Vendor import of OpenBSM 1.0 alpha 9, with the following change history

notes since the last import:

OpenBSM 1.0 alpha 9

- Rename many OpenBSM-specific constants and API elements containing the
  strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true
  for almost all existing constants and APIs.
- Instead of passing a per-instance cookie directly into all audit filter
  APIs, pass in the audit filter daemon state pointer, which is then used by
  the module using an audit_filter_{get,set}cookie() API.  This will allow
  future service APIs provided by the filter daemon to maintain their own
  state -- for example, per-module preselection state.

OpenBSM 1.0 alpha 8

- Correct typo in definition of AUR_INT.
- Adopt OpenSolaris constant values for AUDIT_* configuration flags.
- Arguments to au_to_exec_args() and au_to_exec_env() no longer const.
- Add kernel versions of au_to_exec_args() and au_to_exec_env().
- Fix exec argument type that is printed for env strings from 'arg' to 'env'.
- New OpenBSM token version number assigned, constants added for other
  commonly seen version numbers.
- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future
  collisions with Solaris.  Darwin events renamed to AUE_DARWIN_foo, as they
  are now deprecated numberings.
- autoconf now detects clock_gettime(), which is not available on Darwin.
- praudit output fixes relating to arg32 and arg64 tokens.
- Maximum record size updated to 64k-1 to match Solaris record size limit.
- Various style and comment cleanups in include files.

This is an MFC candidate to RELENG_6.

Obtained from:	TrustedBSD Project
This commit is contained in:
rwatson 2006-08-26 08:04:15 +00:00
parent 02d6c5b525
commit 3dabba580b
27 changed files with 707 additions and 427 deletions

View File

@ -1,3 +1,31 @@
OpenBSM 1.0 alpha 9
- Rename many OpenBSM-specific constants and API elements containing the
strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true
for almost all existing constants and APIs.
- Instead of passing a per-instance cookie directly into all audit filter
APIs, pass in the audit filter daemon state pointer, which is then used by
the module using an audit_filter_{get,set}cookie() API. This will allow
future service APIs provided by the filter daemon to maintain their own
state -- for example, per-module preselection state.
OpenBSM 1.0 alpha 8
- Correct typo in definition of AUR_INT.
- Adopt OpenSolaris constant values for AUDIT_* configuration flags.
- Arguments to au_to_exec_args() and au_to_exec_env() no longer const.
- Add kernel versions of au_to_exec_args() and au_to_exec_env().
- Fix exec argument type that is printed for env strings from 'arg' to 'env'.
- New OpenBSM token version number assigned, constants added for other
commonly seen version numbers.
- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future
collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they
are now deprecated numberings.
- autoconf now detects clock_gettime(), which is not available on Darwin.
- praudit output fixes relating to arg32 and arg64 tokens.
- Maximum record size updated to 64k-1 to match Solaris record size limit.
- Various style and comment cleanups in include files.
OpenBSM 1.0 alpha 7
- Adopted Solaris-compatible format for subject32_ex and subject64_ex
@ -175,4 +203,4 @@ OpenBSM 1.0 alpha 1
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#15 $
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#25 $

View File

@ -74,6 +74,8 @@ to the development of OpenBSM:
Olivier Houchard
Christian Peron
Martin Fong
Pawel Worach
Martin Englund
In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
Software's FlexeLint tool were used to identify a number of bugs in the
@ -95,4 +97,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page:
http://www.TrustedBSD.org/
$P4: //depot/projects/trustedbsd/openbsm/README#17 $
$P4: //depot/projects/trustedbsd/openbsm/README#19 $

View File

@ -1 +1 @@
OPENBSM_1_0_ALPHA_7
OPENBSM_1_0_ALPHA_9

View File

@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#17 $
*/
#include <sys/types.h>
@ -88,7 +88,7 @@ fail_exit(void)
* Free our local list of directory names.
*/
static void
free_dir_q()
free_dir_q(void)
{
struct dir_ent *dirent;

View File

@ -25,7 +25,16 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#6 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#9 $
*/
/*
* Main file for the audit filter daemon, which presents audit records to a
* set of run-time registered loadable modules. This is the main event loop
* of the daemon, which handles starting up, waiting for records, and
* presenting records to configured modules. auditfilterd_conf.c handles the
* reading and management of the configuration, module list and module state,
* etc.
*/
#include <sys/types.h>
@ -106,13 +115,13 @@ signal_handler(int signum)
* Present raw BSM to a set of registered and interested filters.
*/
static void
present_bsmrecord(struct timespec *ts, u_char *data, u_int len)
present_rawrecord(struct timespec *ts, u_char *data, u_int len)
{
struct auditfilter_module *am;
TAILQ_FOREACH(am, &filter_list, am_list) {
if (am->am_bsmrecord != NULL)
(am->am_bsmrecord)(am->am_instance, ts, data, len);
if (am->am_rawrecord != NULL)
(am->am_rawrecord)(am, ts, data, len);
}
}
@ -140,8 +149,7 @@ present_tokens(struct timespec *ts, u_char *data, u_int len)
TAILQ_FOREACH(am, &filter_list, am_list) {
if (am->am_record != NULL)
(am->am_record)(am->am_instance, ts, tokencount,
tokens);
(am->am_record)(am, ts, tokencount, tokens);
}
}
@ -191,7 +199,7 @@ mainloop_file(const char *conffile, const char *trailfile, FILE *trail_fp)
continue;
if (clock_gettime(CLOCK_REALTIME, &ts) < 0)
err(-1, "clock_gettime");
present_bsmrecord(&ts, buf, reclen);
present_rawrecord(&ts, buf, reclen);
present_tokens(&ts, buf, reclen);
free(buf);
}
@ -241,7 +249,7 @@ mainloop_pipe(const char *conffile, const char *pipefile, int pipe_fd)
continue;
if (clock_gettime(CLOCK_REALTIME, &ts) < 0)
err(-1, "clock_gettime");
present_bsmrecord(&ts, record, reclen);
present_rawrecord(&ts, record, reclen);
present_tokens(&ts, record, reclen);
}
}

View File

@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.h#3 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.h#5 $
*/
#define AUDITFILTERD_CONFFILE "/etc/security/audit_filter"
@ -53,11 +53,11 @@ struct auditfilter_module {
/*
* Fields provided by or extracted from the module.
*/
void *am_instance;
void *am_cookie;
audit_filter_attach_t am_attach;
audit_filter_reinit_t am_reinit;
audit_filter_record_t am_record;
audit_filter_bsmrecord_t am_bsmrecord;
audit_filter_rawrecord_t am_rawrecord;
audit_filter_detach_t am_detach;
/*

View File

@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd_conf.c#5 $
*/
/*
@ -38,6 +38,12 @@
* Modules are in one of two states: attached, or detached. If attach fails,
* detach is not called because it was not attached. If a module is attached
* and a call to its reinit method fails, we will detach it.
*
* Modules are passed a (void *) reference to their configuration state so
* that they may pass this into any common APIs we provide which may rely on
* that state. Currently, the only such API is the cookie API, which allows
* per-instance state to be maintained by a module. In the future, this will
* also be used to support per-instance preselection state.
*/
#include <sys/types.h>
@ -105,8 +111,8 @@ auditfilter_module_detach(struct auditfilter_module *am)
{
if (am->am_detach != NULL)
am->am_detach(am->am_instance);
am->am_instance = NULL;
am->am_detach(am);
am->am_cookie = NULL;
(void)dlclose(am->am_dlhandle);
am->am_dlhandle = NULL;
}
@ -149,21 +155,22 @@ auditfilter_module_attach(struct auditfilter_module *am)
am->am_attach = dlsym(am->am_dlhandle, AUDIT_FILTER_ATTACH_STRING);
am->am_reinit = dlsym(am->am_dlhandle, AUDIT_FILTER_REINIT_STRING);
am->am_record = dlsym(am->am_dlhandle, AUDIT_FILTER_RECORD_STRING);
am->am_bsmrecord = dlsym(am->am_dlhandle,
AUDIT_FILTER_BSMRECORD_STRING);
am->am_rawrecord = dlsym(am->am_dlhandle,
AUDIT_FILTER_RAWRECORD_STRING);
am->am_detach = dlsym(am->am_dlhandle, AUDIT_FILTER_DETACH_STRING);
if (am->am_attach != NULL) {
if (am->am_attach(&am->am_instance, am->am_argc, am->am_argv)
if (am->am_attach(am, am->am_argc, am->am_argv)
!= AUDIT_FILTER_SUCCESS) {
warnx("auditfilter_module_attach: %s: failed",
am->am_modulename);
dlclose(am->am_dlhandle);
am->am_dlhandle = NULL;
am->am_cookie = NULL;
am->am_attach = NULL;
am->am_reinit = NULL;
am->am_record = NULL;
am->am_bsmrecord = NULL;
am->am_rawrecord = NULL;
am->am_detach = NULL;
return (-1);
}
@ -184,7 +191,7 @@ auditfilter_module_reinit(struct auditfilter_module *am)
if (am->am_reinit == NULL)
return (0);
if (am->am_reinit(&am->am_instance, am->am_argc, am->am_argv) !=
if (am->am_reinit(am, am->am_argc, am->am_argv) !=
AUDIT_FILTER_SUCCESS) {
warnx("auditfilter_module_reinit: %s: failed",
am->am_modulename);
@ -483,3 +490,24 @@ auditfilterd_conf_shutdown(void)
auditfilter_module_list_detach(&filter_list);
auditfilter_module_list_free(&filter_list);
}
/*
* APIs to allow modules to query and set their per-instance cookie.
*/
void
audit_filter_getcookie(void *instance, void **cookie)
{
struct auditfilter_module *am;
am = (struct auditfilter_module *)instance;
*cookie = am->am_cookie;
}
void
audit_filter_setcookie(void *instance, void *cookie)
{
struct auditfilter_module *am;
am = (struct auditfilter_module *)instance;
am->am_cookie = cookie;
}

View File

@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#16 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#19 $
*/
#ifndef _BSM_AUDIT_H
@ -38,11 +38,12 @@
#define AUDIT_RECORD_MAGIC 0x828a0f1b
#define MAX_AUDIT_RECORDS 20
#define MAX_AUDIT_RECORD_SIZE 4096
#define MAXAUDITDATA (0x8000 - 1)
#define MAX_AUDIT_RECORD_SIZE MAXAUDITDATA
#define MIN_AUDIT_FILE_SIZE (512 * 1024)
/*
* Triggers for the audit daemon
* Triggers for the audit daemon.
*/
#define AUDIT_TRIGGER_MIN 1
#define AUDIT_TRIGGER_LOW_SPACE 1
@ -53,7 +54,8 @@
#define AUDIT_TRIGGER_MAX 5
/*
* File that will be read for trigger events from the kernel
* Special file that will be read for trigger events from the kernel
* (FreeBSD).
*/
#define AUDIT_TRIGGER_FILE "/dev/audit"
@ -101,7 +103,7 @@
#define AU_ALL 0xffffffff
/*
* IPC types
* IPC types.
*/
#define AT_IPC_MSG ((u_char)1) /* Message IPC id. */
#define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */
@ -150,16 +152,19 @@
#define AUDIT_AHLT 0x0002
#define AUDIT_ARGV 0x0004
#define AUDIT_ARGE 0x0008
#define AUDIT_PASSWD 0x0010
#define AUDIT_SEQ 0x0020
#define AUDIT_WINDATA 0x0040
#define AUDIT_USER 0x0080
#define AUDIT_GROUP 0x0100
#define AUDIT_TRAIL 0x0200
#define AUDIT_PATH 0x0400
#define AUDIT_SEQ 0x0010
#define AUDIT_WINDATA 0x0020
#define AUDIT_USER 0x0040
#define AUDIT_GROUP 0x0080
#define AUDIT_TRAIL 0x0100
#define AUDIT_PATH 0x0200
#define AUDIT_SCNT 0x0400
#define AUDIT_PUBLIC 0x0800
#define AUDIT_ZONENAME 0x1000
#define AUDIT_PERZONE 0x2000
/*
* Audit queue control parameters
* Audit queue control parameters.
*/
#define AQ_HIWATER 100
#define AQ_MAXHIGH 10000

View File

@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_filter.h#2 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_filter.h#4 $
*/
#ifndef _BSM_AUDIT_FILTER_H_
@ -38,21 +38,27 @@
* audit_filter_reinit_t - arguments to module have changed
* audit_filter_record_t - present parsed record to filter module, with
* receipt time
* audit_filter_bsmrecord_t - present bsm format record to filter module,
* audit_filter_rawrecord_t - present BSM format record to filter module,
* with receipt time
* audit_filter_destach_t - filter module is being detached
*
* There may be many instances of the same filter, identified by the instance
* void pointer maintained by the filter instance.
*/
typedef int (*audit_filter_attach_t)(void **instance, int argc, char *argv[]);
typedef int (*audit_filter_attach_t)(void *instance, int argc, char *argv[]);
typedef int (*audit_filter_reinit_t)(void *instance, int argc, char *argv[]);
typedef void (*audit_filter_record_t)(void *instance, struct timespec *ts,
int token_count, const tokenstr_t tok[]);
typedef void (*audit_filter_bsmrecord_t)(void *instance, struct timespec *ts,
typedef void (*audit_filter_rawrecord_t)(void *instance, struct timespec *ts,
void *data, u_int len);
typedef void (*audit_filter_detach_t)(void *instance);
/*
* APIs that may be called by audit filters.
*/
void audit_filter_getcookie(void *instance, void **cookie);
void audit_filter_setcookie(void *instance, void *cookie);
/*
* Values to be returned by audit_filter_init_t.
*/
@ -66,12 +72,12 @@ typedef void (*audit_filter_detach_t)(void *instance);
#define AUDIT_FILTER_ATTACH audit_filter_attach
#define AUDIT_FILTER_REINIT audit_filter_reinit
#define AUDIT_FILTER_RECORD audit_filter_record
#define AUDIT_FILTER_BSMRECORD audit_filter_bsmrecord
#define AUDIT_FILTER_RAWRECORD audit_filter_rawrecord
#define AUDIT_FILTER_DETACH audit_filter_detach
#define AUDIT_FILTER_ATTACH_STRING "audit_filter_attach"
#define AUDIT_FILTER_REINIT_STRING "audit_filter_reinit"
#define AUDIT_FILTER_RECORD_STRING "audit_filter_record"
#define AUDIT_FILTER_BSMRECORD_STRING "audit_filter_bsmrecord"
#define AUDIT_FILTER_RAWRECORD_STRING "audit_filter_rawrecord"
#define AUDIT_FILTER_DETACH_STRING "audit_filter_detach"
#endif /* !_BSM_AUDIT_FILTER_H_ */

View File

@ -34,7 +34,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#13 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#14 $
*/
#ifndef _AUDIT_INTERNAL_H
@ -68,15 +68,15 @@ struct au_record {
typedef struct au_record au_record_t;
/* We could determined the header and trailer sizes by
* defining appropriate structures. We hold off that approach
* till we have a consistant way of using structures for all tokens.
* This is not straightforward since these token structures may
* contain pointers of whose contents we dont know the size
* (e.g text tokens)
/*
* We could determined the header and trailer sizes by defining appropriate
* structures. We hold off that approach until we have a consistant way of
* using structures for all tokens. This is not straightforward since these
* token structures may contain pointers of whose contents we dont know the
* size (e.g text tokens).
*/
#define BSM_HEADER_SIZE 18
#define BSM_TRAILER_SIZE 7
#define AUDIT_HEADER_SIZE 18
#define AUDIT_TRAILER_SIZE 7
/*
* BSM token streams store fields in big endian byte order, so as to be

View File

@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#38 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#40 $
*/
#ifndef _BSM_AUDIT_KEVENTS_H_
@ -273,134 +273,200 @@
#define AUE_NTP_ADJTIME 288
/*
* Events not present in OpenSolaris BSM, generally derived from Apple Darwin
* BSM or added in OpenBSM. This start a little too close to the top end of
* the OpenSolaris event list for my comfort.
* Events added for Apple Darwin that potentially collide with future Solaris
* BSM events. These are assigned AUE_DARWIN prefixes, and are deprecated in
* new trails. Systems generating these events should switch to the new
* identifiers that avoid colliding with the Solaris identifier space.
*/
#define AUE_GETFSSTAT 301
#define AUE_PTRACE 302
#define AUE_CHFLAGS 303
#define AUE_FCHFLAGS 304
#define AUE_PROFILE 305
#define AUE_KTRACE 306
#define AUE_SETLOGIN 307
#define AUE_DARWIN_GETFSSTAT 301
#define AUE_DARWIN_PTRACE 302
#define AUE_DARWIN_CHFLAGS 303
#define AUE_DARWIN_FCHFLAGS 304
#define AUE_DARWIN_PROFILE 305
#define AUE_DARWIN_KTRACE 306
#define AUE_DARWIN_SETLOGIN 307
#define AUE_DARWIN_REBOOT 308 /* XXX: See AUE_REBOOT. */
#define AUE_REVOKE 309
#define AUE_UMASK 310
#define AUE_MPROTECT 311
#define AUE_DARWIN_REVOKE 309
#define AUE_DARWIN_UMASK 310
#define AUE_DARWIN_MPROTECT 311
#define AUE_DARWIN_SETPRIORITY 312 /* XXX: See AUE_SETPRIORITY. */
#define AUE_DARWIN_SETTIMEOFDAY 313 /* XXX: See AUE_SETTIMEOFDAY. */
#define AUE_DARWIN_FLOCK 314 /* XXX: See AUE_FLOCK. */
#define AUE_MKFIFO 315
#define AUE_POLL 316
#define AUE_DARWIN_MKFIFO 315
#define AUE_DARWIN_POLL 316
#define AUE_DARWIN_SOCKETPAIR 317 /* XXXRW: See AUE_SOCKETPAIR. */
#define AUE_FUTIMES 318
#define AUE_SETSID 319
#define AUE_SETPRIVEXEC 320 /* Darwin-specific. */
#define AUE_DARWIN_FUTIMES 318
#define AUE_DARWIN_SETSID 319
#define AUE_DARWIN_SETPRIVEXEC 320 /* Darwin-specific. */
#define AUE_DARWIN_NFSSVC 321 /* XXX: See AUE_NFS_SVC. */
#define AUE_DARWIN_GETFH 322 /* XXX: See AUE_NFS_GETFH. */
#define AUE_DARWIN_QUOTACTL 323 /* XXX: See AUE_QUOTACTL. */
#define AUE_ADDPROFILE 324 /* Darwin-specific. */
#define AUE_KDEBUGTRACE 325 /* Darwin-specific. */
#define AUE_KDBUGTRACE AUE_KDEBUGTRACE
#define AUE_FSTAT 326
#define AUE_FPATHCONF 327
#define AUE_GETDIRENTRIES 328
#define AUE_DARWIN_ADDPROFILE 324 /* Darwin-specific. */
#define AUE_DARWIN_KDEBUGTRACE 325 /* Darwin-specific. */
#define AUE_DARWIN_KDBUGTRACE AUE_KDEBUGTRACE
#define AUE_DARWIN_FSTAT 326
#define AUE_DARWIN_FPATHCONF 327
#define AUE_DARWIN_GETDIRENTRIES 328
#define AUE_DARWIN_TRUNCATE 329 /* XXX: See AUE_TRUNCATE. */
#define AUE_DARWIN_FTRUNCATE 330 /* XXX: See AUE_FTRUNCATE. */
#define AUE_SYSCTL 331
#define AUE_MLOCK 332
#define AUE_MUNLOCK 333
#define AUE_UNDELETE 334
#define AUE_GETATTRLIST 335 /* Darwin-specific. */
#define AUE_SETATTRLIST 336 /* Darwin-specific. */
#define AUE_GETDIRENTRIESATTR 337 /* Darwin-specific. */
#define AUE_EXCHANGEDATA 338 /* Darwin-specific. */
#define AUE_SEARCHFS 339 /* Darwin-specific. */
#define AUE_MINHERIT 340
#define AUE_SEMCONFIG 341
#define AUE_SEMOPEN 342
#define AUE_SEMCLOSE 343
#define AUE_SEMUNLINK 344
#define AUE_SHMOPEN 345
#define AUE_SHMUNLINK 346
#define AUE_LOADSHFILE 347 /* Darwin-specific. */
#define AUE_RESETSHFILE 348 /* Darwin-specific. */
#define AUE_NEWSYSTEMSHREG 349 /* Darwin-specific. */
#define AUE_PTHREADKILL 350 /* Darwin-specific. */
#define AUE_PTHREADSIGMASK 351 /* Darwin-specific. */
#define AUE_AUDITCTL 352
#define AUE_RFORK 353
#define AUE_LCHMOD 354
#define AUE_SWAPOFF 355
#define AUE_INITPROCESS 356 /* Darwin-specific. */
#define AUE_MAPFD 357 /* Darwin-specific. */
#define AUE_TASKFORPID 358 /* Darwin-specific. */
#define AUE_PIDFORTASK 359 /* Darwin-specific. */
#define AUE_SYSCTL_NONADMIN 360
#define AUE_COPYFILE 361 /* Darwin-specific. */
#define AUE_LUTIMES 362
#define AUE_LCHFLAGS 363 /* FreeBSD-specific. */
#define AUE_SENDFILE 364 /* BSD/Linux-specific. */
#define AUE_USELIB 365 /* Linux-specific. */
#define AUE_GETRESUID 366
#define AUE_SETRESUID 367
#define AUE_GETRESGID 368
#define AUE_SETRESGID 369
#define AUE_WAIT4 370 /* FreeBSD-specific. */
#define AUE_LGETFH 371 /* FreeBSD-specific. */
#define AUE_FHSTATFS 372 /* FreeBSD-specific. */
#define AUE_FHOPEN 373 /* FreeBSD-specific. */
#define AUE_FHSTAT 374 /* FreeBSD-specific. */
#define AUE_JAIL 375 /* FreeBSD-specific. */
#define AUE_EACCESS 376 /* FreeBSD-specific. */
#define AUE_KQUEUE 377 /* FreeBSD-specific. */
#define AUE_KEVENT 378 /* FreeBSD-specific. */
#define AUE_FSYNC 379
#define AUE_NMOUNT 380 /* FreeBSD-specific. */
#define AUE_BDFLUSH 381 /* Linux-specific. */
#define AUE_SETFSUID 382 /* Linux-specific. */
#define AUE_SETFSGID 383 /* Linux-specific. */
#define AUE_PERSONALITY 384 /* Linux-specific. */
#define AUE_SCHED_GETSCHEDULER 385 /* POSIX.1b. */
#define AUE_SCHED_SETSCHEDULER 386 /* POSIX.1b. */
#define AUE_PRCTL 387 /* Linux-specific. */
#define AUE_GETCWD 388 /* FreeBSD/Linux-specific. */
#define AUE_CAPGET 389 /* Linux-specific. */
#define AUE_CAPSET 390 /* Linux-specific. */
#define AUE_PIVOT_ROOT 391 /* Linux-specific. */
#define AUE_RTPRIO 392 /* FreeBSD-specific. */
#define AUE_SCHED_GETPARAM 393 /* POSIX.1b. */
#define AUE_SCHED_SETPARAM 394 /* POSIX.1b. */
#define AUE_SCHED_GET_PRIORITY_MAX 395 /* POSIX.1b. */
#define AUE_SCHED_GET_PRIORITY_MIN 396 /* POSIX.1b. */
#define AUE_SCHED_RR_GET_INTERVAL 397 /* POSIX.1b. */
#define AUE_ACL_GET_FILE 398 /* FreeBSD. */
#define AUE_ACL_SET_FILE 399 /* FreeBSD. */
#define AUE_ACL_GET_FD 400 /* FreeBSD. */
#define AUE_ACL_SET_FD 401 /* FreeBSD. */
#define AUE_ACL_DELETE_FILE 402 /* FreeBSD. */
#define AUE_ACL_DELETE_FD 403 /* FreeBSD. */
#define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */
#define AUE_ACL_CHECK_FD 405 /* FreeBSD. */
#define AUE_ACL_GET_LINK 406 /* FreeBSD. */
#define AUE_ACL_SET_LINK 407 /* FreeBSD. */
#define AUE_ACL_DELETE_LINK 408 /* FreeBSD. */
#define AUE_ACL_CHECK_LINK 409 /* FreeBSD. */
#define AUE_SYSARCH 410 /* FreeBSD. */
#define AUE_EXTATTRCTL 411 /* FreeBSD. */
#define AUE_EXTATTR_GET_FILE 412 /* FreeBSD. */
#define AUE_EXTATTR_SET_FILE 413 /* FreeBSD. */
#define AUE_EXTATTR_LIST_FILE 414 /* FreeBSD. */
#define AUE_EXTATTR_DELETE_FILE 415 /* FreeBSD. */
#define AUE_EXTATTR_GET_FD 416 /* FreeBSD. */
#define AUE_EXTATTR_SET_FD 417 /* FreeBSD. */
#define AUE_EXTATTR_LIST_FD 418 /* FreeBSD. */
#define AUE_EXTATTR_DELETE_FD 419 /* FreeBSD. */
#define AUE_EXTATTR_GET_LINK 420 /* FreeBSD. */
#define AUE_EXTATTR_SET_LINK 421 /* FreeBSD. */
#define AUE_EXTATTR_LIST_LINK 422 /* FreeBSD. */
#define AUE_EXTATTR_DELETE_LINK 423 /* FreeBSD. */
#define AUE_DARWIN_SYSCTL 331
#define AUE_DARWIN_MLOCK 332
#define AUE_DARWIN_MUNLOCK 333
#define AUE_DARWIN_UNDELETE 334
#define AUE_DARWIN_GETATTRLIST 335 /* Darwin-specific. */
#define AUE_DARWIN_SETATTRLIST 336 /* Darwin-specific. */
#define AUE_DARWIN_GETDIRENTRIESATTR 337 /* Darwin-specific. */
#define AUE_DARWIN_EXCHANGEDATA 338 /* Darwin-specific. */
#define AUE_DARWIN_SEARCHFS 339 /* Darwin-specific. */
#define AUE_DARWIN_MINHERIT 340
#define AUE_DARWIN_SEMCONFIG 341
#define AUE_DARWIN_SEMOPEN 342
#define AUE_DARWIN_SEMCLOSE 343
#define AUE_DARWIN_SEMUNLINK 344
#define AUE_DARWIN_SHMOPEN 345
#define AUE_DARWIN_SHMUNLINK 346
#define AUE_DARWIN_LOADSHFILE 347 /* Darwin-specific. */
#define AUE_DARWIN_RESETSHFILE 348 /* Darwin-specific. */
#define AUE_DARWIN_NEWSYSTEMSHREG 349 /* Darwin-specific. */
#define AUE_DARWIN_PTHREADKILL 350 /* Darwin-specific. */
#define AUE_DARWIN_PTHREADSIGMASK 351 /* Darwin-specific. */
#define AUE_DARWIN_AUDITCTL 352
#define AUE_DARWIN_RFORK 353
#define AUE_DARWIN_LCHMOD 354
#define AUE_DARWIN_SWAPOFF 355
#define AUE_DARWIN_INITPROCESS 356 /* Darwin-specific. */
#define AUE_DARWIN_MAPFD 357 /* Darwin-specific. */
#define AUE_DARWIN_TASKFORPID 358 /* Darwin-specific. */
#define AUE_DARWIN_PIDFORTASK 359 /* Darwin-specific. */
#define AUE_DARWIN_SYSCTL_NONADMIN 360
#define AUE_DARWIN_COPYFILE 361 /* Darwin-specific. */
/*
* Audit event identifiers added as part of OpenBSM, generally corresponding
* to events in FreeBSD, Darwin, and Linux that were not present in Solaris.
* These often duplicate events added to the Solaris set by Darwin, but use
* event identifiers in a higher range in order to avoid colliding with
* future Solaris additions.
*/
#define AUE_GETFSSTAT 43001
#define AUE_PTRACE 43002
#define AUE_CHFLAGS 43003
#define AUE_FCHFLAGS 43004
#define AUE_PROFILE 43005
#define AUE_KTRACE 43006
#define AUE_SETLOGIN 43007
#define AUE_REVOKE 43008
#define AUE_UMASK 43009
#define AUE_MPROTECT 43010
#define AUE_MKFIFO 43011
#define AUE_POLL 43012
#define AUE_FUTIMES 43013
#define AUE_SETSID 43014
#define AUE_SETPRIVEXEC 43015 /* Darwin-specific. */
#define AUE_ADDPROFILE 43016 /* Darwin-specific. */
#define AUE_KDEBUGTRACE 43017 /* Darwin-specific. */
#define AUE_KDBUGTRACE AUE_KDEBUGTRACE
#define AUE_FSTAT 43018
#define AUE_FPATHCONF 43019
#define AUE_GETDIRENTRIES 43020
#define AUE_SYSCTL 43021
#define AUE_MLOCK 43022
#define AUE_MUNLOCK 43023
#define AUE_UNDELETE 43024
#define AUE_GETATTRLIST 43025 /* Darwin-specific. */
#define AUE_SETATTRLIST 43026 /* Darwin-specific. */
#define AUE_GETDIRENTRIESATTR 43027 /* Darwin-specific. */
#define AUE_EXCHANGEDATA 43028 /* Darwin-specific. */
#define AUE_SEARCHFS 43029 /* Darwin-specific. */
#define AUE_MINHERIT 43030
#define AUE_SEMCONFIG 43031
#define AUE_SEMOPEN 43032
#define AUE_SEMCLOSE 43033
#define AUE_SEMUNLINK 43034
#define AUE_SHMOPEN 43035
#define AUE_SHMUNLINK 43036
#define AUE_LOADSHFILE 43037 /* Darwin-specific. */
#define AUE_RESETSHFILE 43038 /* Darwin-specific. */
#define AUE_NEWSYSTEMSHREG 43039 /* Darwin-specific. */
#define AUE_PTHREADKILL 43040 /* Darwin-specific. */
#define AUE_PTHREADSIGMASK 43041 /* Darwin-specific. */
#define AUE_AUDITCTL 43042
#define AUE_RFORK 43043
#define AUE_LCHMOD 43044
#define AUE_SWAPOFF 43045
#define AUE_INITPROCESS 43046 /* Darwin-specific. */
#define AUE_MAPFD 43047 /* Darwin-specific. */
#define AUE_TASKFORPID 43048 /* Darwin-specific. */
#define AUE_PIDFORTASK 43049 /* Darwin-specific. */
#define AUE_SYSCTL_NONADMIN 43050
#define AUE_COPYFILE 43051 /* Darwin-specific. */
/*
* Events added to OpenBSM for FreeBSD and Linux; may also be used by Darwin
* in the future.
*/
#define AUE_LUTIMES 43052
#define AUE_LCHFLAGS 43053 /* FreeBSD-specific. */
#define AUE_SENDFILE 43054 /* BSD/Linux-specific. */
#define AUE_USELIB 43055 /* Linux-specific. */
#define AUE_GETRESUID 43056
#define AUE_SETRESUID 43057
#define AUE_GETRESGID 43058
#define AUE_SETRESGID 43059
#define AUE_WAIT4 43060 /* FreeBSD-specific. */
#define AUE_LGETFH 43061 /* FreeBSD-specific. */
#define AUE_FHSTATFS 43062 /* FreeBSD-specific. */
#define AUE_FHOPEN 43063 /* FreeBSD-specific. */
#define AUE_FHSTAT 43064 /* FreeBSD-specific. */
#define AUE_JAIL 43065 /* FreeBSD-specific. */
#define AUE_EACCESS 43066 /* FreeBSD-specific. */
#define AUE_KQUEUE 43067 /* FreeBSD-specific. */
#define AUE_KEVENT 43068 /* FreeBSD-specific. */
#define AUE_FSYNC 43069
#define AUE_NMOUNT 43070 /* FreeBSD-specific. */
#define AUE_BDFLUSH 43071 /* Linux-specific. */
#define AUE_SETFSUID 43072 /* Linux-specific. */
#define AUE_SETFSGID 43073 /* Linux-specific. */
#define AUE_PERSONALITY 43074 /* Linux-specific. */
#define AUE_SCHED_GETSCHEDULER 43075 /* POSIX.1b. */
#define AUE_SCHED_SETSCHEDULER 43076 /* POSIX.1b. */
#define AUE_PRCTL 43077 /* Linux-specific. */
#define AUE_GETCWD 43078 /* FreeBSD/Linux-specific. */
#define AUE_CAPGET 43079 /* Linux-specific. */
#define AUE_CAPSET 43080 /* Linux-specific. */
#define AUE_PIVOT_ROOT 43081 /* Linux-specific. */
#define AUE_RTPRIO 43082 /* FreeBSD-specific. */
#define AUE_SCHED_GETPARAM 43083 /* POSIX.1b. */
#define AUE_SCHED_SETPARAM 43084 /* POSIX.1b. */
#define AUE_SCHED_GET_PRIORITY_MAX 43085 /* POSIX.1b. */
#define AUE_SCHED_GET_PRIORITY_MIN 43086 /* POSIX.1b. */
#define AUE_SCHED_RR_GET_INTERVAL 43087 /* POSIX.1b. */
#define AUE_ACL_GET_FILE 43088 /* FreeBSD. */
#define AUE_ACL_SET_FILE 43089 /* FreeBSD. */
#define AUE_ACL_GET_FD 43090 /* FreeBSD. */
#define AUE_ACL_SET_FD 43091 /* FreeBSD. */
#define AUE_ACL_DELETE_FILE 43092 /* FreeBSD. */
#define AUE_ACL_DELETE_FD 43093 /* FreeBSD. */
#define AUE_ACL_CHECK_FILE 43094 /* FreeBSD. */
#define AUE_ACL_CHECK_FD 43095 /* FreeBSD. */
#define AUE_ACL_GET_LINK 43096 /* FreeBSD. */
#define AUE_ACL_SET_LINK 43097 /* FreeBSD. */
#define AUE_ACL_DELETE_LINK 43098 /* FreeBSD. */
#define AUE_ACL_CHECK_LINK 43099 /* FreeBSD. */
#define AUE_SYSARCH 43100 /* FreeBSD. */
#define AUE_EXTATTRCTL 43101 /* FreeBSD. */
#define AUE_EXTATTR_GET_FILE 43102 /* FreeBSD. */
#define AUE_EXTATTR_SET_FILE 43103 /* FreeBSD. */
#define AUE_EXTATTR_LIST_FILE 43104 /* FreeBSD. */
#define AUE_EXTATTR_DELETE_FILE 43105 /* FreeBSD. */
#define AUE_EXTATTR_GET_FD 43106 /* FreeBSD. */
#define AUE_EXTATTR_SET_FD 43107 /* FreeBSD. */
#define AUE_EXTATTR_LIST_FD 43108 /* FreeBSD. */
#define AUE_EXTATTR_DELETE_FD 43109 /* FreeBSD. */
#define AUE_EXTATTR_GET_LINK 43110 /* FreeBSD. */
#define AUE_EXTATTR_SET_LINK 43111 /* FreeBSD. */
#define AUE_EXTATTR_LIST_LINK 43112 /* FreeBSD. */
#define AUE_EXTATTR_DELETE_LINK 43113 /* FreeBSD. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the

View File

@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#19 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#23 $
*/
#ifndef _BSM_AUDIT_RECORD_H_
@ -184,7 +184,7 @@
#define AUR_CHAR AUR_BYTE
#define AUR_SHORT 1
#define AUR_INT32 2
#define AUR_INT AUR_INT
#define AUR_INT AUR_INT32
#define AUR_INT64 3
/* ... and their sizes */
@ -199,9 +199,19 @@
#define PAD_NOTATTR 0x4000 /* nonattributable event */
#define PAD_FAILURE 0x8000 /* fail audit event */
#define AUDIT_MAX_GROUPS 16
#define BSM_MAX_GROUPS 16
#define HEADER_VERSION 1
/*
* A number of BSM versions are floating around and defined. Here are
* constants for them. OpenBSM uses the same token types, etc, used in the
* Solaris BSM version, but has a separate version number in order to
* identify a potentially different event identifier name space.
*/
#define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */
#define AUDIT_HEADER_VERSION_SOLARIS 2
#define AUDIT_HEADER_VERSION_TSOL25 3
#define AUDIT_HEADER_VERSION_TSOL 4
#define AUDIT_HEADER_VERSION_OPENBSM 10
/*
* BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we
@ -308,8 +318,13 @@ token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
token_t *au_to_exec_args(const char **);
token_t *au_to_exec_env(const char **);
#if defined(_KERNEL) || defined(KERNEL)
token_t *au_to_exec_args(char *args, int argc);
token_t *au_to_exec_env(char *envs, int envc);
#else
token_t *au_to_exec_args(char **argv);
token_t *au_to_exec_env(char **envp);
#endif
token_t *au_to_text(char *text);
token_t *au_to_kevent(struct kevent *kev);
token_t *au_to_trailer(int rec_size);

View File

@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#21 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#27 $
*/
#ifndef _LIBBSM_H_
@ -37,8 +37,8 @@
* solely to allow OpenSSH to compile; Darwin/Apple code should not use them.
*/
#define MAX_ARGS 10
#define MAX_ENV 10
#define AUDIT_MAX_ARGS 10
#define AUDIT_MAX_ENV 10
#include <sys/types.h>
#include <sys/cdefs.h>
@ -82,11 +82,10 @@
#define BSM_TEXTBUFSZ MAX_AUDITSTRING_LEN /* OpenSSH compatibility */
/*
* These are referenced in Solaris 9 au_open(3BSM); values are guesses.
* Provided for OpenSSH compatibility.
* Arguments to au_close(3).
*/
#define AU_TO_NO_WRITE 0
#define AU_TO_WRITE 1
#define AU_TO_NO_WRITE 0 /* Abandon audit record. */
#define AU_TO_WRITE 1 /* Commit audit record. */
__BEGIN_DECLS
struct au_event_ent {
@ -138,15 +137,6 @@ __END_DECLS
__BEGIN_DECLS
/*
* Internal representation of audit user in libnsl.
*/
typedef struct au_user_str_s {
char *au_name;
char *au_always;
char *au_never;
} au_user_str_t;
typedef struct au_tid32 {
u_int32_t port;
u_int32_t addr;
@ -228,7 +218,7 @@ typedef struct {
*/
typedef struct {
u_int32_t count;
char *text[MAX_ARGS];
char *text[AUDIT_MAX_ARGS];
} au_execarg_t;
/*
@ -237,7 +227,7 @@ typedef struct {
*/
typedef struct {
u_int32_t count;
char *text[MAX_ENV];
char *text[AUDIT_MAX_ENV];
} au_execenv_t;
/*
@ -269,7 +259,7 @@ typedef struct {
*/
typedef struct {
u_int16_t no;
u_int32_t list[BSM_MAX_GROUPS];
u_int32_t list[AUDIT_MAX_GROUPS];
} au_groups_t;
/*
@ -729,8 +719,6 @@ int au_preselect(au_event_t event, au_mask_t *mask_p,
/*
* Functions relating to querying audit event information.
*
* XXXRW: getauevnonam() has no _r version?
*/
void setauevent(void);
void endauevent(void);
@ -770,6 +758,11 @@ void au_print_tok(FILE *outfp, tokenstr_t *tok,
char *del, char raw, char sfrm);
__END_DECLS
/*
* The remaining APIs are associated with Apple's BSM implementation, in
* particular as relates to Mach IPC auditing and triggers passed via Mach
* IPC.
*/
#ifdef __APPLE__
#include <sys/appleapiopts.h>

View File

@ -12,6 +12,9 @@
/* Define to 1 if your system has a working `chown' function. */
#undef HAVE_CHOWN
/* Define to 1 if you have the `clock_gettime' function. */
#undef HAVE_CLOCK_GETTIME
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H

View File

@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#23 .
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#27 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a7.
# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a9.
#
# Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
#
@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='OpenBSM'
PACKAGE_TARNAME='openbsm'
PACKAGE_VERSION='1.0a7'
PACKAGE_STRING='OpenBSM 1.0a7'
PACKAGE_VERSION='1.0a9'
PACKAGE_STRING='OpenBSM 1.0a9'
PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
ac_unique_file="bin/auditreduce/auditreduce.c"
@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures OpenBSM 1.0a7 to adapt to many kinds of systems.
\`configure' configures OpenBSM 1.0a9 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1021,7 +1021,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of OpenBSM 1.0a7:";;
short | recursive ) echo "Configuration of OpenBSM 1.0a9:";;
esac
cat <<\_ACEOF
@ -1162,7 +1162,7 @@ fi
test -n "$ac_init_help" && exit 0
if $ac_init_version; then
cat <<\_ACEOF
OpenBSM configure 1.0a7
OpenBSM configure 1.0a9
generated by GNU Autoconf 2.59
Copyright (C) 2003 Free Software Foundation, Inc.
@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by OpenBSM $as_me 1.0a7, which was
It was created by OpenBSM $as_me 1.0a9, which was
generated by GNU Autoconf 2.59. Invocation command line was
$ $0 $@
@ -19278,7 +19278,7 @@ fi
# Define the identity of the package.
PACKAGE=OpenBSM
VERSION=1.0a7
VERSION=1.0a9
cat >>confdefs.h <<_ACEOF
@ -22833,7 +22833,8 @@ done
for ac_func in bzero ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul
for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
@ -23477,7 +23478,7 @@ _ASBOX
} >&5
cat >&5 <<_CSEOF
This file was extended by OpenBSM $as_me 1.0a7, which was
This file was extended by OpenBSM $as_me 1.0a9, which was
generated by GNU Autoconf 2.59. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -23540,7 +23541,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
OpenBSM config.status 1.0a7
OpenBSM config.status 1.0a9
configured by $0, generated by GNU Autoconf 2.59,
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"

View File

@ -2,8 +2,8 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59)
AC_INIT([OpenBSM], [1.0a7], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#24 $])
AC_INIT([OpenBSM], [1.0a9], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 $])
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
AC_CONFIG_AUX_DIR(config)
AC_CONFIG_HEADER([config/config.h])
@ -56,7 +56,7 @@ AC_FUNC_MKTIME
AC_TYPE_SIGNAL
AC_FUNC_STAT
AC_FUNC_STRFTIME
AC_CHECK_FUNCS([bzero ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul])
AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul])
# sys/queue.h exists on most systems, but its capabilities vary a great deal.
# test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in

View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#11 $
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#12 $
#
0:AUE_NULL:indir system call:no
1:AUE_EXIT:exit(2):pc
@ -234,129 +234,190 @@
267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad
268:AUE_CLOCK_SETTIME:clock_settime(2):ad
269:AUE_NTP_ADJTIME:ntp_adjtime(2):ad
301:AUE_GETFSSTAT:getfsstat(2):fa
302:AUE_PTRACE:ptrace(2):pc
303:AUE_CHFLAGS:chflags(2):fm
304:AUE_FCHFLAGS:fchflags(2):fm
305:AUE_PROFILE:profil(2):pc
306:AUE_KTRACE:ktrace(2):pc
307:AUE_SETLOGIN:setlogin(2):pc
#
# What follows are deprecated Darwin event numbers that may someday conflict
# with Solaris events.
#
301:AUE_DARWIN_GETFSSTAT:getfsstat(2):fa
302:AUE_DARWIN_PTRACE:ptrace(2):pc
303:AUE_DARWIN_CHFLAGS:chflags(2):fm
304:AUE_DARWIN_FCHFLAGS:fchflags(2):fm
305:AUE_DARWIN_PROFILE:profil(2):pc
306:AUE_DARWIN_KTRACE:ktrace(2):pc
307:AUE_DARWIN_SETLOGIN:setlogin(2):pc
308:AUE_DARWIN_REBOOT:reboot(2):ad
309:AUE_REVOKE:revoke(2):cl
310:AUE_UMASK:umask(2):pc
311:AUE_MPROTECT:mprotect(2):fm
309:AUE_DARWIN_REVOKE:revoke(2):cl
310:AUE_DARWIN_UMASK:umask(2):pc
311:AUE_DARWIN_MPROTECT:mprotect(2):fm
312:AUE_DARWIN_SETPRIORITY:setpriority(2):pc,ot
313:AUE_DARWIN_SETTIMEOFDAY:settimeofday(2):ad
314:AUE_DARWIN_FLOCK:flock(2):fm
315:AUE_MKFIFO:mkfifo(2):fc
316:AUE_POLL:poll(2):no
315:AUE_DARWIN_MKFIFO:mkfifo(2):fc
316:AUE_DARWIN_POLL:poll(2):no
317:AUE_DARWIN_SOCKETPAIR:socketpair(2):nt
318:AUE_FUTIMES:futimes(2):fm
319:AUE_SETSID:setsid(2):pc
320:AUE_SETPRIVEXEC:setprivexec(2):pc
318:AUE_DARWIN_FUTIMES:futimes(2):fm
319:AUE_DARWIN_SETSID:setsid(2):pc
320:AUE_DARWIN_SETPRIVEXEC:setprivexec(2):pc
321:AUE_DARWIN_NFSSVC:nfssvc(2):ad
322:AUE_DARWIN_GETFH:getfh(2):fa
323:AUE_DARWIN_QUOTACTL:quotactl(2):ad
324:AUE_ADDPROFILE:system call:pc
325:AUE_KDEBUGTRACE:system call:pc
326:AUE_FSTAT:fstat(2):fa
327:AUE_FPATHCONF:fpathconf(2):fa
328:AUE_GETDIRENTRIES:getdirentries(2):fr
324:AUE_DARWIN_ADDPROFILE:system call:pc
325:AUE_DARWIN_KDEBUGTRACE:system call:pc
326:AUE_DARWIN_FSTAT:fstat(2):fa
327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa
328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr
329:AUE_DARWIN_TRUNCATE:truncate(2):fw
330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw
331:AUE_SYSCTL:sysctl(3):ad
332:AUE_MLOCK:mlock(2):pc
333:AUE_MUNLOCK:munlock(2):pc
334:AUE_UNDELETE:undelete(2):fm
335:AUE_GETATTRLIST:getattrlist():fa
336:AUE_SETATTRLIST:setattrlist():fm
337:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa
338:AUE_EXCHANGEDATA:exchangedata():fw
339:AUE_SEARCHFS:searchfs():fa
340:AUE_MINHERIT:minherit(2):pc
341:AUE_SEMCONFIG:semconfig():ip
342:AUE_SEMOPEN:sem_open(2):ip
343:AUE_SEMCLOSE:sem_close(2):ip
344:AUE_SEMUNLINK:sem_unlink(2):ip
345:AUE_SHMOPEN:shm_open(2):ip
346:AUE_SHMUNLINK:shm_unlink(2):ip
347:AUE_LOADSHFILE:load_shared_file():fr
348:AUE_RESETSHFILE:reset_shared_file():ot
349:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot
350:AUE_PTHREADKILL:pthread_kill(2):pc
351:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc
352:AUE_AUDITCTL:auditctl(2):ad
353:AUE_RFORK:rfork(2):pc
354:AUE_LCHMOD:lchmod(2):fm
355:AUE_SWAPOFF:swapoff():ad
356:AUE_INITPROCESS:init_process():pc
357:AUE_MAPFD:map_fd():fa
358:AUE_TASKFORPID:task_for_pid():pc
359:AUE_PIDFORTASK:pid_for_task():pc
360:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot
361:AUE_COPYFILE:copyfile():fr,fw
362:AUE_LUTIMES:lutimes(2):fm
363:AUE_LCHFLAGS:lchflags(2):fm
364:AUE_SENDFILE:sendfile(2):nt
365:AUE_USELIB:uselib(2):fa
366:AUE_GETRESUID:getresuid(2):pc
367:AUE_SETRESUID:setresuid(2):pc
368:AUE_GETRESGID:getresgid(2):pc
369:AUE_SETRESGID:setresgid(2):pc
370:AUE_WAIT4:wait4(2):pc
371:AUE_LGETFH:lgetfh(2):fa
372:AUE_FHSTATFS:fhstatfs(2):fa
373:AUE_FHOPEN:fhopen(2):fa
374:AUE_FHSTAT:fhstat(2):fa
375:AUE_JAIL:jail(2):pc
376:AUE_EACCESS:eaccess(2):fa
377:AUE_KQUEUE:kqueue(2):no
378:AUE_KEVENT:kevent(2):no
379:AUE_FSYNC:fsync(2):fm
380:AUE_NMOUNT:nmount(2):ad
381:AUE_BDFLUSH:bdflush(2):ad
382:AUE_SETFSUID:setfsuid(2):ot
383:AUE_SETFSGID:setfsgid(2):ot
384:AUE_PERSONALITY:personality(2):pc
385:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
386:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
387:AUE_PRCTL:prctl(2):pc
388:AUE_GETCWD:getcwd(2):pc
389:AUE_CAPGET:capget(2):pc
390:AUE_CAPSET:capset(2):pc
391:AUE_PIVOT_ROOT:pivot_root(2):pc
392:AUE_RTPRIO::rtprio(2):pc
393:AUE_SCHED_GETPARAM:sched_getparam(2):ad
394:AUE_SCHED_SETPARAM:sched_setparam(2):ad
395:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
396:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
397:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
398:AUE_ACL_GET_FILE:acl_get_file(2):fa
399:AUE_ACL_SET_FILE:acl_set_file(2):fm
400:AUE_ACL_GET_FD:acl_get_fd(2):fa
401:AUE_ACL_SET_FD:acl_set_fd(2):fm
402:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
403:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
404:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
405:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
406:AUE_ACL_GET_LINK:acl_get_link(2):fa
407:AUE_ACL_SET_LINK:acl_set_link(2):fm
408:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
409:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
410:AUE_SYSARCH:sysarch(2):na
411:AUE_EXTATTRCTL:extattrctl(2):fm
412:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
413:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
414:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
415:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
416:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
417:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
418:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
419:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
420:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
421:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
422:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
423:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
331:AUE_DARWIN_SYSCTL:sysctl(3):ad
332:AUE_DARWIN_MLOCK:mlock(2):pc
333:AUE_DARWIN_MUNLOCK:munlock(2):pc
334:AUE_DARWIN_UNDELETE:undelete(2):fm
335:AUE_DARWIN_GETATTRLIST:getattrlist():fa
336:AUE_DARWIN_SETATTRLIST:setattrlist():fm
337:AUE_DARWIN_GETDIRENTRIESATTR:getdirentriesattr():fa
338:AUE_DARWIN_EXCHANGEDATA:exchangedata():fw
339:AUE_DARWIN_SEARCHFS:searchfs():fa
340:AUE_DARWIN_MINHERIT:minherit(2):pc
341:AUE_DARWIN_SEMCONFIG:semconfig():ip
342:AUE_DARWIN_SEMOPEN:sem_open(2):ip
343:AUE_DARWIN_SEMCLOSE:sem_close(2):ip
344:AUE_DARWIN_SEMUNLINK:sem_unlink(2):ip
345:AUE_DARWIN_SHMOPEN:shm_open(2):ip
346:AUE_DARWIN_SHMUNLINK:shm_unlink(2):ip
347:AUE_DARWIN_LOADSHFILE:load_shared_file():fr
348:AUE_DARWIN_RESETSHFILE:reset_shared_file():ot
349:AUE_DARWIN_NEWSYSTEMSHREG:new_system_share_regions():ot
350:AUE_DARWIN_PTHREADKILL:pthread_kill(2):pc
351:AUE_DARWIN_PTHREADSIGMASK:pthread_sigmask(2):pc
352:AUE_DARWIN_AUDITCTL:auditctl(2):ad
353:AUE_DARWIN_RFORK:rfork(2):pc
354:AUE_DARWIN_LCHMOD:lchmod(2):fm
355:AUE_DARWIN_SWAPOFF:swapoff():ad
356:AUE_DARWIN_INITPROCESS:init_process():pc
357:AUE_DARWIN_MAPFD:map_fd():fa
358:AUE_DARWIN_TASKFORPID:task_for_pid():pc
359:AUE_DARWIN_PIDFORTASK:pid_for_task():pc
360:AUE_DARWIN_SYSCTL_NONADMIN:sysctl() - non-admin:ot
361:AUE_DARWIN_COPYFILE:copyfile():fr,fw
#
# OpenBSM-specific kernel events.
#
43001:AUE_GETFSSTAT:getfsstat(2):fa
43002:AUE_PTRACE:ptrace(2):pc
43003:AUE_CHFLAGS:chflags(2):fm
43004:AUE_FCHFLAGS:fchflags(2):fm
43005:AUE_PROFILE:profil(2):pc
43006:AUE_KTRACE:ktrace(2):pc
43007:AUE_SETLOGIN:setlogin(2):pc
43008:AUE_REVOKE:revoke(2):cl
43009:AUE_UMASK:umask(2):pc
43010:AUE_MPROTECT:mprotect(2):fm
43011:AUE_MKFIFO:mkfifo(2):fc
43012:AUE_POLL:poll(2):no
43013:AUE_FUTIMES:futimes(2):fm
43014:AUE_SETSID:setsid(2):pc
43015:AUE_SETPRIVEXEC:setprivexec(2):pc
43016:AUE_ADDPROFILE:system call:pc
43017:AUE_KDEBUGTRACE:system call:pc
43018:AUE_FSTAT:fstat(2):fa
43019:AUE_FPATHCONF:fpathconf(2):fa
43020:AUE_GETDIRENTRIES:getdirentries(2):fr
43021:AUE_SYSCTL:sysctl(3):ad
43022:AUE_MLOCK:mlock(2):pc
43023:AUE_MUNLOCK:munlock(2):pc
43024:AUE_UNDELETE:undelete(2):fm
43025:AUE_GETATTRLIST:getattrlist():fa
43026:AUE_SETATTRLIST:setattrlist():fm
43027:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa
43028:AUE_EXCHANGEDATA:exchangedata():fw
43029:AUE_SEARCHFS:searchfs():fa
43030:AUE_MINHERIT:minherit(2):pc
43031:AUE_SEMCONFIG:semconfig():ip
43032:AUE_SEMOPEN:sem_open(2):ip
43033:AUE_SEMCLOSE:sem_close(2):ip
43034:AUE_SEMUNLINK:sem_unlink(2):ip
43035:AUE_SHMOPEN:shm_open(2):ip
43036:AUE_SHMUNLINK:shm_unlink(2):ip
43037:AUE_LOADSHFILE:load_shared_file():fr
43038:AUE_RESETSHFILE:reset_shared_file():ot
43039:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot
43040:AUE_PTHREADKILL:pthread_kill(2):pc
43041:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc
43042:AUE_AUDITCTL:auditctl(2):ad
43043:AUE_RFORK:rfork(2):pc
43044:AUE_LCHMOD:lchmod(2):fm
43045:AUE_SWAPOFF:swapoff():ad
43046:AUE_INITPROCESS:init_process():pc
43047:AUE_MAPFD:map_fd():fa
43048:AUE_TASKFORPID:task_for_pid():pc
43049:AUE_PIDFORTASK:pid_for_task():pc
43050:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot
43051:AUE_COPYFILE:copyfile():fr,fw
43052:AUE_LUTIMES:lutimes(2):fm
43053:AUE_LCHFLAGS:lchflags(2):fm
43054:AUE_SENDFILE:sendfile(2):nt
43055:AUE_USELIB:uselib(2):fa
43056:AUE_GETRESUID:getresuid(2):pc
43057:AUE_SETRESUID:setresuid(2):pc
43058:AUE_GETRESGID:getresgid(2):pc
43059:AUE_SETRESGID:setresgid(2):pc
43060:AUE_WAIT4:wait4(2):pc
43061:AUE_LGETFH:lgetfh(2):fa
43062:AUE_FHSTATFS:fhstatfs(2):fa
43063:AUE_FHOPEN:fhopen(2):fa
43064:AUE_FHSTAT:fhstat(2):fa
43065:AUE_JAIL:jail(2):pc
43066:AUE_EACCESS:eaccess(2):fa
43067:AUE_KQUEUE:kqueue(2):no
43068:AUE_KEVENT:kevent(2):no
43069:AUE_FSYNC:fsync(2):fm
43070:AUE_NMOUNT:nmount(2):ad
43071:AUE_BDFLUSH:bdflush(2):ad
43072:AUE_SETFSUID:setfsuid(2):ot
43073:AUE_SETFSGID:setfsgid(2):ot
43074:AUE_PERSONALITY:personality(2):pc
43075:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
43076:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
43077:AUE_PRCTL:prctl(2):pc
43078:AUE_GETCWD:getcwd(2):pc
43079:AUE_CAPGET:capget(2):pc
43080:AUE_CAPSET:capset(2):pc
43081:AUE_PIVOT_ROOT:pivot_root(2):pc
43082:AUE_RTPRIO::rtprio(2):pc
43083:AUE_SCHED_GETPARAM:sched_getparam(2):ad
43084:AUE_SCHED_SETPARAM:sched_setparam(2):ad
43085:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
43086:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
43087:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
43088:AUE_ACL_GET_FILE:acl_get_file(2):fa
43089:AUE_ACL_SET_FILE:acl_set_file(2):fm
43090:AUE_ACL_GET_FD:acl_get_fd(2):fa
43091:AUE_ACL_SET_FD:acl_set_fd(2):fm
43092:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
43093:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
43094:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
43095:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
43096:AUE_ACL_GET_LINK:acl_get_link(2):fa
43097:AUE_ACL_SET_LINK:acl_set_link(2):fm
43098:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
43099:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
43100:AUE_SYSARCH:sysarch(2):na
43101:AUE_EXTATTRCTL:extattrctl(2):fm
43102:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
43103:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
43104:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
43105:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
43106:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
43107:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
43108:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
43109:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
43110:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
#
# User space system events.
#
6152:AUE_login:login - local:lo
6153:AUE_logout:logout - local:lo
6159:AUE_su:su(1):lo

View File

@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#7 $
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#8 $
.\"
.Dd April 19, 2005
.Dt AU_TOKEN 3
@ -155,9 +155,9 @@
.Ft token_t *
.Fn au_to_me "void"
.Ft token_t *
.Fn au_to_exec_args "const char **args"
.Fn au_to_exec_args "char **argv"
.Ft token_t *
.Fn au_to_exec_env "const char **env"
.Fn au_to_exec_env "char **envp"
.Ft token_t *
.Fn au_to_header "int rec_size" "au_event_t e_type" "au_emod_t emod"
.Ft token_t *

View File

@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#26 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#28 $
*/
#include <sys/types.h>
@ -54,14 +54,14 @@
static au_record_t *open_desc_table[MAX_AUDIT_RECORDS];
/* The current number of active record descriptors */
static int bsm_rec_count = 0;
static int audit_rec_count = 0;
/*
* Records that can be recycled are maintained in the list given below. The
* maximum number of elements that can be present in this list is bounded by
* MAX_AUDIT_RECORDS. Memory allocated for these records are never freed.
*/
static LIST_HEAD(, au_record) bsm_free_q;
static LIST_HEAD(, au_record) audit_free_q;
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
@ -93,15 +93,15 @@ au_open(void)
pthread_mutex_lock(&mutex);
if (bsm_rec_count == 0)
LIST_INIT(&bsm_free_q);
if (audit_rec_count == 0)
LIST_INIT(&audit_free_q);
/*
* Find an unused descriptor, remove it from the free list, mark as
* used.
*/
if (!LIST_EMPTY(&bsm_free_q)) {
rec = LIST_FIRST(&bsm_free_q);
if (!LIST_EMPTY(&audit_free_q)) {
rec = LIST_FIRST(&audit_free_q);
rec->used = 1;
LIST_REMOVE(rec, au_rec_q);
}
@ -125,7 +125,7 @@ au_open(void)
pthread_mutex_lock(&mutex);
if (bsm_rec_count == MAX_AUDIT_RECORDS) {
if (audit_rec_count == MAX_AUDIT_RECORDS) {
pthread_mutex_unlock(&mutex);
free(rec->data);
free(rec);
@ -134,9 +134,9 @@ au_open(void)
errno = ENOMEM;
return (-1);
}
rec->desc = bsm_rec_count;
open_desc_table[bsm_rec_count] = rec;
bsm_rec_count++;
rec->desc = audit_rec_count;
open_desc_table[audit_rec_count] = rec;
audit_rec_count++;
pthread_mutex_unlock(&mutex);
@ -174,7 +174,7 @@ au_write(int d, token_t *tok)
return (-1); /* Invalid descriptor */
}
if (rec->len + tok->len + BSM_TRAILER_SIZE > MAX_AUDIT_RECORD_SIZE) {
if (rec->len + tok->len + AUDIT_TRAILER_SIZE > MAX_AUDIT_RECORD_SIZE) {
errno = ENOMEM;
return (-1);
}
@ -208,7 +208,7 @@ au_assemble(au_record_t *rec, short event)
u_char *dptr;
int error;
tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
header = au_to_header32(tot_rec_size, event, 0);
if (header == NULL)
return (-1);
@ -257,7 +257,7 @@ au_teardown(au_record_t *rec)
pthread_mutex_lock(&mutex);
/* Add the record to the freelist tail */
LIST_INSERT_HEAD(&bsm_free_q, rec, au_rec_q);
LIST_INSERT_HEAD(&audit_free_q, rec, au_rec_q);
pthread_mutex_unlock(&mutex);
}
@ -285,7 +285,7 @@ au_close(int d, int keep, short event)
goto cleanup;
}
tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
if (tot_rec_size > MAX_AUDIT_RECORD_SIZE) {
/*
@ -335,7 +335,7 @@ au_close_buffer(int d, short event, u_char *buffer, size_t *buflen)
}
retval = 0;
tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
if ((tot_rec_size > MAX_AUDIT_RECORD_SIZE) ||
(tot_rec_size > *buflen)) {
/*

View File

@ -27,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_event.c#11 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_event.c#12 $
*/
#include <bsm/libbsm.h>
@ -62,27 +62,32 @@ eventfromstr(char *str, struct au_event_ent *e)
evdesc = strtok_r(NULL, eventdelim, &last);
evclass = strtok_r(NULL, eventdelim, &last);
if ((evno == NULL) || (evname == NULL) || (evdesc == NULL) ||
(evclass == NULL))
if ((evno == NULL) || (evname == NULL))
return (NULL);
if (strlen(evname) >= AU_EVENT_NAME_MAX)
return (NULL);
strcpy(e->ae_name, evname);
if (strlen(evdesc) >= AU_EVENT_DESC_MAX)
return (NULL);
strcpy(e->ae_desc, evdesc);
if (evdesc != NULL) {
if (strlen(evdesc) >= AU_EVENT_DESC_MAX)
return (NULL);
strcpy(e->ae_desc, evdesc);
} else
strcpy(e->ae_desc, "");
e->ae_number = atoi(evno);
/*
* Find out the mask that corresponds to the given list of classes.
*/
if (getauditflagsbin(evclass, &evmask) != 0)
if (evclass != NULL) {
if (getauditflagsbin(evclass, &evmask) != 0)
e->ae_class = AU_NULL;
else
e->ae_class = evmask.am_success;
} else
e->ae_class = AU_NULL;
else
e->ae_class = evmask.am_success;
return (e);
}

View File

@ -31,7 +31,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#37 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#40 $
*/
#include <sys/types.h>
@ -820,7 +820,7 @@ print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_delim(fp, del);
print_1_byte(fp, tok->tt.arg32.no, "%u");
print_delim(fp, del);
print_4_bytes(fp, tok->tt.arg32.val, "%#x");
print_4_bytes(fp, tok->tt.arg32.val, "0x%x");
print_delim(fp, del);
print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len);
}
@ -859,7 +859,7 @@ print_arg64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_delim(fp, del);
print_1_byte(fp, tok->tt.arg64.no, "%u");
print_delim(fp, del);
print_8_bytes(fp, tok->tt.arg64.val, "%#llx");
print_8_bytes(fp, tok->tt.arg64.val, "0x%llx");
print_delim(fp, del);
print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len);
}
@ -1259,7 +1259,7 @@ print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
{
int i;
print_tok_type(fp, tok->id, "exec arg", raw);
print_tok_type(fp, tok->id, "exec env", raw);
for (i = 0; i< tok->tt.execenv.count; i++) {
print_delim(fp, del);
print_string(fp, tok->tt.execenv.text[i],
@ -2448,7 +2448,7 @@ fetch_invalid_tok(tokenstr_t *tok, char *buf, int len)
int err = 0;
int recoversize;
recoversize = len - (tok->len + BSM_TRAILER_SIZE);
recoversize = len - (tok->len + AUDIT_TRAILER_SIZE);
if (recoversize <= 0)
return (-1);

View File

@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#48 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#51 $
*/
#include <sys/types.h>
@ -309,7 +309,7 @@ token_t *
au_to_groups(int *groups)
{
return (au_to_newgroups(BSM_MAX_GROUPS, groups));
return (au_to_newgroups(AUDIT_MAX_GROUPS, groups));
}
/*
@ -1055,7 +1055,7 @@ au_to_me(void)
* text count null-terminated strings
*/
token_t *
au_to_exec_args(const char **args)
au_to_exec_args(char **argv)
{
token_t *t;
u_char *dptr = NULL;
@ -1063,7 +1063,7 @@ au_to_exec_args(const char **args)
int i, count = 0;
size_t totlen = 0;
nextarg = *args;
nextarg = *argv;
while (nextarg != NULL) {
int nextlen;
@ -1071,7 +1071,7 @@ au_to_exec_args(const char **args)
nextlen = strlen(nextarg);
totlen += nextlen + 1;
count++;
nextarg = *(args + count);
nextarg = *(argv + count);
}
totlen += count * sizeof(char); /* nul terminations. */
@ -1083,7 +1083,7 @@ au_to_exec_args(const char **args)
ADD_U_INT32(dptr, count);
for (i = 0; i < count; i++) {
nextarg = *(args + i);
nextarg = *(argv + i);
ADD_MEM(dptr, nextarg, strlen(nextarg) + 1);
}
@ -1096,7 +1096,7 @@ au_to_exec_args(const char **args)
* text count null-terminated strings
*/
token_t *
au_to_exec_env(const char **env)
au_to_exec_env(char **envp)
{
token_t *t;
u_char *dptr = NULL;
@ -1104,7 +1104,7 @@ au_to_exec_env(const char **env)
size_t totlen = 0;
const char *nextenv;
nextenv = *env;
nextenv = *envp;
while (nextenv != NULL) {
int nextlen;
@ -1112,7 +1112,7 @@ au_to_exec_env(const char **env)
nextlen = strlen(nextenv);
totlen += nextlen + 1;
count++;
nextenv = *(env + count);
nextenv = *(envp + count);
}
totlen += sizeof(char) * count;
@ -1124,7 +1124,7 @@ au_to_exec_env(const char **env)
ADD_U_INT32(dptr, count);
for (i = 0; i < count; i++) {
nextenv = *(env + i);
nextenv = *(envp + i);
ADD_MEM(dptr, nextenv, strlen(nextenv) + 1);
}
@ -1155,7 +1155,7 @@ au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
ADD_U_CHAR(dptr, AUT_HEADER32);
ADD_U_INT32(dptr, rec_size);
ADD_U_CHAR(dptr, HEADER_VERSION);
ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM);
ADD_U_INT16(dptr, e_type);
ADD_U_INT16(dptr, e_mod);

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2005 Robert N. M. Watson
.\" Copyright (c) 2005-2006 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#9 $
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#10 $
.\"
.Dd May 1, 2005
.Dt AUDIT.LOG 5
@ -91,10 +91,14 @@ The
token is used to mark the beginning of a complete audit record, and includes
the length of the total record in bytes, a version number for the record
layout, the event type and subtype, and the time at which the event occurred.
A
A 32-bit
.Dv header
token can be created using
.Xr au_to_header32 3 .
.Xr au_to_header32 3 ;
a 64-bit
.Dv header
token can be created using
.Xr au_to_header64 3 .
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
@ -111,11 +115,14 @@ The
token is an expanded version of the
.Dv header
token, with the addition of a machine IPv4 or IPv6 address.
The
.Xr libbsm 3
API cannot currently create an
.Dv expanded header
token.
A 32-bit extended
.Dv header
token can be created using
.Xr au_to_header32_ex 3 ;
a 64-bit extended
.Dv header
token can be created using
.Xr au_to_header64_ex 3 .
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
@ -154,11 +161,10 @@ A
.Dv How to print
field is present to specify how to print the data, but interpretation of
that field is not currently defined.
The
.Xr libbsm 3
API cannot currently create an
An
.Dv arbitrary data
token.
token can be created using
.Xr au_to_data 3 .
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"

View File

@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/auditfilter_noop.c#2 $
* $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/auditfilter_noop.c#4 $
*/
/*
@ -39,7 +39,7 @@
#include <bsm/audit_filter.h>
int
AUDIT_FILTER_ATTACH(void **instance, int argc, char *argv[])
AUDIT_FILTER_ATTACH(void *instance, int argc, char *argv[])
{
return (0);
@ -60,7 +60,7 @@ AUDIT_FILTER_RECORD(void *instance, struct timespec *ts, int token_count,
}
void
AUDIT_FILTER_BSMRECORD(void *instance, struct timespec *ts, u_char *data,
AUDIT_FILTER_RAWRECORD(void *instance, struct timespec *ts, u_char *data,
u_int len)
{

View File

@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#4 $
* $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#5 $
*/
/*
@ -144,6 +144,17 @@ generate_file_token(const char *directory, const char *token_filename)
write_token(directory, token_filename, file_token);
}
static void
generate_file_record(const char *directory, const char *record_filename)
{
token_t *file_token;
file_token = au_to_file("test", file_token_timeval);
if (file_token == NULL)
err(EX_UNAVAILABLE, "au_to_file");
write_record(directory, record_filename, file_token, AUE_NULL);
}
/*
* AUT_OHEADER
*/
@ -326,6 +337,32 @@ generate_subject32ex_token(const char *directory, const char *token_filename,
write_token(directory, buf, subject32ex_token);
}
static void
generate_subject32ex_record(const char *directory, const char *record_filename,
u_int32_t type)
{
token_t *subject32ex_token;
char *buf;
buf = (char *)malloc(strlen(record_filename) + 6);
if (type == AU_IPv6) {
inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr);
subject32_tid_addr.at_type = AU_IPv6;
sprintf(buf, "%s%s", record_filename, "-IPv6");
} else {
subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
subject32_tid_addr.at_type = AU_IPv4;
sprintf(buf, "%s%s", record_filename, "-IPv4");
}
subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid,
subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
subject32_sid, &subject32_tid_addr);
if (subject32ex_token == NULL)
err(EX_UNAVAILABLE, "au_to_subject32_ex");
write_record(directory, record_filename, subject32ex_token, AUE_NULL);
}
static au_id_t process32_auid = 0x12345678;
static uid_t process32_euid = 0x01234567;
static gid_t process32_egid = 0x23456789;
@ -382,6 +419,22 @@ generate_process32ex_token(const char *directory, const char *token_filename)
write_token(directory, token_filename, process32ex_token);
}
static void
generate_process32ex_record(const char *directory, const char *record_filename)
{
token_t *process32ex_token;
process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
process32_tid_addr.at_type = AU_IPv4;
process32ex_token = au_to_process32_ex(process32_auid, process32_euid,
process32_egid, process32_ruid, process32_rgid, process32_pid,
process32_sid, &process32_tid_addr);
if (process32ex_token == NULL)
err(EX_UNAVAILABLE, "au_to_process32_ex");
write_record(directory, record_filename, process32ex_token, AUE_NULL);
}
static char return32_status = 0xd7;
static uint32_t return32_ret = 0x12345678;
@ -777,29 +830,29 @@ main(int argc, char *argv[])
}
if (do_records) {
generate_file_token(directory, "file_token");
generate_trailer_token(directory, "trailer_token");
generate_header32_token(directory, "header32_token");
generate_data_token(directory, "data_record");
generate_ipc_token(directory, "ipc_record");
generate_path_token(directory, "path_record");
generate_subject32_token(directory, "subject32_record");
generate_subject32ex_token(directory, "subject32ex_record", AU_IPv4);
generate_subject32ex_token(directory, "subject32ex_record", AU_IPv6);
generate_process32_token(directory, "process32_record");
generate_process32ex_token(directory, "process32ex_token");
generate_return32_token(directory, "return32_record");
generate_text_token(directory, "text_record");
generate_opaque_token(directory, "opaque_record");
generate_in_addr_token(directory, "in_addr_record");
generate_ip_token(directory, "ip_record");
generate_iport_token(directory, "iport_record");
generate_arg32_token(directory, "arg32_record");
generate_seq_token(directory, "seq_record");
generate_attr_token(directory, "attr_record");
generate_ipc_perm_token(directory, "ipc_perm_record");
generate_groups_token(directory, "groups_record");
generate_attr32_token(directory, "attr32_record");
generate_file_record(directory, "file_record");
generate_data_record(directory, "data_record");
generate_ipc_record(directory, "ipc_record");
generate_path_record(directory, "path_record");
generate_subject32_record(directory, "subject32_record");
generate_subject32ex_record(directory, "subject32ex_record",
AU_IPv4);
generate_subject32ex_record(directory, "subject32ex_record",
AU_IPv6);
generate_process32_record(directory, "process32_record");
generate_process32ex_record(directory, "process32ex_record");
generate_return32_record(directory, "return32_record");
generate_text_record(directory, "text_record");
generate_opaque_record(directory, "opaque_record");
generate_in_addr_record(directory, "in_addr_record");
generate_ip_record(directory, "ip_record");
generate_iport_record(directory, "iport_record");
generate_arg32_record(directory, "arg32_record");
generate_seq_record(directory, "seq_record");
generate_attr_record(directory, "attr_record");
generate_ipc_perm_record(directory, "ipc_perm_record");
generate_groups_record(directory, "groups_record");
generate_attr32_record(directory, "attr32_record");
}
return (0);

View File

@ -1,9 +1,9 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.am#1 $
# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.am#2 $
#
INCLUDES = -I$(top_srcdir)
bin_PROGRAMS = autool
autool_SOURCES = autool.c
autool_LDADD = $(top_builddir)/libbsm/libbsm.la
bin_PROGRAMS = audump
audump_SOURCES = audump.c
audump_LDADD = $(top_builddir)/libbsm/libbsm.la

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.in#3 $
# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.in#4 $
#
srcdir = @srcdir@
@ -40,7 +40,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
bin_PROGRAMS = autool$(EXEEXT)
bin_PROGRAMS = audump$(EXEEXT)
subdir = tools
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@ -53,9 +53,9 @@ CONFIG_CLEAN_FILES =
am__installdirs = "$(DESTDIR)$(bindir)"
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(bin_PROGRAMS)
am_autool_OBJECTS = autool.$(OBJEXT)
autool_OBJECTS = $(am_autool_OBJECTS)
autool_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
am_audump_OBJECTS = audump.$(OBJEXT)
audump_OBJECTS = $(am_audump_OBJECTS)
audump_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/config
depcomp = $(SHELL) $(top_srcdir)/config/depcomp
am__depfiles_maybe = depfiles
@ -67,8 +67,8 @@ LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
CCLD = $(CC)
LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
SOURCES = $(autool_SOURCES)
DIST_SOURCES = $(autool_SOURCES)
SOURCES = $(audump_SOURCES)
DIST_SOURCES = $(audump_SOURCES)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@ -174,8 +174,8 @@ sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
INCLUDES = -I$(top_srcdir)
autool_SOURCES = autool.c
autool_LDADD = $(top_builddir)/libbsm/libbsm.la
audump_SOURCES = audump.c
audump_LDADD = $(top_builddir)/libbsm/libbsm.la
all: all-am
.SUFFIXES:
@ -237,9 +237,9 @@ clean-binPROGRAMS:
echo " rm -f $$p $$f"; \
rm -f $$p $$f ; \
done
autool$(EXEEXT): $(autool_OBJECTS) $(autool_DEPENDENCIES)
@rm -f autool$(EXEEXT)
$(LINK) $(autool_LDFLAGS) $(autool_OBJECTS) $(autool_LDADD) $(LIBS)
audump$(EXEEXT): $(audump_OBJECTS) $(audump_DEPENDENCIES)
@rm -f audump$(EXEEXT)
$(LINK) $(audump_LDFLAGS) $(audump_OBJECTS) $(audump_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@ -247,7 +247,7 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/autool.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audump.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \