d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating

Browse Source 
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:

- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
  flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
  error number space.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Sponsored by:	Apple, Inc.
Approved by:	re (kib)
This commit is contained in:
rwatson 2009-07-17 14:02:20 +00:00
parent 88f8de4d40
commit d77b22ca31
18 changed files with 317 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
contrib/openbsm/NEWS
View File

@ -1,5 +1,14 @@
OpenBSM Version History
OpenBSM 1.1p1
- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
error number space.
OpenBSM 1.1
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
@ -449,4 +458,4 @@ OpenBSM 1.0 alpha 1
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
$P4: //depot/projects/trustedbsd/openbsm/NEWS#40 $
$P4: //depot/projects/trustedbsd/openbsm/NEWS#42 $

2
contrib/openbsm/VERSION
View File

@ -1 +1 @@
OPENBSM_1_1
OPENBSM_1_1p1

20
contrib/openbsm/config/config.h
View File

@ -1,15 +1,14 @@
/* config/config.h. Generated from config.h.in by configure. */
/* config/config.h.in. Generated from configure.ac by autoheader. */
/* $FreeBSD$ */
/* Define to 1 if you have the `alarm' function. */
#define HAVE_ALARM 1
/* Define if audit system calls present */
#define HAVE_AUDIT_SYSCALLS
#define HAVE_AUDIT_SYSCALLS /**/
/* Define if be32enc is present */
#define HAVE_BE32ENC
#define HAVE_BE32ENC /**/
/* Define to 1 if you have the `bzero' function. */
#define HAVE_BZERO 1
@ -33,7 +32,7 @@
#define HAVE_FTRUNCATE 1
/* Define if queue.h includes LIST_FIRST */
#define HAVE_FULL_QUEUE_H
#define HAVE_FULL_QUEUE_H /**/
/* Define to 1 if you have the `gettimeofday' function. */
#define HAVE_GETTIMEOFDAY 1
@ -153,7 +152,7 @@
/* Define to 1 if `lstat' dereferences a symlink specified with a trailing
slash. */
/* #undef LSTAT_FOLLOWS_SLASHED_SYMLINK */
#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1
/* Name of package */
#define PACKAGE "OpenBSM"
@ -165,13 +164,13 @@
#define PACKAGE_NAME "OpenBSM"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "OpenBSM 1.1beta1"
#define PACKAGE_STRING "OpenBSM 1.1p1"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "openbsm"
/* Define to the version of this package. */
#define PACKAGE_VERSION "1.1beta1"
#define PACKAGE_VERSION "1.1p1"
/* Define as the return type of signal handlers (`int' or `void'). */
#define RETSIGTYPE void
@ -189,10 +188,13 @@
/* #undef USE_MACH_IPC */
/* Define to use native include files */
#define USE_NATIVE_INCLUDES
#define USE_NATIVE_INCLUDES /**/
/* Version number of package */
#define VERSION "1.1beta1"
#define VERSION "1.1p1"
/* Use extended API on platforms that require it */
#define _GNU_SOURCE /**/
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */

22
contrib/openbsm/configure vendored
View File

@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#51 .
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#52 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.62 for OpenBSM 1.1.
# Generated by GNU Autoconf 2.62 for OpenBSM 1.1p1.
#
# Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
#
@ -751,8 +751,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='OpenBSM'
PACKAGE_TARNAME='openbsm'
PACKAGE_VERSION='1.1'
PACKAGE_STRING='OpenBSM 1.1'
PACKAGE_VERSION='1.1p1'
PACKAGE_STRING='OpenBSM 1.1p1'
PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
ac_unique_file="bin/auditreduce/auditreduce.c"
@ -1492,7 +1492,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures OpenBSM 1.1 to adapt to many kinds of systems.
\`configure' configures OpenBSM 1.1p1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1562,7 +1562,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of OpenBSM 1.1:";;
short | recursive ) echo "Configuration of OpenBSM 1.1p1:";;
esac
cat <<\_ACEOF
@ -1671,7 +1671,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
OpenBSM configure 1.1
OpenBSM configure 1.1p1
generated by GNU Autoconf 2.62
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@ -1685,7 +1685,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by OpenBSM $as_me 1.1, which was
It was created by OpenBSM $as_me 1.1p1, which was
generated by GNU Autoconf 2.62. Invocation command line was
$ $0 $@
@ -19662,7 +19662,7 @@ fi
# Define the identity of the package.
PACKAGE=OpenBSM
VERSION=1.1
VERSION=1.1p1
cat >>confdefs.h <<_ACEOF
@ -24400,7 +24400,7 @@ exec 6>&1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by OpenBSM $as_me 1.1, which was
This file was extended by OpenBSM $as_me 1.1p1, which was
generated by GNU Autoconf 2.62. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -24453,7 +24453,7 @@ Report bugs to <bug-autoconf@gnu.org>."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_version="\\
OpenBSM config.status 1.1
OpenBSM config.status 1.1p1
configured by $0, generated by GNU Autoconf 2.62,
with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"

4
contrib/openbsm/configure.ac
View File

@ -2,8 +2,8 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59)
AC_INIT([OpenBSM], [1.1], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#52 $])
AC_INIT([OpenBSM], [1.1p1], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#53 $])
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
AC_CONFIG_AUX_DIR(config)
AC_CONFIG_HEADER([config/config.h])

3
contrib/openbsm/etc/audit_event
View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#39 $
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#40 $
# $FreeBSD$
#
# The mapping between event identifiers and values is also hard-coded in
@ -556,6 +556,7 @@
43193:AUE_PWRITE:pwrite(2):no
43194:AUE_FSCTL:fsctl():fm
43195:AUE_FFSCTL:ffsctl():fm
43196:AUE_LPATHCONF:lpathconf(2):fa
#
# Solaris userspace events.
#

4
contrib/openbsm/libauditd/auditd_lib.c
View File

@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#10 $
* $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#11 $
*/
#include <sys/param.h>
@ -130,7 +130,7 @@ static char *auditd_errmsg[] = {
#define MAXERRCODE (sizeof(auditd_errmsg) / sizeof(auditd_errmsg[0]))
#define NA_EVENT_STR_SIZE 25
#define NA_EVENT_STR_SIZE 128
#define POL_STR_SIZE 128

10
contrib/openbsm/libbsm/bsm_control.c
View File

@ -27,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#33 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#34 $
*/
#include <config/config.h>
@ -121,9 +121,13 @@ getstrfromtype_locked(char *name, char **str)
if (linestr[0] == '#')
continue;
/* Remove trailing new line character. */
if ((nl = strrchr(linestr, '\n')) != NULL)
/* Remove trailing new line character and white space. */
nl = strchr(linestr, '\0') - 1;
while (nl >= linestr && ('\n' == *nl || ' ' == *nl ||
'\t' == *nl)) {
*nl = '\0';
nl--;
}
tokptr = linestr;
if ((type = strtok_r(tokptr, delim, &last)) != NULL) {

100
contrib/openbsm/libbsm/bsm_errno.c
View File

@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#17 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#19 $
*/
#include <sys/types.h>
@ -453,6 +453,104 @@ static const struct bsm_errno bsm_errnos[] = {
{ BSM_ERRNO_EINPROGRESS, EINPROGRESS,
ES("Operation now in progress") },
{ BSM_ERRNO_ESTALE, ESTALE, ES("Stale NFS file handle") },
{ BSM_ERRNO_EPROCLIM,
#ifdef EPROCLIM
EPROCLIM,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Too many processes") },
{ BSM_ERRNO_EBADRPC,
#ifdef EBADRPC
EBADRPC,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("RPC struct is bad") },
{ BSM_ERRNO_ERPCMISMATCH,
#ifdef ERPCMISMATCH
ERPCMISMATCH,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("RPC version wrong") },
{ BSM_ERRNO_EPROGUNAVAIL,
#ifdef EPROGUNAVAIL
EPROGUNAVAIL,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("RPC prog. not avail") },
{ BSM_ERRNO_EPROGMISMATCH,
#ifdef EPROGMISMATCH
EPROGMISMATCH,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("RPC version wrong") },
{ BSM_ERRNO_EPROCUNAVAIL,
#ifdef EPROCUNAVAIL
EPROCUNAVAIL,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Bad procedure for program") },
{ BSM_ERRNO_EFTYPE,
#ifdef EFTYPE
EFTYPE,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Inappropriate file type or format") },
{ BSM_ERRNO_EAUTH,
#ifdef EAUTH
EAUTH,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Authenticateion error") },
{ BSM_ERRNO_ENEEDAUTH,
#ifdef ENEEDAUTH
ENEEDAUTH,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Need authenticator") },
{ BSM_ERRNO_ENOATTR,
#ifdef ENOATTR
ENOATTR,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Attribute not found") },
{ BSM_ERRNO_EDOOFUS,
#ifdef EDOOFUS
EDOOFUS,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Programming error") },
{ BSM_ERRNO_EJUSTRETURN,
#ifdef EJUSTRETURN
EJUSTRETURN,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Just return") },
{ BSM_ERRNO_ENOIOCTL,
#ifdef ENOIOCTL
ENOIOCTL,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("ioctl not handled by this layer") },
{ BSM_ERRNO_EDIRIOCTL,
#ifdef EDIRIOCTL
EDIRIOCTL,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("do direct ioctl in GEOM") },
{ BSM_ERRNO_EPWROFF,
#ifdef EPWROFF
EPWROFF,

14
contrib/openbsm/libbsm/bsm_io.c
View File

@ -32,7 +32,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#62 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#63 $
*/
#include <sys/types.h>
@ -3176,19 +3176,25 @@ print_sock_inet128_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
/*
* socket family 2 bytes
* path 104 bytes
* path (up to) 104 bytes + NULL (NULL terminated string).
*/
static int
fetch_sock_unix_tok(tokenstr_t *tok, u_char *buf, int len)
{
int err = 0;
u_char *p;
int slen;
READ_TOKEN_U_INT16(buf, len, tok->tt.sockunix.family, tok->len, err);
if (err)
return (-1);
READ_TOKEN_BYTES(buf, len, tok->tt.sockunix.path, 104, tok->len,
err);
/* slen = strnlen((buf + tok->len), 104) + 1; */
p = (u_char *)memchr((const void *)(buf + tok->len), '\0', 104);
slen = (p ? (int)(p - (buf + tok->len)) : 104) + 1;
READ_TOKEN_BYTES(buf, len, tok->tt.sockunix.path, slen, tok->len, err);
if (err)
return (-1);

27
contrib/openbsm/libbsm/bsm_token.c
View File

@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#91 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 $
*/
#include <sys/types.h>
@ -996,7 +996,7 @@ au_to_socket_ex(u_short so_domain, u_short so_type,
/*
* token ID 1 byte
* socket family 2 bytes
* path 104 bytes
* path (up to) 104 bytes + NULL (NULL terminated string)
*/
token_t *
au_to_sock_unix(struct sockaddr_un *so)
@ -1270,12 +1270,27 @@ token_t *
au_to_me(void)
{
auditinfo_t auinfo;
auditinfo_addr_t aia;
if (getaudit(&auinfo) != 0)
return (NULL);
/*
* Try to use getaudit_addr(2) first. If this kernel does not support
* it, then fall back on to getaudit(2).
*/
if (getaudit_addr(&aia, sizeof(aia)) != 0) {
if (errno == ENOSYS) {
if (getaudit(&auinfo) != 0)
return (NULL);
return (au_to_subject32(auinfo.ai_auid, geteuid(),
getegid(), getuid(), getgid(), getpid(),
auinfo.ai_asid, &auinfo.ai_termid));
} else {
/* getaudit_addr(2) failed for some other reason. */
return (NULL);
}
}
return (au_to_subject32(auinfo.ai_auid, geteuid(), getegid(),
getuid(), getgid(), getpid(), auinfo.ai_asid, &auinfo.ai_termid));
return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
getgid(), getpid(), aia.ai_asid, &aia.ai_termid));
}
#endif

18
contrib/openbsm/man/audit_control.5
View File

@ -26,9 +26,9 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#22 $
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#23 $
.\"
.Dd January 29, 2009
.Dd May 14, 2009
.Dt AUDIT_CONTROL 5
.Os
.Sh NAME
@ -94,7 +94,7 @@ Specifies when audit log files will expire and be removed.
This may be after a time period has passed since the file was last
written to or when the aggregate of all the trail files have reached a
specified size or a combination of both.
If no expire-after parameter is given then audit log files with not
If no expire-after parameter is given then audit log files will not
expire and be removed by the audit control system.
See the information below for the format of the expiration
specification.
@ -217,7 +217,7 @@ The suffixes on the values are case sensitive.
If both an age and disk space value are used they are seperated by
AND or OR and both values are used to determine when audit
log files expire.
In the case of AND, both the age and disk space conditions must be meet
In the case of AND, both the age and disk space conditions must be met
before the log file is removed.
In the case of OR, either condition may expire the log file.
For example:
@ -233,17 +233,18 @@ The following settings appear in the default
file:
.Bd -literal -offset indent
dir:/var/audit
flags:lo
flags:lo,aa
minfree:5
naflags:lo
naflags:lo,aa
policy:cnt,argv
filesz:2097152
filesz:2M
expire-after:10M
.Ed
.Pp
The
.Va flags
parameter above specifies the system-wide mask corresponding to login/logout
events.
as well as authentication and authorization events.
The
.Va policy
parameter specifies that the system should neither fail stop nor suspend
@ -253,6 +254,7 @@ be audited for
events.
The trail file will be automatically rotated by the audit daemon when the
file size reaches approximately 2MB.
Trail files will expire when their aggregate size exceeds 10MB.
.Sh FILES
.Bl -tag -width ".Pa /etc/security/audit_control" -compact
.It Pa /etc/security/audit_control

7
contrib/openbsm/sys/bsm/audit.h
View File

@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 $
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#10 $
*/
#ifndef _BSM_AUDIT_H
@ -172,6 +172,7 @@ typedef pid_t au_asid_t;
typedef u_int16_t au_event_t;
typedef u_int16_t au_emod_t;
typedef u_int32_t au_class_t;
typedef u_int64_t au_asflgs_t __attribute__ ((aligned (8)));
struct au_tid {
dev_t port;
@ -205,7 +206,7 @@ struct auditinfo_addr {
au_mask_t ai_mask; /* Audit masks. */
au_tid_addr_t ai_termid; /* Terminal ID. */
au_asid_t ai_asid; /* Audit session ID. */
u_int64_t ai_flags; /* Audit session flags. */
au_asflgs_t ai_flags; /* Audit session flags. */
};
typedef struct auditinfo_addr auditinfo_addr_t;
@ -224,7 +225,7 @@ struct auditpinfo_addr {
au_mask_t ap_mask; /* Audit masks. */
au_tid_addr_t ap_termid; /* Terminal ID. */
au_asid_t ap_asid; /* Audit session ID. */
u_int64_t ap_flags; /* Audit session flags. */
au_asflgs_t ap_flags; /* Audit session flags. */
};
typedef struct auditpinfo_addr auditpinfo_addr_t;

3
contrib/openbsm/sys/bsm/audit_kevents.h
View File

@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#6 $
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#8 $
*/
#ifndef _BSM_AUDIT_KEVENTS_H_
@ -596,6 +596,7 @@
#define AUE_PWRITE 43193 /* Darwin/FreeBSD. */
#define AUE_FSCTL 43194 /* Darwin. */
#define AUE_FFSCTL 43195 /* Darwin. */
#define AUE_LPATHCONF 43196 /* FreeBSD. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the

7
sys/bsm/audit.h
View File

@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9
* P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#10
* $FreeBSD$
*/
@ -173,6 +173,7 @@ typedef pid_t au_asid_t;
typedef u_int16_t au_event_t;
typedef u_int16_t au_emod_t;
typedef u_int32_t au_class_t;
typedef u_int64_t au_asflgs_t __attribute__ ((aligned (8)));
struct au_tid {
dev_t port;
@ -206,7 +207,7 @@ struct auditinfo_addr {
au_mask_t ai_mask; /* Audit masks. */
au_tid_addr_t ai_termid; /* Terminal ID. */
au_asid_t ai_asid; /* Audit session ID. */
u_int64_t ai_flags; /* Audit session flags. */
au_asflgs_t ai_flags; /* Audit session flags. */
};
typedef struct auditinfo_addr auditinfo_addr_t;
@ -225,7 +226,7 @@ struct auditpinfo_addr {
au_mask_t ap_mask; /* Audit masks. */
au_tid_addr_t ap_termid; /* Terminal ID. */
au_asid_t ap_asid; /* Audit session ID. */
u_int64_t ap_flags; /* Audit session flags. */
au_asflgs_t ap_flags; /* Audit session flags. */
};
typedef struct auditpinfo_addr auditpinfo_addr_t;

2
sys/bsm/audit_kevents.h
View File

@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#6
* P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#7
* $FreeBSD$
*/

100
sys/security/audit/audit_bsm_errno.c
View File

@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#17
* P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18
*/
#include <sys/cdefs.h>
@ -455,6 +455,104 @@ static const struct bsm_errno bsm_errnos[] = {
{ BSM_ERRNO_EINPROGRESS, EINPROGRESS,
ES("Operation now in progress") },
{ BSM_ERRNO_ESTALE, ESTALE, ES("Stale NFS file handle") },
{ BSM_ERRNO_EPROCLIM,
#ifdef EPROCLIM
EPROCLIM,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Too many processes") },
{ BSM_ERRNO_EBADRPC,
#ifdef EBADRPC
EBADRPC,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("RPC struct is bad") },
{ BSM_ERRNO_ERPCMISMATCH,
#ifdef ERPCMISMATCH
ERPCMISMATCH,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("RPC version wrong") },
{ BSM_ERRNO_EPROGUNAVAIL,
#ifdef EPROGUNAVAIL
EPROGUNAVAIL,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("RPC prog. not avail") },
{ BSM_ERRNO_EPROGMISMATCH,
#ifdef EPROGMISMATCH
EPROGMISMATCH,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("RPC version wrong") },
{ BSM_ERRNO_EPROCUNAVAIL,
#ifdef EPROCUNAVAIL
EPROCUNAVAIL,
#else
ERRNO_NO_LOCAL_MAPPING
#endif
ES("Bad procedure for program") },
{ BSM_ERRNO_EFTYPE,
#ifdef EFTYPE
EFTYPE,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Inappropriate file type or format") },
{ BSM_ERRNO_EAUTH,
#ifdef EAUTH
EAUTH,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Authenticateion error") },
{ BSM_ERRNO_ENEEDAUTH,
#ifdef ENEEDAUTH
ENEEDAUTH,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Need authenticator") },
{ BSM_ERRNO_ENOATTR,
#ifdef ENOATTR
ENOATTR,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Attribute not found") },
{ BSM_ERRNO_EDOOFUS,
#ifdef EDOOFUS
EDOOFUS,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Programming error") },
{ BSM_ERRNO_EJUSTRETURN,
#ifdef EJUSTRETURN
EJUSTRETURN,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Just return") },
{ BSM_ERRNO_ENOIOCTL,
#ifdef ENOIOCTL
ENOIOCTL,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("ioctl not handled by this layer") },
{ BSM_ERRNO_EDIRIOCTL,
#ifdef EDIRIOCTL
EDIRIOCTL,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("do direct ioctl in GEOM") },
{ BSM_ERRNO_EPWROFF,
#ifdef EPWROFF
EPWROFF,

27
sys/security/audit/audit_bsm_token.c
View File

@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#91
* P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93
*/
#include <sys/cdefs.h>
@ -930,7 +930,7 @@ kau_to_socket(struct socket_au_info *soi)
/*
* token ID 1 byte
* socket family 2 bytes
* path 104 bytes
* path (up to) 104 bytes + NULL (NULL terminated string)
*/
token_t *
au_to_sock_unix(struct sockaddr_un *so)
@ -1188,12 +1188,27 @@ token_t *
au_to_me(void)
{
auditinfo_t auinfo;
auditinfo_addr_t aia;
if (getaudit(&auinfo) != 0)
return (NULL);
/*
* Try to use getaudit_addr(2) first. If this kernel does not support
* it, then fall back on to getaudit(2).
*/
if (getaudit_addr(&aia, sizeof(aia)) != 0) {
if (errno == ENOSYS) {
if (getaudit(&auinfo) != 0)
return (NULL);
return (au_to_subject32(auinfo.ai_auid, geteuid(),
getegid(), getuid(), getgid(), getpid(),
auinfo.ai_asid, &auinfo.ai_termid));
} else {
/* getaudit_addr(2) failed for some other reason. */
return (NULL);
}
}
return (au_to_subject32(auinfo.ai_auid, geteuid(), getegid(),
getuid(), getgid(), getpid(), auinfo.ai_asid, &auinfo.ai_termid));
return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
getgid(), getpid(), aia.ai_asid, &aia.ai_termid));
}
#endif