Vendor import of OpenBSM 1.0 alpha 10, with the following changes:

- auditd now generates complete audit records for its events, as required for
  application-submitted audit records in the the FreeBSD kernel audit
  implementation.

This also restores contrib/openbsm/bsm/audit_record to the vendor version
after the build fixes previously committed; however, this file is not used
in the build.

Obtained from:	TrustedBSD Project

contrib/openbsm/HISTORY

@@ -1,3 +1,9 @@
+OpenBSM 1.0 alpha 10
+
+- auditd now generates complete audit records for its events, as required for
+  application-submitted audit records in the the FreeBSD kernel audit
+  implementation.
+
 OpenBSM 1.0 alpha 9
 
 - Rename many OpenBSM-specific constants and API elements containing the
@@ -203,4 +209,4 @@ OpenBSM 1.0 alpha 1
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#25 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#26 $

contrib/openbsm/bin/auditd/auditd.c

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#17 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 $
  */
 
 #include <sys/types.h>
@@ -366,6 +366,7 @@ read_control_file(void)
 static int
 close_all(void)
 {
+	struct auditinfo ai;
 	int err_ret = 0;
 	char TS[POSTFIX_LEN];
 	int aufd;
@@ -378,6 +379,17 @@ close_all(void)
 	else {
 		if ((tok = au_to_text("auditd::Audit shutdown")) != NULL)
 			au_write(aufd, tok);
+		/*
+		 * XXX we need to implement extended subject tokens so we can
+		 * effectively represent terminal lines with this token type.
+		 */
+		bzero(&ai, sizeof(ai));
+		if ((tok = au_to_subject32(getuid(), geteuid(), getegid(),
+		    getuid(), getgid(), getpid(), getpid(), &ai.ai_termid))
+		    != NULL)
+			au_write(aufd, tok);
+		if ((tok = au_to_return32(0, 0)) != NULL)
+			au_write(aufd, tok);
 		if (au_close(aufd, 1, AUE_audit_shutdown) == -1)
 			syslog(LOG_ERR,
 			    "Could not close audit shutdown event.");
@@ -745,6 +757,7 @@ config_audit_controls(void)
 static void
 setup(void)
 {
+	struct auditinfo ai;
 	auditinfo_t auinfo;
 	int aufd;
 	token_t *tok;
@@ -781,8 +794,20 @@ setup(void)
 	if ((aufd = au_open()) == -1)
 		syslog(LOG_ERR, "Could not create audit startup event.");
 	else {
+		/*
+		 * XXXCSJP Perhaps we wan't more robust audit records for
+		 * audit start up and shutdown. This might include capturing
+		 * failures to initialize the audit subsystem?
+		 */
+		bzero(&ai, sizeof(ai));
+		if ((tok = au_to_subject32(getuid(), geteuid(), getegid(),
+		    getuid(), getgid(), getpid(), getpid(), &ai.ai_termid))
+		    != NULL)
+			au_write(aufd, tok);
 		if ((tok = au_to_text("auditd::Audit startup")) != NULL)
 			au_write(aufd, tok);
+		if ((tok = au_to_return32(0, 0)) != NULL)
+			au_write(aufd, tok);
 		if (au_close(aufd, 1, AUE_audit_startup) == -1)
 			syslog(LOG_ERR,
 			    "Could not close audit startup event.");

contrib/openbsm/bsm/audit_internal.h

@@ -34,7 +34,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#14 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#15 $
  */
 
 #ifndef _AUDIT_INTERNAL_H
@@ -70,9 +70,9 @@ typedef	struct au_record	au_record_t;
 
 /*
  * We could determined the header and trailer sizes by defining appropriate
- * structures.  We hold off that approach until we have a consistant way of
+ * structures.  We hold off that approach until we have a consistent way of
  * using structures for all tokens.  This is not straightforward since these
- * token structures may contain pointers of whose contents we dont know the
+ * token structures may contain pointers of whose contents we do not know the
  * size (e.g text tokens).
  */
 #define	AUDIT_HEADER_SIZE	18

contrib/openbsm/bsm/audit_record.h

@@ -322,8 +322,8 @@ token_t	*au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
 token_t	*au_to_exec_args(char *args, int argc);
 token_t	*au_to_exec_env(char *envs, int envc);
 #else
-token_t	*au_to_exec_args(const char **argv);
+token_t	*au_to_exec_args(char **argv);
-token_t	*au_to_exec_env(const char **envp);
+token_t	*au_to_exec_env(char **envp);
 #endif
 token_t	*au_to_text(char *text);
 token_t	*au_to_kevent(struct kevent *kev);

contrib/openbsm/configure

@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#27 .
+# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a9.
+# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a10.
 #
 # Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
 #
@@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 # Identity of this package.
 PACKAGE_NAME='OpenBSM'
 PACKAGE_TARNAME='openbsm'
-PACKAGE_VERSION='1.0a9'
+PACKAGE_VERSION='1.0a10'
-PACKAGE_STRING='OpenBSM 1.0a9'
+PACKAGE_STRING='OpenBSM 1.0a10'
 PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
 
 ac_unique_file="bin/auditreduce/auditreduce.c"
@@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures OpenBSM 1.0a9 to adapt to many kinds of systems.
+\`configure' configures OpenBSM 1.0a10 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1021,7 +1021,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of OpenBSM 1.0a9:";;
+     short | recursive ) echo "Configuration of OpenBSM 1.0a10:";;
    esac
   cat <<\_ACEOF
 
@@ -1162,7 +1162,7 @@ fi
 test -n "$ac_init_help" && exit 0
 if $ac_init_version; then
   cat <<\_ACEOF
-OpenBSM configure 1.0a9
+OpenBSM configure 1.0a10
 generated by GNU Autoconf 2.59
 
 Copyright (C) 2003 Free Software Foundation, Inc.
@@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by OpenBSM $as_me 1.0a9, which was
+It was created by OpenBSM $as_me 1.0a10, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
   $ $0 $@
@@ -19278,7 +19278,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE=OpenBSM
- VERSION=1.0a9
+ VERSION=1.0a10
 
 
 cat >>confdefs.h <<_ACEOF
@@ -23478,7 +23478,7 @@ _ASBOX
 } >&5
 cat >&5 <<_CSEOF
 
-This file was extended by OpenBSM $as_me 1.0a9, which was
+This file was extended by OpenBSM $as_me 1.0a10, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -23541,7 +23541,7 @@ _ACEOF
 
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-OpenBSM config.status 1.0a9
+OpenBSM config.status 1.0a10
 configured by $0, generated by GNU Autoconf 2.59,
   with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
 

contrib/openbsm/configure.ac

@@ -2,8 +2,8 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.59)
-AC_INIT([OpenBSM], [1.0a9], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
+AC_INIT([OpenBSM], [1.0a10], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
-AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 $])
+AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#29 $])
 AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_HEADER([config/config.h])