Merge OpenBSM 1.0 alpha 14 changes to src/sys/security/audit:

- au_to_attr64(), au_to_process64(), au_to_subject64(), au_to_subject64_ex(), au_to_zonename(), au_to_header64_tm(). - Extended address token fixes. Obtained from: TrustedBSD Project
2007-04-16 16:20:45 +00:00 · 2007-04-16 16:20:45 +00:00 · 0e92f0d7dd
commit 0e92f0d7dd
parent bfbc9a096b
1 changed files with 184 additions and 13 deletions
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@ -49,7 +49,6 @@
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>

-#include <sys/socketvar.h>

 #include <bsm/audit.h>
 #include <bsm/audit_internal.h>
@ -180,8 +179,44 @@ au_to_attr32(struct vnode_au_info *vni)
 token_t *
 au_to_attr64(struct vnode_au_info *vni)
 {
+	token_t *t;
+	u_char *dptr = NULL;
+	u_int16_t pad0_16 = 0;
+	u_int16_t pad0_32 = 0;

-	return (NULL);
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) +
+	    3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2);
+
+	ADD_U_CHAR(dptr, AUT_ATTR64);
+
+	/*
+	 * Darwin defines the size for the file mode
+	 * as 2 bytes; BSM defines 4 so pad with 0
+	 */
+	ADD_U_INT16(dptr, pad0_16);
+	ADD_U_INT16(dptr, vni->vn_mode);
+
+	ADD_U_INT32(dptr, vni->vn_uid);
+	ADD_U_INT32(dptr, vni->vn_gid);
+	ADD_U_INT32(dptr, vni->vn_fsid);
+
+	/*
+	 * Some systems use 32-bit file ID's, other's use 64-bit file IDs.
+	 * Attempt to handle both, and let the compiler sort it out.  If we
+	 * could pick this out at compile-time, it would be better, so as to
+	 * avoid the else case below.
+	 */
+	if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) {
+		ADD_U_INT32(dptr, pad0_32);
+		ADD_U_INT32(dptr, vni->vn_fileid);
+	} else if (sizeof(vni->vn_fileid) == sizeof(uint64_t))
+		ADD_U_INT64(dptr, vni->vn_fileid);
+	else
+		ADD_U_INT64(dptr, 0LL);
+
+	ADD_U_INT64(dptr, vni->vn_dev);
+
+	return (t);
 }

 token_t *
@ -270,7 +305,7 @@ token_t *
 au_to_groups(int *groups)
 {

-	return (au_to_newgroups(AUDIT_MAX_GROUPS, groups));
+	return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t*)groups));
 }

 /*
@ -578,18 +613,32 @@ au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
 }

 token_t *
-au_to_process64(__unused au_id_t auid, __unused uid_t euid,
-    __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid,
-    __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid)
+au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
+    pid_t pid, au_asid_t sid, au_tid_t *tid)
 {
+	token_t *t;
+	u_char *dptr = NULL;

-	return (NULL);
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) +
+	    sizeof(u_int64_t));
+
+	ADD_U_CHAR(dptr, AUT_PROCESS64);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->port);
+	ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
+
+	return (t);
 }

 token_t *
-au_to_process(__unused au_id_t auid, __unused uid_t euid,
-    __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid,
-    __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid)
+au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
+    pid_t pid, au_asid_t sid, au_tid_t *tid)
 {

 	return (au_to_process32(auid, euid, egid, ruid, rgid, pid, sid,
@ -647,8 +696,39 @@ token_t *
 au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
    gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
 {
+	token_t *t;
+	u_char *dptr = NULL;

-	return (NULL);
+	if (tid->at_type == AU_IPv4)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+		    2 * sizeof(u_int32_t));
+	else if (tid->at_type == AU_IPv6)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+		    5 * sizeof(u_int32_t));
+	else
+		panic("au_to_process64_ex: invalidate at_type (%d)",
+		    tid->at_type);
+
+	ADD_U_CHAR(dptr, AUT_PROCESS64_EX);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->at_port);
+	ADD_U_INT32(dptr, tid->at_type);
+	ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t));
+	if (tid->at_type == AU_IPv6) {
+		ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t));
+		ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t));
+		ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t));
+	}
+
+	return (t);
 }

 token_t *
@ -918,8 +998,24 @@ token_t *
 au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
    pid_t pid, au_asid_t sid, au_tid_t *tid)
 {
+	token_t *t;
+	u_char *dptr = NULL;

-	return (NULL);
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) +
+	    sizeof(u_int64_t) + sizeof(u_int32_t));
+
+	ADD_U_CHAR(dptr, AUT_SUBJECT64);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->port);
+	ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
+
+	return (t);
 }

 token_t *
@ -982,8 +1078,37 @@ token_t *
 au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
    gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
 {
+	token_t *t;
+	u_char *dptr = NULL;

-	return (NULL);
+	if (tid->at_type == AU_IPv4)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+		    2 * sizeof(u_int32_t));
+	else if (tid->at_type == AU_IPv6)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+		    5 * sizeof(u_int32_t));
+	else
+		panic("au_to_subject64_ex: invalid at_type (%d)",
+		    tid->at_type);
+
+	ADD_U_CHAR(dptr, AUT_SUBJECT64_EX);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->at_port);
+	ADD_U_INT32(dptr, tid->at_type);
+	if (tid->at_type == AU_IPv6)
+		ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t));
+	else
+		ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t));
+
+	return (t);
 }

 token_t *
@ -1101,6 +1226,27 @@ au_to_exec_args(char **argv)
 	return (t);
 }

+/*
+ * token ID                1 byte
+ * zonename length         2 bytes
+ * zonename                N bytes + 1 terminating NULL byte
+ */
+token_t *
+au_to_zonename(char *zonename)
+{
+	u_char *dptr = NULL;
+	u_int16_t textlen;
+	token_t *t;
+
+	textlen = strlen(zonename);
+	textlen += 1;
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
+	ADD_U_CHAR(dptr, AUT_ZONENAME);
+	ADD_U_INT16(dptr, textlen);
+	ADD_STRING(dptr, zonename, textlen);
+	return (t);
+}
+
 /*
 * token ID				1 byte
 * count				4 bytes
@ -1175,6 +1321,31 @@ au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
 	return (t);
 }

+token_t *
+au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+    struct timeval tm)
+{
+	token_t *t;
+	u_char *dptr = NULL;
+	u_int32_t timems;
+
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
+	    sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t));
+
+	ADD_U_CHAR(dptr, AUT_HEADER64);
+	ADD_U_INT32(dptr, rec_size);
+	ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM);
+	ADD_U_INT16(dptr, e_type);
+	ADD_U_INT16(dptr, e_mod);
+
+	timems = tm.tv_usec/1000;
+	/* Add the timestamp */
+	ADD_U_INT64(dptr, tm.tv_sec);
+	ADD_U_INT64(dptr, timems);	/* We need time in ms. */
+
+	return (t);
+}
+
 /*
 * token ID                1 byte
 * trailer magic number    2 bytes