbsm/test/reference/iport_token create mode 100644 contrib/openbsm/test/reference/opaque_record create mode 100644 contrib/openbsm/test/reference/opaque_token create mode 100644 contrib/openbsm/test/reference/path_record create mode 100644 contrib/openbsm/test/reference/path_token create mode 100644 contrib/openbsm/test/reference/process32_record create mode 100644 contrib/openbsm/test/reference/process32_token create mode 100644 contrib/openbsm/test/reference/process32ex_record create mode 100644 contrib/openbsm/test/reference/process32ex_token create mode 100644 contrib/openbsm/test/reference/return32_record create mode 100644 contrib/openbsm/test/reference/return32_token create mode 100644 contrib/openbsm/test/reference/seq_record create mode 100644 contrib/openbsm/test/reference/seq_token create mode 100644 contrib/openbsm/test/reference/subject32_record create mode 100644 contrib/openbsm/test/reference/subject32_token create mode 100644 contrib/openbsm/test/reference/subject32ex_record create mode 100644 contrib/openbsm/test/reference/subject32ex_token-IPv4 create mode 100644 contrib/openbsm/test/reference/subject32ex_token-IPv6 create mode 100644 contrib/openbsm/test/reference/text_record create mode 100644 contrib/openbsm/test/reference/text_token create mode 100644 contrib/openbsm/test/reference/trailer_token create mode 100644 contrib/openbsm/test/samples/execve-long-args.trail diff --git a/contrib/openbsm/HISTORY b/contrib/openbsm/HISTORY index 7b249ae63155..e9093001a557 100644 --- a/contrib/openbsm/HISTORY +++ b/contrib/openbsm/HISTORY @@ -1,3 +1,37 @@ +OpenBSM 1.0 alpha 11 + +- Reclassify certain read/write operations as having no class rather than the + fr/fw class; our default classes audit intent (open) not operations (read, + write). +- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads + and writes of sysctls as separate events. Add additional kernel + environment and jail events for FreeBSD. +- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER + (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued + by the kernel audit implementation) so that they can be distinguished. +- Disable rate limiting of rotate requests; as the kernel doesn't retransmit + a dropped request, the log file will otherwise grow indefinitely if the + trigger is dropped. +- Improve auditd debugging output. +- Fix a number of threading related bugs in audit_control file reading + routines. +- Add APIs au_poltostr() and au_strtopol() to convert between text + representations of audit_control policy flags and the flags passed to + auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY). +- Add API getacpol() to return the 'policy:' entry from audit_control, an + extension to the Solaris file format to allow specification of policy + persistent flags. +- Update audump to print the audit_control policy field. +- Update auditd to read the audit_control policy field and set the kernel + policy to match it when configuring/reconfiguring. Remove the -s and -h + arguments as these policies are now set via the configuration file. If a + policy line is not found in the configuration file, continue with the + current default of setting AUDIT_CNT. +- Fix bugs in the parsing of large execve(2) arguments and environmental + variable tokens; increase maximum parsed argument and variable count. +- configure now detects strlcat(), used by policy-related functions. +- Reference token and record sample files added to test tree. + OpenBSM 1.0 alpha 10 - auditd now generates complete audit records for its events, as required for @@ -209,4 +243,4 @@ OpenBSM 1.0 alpha 1 to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/HISTORY#26 $ +$P4: //depot/projects/trustedbsd/openbsm/HISTORY#33 $ diff --git a/contrib/openbsm/TODO b/contrib/openbsm/TODO index d30c84131c14..5e0b9c3ae318 100644 --- a/contrib/openbsm/TODO +++ b/contrib/openbsm/TODO @@ -17,5 +17,10 @@ just at the beginning of a record. This will make it easier to use praudit in test suites processing single-token files without header and trailer context. +- Teach auditd how to notify a script when it is done with trail files so + that the script can archive them, compress them, delete them, whatever. + It should walk any trail files found at startup also, assuming it + successfully registers. +- Put hostname in trail file name. -$P4: //depot/projects/trustedbsd/openbsm/TODO#6 $ +$P4: //depot/projects/trustedbsd/openbsm/TODO#7 $ diff --git a/contrib/openbsm/VERSION b/contrib/openbsm/VERSION index 8d3fe66f8ec7..12b10e099a6e 100644 --- a/contrib/openbsm/VERSION +++ b/contrib/openbsm/VERSION @@ -1 +1 @@ -OPENBSM_1_0_ALPHA_9 +OPENBSM_1_0_ALPHA_11 diff --git a/contrib/openbsm/bin/audit/audit.c b/contrib/openbsm/bin/audit/audit.c index e5744f5f978e..c35b16786be3 100644 --- a/contrib/openbsm/bin/audit/audit.c +++ b/contrib/openbsm/bin/audit/audit.c @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#6 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#7 $ */ /* * Program to trigger the audit daemon with a message that is either: @@ -75,7 +75,7 @@ main(int argc, char **argv) switch(ch) { case 'n': - trigger = AUDIT_TRIGGER_OPEN_NEW; + trigger = AUDIT_TRIGGER_ROTATE_USER; break; case 's': diff --git a/contrib/openbsm/bin/auditd/auditd.8 b/contrib/openbsm/bin/auditd/auditd.8 index 8f054c6fc0bb..11e45e1496f2 100644 --- a/contrib/openbsm/bin/auditd/auditd.8 +++ b/contrib/openbsm/bin/auditd/auditd.8 @@ -29,7 +29,7 @@ .\" .\" @APPLE_BSD_LICENSE_HEADER_END@ .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#8 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#9 $ .\" .Dd January 24, 2004 .Dt AUDITD 8 @@ -51,14 +51,20 @@ The options are as follows: .Bl -tag -width Ds .It Fl d Starts the daemon in debug mode - it will not daemonize. -.It Fl h -Specifies that if auditing cannot be performed as specified, the system should -halt (panic). Normally, the system will attempt to proceed - although individual -processes may be stopped (see the -s option). -.It Fl s -Specifies that individual processes should stop rather than perform operations -that may cause audit records to be lost due to log file full conditions .El +.Pp +The historical +.Fl h +and +.Fl s +flags are now configured using +.Xr audit_control 5 +policy flags +.Dv ahlt +and +.Dv cnt , +and are no longer available as arguments to +.Xr auditd 8 . .Sh NOTE .Pp To assure uninterrupted audit support, the diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c index 838424e2bc7d..86cf2335c28f 100644 --- a/contrib/openbsm/bin/auditd/auditd.c +++ b/contrib/openbsm/bin/auditd/auditd.c @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $ */ #include @@ -59,6 +59,7 @@ #include "auditd.h" #define NA_EVENT_STR_SIZE 25 +#define POL_STR_SIZE 128 static int ret, minval; static char *lastfile = NULL; @@ -67,7 +68,6 @@ static int triggerfd = 0; static int sigchlds, sigchlds_handled; static int sighups, sighups_handled; static int sigterms, sigterms_handled; -static long global_flags; static TAILQ_HEAD(, dir_ent) dir_q; @@ -160,8 +160,9 @@ close_lastfile(char *TS) *ptr = '.'; strcpy(ptr+1, TS); if (rename(oldname, lastfile) != 0) - syslog(LOG_ERR, "Could not rename %s to %s", - oldname, lastfile); + syslog(LOG_ERR, + "Could not rename %s to %s: %m", oldname, + lastfile); else syslog(LOG_INFO, "renamed %s to %s", oldname, lastfile); @@ -286,7 +287,7 @@ swap_audit_file(void) free(dirent->dirname); free(dirent); } - syslog(LOG_ERR, "Log directories exhausted\n"); + syslog(LOG_ERR, "Log directories exhausted"); return (-1); } @@ -343,7 +344,7 @@ read_control_file(void) * XXX is generated here? */ if (0 == (ret = getacmin(&minval))) { - syslog(LOG_DEBUG, "min free = %d\n", minval); + syslog(LOG_DEBUG, "min free = %d", minval); if (auditon(A_GETQCTRL, &qctrl, sizeof(qctrl)) != 0) { syslog(LOG_ERR, "could not get audit queue settings"); @@ -494,31 +495,65 @@ register_daemon(void) } /* - * Suppress duplicate messages within a 30 second interval. This should be - * enough to time to rotate log files without thrashing from soft warnings - * generated before the log is actually rotated. + * Handle the audit trigger event. + * + * We suppress (ignore) duplicated triggers in close succession in order to + * try to avoid thrashing-like behavior. However, not all triggers can be + * ignored, as triggers generally represent edge triggers, not level + * triggers, and won't be retransmitted if the condition persists. Of + * specific concern is the rotate trigger -- if one is dropped, then it will + * not be retransmitted, and the log file will grow in an unbounded fashion. */ #define DUPLICATE_INTERVAL 30 static void handle_audit_trigger(int trigger) { - static int last_trigger; + static int last_trigger, last_warning; static time_t last_time; struct dir_ent *dirent; - - /* - * Suppres duplicate messages from the kernel within the specified - * interval. - */ struct timeval ts; struct timezone tzp; time_t tt; + /* + * Suppress duplicate messages from the kernel within the specified + * interval. + */ if (gettimeofday(&ts, &tzp) == 0) { tt = (time_t)ts.tv_sec; - if ((trigger == last_trigger) && - (tt < (last_time + DUPLICATE_INTERVAL))) - return; + switch (trigger) { + case AUDIT_TRIGGER_LOW_SPACE: + case AUDIT_TRIGGER_NO_SPACE: + /* + * Triggers we can suppress. Of course, we also need + * to rate limit the warnings, so apply the same + * interval limit on syslog messages. + */ + if ((trigger == last_trigger) && + (tt < (last_time + DUPLICATE_INTERVAL))) { + if (tt >= (last_warning + DUPLICATE_INTERVAL)) + syslog(LOG_INFO, + "Suppressing duplicate trigger %d", + trigger); + return; + } + last_warning = tt; + break; + + case AUDIT_TRIGGER_ROTATE_KERNEL: + case AUDIT_TRIGGER_ROTATE_USER: + case AUDIT_TRIGGER_READ_FILE: + /* + * Triggers that we cannot suppress. + */ + break; + } + + /* + * Only update last_trigger after aborting due to a duplicate + * trigger, not before, or we will never allow that trigger + * again. + */ last_trigger = trigger; last_time = tt; } @@ -528,7 +563,6 @@ handle_audit_trigger(int trigger) */ dirent = TAILQ_FIRST(&dir_q); switch(trigger) { - case AUDIT_TRIGGER_LOW_SPACE: syslog(LOG_INFO, "Got low space trigger"); if (dirent && (dirent->softlim != 1)) { @@ -554,7 +588,8 @@ handle_audit_trigger(int trigger) } else { /* * Continue auditing to the current file. Also - * generate an allsoft warning. + * generate an allsoft warning. + * * XXX do we want to do this ? */ audit_warn_allsoft(); @@ -577,12 +612,14 @@ handle_audit_trigger(int trigger) audit_warn_allhard(++allhardcount); break; - case AUDIT_TRIGGER_OPEN_NEW: + case AUDIT_TRIGGER_ROTATE_KERNEL: + case AUDIT_TRIGGER_ROTATE_USER: /* * Create a new file and swap with the one being used in * kernel */ - syslog(LOG_INFO, "Got open new trigger"); + syslog(LOG_INFO, "Got open new trigger from %s", trigger == + AUDIT_TRIGGER_ROTATE_KERNEL ? "kernel" : "user"); if (swap_audit_file() == -1) syslog(LOG_ERR, "Error swapping audit file"); break; @@ -656,10 +693,8 @@ wait_for_events(void) syslog(LOG_DEBUG, "%s: SIGTERM", __FUNCTION__); break; } - if (sigchlds != sigchlds_handled) { - syslog(LOG_DEBUG, "%s: SIGCHLD", __FUNCTION__); + if (sigchlds != sigchlds_handled) handle_sigchld(); - } if (sighups != sighups_handled) { syslog(LOG_DEBUG, "%s: SIGHUP", __FUNCTION__); handle_sighup(); @@ -670,7 +705,6 @@ wait_for_events(void) syslog(LOG_ERR, "%s: read EOF", __FUNCTION__); return (-1); } - syslog(LOG_DEBUG, "%s: read %d", __FUNCTION__, trigger); if (trigger == AUDIT_TRIGGER_CLOSE_AND_DIE) break; else @@ -691,10 +725,13 @@ config_audit_controls(void) au_mask_t aumask; int ctr = 0; char naeventstr[NA_EVENT_STR_SIZE]; + char polstr[POL_STR_SIZE]; + long policy; /* * Process the audit event file, obtaining a class mapping for each * event, and send that mapping into the kernel. + * * XXX There's a risk here that the BSM library will return NULL * for an event when it can't properly map it to a class. In that * case, we will not process any events beyond the one that failed, @@ -703,10 +740,17 @@ config_audit_controls(void) ev.ae_name = (char *)malloc(AU_EVENT_NAME_MAX); ev.ae_desc = (char *)malloc(AU_EVENT_DESC_MAX); if ((ev.ae_name == NULL) || (ev.ae_desc == NULL)) { + if (ev.ae_name != NULL) + free(ev.ae_name); syslog(LOG_ERR, "Memory allocation error when configuring audit controls."); return (-1); } + + /* + * XXXRW: Currently we have no way to remove mappings from the kernel + * when they are removed from the file-based mappings. + */ evp = &ev; setauevent(); while ((evp = getauevent_r(evp)) != NULL) { @@ -746,10 +790,21 @@ config_audit_controls(void) "Failed to obtain non-attributable event mask."); /* - * Set the audit policy flags based on passed in parameter values. + * If a policy is configured in audit_control(5), implement the + * policy. However, if one isn't defined, set AUDIT_CNT to avoid + * leaving the system in a fragile state. */ - if (auditon(A_SETPOLICY, &global_flags, sizeof(global_flags))) - syslog(LOG_ERR, "Failed to set audit policy."); + if ((getacpol(polstr, POL_STR_SIZE) == 0) && + (au_strtopol(polstr, &policy) == 0)) { + if (auditon(A_SETPOLICY, &policy, sizeof(policy))) + syslog(LOG_ERR, "Failed to set audit policy: %m"); + } else { + syslog(LOG_ERR, "Failed to obtain policy flags: %m"); + policy = AUDIT_CNT; + if (auditon(A_SETPOLICY, &policy, sizeof(policy))) + syslog(LOG_ERR, + "Failed to set default audit policy: %m"); + } return (0); } @@ -826,7 +881,6 @@ main(int argc, char **argv) int debug = 0; int rc; - global_flags |= AUDIT_CNT; while ((ch = getopt(argc, argv, "dhs")) != -1) { switch(ch) { case 'd': @@ -834,20 +888,10 @@ main(int argc, char **argv) debug = 1; break; - case 's': - /* Fail-stop option. */ - global_flags &= ~(AUDIT_CNT); - break; - - case 'h': - /* Halt-stop option. */ - global_flags |= AUDIT_AHLT; - break; - case '?': default: (void)fprintf(stderr, - "usage: auditd [-h | -s] [-d] \n"); + "usage: auditd [-d] \n"); exit(1); } } diff --git a/contrib/openbsm/bin/auditd/auditd.h b/contrib/openbsm/bin/auditd/auditd.h index bca637037ed8..11bf9d4ce176 100644 --- a/contrib/openbsm/bin/auditd/auditd.h +++ b/contrib/openbsm/bin/auditd/auditd.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#6 $ */ #ifndef _AUDITD_H_ @@ -61,7 +61,7 @@ struct dir_ent { #define HARDLIM_ALL_WARN "allhard" #define SOFTLIM_ALL_WARN "allsoft" -#define AUDITOFF_WARN "aditoff" +#define AUDITOFF_WARN "auditoff" #define EBUSY_WARN "ebusy" #define GETACDIR_WARN "getacdir" #define HARDLIM_WARN "hard" diff --git a/contrib/openbsm/bsm/audit.h b/contrib/openbsm/bsm/audit.h index d67b8535a8ce..ad61748abab0 100644 --- a/contrib/openbsm/bsm/audit.h +++ b/contrib/openbsm/bsm/audit.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#19 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#21 $ */ #ifndef _BSM_AUDIT_H @@ -46,18 +46,19 @@ * Triggers for the audit daemon. */ #define AUDIT_TRIGGER_MIN 1 -#define AUDIT_TRIGGER_LOW_SPACE 1 -#define AUDIT_TRIGGER_OPEN_NEW 2 -#define AUDIT_TRIGGER_READ_FILE 3 -#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 -#define AUDIT_TRIGGER_NO_SPACE 5 -#define AUDIT_TRIGGER_MAX 5 +#define AUDIT_TRIGGER_LOW_SPACE 1 /* Below low watermark. */ +#define AUDIT_TRIGGER_ROTATE_KERNEL 2 /* Kernel requests rotate. */ +#define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */ +#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */ +#define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */ +#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests roate. */ +#define AUDIT_TRIGGER_MAX 6 /* - * Special file that will be read for trigger events from the kernel - * (FreeBSD). + * The special device filename (FreeBSD). */ -#define AUDIT_TRIGGER_FILE "/dev/audit" +#define AUDITDEV_FILENAME "audit" +#define AUDIT_TRIGGER_FILE ("/dev/" AUDITDEV_FILENAME) /* * Pre-defined audit IDs @@ -164,12 +165,12 @@ #define AUDIT_PERZONE 0x2000 /* - * Audit queue control parameters. + * Default audit queue control parameters. */ #define AQ_HIWATER 100 #define AQ_MAXHIGH 10000 #define AQ_LOWATER 10 -#define AQ_BUFSZ 1024 +#define AQ_BUFSZ MAXAUDITDATA #define AQ_MAXBUFSZ 1048576 /* diff --git a/contrib/openbsm/bsm/audit_kevents.h b/contrib/openbsm/bsm/audit_kevents.h index cd558831986e..ef0f47b01485 100644 --- a/contrib/openbsm/bsm/audit_kevents.h +++ b/contrib/openbsm/bsm/audit_kevents.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#40 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#42 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ @@ -467,6 +467,9 @@ #define AUE_EXTATTR_SET_LINK 43111 /* FreeBSD. */ #define AUE_EXTATTR_LIST_LINK 43112 /* FreeBSD. */ #define AUE_EXTATTR_DELETE_LINK 43113 /* FreeBSD. */ +#define AUE_KENV 43114 /* FreeBSD. */ +#define AUE_JAIL_ATTACH 43115 /* FreeBSD. */ +#define AUE_SYSCTL_WRITE 43116 /* FreeBSD. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the diff --git a/contrib/openbsm/bsm/libbsm.h b/contrib/openbsm/bsm/libbsm.h index 5fea48ce1f72..34d9dbc062f0 100644 --- a/contrib/openbsm/bsm/libbsm.h +++ b/contrib/openbsm/bsm/libbsm.h @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#27 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#29 $ */ #ifndef _LIBBSM_H_ @@ -37,9 +37,6 @@ * solely to allow OpenSSH to compile; Darwin/Apple code should not use them. */ -#define AUDIT_MAX_ARGS 10 -#define AUDIT_MAX_ENV 10 - #include #include @@ -55,13 +52,25 @@ #include /* audit_token_t */ #endif +/* + * Size parsed token vectors for execve(2) arguments and environmental + * variables. Note: changing these sizes affects the ABI of the token + * structure, and as the token structure is often placed in the caller stack, + * this is undesirable. + */ +#define AUDIT_MAX_ARGS 128 +#define AUDIT_MAX_ENV 128 + +/* + * Arguments to au_preselect(3). + */ +#define AU_PRS_USECACHE 0 +#define AU_PRS_REREAD 1 + #define AU_PRS_SUCCESS 1 #define AU_PRS_FAILURE 2 #define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) -#define AU_PRS_USECACHE 0 -#define AU_PRS_REREAD 1 - #define AUDIT_EVENT_FILE "/etc/security/audit_event" #define AUDIT_CLASS_FILE "/etc/security/audit_class" #define AUDIT_CONTROL_FILE "/etc/security/audit_control" @@ -71,6 +80,7 @@ #define MINFREE_CONTROL_ENTRY "minfree" #define FLAGS_CONTROL_ENTRY "flags" #define NA_CONTROL_ENTRY "naflags" +#define POLICY_CONTROL_ENTRY "policy" #define AU_CLASS_NAME_MAX 8 #define AU_CLASS_DESC_MAX 72 @@ -711,11 +721,14 @@ int getacdir(char *name, int len); int getacmin(int *min_val); int getacflg(char *auditstr, int len); int getacna(char *auditstr, int len); +int getacpol(char *auditstr, size_t len); int getauditflagsbin(char *auditstr, au_mask_t *masks); int getauditflagschar(char *auditstr, au_mask_t *masks, int verbose); int au_preselect(au_event_t event, au_mask_t *mask_p, int sorf, int flag); +ssize_t au_poltostr(long policy, size_t maxsize, char *buf); +int au_strtopol(const char *polstr, long *policy); /* * Functions relating to querying audit event information. diff --git a/contrib/openbsm/compat/strlcat.h b/contrib/openbsm/compat/strlcat.h new file mode 100644 index 000000000000..ba836f83cbf9 --- /dev/null +++ b/contrib/openbsm/compat/strlcat.h @@ -0,0 +1,66 @@ +/* + * Copyright (c) 1998 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * dollar OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp dollar + */ + +/* + * Appends src to string dst of size siz (unlike strncat, siz is the + * full size of dst, not space left). At most siz-1 characters + * will be copied. Always NUL terminates (unless siz <= strlen(dst)). + * Returns strlen(src) + MIN(siz, strlen(initial dst)). + * If retval >= siz, truncation occurred. + */ +static size_t +strlcat(dst, src, siz) + char *dst; + const char *src; + size_t siz; +{ + char *d = dst; + const char *s = src; + size_t n = siz; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end */ + while (n-- != 0 && *d != '\0') + d++; + dlen = d - dst; + n = siz - dlen; + + if (n == 0) + return(dlen + strlen(s)); + while (*s != '\0') { + if (n != 1) { + *d++ = *s; + n--; + } + s++; + } + *d = '\0'; + + return(dlen + (s - src)); /* count does not include NUL */ +} diff --git a/contrib/openbsm/config/config.h.in b/contrib/openbsm/config/config.h.in index bc53efcc8f05..6daddb4f9fb1 100644 --- a/contrib/openbsm/config/config.h.in +++ b/contrib/openbsm/config/config.h.in @@ -86,6 +86,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H +/* Define to 1 if you have the `strlcat' function. */ +#undef HAVE_STRLCAT + /* Define to 1 if you have the `strrchr' function. */ #undef HAVE_STRRCHR diff --git a/contrib/openbsm/configure b/contrib/openbsm/configure index c6394ade3025..26af770f4151 100755 --- a/contrib/openbsm/configure +++ b/contrib/openbsm/configure @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 . +# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#31 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a10. +# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a11. # # Report bugs to . # @@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='OpenBSM' PACKAGE_TARNAME='openbsm' -PACKAGE_VERSION='1.0a10' -PACKAGE_STRING='OpenBSM 1.0a10' +PACKAGE_VERSION='1.0a11' +PACKAGE_STRING='OpenBSM 1.0a11' PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org' ac_unique_file="bin/auditreduce/auditreduce.c" @@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenBSM 1.0a10 to adapt to many kinds of systems. +\`configure' configures OpenBSM 1.0a11 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1021,7 +1021,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenBSM 1.0a10:";; + short | recursive ) echo "Configuration of OpenBSM 1.0a11:";; esac cat <<\_ACEOF @@ -1162,7 +1162,7 @@ fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -OpenBSM configure 1.0a10 +OpenBSM configure 1.0a11 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenBSM $as_me 1.0a10, which was +It was created by OpenBSM $as_me 1.0a11, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -19278,7 +19278,7 @@ fi # Define the identity of the package. PACKAGE=OpenBSM - VERSION=1.0a10 + VERSION=1.0a11 cat >>confdefs.h <<_ACEOF @@ -22834,7 +22834,8 @@ done -for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul + +for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strrchr strstr strtol strtoul do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` echo "$as_me:$LINENO: checking for $ac_func" >&5 @@ -23478,7 +23479,7 @@ _ASBOX } >&5 cat >&5 <<_CSEOF -This file was extended by OpenBSM $as_me 1.0a10, which was +This file was extended by OpenBSM $as_me 1.0a11, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23541,7 +23542,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -OpenBSM config.status 1.0a10 +OpenBSM config.status 1.0a11 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff --git a/contrib/openbsm/configure.ac b/contrib/openbsm/configure.ac index cd708bedecca..8547245c0e44 100644 --- a/contrib/openbsm/configure.ac +++ b/contrib/openbsm/configure.ac @@ -2,8 +2,8 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([OpenBSM], [1.0a10], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) -AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#29 $]) +AC_INIT([OpenBSM], [1.0a11], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) +AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#31 $]) AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_HEADER([config/config.h]) @@ -56,7 +56,7 @@ AC_FUNC_MKTIME AC_TYPE_SIGNAL AC_FUNC_STAT AC_FUNC_STRFTIME -AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul]) +AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strrchr strstr strtol strtoul]) # sys/queue.h exists on most systems, but its capabilities vary a great deal. # test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in diff --git a/contrib/openbsm/etc/audit_control b/contrib/openbsm/etc/audit_control index fb1ce1a773ef..2db3e1fa049e 100644 --- a/contrib/openbsm/etc/audit_control +++ b/contrib/openbsm/etc/audit_control @@ -1,7 +1,8 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#3 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#4 $ # dir:/var/audit flags:lo minfree:20 naflags:lo +policy:cnt diff --git a/contrib/openbsm/etc/audit_event b/contrib/openbsm/etc/audit_event index ebab4ed21abf..346dff7a22af 100644 --- a/contrib/openbsm/etc/audit_event +++ b/contrib/openbsm/etc/audit_event @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#12 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#15 $ # 0:AUE_NULL:indir system call:no 1:AUE_EXIT:exit(2):pc @@ -117,8 +117,8 @@ 113:AUE_SYSTEMBOOT:system booted:na 114:AUE_ASYNC_DAEMON_EXIT:async_daemon(2) exited:ad 115:AUE_NFSSVC_EXIT:nfssvc(2) exited:ad -128:AUE_WRITEL:writel(2):fw -129:AUE_WRITEVL:writevl(2):fw +128:AUE_WRITEL:writel(2):no +129:AUE_WRITEVL:writevl(2):no 130:AUE_GETAUID:getauid(2):ad 131:AUE_SETAUID:setauid(2):ad 132:AUE_GETAUDIT:getaudit(2):ad @@ -265,7 +265,7 @@ 325:AUE_DARWIN_KDEBUGTRACE:system call:pc 326:AUE_DARWIN_FSTAT:fstat(2):fa 327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa -328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr +328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):no 329:AUE_DARWIN_TRUNCATE:truncate(2):fw 330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw 331:AUE_DARWIN_SYSCTL:sysctl(3):ad @@ -321,8 +321,8 @@ 43017:AUE_KDEBUGTRACE:system call:pc 43018:AUE_FSTAT:fstat(2):fa 43019:AUE_FPATHCONF:fpathconf(2):fa -43020:AUE_GETDIRENTRIES:getdirentries(2):fr -43021:AUE_SYSCTL:sysctl(3):ad +43020:AUE_GETDIRENTRIES:getdirentries(2):no +43021:AUE_SYSCTL:sysctl(3):ot 43022:AUE_MLOCK:mlock(2):pc 43023:AUE_MUNLOCK:munlock(2):pc 43024:AUE_UNDELETE:undelete(2):fm @@ -415,6 +415,9 @@ 43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm 43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa 43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm +43114:AUE_KENV:kenv(8):ad +43115:AUE_JAIL_ATTACH:jail_attach(2):ad +43116:AUE_SYSCTL_WRITE:sysctl(3):ad # # User space system events. # diff --git a/contrib/openbsm/libbsm/au_control.3 b/contrib/openbsm/libbsm/au_control.3 index 0cd66f162fd4..00a551eed2d9 100644 --- a/contrib/openbsm/libbsm/au_control.3 +++ b/contrib/openbsm/libbsm/au_control.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#3 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $ .\" .Dd April 19, 2005 .Dt AU_CONTROL 3 @@ -34,7 +34,10 @@ .Nm getacdir , .Nm getacmin , .Nm getacflg , -.Nm getacna +.Nm getacna , +.Nm getacpol , +.Nm au_poltostr +.Nm au_strtopol .Nd "Look up information from the audit_control database" .Sh LIBRARY .Lb libbsm @@ -52,6 +55,12 @@ .Fn getacflg "char *auditstr" "int len" .Ft int .Fn getacna "char *auditstr" "int len" +.Ft int +.Fn getacpol "char *auditstr" "size_t len" +.Ft ssize_t +.Fn au_poltostr "long policy" "size_t maxsize" "char *buf" +.Ft int +.Fn au_strtopol "const char *polstr" "long *policy" .Sh DESCRIPTION These interfaces may be used to look up information from the .Xr audit_control 5 @@ -90,15 +99,42 @@ returns the non-attributable flags via the passed character buffer .Va auditstr of length .Va len . +.Pp +.Fn getacpol +returns the audit policy flags via the passed character buffer +.Va auditstr +of length +.Va len . +.Pp +.Fn au_poltostr +converts a numeric audit policy mask, +.Va policy , +value to a string in the passed character buffer +.Va buf +of lenth +.Va maxsize . +.Pp +.Fn au_strtopol +converts an audit policy flags string, +.Va polstr , +to a numeric audit policy mask returned via +.Va policy . .Sh RETURN VALULES .Fn getacdir , .Fn getacmin , .Fn getacflg , +.Fn getacna , +.Fn getacpol , and -.Fn getacna +.Fn au_strtopol return 0 on success, or a negative value on failure, along with error information in .Va errno . +.Pp +.Fn au_poltostr +returns a string length of 0 or more on success, or a negative value on +if there is a failure. +.Pp Functions that return a string value will return a failure if there is insufficient room in the passed character buffer for the full string. .Sh SEE ALSO diff --git a/contrib/openbsm/libbsm/au_open.3 b/contrib/openbsm/libbsm/au_open.3 index 569940e68061..db9e9b3fbc76 100644 --- a/contrib/openbsm/libbsm/au_open.3 +++ b/contrib/openbsm/libbsm/au_open.3 @@ -23,16 +23,17 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#5 $ .\" .Dd March 4, 2006 .Dt AU_OPEN 3 .Os .Sh NAME -.Nm au_open , -.Nm au_write , .Nm au_close , -.Nm au_close_buffer +.Nm au_close_buffer , +.Nm au_close_token , +.Nm au_open , +.Nm au_write .Nd "Create and commit audit records" .Sh LIBRARY .Lb libbsm @@ -120,6 +121,7 @@ return 0 on success, or a negative value on failure, along with error information in .Va errno . .Sh SEE ALSO +.Xr audit_submit 3 , .Xr libbsm 3 .Sh AUTHORS This software was created by Robert Watson, Wayne Salamon, and Suresh diff --git a/contrib/openbsm/libbsm/bsm_control.c b/contrib/openbsm/libbsm/bsm_control.c index 438082bca892..ba643b2b9fde 100644 --- a/contrib/openbsm/libbsm/bsm_control.c +++ b/contrib/openbsm/libbsm/bsm_control.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2004 Apple Computer, Inc. + * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#13 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#15 $ */ #include @@ -37,9 +38,14 @@ #include #include +#include +#ifndef HAVE_STRLCAT +#include +#endif + /* * Parse the contents of the audit_control file to return the audit control - * parameters. + * parameters. These static fields are protected by 'mutex'. */ static FILE *fp = NULL; static char linestr[AU_LINE_MAX]; @@ -97,22 +103,224 @@ getstrfromtype_locked(char *name, char **str) } } +/* + * Convert a policy to a string. Return -1 on failure, or >= 0 representing + * the actual size of the string placed in the buffer (excluding terminating + * nul). + */ +ssize_t +au_poltostr(long policy, size_t maxsize, char *buf) +{ + int first; + + if (maxsize < 1) + return (-1); + first = 1; + buf[0] = '\0'; + + if (policy & AUDIT_CNT) { + if (strlcat(buf, "cnt", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_AHLT) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "ahlt", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_ARGV) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "argv", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_ARGE) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "arge", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_SEQ) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "seq", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_WINDATA) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "windata", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_USER) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "user", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_GROUP) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "group", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_TRAIL) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "trail", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_PATH) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "path", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_SCNT) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "scnt", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_PUBLIC) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "public", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_ZONENAME) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "zonename", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_PERZONE) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "perzone", maxsize) >= maxsize) + return (-1); + first = 0; + } + return (strlen(buf)); +} + +/* + * Convert a string to a policy. Return -1 on failure (with errno EINVAL, + * ENOMEM) or 0 on success. + */ +int +au_strtopol(const char *polstr, long *policy) +{ + char *bufp, *string; + char *buffer; + + *policy = 0; + buffer = strdup(polstr); + if (buffer == NULL) + return (-1); + + bufp = buffer; + while ((string = strsep(&bufp, ",")) != NULL) { + if (strcmp(string, "cnt") == 0) + *policy |= AUDIT_CNT; + else if (strcmp(string, "ahlt") == 0) + *policy |= AUDIT_AHLT; + else if (strcmp(string, "argv") == 0) + *policy |= AUDIT_ARGV; + else if (strcmp(string, "arge") == 0) + *policy |= AUDIT_ARGE; + else if (strcmp(string, "seq") == 0) + *policy |= AUDIT_SEQ; + else if (strcmp(string, "winau_fstat") == 0) + *policy |= AUDIT_WINDATA; + else if (strcmp(string, "user") == 0) + *policy |= AUDIT_USER; + else if (strcmp(string, "group") == 0) + *policy |= AUDIT_GROUP; + else if (strcmp(string, "trail") == 0) + *policy |= AUDIT_TRAIL; + else if (strcmp(string, "path") == 0) + *policy |= AUDIT_PATH; + else if (strcmp(string, "scnt") == 0) + *policy |= AUDIT_SCNT; + else if (strcmp(string, "public") == 0) + *policy |= AUDIT_PUBLIC; + else if (strcmp(string, "zonename") == 0) + *policy |= AUDIT_ZONENAME; + else if (strcmp(string, "perzone") == 0) + *policy |= AUDIT_PERZONE; + else { + free(buffer); + errno = EINVAL; + return (-1); + } + } + free(buffer); + return (0); +} + /* * Rewind the file pointer to beginning. */ +static void +setac_locked(void) +{ + + ptrmoved = 1; + if (fp != NULL) + fseek(fp, 0, SEEK_SET); +} + void setac(void) { pthread_mutex_lock(&mutex); - ptrmoved = 1; - if (fp != NULL) - fseek(fp, 0, SEEK_SET); + setac_locked(); pthread_mutex_unlock(&mutex); } /* - * Close the audit_control file + * Close the audit_control file. */ void endac(void) @@ -136,72 +344,54 @@ getacdir(char *name, int len) char *dir; int ret = 0; - if (name == NULL) { - errno = EINVAL; - return (-2); - } - - pthread_mutex_lock(&mutex); - /* - * Check if another function was called between - * successive calls to getacdir + * Check if another function was called between successive calls to + * getacdir. */ + pthread_mutex_lock(&mutex); if (inacdir && ptrmoved) { ptrmoved = 0; if (fp != NULL) fseek(fp, 0, SEEK_SET); ret = 2; } - - if (getstrfromtype_locked(DIR_CONTROL_ENTRY, &dir) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - - pthread_mutex_unlock(&mutex); - - if (dir == NULL) + if (dir == NULL) { + pthread_mutex_unlock(&mutex); return (-1); - - if (strlen(dir) >= len) + } + if (strlen(dir) >= len) { + pthread_mutex_unlock(&mutex); return (-3); - + } strcpy(name, dir); - + pthread_mutex_unlock(&mutex); return (ret); } /* - * Return the minimum free diskspace value from the audit control file + * Return the minimum free diskspace value from the audit control file. */ int getacmin(int *min_val) { char *min; - setac(); - - if (min_val == NULL) { - errno = EINVAL; - return (-2); - } - pthread_mutex_lock(&mutex); - + setac_locked(); if (getstrfromtype_locked(MINFREE_CONTROL_ENTRY, &min) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - - pthread_mutex_unlock(&mutex); - - if (min == NULL) + if (min == NULL) { + pthread_mutex_unlock(&mutex); return (1); - + } *min_val = atoi(min); - + pthread_mutex_unlock(&mutex); return (0); } @@ -213,30 +403,22 @@ getacflg(char *auditstr, int len) { char *str; - setac(); - - if (auditstr == NULL) { - errno = EINVAL; - return (-2); - } - pthread_mutex_lock(&mutex); - + setac_locked(); if (getstrfromtype_locked(FLAGS_CONTROL_ENTRY, &str) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - - pthread_mutex_unlock(&mutex); - - if (str == NULL) + if (str == NULL) { + pthread_mutex_unlock(&mutex); return (1); - - if (strlen(str) >= len) + } + if (strlen(str) >= len) { + pthread_mutex_unlock(&mutex); return (-3); - + } strcpy(auditstr, str); - + pthread_mutex_unlock(&mutex); return (0); } @@ -248,28 +430,47 @@ getacna(char *auditstr, int len) { char *str; - setac(); - - if (auditstr == NULL) { - errno = EINVAL; - return (-2); - } - pthread_mutex_lock(&mutex); - + setac_locked(); if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - pthread_mutex_unlock(&mutex); - - if (str == NULL) + if (str == NULL) { + pthread_mutex_unlock(&mutex); return (1); - - if (strlen(str) >= len) + } + if (strlen(str) >= len) { + pthread_mutex_unlock(&mutex); return (-3); - + } strcpy(auditstr, str); - + return (0); +} + +/* + * Return the policy field from the audit control file. + */ +int +getacpol(char *auditstr, size_t len) +{ + char *str; + + pthread_mutex_lock(&mutex); + setac_locked(); + if (getstrfromtype_locked(POLICY_CONTROL_ENTRY, &str) < 0) { + pthread_mutex_unlock(&mutex); + return (-2); + } + if (str == NULL) { + pthread_mutex_unlock(&mutex); + return (-1); + } + if (strlen(str) >= len) { + pthread_mutex_unlock(&mutex); + return (-3); + } + strcpy(auditstr, str); + pthread_mutex_unlock(&mutex); return (0); } diff --git a/contrib/openbsm/libbsm/bsm_io.c b/contrib/openbsm/libbsm/bsm_io.c index 30639e6992af..25877351de1d 100644 --- a/contrib/openbsm/libbsm/bsm_io.c +++ b/contrib/openbsm/libbsm/bsm_io.c @@ -31,7 +31,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#40 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#41 $ */ #include @@ -1190,7 +1190,8 @@ fetch_execarg_tok(tokenstr_t *tok, char *buf, int len) for (i = 0; i < tok->tt.execarg.count; i++) { bptr = buf + tok->len; - tok->tt.execarg.text[i] = bptr; + if (i < AUDIT_MAX_ARGS) + tok->tt.execarg.text[i] = bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { @@ -1202,6 +1203,8 @@ fetch_execarg_tok(tokenstr_t *tok, char *buf, int len) return (-1); tok->len++; /* \0 character */ } + if (tok->tt.execarg.count > AUDIT_MAX_ARGS) + tok->tt.execarg.count = AUDIT_MAX_ARGS; return (0); } @@ -1235,9 +1238,10 @@ fetch_execenv_tok(tokenstr_t *tok, char *buf, int len) if (err) return (-1); - for (i = 0; i< tok->tt.execenv.count; i++) { + for (i = 0; i < tok->tt.execenv.count; i++) { bptr = buf + tok->len; - tok->tt.execenv.text[i] = bptr; + if (i < AUDIT_MAX_ENV) + tok->tt.execenv.text[i] = bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { @@ -1249,6 +1253,8 @@ fetch_execenv_tok(tokenstr_t *tok, char *buf, int len) return (-1); tok->len++; /* \0 character */ } + if (tok->tt.execenv.count > AUDIT_MAX_ENV) + tok->tt.execenv.count = AUDIT_MAX_ENV; return (0); } diff --git a/contrib/openbsm/libbsm/bsm_token.c b/contrib/openbsm/libbsm/bsm_token.c index f90cbc9f19ac..fecbeb84f219 100644 --- a/contrib/openbsm/libbsm/bsm_token.c +++ b/contrib/openbsm/libbsm/bsm_token.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#51 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#52 $ */ #include @@ -71,7 +71,6 @@ #include #include #include -#include #include #include diff --git a/contrib/openbsm/libbsm/libbsm.3 b/contrib/openbsm/libbsm/libbsm.3 index df0c3c16e084..3d9aadd393e9 100644 --- a/contrib/openbsm/libbsm/libbsm.3 +++ b/contrib/openbsm/libbsm/libbsm.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#5 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#7 $ .\" .Dd April 19, 2005 .Dt LIBBSM 3 @@ -55,15 +55,18 @@ These are described respectively in the .Xr au_notify 3 , .Xr au_stream 3 , .Xr au_token 3 , +and .Xr au_user 3 -man pages. +manual pages. .Ss Audit Event Stream Interfaces Audit event stream interfaces support interaction with file-backed audit event streams: -.Xr au_close 3 . +.Xr au_close 3 , +.Xr au_close_buffer 3 , .Xr au_free_token 3 , .Xr au_open 3 , .Xr au_write 3 , +.Xr audit_submit 3 . .Ss Audit Class Interfaces Audit class interfaces support the look up of information from the .Xr audit_class 5 @@ -83,7 +86,10 @@ database: .Xr getacdir 3 , .Xr getacflg 3 , .Xr getacmin 3 , -.Xr getacna 3 . +.Xr getacna 3 , +.Xr getacpol 3 , +.Xr au_poltostr 3 , +.Xr au_strtopol 3 . .Ss Audit Event Interfaces Audit event interfaces support the look up of information from the .Xr audit_event 5 @@ -188,6 +194,7 @@ database: .Xr au_stream 3 , .Xr au_token 3 , .Xr au_user 3 , +.Xr audit_submit 3 , .Xr audit_class 5 , .Xr audit_control 5 .Sh AUTHORS diff --git a/contrib/openbsm/man/audit_control.5 b/contrib/openbsm/man/audit_control.5 index dd39afc76069..edd38bb72043 100644 --- a/contrib/openbsm/man/audit_control.5 +++ b/contrib/openbsm/man/audit_control.5 @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#11 $ .\" .Dd January 4, 2006 .Dt AUDIT_CONTROL 5 @@ -63,6 +63,9 @@ an action cannot be attributed to a specific user. The minimum free space required on the file system audit logs are being written to. When the free space falls below this limit a warning will be issued. Not currently used as the value of 20 percent is chosen by the kernel. +.It Va policy +A list of global audit policy flags specifying various behaviors, such as +fail stop, auditing of paths and arguments, etc. .El .Sh AUDIT FLAGS Audit flags are a comma-delimited list of audit classes as defined in the @@ -86,6 +89,53 @@ Do not record successful events .It ^- Do not record failed events .El +.Sh AUDIT POLICY FLAGS +The policy flags field is a comma-delimited list of policy flags from the +following list: +.Pp +.Bl -tag -width zonename -compact -offset indent +.It cnt +Allow processes to continue running even though events are not being audited. +If not set, processes will be suspended when the audit store space is +exhausted. +Currently, this is not a recoverable state. +.It ahlt +Fail stop the system if unable to audit an event--this consists of first +draining pending records to disk, and then halting the operating system. +.It argv +Audit command line arguments to +.Xr execve 2 . +.It arge +Audit environmental variable arguments to +.Xr execve 2 . +.It seq +Include a unique audit sequence number token in generated audit records (not +implemented on FreeBSD or Darwin). +.It group +Include supplementary groups list in generated audit records (not implemented +on FreeBSD or Darwin; supplementary groups are never included in records on +these systems). +.It trail +Append a trailer token to each audit record (not implemented on FreeBSD or +Darwin; trailers are always included in records on these systems). +.It path +Include secondary file paths in audit records (not implemented on FreeBSD or +Darwin; secondary paths are never included in records on these systems). +.It zonename +Include a zone ID token with each audit record (not implemented on FreeBSD or +Darwin; FreeBSD audit records do not currently include the jail ID or name.) +.It perzone +Enable auditing for each local zone (not implemented on FreeBSD or Darwin; on +FreeBSD, audit records are collected from all jails and placed in a single +global trail, and only limited audit controls are permitted within a jail.) +.El +.Pp +It is recommended that installations set the +.Dv cnt +flag but not +.Dv ahlt +flag unless it is intended that audit logs exceeding available disk space +halt the system. .Sh DEFAULT The following settings appear in the default .Nm @@ -95,12 +145,18 @@ dir:/var/audit flags:lo minfree:20 naflags:lo +policy:cnt .Ed .Pp The .Va flags parameter above specifies the system-wide mask corresponding to login/logout events. +The +.Va policy +parameter specifies that the system should neither fail stop nor suspend +processes when the audit store fills. +will be audited. .Sh FILES .Bl -tag -width "/etc/security/audit_control" -compact .It Pa /etc/security/audit_control diff --git a/contrib/openbsm/man/auditon.2 b/contrib/openbsm/man/auditon.2 index 9dedbba53b07..04eb775afc85 100644 --- a/contrib/openbsm/man/auditon.2 +++ b/contrib/openbsm/man/auditon.2 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#7 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#8 $ .\" .Dd April 19, 2005 .Dt AUDITON 2 @@ -192,7 +192,7 @@ structure. The field will be set to the maximum audit log file size. A value of 0 indicates no limit to the size. The -.Ft af_filesz +.Ft af_currsz will be set to the current audit log file size. .It Dv A_GETCWD .\" [COMMENTED OUT]: Valid description, not yet implemented. diff --git a/contrib/openbsm/test/reference/arg32_record b/contrib/openbsm/test/reference/arg32_record new file mode 100644 index 0000000000000000000000000000000000000000..744dbcfd4437a6123928ce05a8967e03d8d2176f GIT binary patch literal 50 zcmWe(U|=xf0ul_af>D1N7?|{RnOC2E&%hv9l3H96pIDS`Y!qLTpPib=AiR+kq!<7W CEesF< literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/arg32_token b/contrib/openbsm/test/reference/arg32_token new file mode 100644 index 0000000000000000000000000000000000000000..3401aa13af9b9f52891c9bb7434e7ee9d88acfe7 GIT binary patch literal 25 gcmdO8UVZjG1A|~mYH>+?Vo|!WQG7{$c4{620Cs=~=Kufz literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/data_record b/contrib/openbsm/test/reference/data_record new file mode 100644 index 0000000000000000000000000000000000000000..ffb3ff68647d4ac49dbbff362304e37390726972 GIT binary patch literal 39 rcmWe(U|>+^0ul_af>D1N7#Ke(vM_K3=jW!nB$gyH=nHRT1*rf4e%c2@ literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/data_token b/contrib/openbsm/test/reference/data_token new file mode 100644 index 0000000000000000000000000000000000000000..e000b8a3a09dbe45876c319acde39705eeb26b7e GIT binary patch literal 14 VcmY#nVc-hR&rNknEJD1N7#KeaGB7H;0vRh9SW8liOBjSVvVznA0DOQ3!2kdN literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/file_token b/contrib/openbsm/test/reference/file_token new file mode 100644 index 0000000000000000000000000000000000000000..8b6daa669bb404747ff3dbbd4e4a0c4cc443e8fa GIT binary patch literal 16 XcmWe+U{rQxU|?Lqz*>@8T*3eV5wQa4 literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/header32_token b/contrib/openbsm/test/reference/header32_token new file mode 100644 index 0000000000000000000000000000000000000000..dd72c1cf61a3973255b18258d8a838f669f8d645 GIT binary patch literal 18 ZcmWd;G6}2TVqkVnXJAxzWnf@j0RS6T0`vd? literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/in_addr_record b/contrib/openbsm/test/reference/in_addr_record new file mode 100644 index 0000000000000000000000000000000000000000..0421f884f9392a10b7450de4793952f390250566 GIT binary patch literal 30 icmWe(U|^8r0ul_af>D1N7?`xR4y;Jw7v9JUk^lfeH3b6z literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/in_addr_token b/contrib/openbsm/test/reference/in_addr_token new file mode 100644 index 000000000000..56b32a7a3189 --- /dev/null +++ b/contrib/openbsm/test/reference/in_addr_token @@ -0,0 +1 @@ +*À¨d \ No newline at end of file diff --git a/contrib/openbsm/test/reference/ip_record b/contrib/openbsm/test/reference/ip_record new file mode 100644 index 0000000000000000000000000000000000000000..22498445fd22216fe85930d0935441187ba20f24 GIT binary patch literal 46 ycmWe(U|`VW0ul_af>D1N7?^al9T*ryLMj*-92glG4y;I-ePBhNf$&CFkU{{crU@7T literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/ip_token b/contrib/openbsm/test/reference/ip_token new file mode 100644 index 0000000000000000000000000000000000000000..96572a48ea197192d33031f880d0586e561826d7 GIT binary patch literal 21 ccmdOPU|D1N7#Ke*F$$T4RS0in1<3#aL*E4c literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/ipc_token b/contrib/openbsm/test/reference/ipc_token new file mode 100644 index 000000000000..7d7690b23618 --- /dev/null +++ b/contrib/openbsm/test/reference/ipc_token @@ -0,0 +1 @@ +"4Vx \ No newline at end of file diff --git a/contrib/openbsm/test/reference/iport_record b/contrib/openbsm/test/reference/iport_record new file mode 100644 index 0000000000000000000000000000000000000000..228e8fe487f3276b00c96af81476c1813c379740 GIT binary patch literal 28 fcmWe(U|^8p0ul_af>D1N7?|{Q0vLohvVw#GE4l-D literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/iport_token b/contrib/openbsm/test/reference/iport_token new file mode 100644 index 0000000000000000000000000000000000000000..0225a76dde89486c08bb9a5b058d57b7d9f22ed3 GIT binary patch literal 3 KcmdN1U;qFCCjfl_ literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/opaque_record b/contrib/openbsm/test/reference/opaque_record new file mode 100644 index 0000000000000000000000000000000000000000..7763817d26cd8225dcf540e2a06aad9d1d31f53c GIT binary patch literal 32 kcmWe(U|>+-0ul_af>D1N7??CQ8CX{BK66)iBP&P>08ZHkI{*Lx literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/opaque_token b/contrib/openbsm/test/reference/opaque_token new file mode 100644 index 0000000000000000000000000000000000000000..02460d3a36f8453cb2110d7e267888afb69a4a51 GIT binary patch literal 7 OcmdO7U|F^M%v}Hohyy$T literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/path_record b/contrib/openbsm/test/reference/path_record new file mode 100644 index 0000000000000000000000000000000000000000..e85e384e067781672cbae5578eb52d5d0b1302b5 GIT binary patch literal 49 wcmWe(U|=xh0ul_af>D1N7#P1OGl=S!q!yRxmtjP0Dn9Cr%krkvC0R5s1ga7~l literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/path_token b/contrib/openbsm/test/reference/path_token new file mode 100644 index 0000000000000000000000000000000000000000..18d8eefb73d240c214a06cfffe3d80370acf38d8 GIT binary patch literal 24 acmY#p5Y;b9EiTb7$;d3$2ckqUmjM7-0|%J^ literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/process32_record b/contrib/openbsm/test/reference/process32_record new file mode 100644 index 0000000000000000000000000000000000000000..b6a0a77201549d132e320c2b1090593e242b4140 GIT binary patch literal 62 zcmWe(U|_K00ul_af>D1N7#M%437LddFe+mo LKvlvUSwR{Br@IbL literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/process32_token b/contrib/openbsm/test/reference/process32_token new file mode 100644 index 0000000000000000000000000000000000000000..a58adadf6dd43a7571c46444ccc7c3bf8afe980e GIT binary patch literal 37 qcmY!rG6}0-RCY}VqRts*Ax50-sm{VGrf$>QN>jul&E4u57#IP@9STDL literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/process32ex_record b/contrib/openbsm/test/reference/process32ex_record new file mode 100644 index 0000000000000000000000000000000000000000..aa2cb560c1f452d03f41736a1abbfcdf9939b1fd GIT binary patch literal 66 zcmWe(U|?|K0ul_af>D1N7?{+ng-pUK7?oYqfv9svS%?v5d#barimBW5w$c=_NOL!! PS{6nIhI-+RtRT$*!blC> literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/process32ex_token b/contrib/openbsm/test/reference/process32ex_token new file mode 100644 index 0000000000000000000000000000000000000000..ba84a2a56cee04948466259cc99e14064bc352fa GIT binary patch literal 41 ucmb;xG6}0-RCY}VqRts*Ax50-sm{VGrf$>QN>jul&D|In7+4q?80rD}U<#Z7 literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/return32_record b/contrib/openbsm/test/reference/return32_record new file mode 100644 index 0000000000000000000000000000000000000000..f4a6a5b1d6a16432168ae0c912fc833341cd357c GIT binary patch literal 31 jcmWe(U|^8v0ul_af>D1N7??EFuM3%kRS0in1<3#aLmdSV literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/return32_token b/contrib/openbsm/test/reference/return32_token new file mode 100644 index 000000000000..e7a209862e6b --- /dev/null +++ b/contrib/openbsm/test/reference/return32_token @@ -0,0 +1 @@ +'×4Vx \ No newline at end of file diff --git a/contrib/openbsm/test/reference/seq_record b/contrib/openbsm/test/reference/seq_record new file mode 100644 index 0000000000000000000000000000000000000000..576c11232c5de6cc3523560a9a75c5c215e634cb GIT binary patch literal 30 hcmWe(U|^8r0ul_af>D1N7?=$7g-pUKgg3H+Bmg&h1V#V= literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/seq_token b/contrib/openbsm/test/reference/seq_token new file mode 100644 index 000000000000..99b51cfb06cf --- /dev/null +++ b/contrib/openbsm/test/reference/seq_token @@ -0,0 +1 @@ +/4Vx \ No newline at end of file diff --git a/contrib/openbsm/test/reference/subject32_record b/contrib/openbsm/test/reference/subject32_record new file mode 100644 index 0000000000000000000000000000000000000000..9978e5dbb15e1d53998224ec717b93679f25b2c6 GIT binary patch literal 62 zcmWe(U|_K00ul_af>D1N7#P2*2$_UcFe+mo LKvlvUSwR{Brh*Pf literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/subject32_token b/contrib/openbsm/test/reference/subject32_token new file mode 100644 index 0000000000000000000000000000000000000000..2263fe53609c98c8d1e3efeb6cd24270a57053a7 GIT binary patch literal 37 qcmY!pG6}0-RCY}VqRts*Ax50-sm{VGrf$>QN>jul&E4u57#IP?(+WWV literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/subject32ex_record b/contrib/openbsm/test/reference/subject32ex_record new file mode 100644 index 0000000000000000000000000000000000000000..ca28be4869ad02f6338aaf975cab52469ddbaa45 GIT binary patch literal 78 zcmWe(U|{g$0ul_af>D1N7#M$437LddFe+kd WwE_$b4gWxzK!6d5g*UPSNk0Ilh7ZpG literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/subject32ex_token-IPv4 b/contrib/openbsm/test/reference/subject32ex_token-IPv4 new file mode 100644 index 0000000000000000000000000000000000000000..0eaa71bcc76c9ed395860fdd4881fc1cb8414e2d GIT binary patch literal 41 ucmb;tG6}0-RCY}VqRts*Ax50-sm{VGrf$>QN>jul&D|In7+4q?80rD}Hwv2o literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/subject32ex_token-IPv6 b/contrib/openbsm/test/reference/subject32ex_token-IPv6 new file mode 100644 index 0000000000000000000000000000000000000000..99202b15d434c2fbdcf09d0c9c5616feb3ca3c55 GIT binary patch literal 53 zcmb;tG6}0-RCY}VqRts*Ax50-sm{VGrf$>QN>jul&D|In7z7v?8vX%kFkl3d0EWE_ ArT_o{ literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/text_record b/contrib/openbsm/test/reference/text_record new file mode 100644 index 0000000000000000000000000000000000000000..3bc9db76018b1317483f31f16a3139ba12ad566f GIT binary patch literal 44 ucmWe(U|`VU0ul_af>D1N7??CQ7z9ExGK&>}C{dv#wYWr&L3kr8NEra4>j-lI literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/text_token b/contrib/openbsm/test/reference/text_token new file mode 100644 index 0000000000000000000000000000000000000000..12d58191dd65800d70c2cea7c87604de2686b4a1 GIT binary patch literal 19 YcmdO35D3Z0ELH%bM1_*n;u1Xu05Zk}TmS$7 literal 0 HcmV?d00001 diff --git a/contrib/openbsm/test/reference/trailer_token b/contrib/openbsm/test/reference/trailer_token new file mode 100644 index 000000000000..138e0b3da126 --- /dev/null +++ b/contrib/openbsm/test/reference/trailer_token @@ -0,0 +1 @@ +±4Vx \ No newline at end of file diff --git a/contrib/openbsm/test/samples/execve-long-args.trail b/contrib/openbsm/test/samples/execve-long-args.trail new file mode 100644 index 0000000000000000000000000000000000000000..0ad3af0253f684921fe977fc71f47ca6e10a1b73 GIT binary patch literal 714 zcmZXSze>e06o=1MToiOr@BtLuTF_P81Q#Db2Yb_NdJRpJlB9~WZ{PzsySn%SZsIdI zi_hR-n%`+HSSbB|Jzoy_w?nk@zD~PDr&}AJG0cyN=y2&|OQI_(85TE1ur-~FT2@NS z5i-&Iu`<2A(8BxdD4{jMS&blXr3t{wN!j<423c8r8{un^ZHL-K>%4TSe62#^yRuPz zztT5_=;E(zF=1^d0gQ=30<(m`5>J^mPJ_r1Di#D0%o+luN{glEnSohCfE3q{HW9cS z3AMB*s3zokVi?8-Ro!z34s3CPhn++#Fk1+a(jLP}$Vy@ucTTjebi<;?$mW @@ -77,8 +77,9 @@ audump_class_r(void) static void audump_control(void) { - char string[PATH_MAX]; + char string[PATH_MAX], string2[PATH_MAX]; int ret, val; + long policy; ret = getacflg(string, PATH_MAX); if (ret == -2) @@ -116,6 +117,15 @@ audump_control(void) printf("dir:%s\n", string); } while (ret == 0); + + ret = getacpol(string, PATH_MAX); + if (ret != 0) + err(-1, "getacpol"); + if (au_strtopol(string, &policy) < 0) + err(-1, "au_strtopol"); + if (au_poltostr(policy, string2, PATH_MAX) < 0) + err(-1, "au_poltostr"); + printf("policy:%s\n", string2); } static void