Vendor import of OpenBSM 1.1 beta1, which incorporates the following
changes since the last imported OpenBSM release: OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens. Obtained from: TrustedBSD Project Sponsored by: Apple Inc.
This commit is contained in:
parent
a4bd134433
commit
694dcf49ac
1
CREDITS
1
CREDITS
@ -27,6 +27,7 @@ the development of OpenBSM:
|
||||
Eric Hall
|
||||
Xin LI
|
||||
Stacey Son
|
||||
Todd Heberlein
|
||||
|
||||
In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
|
||||
Software's FlexeLint tool were used to identify a number of bugs in the
|
||||
|
21
NEWS
21
NEWS
@ -1,5 +1,24 @@
|
||||
OpenBSM Version History
|
||||
|
||||
OpenBSM 1.1 beta 1
|
||||
|
||||
- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
|
||||
Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
|
||||
For legacy support no suffix defaults to bytes.
|
||||
- Audit trail log expiration support added. It is configured in
|
||||
audit_control(5) with the expire-after parameter. If there is no
|
||||
expire-after parameter in audit_control(5), the default, then the audit
|
||||
trail files are not expired and removed. See audit_control(5) for
|
||||
more information.
|
||||
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
|
||||
partitions, rotate automatically at 2mb, and set the default policy to
|
||||
cnt,argv rather than cnt so that execve(2) arguments are captured if
|
||||
AUE_EXECVE events are audited. These may provide more usable defaults for
|
||||
many users.
|
||||
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
|
||||
au_to_socket_ex(3) arguments to BSM format.
|
||||
- Fix error encoding AUT_IPC_PERM tokens.
|
||||
|
||||
OpenBSM 1.1 alpha 5
|
||||
|
||||
- Stub libauditd(3) man page added.
|
||||
@ -412,4 +431,4 @@ OpenBSM 1.0 alpha 1
|
||||
to support reloading of kernel event table.
|
||||
- Allow comments in /etc/security configuration files.
|
||||
|
||||
$P4: //depot/projects/trustedbsd/openbsm/NEWS#27 $
|
||||
$P4: //depot/projects/trustedbsd/openbsm/NEWS#32 $
|
||||
|
4
README
4
README
@ -1,4 +1,4 @@
|
||||
OpenBSM 1.1 alpha 4
|
||||
OpenBSM 1.1 beta 1
|
||||
|
||||
Introduction
|
||||
|
||||
@ -56,4 +56,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page:
|
||||
|
||||
http://www.TrustedBSD.org/
|
||||
|
||||
$P4: //depot/projects/trustedbsd/openbsm/README#34 $
|
||||
$P4: //depot/projects/trustedbsd/openbsm/README#35 $
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (c) 2004 Apple Inc.
|
||||
.\" Copyright (c) 2004-2009 Apple Inc.
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
@ -25,9 +25,9 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#13 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#15 $
|
||||
.\"
|
||||
.Dd December 11, 2008
|
||||
.Dd January 29, 2009
|
||||
.Dt AUDIT 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -35,7 +35,7 @@
|
||||
.Nd audit management utility
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Fl i | n | s | t
|
||||
.Fl e | i | n | s | t
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Nm
|
||||
@ -43,6 +43,10 @@ utility controls the state of the audit system.
|
||||
One of the following flags is required as an argument to
|
||||
.Nm :
|
||||
.Bl -tag -width indent
|
||||
.It Fl e
|
||||
Forces the audit system to immediately remove audit log files that
|
||||
meet the expiration criteria specified in the audit control file without
|
||||
doing a log rotation.
|
||||
.It Fl i
|
||||
Initializes and starts auditing.
|
||||
This option is currently for Mac OS X only
|
||||
@ -53,6 +57,8 @@ to be configured to run under
|
||||
.It Fl n
|
||||
Forces the audit system to close the existing audit log file and rotate to
|
||||
a new log file in a location specified in the audit control file.
|
||||
Also, audit log files that meet the expiration criteria specified in the
|
||||
audit control file will be removed.
|
||||
.It Fl s
|
||||
Specifies that the audit system should [re]synchronize its
|
||||
configuration from the audit control file.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 2005-2008 Apple Inc.
|
||||
* Copyright (c) 2005-2009 Apple Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@ -26,7 +26,7 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#13 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#14 $
|
||||
*/
|
||||
/*
|
||||
* Program to trigger the audit daemon with a message that is either:
|
||||
@ -68,12 +68,15 @@ static int send_trigger(unsigned int);
|
||||
#include "auditd_control.h"
|
||||
|
||||
/*
|
||||
* XXX the following is temporary until this can be added to the kernel
|
||||
* XXX The following are temporary until these can be added to the kernel
|
||||
* audit.h header.
|
||||
*/
|
||||
#ifndef AUDIT_TRIGGER_INITIALIZE
|
||||
#define AUDIT_TRIGGER_INITIALIZE 7
|
||||
#endif
|
||||
#ifndef AUDIT_TRIGGER_EXPIRE_TRAILS
|
||||
#define AUDIT_TRIGGER_EXPIRE_TRAILS 8
|
||||
#endif
|
||||
|
||||
static int
|
||||
send_trigger(unsigned int trigger)
|
||||
@ -125,7 +128,7 @@ static void
|
||||
usage(void)
|
||||
{
|
||||
|
||||
(void)fprintf(stderr, "Usage: audit -i | -n | -s | -t \n");
|
||||
(void)fprintf(stderr, "Usage: audit -e | -i | -n | -s | -t \n");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
@ -141,9 +144,13 @@ main(int argc, char **argv)
|
||||
if (argc != 2)
|
||||
usage();
|
||||
|
||||
while ((ch = getopt(argc, argv, "inst")) != -1) {
|
||||
while ((ch = getopt(argc, argv, "einst")) != -1) {
|
||||
switch(ch) {
|
||||
|
||||
case 'e':
|
||||
trigger = AUDIT_TRIGGER_EXPIRE_TRAILS;
|
||||
break;
|
||||
|
||||
case 'i':
|
||||
trigger = AUDIT_TRIGGER_INITIALIZE;
|
||||
break;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Apple Inc.
|
||||
* Copyright (c) 2005-2009 Apple Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@ -26,7 +26,7 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#10 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#11 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -236,3 +236,18 @@ audit_warn_tmpfile(void)
|
||||
|
||||
return (auditwarnlog(args));
|
||||
}
|
||||
|
||||
/*
|
||||
* Indicates that this trail file has expired and was removed.
|
||||
*/
|
||||
int
|
||||
audit_warn_expired(char *filename)
|
||||
{
|
||||
char *args[3];
|
||||
|
||||
args[0] = EXPIRED_WARN;
|
||||
args[1] = filename;
|
||||
args[2] = NULL;
|
||||
|
||||
return (auditwarnlog(args));
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 2004-2008 Apple Inc.
|
||||
* Copyright (c) 2004-2009 Apple Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@ -26,7 +26,7 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#41 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#43 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -67,12 +67,16 @@
|
||||
#endif
|
||||
|
||||
/*
|
||||
* XXX the following is temporary until this can be added to the kernel
|
||||
* XXX The following are temporary until these can be added to the kernel
|
||||
* audit.h header.
|
||||
*/
|
||||
#ifndef AUDIT_TRIGGER_INITIALIZE
|
||||
#define AUDIT_TRIGGER_INITIALIZE 7
|
||||
#endif
|
||||
#ifndef AUDIT_TRIGGER_EXPIRE_TRAILS
|
||||
#define AUDIT_TRIGGER_EXPIRE_TRAILS 8
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* LaunchD flag (Mac OS X and, maybe, FreeBSD only.) See launchd(8) and
|
||||
@ -166,7 +170,7 @@ close_lastfile(char *TS)
|
||||
|
||||
/* Rename the last file -- append timestamp. */
|
||||
if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) {
|
||||
strlcpy(ptr, TS, TIMESTAMP_LEN);
|
||||
memcpy(ptr, TS, POSTFIX_LEN);
|
||||
if (rename(oldname, lastfile) != 0)
|
||||
auditd_log_err(
|
||||
"Could not rename %s to %s: %m", oldname,
|
||||
@ -275,6 +279,14 @@ do_trail_file(void)
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Finally, see if there are any trail files to expire.
|
||||
*/
|
||||
err = auditd_expire_trails(audit_warn_expired);
|
||||
if (err)
|
||||
auditd_log_err("auditd_expire_trails(): %s",
|
||||
auditd_strerror(err));
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -550,6 +562,14 @@ auditd_handle_trigger(int trigger)
|
||||
audit_setup();
|
||||
break;
|
||||
|
||||
case AUDIT_TRIGGER_EXPIRE_TRAILS:
|
||||
auditd_log_info("Got audit expire trails trigger");
|
||||
err = auditd_expire_trails(audit_warn_expired);
|
||||
if (err)
|
||||
auditd_log_err("auditd_expire_trails(): %s",
|
||||
auditd_strerror(err));
|
||||
break;
|
||||
|
||||
default:
|
||||
auditd_log_err("Got unknown trigger %d", trigger);
|
||||
break;
|
||||
@ -669,13 +689,18 @@ auditd_config_controls(void)
|
||||
*/
|
||||
err = auditd_set_host();
|
||||
if (err) {
|
||||
auditd_log_err("auditd_set_host() %s: %m",
|
||||
auditd_strerror(err));
|
||||
ret = -1;
|
||||
if (err == ADE_PARSE) {
|
||||
auditd_log_notice(
|
||||
"audit_control(5) may be missing 'host:' field");
|
||||
} else {
|
||||
auditd_log_err("auditd_set_host() %s: %m",
|
||||
auditd_strerror(err));
|
||||
ret = -1;
|
||||
}
|
||||
} else
|
||||
auditd_log_debug(
|
||||
"Set audit host address information in kernel.");
|
||||
|
||||
|
||||
return (ret);
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Apple Inc.
|
||||
* Copyright (c) 2005-2009 Apple Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@ -26,7 +26,7 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#12 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#13 $
|
||||
*/
|
||||
|
||||
#ifndef _AUDITD_H_
|
||||
@ -57,6 +57,7 @@
|
||||
#define POSTSIGTERM_WARN "postsigterm"
|
||||
#define SOFTLIM_WARN "soft"
|
||||
#define TMPFILE_WARN "tmpfile"
|
||||
#define EXPIRED_WARN "expired"
|
||||
|
||||
#define AUDITWARN_SCRIPT "/etc/security/audit_warn"
|
||||
#define AUDITD_PIDFILE "/var/run/auditd.pid"
|
||||
@ -76,6 +77,7 @@ int audit_warn_nostart(void);
|
||||
int audit_warn_postsigterm(void);
|
||||
int audit_warn_soft(char *filename);
|
||||
int audit_warn_tmpfile(void);
|
||||
int audit_warn_expired(char *filename);
|
||||
|
||||
void auditd_openlog(int debug, gid_t gid);
|
||||
void auditd_log_err(const char *fmt, ...);
|
||||
|
@ -26,7 +26,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#3 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#4 $
|
||||
*/
|
||||
|
||||
#ifndef _BSM_AUDITD_LIB_H_
|
||||
@ -81,12 +81,14 @@
|
||||
#define ADE_INVAL -16 /* Invalid argument. */
|
||||
#define ADE_GETADDR -17 /* Error resolving address from hostname. */
|
||||
#define ADE_ADDRFAM -18 /* Address family not supported. */
|
||||
#define ADE_EXPIRE -19 /* Error expiring audit trail files. */
|
||||
|
||||
/*
|
||||
* auditd_lib functions.
|
||||
*/
|
||||
const char *auditd_strerror(int errcode);
|
||||
int auditd_set_minfree(void);
|
||||
int auditd_expire_trails(int (*warn_expired)(char *));
|
||||
int auditd_read_dirs(int (*warn_soft)(char *), int (*warn_hard)(char *));
|
||||
void auditd_close_dirs(void);
|
||||
int auditd_set_evcmap(void);
|
||||
|
18
bsm/libbsm.h
18
bsm/libbsm.h
@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 2004-2008 Apple Inc.
|
||||
* Copyright (c) 2004-2009 Apple Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@ -26,7 +26,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#41 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#42 $
|
||||
*/
|
||||
|
||||
#ifndef _LIBBSM_H_
|
||||
@ -76,13 +76,14 @@
|
||||
#define AUDIT_CONTROL_FILE "/etc/security/audit_control"
|
||||
#define AUDIT_USER_FILE "/etc/security/audit_user"
|
||||
|
||||
#define DIR_CONTROL_ENTRY "dir"
|
||||
#define MINFREE_CONTROL_ENTRY "minfree"
|
||||
#define FILESZ_CONTROL_ENTRY "filesz"
|
||||
#define FLAGS_CONTROL_ENTRY "flags"
|
||||
#define NA_CONTROL_ENTRY "naflags"
|
||||
#define POLICY_CONTROL_ENTRY "policy"
|
||||
#define DIR_CONTROL_ENTRY "dir"
|
||||
#define MINFREE_CONTROL_ENTRY "minfree"
|
||||
#define FILESZ_CONTROL_ENTRY "filesz"
|
||||
#define FLAGS_CONTROL_ENTRY "flags"
|
||||
#define NA_CONTROL_ENTRY "naflags"
|
||||
#define POLICY_CONTROL_ENTRY "policy"
|
||||
#define AUDIT_HOST_CONTROL_ENTRY "host"
|
||||
#define EXPIRE_AFTER_CONTROL_ENTRY "expire-after"
|
||||
|
||||
#define AU_CLASS_NAME_MAX 8
|
||||
#define AU_CLASS_DESC_MAX 72
|
||||
@ -766,6 +767,7 @@ int getacflg(char *auditstr, int len);
|
||||
int getacna(char *auditstr, int len);
|
||||
int getacpol(char *auditstr, size_t len);
|
||||
int getachost(char *auditstr, size_t len);
|
||||
int getacexpire(int *andflg, time_t *age, size_t *size);
|
||||
int getauditflagsbin(char *auditstr, au_mask_t *masks);
|
||||
int getauditflagschar(char *auditstr, au_mask_t *masks,
|
||||
int verbose);
|
||||
|
20
configure
vendored
20
configure
vendored
@ -1,7 +1,7 @@
|
||||
#! /bin/sh
|
||||
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#49 .
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.61 for OpenBSM 1.1alpha5.
|
||||
# Generated by GNU Autoconf 2.61 for OpenBSM 1.1beta1.
|
||||
#
|
||||
# Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
|
||||
#
|
||||
@ -729,8 +729,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='OpenBSM'
|
||||
PACKAGE_TARNAME='openbsm'
|
||||
PACKAGE_VERSION='1.1alpha5'
|
||||
PACKAGE_STRING='OpenBSM 1.1alpha5'
|
||||
PACKAGE_VERSION='1.1beta1'
|
||||
PACKAGE_STRING='OpenBSM 1.1beta1'
|
||||
PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
|
||||
|
||||
ac_unique_file="bin/auditreduce/auditreduce.c"
|
||||
@ -1404,7 +1404,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures OpenBSM 1.1alpha5 to adapt to many kinds of systems.
|
||||
\`configure' configures OpenBSM 1.1beta1 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1474,7 +1474,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of OpenBSM 1.1alpha5:";;
|
||||
short | recursive ) echo "Configuration of OpenBSM 1.1beta1:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1580,7 +1580,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
OpenBSM configure 1.1alpha5
|
||||
OpenBSM configure 1.1beta1
|
||||
generated by GNU Autoconf 2.61
|
||||
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
|
||||
@ -1594,7 +1594,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by OpenBSM $as_me 1.1alpha5, which was
|
||||
It was created by OpenBSM $as_me 1.1beta1, which was
|
||||
generated by GNU Autoconf 2.61. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
@ -19076,7 +19076,7 @@ fi
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE=OpenBSM
|
||||
VERSION=1.1alpha5
|
||||
VERSION=1.1beta1
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
@ -23584,7 +23584,7 @@ exec 6>&1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by OpenBSM $as_me 1.1alpha5, which was
|
||||
This file was extended by OpenBSM $as_me 1.1beta1, which was
|
||||
generated by GNU Autoconf 2.61. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -23637,7 +23637,7 @@ Report bugs to <bug-autoconf@gnu.org>."
|
||||
_ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF
|
||||
ac_cs_version="\\
|
||||
OpenBSM config.status 1.1alpha5
|
||||
OpenBSM config.status 1.1beta1
|
||||
configured by $0, generated by GNU Autoconf 2.61,
|
||||
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
|
||||
|
||||
|
@ -2,8 +2,8 @@
|
||||
# Process this file with autoconf to produce a configure script.
|
||||
|
||||
AC_PREREQ(2.59)
|
||||
AC_INIT([OpenBSM], [1.1alpha5], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
|
||||
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#49 $])
|
||||
AC_INIT([OpenBSM], [1.1beta1], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
|
||||
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#50 $])
|
||||
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
|
||||
AC_CONFIG_AUX_DIR(config)
|
||||
AC_CONFIG_HEADER([config/config.h])
|
||||
|
@ -1,9 +1,9 @@
|
||||
#
|
||||
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#5 $
|
||||
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#6 $
|
||||
#
|
||||
dir:/var/audit
|
||||
flags:lo
|
||||
minfree:20
|
||||
minfree:5
|
||||
naflags:lo
|
||||
policy:cnt
|
||||
filesz:0
|
||||
policy:cnt,argv
|
||||
filesz:2097152
|
||||
|
@ -1,5 +1,5 @@
|
||||
#
|
||||
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#34 $
|
||||
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#36 $
|
||||
#
|
||||
# The mapping between event identifiers and values is also hard-coded in
|
||||
# audit_kevents.h and audit_uevents.h, so changes must occur in both places,
|
||||
@ -490,7 +490,7 @@
|
||||
43128:AUE_MAC_GET_PID:mac_get_pid(2):pc
|
||||
43129:AUE_MAC_GET_LINK:mac_get_link(2):fa
|
||||
43130:AUE_MAC_SET_LINK:mac_set_link(2):fm
|
||||
43131:AUE_MAC_EXECVE:mac_exeve(2):ex,pc
|
||||
43131:AUE_MAC_EXECVE:mac_execve(2):ex,pc
|
||||
43132:AUE_GETPATH_FROMFD:getpath_fromfd(2):fa
|
||||
43133:AUE_GETPATH_FROMADDR:getpath_fromaddr(2):fa
|
||||
43134:AUE_MQ_OPEN:mq_open(2):ip
|
||||
@ -551,6 +551,8 @@
|
||||
43189:AUE_CAP_GETMODE:cap_getmode(2):pc
|
||||
43190:AUE_POSIX_SPAWN:posix_spawn(2):pc
|
||||
43191:AUE_FSGETPATH:fsgetpath(2):ot
|
||||
43192:AUE_PREAD:pread(2):no
|
||||
43193:AUE_PWRITE:pwrite(2):no
|
||||
#
|
||||
# Solaris userspace events.
|
||||
#
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 2008 Apple Inc.
|
||||
* Copyright (c) 2008-2009 Apple Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@ -26,7 +26,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#2 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#7 $
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -52,6 +52,7 @@
|
||||
#include <bsm/auditd_lib.h>
|
||||
#include <bsm/libbsm.h>
|
||||
|
||||
#include <dirent.h>
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
@ -77,6 +78,11 @@
|
||||
#define AUDIT_HARD_LIMIT_FREE_BLOCKS 4
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Number of seconds to January 1, 2000
|
||||
*/
|
||||
#define JAN_01_2000 946598400
|
||||
|
||||
struct dir_ent {
|
||||
char *dirname;
|
||||
uint8_t softlim;
|
||||
@ -85,7 +91,19 @@ struct dir_ent {
|
||||
};
|
||||
|
||||
static TAILQ_HEAD(, dir_ent) dir_q;
|
||||
static int minval = -1;
|
||||
|
||||
struct audit_trail {
|
||||
time_t at_time;
|
||||
char *at_path;
|
||||
off_t at_size;
|
||||
|
||||
TAILQ_ENTRY(audit_trail) at_trls;
|
||||
};
|
||||
|
||||
static int auditd_minval = -1;
|
||||
|
||||
static char auditd_host[MAXHOSTNAMELEN];
|
||||
static int auditd_hostlen = -1;
|
||||
|
||||
static char *auditd_errmsg[] = {
|
||||
"no error", /* ADE_NOERR ( 0) */
|
||||
@ -107,6 +125,7 @@ static char *auditd_errmsg[] = {
|
||||
"invalid argument", /* ADE_INVAL (16) */
|
||||
"could not resolve hostname to address", /* ADE_GETADDR (17) */
|
||||
"address family not supported", /* ADE_ADDRFAM (18) */
|
||||
"error expiring audit trail files", /* ADE_EXPIRE (19) */
|
||||
};
|
||||
|
||||
#define MAXERRCODE (sizeof(auditd_errmsg) / sizeof(auditd_errmsg[0]))
|
||||
@ -165,7 +184,13 @@ affixdir(char *name, struct dir_ent *dirent)
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
asprintf(&fn, "%s/%s", dirent->dirname, name);
|
||||
/*
|
||||
* If the host is set then also add the hostname to the filename.
|
||||
*/
|
||||
if (auditd_hostlen != -1)
|
||||
asprintf(&fn, "%s/%s.%s", dirent->dirname, name, auditd_host);
|
||||
else
|
||||
asprintf(&fn, "%s/%s", dirent->dirname, name);
|
||||
return (fn);
|
||||
}
|
||||
|
||||
@ -204,16 +229,14 @@ insert_orderly(struct dir_ent *denew)
|
||||
int
|
||||
auditd_set_host(void)
|
||||
{
|
||||
char hoststr[MAXHOSTNAMELEN];
|
||||
struct sockaddr_in6 *sin6;
|
||||
struct sockaddr_in *sin;
|
||||
struct addrinfo *res;
|
||||
struct auditinfo_addr aia;
|
||||
int error, ret = ADE_NOERR;
|
||||
|
||||
if (getachost(hoststr, MAXHOSTNAMELEN) != 0) {
|
||||
|
||||
ret = ADE_PARSE;
|
||||
if (getachost(auditd_host, sizeof(auditd_host)) != 0) {
|
||||
ret = ADE_PARSE;
|
||||
|
||||
/*
|
||||
* To maintain reverse compatability with older audit_control
|
||||
@ -229,7 +252,8 @@ auditd_set_host(void)
|
||||
ret = ADE_AUDITON;
|
||||
return (ret);
|
||||
}
|
||||
error = getaddrinfo(hoststr, NULL, NULL, &res);
|
||||
auditd_hostlen = strlen(auditd_host);
|
||||
error = getaddrinfo(auditd_host, NULL, NULL, &res);
|
||||
if (error)
|
||||
return (ADE_GETADDR);
|
||||
switch (res->ai_family) {
|
||||
@ -271,14 +295,14 @@ auditd_set_minfree(void)
|
||||
{
|
||||
au_qctrl_t qctrl;
|
||||
|
||||
if (getacmin(&minval) != 0)
|
||||
if (getacmin(&auditd_minval) != 0)
|
||||
return (ADE_PARSE);
|
||||
|
||||
if (auditon(A_GETQCTRL, &qctrl, sizeof(qctrl)) != 0)
|
||||
return (ADE_AUDITON);
|
||||
|
||||
if (qctrl.aq_minfree != minval) {
|
||||
qctrl.aq_minfree = minval;
|
||||
if (qctrl.aq_minfree != auditd_minval) {
|
||||
qctrl.aq_minfree = auditd_minval;
|
||||
if (auditon(A_SETQCTRL, &qctrl, sizeof(qctrl)) != 0)
|
||||
return (ADE_AUDITON);
|
||||
}
|
||||
@ -286,10 +310,260 @@ auditd_set_minfree(void)
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a trailname into a timestamp (seconds). Return 0 if the conversion
|
||||
* was successful.
|
||||
*/
|
||||
static int
|
||||
trailname_to_tstamp(char *fn, time_t *tstamp)
|
||||
{
|
||||
struct tm tm;
|
||||
char ts[TIMESTAMP_LEN];
|
||||
char *p;
|
||||
|
||||
*tstamp = 0;
|
||||
|
||||
/*
|
||||
* Get the ending time stamp.
|
||||
*/
|
||||
if ((p = strchr(fn, '.')) == NULL)
|
||||
return (1);
|
||||
strlcpy(ts, ++p, TIMESTAMP_LEN);
|
||||
if (strlen(ts) != POSTFIX_LEN)
|
||||
return (1);
|
||||
|
||||
bzero(&tm, sizeof(tm));
|
||||
|
||||
/* seconds (0-60) */
|
||||
p = ts + POSTFIX_LEN - 2;
|
||||
tm.tm_sec = atol(p);
|
||||
if (tm.tm_sec < 0 || tm.tm_sec > 60)
|
||||
return (1);
|
||||
|
||||
/* minutes (0-59) */
|
||||
*p = '\0'; p -= 2;
|
||||
tm.tm_min = atol(p);
|
||||
if (tm.tm_min < 0 || tm.tm_min > 59)
|
||||
return (1);
|
||||
|
||||
/* hours (0 - 23) */
|
||||
*p = '\0'; p -= 2;
|
||||
tm.tm_hour = atol(p);
|
||||
if (tm.tm_hour < 0 || tm.tm_hour > 23)
|
||||
return (1);
|
||||
|
||||
/* day of month (1-31) */
|
||||
*p = '\0'; p -= 2;
|
||||
tm.tm_mday = atol(p);
|
||||
if (tm.tm_mday < 1 || tm.tm_mday > 31)
|
||||
return (1);
|
||||
|
||||
/* month (0 - 11) */
|
||||
*p = '\0'; p -= 2;
|
||||
tm.tm_mon = atol(p) - 1;
|
||||
if (tm.tm_mon < 0 || tm.tm_mon > 11)
|
||||
return (1);
|
||||
|
||||
/* year (year - 1900) */
|
||||
*p = '\0'; p -= 4;
|
||||
tm.tm_year = atol(p) - 1900;
|
||||
if (tm.tm_year < 0)
|
||||
return (1);
|
||||
|
||||
*tstamp = timegm(&tm);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Remove audit trails files according to the expiration conditions. Returns:
|
||||
* ADE_NOERR on success or there is nothing to do.
|
||||
* ADE_PARSE if error parsing audit_control(5).
|
||||
* ADE_NOMEM if could not allocate memory.
|
||||
* ADE_EXPIRE if there was an unespected error.
|
||||
*/
|
||||
int
|
||||
auditd_expire_trails(int (*warn_expired)(char *))
|
||||
{
|
||||
int andflg, ret = ADE_NOERR;
|
||||
size_t expire_size, total_size = 0L;
|
||||
time_t expire_age, oldest_time, current_time = time(NULL);
|
||||
struct dir_ent *traildir;
|
||||
struct audit_trail *at;
|
||||
char *afnp, *pn;
|
||||
TAILQ_HEAD(au_trls_head, audit_trail) head =
|
||||
TAILQ_HEAD_INITIALIZER(head);
|
||||
struct stat stbuf;
|
||||
char activefn[MAXPATHLEN];
|
||||
|
||||
/*
|
||||
* Read the expiration conditions. If no conditions then return no
|
||||
* error.
|
||||
*/
|
||||
if (getacexpire(&andflg, &expire_age, &expire_size) < 0)
|
||||
return (ADE_PARSE);
|
||||
if (!expire_age && !expire_size)
|
||||
return (ADE_NOERR);
|
||||
|
||||
/*
|
||||
* Read the 'current' trail file name. Trim off directory path.
|
||||
*/
|
||||
activefn[0] = '\0';
|
||||
readlink(AUDIT_CURRENT_LINK, activefn, MAXPATHLEN - 1);
|
||||
if ((afnp = strrchr(activefn, '/')) != NULL)
|
||||
afnp++;
|
||||
|
||||
|
||||
/*
|
||||
* Build tail queue of the trail files.
|
||||
*/
|
||||
TAILQ_FOREACH(traildir, &dir_q, dirs) {
|
||||
DIR *dirp;
|
||||
struct dirent *dp;
|
||||
|
||||
dirp = opendir(traildir->dirname);
|
||||
while ((dp = readdir(dirp)) != NULL) {
|
||||
time_t tstamp = 0;
|
||||
struct audit_trail *new;
|
||||
|
||||
/*
|
||||
* Quickly filter non-trail files.
|
||||
*/
|
||||
if (dp->d_namlen != (FILENAME_LEN - 1) ||
|
||||
#ifdef DT_REG
|
||||
dp->d_type != DT_REG ||
|
||||
#endif
|
||||
dp->d_name[POSTFIX_LEN] != '.')
|
||||
continue;
|
||||
|
||||
if (asprintf(&pn, "%s/%s", traildir->dirname,
|
||||
dp->d_name) < 0) {
|
||||
ret = ADE_NOMEM;
|
||||
break;
|
||||
}
|
||||
|
||||
if (stat(pn, &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) {
|
||||
free(pn);
|
||||
continue;
|
||||
}
|
||||
|
||||
total_size += stbuf.st_size;
|
||||
|
||||
/*
|
||||
* If this is the 'current' audit trail then
|
||||
* don't add it to the tail queue.
|
||||
*/
|
||||
if (NULL != afnp &&
|
||||
strncmp(dp->d_name, afnp, FILENAME_LEN) == 0) {
|
||||
free(pn);
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the ending time stamp encoded in the trail
|
||||
* name. If we can't read it or if it is older
|
||||
* than Jan 1, 2000 then use the mtime.
|
||||
*/
|
||||
if (trailname_to_tstamp(dp->d_name, &tstamp) != 0 ||
|
||||
tstamp < JAN_01_2000)
|
||||
tstamp = stbuf.st_mtime;
|
||||
|
||||
/*
|
||||
* If the time stamp is older than Jan 1, 2000 then
|
||||
* update the mtime of the trail file to the current
|
||||
* time. This is so we don't prematurely remove a trail
|
||||
* file that was created while the system clock reset
|
||||
* to the * "beginning of time" but later the system
|
||||
* clock is set to the correct current time.
|
||||
*/
|
||||
if (current_time >= JAN_01_2000 &&
|
||||
tstamp < JAN_01_2000) {
|
||||
struct timeval tv[2];
|
||||
|
||||
tstamp = stbuf.st_mtime = current_time;
|
||||
TIMESPEC_TO_TIMEVAL(&tv[0],
|
||||
&stbuf.st_atimespec);
|
||||
TIMESPEC_TO_TIMEVAL(&tv[1],
|
||||
&stbuf.st_mtimespec);
|
||||
utimes(pn, tv);
|
||||
}
|
||||
|
||||
/*
|
||||
* Allocate and populate the new entry.
|
||||
*/
|
||||
new = malloc(sizeof(*new));
|
||||
if (NULL == new) {
|
||||
free(pn);
|
||||
ret = ADE_NOMEM;
|
||||
break;
|
||||
}
|
||||
new->at_time = tstamp;
|
||||
new->at_size = stbuf.st_size;
|
||||
new->at_path = pn;
|
||||
|
||||
/*
|
||||
* Check to see if we have a new head. Otherwise,
|
||||
* walk the tailq from the tail first and do a simple
|
||||
* insertion sort.
|
||||
*/
|
||||
if (TAILQ_EMPTY(&head) ||
|
||||
(new->at_time <= TAILQ_FIRST(&head)->at_time)) {
|
||||
TAILQ_INSERT_HEAD(&head, new, at_trls);
|
||||
continue;
|
||||
}
|
||||
|
||||
TAILQ_FOREACH_REVERSE(at, &head, au_trls_head, at_trls)
|
||||
if (new->at_time >= at->at_time) {
|
||||
TAILQ_INSERT_AFTER(&head, at, new,
|
||||
at_trls);
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
oldest_time = current_time - expire_age;
|
||||
|
||||
/*
|
||||
* Expire trail files, oldest (mtime) first, if the given
|
||||
* conditions are met.
|
||||
*/
|
||||
at = TAILQ_FIRST(&head);
|
||||
while (NULL != at) {
|
||||
struct audit_trail *at_next = TAILQ_NEXT(at, at_trls);
|
||||
|
||||
if (andflg) {
|
||||
if ((expire_size && total_size > expire_size) &&
|
||||
(expire_age && at->at_time < oldest_time)) {
|
||||
if (warn_expired)
|
||||
(*warn_expired)(at->at_path);
|
||||
if (unlink(at->at_path) < 0)
|
||||
ret = ADE_EXPIRE;
|
||||
total_size -= at->at_size;
|
||||
}
|
||||
} else {
|
||||
if ((expire_size && total_size > expire_size) ||
|
||||
(expire_age && at->at_time < oldest_time)) {
|
||||
if (warn_expired)
|
||||
(*warn_expired)(at->at_path);
|
||||
if (unlink(at->at_path) < 0)
|
||||
ret = ADE_EXPIRE;
|
||||
total_size -= at->at_size;
|
||||
}
|
||||
}
|
||||
|
||||
free(at->at_path);
|
||||
free(at);
|
||||
at = at_next;
|
||||
}
|
||||
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
* Parses the "dir" entry in audit_control(5) into an ordered list. Also, will
|
||||
* set the minfree value if not already set. Arguments include function
|
||||
* pointers to audit_warn functions for soft and hard limits. Returns:
|
||||
* set the minfree and host values if not already set. Arguments include
|
||||
* function pointers to audit_warn functions for soft and hard limits. Returns:
|
||||
* ADE_NOERR on success,
|
||||
* ADE_PARSE error parsing audit_control(5),
|
||||
* ADE_AUDITON error getting/setting auditon(2) value,
|
||||
@ -309,9 +583,12 @@ auditd_read_dirs(int (*warn_soft)(char *), int (*warn_hard)(char *))
|
||||
int scnt = 0;
|
||||
int hcnt = 0;
|
||||
|
||||
if (minval == -1 && (err = auditd_set_minfree()) != 0)
|
||||
if (auditd_minval == -1 && (err = auditd_set_minfree()) != 0)
|
||||
return (err);
|
||||
|
||||
if (auditd_hostlen == -1)
|
||||
auditd_set_host();
|
||||
|
||||
/*
|
||||
* Init directory q. Force a re-read of the file the next time.
|
||||
*/
|
||||
@ -329,7 +606,8 @@ auditd_read_dirs(int (*warn_soft)(char *), int (*warn_hard)(char *))
|
||||
while (getacdir(cur_dir, MAXNAMLEN) >= 0) {
|
||||
if (statfs(cur_dir, &sfs) < 0)
|
||||
continue; /* XXX should warn */
|
||||
soft = (sfs.f_bfree < (sfs.f_blocks / (100 / minval))) ? 1 : 0;
|
||||
soft = (sfs.f_bfree < (sfs.f_blocks / (100 / auditd_minval))) ?
|
||||
1 : 0;
|
||||
hard = (sfs.f_bfree < AUDIT_HARD_LIMIT_FREE_BLOCKS) ? 1 : 0;
|
||||
if (soft) {
|
||||
if (warn_soft)
|
||||
@ -367,7 +645,8 @@ void
|
||||
auditd_close_dirs(void)
|
||||
{
|
||||
free_dir_q();
|
||||
minval = -1;
|
||||
auditd_minval = -1;
|
||||
auditd_hostlen = -1;
|
||||
}
|
||||
|
||||
|
||||
@ -549,7 +828,7 @@ auditd_swap_trail(char *TS, char **newfile, gid_t gid,
|
||||
}
|
||||
|
||||
/* Try until we succeed. */
|
||||
while ((dirent = TAILQ_FIRST(&dir_q))) {
|
||||
TAILQ_FOREACH(dirent, &dir_q, dirs) {
|
||||
if (dirent->hardlim)
|
||||
continue;
|
||||
if ((fn = affixdir(timestr, dirent)) == NULL)
|
||||
@ -606,6 +885,28 @@ auditd_swap_trail(char *TS, char **newfile, gid_t gid,
|
||||
* ADE_NOERR on success,
|
||||
* ADE_SETAUDIT if setaudit(2) fails.
|
||||
*/
|
||||
#ifdef __APPLE__
|
||||
int
|
||||
auditd_prevent_audit(void)
|
||||
{
|
||||
auditinfo_addr_t aia;
|
||||
|
||||
/*
|
||||
* To prevent event feedback cycles and avoid audit becoming stalled if
|
||||
* auditing is suspended we mask this processes events from being
|
||||
* audited. We allow the uid, tid, and mask fields to be implicitly
|
||||
* set to zero, but do set the audit session ID to the PID.
|
||||
*
|
||||
* XXXRW: Is there more to it than this?
|
||||
*/
|
||||
bzero(&aia, sizeof(aia));
|
||||
aia.ai_asid = AU_ASSIGN_ASID;
|
||||
aia.ai_termid.at_type = AU_IPv4;
|
||||
if (setaudit_addr(&aia, sizeof(aia)) != 0)
|
||||
return (ADE_SETAUDIT);
|
||||
return (ADE_NOERR);
|
||||
}
|
||||
#else
|
||||
int
|
||||
auditd_prevent_audit(void)
|
||||
{
|
||||
@ -625,6 +926,7 @@ auditd_prevent_audit(void)
|
||||
return (ADE_SETAUDIT);
|
||||
return (ADE_NOERR);
|
||||
}
|
||||
#endif /* __APPLE__ */
|
||||
|
||||
/*
|
||||
* Generate and submit audit record for audit startup or shutdown. The event
|
||||
@ -713,7 +1015,7 @@ auditd_new_curlink(char *curfile)
|
||||
strlcpy(newname, recoveredname, MAXPATHLEN);
|
||||
|
||||
if ((ptr = strstr(newname, NOT_TERMINATED)) != NULL) {
|
||||
strlcpy(ptr, CRASH_RECOVERY, TIMESTAMP_LEN);
|
||||
memcpy(ptr, CRASH_RECOVERY, POSTFIX_LEN);
|
||||
if (rename(recoveredname, newname) != 0)
|
||||
return (ADE_RENAME);
|
||||
} else
|
||||
@ -750,9 +1052,10 @@ int
|
||||
audit_quick_start(void)
|
||||
{
|
||||
int err;
|
||||
char *newfile;
|
||||
char *newfile = NULL;
|
||||
time_t tt;
|
||||
char TS[TIMESTAMP_LEN];
|
||||
int ret = 0;
|
||||
|
||||
/*
|
||||
* Mask auditing of this process.
|
||||
@ -773,20 +1076,26 @@ audit_quick_start(void)
|
||||
if (getTSstr(tt, TS, TIMESTAMP_LEN) != 0)
|
||||
return (-1);
|
||||
err = auditd_swap_trail(TS, &newfile, getgid(), NULL);
|
||||
if (err != ADE_NOERR && err != ADE_ACTL)
|
||||
return (-1);
|
||||
if (err != ADE_NOERR && err != ADE_ACTL) {
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/*
|
||||
* Add the current symlink and recover from crash, if needed.
|
||||
*/
|
||||
if (auditd_new_curlink(newfile) != 0)
|
||||
return(-1);
|
||||
if (auditd_new_curlink(newfile) != 0) {
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/*
|
||||
* At this point auditing has started so generate audit start-up record.
|
||||
*/
|
||||
if (auditd_gen_record(AUE_audit_startup, NULL) != 0)
|
||||
return (-1);
|
||||
if (auditd_gen_record(AUE_audit_startup, NULL) != 0) {
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/*
|
||||
* Configure the audit controls.
|
||||
@ -798,7 +1107,11 @@ audit_quick_start(void)
|
||||
(void) auditd_set_minfree();
|
||||
(void) auditd_set_host();
|
||||
|
||||
return (0);
|
||||
out:
|
||||
if (newfile != NULL)
|
||||
free(newfile);
|
||||
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -855,7 +1168,7 @@ audit_quick_stop(void)
|
||||
strlcpy(newname, oldname, len);
|
||||
|
||||
if ((ptr = strstr(newname, NOT_TERMINATED)) != NULL) {
|
||||
strlcpy(ptr, TS, TIMESTAMP_LEN);
|
||||
memcpy(ptr, TS, POSTFIX_LEN);
|
||||
if (rename(oldname, newname) != 0)
|
||||
return (-1);
|
||||
} else
|
||||
|
@ -23,7 +23,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#9 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#10 $
|
||||
.\"
|
||||
.Dd April 19, 2005
|
||||
.Dt AU_CONTROL 3
|
||||
@ -33,6 +33,7 @@
|
||||
.Nm endac ,
|
||||
.Nm getacdir ,
|
||||
.Nm getacmin ,
|
||||
.Nm getacexpire ,
|
||||
.Nm getacfilesz ,
|
||||
.Nm getacflg ,
|
||||
.Nm getacna ,
|
||||
@ -53,6 +54,8 @@
|
||||
.Ft int
|
||||
.Fn getacmin "int *min_val"
|
||||
.Ft int
|
||||
.Fn getacexpire "int *andflg, time_t *age, size_t *size"
|
||||
.Ft int
|
||||
.Fn getacfilesz "size_t *size_val"
|
||||
.Ft int
|
||||
.Fn getacflg "char *auditstr" "int len"
|
||||
@ -101,6 +104,24 @@ the passed
|
||||
variable.
|
||||
.Pp
|
||||
The
|
||||
.Fn getacexpire
|
||||
function
|
||||
returns the audit trail file expiration parameters in the passed
|
||||
.Vt int
|
||||
buffer
|
||||
.Fa andflg ,
|
||||
.Vt time_t
|
||||
buffer
|
||||
.Fa age
|
||||
and
|
||||
.Vt size_t
|
||||
buffer
|
||||
.Fa size .
|
||||
If the parameter is not specified in the
|
||||
.Xr audit_control 5
|
||||
file it is set to zero.
|
||||
.Pp
|
||||
The
|
||||
.Fn getacfilesz
|
||||
function
|
||||
returns the audit trail rotation size in the passed
|
||||
@ -153,6 +174,7 @@ to a numeric audit policy mask returned via
|
||||
The
|
||||
.Fn getacdir ,
|
||||
.Fn getacmin ,
|
||||
.Fn getacexpire ,
|
||||
.Fn getacflg ,
|
||||
.Fn getacna ,
|
||||
.Fn getacpol ,
|
||||
|
@ -26,7 +26,7 @@
|
||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_domain.3#1 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_domain.3#2 $
|
||||
.\"
|
||||
.Dd December 28, 2008
|
||||
.Dt AU_BSM_TO_DOMAIN 3
|
||||
@ -59,6 +59,7 @@ This call will fail if the BSM domain cannot be mapped into a local domain,
|
||||
which may occur if the socket token was generated on another operating
|
||||
system.
|
||||
.Pp
|
||||
The
|
||||
.Fn au_domain_to_bsm
|
||||
function accepts a local domain, and returns the BSM domain for it.
|
||||
This call cannot fail, and instead returns a BSM domain indicating to a later
|
||||
|
@ -26,7 +26,7 @@
|
||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_errno.3#3 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_errno.3#4 $
|
||||
.\"
|
||||
.Dd December 8, 2008
|
||||
.Dt AU_BSM_TO_ERRNO 3
|
||||
@ -64,6 +64,7 @@ This call will fail if the BSM error cannot be mapped into a local error
|
||||
number, which may occur if the return token was generated on another
|
||||
operating system.
|
||||
.Pp
|
||||
The
|
||||
.Fn au_errno_to_bsm
|
||||
function accepts a local
|
||||
.Xr errno 2
|
||||
@ -73,7 +74,7 @@ a later decoder that the error could not be encoded.
|
||||
.Pp
|
||||
The
|
||||
.Fn au_strerror
|
||||
converts a BSM error value to a string, generally by converting first to a
|
||||
function converts a BSM error value to a string, generally by converting first to a
|
||||
local error number and using the local
|
||||
.Xr strerror 3
|
||||
function, but will also work for errors that are not locally defined.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 2004 Apple Inc.
|
||||
* Copyright (c) 2004,2009 Apple Inc.
|
||||
* Copyright (c) 2006 Robert N. M. Watson
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -27,13 +27,14 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#24 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#28 $
|
||||
*/
|
||||
|
||||
#include <config/config.h>
|
||||
|
||||
#include <bsm/libbsm.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
@ -64,6 +65,32 @@ static char ptrmoved = 0;
|
||||
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Audit policy string token table for au_poltostr() and au_strtopol().
|
||||
*/
|
||||
struct audit_polstr {
|
||||
long ap_policy;
|
||||
const char *ap_str;
|
||||
};
|
||||
|
||||
static struct audit_polstr au_polstr[] = {
|
||||
{ AUDIT_CNT, "cnt" },
|
||||
{ AUDIT_AHLT, "ahlt" },
|
||||
{ AUDIT_ARGV, "argv" },
|
||||
{ AUDIT_ARGE, "arge" },
|
||||
{ AUDIT_SEQ, "seq" },
|
||||
{ AUDIT_WINDATA, "windata" },
|
||||
{ AUDIT_USER, "user" },
|
||||
{ AUDIT_GROUP, "group" },
|
||||
{ AUDIT_TRAIL, "trail" },
|
||||
{ AUDIT_PATH, "path" },
|
||||
{ AUDIT_SCNT, "scnt" },
|
||||
{ AUDIT_PUBLIC, "public" },
|
||||
{ AUDIT_ZONENAME, "zonename" },
|
||||
{ AUDIT_PERZONE, "perzone" },
|
||||
{ -1, NULL }
|
||||
};
|
||||
|
||||
/*
|
||||
* Returns the string value corresponding to the given label from the
|
||||
* configuration file.
|
||||
@ -111,6 +138,82 @@ getstrfromtype_locked(char *name, char **str)
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a given time value with a multiplier (seconds, hours, days, years) to
|
||||
* seconds. Return 0 on success.
|
||||
*/
|
||||
static int
|
||||
au_timetosec(time_t *seconds, u_long value, char mult)
|
||||
{
|
||||
if (NULL == seconds)
|
||||
return (-1);
|
||||
|
||||
switch(mult) {
|
||||
case 's':
|
||||
/* seconds */
|
||||
*seconds = (time_t)value;
|
||||
break;
|
||||
|
||||
case 'h':
|
||||
/* hours */
|
||||
*seconds = (time_t)value * 60 * 60;
|
||||
break;
|
||||
|
||||
case 'd':
|
||||
/* days */
|
||||
*seconds = (time_t)value * 60 * 60 * 24;
|
||||
break;
|
||||
|
||||
case 'y':
|
||||
/* years. Add a day for each 4th (leap) year. */
|
||||
*seconds = (time_t)value * 60 * 60 * 24 * 364 +
|
||||
((time_t)value / 4) * 60 * 60 * 24;
|
||||
break;
|
||||
|
||||
default:
|
||||
return (-1);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a given disk space value with a multiplier (bytes, kilobytes,
|
||||
* megabytes, gigabytes) to bytes. Return 0 on success.
|
||||
*/
|
||||
static int
|
||||
au_spacetobytes(size_t *bytes, u_long value, char mult)
|
||||
{
|
||||
if (NULL == bytes)
|
||||
return (-1);
|
||||
|
||||
switch(mult) {
|
||||
case 'B':
|
||||
case ' ':
|
||||
/* Bytes */
|
||||
*bytes = (size_t)value;
|
||||
break;
|
||||
|
||||
case 'K':
|
||||
/* Kilobytes */
|
||||
*bytes = (size_t)value * 1024;
|
||||
break;
|
||||
|
||||
case 'M':
|
||||
/* Megabytes */
|
||||
*bytes = (size_t)value * 1024 * 1024;
|
||||
break;
|
||||
|
||||
case 'G':
|
||||
/* Gigabytes */
|
||||
*bytes = (size_t)value * 1024 * 1024 * 1024;
|
||||
break;
|
||||
|
||||
default:
|
||||
return (-1);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a policy to a string. Return -1 on failure, or >= 0 representing
|
||||
* the actual size of the string placed in the buffer (excluding terminating
|
||||
@ -119,135 +222,24 @@ getstrfromtype_locked(char *name, char **str)
|
||||
ssize_t
|
||||
au_poltostr(long policy, size_t maxsize, char *buf)
|
||||
{
|
||||
int first;
|
||||
int first = 1;
|
||||
int i = 0;
|
||||
|
||||
if (maxsize < 1)
|
||||
return (-1);
|
||||
first = 1;
|
||||
buf[0] = '\0';
|
||||
|
||||
if (policy & AUDIT_CNT) {
|
||||
if (strlcat(buf, "cnt", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_AHLT) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
do {
|
||||
if (policy & au_polstr[i].ap_policy) {
|
||||
if (!first && strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "ahlt", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_ARGV) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
if (strlcat(buf, au_polstr[i].ap_str, maxsize) >=
|
||||
maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (strlcat(buf, "argv", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_ARGE) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "arge", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_SEQ) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "seq", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_WINDATA) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "windata", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_USER) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "user", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_GROUP) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "group", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_TRAIL) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "trail", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_PATH) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "path", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_SCNT) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "scnt", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_PUBLIC) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "public", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_ZONENAME) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "zonename", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
if (policy & AUDIT_PERZONE) {
|
||||
if (!first) {
|
||||
if (strlcat(buf, ",", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
}
|
||||
if (strlcat(buf, "perzone", maxsize) >= maxsize)
|
||||
return (-1);
|
||||
first = 0;
|
||||
}
|
||||
} while (NULL != au_polstr[++i].ap_str);
|
||||
|
||||
return (strlen(buf));
|
||||
}
|
||||
|
||||
@ -260,6 +252,7 @@ au_strtopol(const char *polstr, long *policy)
|
||||
{
|
||||
char *bufp, *string;
|
||||
char *buffer;
|
||||
int i, matched;
|
||||
|
||||
*policy = 0;
|
||||
buffer = strdup(polstr);
|
||||
@ -268,35 +261,17 @@ au_strtopol(const char *polstr, long *policy)
|
||||
|
||||
bufp = buffer;
|
||||
while ((string = strsep(&bufp, ",")) != NULL) {
|
||||
if (strcmp(string, "cnt") == 0)
|
||||
*policy |= AUDIT_CNT;
|
||||
else if (strcmp(string, "ahlt") == 0)
|
||||
*policy |= AUDIT_AHLT;
|
||||
else if (strcmp(string, "argv") == 0)
|
||||
*policy |= AUDIT_ARGV;
|
||||
else if (strcmp(string, "arge") == 0)
|
||||
*policy |= AUDIT_ARGE;
|
||||
else if (strcmp(string, "seq") == 0)
|
||||
*policy |= AUDIT_SEQ;
|
||||
else if (strcmp(string, "winau_fstat") == 0)
|
||||
*policy |= AUDIT_WINDATA;
|
||||
else if (strcmp(string, "user") == 0)
|
||||
*policy |= AUDIT_USER;
|
||||
else if (strcmp(string, "group") == 0)
|
||||
*policy |= AUDIT_GROUP;
|
||||
else if (strcmp(string, "trail") == 0)
|
||||
*policy |= AUDIT_TRAIL;
|
||||
else if (strcmp(string, "path") == 0)
|
||||
*policy |= AUDIT_PATH;
|
||||
else if (strcmp(string, "scnt") == 0)
|
||||
*policy |= AUDIT_SCNT;
|
||||
else if (strcmp(string, "public") == 0)
|
||||
*policy |= AUDIT_PUBLIC;
|
||||
else if (strcmp(string, "zonename") == 0)
|
||||
*policy |= AUDIT_ZONENAME;
|
||||
else if (strcmp(string, "perzone") == 0)
|
||||
*policy |= AUDIT_PERZONE;
|
||||
else {
|
||||
matched = i = 0;
|
||||
|
||||
do {
|
||||
if (strcmp(string, au_polstr[i].ap_str) == 0) {
|
||||
*policy |= au_polstr[i].ap_policy;
|
||||
matched = 1;
|
||||
break;
|
||||
}
|
||||
} while (NULL != au_polstr[++i].ap_str);
|
||||
|
||||
if (!matched) {
|
||||
free(buffer);
|
||||
errno = EINVAL;
|
||||
return (-1);
|
||||
@ -435,46 +410,65 @@ getacmin(int *min_val)
|
||||
int
|
||||
getacfilesz(size_t *filesz_val)
|
||||
{
|
||||
char *filesz, *dummy;
|
||||
long long ll;
|
||||
char *str;
|
||||
size_t val;
|
||||
char mult;
|
||||
int nparsed;
|
||||
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_lock(&mutex);
|
||||
#endif
|
||||
setac_locked();
|
||||
if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &filesz) < 0) {
|
||||
if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &str) < 0) {
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
return (-2);
|
||||
}
|
||||
if (filesz == NULL) {
|
||||
if (str == NULL) {
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
errno = EINVAL;
|
||||
return (1);
|
||||
}
|
||||
ll = strtoll(filesz, &dummy, 10);
|
||||
if (*dummy != '\0') {
|
||||
|
||||
/* Trim off any leading white space. */
|
||||
while (*str == ' ' || *str == '\t')
|
||||
str++;
|
||||
|
||||
nparsed = sscanf(str, "%ju%c", (uintmax_t *)&val, &mult);
|
||||
|
||||
switch (nparsed) {
|
||||
case 1:
|
||||
/* If no multiplier then assume 'B' (bytes). */
|
||||
mult = 'B';
|
||||
/* fall through */
|
||||
case 2:
|
||||
if (au_spacetobytes(filesz_val, val, mult) == 0)
|
||||
break;
|
||||
/* fall through */
|
||||
default:
|
||||
errno = EINVAL;
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
errno = EINVAL;
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/*
|
||||
* The file size must either be 0 or >= MIN_AUDIT_FILE_SIZE. 0
|
||||
* indicates no rotation size.
|
||||
*/
|
||||
if (ll < 0 || (ll > 0 && ll < MIN_AUDIT_FILE_SIZE)) {
|
||||
if (*filesz_val < 0 || (*filesz_val > 0 &&
|
||||
*filesz_val < MIN_AUDIT_FILE_SIZE)) {
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
filesz_val = 0L;
|
||||
errno = EINVAL;
|
||||
return (-1);
|
||||
}
|
||||
*filesz_val = ll;
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
@ -619,7 +613,109 @@ getachost(char *auditstr, size_t len)
|
||||
#endif
|
||||
return (-3);
|
||||
}
|
||||
strcpy(auditstr, str);
|
||||
strlcpy(auditstr, str, len);
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Set expiration conditions.
|
||||
*/
|
||||
static int
|
||||
setexpirecond(time_t *age, size_t *size, u_long value, char mult)
|
||||
{
|
||||
|
||||
if (isupper(mult) || ' ' == mult)
|
||||
return (au_spacetobytes(size, value, mult));
|
||||
else
|
||||
return (au_timetosec(age, value, mult));
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the expire-after field from the audit control file.
|
||||
*/
|
||||
int
|
||||
getacexpire(int *andflg, time_t *age, size_t *size)
|
||||
{
|
||||
char *str;
|
||||
int nparsed;
|
||||
u_long val1, val2;
|
||||
char mult1, mult2;
|
||||
char andor[AU_LINE_MAX];
|
||||
|
||||
*age = 0L;
|
||||
*size = 0LL;
|
||||
*andflg = 0;
|
||||
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_lock(&mutex);
|
||||
#endif
|
||||
setac_locked();
|
||||
if (getstrfromtype_locked(EXPIRE_AFTER_CONTROL_ENTRY, &str) < 0) {
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
return (-2);
|
||||
}
|
||||
if (str == NULL) {
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
return (1);
|
||||
}
|
||||
|
||||
/* First, trim off any leading white space. */
|
||||
while (*str == ' ' || *str == '\t')
|
||||
str++;
|
||||
|
||||
nparsed = sscanf(str, "%lu%c%[ \tadnorADNOR]%lu%c", &val1, &mult1,
|
||||
andor, &val2, &mult2);
|
||||
|
||||
switch (nparsed) {
|
||||
case 1:
|
||||
/* If no multiplier then assume 'B' (Bytes). */
|
||||
mult1 = 'B';
|
||||
/* fall through */
|
||||
case 2:
|
||||
/* One expiration condition. */
|
||||
if (setexpirecond(age, size, val1, mult1) != 0) {
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
return (-1);
|
||||
}
|
||||
break;
|
||||
|
||||
case 5:
|
||||
/* Two expiration conditions. */
|
||||
if (setexpirecond(age, size, val1, mult1) != 0 ||
|
||||
setexpirecond(age, size, val2, mult2) != 0) {
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
return (-1);
|
||||
}
|
||||
if (strcasestr(andor, "and") != NULL)
|
||||
*andflg = 1;
|
||||
else if (strcasestr(andor, "or") != NULL)
|
||||
*andflg = 0;
|
||||
else {
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
return (-1);
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
return (-1);
|
||||
}
|
||||
|
||||
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
||||
pthread_mutex_unlock(&mutex);
|
||||
#endif
|
||||
|
@ -26,7 +26,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#16 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#17 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -494,7 +494,7 @@ static const struct bsm_errno bsm_errnos[] = {
|
||||
#else
|
||||
ERRNO_NO_LOCAL_MAPPING,
|
||||
#endif
|
||||
ES("Malfored Macho file") },
|
||||
ES("Malformed Macho file") },
|
||||
{ BSM_ERRNO_EPOLICY,
|
||||
#ifdef EPOLICY
|
||||
EPOLICY,
|
||||
|
@ -32,7 +32,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#60 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#61 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -193,7 +193,7 @@ print_mem(FILE *fp, u_char *data, size_t len)
|
||||
if (len > 0) {
|
||||
fprintf(fp, "0x");
|
||||
for (i = 0; i < len; i++)
|
||||
fprintf(fp, "%x", data[i]);
|
||||
fprintf(fp, "%02x", data[i]);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 2004-2008 Apple Inc.
|
||||
* Copyright (c) 2004-2009 Apple Inc.
|
||||
* Copyright (c) 2005 SPARTA, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -30,7 +30,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#86 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#90 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -168,7 +168,7 @@ au_to_attr32(struct vnode_au_info *vni)
|
||||
token_t *t;
|
||||
u_char *dptr = NULL;
|
||||
u_int16_t pad0_16 = 0;
|
||||
u_int16_t pad0_32 = 0;
|
||||
u_int32_t pad0_32 = 0;
|
||||
|
||||
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) +
|
||||
3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t));
|
||||
@ -217,7 +217,7 @@ au_to_attr64(struct vnode_au_info *vni)
|
||||
token_t *t;
|
||||
u_char *dptr = NULL;
|
||||
u_int16_t pad0_16 = 0;
|
||||
u_int16_t pad0_32 = 0;
|
||||
u_int32_t pad0_32 = 0;
|
||||
|
||||
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) +
|
||||
3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2);
|
||||
@ -487,7 +487,8 @@ au_to_ipc_perm(struct ipc_perm *perm)
|
||||
u_char *dptr = NULL;
|
||||
u_int16_t pad0 = 0;
|
||||
|
||||
GET_TOKEN_AREA(t, dptr, 12 * sizeof(u_int16_t) + sizeof(u_int32_t));
|
||||
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 12 * sizeof(u_int16_t) +
|
||||
sizeof(u_int32_t));
|
||||
if (t == NULL)
|
||||
return (NULL);
|
||||
|
||||
@ -962,15 +963,15 @@ au_to_socket_ex(u_short so_domain, u_short so_type,
|
||||
5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t));
|
||||
else if (so_domain == AF_INET6)
|
||||
GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
|
||||
5 * sizeof(u_int16_t) + 16 * sizeof(u_int32_t));
|
||||
5 * sizeof(u_int16_t) + 8 * sizeof(u_int32_t));
|
||||
else {
|
||||
errno = EINVAL;
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
ADD_U_CHAR(dptr, AUT_SOCKET_EX);
|
||||
ADD_U_INT16(dptr, so_domain); /* XXXRW: explicitly convert? */
|
||||
ADD_U_INT16(dptr, so_type); /* XXXRW: explicitly convert? */
|
||||
ADD_U_INT16(dptr, au_domain_to_bsm(so_domain));
|
||||
ADD_U_INT16(dptr, au_socket_type_to_bsm(so_type));
|
||||
if (so_domain == AF_INET) {
|
||||
ADD_U_INT16(dptr, AU_IPv4);
|
||||
sin = (struct sockaddr_in *)sa_local;
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (c) 2004 Apple Inc.
|
||||
.\" Copyright (c) 2004-2009 Apple Inc.
|
||||
.\" Copyright (c) 2006 Robert N. M. Watson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
@ -26,9 +26,9 @@
|
||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#20 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#22 $
|
||||
.\"
|
||||
.Dd January 4, 2006
|
||||
.Dd January 29, 2009
|
||||
.Dt AUDIT_CONTROL 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -86,6 +86,18 @@ rotate the audit trail file at around this size.
|
||||
Sizes less than the minimum trail size (default of 512K) will be rejected as
|
||||
invalid.
|
||||
If 0, trail files will not be automatically rotated based on file size.
|
||||
For convenience, the trail size may be expressed with suffix letters:
|
||||
B (Bytes), K (Kilobytes), M (Megabytes), or G (Gigabytes).
|
||||
For example, 2M is the same as 2097152.
|
||||
.It Va expire-after
|
||||
Specifies when audit log files will expire and be removed.
|
||||
This may be after a time period has passed since the file was last
|
||||
written to or when the aggregate of all the trail files have reached a
|
||||
specified size or a combination of both.
|
||||
If no expire-after parameter is given then audit log files with not
|
||||
expire and be removed by the audit control system.
|
||||
See the information below for the format of the expiration
|
||||
specification.
|
||||
.El
|
||||
.Sh AUDIT FLAGS
|
||||
Audit flags are a comma-delimited list of audit classes as defined in the
|
||||
@ -170,6 +182,51 @@ flag but not
|
||||
.Cm ahlt
|
||||
flag unless it is intended that audit logs exceeding available disk space
|
||||
halt the system.
|
||||
.Sh AUDIT LOG EXPIRATION SPECIFICATION
|
||||
The expiration specification can be one value or two values with the
|
||||
logical conjunction of AND/OR between them.
|
||||
Values for the audit log file age are numbers with the following
|
||||
suffixes:
|
||||
.Pp
|
||||
.Bl -tag -width "(space) or" -compact -offset indent
|
||||
.It Li s
|
||||
Log file age in seconds.
|
||||
.It Li h
|
||||
Log file age in hours.
|
||||
.It Li d
|
||||
Log file age in days.
|
||||
.It Li y
|
||||
Log file age in years.
|
||||
.El
|
||||
.Pp
|
||||
Values for the disk space used are numbers with the following suffixes:
|
||||
.Pp
|
||||
.Bl -tag -width "(space) or" -compact -offset indent
|
||||
.It (space) or
|
||||
.It Li B
|
||||
Disk space used in Bytes.
|
||||
.It Li K
|
||||
Disk space used in Kilobytes.
|
||||
.It Li M
|
||||
Disk space used in Megabytes.
|
||||
.It Li G
|
||||
Disk space used in Gigabytes.
|
||||
.El
|
||||
.Pp
|
||||
The suffixes on the values are case sensitive.
|
||||
If both an age and disk space value are used they are seperated by
|
||||
AND or OR and both values are used to determine when audit
|
||||
log files expire.
|
||||
In the case of AND, both the age and disk space conditions must be meet
|
||||
before the log file is removed.
|
||||
In the case of OR, either condition may expire the log file.
|
||||
For example:
|
||||
.Bd -literal -offset indent
|
||||
expire-after: 60d AND 1G
|
||||
.Ed
|
||||
.Pp
|
||||
will expire files that are older than 60 days but only if 1
|
||||
gigabyte of disk space total is being used by the audit logs.
|
||||
.Sh DEFAULT
|
||||
The following settings appear in the default
|
||||
.Nm
|
||||
@ -177,10 +234,10 @@ file:
|
||||
.Bd -literal -offset indent
|
||||
dir:/var/audit
|
||||
flags:lo
|
||||
minfree:20
|
||||
minfree:5
|
||||
naflags:lo
|
||||
policy:cnt
|
||||
filesz:0
|
||||
policy:cnt,argv
|
||||
filesz:2097152
|
||||
.Ed
|
||||
.Pp
|
||||
The
|
||||
@ -190,9 +247,12 @@ events.
|
||||
The
|
||||
.Va policy
|
||||
parameter specifies that the system should neither fail stop nor suspend
|
||||
processes when the audit store fills.
|
||||
The trail file will not be automatically rotated by the audit daemon based on
|
||||
file size.
|
||||
processes when the audit store fills and that command line arguments should
|
||||
be audited for
|
||||
.Dv AUE_EXECVE
|
||||
events.
|
||||
The trail file will be automatically rotated by the audit daemon when the
|
||||
file size reaches approximately 2MB.
|
||||
.Sh FILES
|
||||
.Bl -tag -width ".Pa /etc/security/audit_control" -compact
|
||||
.It Pa /etc/security/audit_control
|
||||
|
@ -1,4 +1,5 @@
|
||||
.\"-
|
||||
.\" Copyright (c) 2008-2009 Apple Inc.
|
||||
.\" Copyright (c) 2005 Robert N. M. Watson
|
||||
.\" Copyright (c) 2005 Tom Rhodes
|
||||
.\" Copyright (c) 2005 Wayne J. Salamon
|
||||
@ -25,7 +26,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#14 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#15 $
|
||||
.\"
|
||||
.Dd July 10, 2008
|
||||
.Dt AUDITON 2
|
||||
@ -405,9 +406,15 @@ trigger values:
|
||||
file),
|
||||
.Dv AUDIT_TRIGGER_CLOSE_AND_DIE
|
||||
(close the current log file and exit),
|
||||
or
|
||||
.Dv AUDIT_TRIGGER_NO_SPACE
|
||||
(no disk space left for audit log file).
|
||||
.Dv AUDIT_TRIGGER_ROTATE_USER
|
||||
(request audit log file rotation).
|
||||
.Dv AUDIT_TRIGGER_INITIALIZE
|
||||
(initialize audit subsystem for Mac OS X only).
|
||||
or
|
||||
.Dv AUDIT_TRIGGER_EXPIRE_TRAILS
|
||||
(request audit log file expiration).
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Rv -std
|
||||
|
@ -26,7 +26,7 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#4 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#5 $
|
||||
*/
|
||||
|
||||
#ifndef _BSM_AUDIT_H
|
||||
@ -65,8 +65,9 @@
|
||||
#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */
|
||||
#define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */
|
||||
#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests rotate. */
|
||||
#define AUDIT_TRIGGER_INITIALIZE 7 /* Initialize audit. */
|
||||
#define AUDIT_TRIGGER_MAX 7
|
||||
#define AUDIT_TRIGGER_INITIALIZE 7 /* User initialize of auditd. */
|
||||
#define AUDIT_TRIGGER_EXPIRE_TRAILS 8 /* User expiration of trails. */
|
||||
#define AUDIT_TRIGGER_MAX 8
|
||||
|
||||
/*
|
||||
* The special device filename (FreeBSD).
|
||||
|
@ -26,7 +26,7 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#4 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#5 $
|
||||
*/
|
||||
|
||||
#ifndef _BSM_AUDIT_KEVENTS_H_
|
||||
@ -586,6 +586,8 @@
|
||||
#define AUE_CAP_GETMODE 43189 /* TrustedBSD. */
|
||||
#define AUE_POSIX_SPAWN 43190 /* Darwin. */
|
||||
#define AUE_FSGETPATH 43191 /* Darwin. */
|
||||
#define AUE_PREAD 43192 /* Darwin/FreeBSD. */
|
||||
#define AUE_PWRITE 43193 /* Darwin/FreeBSD. */
|
||||
|
||||
/*
|
||||
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
|
||||
@ -657,7 +659,6 @@
|
||||
/*
|
||||
* Possible desired future values based on review of BSD/Darwin system calls.
|
||||
*/
|
||||
#define AUE_ACCESSEXTENDED AUE_NULL
|
||||
#define AUE_ATGETMSG AUE_NULL
|
||||
#define AUE_ATPUTMSG AUE_NULL
|
||||
#define AUE_ATSOCKET AUE_NULL
|
||||
@ -668,11 +669,9 @@
|
||||
#define AUE_BSDTHREADCREATE AUE_NULL
|
||||
#define AUE_BSDTHREADTERMINATE AUE_NULL
|
||||
#define AUE_BSDTHREADREGISTER AUE_NULL
|
||||
#define AUE_CHMODEXTENDED AUE_NULL
|
||||
#define AUE_CHUD AUE_NULL
|
||||
#define AUE_CSOPS AUE_NULL
|
||||
#define AUE_DUP AUE_NULL
|
||||
#define AUE_FCHMODEXTENDED AUE_NULL
|
||||
#define AUE_FDATASYNC AUE_NULL
|
||||
#define AUE_FFSCTL AUE_NULL
|
||||
#define AUE_FGETATTRLIST AUE_NULL
|
||||
@ -682,11 +681,10 @@
|
||||
#define AUE_FSCTL AUE_NULL
|
||||
#define AUE_FSETATTRLIST AUE_NULL
|
||||
#define AUE_FSETXATTR AUE_NULL
|
||||
#define AUE_FSTATEXTENDED AUE_NULL
|
||||
#define AUE_FSTATFS64 AUE_NULL
|
||||
#define AUE_FSTATV AUE_NULL
|
||||
#define AUE_FSTAT64 AUE_NULL
|
||||
#define AUE_FSTAT64EXTENDED AUE_NULL
|
||||
#define AUE_FSTAT64_EXTENDED AUE_NULL
|
||||
#define AUE_GCCONTROL AUE_NULL
|
||||
#define AUE_GETDIRENTRIES64 AUE_NULL
|
||||
#define AUE_GETDTABLESIZE AUE_NULL
|
||||
@ -720,21 +718,15 @@
|
||||
#define AUE_ISSETUGID AUE_NULL
|
||||
#define AUE_LIOLISTIO AUE_NULL
|
||||
#define AUE_LISTXATTR AUE_NULL
|
||||
#define AUE_LSTATEXTENDED AUE_NULL
|
||||
#define AUE_LSTATV AUE_NULL
|
||||
#define AUE_LSTAT64 AUE_NULL
|
||||
#define AUE_LSTAT64EXTENDED AUE_NULL
|
||||
#define AUE_LSTAT64_EXTENDED AUE_NULL
|
||||
#define AUE_MADVISE AUE_NULL
|
||||
#define AUE_MINCORE AUE_NULL
|
||||
#define AUE_MKCOMPLEX AUE_NULL
|
||||
#define AUE_MKDIREXTENDED AUE_NULL
|
||||
#define AUE_MKFIFOEXTENDED AUE_NULL
|
||||
#define AUE_MODWATCH AUE_NULL
|
||||
#define AUE_MSGCL AUE_NULL
|
||||
#define AUE_MSYNC AUE_NULL
|
||||
#define AUE_OPENEXTENDED AUE_NULL
|
||||
#define AUE_PREAD AUE_NULL
|
||||
#define AUE_PWRITE AUE_NULL
|
||||
#define AUE_PREADV AUE_NULL
|
||||
#define AUE_PROCINFO AUE_NULL
|
||||
#define AUE_PTHREADCANCELED AUE_NULL
|
||||
@ -778,15 +770,13 @@
|
||||
#define AUE_SIGWAIT AUE_NULL
|
||||
#define AUE_SSTK AUE_NULL
|
||||
#define AUE_STACKSNAPSHOT AUE_NULL
|
||||
#define AUE_STATEXTENDED AUE_NULL
|
||||
#define AUE_STATFS64 AUE_NULL
|
||||
#define AUE_STATV AUE_NULL
|
||||
#define AUE_STAT64 AUE_NULL
|
||||
#define AUE_STAT64EXTENDED AUE_NULL
|
||||
#define AUE_STAT64_EXTENDED AUE_NULL
|
||||
#define AUE_SYNC AUE_NULL
|
||||
#define AUE_SYSCALL AUE_NULL
|
||||
#define AUE_TABLE AUE_NULL
|
||||
#define AUE_UMASKEXTENDED AUE_NULL
|
||||
#define AUE_VMPRESSUREMONITOR AUE_NULL
|
||||
#define AUE_WAITEVENT AUE_NULL
|
||||
#define AUE_WAITID AUE_NULL
|
||||
|
@ -23,7 +23,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#7 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#8 $
|
||||
*/
|
||||
|
||||
#include <bsm/libbsm.h>
|
||||
@ -80,6 +80,8 @@ audump_control(void)
|
||||
char string[PATH_MAX], string2[PATH_MAX];
|
||||
int ret, val;
|
||||
long policy;
|
||||
time_t age;
|
||||
size_t size;
|
||||
|
||||
ret = getacflg(string, PATH_MAX);
|
||||
if (ret == -2)
|
||||
@ -126,6 +128,32 @@ audump_control(void)
|
||||
if (au_poltostr(policy, PATH_MAX, string2) < 0)
|
||||
err(-1, "au_poltostr");
|
||||
printf("policy:%s\n", string2);
|
||||
|
||||
ret = getacfilesz(&size);
|
||||
if (ret == -2)
|
||||
err(-1, "getacfilesz");
|
||||
if (ret != 0)
|
||||
err(-1, "getacfilesz: %d", ret);
|
||||
|
||||
printf("filesz:%ldB\n", size);
|
||||
|
||||
|
||||
ret = getachost(string, PATH_MAX);
|
||||
if (ret == -2)
|
||||
err(-1, "getachost");
|
||||
if (ret == -3)
|
||||
err(-1, "getachost: %d", ret);
|
||||
if (ret == 0 && ret != 1)
|
||||
printf("host:%s\n", string);
|
||||
|
||||
ret = getacexpire(&val, &age, &size);
|
||||
if (ret == -2)
|
||||
err(-1, "getacexpire");
|
||||
if (ret == -1)
|
||||
err(-1, "getacexpire: %d", ret);
|
||||
if (ret == 0 && ret != 1)
|
||||
printf("expire-after:%ldB %s %lds\n", size,
|
||||
val ? "AND" : "OR", age);
|
||||
}
|
||||
|
||||
static void
|
||||
|
Loading…
Reference in New Issue
Block a user