Vendor import of OpenBSM 1.0 alpha 7, with the following change history
notes: - Adopted Solaris-compatible format for subject32_ex and subject64_ex tokens, which previously did not correctly implement variable length address storage. - Prefer inttypes.h to stdint.h; enhance queue.h detection to test for TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not older ones. OpenBSM now builds on some FreeBSD 4.x version. - New event types for extended attributes, ACLs, and scheduling. Obtained from: TrustedBSD Project
This commit is contained in:
parent
506764c6f6
commit
d9af45c4c8
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor/openbsm/dist/; revision=159985
@ -1,3 +1,13 @@
|
|||||||
|
OpenBSM 1.0 alpha 7
|
||||||
|
|
||||||
|
- Adopted Solaris-compatible format for subject32_ex and subject64_ex
|
||||||
|
tokens, which previously did not correctly implement variable length
|
||||||
|
address storage.
|
||||||
|
- Prefer inttypes.h to stdint.h; enhance queue.h detection to test for
|
||||||
|
TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not
|
||||||
|
older ones. OpenBSM now builds on some FreeBSD 4.x version.
|
||||||
|
- New event types for extended attributes, ACLs, and scheduling.
|
||||||
|
|
||||||
OpenBSM 1.0 alpha 6
|
OpenBSM 1.0 alpha 6
|
||||||
|
|
||||||
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
|
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
|
||||||
@ -165,4 +175,4 @@ OpenBSM 1.0 alpha 1
|
|||||||
to support reloading of kernel event table.
|
to support reloading of kernel event table.
|
||||||
- Allow comments in /etc/security configuration files.
|
- Allow comments in /etc/security configuration files.
|
||||||
|
|
||||||
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#12 $
|
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#15 $
|
||||||
|
@ -1 +1 @@
|
|||||||
OPENBSM_1_0_ALPHA_6
|
OPENBSM_1_0_ALPHA_7
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
*
|
*
|
||||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#37 $
|
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#38 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _BSM_AUDIT_KEVENTS_H_
|
#ifndef _BSM_AUDIT_KEVENTS_H_
|
||||||
@ -383,7 +383,24 @@
|
|||||||
#define AUE_ACL_DELETE_FD 403 /* FreeBSD. */
|
#define AUE_ACL_DELETE_FD 403 /* FreeBSD. */
|
||||||
#define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */
|
#define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */
|
||||||
#define AUE_ACL_CHECK_FD 405 /* FreeBSD. */
|
#define AUE_ACL_CHECK_FD 405 /* FreeBSD. */
|
||||||
#define AUE_SYSARCH 406 /* FreeBSD. */
|
#define AUE_ACL_GET_LINK 406 /* FreeBSD. */
|
||||||
|
#define AUE_ACL_SET_LINK 407 /* FreeBSD. */
|
||||||
|
#define AUE_ACL_DELETE_LINK 408 /* FreeBSD. */
|
||||||
|
#define AUE_ACL_CHECK_LINK 409 /* FreeBSD. */
|
||||||
|
#define AUE_SYSARCH 410 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTRCTL 411 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_GET_FILE 412 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_SET_FILE 413 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_LIST_FILE 414 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_DELETE_FILE 415 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_GET_FD 416 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_SET_FD 417 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_LIST_FD 418 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_DELETE_FD 419 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_GET_LINK 420 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_SET_LINK 421 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_LIST_LINK 422 /* FreeBSD. */
|
||||||
|
#define AUE_EXTATTR_DELETE_LINK 423 /* FreeBSD. */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
|
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
|
||||||
|
@ -30,12 +30,14 @@
|
|||||||
*
|
*
|
||||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#17 $
|
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#19 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _BSM_AUDIT_RECORD_H_
|
#ifndef _BSM_AUDIT_RECORD_H_
|
||||||
#define _BSM_AUDIT_RECORD_H_
|
#define _BSM_AUDIT_RECORD_H_
|
||||||
|
|
||||||
|
#include <sys/time.h> /* struct timeval */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Token type identifiers.
|
* Token type identifiers.
|
||||||
*/
|
*/
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
* POSSIBILITY OF SUCH DAMAGE.
|
* POSSIBILITY OF SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#20 $
|
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#21 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _LIBBSM_H_
|
#ifndef _LIBBSM_H_
|
||||||
@ -43,7 +43,7 @@
|
|||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
|
|
||||||
#include <stdint.h> /* Required for audit.h. */
|
#include <inttypes.h> /* Required for audit.h. */
|
||||||
#include <time.h> /* Required for clock_t on Linux. */
|
#include <time.h> /* Required for clock_t on Linux. */
|
||||||
|
|
||||||
#include <bsm/audit.h>
|
#include <bsm/audit.h>
|
||||||
|
File diff suppressed because it is too large
Load Diff
38
contrib/openbsm/configure
vendored
38
contrib/openbsm/configure
vendored
@ -1,7 +1,7 @@
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#22 .
|
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#23 .
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a6.
|
# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a7.
|
||||||
#
|
#
|
||||||
# Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
|
# Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
|
||||||
#
|
#
|
||||||
@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
|
|||||||
# Identity of this package.
|
# Identity of this package.
|
||||||
PACKAGE_NAME='OpenBSM'
|
PACKAGE_NAME='OpenBSM'
|
||||||
PACKAGE_TARNAME='openbsm'
|
PACKAGE_TARNAME='openbsm'
|
||||||
PACKAGE_VERSION='1.0a6'
|
PACKAGE_VERSION='1.0a7'
|
||||||
PACKAGE_STRING='OpenBSM 1.0a6'
|
PACKAGE_STRING='OpenBSM 1.0a7'
|
||||||
PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
|
PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
|
||||||
|
|
||||||
ac_unique_file="bin/auditreduce/auditreduce.c"
|
ac_unique_file="bin/auditreduce/auditreduce.c"
|
||||||
@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then
|
|||||||
# Omit some internal or obsolete options to make the list less imposing.
|
# Omit some internal or obsolete options to make the list less imposing.
|
||||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||||
cat <<_ACEOF
|
cat <<_ACEOF
|
||||||
\`configure' configures OpenBSM 1.0a6 to adapt to many kinds of systems.
|
\`configure' configures OpenBSM 1.0a7 to adapt to many kinds of systems.
|
||||||
|
|
||||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||||
|
|
||||||
@ -1021,7 +1021,7 @@ fi
|
|||||||
|
|
||||||
if test -n "$ac_init_help"; then
|
if test -n "$ac_init_help"; then
|
||||||
case $ac_init_help in
|
case $ac_init_help in
|
||||||
short | recursive ) echo "Configuration of OpenBSM 1.0a6:";;
|
short | recursive ) echo "Configuration of OpenBSM 1.0a7:";;
|
||||||
esac
|
esac
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
|
|
||||||
@ -1162,7 +1162,7 @@ fi
|
|||||||
test -n "$ac_init_help" && exit 0
|
test -n "$ac_init_help" && exit 0
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
OpenBSM configure 1.0a6
|
OpenBSM configure 1.0a7
|
||||||
generated by GNU Autoconf 2.59
|
generated by GNU Autoconf 2.59
|
||||||
|
|
||||||
Copyright (C) 2003 Free Software Foundation, Inc.
|
Copyright (C) 2003 Free Software Foundation, Inc.
|
||||||
@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF
|
|||||||
This file contains any messages produced by compilers while
|
This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by OpenBSM $as_me 1.0a6, which was
|
It was created by OpenBSM $as_me 1.0a7, which was
|
||||||
generated by GNU Autoconf 2.59. Invocation command line was
|
generated by GNU Autoconf 2.59. Invocation command line was
|
||||||
|
|
||||||
$ $0 $@
|
$ $0 $@
|
||||||
@ -19278,7 +19278,7 @@ fi
|
|||||||
|
|
||||||
# Define the identity of the package.
|
# Define the identity of the package.
|
||||||
PACKAGE=OpenBSM
|
PACKAGE=OpenBSM
|
||||||
VERSION=1.0a6
|
VERSION=1.0a7
|
||||||
|
|
||||||
|
|
||||||
cat >>confdefs.h <<_ACEOF
|
cat >>confdefs.h <<_ACEOF
|
||||||
@ -22936,8 +22936,8 @@ done
|
|||||||
|
|
||||||
|
|
||||||
# sys/queue.h exists on most systems, but its capabilities vary a great deal.
|
# sys/queue.h exists on most systems, but its capabilities vary a great deal.
|
||||||
# test for LIST_FIRST, which appears to not exist in all of them, and is
|
# test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in
|
||||||
# necessary for OpenBSM.
|
# all of them, and are necessary for OpenBSM.
|
||||||
cat >conftest.$ac_ext <<_ACEOF
|
cat >conftest.$ac_ext <<_ACEOF
|
||||||
/* confdefs.h. */
|
/* confdefs.h. */
|
||||||
_ACEOF
|
_ACEOF
|
||||||
@ -22951,13 +22951,13 @@ int
|
|||||||
main ()
|
main ()
|
||||||
{
|
{
|
||||||
|
|
||||||
struct foo {
|
|
||||||
LIST_ENTRY(foo) foo_entries;
|
|
||||||
};
|
|
||||||
LIST_HEAD(, foo) foo_list;
|
|
||||||
struct foo *foo;
|
|
||||||
|
|
||||||
foo = LIST_FIRST(&foo_list);
|
#ifndef LIST_FIRST
|
||||||
|
#error LIST_FIRST missing
|
||||||
|
#endif
|
||||||
|
#ifndef TAILQ_FOREACH_SAFE
|
||||||
|
#error TAILQ_FOREACH_SAFE
|
||||||
|
#endif
|
||||||
|
|
||||||
;
|
;
|
||||||
return 0;
|
return 0;
|
||||||
@ -23477,7 +23477,7 @@ _ASBOX
|
|||||||
} >&5
|
} >&5
|
||||||
cat >&5 <<_CSEOF
|
cat >&5 <<_CSEOF
|
||||||
|
|
||||||
This file was extended by OpenBSM $as_me 1.0a6, which was
|
This file was extended by OpenBSM $as_me 1.0a7, which was
|
||||||
generated by GNU Autoconf 2.59. Invocation command line was
|
generated by GNU Autoconf 2.59. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
@ -23540,7 +23540,7 @@ _ACEOF
|
|||||||
|
|
||||||
cat >>$CONFIG_STATUS <<_ACEOF
|
cat >>$CONFIG_STATUS <<_ACEOF
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
OpenBSM config.status 1.0a6
|
OpenBSM config.status 1.0a7
|
||||||
configured by $0, generated by GNU Autoconf 2.59,
|
configured by $0, generated by GNU Autoconf 2.59,
|
||||||
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
|
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
|
||||||
|
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
# Process this file with autoconf to produce a configure script.
|
# Process this file with autoconf to produce a configure script.
|
||||||
|
|
||||||
AC_PREREQ(2.59)
|
AC_PREREQ(2.59)
|
||||||
AC_INIT([OpenBSM], [1.0a6], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
|
AC_INIT([OpenBSM], [1.0a7], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
|
||||||
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#22 $])
|
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#24 $])
|
||||||
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
|
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
|
||||||
AC_CONFIG_AUX_DIR(config)
|
AC_CONFIG_AUX_DIR(config)
|
||||||
AC_CONFIG_HEADER([config/config.h])
|
AC_CONFIG_HEADER([config/config.h])
|
||||||
@ -59,18 +59,18 @@ AC_FUNC_STRFTIME
|
|||||||
AC_CHECK_FUNCS([bzero ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul])
|
AC_CHECK_FUNCS([bzero ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul])
|
||||||
|
|
||||||
# sys/queue.h exists on most systems, but its capabilities vary a great deal.
|
# sys/queue.h exists on most systems, but its capabilities vary a great deal.
|
||||||
# test for LIST_FIRST, which appears to not exist in all of them, and is
|
# test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in
|
||||||
# necessary for OpenBSM.
|
# all of them, and are necessary for OpenBSM.
|
||||||
AC_TRY_LINK([
|
AC_TRY_LINK([
|
||||||
#include <sys/queue.h>
|
#include <sys/queue.h>
|
||||||
], [
|
], [
|
||||||
struct foo {
|
|
||||||
LIST_ENTRY(foo) foo_entries;
|
|
||||||
};
|
|
||||||
LIST_HEAD(, foo) foo_list;
|
|
||||||
struct foo *foo;
|
|
||||||
|
|
||||||
foo = LIST_FIRST(&foo_list);
|
#ifndef LIST_FIRST
|
||||||
|
#error LIST_FIRST missing
|
||||||
|
#endif
|
||||||
|
#ifndef TAILQ_FOREACH_SAFE
|
||||||
|
#error TAILQ_FOREACH_SAFE
|
||||||
|
#endif
|
||||||
], [
|
], [
|
||||||
AC_DEFINE(HAVE_FULL_QUEUE_H,, Define if queue.h includes LIST_FIRST)
|
AC_DEFINE(HAVE_FULL_QUEUE_H,, Define if queue.h includes LIST_FIRST)
|
||||||
])
|
])
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#10 $
|
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#11 $
|
||||||
#
|
#
|
||||||
0:AUE_NULL:indir system call:no
|
0:AUE_NULL:indir system call:no
|
||||||
1:AUE_EXIT:exit(2):pc
|
1:AUE_EXIT:exit(2):pc
|
||||||
@ -314,6 +314,49 @@
|
|||||||
378:AUE_KEVENT:kevent(2):no
|
378:AUE_KEVENT:kevent(2):no
|
||||||
379:AUE_FSYNC:fsync(2):fm
|
379:AUE_FSYNC:fsync(2):fm
|
||||||
380:AUE_NMOUNT:nmount(2):ad
|
380:AUE_NMOUNT:nmount(2):ad
|
||||||
|
381:AUE_BDFLUSH:bdflush(2):ad
|
||||||
|
382:AUE_SETFSUID:setfsuid(2):ot
|
||||||
|
383:AUE_SETFSGID:setfsgid(2):ot
|
||||||
|
384:AUE_PERSONALITY:personality(2):pc
|
||||||
|
385:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
|
||||||
|
386:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
|
||||||
|
387:AUE_PRCTL:prctl(2):pc
|
||||||
|
388:AUE_GETCWD:getcwd(2):pc
|
||||||
|
389:AUE_CAPGET:capget(2):pc
|
||||||
|
390:AUE_CAPSET:capset(2):pc
|
||||||
|
391:AUE_PIVOT_ROOT:pivot_root(2):pc
|
||||||
|
392:AUE_RTPRIO::rtprio(2):pc
|
||||||
|
393:AUE_SCHED_GETPARAM:sched_getparam(2):ad
|
||||||
|
394:AUE_SCHED_SETPARAM:sched_setparam(2):ad
|
||||||
|
395:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
|
||||||
|
396:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
|
||||||
|
397:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
|
||||||
|
398:AUE_ACL_GET_FILE:acl_get_file(2):fa
|
||||||
|
399:AUE_ACL_SET_FILE:acl_set_file(2):fm
|
||||||
|
400:AUE_ACL_GET_FD:acl_get_fd(2):fa
|
||||||
|
401:AUE_ACL_SET_FD:acl_set_fd(2):fm
|
||||||
|
402:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
|
||||||
|
403:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
|
||||||
|
404:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
|
||||||
|
405:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
|
||||||
|
406:AUE_ACL_GET_LINK:acl_get_link(2):fa
|
||||||
|
407:AUE_ACL_SET_LINK:acl_set_link(2):fm
|
||||||
|
408:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
|
||||||
|
409:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
|
||||||
|
410:AUE_SYSARCH:sysarch(2):na
|
||||||
|
411:AUE_EXTATTRCTL:extattrctl(2):fm
|
||||||
|
412:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
|
||||||
|
413:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
|
||||||
|
414:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
|
||||||
|
415:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
|
||||||
|
416:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
|
||||||
|
417:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
|
||||||
|
418:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
|
||||||
|
419:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
|
||||||
|
420:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
|
||||||
|
421:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
|
||||||
|
422:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
|
||||||
|
423:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
|
||||||
6152:AUE_login:login - local:lo
|
6152:AUE_login:login - local:lo
|
||||||
6153:AUE_logout:logout - local:lo
|
6153:AUE_logout:logout - local:lo
|
||||||
6159:AUE_su:su(1):lo
|
6159:AUE_su:su(1):lo
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
* POSSIBILITY OF SUCH DAMAGE.
|
* POSSIBILITY OF SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#11 $
|
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#12 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -45,7 +45,7 @@
|
|||||||
#include <bsm/libbsm.h>
|
#include <bsm/libbsm.h>
|
||||||
|
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <stdint.h>
|
#include <inttypes.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <syslog.h>
|
#include <syslog.h>
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
* POSSIBILITY OF SUCH DAMAGE.
|
* POSSIBILITY OF SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#47 $
|
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#48 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
@ -691,7 +691,16 @@ au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
|
|||||||
token_t *t;
|
token_t *t;
|
||||||
u_char *dptr = NULL;
|
u_char *dptr = NULL;
|
||||||
|
|
||||||
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t));
|
if (tid->at_type == AU_IPv4)
|
||||||
|
GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
|
||||||
|
10 * sizeof(u_int32_t));
|
||||||
|
else if (tid->at_type == AU_IPv6)
|
||||||
|
GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
|
||||||
|
13 * sizeof(u_int32_t));
|
||||||
|
else {
|
||||||
|
errno = EINVAL;
|
||||||
|
return (NULL);
|
||||||
|
}
|
||||||
if (t == NULL)
|
if (t == NULL)
|
||||||
return (NULL);
|
return (NULL);
|
||||||
|
|
||||||
@ -706,9 +715,11 @@ au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
|
|||||||
ADD_U_INT32(dptr, tid->at_port);
|
ADD_U_INT32(dptr, tid->at_port);
|
||||||
ADD_U_INT32(dptr, tid->at_type);
|
ADD_U_INT32(dptr, tid->at_type);
|
||||||
ADD_U_INT32(dptr, tid->at_addr[0]);
|
ADD_U_INT32(dptr, tid->at_addr[0]);
|
||||||
ADD_U_INT32(dptr, tid->at_addr[1]);
|
if (tid->at_type == AU_IPv6) {
|
||||||
ADD_U_INT32(dptr, tid->at_addr[2]);
|
ADD_U_INT32(dptr, tid->at_addr[1]);
|
||||||
ADD_U_INT32(dptr, tid->at_addr[3]);
|
ADD_U_INT32(dptr, tid->at_addr[2]);
|
||||||
|
ADD_U_INT32(dptr, tid->at_addr[3]);
|
||||||
|
}
|
||||||
|
|
||||||
return (t);
|
return (t);
|
||||||
}
|
}
|
||||||
@ -969,7 +980,16 @@ au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
|
|||||||
token_t *t;
|
token_t *t;
|
||||||
u_char *dptr = NULL;
|
u_char *dptr = NULL;
|
||||||
|
|
||||||
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t));
|
if (tid->at_type == AU_IPv4)
|
||||||
|
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 *
|
||||||
|
sizeof(u_int32_t));
|
||||||
|
else if (tid->at_type == AU_IPv6)
|
||||||
|
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 *
|
||||||
|
sizeof(u_int32_t));
|
||||||
|
else {
|
||||||
|
errno = EINVAL;
|
||||||
|
return (NULL);
|
||||||
|
}
|
||||||
if (t == NULL)
|
if (t == NULL)
|
||||||
return (NULL);
|
return (NULL);
|
||||||
|
|
||||||
@ -984,9 +1004,11 @@ au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
|
|||||||
ADD_U_INT32(dptr, tid->at_port);
|
ADD_U_INT32(dptr, tid->at_port);
|
||||||
ADD_U_INT32(dptr, tid->at_type);
|
ADD_U_INT32(dptr, tid->at_type);
|
||||||
ADD_U_INT32(dptr, tid->at_addr[0]);
|
ADD_U_INT32(dptr, tid->at_addr[0]);
|
||||||
ADD_U_INT32(dptr, tid->at_addr[1]);
|
if (tid->at_type == AU_IPv6) {
|
||||||
ADD_U_INT32(dptr, tid->at_addr[2]);
|
ADD_U_INT32(dptr, tid->at_addr[1]);
|
||||||
ADD_U_INT32(dptr, tid->at_addr[3]);
|
ADD_U_INT32(dptr, tid->at_addr[2]);
|
||||||
|
ADD_U_INT32(dptr, tid->at_addr[3]);
|
||||||
|
}
|
||||||
|
|
||||||
return (t);
|
return (t);
|
||||||
}
|
}
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#8 $
|
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#9 $
|
||||||
.\"
|
.\"
|
||||||
.Dd May 1, 2005
|
.Dd May 1, 2005
|
||||||
.Dt AUDIT.LOG 5
|
.Dt AUDIT.LOG 5
|
||||||
@ -218,7 +218,7 @@ token can be created using
|
|||||||
.It Li "Protocol" Ta "1 byte" Ta "IP protocol number"
|
.It Li "Protocol" Ta "1 byte" Ta "IP protocol number"
|
||||||
.It Li "Checksum" Ta "2 bytes" Ta "IP header checksum, network byte order"
|
.It Li "Checksum" Ta "2 bytes" Ta "IP header checksum, network byte order"
|
||||||
.It Li "Source Address" Ta "4 bytes" Ta "IPv4 source address"
|
.It Li "Source Address" Ta "4 bytes" Ta "IPv4 source address"
|
||||||
.It Li "Desintation Address" Ta "4 bytes" Ta "IPv4 destination address"
|
.It Li "Destination Address" Ta "4 bytes" Ta "IPv4 destination address"
|
||||||
.El
|
.El
|
||||||
.Ss Expanded ip Token
|
.Ss Expanded ip Token
|
||||||
The
|
The
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#3 $
|
* $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#4 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -31,6 +31,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
@ -267,6 +268,7 @@ static gid_t subject32_rgid = 0x09876543;
|
|||||||
static pid_t subject32_pid = 0x13243546;
|
static pid_t subject32_pid = 0x13243546;
|
||||||
static au_asid_t subject32_sid = 0x97867564;
|
static au_asid_t subject32_sid = 0x97867564;
|
||||||
static au_tid_t subject32_tid = { 0x16593746 };
|
static au_tid_t subject32_tid = { 0x16593746 };
|
||||||
|
static au_tid_addr_t subject32_tid_addr = { 0x16593746 };
|
||||||
|
|
||||||
static void
|
static void
|
||||||
generate_subject32_token(const char *directory, const char *token_filename)
|
generate_subject32_token(const char *directory, const char *token_filename)
|
||||||
@ -298,6 +300,32 @@ generate_subject32_record(const char *directory, const char *record_filename)
|
|||||||
write_record(directory, record_filename, subject32_token, AUE_NULL);
|
write_record(directory, record_filename, subject32_token, AUE_NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
generate_subject32ex_token(const char *directory, const char *token_filename,
|
||||||
|
u_int32_t type)
|
||||||
|
{
|
||||||
|
token_t *subject32ex_token;
|
||||||
|
char *buf;
|
||||||
|
|
||||||
|
buf = (char *)malloc(strlen(token_filename) + 6);
|
||||||
|
if (type == AU_IPv6) {
|
||||||
|
inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr);
|
||||||
|
subject32_tid_addr.at_type = AU_IPv6;
|
||||||
|
sprintf(buf, "%s%s", token_filename, "-IPv6");
|
||||||
|
} else {
|
||||||
|
subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
|
||||||
|
subject32_tid_addr.at_type = AU_IPv4;
|
||||||
|
sprintf(buf, "%s%s", token_filename, "-IPv4");
|
||||||
|
}
|
||||||
|
|
||||||
|
subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid,
|
||||||
|
subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
|
||||||
|
subject32_sid, &subject32_tid_addr);
|
||||||
|
if (subject32ex_token == NULL)
|
||||||
|
err(EX_UNAVAILABLE, "au_to_subject32_ex");
|
||||||
|
write_token(directory, buf, subject32ex_token);
|
||||||
|
}
|
||||||
|
|
||||||
static au_id_t process32_auid = 0x12345678;
|
static au_id_t process32_auid = 0x12345678;
|
||||||
static uid_t process32_euid = 0x01234567;
|
static uid_t process32_euid = 0x01234567;
|
||||||
static gid_t process32_egid = 0x23456789;
|
static gid_t process32_egid = 0x23456789;
|
||||||
@ -306,6 +334,7 @@ static gid_t process32_rgid = 0x09876543;
|
|||||||
static pid_t process32_pid = 0x13243546;
|
static pid_t process32_pid = 0x13243546;
|
||||||
static au_asid_t process32_sid = 0x97867564;
|
static au_asid_t process32_sid = 0x97867564;
|
||||||
static au_tid_t process32_tid = { 0x16593746 };
|
static au_tid_t process32_tid = { 0x16593746 };
|
||||||
|
static au_tid_addr_t process32_tid_addr = { 0x16593746 };
|
||||||
|
|
||||||
static void
|
static void
|
||||||
generate_process32_token(const char *directory, const char *token_filename)
|
generate_process32_token(const char *directory, const char *token_filename)
|
||||||
@ -337,6 +366,22 @@ generate_process32_record(const char *directory, const char *record_filename)
|
|||||||
write_record(directory, record_filename, process32_token, AUE_NULL);
|
write_record(directory, record_filename, process32_token, AUE_NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
generate_process32ex_token(const char *directory, const char *token_filename)
|
||||||
|
{
|
||||||
|
token_t *process32ex_token;
|
||||||
|
|
||||||
|
process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
|
||||||
|
process32_tid_addr.at_type = AU_IPv4;
|
||||||
|
|
||||||
|
process32ex_token = au_to_process32_ex(process32_auid, process32_euid,
|
||||||
|
process32_egid, process32_ruid, process32_rgid, process32_pid,
|
||||||
|
process32_sid, &process32_tid_addr);
|
||||||
|
if (process32ex_token == NULL)
|
||||||
|
err(EX_UNAVAILABLE, "au_to_process32_ex");
|
||||||
|
write_token(directory, token_filename, process32ex_token);
|
||||||
|
}
|
||||||
|
|
||||||
static char return32_status = 0xd7;
|
static char return32_status = 0xd7;
|
||||||
static uint32_t return32_ret = 0x12345678;
|
static uint32_t return32_ret = 0x12345678;
|
||||||
|
|
||||||
@ -713,7 +758,10 @@ main(int argc, char *argv[])
|
|||||||
generate_ipc_token(directory, "ipc_token");
|
generate_ipc_token(directory, "ipc_token");
|
||||||
generate_path_token(directory, "path_token");
|
generate_path_token(directory, "path_token");
|
||||||
generate_subject32_token(directory, "subject32_token");
|
generate_subject32_token(directory, "subject32_token");
|
||||||
|
generate_subject32ex_token(directory, "subject32ex_token", AU_IPv4);
|
||||||
|
generate_subject32ex_token(directory, "subject32ex_token", AU_IPv6);
|
||||||
generate_process32_token(directory, "process32_token");
|
generate_process32_token(directory, "process32_token");
|
||||||
|
generate_process32ex_token(directory, "process32ex_token");
|
||||||
generate_return32_token(directory, "return32_token");
|
generate_return32_token(directory, "return32_token");
|
||||||
generate_text_token(directory, "text_token");
|
generate_text_token(directory, "text_token");
|
||||||
generate_opaque_token(directory, "opaque_token");
|
generate_opaque_token(directory, "opaque_token");
|
||||||
@ -736,7 +784,10 @@ main(int argc, char *argv[])
|
|||||||
generate_ipc_token(directory, "ipc_record");
|
generate_ipc_token(directory, "ipc_record");
|
||||||
generate_path_token(directory, "path_record");
|
generate_path_token(directory, "path_record");
|
||||||
generate_subject32_token(directory, "subject32_record");
|
generate_subject32_token(directory, "subject32_record");
|
||||||
|
generate_subject32ex_token(directory, "subject32ex_record", AU_IPv4);
|
||||||
|
generate_subject32ex_token(directory, "subject32ex_record", AU_IPv6);
|
||||||
generate_process32_token(directory, "process32_record");
|
generate_process32_token(directory, "process32_record");
|
||||||
|
generate_process32ex_token(directory, "process32ex_token");
|
||||||
generate_return32_token(directory, "return32_record");
|
generate_return32_token(directory, "return32_record");
|
||||||
generate_text_token(directory, "text_record");
|
generate_text_token(directory, "text_record");
|
||||||
generate_opaque_token(directory, "opaque_record");
|
generate_opaque_token(directory, "opaque_record");
|
||||||
|
Loading…
Reference in New Issue
Block a user