Merge OpenBSM alpha 4 from OpenBSM vendor branch to head, both

contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).  Add libauditd build parts and add to auditd's linkage;
force libbsm to build before libauditd.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1 alpha 4

- With the addition of BSM error number mapping, we also need to map the
  local error number passed to audit_submit(3) to a BSM error number,
  rather than have the caller perform that conversion.
- Reallocate user audit events to avoid collisions with Solaris; adopt a
  more formal allocation scheme, and add some events allocated in Solaris
  that will be of immediate use on other platforms.
- Add an event for Calife.
- Add au_strerror(3), which allows generating strings for BSM errors
  directly, rather than requiring applications to map to the local error
  space, which might not be able to entirely represent the BSM error
  number space.
- Major auditd rewrite for launchd(8) support.  Add libauditd library
  that is shared between launchd and auditd.
- Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for
  (re)starting auditing under launchd(8) on Mac OS X.
- Add 'current' symlink to active audit trail.
- Add crash recovery of previous audit trail file when detected on audit
  startup that it has not been properly terminated.
- Add the event AUE_audit_recovery to indicated when an audit trail file
  has been recovered from not being properly terminated.  This event is
  stored in the new audit trail file and includes the path of recovered
  audit trail file.
- Mac OS X and FreeBSD dependent code in auditd.c is separated into
  auditd_darwin.c and auditd_fbsd.c files.
- Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system
  calls.
- For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
- Add support for NOTICE level logging.

OpenBSM 1.1 alpha 3

- Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map
  between BSM error numbers (largely the Solaris definitions) and local
  errno(2) values for 32-bit and 64-bit return tokens.  This is required
  as operating systems don't agree on some of the values of more recent
  error numbers.
- Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the
  total size for the token.  This buge.
- Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.
This commit is contained in:
rwatson 2008-12-31 11:12:24 +00:00
commit e52e71cb6e
137 changed files with 6048 additions and 1308 deletions

View File

@ -1,15 +1,23 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/Makefile.am#3 $
# $P4: //depot/projects/trustedbsd/openbsm/Makefile.am#4 $
#
SUBDIRS = \
bsm \
bsm
if HAVE_AUDIT_SYSCALLS
SUBDIRS += \
libauditd
endif
SUBDIRS += \
libbsm \
bin \
man \
modules \
sys
EXTRA_DIST = \
CHANGELOG \
LICENSE \

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/Makefile.in#8 $
# $P4: //depot/projects/trustedbsd/openbsm/Makefile.in#9 $
#
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
@ -35,6 +35,9 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@HAVE_AUDIT_SYSCALLS_TRUE@am__append_1 = \
@HAVE_AUDIT_SYSCALLS_TRUE@ libauditd
subdir = .
DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in $(top_srcdir)/config/config.h.in \
@ -63,7 +66,7 @@ RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
DIST_SUBDIRS = bsm libauditd libbsm bin man modules sys
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@ -183,14 +186,7 @@ sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = \
bsm \
libbsm \
bin \
man \
modules \
sys
SUBDIRS = bsm $(am__append_1) libbsm bin man modules sys
EXTRA_DIST = \
CHANGELOG \
LICENSE \

View File

@ -1,5 +1,50 @@
OpenBSM Version History
OpenBSM 1.1 alpha 4
- With the addition of BSM error number mapping, we also need to map the
local error number passed to audit_submit(3) to a BSM error number, rather
than have the caller perform that conversion.
- Reallocate user audit events to avoid collisions with Solaris; adopt a more
formal allocation scheme, and add some events allocated in Solaris that
will be of immediate use on other platforms.
- Add an event for Calife.
- Add au_strerror(3), which allows generating strings for BSM errors
directly, rather than requiring applications to map to the local error
space, which might not be able to entirely represent the BSM error number
space.
- Major auditd rewrite for launchd(8) support. Add libauditd library that is
shared between launchd and auditd.
- Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for (re)starting
auditing under launchd(8) on Mac OS X.
- Add 'current' symlink to active audit trail.
- Add crash recovery of previous audit trail file when detected on audit
startup that it has not been properly terminated.
- Add the event AUE_audit_recovery to indicated when an audit trail file has
been recovered from not being properly terminated. This event is stored
in the new audit trail file and includes the path of recovered audit trail
file.
- Mac OS X and FreeBSD dependent code in auditd.c is separated into
auditd_darwin.c and auditd_fbsd.c files.
- Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system calls.
- For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
- Add support for NOTICE level logging.
OpenBSM 1.1 alpha 3
- Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map
between BSM error numbers (largely the Solaris definitions) and local
errno(2) values for 32-bit and 64-bit return tokens. This is required as
operating systems don't agree on some of the values of more recent error
numbers.
- Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the total
size for the token. This bug resulted in "unknown" tokens being printed
after the exec args/env tokens.
- Support for AUT_SOCKET_EX extended socket tokens, which describe a socket
using a pair of IPv4/IPv6 and port tuples.
- OpenBSM BSM file header version bumped for 1.1 release.
- Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.
OpenBSM 1.1 alpha 2
- Include files in OpenBSM are now broken out into two parts: library builds
@ -348,4 +393,4 @@ OpenBSM 1.0 alpha 1
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
$P4: //depot/projects/trustedbsd/openbsm/NEWS#9 $
$P4: //depot/projects/trustedbsd/openbsm/NEWS#21 $

View File

@ -1,4 +1,4 @@
OpenBSM 1.1 alpha 1
OpenBSM 1.1 alpha 4
Introduction
@ -19,6 +19,7 @@ OpenBSM consists of several directories:
bsm/ Library include files for BSM
compat/ Compatibility code to build on various OS's
etc/ Sample /etc/security configuration files
libauditd Common audit management functions for auditd and launchd
libbsm/ Implementation of BSM library interfaces and man pages
man/ System call and configuration file man pages
modules/ Directory for auditfilterd module source
@ -55,4 +56,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page:
http://www.TrustedBSD.org/
$P4: //depot/projects/trustedbsd/openbsm/README#32 $
$P4: //depot/projects/trustedbsd/openbsm/README#34 $

View File

@ -20,5 +20,7 @@ OpenBSM TODO
- Document audit_warn event arguments.
- Allow the path /etc/security to be configured at configure-time so that
alternative locations can be used.
- NLS support for au_strerror(3), which provides error strings for BSM errors
not available on the local OS platform.
$P4: //depot/projects/trustedbsd/openbsm/TODO#11 $
$P4: //depot/projects/trustedbsd/openbsm/TODO#12 $

View File

@ -1 +1 @@
OPENBSM_1_1_ALPHA_2
OPENBSM_1_1_ALPHA_4

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.in#8 $
# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.in#10 $
#
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@

View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#4 $
# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#6 $
#
if USE_NATIVE_INCLUDES
@ -13,11 +13,11 @@ audit_LDADD = $(top_builddir)/libbsm/libbsm.la
man8_MANS = audit.8
if USE_MACH_IPC
audit_SOURCES = auditd_control_user.c audit.c
CLEANFILES = auditd_control_user.c auditd_control_user.h
audit_SOURCES = auditd_controlUser.c audit.c
CLEANFILES = auditd_controlUser.c auditd_control.h
auditd_control_user.c: $(top_srcdir)/bin/auditd/auditd_control.defs
$(MIG) -user auditd_control_user.c -header auditd_control_user.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs
auditd_controlUser.c auditd_control.h: $(top_srcdir)/bin/auditd/auditd_control.defs
$(MIG) -user auditd_controlUser.c -header auditd_control.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs
else
audit_SOURCES = audit.c
endif

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#9 $
# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#11 $
#
VPATH = @srcdir@
@ -49,9 +49,9 @@ CONFIG_CLEAN_FILES =
am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(sbin_PROGRAMS)
am__audit_SOURCES_DIST = audit.c auditd_control_user.c
am__audit_SOURCES_DIST = audit.c auditd_controlUser.c
@USE_MACH_IPC_FALSE@am_audit_OBJECTS = audit.$(OBJEXT)
@USE_MACH_IPC_TRUE@am_audit_OBJECTS = auditd_control_user.$(OBJEXT) \
@USE_MACH_IPC_TRUE@am_audit_OBJECTS = auditd_controlUser.$(OBJEXT) \
@USE_MACH_IPC_TRUE@ audit.$(OBJEXT)
audit_OBJECTS = $(am_audit_OBJECTS)
audit_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
@ -188,8 +188,8 @@ top_srcdir = @top_srcdir@
audit_LDADD = $(top_builddir)/libbsm/libbsm.la
man8_MANS = audit.8
@USE_MACH_IPC_FALSE@audit_SOURCES = audit.c
@USE_MACH_IPC_TRUE@audit_SOURCES = auditd_control_user.c audit.c
@USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_user.c auditd_control_user.h
@USE_MACH_IPC_TRUE@audit_SOURCES = auditd_controlUser.c audit.c
@USE_MACH_IPC_TRUE@CLEANFILES = auditd_controlUser.c auditd_control.h
all: all-am
.SUFFIXES:
@ -262,7 +262,7 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_control_user.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_controlUser.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@ -521,8 +521,8 @@ uninstall-man: uninstall-man8
uninstall-sbinPROGRAMS
@USE_MACH_IPC_TRUE@auditd_control_user.c: $(top_srcdir)/bin/auditd/auditd_control.defs
@USE_MACH_IPC_TRUE@ $(MIG) -user auditd_control_user.c -header auditd_control_user.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs
@USE_MACH_IPC_TRUE@auditd_controlUser.c auditd_control.h: $(top_srcdir)/bin/auditd/auditd_control.defs
@USE_MACH_IPC_TRUE@ $(MIG) -user auditd_controlUser.c -header auditd_control.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

View File

@ -25,9 +25,9 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#11 $
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#13 $
.\"
.Dd October 2, 2006
.Dd December 11, 2008
.Dt AUDIT 8
.Os
.Sh NAME
@ -35,7 +35,7 @@
.Nd audit management utility
.Sh SYNOPSIS
.Nm
.Fl n | s | t
.Fl i | n | s | t
.Sh DESCRIPTION
The
.Nm
@ -43,6 +43,13 @@ utility controls the state of the audit system.
One of the following flags is required as an argument to
.Nm :
.Bl -tag -width indent
.It Fl i
Initializes and starts auditing.
This option is currently for Mac OS X only
and requires
.Xr auditd 8
to be configured to run under
.Xr launchd 8 .
.It Fl n
Forces the audit system to close the existing audit log file and rotate to
a new log file in a location specified in the audit control file.
@ -59,6 +66,13 @@ and renamed to indicate the time of the shutdown.
The
.Xr auditd 8
daemon must already be running.
Optionally, it can be configured to be started
on-demand by
.Xr launchd 8
(Mac OS X only).
The
.Nm
utility requires audit administrator privileges for successful operation.
.Sh FILES
.Bl -tag -width ".Pa /etc/security/audit_control" -compact
.It Pa /etc/security/audit_control
@ -67,7 +81,8 @@ Audit policy file used to configure the auditing system.
.Sh SEE ALSO
.Xr audit 4 ,
.Xr audit_control 5 ,
.Xr auditd 8
.Xr auditd 8 ,
.Xr launchd 8
.Sh HISTORY
The OpenBSM implementation was created by McAfee Research, the security
division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.

View File

@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#11 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#13 $
*/
/*
* Program to trigger the audit daemon with a message that is either:
@ -47,6 +47,7 @@
#include <bsm/libbsm.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@ -64,7 +65,15 @@ static int send_trigger(unsigned int);
#include <mach/host_special_ports.h>
#include <servers/bootstrap.h>
#include "auditd_control_user.h"
#include "auditd_control.h"
/*
* XXX the following is temporary until this can be added to the kernel
* audit.h header.
*/
#ifndef AUDIT_TRIGGER_INITIALIZE
#define AUDIT_TRIGGER_INITIALIZE 7
#endif
static int
send_trigger(unsigned int trigger)
@ -74,7 +83,12 @@ send_trigger(unsigned int trigger)
error = host_get_audit_control_port(mach_host_self(), &serverPort);
if (error != KERN_SUCCESS) {
mach_error("Cannot get auditd_control Mach port: ", error);
if (geteuid() != 0) {
errno = EPERM;
perror("audit requires root privileges");
} else
mach_error("Cannot get auditd_control Mach port:",
error);
return (-1);
}
@ -96,7 +110,10 @@ send_trigger(unsigned int trigger)
error = auditon(A_SENDTRIGGER, &trigger, sizeof(trigger));
if (error != 0) {
perror("Error sending trigger");
if (error == EPERM)
perror("audit requires root privileges");
else
perror("Error sending trigger");
return (-1);
}
@ -108,7 +125,7 @@ static void
usage(void)
{
(void)fprintf(stderr, "Usage: audit -n | -s | -t \n");
(void)fprintf(stderr, "Usage: audit -i | -n | -s | -t \n");
exit(-1);
}
@ -124,9 +141,13 @@ main(int argc, char **argv)
if (argc != 2)
usage();
while ((ch = getopt(argc, argv, "nst")) != -1) {
while ((ch = getopt(argc, argv, "inst")) != -1) {
switch(ch) {
case 'i':
trigger = AUDIT_TRIGGER_INITIALIZE;
break;
case 'n':
trigger = AUDIT_TRIGGER_ROTATE_USER;
break;

View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#4 $
# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#5 $
#
if USE_NATIVE_INCLUDES
@ -9,18 +9,18 @@ INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys
endif
sbin_PROGRAMS = auditd
auditd_LDADD = $(top_builddir)/libbsm/libbsm.la
auditd_LDADD = $(top_builddir)/libbsm/libbsm.la $(top_builddir)/libauditd/libauditd.la
man8_MANS = auditd.8
if USE_MACH_IPC
auditd_SOURCES = auditd_control_server.c audit_triggers_server.c audit_warn.c auditd.c
CLEANFILES = auditd_control_server.c auditd_control_server.h audit_triggers_server.c audit_triggers_server.h
auditd_SOURCES = auditd_controlServer.c audit_triggersServer.c audit_warn.c auditd.c auditd_darwin.c
CLEANFILES = auditd_control_server.c auditd_controlServer.h audit_triggersServer.c audit_triggersServer.h
auditd_control_server.c: auditd_control.defs
$(MIG) -user /dev/null -header /dev/null -server auditd_control_server.c -sheader auditd_control_server.h $(top_srcdir)/bin/auditd/auditd_control.defs
auditd_controlServer.c auditd_controlServer.h: auditd_control.defs
$(MIG) -user /dev/null -header /dev/null -server auditd_controlServer.c -sheader auditd_controlServer.h $(top_srcdir)/bin/auditd/auditd_control.defs
audit_triggers_server.c: audit_triggers.defs
$(MIG) -user /dev/null -header /dev/null -server audit_triggers_server.c -sheader audit_triggers_server.h $(top_srcdir)/bin/auditd/audit_triggers.defs
audit_triggersServer.c audit_triggersServer.h: audit_triggers.defs
$(MIG) -user /dev/null -header /dev/null -server audit_triggersServer.c -sheader audit_triggersServer.h $(top_srcdir)/bin/auditd/audit_triggers.defs
else
auditd_SOURCES = audit_warn.c auditd.c
auditd_SOURCES = audit_warn.c auditd.c auditd_fbsd.c
endif

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#9 $
# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#10 $
#
VPATH = @srcdir@
@ -49,16 +49,17 @@ CONFIG_CLEAN_FILES =
am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(sbin_PROGRAMS)
am__auditd_SOURCES_DIST = audit_warn.c auditd.c \
auditd_control_server.c audit_triggers_server.c
am__auditd_SOURCES_DIST = audit_warn.c auditd.c auditd_fbsd.c \
auditd_controlServer.c audit_triggersServer.c auditd_darwin.c
@USE_MACH_IPC_FALSE@am_auditd_OBJECTS = audit_warn.$(OBJEXT) \
@USE_MACH_IPC_FALSE@ auditd.$(OBJEXT)
@USE_MACH_IPC_TRUE@am_auditd_OBJECTS = \
@USE_MACH_IPC_TRUE@ auditd_control_server.$(OBJEXT) \
@USE_MACH_IPC_TRUE@ audit_triggers_server.$(OBJEXT) \
@USE_MACH_IPC_TRUE@ audit_warn.$(OBJEXT) auditd.$(OBJEXT)
@USE_MACH_IPC_FALSE@ auditd.$(OBJEXT) auditd_fbsd.$(OBJEXT)
@USE_MACH_IPC_TRUE@am_auditd_OBJECTS = auditd_controlServer.$(OBJEXT) \
@USE_MACH_IPC_TRUE@ audit_triggersServer.$(OBJEXT) \
@USE_MACH_IPC_TRUE@ audit_warn.$(OBJEXT) auditd.$(OBJEXT) \
@USE_MACH_IPC_TRUE@ auditd_darwin.$(OBJEXT)
auditd_OBJECTS = $(am_auditd_OBJECTS)
auditd_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
auditd_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la \
$(top_builddir)/libauditd/libauditd.la
DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/config/depcomp
am__depfiles_maybe = depfiles
@ -189,11 +190,11 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys
@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir)
auditd_LDADD = $(top_builddir)/libbsm/libbsm.la
auditd_LDADD = $(top_builddir)/libbsm/libbsm.la $(top_builddir)/libauditd/libauditd.la
man8_MANS = auditd.8
@USE_MACH_IPC_FALSE@auditd_SOURCES = audit_warn.c auditd.c
@USE_MACH_IPC_TRUE@auditd_SOURCES = auditd_control_server.c audit_triggers_server.c audit_warn.c auditd.c
@USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_server.c auditd_control_server.h audit_triggers_server.c audit_triggers_server.h
@USE_MACH_IPC_FALSE@auditd_SOURCES = audit_warn.c auditd.c auditd_fbsd.c
@USE_MACH_IPC_TRUE@auditd_SOURCES = auditd_controlServer.c audit_triggersServer.c audit_warn.c auditd.c auditd_darwin.c
@USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_server.c auditd_controlServer.h audit_triggersServer.c audit_triggersServer.h
all: all-am
.SUFFIXES:
@ -265,10 +266,12 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit_triggers_server.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit_triggersServer.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit_warn.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_control_server.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_controlServer.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_darwin.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_fbsd.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@ -527,11 +530,11 @@ uninstall-man: uninstall-man8
uninstall-sbinPROGRAMS
@USE_MACH_IPC_TRUE@auditd_control_server.c: auditd_control.defs
@USE_MACH_IPC_TRUE@ $(MIG) -user /dev/null -header /dev/null -server auditd_control_server.c -sheader auditd_control_server.h $(top_srcdir)/bin/auditd/auditd_control.defs
@USE_MACH_IPC_TRUE@auditd_controlServer.c auditd_controlServer.h: auditd_control.defs
@USE_MACH_IPC_TRUE@ $(MIG) -user /dev/null -header /dev/null -server auditd_controlServer.c -sheader auditd_controlServer.h $(top_srcdir)/bin/auditd/auditd_control.defs
@USE_MACH_IPC_TRUE@audit_triggers_server.c: audit_triggers.defs
@USE_MACH_IPC_TRUE@ $(MIG) -user /dev/null -header /dev/null -server audit_triggers_server.c -sheader audit_triggers_server.h $(top_srcdir)/bin/auditd/audit_triggers.defs
@USE_MACH_IPC_TRUE@audit_triggersServer.c audit_triggersServer.h: audit_triggers.defs
@USE_MACH_IPC_TRUE@ $(MIG) -user /dev/null -header /dev/null -server audit_triggersServer.c -sheader audit_triggersServer.h $(top_srcdir)/bin/auditd/audit_triggers.defs
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

View File

@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#9 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#10 $
*/
#include <sys/types.h>
@ -71,20 +71,15 @@ auditwarnlog(char *args[])
}
/*
* Indicates that the hard limit for all filesystems has been exceeded count
* times.
* Indicates that the hard limit for all filesystems has been exceeded.
*/
int
audit_warn_allhard(int count)
audit_warn_allhard(void)
{
char intstr[12];
char *args[3];
snprintf(intstr, 12, "%d", count);
char *args[2];
args[0] = HARDLIM_ALL_WARN;
args[1] = intstr;
args[2] = NULL;
args[1] = NULL;
return (auditwarnlog(args));
}

View File

@ -25,9 +25,9 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#14 $
.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#16 $
.\"
.Dd October 2, 2006
.Dd December 11, 2008
.Dt AUDITD 8
.Os
.Sh NAME
@ -35,7 +35,7 @@
.Nd audit log management daemon
.Sh SYNOPSIS
.Nm
.Op Fl d
.Op Fl d | l
.Sh DESCRIPTION
The
.Nm
@ -50,7 +50,16 @@ The options are as follows:
.Bl -tag -width indent
.It Fl d
Starts the daemon in debug mode \[em] it will not daemonize.
.It Fl l
This option is for when
.Nm
is configured to start on-demand using
.Xr launchd 8 .
.El
.Pp
Optionally, the audit review group "audit" may be created.
Non-privileged
users that are members of this group may read the audit trail log files.
.Sh NOTE
To assure uninterrupted audit support, the
.Nm
@ -63,20 +72,33 @@ the
.Pa audit_control
file.
.Pp
.\" Sending a
.\" .Dv SIGHUP
.\" to a running
.\" .Nm
.\" daemon will force it to exit.
Sending a
.Dv SIGTERM
to a running
If
.Nm
daemon will force it to exit.
is started on-demand by
.Xr launchd 8
then auditing should only be started and stopped with
.Xr audit 8 .
.Pp
On Mac OS X,
.Nm
uses the
.Xr asl 3
API for writing system log messages.
Therefore, only the audit administrator
and members of the audit review group will be able to read the
system log entries.
.Sh FILES
.Bl -tag -width ".Pa /var/audit" -compact
.Bl -tag -width ".Pa /etc/security" -compact
.It Pa /var/audit
Default directory for storing audit log files.
.Pp
.It Pa /etc/security
The directory containing the auditing configuration files
.Xr audit_class 5 ,
.Xr audit_control 5 ,
.Xr audit_event 5 ,
and
.Xr audit_warn 5 .
.El
.Sh COMPATIBILITY
The historical
@ -92,9 +114,14 @@ and
and are no longer available as arguments to
.Nm .
.Sh SEE ALSO
.Xr asl 3 ,
.Xr audit 4 ,
.Xr audit_class 5 ,
.Xr audit_control 5 ,
.Xr audit 8
.Xr audit_event 5 ,
.Xr audit_warn 5 ,
.Xr audit 8 ,
.Xr launchd 8
.Sh HISTORY
The OpenBSM implementation was created by McAfee Research, the security
division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.

File diff suppressed because it is too large Load Diff

View File

@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#11 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#12 $
*/
#ifndef _AUDITD_H_
@ -46,17 +46,6 @@
*/
#define AUDIT_REVIEW_GROUP "audit"
#define NOT_TERMINATED "not_terminated"
#define POSTFIX_LEN (sizeof("YYYYMMDDhhmmss") - 1)
#define FILENAME_LEN ((2 * POSTFIX_LEN) + 2)
#define TIMESTAMP_LEN (POSTFIX_LEN + 1)
struct dir_ent {
char *dirname;
char softlim;
TAILQ_ENTRY(dir_ent) dirs;
};
#define HARDLIM_ALL_WARN "allhard"
#define SOFTLIM_ALL_WARN "allsoft"
#define AUDITOFF_WARN "auditoff"
@ -72,7 +61,11 @@ struct dir_ent {
#define AUDITWARN_SCRIPT "/etc/security/audit_warn"
#define AUDITD_PIDFILE "/var/run/auditd.pid"
int audit_warn_allhard(int count);
#define AUD_STATE_INIT -1
#define AUD_STATE_DISABLED 0
#define AUD_STATE_ENABLED 1
int audit_warn_allhard(void);
int audit_warn_allsoft(void);
int audit_warn_auditoff(void);
int audit_warn_closefile(char *filename);
@ -84,4 +77,24 @@ int audit_warn_postsigterm(void);
int audit_warn_soft(char *filename);
int audit_warn_tmpfile(void);
void auditd_openlog(int debug, gid_t gid);
void auditd_log_err(const char *fmt, ...);
void auditd_log_debug(const char *fmt, ...);
void auditd_log_info(const char *fmt, ...);
void auditd_log_notice(const char *fmt, ...);
void auditd_set_state(int state);
int auditd_get_state(void);
int auditd_open_trigger(int launchd_flag);
int auditd_close_trigger(void);
void auditd_handle_trigger(int trigger);
void auditd_wait_for_events(void);
void auditd_relay_signal(int signal);
void auditd_terminate(void);
int auditd_config_controls(void);
void auditd_reap_children(void);
#endif /* !_AUDITD_H_ */

View File

@ -0,0 +1,484 @@
/*-
* Copyright (c) 2004-2008 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#2 $
*/
#include <sys/types.h>
#include <config/config.h>
#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#include <unistd.h>
#include <bsm/audit.h>
#include <bsm/audit_uevents.h>
#include <bsm/auditd_lib.h>
#include <bsm/libbsm.h>
#include <asl.h>
#include <launch.h>
#include <notify.h>
#include <mach/port.h>
#include <mach/mach_error.h>
#include <mach/mach_traps.h>
#include <mach/mach.h>
#include <mach/host_special_ports.h>
#include "auditd.h"
#include "auditd_controlServer.h"
#include "audit_triggersServer.h"
/*
* Apple System Logger Handles.
*/
static aslmsg au_aslmsg = NULL;
static aslclient au_aslclient = NULL;
static mach_port_t control_port = MACH_PORT_NULL;
static mach_port_t signal_port = MACH_PORT_NULL;
static mach_port_t port_set = MACH_PORT_NULL;
/*
* Current auditing state (cache).
*/
static int auditing_state = AUD_STATE_INIT;
/*
* Maximum idle time before auditd terminates under launchd.
* If it is zero then auditd does not timeout while idle.
*/
static int max_idletime = 0;
#ifndef __BSM_INTERNAL_NOTIFY_KEY
#define __BSM_INTERNAL_NOTIFY_KEY "com.apple.audit.change"
#endif /* __BSM_INTERNAL_NOTIFY_KEY */
#ifndef __AUDIT_LAUNCHD_LABEL
#define __AUDIT_LAUNCHD_LABEL "org.trustedbsd.auditd"
#endif /* __AUDIT_LAUNCHD_LABEL */
#define MAX_MSG_SIZE 4096
/*
* Open and set up system logging.
*/
void
auditd_openlog(int debug, gid_t gid)
{
uint32_t opt = 0;
char *cp = NULL;
if (debug)
opt = ASL_OPT_STDERR;
au_aslclient = asl_open("auditd", "org.trustedbsd.auditd", opt);
au_aslmsg = asl_new(ASL_TYPE_MSG);
#ifdef ASL_KEY_READ_UID
/*
* Make it only so the audit administrator and members of the audit
* review group (if used) have access to the auditd system log messages.
*/
asl_set(au_aslmsg, ASL_KEY_READ_UID, "0");
asprintf(&cp, "%u", gid);
if (cp != NULL) {
#ifdef ASL_KEY_READ_GID
asl_set(au_aslmsg, ASL_KEY_READ_GID, cp);
#endif
free(cp);
}
#endif
/*
* Set the client-side system log filtering.
*/
if (debug)
asl_set_filter(au_aslclient,
ASL_FILTER_MASK_UPTO(ASL_LEVEL_DEBUG));
else
asl_set_filter(au_aslclient,
ASL_FILTER_MASK_UPTO(ASL_LEVEL_INFO));
}
/*
* Log messages at different priority levels.
*/
void
auditd_log_err(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
asl_vlog(au_aslclient, au_aslmsg, ASL_LEVEL_ERR, fmt, ap);
va_end(ap);
}
void
auditd_log_notice(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
asl_vlog(au_aslclient, au_aslmsg, ASL_LEVEL_NOTICE, fmt, ap);
va_end(ap);
}
void
auditd_log_info(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
asl_vlog(au_aslclient, au_aslmsg, ASL_LEVEL_INFO, fmt, ap);
va_end(ap);
}
void
auditd_log_debug(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
asl_vlog(au_aslclient, au_aslmsg, ASL_LEVEL_DEBUG, fmt, ap);
va_end(ap);
}
/*
* Get the auditing state from the kernel and cache it.
*/
static void
init_audit_state(void)
{
long au_cond;
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
if (errno != ENOSYS) {
auditd_log_err("Audit status check failed (%s)",
strerror(errno));
}
auditing_state = AUD_STATE_DISABLED;
} else
if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED)
auditing_state = AUD_STATE_DISABLED;
else
auditing_state = AUD_STATE_ENABLED;
}
/*
* Update the cached auditing state. Let other tasks that may be caching it
* as well to update their state via notify(3).
*/
void
auditd_set_state(int state)
{
int old_auditing_state = auditing_state;
if (state == AUD_STATE_INIT)
init_audit_state();
else
auditing_state = state;
if (auditing_state != old_auditing_state) {
notify_post(__BSM_INTERNAL_NOTIFY_KEY);
if (auditing_state == AUD_STATE_ENABLED)
auditd_log_notice("Auditing enabled");
if (auditing_state == AUD_STATE_DISABLED)
auditd_log_notice("Auditing disabled");
}
}
/*
* Get the cached auditing state.
*/
int
auditd_get_state(void)
{
if (auditing_state == AUD_STATE_INIT) {
init_audit_state();
notify_post(__BSM_INTERNAL_NOTIFY_KEY);
}
return (auditing_state);
}
/*
* Lookup the audit mach port in the launchd dictionary.
*/
static mach_port_t
lookup_machport(const char *label)
{
launch_data_t msg, msd, ld, cdict, to;
mach_port_t mp = MACH_PORT_NULL;
msg = launch_data_new_string(LAUNCH_KEY_CHECKIN);
cdict = launch_msg(msg);
if (cdict == NULL) {
auditd_log_err("launch_msg(\"" LAUNCH_KEY_CHECKIN
"\") IPC failure: %m");
return (MACH_PORT_NULL);
}
if (launch_data_get_type(cdict) == LAUNCH_DATA_ERRNO) {
errno = launch_data_get_errno(cdict);
auditd_log_err("launch_data_get_type() can't get dict: %m");
return (MACH_PORT_NULL);
}
to = launch_data_dict_lookup(cdict, LAUNCH_JOBKEY_TIMEOUT);
if (to) {
max_idletime = launch_data_get_integer(to);
auditd_log_debug("launchd timeout set to %d", max_idletime);
} else {
auditd_log_debug("launchd timeout not set, setting to 60");
max_idletime = 60;
}
msd = launch_data_dict_lookup(cdict, LAUNCH_JOBKEY_MACHSERVICES);
if (msd == NULL) {
auditd_log_err(
"launch_data_dict_lookup() can't get mach services");
return (MACH_PORT_NULL);
}
ld = launch_data_dict_lookup(msd, label);
if (ld == NULL) {
auditd_log_err("launch_data_dict_lookup can't find %s", label);
return (MACH_PORT_NULL);
}
mp = launch_data_get_machport(ld);
return (mp);
}
static int
mach_setup(int launchd_flag)
{
mach_msg_type_name_t poly;
/*
* Allocate a port set.
*/
if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_PORT_SET,
&port_set) != KERN_SUCCESS) {
auditd_log_err("Allocation of port set failed");
return (-1);
}
/*
* Allocate a signal reflection port.
*/
if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE,
&signal_port) != KERN_SUCCESS ||
mach_port_move_member(mach_task_self(), signal_port, port_set) !=
KERN_SUCCESS) {
auditd_log_err("Allocation of signal port failed");
return (-1);
}
/*
* Allocate a trigger port.
*/
if (launchd_flag) {
/*
* If started under launchd, lookup port in launchd dictionary.
*/
if ((control_port = lookup_machport(__AUDIT_LAUNCHD_LABEL)) ==
MACH_PORT_NULL || mach_port_move_member(mach_task_self(),
control_port, port_set) != KERN_SUCCESS) {
auditd_log_err("Cannot get Mach control port"
" via launchd");
return (-1);
} else
auditd_log_debug("Mach control port registered"
" via launchd");
} else {
/*
* If not started under launchd, allocate port and register.
*/
if (mach_port_allocate(mach_task_self(),
MACH_PORT_RIGHT_RECEIVE, &control_port) != KERN_SUCCESS ||
mach_port_move_member(mach_task_self(), control_port,
port_set) != KERN_SUCCESS)
auditd_log_err("Allocation of trigger port failed");
/*
* Create a send right on our trigger port.
*/
mach_port_extract_right(mach_task_self(), control_port,
MACH_MSG_TYPE_MAKE_SEND, &control_port, &poly);
/*
* Register the trigger port with the kernel.
*/
if (host_set_audit_control_port(mach_host_self(),
control_port) != KERN_SUCCESS) {
auditd_log_err("Cannot set Mach control port");
return (-1);
} else
auditd_log_debug("Mach control port registered");
}
return (0);
}
/*
* Open the trigger messaging mechanism.
*/
int
auditd_open_trigger(int launchd_flag)
{
return (mach_setup(launchd_flag));
}
/*
* Close the trigger messaging mechanism.
*/
int
auditd_close_trigger(void)
{
return (0);
}
/*
* Combined server handler. Called by the mach message loop when there is
* a trigger or signal message.
*/
static boolean_t
auditd_combined_server(mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP)
{
mach_port_t local_port = InHeadP->msgh_local_port;
/* Reset the idle time alarm, if used. */
if (max_idletime)
alarm(max_idletime);
if (local_port == signal_port) {
int signo = InHeadP->msgh_id;
switch(signo) {
case SIGTERM:
case SIGALRM:
auditd_terminate();
/* Not reached. */
case SIGCHLD:
auditd_reap_children();
return (TRUE);
case SIGHUP:
auditd_config_controls();
return (TRUE);
default:
auditd_log_info("Received signal %d", signo);
return (TRUE);
}
} else if (local_port == control_port) {
boolean_t result;
result = audit_triggers_server(InHeadP, OutHeadP);
if (!result)
result = auditd_control_server(InHeadP, OutHeadP);
return (result);
}
auditd_log_info("Recevied msg on bad port 0x%x.", local_port);
return (FALSE);
}
/*
* The main event loop. Wait for trigger messages or signals and handle them.
* It should not return unless there is a problem.
*/
void
auditd_wait_for_events(void)
{
kern_return_t result;
/*
* Call the mach messaging server loop.
*/
result = mach_msg_server(auditd_combined_server, MAX_MSG_SIZE,
port_set, MACH_MSG_OPTION_NONE);
}
/*
* Implementation of the audit_triggers() MIG simpleroutine. Simply a
* wrapper function. This handles input from the kernel on the host
* special mach port.
*/
kern_return_t
audit_triggers(mach_port_t __unused audit_port, int trigger)
{
auditd_handle_trigger(trigger);
return (KERN_SUCCESS);
}
/*
* Implementation of the auditd_control() MIG simpleroutine. Simply a
* wrapper function. This handles input from the audit(1) tool.
*/
kern_return_t
auditd_control(mach_port_t __unused auditd_port, int trigger)
{
auditd_handle_trigger(trigger);
return (KERN_SUCCESS);
}
/*
* When we get a signal, we are often not at a clean point. So, little can
* be done in the signal handler itself. Instead, we send a message to the
* main servicing loop to do proper handling from a non-signal-handler
* context.
*/
void
auditd_relay_signal(int signal)
{
mach_msg_empty_send_t msg;
msg.header.msgh_id = signal;
msg.header.msgh_remote_port = signal_port;
msg.header.msgh_local_port = MACH_PORT_NULL;
msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_MAKE_SEND, 0);
mach_msg(&(msg.header), MACH_SEND_MSG|MACH_SEND_TIMEOUT, sizeof(msg),
0, MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL);
}

View File

@ -0,0 +1,272 @@
/*-
* Copyright (c) 2004-2008 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#1 $
*/
#include <sys/types.h>
#include <config/config.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <syslog.h>
#include <stdarg.h>
#include <bsm/audit.h>
#include <bsm/audit_uevents.h>
#include <bsm/auditd_lib.h>
#include <bsm/libbsm.h>
#include "auditd.h"
/*
* Current auditing state (cache).
*/
static int auditing_state = AUD_STATE_INIT;
/*
* Maximum idle time before auditd terminates under launchd.
* If it is zero then auditd does not timeout while idle.
*/
static int max_idletime = 0;
static int sigchlds, sigchlds_handled;
static int sighups, sighups_handled;
static int sigterms, sigterms_handled;
static int sigalrms, sigalrms_handled;
static int triggerfd = 0;
/*
* Open and set up system logging.
*/
void
auditd_openlog(int debug, gid_t __unused gid)
{
int logopts = LOG_CONS | LOG_PID;
if (debug)
logopts |= LOG_PERROR;
#ifdef LOG_SECURITY
openlog("auditd", logopts, LOG_SECURITY);
#else
openlog("auditd", logopts, LOG_AUTH);
#endif
}
/*
* Log messages at different priority levels.
*/
void
auditd_log_err(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
vsyslog(LOG_ERR, fmt, ap);
va_end(ap);
}
void
auditd_log_notice(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
vsyslog(LOG_NOTICE, fmt, ap);
va_end(ap);
}
void
auditd_log_info(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
vsyslog(LOG_INFO, fmt, ap);
va_end(ap);
}
void
auditd_log_debug(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
vsyslog(LOG_DEBUG, fmt, ap);
va_end(ap);
}
/*
* Get the auditing state from the kernel and cache it.
*/
static void
init_audit_state(void)
{
long au_cond;
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
if (errno != ENOSYS) {
auditd_log_err("Audit status check failed (%s)",
strerror(errno));
}
auditing_state = AUD_STATE_DISABLED;
} else
if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED)
auditing_state = AUD_STATE_DISABLED;
else
auditing_state = AUD_STATE_ENABLED;
}
/*
* Update the cached auditing state.
*/
void
auditd_set_state(int state)
{
int old_auditing_state = auditing_state;
if (state == AUD_STATE_INIT)
init_audit_state();
else
auditing_state = state;
if (auditing_state != old_auditing_state) {
if (auditing_state == AUD_STATE_ENABLED)
auditd_log_notice("Auditing enabled");
if (auditing_state == AUD_STATE_DISABLED)
auditd_log_notice("Auditing disabled");
}
}
/*
* Get the cached auditing state.
*/
int
auditd_get_state(void)
{
if (auditing_state == AUD_STATE_INIT)
init_audit_state();
return (auditing_state);
}
/*
* Open the trigger messaging mechanism.
*/
int
auditd_open_trigger(int __unused launchd_flag)
{
return ((triggerfd = open(AUDIT_TRIGGER_FILE, O_RDONLY, 0)));
}
/*
* Close the trigger messaging mechanism.
*/
int
auditd_close_trigger(void)
{
return (close(triggerfd));
}
/*
* The main event loop. Wait for trigger messages or signals and handle them.
* It should not return unless there is a problem.
*/
void
auditd_wait_for_events(void)
{
int num;
unsigned int trigger;
for (;;) {
num = read(triggerfd, &trigger, sizeof(trigger));
if ((num == -1) && (errno != EINTR)) {
auditd_log_err("%s: error %d", __FUNCTION__, errno);
return;
}
/* Reset the idle time alarm, if used. */
if (max_idletime)
alarm(max_idletime);
if (sigterms != sigterms_handled) {
auditd_log_debug("%s: SIGTERM", __FUNCTION__);
auditd_terminate();
/* not reached */
}
if (sigalrms != sigalrms_handled) {
auditd_log_debug("%s: SIGALRM", __FUNCTION__);
auditd_terminate();
/* not reached */
}
if (sigchlds != sigchlds_handled) {
sigchlds_handled = sigchlds;
auditd_reap_children();
}
if (sighups != sighups_handled) {
auditd_log_debug("%s: SIGHUP", __FUNCTION__);
sighups_handled = sighups;
auditd_config_controls();
}
if ((num == -1) && (errno == EINTR))
continue;
if (num == 0) {
auditd_log_err("%s: read EOF", __FUNCTION__);
return;
}
auditd_handle_trigger(trigger);
}
}
/*
* When we get a signal, we are often not at a clean point. So, little can
* be done in the signal handler itself. Instead, we send a message to the
* main servicing loop to do proper handling from a non-signal-handler
* context.
*/
void
auditd_relay_signal(int signal)
{
if (signal == SIGHUP)
sighups++;
if (signal == SIGTERM)
sigterms++;
if (signal == SIGCHLD)
sigchlds++;
if (signal == SIGALRM)
sigalrms++;
}

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.in#6 $
# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.in#7 $
#
VPATH = @srcdir@

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.in#8 $
# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.in#9 $
#
VPATH = @srcdir@

View File

@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#28 $
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#29 $
*/
/*
@ -567,7 +567,7 @@ select_records(FILE *fp)
* The -o option has the form object_type=object_value. Identify the object
* components.
*/
void
static void
parse_object_type(char *name, char *val)
{
if (val == NULL)

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.in#8 $
# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.in#9 $
#
VPATH = @srcdir@

View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#3 $
# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#4 $
#
openbsmdir = $(includedir)/bsm
@ -7,5 +7,6 @@ openbsmdir = $(includedir)/bsm
openbsm_HEADERS = \
audit_filter.h \
audit_uevents.h \
auditd_lib.h \
libbsm.h

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.in#8 $
# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.in#9 $
#
VPATH = @srcdir@
@ -172,6 +172,7 @@ openbsmdir = $(includedir)/bsm
openbsm_HEADERS = \
audit_filter.h \
audit_uevents.h \
auditd_lib.h \
libbsm.h
all: all-am

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2004 Apple Inc.
* Copyright (c) 2004-2008 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -26,22 +26,14 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#8 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#10 $
*/
#ifndef _BSM_AUDIT_UEVENTS_H_
#define _BSM_AUDIT_UEVENTS_H_
/*-
* User level audit event numbers
*
* Range of audit event numbers:
* 0 Reserved, invalid
* 1 - 2047 Reserved for kernel events
* 2048 - 32767 Defined by BSM for user events
* 32768 - 36864 Reserved for Mac OS-X applications
* 36865 - 65535 Reserved for applications
*
/*
* Solaris userspace events.
*/
#define AUE_at_create 6144
#define AUE_at_delete 6145
@ -70,8 +62,13 @@
#define AUE_shutdown 6168
#define AUE_poweroff 6169
#define AUE_crontab_mod 6170
#define AUE_audit_startup 6171
#define AUE_audit_shutdown 6172
#define AUE_ftpd_logout 6171
#define AUE_ssh 6172
#define AUE_role_login 6173
#define AUE_prof_cmd 6180
#define AUE_filesystem_add 6181
#define AUE_filesystem_delete 6182
#define AUE_filesystem_modify 6183
#define AUE_allocate_succ 6200
#define AUE_allocate_fail 6201
#define AUE_deallocate_succ 6202
@ -83,20 +80,63 @@
#define AUE_delete_user 6209
#define AUE_disable_user 6210
#define AUE_enable_user 6211
#define AUE_sudo 6300
#define AUE_modify_password 6501 /* Not assigned by Sun. */
#define AUE_create_group 6511 /* Not assigned by Sun. */
#define AUE_delete_group 6512 /* Not assigned by Sun. */
#define AUE_modify_group 6513 /* Not assigned by Sun. */
#define AUE_add_to_group 6514 /* Not assigned by Sun. */
#define AUE_remove_from_group 6515 /* Not assigned by Sun. */
#define AUE_revoke_obj 6521 /* Not assigned by Sun; not used. */
#define AUE_lw_login 6600 /* Not assigned by Sun; tentative. */
#define AUE_lw_logout 6601 /* Not assigned by Sun; tentative. */
#define AUE_auth_user 7000 /* Not assigned by Sun. */
#define AUE_ssconn 7001 /* Not assigned by Sun. */
#define AUE_ssauthorize 7002 /* Not assigned by Sun. */
#define AUE_ssauthint 7003 /* Not assigned by Sun. */
#define AUE_newgrp_login 6212
#define AUE_admin_authentication 6213
#define AUE_kadmind_auth 6214
#define AUE_kadmind_unauth 6215
#define AUE_krb5kdc_as_req 6216
#define AUE_krb5kdc_tgs_req 6217
#define AUE_krb5kdc_tgs_req_2ndtktmm 6218
#define AUE_krb5kdc_tgs_req_alt_tgt 6219
/*
* Historic Darwin use of the low event numbering space, which collided with
* the Solaris event space. Now obsoleted and new, higher, event numbers
* assigned to make it easier to interpret Solaris events using the OpenBSM
* tools.
*/
#define AUE_DARWIN_audit_startup 6171
#define AUE_DARWIN_audit_shutdown 6172
#define AUE_DARWIN_sudo 6300
#define AUE_DARWIN_modify_password 6501
#define AUE_DARWIN_create_group 6511
#define AUE_DARWIN_delete_group 6512
#define AUE_DARWIN_modify_group 6513
#define AUE_DARWIN_add_to_group 6514
#define AUE_DARWIN_remove_from_group 6515
#define AUE_DARWIN_revoke_obj 6521
#define AUE_DARWIN_lw_login 6600
#define AUE_DARWIN_lw_logout 6601
#define AUE_DARWIN_auth_user 7000
#define AUE_DARWIN_ssconn 7001
#define AUE_DARWIN_ssauthorize 7002
#define AUE_DARWIN_ssauthint 7003
/*
* Historic/third-party appliation allocations of event idenfiers.
*/
#define AUE_openssh 32800
/*
* OpenBSM-managed application event space.
*/
#define AUE_audit_startup 45000 /* Darwin-specific. */
#define AUE_audit_shutdown 45001 /* Darwin-specific. */
#define AUE_modify_password 45014 /* Darwin-specific. */
#define AUE_create_group 45015 /* Darwin-specific. */
#define AUE_delete_group 45016 /* Darwin-specific. */
#define AUE_modify_group 45017 /* Darwin-specific. */
#define AUE_add_to_group 45018 /* Darwin-specific. */
#define AUE_remove_from_group 45019 /* Darwin-specific. */
#define AUE_revoke_obj 45020 /* Darwin-specific. */
#define AUE_lw_login 45021 /* Darwin-specific. */
#define AUE_lw_logout 45022 /* Darwin-specific. */
#define AUE_auth_user 45023 /* Darwin-specific. */
#define AUE_ssconn 45024 /* Darwin-specific. */
#define AUE_ssauthorize 45025 /* Darwin-specific. */
#define AUE_ssauthint 45026 /* Darwin-specific. */
#define AUE_calife 45027 /* OpenBSM-allocated. */
#define AUE_sudo 45028 /* OpenBSM-allocated. */
#define AUE_audit_recovery 45029 /* OpenBSM-allocated. */
#endif /* !_BSM_AUDIT_UEVENTS_H_ */

View File

@ -0,0 +1,105 @@
/*-
* Copyright (c) 2008 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#2 $
*/
#ifndef _BSM_AUDITD_LIB_H_
#define _BSM_AUDITD_LIB_H_
/*
* Lengths for audit trail file components.
*/
#define NOT_TERMINATED "not_terminated"
#define CRASH_RECOVERY "crash_recovery"
#define POSTFIX_LEN (sizeof("YYYYMMDDhhmmss") - 1)
#define FILENAME_LEN ((2 * POSTFIX_LEN) + 2)
#define TIMESTAMP_LEN (POSTFIX_LEN + 1)
/*
* Macro to generate the timestamp string for trail file.
*/
#define getTSstr(t, b, l) \
( (((t) = time(0)) == (time_t)-1 ) || \
!strftime((b), (l), "%Y%m%d%H%M%S", gmtime(&(t)) ) ) ? -1 : 0
/*
* The symbolic link to the currently active audit trail file.
*/
#define AUDIT_CURRENT_LINK "/var/audit/current"
/*
* Path of auditd plist file for launchd.
*/
#define AUDITD_PLIST_FILE \
"/System/Library/LaunchDaemons/org.trustedbsd.auditd.plist"
/*
* Error return codes for auditd_lib functions.
*/
#define ADE_NOERR 0 /* No Error or Success. */
#define ADE_PARSE -1 /* Error parsing audit_control(5). */
#define ADE_AUDITON -2 /* auditon(2) call failed. */
#define ADE_NOMEM -3 /* Error allocating memory. */
#define ADE_SOFTLIM -4 /* All audit log directories over soft limit. */
#define ADE_HARDLIM -5 /* All audit log directories over hard limit. */
#define ADE_STRERR -6 /* Error creating file name string. */
#define ADE_AU_OPEN -7 /* au_open(3) failed. */
#define ADE_AU_CLOSE -8 /* au_close(3) failed. */
#define ADE_SETAUDIT -9 /* setaudit(2) or setaudit_addr(2) failed. */
#define ADE_ACTL -10 /* "Soft" error with auditctl(2). */
#define ADE_ACTLERR -11 /* "Hard" error with auditctl(2). */
#define ADE_SWAPERR -12 /* The audit trail file could not be swap. */
#define ADE_RENAME -13 /* Error renaming crash recovery file. */
#define ADE_READLINK -14 /* Error reading 'current' link. */
#define ADE_SYMLINK -15 /* Error creating 'current' link. */
#define ADE_INVAL -16 /* Invalid argument. */
#define ADE_GETADDR -17 /* Error resolving address from hostname. */
#define ADE_ADDRFAM -18 /* Address family not supported. */
/*
* auditd_lib functions.
*/
const char *auditd_strerror(int errcode);
int auditd_set_minfree(void);
int auditd_read_dirs(int (*warn_soft)(char *), int (*warn_hard)(char *));
void auditd_close_dirs(void);
int auditd_set_evcmap(void);
int auditd_set_namask(void);
int auditd_set_policy(void);
int auditd_set_fsize(void);
int auditd_set_host(void);
int auditd_swap_trail(char *TS, char **newfile, gid_t gid,
int (*warn_getacdir)(char *));
int auditd_prevent_audit(void);
int auditd_gen_record(int event, char *path);
int auditd_new_curlink(char *curfile);
int audit_quick_start(void);
int audit_quick_stop(void);
#endif /* !_BSM_AUDITD_LIB_H_ */

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2004 Apple Inc.
* Copyright (c) 2004-2008 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#35 $
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#40 $
*/
#ifndef _LIBBSM_H_
@ -547,13 +547,13 @@ typedef struct {
* remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
*/
typedef struct {
u_int16_t domain;
u_int16_t type;
u_int16_t atype;
u_int16_t l_port;
u_int32_t l_ad_type;
u_int32_t l_addr;
u_int32_t l_addr[4];
u_int32_t r_port;
u_int32_t r_ad_type;
u_int32_t r_addr;
u_int32_t r_addr[4];
} au_socket_ex32_t;
/*
@ -823,6 +823,13 @@ void au_print_xml_header(FILE *outfp);
void au_print_xml_footer(FILE *outfp);
__END_DECLS
/*
* Functions relating to BSM<->errno conversion.
*/
int au_bsm_to_errno(u_char bsm_error, int *errorp);
u_char au_errno_to_bsm(int error);
const char *au_strerror(u_char bsm_error);
/*
* The remaining APIs are associated with Apple's BSM implementation, in
* particular as relates to Mach IPC auditing and triggers passed via Mach
@ -930,6 +937,19 @@ void au_free_token(token_t *tok);
* XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE.
*/
int au_get_state(void);
/*
* Initialize the audit notification. If it has not already been initialized
* it will automatically on the first call of au_get_state().
*/
uint32_t au_notify_initialize(void);
/*
* Cancel audit notification and free the resources associated with it.
* Responsible code that no longer needs to use au_get_state() should call
* this.
*/
int au_notify_terminate(void);
__END_DECLS
/* OpenSSH compatibility */

View File

@ -25,7 +25,7 @@
* SUCH DAMAGE.
*
* Derived from FreeBSD src/sys/sys/endian.h:1.6.
* $P4: //depot/projects/trustedbsd/openbsm/compat/endian.h#7 $
* $P4: //depot/projects/trustedbsd/openbsm/compat/endian.h#8 $
*/
#ifndef _COMPAT_ENDIAN_H_
@ -35,7 +35,9 @@
* Some systems will have the uint/int types defined here already, others
* will need stdint.h.
*/
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
/*
* Some operating systems do not yet have the more recent endian APIs that

View File

@ -6,6 +6,9 @@
/* Define if audit system calls present */
#undef HAVE_AUDIT_SYSCALLS
/* Define if be32enc is present */
#undef HAVE_BE32ENC
/* Define to 1 if you have the `bzero' function. */
#undef HAVE_BZERO
@ -67,6 +70,9 @@
/* Define to 1 if you have the `memset' function. */
#undef HAVE_MEMSET
/* Define to 1 if you have the `pthread_mutex_lock' function. */
#undef HAVE_PTHREAD_MUTEX_LOCK
/* Define to 1 if `stat' has the bug that it succeeds when given the
zero-length file name argument. */
#undef HAVE_STAT_EMPTY_STRING_BUG

View File

@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#41 .
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#47 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61 for OpenBSM 1.1alpha2.
# Generated by GNU Autoconf 2.61 for OpenBSM 1.1alpha4.
#
# Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
#
@ -729,8 +729,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='OpenBSM'
PACKAGE_TARNAME='openbsm'
PACKAGE_VERSION='1.1alpha2'
PACKAGE_STRING='OpenBSM 1.1alpha2'
PACKAGE_VERSION='1.1alpha4'
PACKAGE_STRING='OpenBSM 1.1alpha4'
PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
ac_unique_file="bin/auditreduce/auditreduce.c"
@ -1404,7 +1404,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures OpenBSM 1.1alpha2 to adapt to many kinds of systems.
\`configure' configures OpenBSM 1.1alpha4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1474,7 +1474,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of OpenBSM 1.1alpha2:";;
short | recursive ) echo "Configuration of OpenBSM 1.1alpha4:";;
esac
cat <<\_ACEOF
@ -1580,7 +1580,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
OpenBSM configure 1.1alpha2
OpenBSM configure 1.1alpha4
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@ -1594,7 +1594,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by OpenBSM $as_me 1.1alpha2, which was
It was created by OpenBSM $as_me 1.1alpha4, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@ -19076,7 +19076,7 @@ fi
# Define the identity of the package.
PACKAGE=OpenBSM
VERSION=1.1alpha2
VERSION=1.1alpha4
cat >>confdefs.h <<_ACEOF
@ -19852,7 +19852,8 @@ fi
for ac_header in endian.h mach/mach.h machine/endian.h sys/endian.h
for ac_header in endian.h mach/mach.h machine/endian.h sys/endian.h stdint.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
@ -22802,7 +22803,8 @@ done
for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strlcpy strrchr strstr strtol strtoul
for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strlcpy strrchr strstr strtol strtoul pthread_mutex_lock
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
@ -22969,7 +22971,7 @@ cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include <stdlib.h>
#include <stddef.h>
extern int auditon(int, void *, int);
@ -23031,6 +23033,66 @@ else
fi
#
# There are a wide variety of endian macros and functions in the wild; we try
# to use the native support if it defines be32enc(), but otherwise have to
# use our own.
#
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include <sys/endian.h>
#include <stdlib.h>
int
main ()
{
be32enc(NULL, 1);
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_link") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest$ac_exeext &&
$as_test_x conftest$ac_exeext; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_BE32ENC
_ACEOF
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
fi
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
# Check to see if Mach IPC is used for trigger messages. If so, use Mach IPC
# instead of the default for sending trigger messages to the audit components.
{ echo "$as_me:$LINENO: checking for /usr/include/mach/audit_triggers.defs" >&5
@ -23074,7 +23136,7 @@ else
fi
ac_config_files="$ac_config_files Makefile bin/Makefile bin/audit/Makefile bin/auditd/Makefile bin/auditfilterd/Makefile bin/auditreduce/Makefile bin/praudit/Makefile bsm/Makefile libbsm/Makefile modules/Makefile modules/auditfilter_noop/Makefile man/Makefile sys/Makefile sys/bsm/Makefile test/Makefile test/bsm/Makefile tools/Makefile"
ac_config_files="$ac_config_files Makefile bin/Makefile bin/audit/Makefile bin/auditd/Makefile bin/auditfilterd/Makefile bin/auditreduce/Makefile bin/praudit/Makefile bsm/Makefile libauditd/Makefile libbsm/Makefile modules/Makefile modules/auditfilter_noop/Makefile man/Makefile sys/Makefile sys/bsm/Makefile test/Makefile test/bsm/Makefile tools/Makefile"
cat >confcache <<\_ACEOF
@ -23522,7 +23584,7 @@ exec 6>&1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by OpenBSM $as_me 1.1alpha2, which was
This file was extended by OpenBSM $as_me 1.1alpha4, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -23575,7 +23637,7 @@ Report bugs to <bug-autoconf@gnu.org>."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
OpenBSM config.status 1.1alpha2
OpenBSM config.status 1.1alpha4
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
@ -23699,6 +23761,7 @@ do
"bin/auditreduce/Makefile") CONFIG_FILES="$CONFIG_FILES bin/auditreduce/Makefile" ;;
"bin/praudit/Makefile") CONFIG_FILES="$CONFIG_FILES bin/praudit/Makefile" ;;
"bsm/Makefile") CONFIG_FILES="$CONFIG_FILES bsm/Makefile" ;;
"libauditd/Makefile") CONFIG_FILES="$CONFIG_FILES libauditd/Makefile" ;;
"libbsm/Makefile") CONFIG_FILES="$CONFIG_FILES libbsm/Makefile" ;;
"modules/Makefile") CONFIG_FILES="$CONFIG_FILES modules/Makefile" ;;
"modules/auditfilter_noop/Makefile") CONFIG_FILES="$CONFIG_FILES modules/auditfilter_noop/Makefile" ;;

View File

@ -2,8 +2,8 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59)
AC_INIT([OpenBSM], [1.1alpha2], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#42 $])
AC_INIT([OpenBSM], [1.1alpha4], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#48 $])
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
AC_CONFIG_AUX_DIR(config)
AC_CONFIG_HEADER([config/config.h])
@ -35,7 +35,7 @@ AC_SEARCH_LIBS(clock_gettime, rt)
# Checks for header files.
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS([endian.h mach/mach.h machine/endian.h sys/endian.h])
AC_CHECK_HEADERS([endian.h mach/mach.h machine/endian.h sys/endian.h stdint.h])
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
@ -83,7 +83,7 @@ AC_FUNC_MKTIME
AC_TYPE_SIGNAL
AC_FUNC_STAT
AC_FUNC_STRFTIME
AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strlcpy strrchr strstr strtol strtoul])
AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strlcpy strrchr strstr strtol strtoul pthread_mutex_lock])
# sys/queue.h exists on most systems, but its capabilities vary a great deal.
# test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in
@ -106,7 +106,7 @@ AC_DEFINE(HAVE_FULL_QUEUE_H,, Define if queue.h includes LIST_FIRST)
# depend on them or it will generate link-time or run-time errors. Test for
# just one.
AC_TRY_LINK([
#include <stdlib.h>
#include <stddef.h>
extern int auditon(int, void *, int);
], [
@ -121,6 +121,20 @@ have_audit_syscalls=false
])
AM_CONDITIONAL(HAVE_AUDIT_SYSCALLS, $have_audit_syscalls)
#
# There are a wide variety of endian macros and functions in the wild; we try
# to use the native support if it defines be32enc(), but otherwise have to
# use our own.
#
AC_TRY_LINK([
#include <sys/endian.h>
#include <stdlib.h>
], [
be32enc(NULL, 1);
], [
AC_DEFINE(HAVE_BE32ENC,, Define if be32enc is present)
])
# Check to see if Mach IPC is used for trigger messages. If so, use Mach IPC
# instead of the default for sending trigger messages to the audit components.
AC_CHECK_FILE([/usr/include/mach/audit_triggers.defs], [
@ -139,6 +153,7 @@ AC_CONFIG_FILES([Makefile
bin/auditreduce/Makefile
bin/praudit/Makefile
bsm/Makefile
libauditd/Makefile
libbsm/Makefile
modules/Makefile
modules/auditfilter_noop/Makefile

View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#30 $
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#34 $
# $FreeBSD$
#
# The mapping between event identifiers and values is also hard-coded in
@ -8,6 +8,20 @@
# those changes. It is advisable not to change the numbering or naming of
# kernel audit events.
#
# Allocation of BSM event identifier ranges:
#
# 0 Reserved and invalid
# 1 - 2047 Reserved for Solaris kernel events
# 2048 - 5999 Reserved and unallocated
# 6000 - 9999 Reserved for Solaris user events
# 10000 - 32767 Reserved and unallocated
# 32768 - 65535 Available for third party applications
#
# Of the third party range, OpenBSM allocates from the following ranges:
#
# 43000 - 44999 Reserved for OpenBSM kernel events
# 45000 - 46999 Reserved for OpenBSM application events
#
0:AUE_NULL:indir system call:no
1:AUE_EXIT:exit(2):pc
2:AUE_FORK:fork(2):pc
@ -186,6 +200,7 @@
205:AUE_SETGID:setgid(2):pc
206:AUE_READL:readl(2):no
207:AUE_READVL:readvl(2):no
208:AUE_FSTAT:fstat(2):fa
209:AUE_DUP2:dup2(2):no
210:AUE_MMAP:mmap(2):no
211:AUE_AUDIT:audit(2):ot
@ -535,33 +550,107 @@
43187:AUE_CAP_GETRIGHTS:cap_getrights(2):fm
43188:AUE_CAP_ENTER:cap_enter(2):pc
43189:AUE_CAP_GETMODE:cap_getmode(2):pc
43190:AUE_POSIX_SPAWN:posix_spawn(2):pc
43191:AUE_FSGETPATH:fsgetpath(2):ot
#
# User space system events.
# Solaris userspace events.
#
6144:AUE_at_create:at-create atjob:ad
6145:AUE_at_delete:at-delete atjob (at or atrm):ad
6146:AUE_at_perm:at-permission:no
6147:AUE_cron_invoke:cron-invoke:ad
6148:AUE_crontab_create:crontab-crontab created:ad
6149:AUE_crontab_delete:crontab-crontab deleted:ad
6150:AUE_crontab_perm:crontab-permission:no
6151:AUE_inetd_connect:inetd connection:na
6152:AUE_login:login - local:lo
6153:AUE_logout:logout - local:lo
6154:AUE_telnet:login - telnet:lo
6155:AUE_rlogin:login - rlogin:lo
6156:AUE_mountd_mount:mount:na
6157:AUE_mountd_umount:unmount:na
6158:AUE_rshd:rsh access:lo
6159:AUE_su:su(1):lo
6160:AUE_halt:system halt:ad
6161:AUE_reboot:system reboot:ad
6162:AUE_rexecd:rexecd:lo
6163:AUE_passwd:passwd:lo
6164:AUE_rexd:rexd:lo
6165:AUE_ftpd:ftp access:lo
6166:AUE_init:init:lo
6167:AUE_uadmin:uadmin:no
6168:AUE_shutdown:system shutdown:ad
6171:AUE_audit_startup:audit startup:ad
6172:AUE_audit_shutdown:audit shutdown:ad
6168:AUE_poweroff:system poweroff:ad
6170:AUE_crontab_mod:crontab-modify:ad
6171:AUE_ftpd_logout:ftp logout:lo
6172:AUE_ssh:login - ssh:lo
6173:AUE_role_login:role login:lo
6180:AUE_prof_cmd: profile command:ad
6181:AUE_filesystem_add:add filesystem:ad
6182:AUE_filesystem_delete:delete filesystem:ad
6183:AUE_filesystem_modify:modify filesystem:ad
6200:AUE_allocate_succ:allocate-device success:ot
6201:AUE_allocate_fail:allocate-device failure:ot
6202:AUE_deallocate_succ:deallocate-device success:ot
6203:AUE_deallocate_fail:deallocate-device failure:ot
6204:AUE_listdevice_succ:allocate-list devices success:ot
6205:AUE_listdevice_fail:allocate-list devices failure:ot
6207:AUE_create_user:create user:ad
6208:AUE_modify_user:modify user:ad
6209:AUE_delete_user:delete user:ad
6210:AUE_disable_user:disable user:ad
6211:AUE_enable_user::ad
6300:AUE_sudo:sudo(1):ad
6501:AUE_modify_password:modify password:ad
6511:AUE_create_group:create group:ad
6512:AUE_delete_group:delete group:ad
6513:AUE_modify_group:modify group:ad
6514:AUE_add_to_group:add to group:ad
6515:AUE_remove_from_group:remove from group:ad
6521:AUE_revoke_obj:revoke object priv:fm
6600:AUE_lw_login:loginwindow login:lo
6601:AUE_lw_logout:loginwindow logout:lo
7000:AUE_auth_user:user authentication:ad
7001:AUE_ssconn:SecSrvr connection setup:ad
7002:AUE_ssauthorize:SecSrvr AuthEngine:ad
7003:AUE_ssauthint:SecSrvr authinternal mech:ad
6211:AUE_enable_user:enable users:ad
6212:AUE_newgrp_login:newgrp login:lo
6213:AUE_admin_authenticate:admin login:lo
6214:AUE_kadmind_auth:authenticated kadmind request:ua
6215:AUE_kadmind_unauth:unauthenticated kadmind req:ua
6216:AUE_krb5kdc_as_req:kdc authentication svc request:ap
6217:AUE_krb5kdc_tgs_req:kdc tkt-grant svc request:ap
6218:AUE_krb5kdc_tgs_req_2ndtktmm:kdc tgs 2ndtkt mismtch:ap
6219:AUE_krb5kdc_tgs_req_alt_tgt:kdc tgs issue alt tgt:ap
#
# Historic Darwin use of low event numbering space, which collided with the
# Solaris event space. Now obsoleted and new, higher, event numbers assigned
# to make it easier to interpret Solaris events using the OpenBSM tools.
#
6171:AUE_DARWIN_audit_startup:audit startup:ad
6172:AUE_DARWIN_audit_shutdown:audit shutdown:ad
6300:AUE_DARWIN_sudo:sudo(1):ad
6501:AUE_DARWIN_modify_password:modify password:ad
6511:AUE_DARWIN_create_group:create group:ad
6512:AUE_DARWIN_delete_group:delete group:ad
6513:AUE_DARWIN_modify_group:modify group:ad
6514:AUE_DARWIN_add_to_group:add to group:ad
6515:AUE_DARWIN_remove_from_group:remove from group:ad
6521:AUE_DARWIN_revoke_obj:revoke object priv:fm
6600:AUE_DARWIN_lw_login:loginwindow login:lo
6601:AUE_DARWIN_lw_logout:loginwindow logout:lo
7000:AUE_DARWIN_auth_user:user authentication:ad
7001:AUE_DARWIN_ssconn:SecSrvr connection setup:ad
7002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:ad
7003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:ad
#
# Historic/third-party application allocations of event identifiers.
#
32800:AUE_openssh:OpenSSH login:lo
#
# OpenBSM-managed application event space.
#
45000:AUE_audit_startup:audit startup:ad
45001:AUE_audit_shutdown:audit shutdown:ad
45014:AUE_modify_password:modify password:ad
45015:AUE_create_group:create group:ad
45016:AUE_delete_group:delete group:ad
45017:AUE_modify_group:modify group:ad
45018:AUE_add_to_group:add to group:ad
45019:AUE_remove_from_group:remove from group:ad
45020:AUE_revoke_obj:revoke object priv:fm
45021:AUE_lw_login:loginwindow login:lo
45022:AUE_lw_logout:loginwindow logout:lo
45023:AUE_auth_user:user authentication:ad
45024:AUE_ssconn:SecSrvr connection setup:ad
45025:AUE_ssauthorize:SecSrvr AuthEngine:ad
45026:AUE_ssauthint:SecSrvr authinternal mech:ad
45027:AUE_calife:Calife:ad
45028:AUE_sudo:sudo(1):ad
45029:AUE_audit_recovery:audit crash recovery:ad

View File

@ -0,0 +1,17 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/libauditd/Makefile.am#1 $
#
if USE_NATIVE_INCLUDES
INCLUDES = -I$(top_builddir) -I$(top_srcdir)
else
INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys
endif
lib_LTLIBRARIES = libauditd.la
libauditd_la_SOURCES = \
auditd_lib.c
#man3_MANS = \
# libauditd.3

View File

@ -0,0 +1,474 @@
# Makefile.in generated by automake 1.10 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/libauditd/Makefile.in#1 $
#
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = libauditd
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config/config.h
CONFIG_CLEAN_FILES =
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
am__installdirs = "$(DESTDIR)$(libdir)"
libLTLIBRARIES_INSTALL = $(INSTALL)
LTLIBRARIES = $(lib_LTLIBRARIES)
libauditd_la_LIBADD =
am_libauditd_la_OBJECTS = auditd_lib.lo
libauditd_la_OBJECTS = $(am_libauditd_la_OBJECTS)
DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/config/depcomp
am__depfiles_maybe = depfiles
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(libauditd_la_SOURCES)
DIST_SOURCES = $(libauditd_la_SOURCES)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CXX = @CXX@
CXXCPP = @CXXCPP@
CXXDEPMODE = @CXXDEPMODE@
CXXFLAGS = @CXXFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
ECHO = @ECHO@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
F77 = @F77@
FFLAGS = @FFLAGS@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MIG = @MIG@
MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
ac_ct_F77 = @ac_ct_F77@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys
@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir)
lib_LTLIBRARIES = libauditd.la
libauditd_la_SOURCES = \
auditd_lib.c
all: all-am
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
&& exit 0; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign libauditd/Makefile'; \
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign libauditd/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
if test -f $$p; then \
f=$(am__strip_dir) \
echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
$(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
else :; fi; \
done
uninstall-libLTLIBRARIES:
@$(NORMAL_UNINSTALL)
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
p=$(am__strip_dir) \
echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
$(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
done
clean-libLTLIBRARIES:
-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
test "$$dir" != "$$p" || dir=.; \
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
libauditd.la: $(libauditd_la_OBJECTS) $(libauditd_la_DEPENDENCIES)
$(LINK) -rpath $(libdir) $(libauditd_la_OBJECTS) $(libauditd_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_lib.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
mkid -fID $$unique
tags: TAGS
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$tags $$unique; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$tags $$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) $$here
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
fi; \
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(LTLIBRARIES)
installdirs:
for dir in "$(DESTDIR)$(libdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
dvi: dvi-am
dvi-am:
html: html-am
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-exec-am: install-libLTLIBRARIES
install-html: install-html-am
install-info: install-info-am
install-man:
install-pdf: install-pdf-am
install-ps: install-ps-am
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-libLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
clean-libLTLIBRARIES clean-libtool ctags distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am \
install-libLTLIBRARIES install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags uninstall uninstall-am uninstall-libLTLIBRARIES
#man3_MANS = \
# libauditd.3
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

View File

@ -0,0 +1,867 @@
/*-
* Copyright (c) 2008 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#1 $
*/
#include <sys/param.h>
#include <config/config.h>
#include <sys/dirent.h>
#include <sys/mount.h>
#include <sys/socket.h>
#ifdef HAVE_FULL_QUEUE_H
#include <sys/queue.h>
#else /* !HAVE_FULL_QUEUE_H */
#include <compat/queue.h>
#endif /* !HAVE_FULL_QUEUE_H */
#include <sys/stat.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <bsm/audit.h>
#include <bsm/audit_uevents.h>
#include <bsm/auditd_lib.h>
#include <bsm/libbsm.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
#include <netdb.h>
#ifdef __APPLE__
#include <notify.h>
#ifndef __BSM_INTERNAL_NOTIFY_KEY
#define __BSM_INTERNAL_NOTIFY_KEY "com.apple.audit.change"
#endif /* __BSM_INTERNAL_NOTIFY_KEY */
#endif /* __APPLE__ */
/*
* XXX This is temporary until this is moved to <bsm/audit.h> and shared with
* the kernel.
*/
#ifndef AUDIT_HARD_LIMIT_FREE_BLOCKS
#define AUDIT_HARD_LIMIT_FREE_BLOCKS 4
#endif
struct dir_ent {
char *dirname;
uint8_t softlim;
uint8_t hardlim;
TAILQ_ENTRY(dir_ent) dirs;
};
static TAILQ_HEAD(, dir_ent) dir_q;
static int minval = -1;
static char *auditd_errmsg[] = {
"no error", /* ADE_NOERR ( 0) */
"could not parse audit_control(5) file", /* ADE_PARSE ( 1) */
"auditon(2) failed", /* ADE_AUDITON ( 2) */
"malloc(3) failed", /* ADE_NOMEM ( 3) */
"all audit log directories over soft limit", /* ADE_SOFTLIM ( 4) */
"all audit log directories over hard limit", /* ADE_HARDLIM ( 5) */
"could not create file name string", /* ADE_STRERR ( 6) */
"could not open audit record", /* ADE_AU_OPEN ( 7) */
"could not close audit record", /* ADE_AU_CLOSE ( 8) */
"could not set active audit session state", /* ADE_SETAUDIT ( 9) */
"auditctl(2) failed (trail still swapped)", /* ADE_ACTL (10) */
"auditctl(2) failed (trail not swapped)", /* ADE_ACTLERR (11) */
"could not swap audit trail file", /* ADE_SWAPERR (12) */
"could not rename crash recovery file", /* ADE_RENAME (13) */
"could not read 'current' link file", /* ADE_READLINK (14) */
"could not create 'current' link file", /* ADE_SYMLINK (15) */
"invalid argument", /* ADE_INVAL (16) */
"could not resolve hostname to address", /* ADE_GETADDR (17) */
"address family not supported", /* ADE_ADDRFAM (18) */
};
#define MAXERRCODE (sizeof(auditd_errmsg) / sizeof(auditd_errmsg[0]))
#define NA_EVENT_STR_SIZE 25
#define POL_STR_SIZE 128
/*
* Look up and return the error string for the given audit error code.
*/
const char *
auditd_strerror(int errcode)
{
int idx = -errcode;
if (idx < 0 || idx > (int)MAXERRCODE)
return ("Invalid auditd error code");
return (auditd_errmsg[idx]);
}
/*
* Free our local list of directory names and init list
*/
static void
free_dir_q(void)
{
struct dir_ent *d1, *d2;
d1 = TAILQ_FIRST(&dir_q);
while (d1 != NULL) {
d2 = TAILQ_NEXT(d1, dirs);
free(d1->dirname);
free(d1);
d1 = d2;
}
TAILQ_INIT(&dir_q);
}
/*
* Concat the directory name to the given file name.
* XXX We should affix the hostname also
*/
static char *
affixdir(char *name, struct dir_ent *dirent)
{
char *fn = NULL;
/*
* Sanity check on file name.
*/
if (strlen(name) != (FILENAME_LEN - 1)) {
errno = EINVAL;
return (NULL);
}
asprintf(&fn, "%s/%s", dirent->dirname, name);
return (fn);
}
/*
* Insert the directory entry in the list by the way they are ordered in
* audit_control(5). Move the entries that are over the soft and hard limits
* toward the tail.
*/
static void
insert_orderly(struct dir_ent *denew)
{
struct dir_ent *dep;
TAILQ_FOREACH(dep, &dir_q, dirs) {
if (dep->softlim == 1 && denew->softlim == 0) {
TAILQ_INSERT_BEFORE(dep, denew, dirs);
return;
}
if (dep->hardlim == 1 && denew->hardlim == 0) {
TAILQ_INSERT_BEFORE(dep, denew, dirs);
return;
}
}
TAILQ_INSERT_TAIL(&dir_q, denew, dirs);
}
/*
* Get the host from audit_control(5) and set it in the audit kernel
* information. Return:
* ADE_NOERR on success.
* ADE_PARSE error parsing audit_control(5).
* ADE_AUDITON error getting/setting auditon(2) value.
* ADE_GETADDR error getting address info for host.
* ADE_ADDRFAM un-supported address family.
*/
int
auditd_set_host(void)
{
char hoststr[MAXHOSTNAMELEN];
struct sockaddr_in6 *sin6;
struct sockaddr_in *sin;
struct addrinfo *res;
struct auditinfo_addr aia;
int error, ret = ADE_NOERR;
if (getachost(hoststr, MAXHOSTNAMELEN) != 0) {
ret = ADE_PARSE;
/*
* To maintain reverse compatability with older audit_control
* files, simply drop a warning if the host parameter has not
* been set. However, we will explicitly disable the
* generation of extended audit header by passing in a zeroed
* termid structure.
*/
bzero(&aia, sizeof(aia));
aia.ai_termid.at_type = AU_IPv4;
error = auditon(A_SETKAUDIT, &aia, sizeof(aia));
if (error < 0 && errno != ENOSYS)
ret = ADE_AUDITON;
return (ret);
}
error = getaddrinfo(hoststr, NULL, NULL, &res);
if (error)
return (ADE_GETADDR);
switch (res->ai_family) {
case PF_INET6:
sin6 = (struct sockaddr_in6 *) res->ai_addr;
bcopy(&sin6->sin6_addr.s6_addr,
&aia.ai_termid.at_addr[0], sizeof(struct in6_addr));
aia.ai_termid.at_type = AU_IPv6;
break;
case PF_INET:
sin = (struct sockaddr_in *) res->ai_addr;
bcopy(&sin->sin_addr.s_addr,
&aia.ai_termid.at_addr[0], sizeof(struct in_addr));
aia.ai_termid.at_type = AU_IPv4;
break;
default:
/* Un-supported address family in host parameter. */
errno = EAFNOSUPPORT;
return (ADE_ADDRFAM);
}
if (auditon(A_SETKAUDIT, &aia, sizeof(aia)) < 0)
ret = ADE_AUDITON;
return (ret);
}
/*
* Get the min percentage of free blocks from audit_control(5) and that
* value in the kernel. Return:
* ADE_NOERR on success,
* ADE_PARSE error parsing audit_control(5),
* ADE_AUDITON error getting/setting auditon(2) value.
*/
int
auditd_set_minfree(void)
{
au_qctrl_t qctrl;
if (getacmin(&minval) != 0)
return (ADE_PARSE);
if (auditon(A_GETQCTRL, &qctrl, sizeof(qctrl)) != 0)
return (ADE_AUDITON);
if (qctrl.aq_minfree != minval) {
qctrl.aq_minfree = minval;
if (auditon(A_SETQCTRL, &qctrl, sizeof(qctrl)) != 0)
return (ADE_AUDITON);
}
return (0);
}
/*
* Parses the "dir" entry in audit_control(5) into an ordered list. Also, will
* set the minfree value if not already set. Arguments include function
* pointers to audit_warn functions for soft and hard limits. Returns:
* ADE_NOERR on success,
* ADE_PARSE error parsing audit_control(5),
* ADE_AUDITON error getting/setting auditon(2) value,
* ADE_NOMEM error allocating memory,
* ADE_SOFTLIM if all the directories are over the soft limit,
* ADE_HARDLIM if all the directories are over the hard limit,
*/
int
auditd_read_dirs(int (*warn_soft)(char *), int (*warn_hard)(char *))
{
char cur_dir[MAXNAMLEN];
struct dir_ent *dirent;
struct statfs sfs;
int err;
char soft, hard;
int tcnt = 0;
int scnt = 0;
int hcnt = 0;
if (minval == -1 && (err = auditd_set_minfree()) != 0)
return (err);
/*
* Init directory q. Force a re-read of the file the next time.
*/
free_dir_q();
endac();
/*
* Read the list of directories into an ordered linked list
* admin's preference, then those over soft limit and, finally,
* those over the hard limit.
*
* XXX We should use the reentrant interfaces once they are
* available.
*/
while (getacdir(cur_dir, MAXNAMLEN) >= 0) {
if (statfs(cur_dir, &sfs) < 0)
continue; /* XXX should warn */
soft = (sfs.f_bfree < (sfs.f_blocks / (100 / minval))) ? 1 : 0;
hard = (sfs.f_bfree < AUDIT_HARD_LIMIT_FREE_BLOCKS) ? 1 : 0;
if (soft) {
if (warn_soft)
(*warn_soft)(cur_dir);
scnt++;
}
if (hard) {
if (warn_hard)
(*warn_hard)(cur_dir);
hcnt++;
}
dirent = (struct dir_ent *) malloc(sizeof(struct dir_ent));
if (dirent == NULL)
return (ADE_NOMEM);
dirent->softlim = soft;
dirent->hardlim = hard;
dirent->dirname = (char *) malloc(MAXNAMLEN);
if (dirent->dirname == NULL) {
free(dirent);
return (ADE_NOMEM);
}
strlcpy(dirent->dirname, cur_dir, MAXNAMLEN);
insert_orderly(dirent);
tcnt++;
}
if (hcnt == tcnt)
return (ADE_HARDLIM);
if (scnt == tcnt)
return (ADE_SOFTLIM);
return (0);
}
void
auditd_close_dirs(void)
{
free_dir_q();
minval = -1;
}
/*
* Process the audit event file, obtaining a class mapping for each event, and
* set that mapping into the kernel. Return:
* n number of event mappings that were successfully processed,
* ADE_NOMEM if there was an error allocating memory.
*/
int
auditd_set_evcmap(void)
{
au_event_ent_t ev, *evp;
au_evclass_map_t evc_map;
int ctr = 0;
/*
* XXX There's a risk here that the BSM library will return NULL
* for an event when it can't properly map it to a class. In that
* case, we will not process any events beyond the one that failed,
* but should. We need a way to get a count of the events.
*/
ev.ae_name = (char *)malloc(AU_EVENT_NAME_MAX);
ev.ae_desc = (char *)malloc(AU_EVENT_DESC_MAX);
if ((ev.ae_name == NULL) || (ev.ae_desc == NULL)) {
if (ev.ae_name != NULL)
free(ev.ae_name);
return (ADE_NOMEM);
}
/*
* XXXRW: Currently we have no way to remove mappings from the kernel
* when they are removed from the file-based mappings.
*/
evp = &ev;
setauevent();
while ((evp = getauevent_r(evp)) != NULL) {
evc_map.ec_number = evp->ae_number;
evc_map.ec_class = evp->ae_class;
if (auditon(A_SETCLASS, &evc_map, sizeof(au_evclass_map_t))
== 0)
ctr++;
}
endauevent();
free(ev.ae_name);
free(ev.ae_desc);
return (ctr);
}
/*
* Get the non-attributable event string and set the kernel mask. Return:
* ADE_NOERR on success,
* ADE_PARSE error parsing audit_control(5),
* ADE_AUDITON error setting the mask using auditon(2).
*/
int
auditd_set_namask(void)
{
au_mask_t aumask;
char naeventstr[NA_EVENT_STR_SIZE];
if ((getacna(naeventstr, NA_EVENT_STR_SIZE) != 0) ||
(getauditflagsbin(naeventstr, &aumask) != 0))
return (ADE_PARSE);
if (auditon(A_SETKMASK, &aumask, sizeof(au_mask_t)))
return (ADE_AUDITON);
return (ADE_NOERR);
}
/*
* Set the audit control policy if a policy is configured in audit_control(5),
* implement the policy. However, if one isn't defined or if there is an error
* parsing the control file, set AUDIT_CNT to avoid leaving the system in a
* fragile state. Return:
* ADE_NOERR on success,
* ADE_PARSE error parsing audit_control(5),
* ADE_AUDITON error setting policy using auditon(2).
*/
int
auditd_set_policy(void)
{
long policy;
char polstr[POL_STR_SIZE];
if ((getacpol(polstr, POL_STR_SIZE) != 0) ||
(au_strtopol(polstr, &policy) != 0)) {
policy = AUDIT_CNT;
if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
return (ADE_AUDITON);
return (ADE_PARSE);
}
if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
return (ADE_AUDITON);
return (ADE_NOERR);
}
/*
* Set trail rotation size. Return:
* ADE_NOERR on success,
* ADE_PARSE error parsing audit_control(5),
* ADE_AUDITON error setting file size using auditon(2).
*/
int
auditd_set_fsize(void)
{
size_t filesz;
au_fstat_t au_fstat;
/*
* Set trail rotation size.
*/
if (getacfilesz(&filesz) != 0)
return (ADE_PARSE);
bzero(&au_fstat, sizeof(au_fstat));
au_fstat.af_filesz = filesz;
if (auditon(A_SETFSIZE, &au_fstat, sizeof(au_fstat)) < 0)
return (ADE_AUDITON);
return (ADE_NOERR);
}
/*
* Create the new audit file with appropriate permissions and ownership. Try
* to clean up if something goes wrong.
*/
static int
open_trail(char *fname, gid_t gid)
{
int error, fd;
fd = open(fname, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP);
if (fd < 0)
return (-1);
if (fchown(fd, -1, gid) < 0) {
error = errno;
close(fd);
(void)unlink(fname);
errno = error;
return (-1);
}
return (fd);
}
/*
* Create the new audit trail file, swap with existing audit file. Arguments
* include timestamp for the filename, a pointer to a string for returning the
* new file name, GID for trail file, and audit_warn function pointer for
* 'getacdir()' errors. Returns:
* ADE_NOERR on success,
* ADE_STRERR if the file name string could not be created,
* ADE_SWAPERR if the audit trail file could not be swapped,
* ADE_ACTL if the auditctl(2) call failed but file swap still
* successful.
* ADE_ACTLERR if the auditctl(2) call failed and file swap failed.
* ADE_SYMLINK if symlink(2) failed updating the current link.
*/
int
auditd_swap_trail(char *TS, char **newfile, gid_t gid,
int (*warn_getacdir)(char *))
{
char timestr[FILENAME_LEN];
char *fn;
struct dir_ent *dirent;
int fd;
int error;
int saverrno = 0;
if (strlen(TS) != (TIMESTAMP_LEN - 1) ||
snprintf(timestr, FILENAME_LEN, "%s.%s", TS, NOT_TERMINATED) < 0) {
errno = EINVAL;
return (ADE_STRERR);
}
/* Try until we succeed. */
while ((dirent = TAILQ_FIRST(&dir_q))) {
if (dirent->hardlim)
continue;
if ((fn = affixdir(timestr, dirent)) == NULL)
return (ADE_STRERR);
/*
* Create and open the file; then close and pass to the
* kernel if all went well.
*/
fd = open_trail(fn, gid);
if (fd >= 0) {
error = auditctl(fn);
if (error) {
/*
* auditctl failed setting log file.
* Try again.
*/
saverrno = errno;
close(fd);
} else {
/* Success. */
*newfile = fn;
close(fd);
if (error)
return (error);
if (saverrno) {
/*
* auditctl() failed but still
* successful. Return errno and "soft"
* error.
*/
errno = saverrno;
return (ADE_ACTL);
}
return (ADE_NOERR);
}
}
/*
* Tell the administrator about lack of permissions for dir.
*/
if (warn_getacdir != NULL)
(*warn_getacdir)(dirent->dirname);
}
if (saverrno) {
errno = saverrno;
return (ADE_ACTLERR);
} else
return (ADE_SWAPERR);
}
/*
* Mask calling process from being audited. Returns:
* ADE_NOERR on success,
* ADE_SETAUDIT if setaudit(2) fails.
*/
int
auditd_prevent_audit(void)
{
auditinfo_t ai;
/*
* To prevent event feedback cycles and avoid audit becoming stalled if
* auditing is suspended we mask this processes events from being
* audited. We allow the uid, tid, and mask fields to be implicitly
* set to zero, but do set the audit session ID to the PID.
*
* XXXRW: Is there more to it than this?
*/
bzero(&ai, sizeof(ai));
ai.ai_asid = getpid();
if (setaudit(&ai) != 0)
return (ADE_SETAUDIT);
return (ADE_NOERR);
}
/*
* Generate and submit audit record for audit startup or shutdown. The event
* argument can be AUE_audit_recovery, AUE_audit_startup or
* AUE_audit_shutdown. The path argument will add a path token, if not NULL.
* Returns:
* AUE_NOERR on success,
* ADE_NOMEM if memory allocation fails,
* ADE_AU_OPEN if au_open(3) fails,
* ADE_AU_CLOSE if au_close(3) fails.
*/
int
auditd_gen_record(int event, char *path)
{
int aufd;
uid_t uid;
pid_t pid;
char *autext = NULL;
token_t *tok;
struct auditinfo_addr aia;
if (event == AUE_audit_startup)
asprintf(&autext, "%s::Audit startup", getprogname());
else if (event == AUE_audit_shutdown)
asprintf(&autext, "%s::Audit shutdown", getprogname());
else if (event == AUE_audit_recovery)
asprintf(&autext, "%s::Audit recovery", getprogname());
else
return (ADE_INVAL);
if (autext == NULL)
return (ADE_NOMEM);
if ((aufd = au_open()) == -1) {
free(autext);
return (ADE_AU_OPEN);
}
bzero(&aia, sizeof(aia));
uid = getuid(); pid = getpid();
if ((tok = au_to_subject32_ex(uid, geteuid(), getegid(), uid, getgid(),
pid, pid, &aia.ai_termid)) != NULL)
au_write(aufd, tok);
if ((tok = au_to_text(autext)) != NULL)
au_write(aufd, tok);
free(autext);
if (path != NULL && (tok = au_to_path(path)) != NULL)
au_write(aufd, tok);
if ((tok = au_to_return32(0, 0)) != NULL)
au_write(aufd, tok);
if (au_close(aufd, 1, event) == -1)
return (ADE_AU_CLOSE);
return (ADE_NOERR);
}
/*
* Check for a 'current' symlink and do crash recovery, if needed. Create a new
* 'current' symlink. The argument 'curfile' is the file the 'current' symlink
* should point to. Returns:
* ADE_NOERR on success,
* ADE_AU_OPEN if au_open(3) fails,
* ADE_AU_CLOSE if au_close(3) fails.
* ADE_RENAME if error renaming audit trail file,
* ADE_READLINK if error reading the 'current' link,
* ADE_SYMLINK if error creating 'current' link.
*/
int
auditd_new_curlink(char *curfile)
{
int len, err;
char *ptr;
char *path = NULL;
struct stat sb;
char recoveredname[MAXPATHLEN];
char newname[MAXPATHLEN];
/*
* Check to see if audit was shutdown properly. If not, clean up,
* recover previous audit trail file, and generate audit record.
*/
len = readlink(AUDIT_CURRENT_LINK, recoveredname, MAXPATHLEN - 1);
if (len > 0) {
/* 'current' exist but is it pointing at a valid file? */
recoveredname[len++] = '\0';
if (stat(recoveredname, &sb) == 0) {
/* Yes, rename it to a crash recovery file. */
strlcpy(newname, recoveredname, MAXPATHLEN);
if ((ptr = strstr(newname, NOT_TERMINATED)) != NULL) {
strlcpy(ptr, CRASH_RECOVERY, TIMESTAMP_LEN);
if (rename(recoveredname, newname) != 0)
return (ADE_RENAME);
} else
return (ADE_STRERR);
path = newname;
}
/* 'current' symlink is (now) invalid so remove it. */
(void) unlink(AUDIT_CURRENT_LINK);
/* Note the crash recovery in current audit trail */
err = auditd_gen_record(AUE_audit_recovery, path);
if (err)
return (err);
}
if (len < 0 && errno != ENOENT)
return (ADE_READLINK);
if (symlink(curfile, AUDIT_CURRENT_LINK) != 0)
return (ADE_SYMLINK);
return (0);
}
/*
* Do just what we need to quickly start auditing. Assume no system logging or
* notify. Return:
* 0 on success,
* -1 on failure.
*/
int
audit_quick_start(void)
{
int err;
char *newfile;
time_t tt;
char TS[TIMESTAMP_LEN];
/*
* Mask auditing of this process.
*/
if (auditd_prevent_audit() != 0)
return (-1);
/*
* Read audit_control and get log directories.
*/
err = auditd_read_dirs(NULL, NULL);
if (err != ADE_NOERR && err != ADE_SOFTLIM)
return (-1);
/*
* Create a new audit trail log.
*/
if (getTSstr(tt, TS, TIMESTAMP_LEN) != 0)
return (-1);
err = auditd_swap_trail(TS, &newfile, getgid(), NULL);
if (err != ADE_NOERR && err != ADE_ACTL)
return (-1);
/*
* Add the current symlink and recover from crash, if needed.
*/
if (auditd_new_curlink(newfile) != 0)
return(-1);
/*
* At this point auditing has started so generate audit start-up record.
*/
if (auditd_gen_record(AUE_audit_startup, NULL) != 0)
return (-1);
/*
* Configure the audit controls.
*/
(void) auditd_set_evcmap();
(void) auditd_set_namask();
(void) auditd_set_policy();
(void) auditd_set_fsize();
(void) auditd_set_minfree();
(void) auditd_set_host();
return (0);
}
/*
* Shut down auditing quickly. Assumes that is only called on system shutdown.
* Returns:
* 0 on success,
* -1 on failure.
*/
int
audit_quick_stop(void)
{
int len;
long cond;
char *ptr;
time_t tt;
char oldname[MAXPATHLEN];
char newname[MAXPATHLEN];
char TS[TIMESTAMP_LEN];
/*
* Auditing already disabled?
*/
if (auditon(A_GETCOND, &cond, sizeof(cond)) < 0)
return (-1);
if (cond == AUC_DISABLED)
return (0);
/*
* Generate audit shutdown record.
*/
(void) auditd_gen_record(AUE_audit_shutdown, NULL);
/*
* Shutdown auditing in the kernel.
*/
cond = AUC_DISABLED;
if (auditon(A_SETCOND, &cond, sizeof(cond)) != 0)
return (-1);
#ifdef __BSM_INTERNAL_NOTIFY_KEY
notify_post(__BSM_INTERNAL_NOTIFY_KEY);
#endif
/*
* Rename last audit trail and remove 'current' link.
*/
len = readlink(AUDIT_CURRENT_LINK, oldname, MAXPATHLEN - 1);
if (len < 0)
return (-1);
oldname[len++] = '\0';
if (getTSstr(tt, TS, TIMESTAMP_LEN) != 0)
return (-1);
strlcpy(newname, oldname, len);
if ((ptr = strstr(newname, NOT_TERMINATED)) != NULL) {
strlcpy(ptr, TS, TIMESTAMP_LEN);
if (rename(oldname, newname) != 0)
return (-1);
} else
return (-1);
(void) unlink(AUDIT_CURRENT_LINK);
return (0);
}

View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#5 $
# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#7 $
#
if USE_NATIVE_INCLUDES
@ -14,6 +14,7 @@ libbsm_la_SOURCES = \
bsm_audit.c \
bsm_class.c \
bsm_control.c \
bsm_errno.c \
bsm_event.c \
bsm_flags.c \
bsm_io.c \
@ -30,6 +31,7 @@ endif
man3_MANS = \
au_class.3 \
au_control.3 \
au_errno.3 \
au_event.3 \
au_free_token.3 \
au_io.3 \

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#9 $
# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#12 $
#
VPATH = @srcdir@
@ -60,13 +60,13 @@ libLTLIBRARIES_INSTALL = $(INSTALL)
LTLIBRARIES = $(lib_LTLIBRARIES)
libbsm_la_LIBADD =
am__libbsm_la_SOURCES_DIST = bsm_audit.c bsm_class.c bsm_control.c \
bsm_event.c bsm_flags.c bsm_io.c bsm_mask.c bsm_token.c \
bsm_user.c bsm_notify.c bsm_wrappers.c
bsm_errno.c bsm_event.c bsm_flags.c bsm_io.c bsm_mask.c \
bsm_token.c bsm_user.c bsm_notify.c bsm_wrappers.c
@HAVE_AUDIT_SYSCALLS_TRUE@am__objects_1 = bsm_notify.lo \
@HAVE_AUDIT_SYSCALLS_TRUE@ bsm_wrappers.lo
am_libbsm_la_OBJECTS = bsm_audit.lo bsm_class.lo bsm_control.lo \
bsm_event.lo bsm_flags.lo bsm_io.lo bsm_mask.lo bsm_token.lo \
bsm_user.lo $(am__objects_1)
bsm_errno.lo bsm_event.lo bsm_flags.lo bsm_io.lo bsm_mask.lo \
bsm_token.lo bsm_user.lo $(am__objects_1)
libbsm_la_OBJECTS = $(am_libbsm_la_OBJECTS)
DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/config/depcomp
@ -199,12 +199,13 @@ top_srcdir = @top_srcdir@
@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys
@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir)
lib_LTLIBRARIES = libbsm.la
libbsm_la_SOURCES = bsm_audit.c bsm_class.c bsm_control.c bsm_event.c \
bsm_flags.c bsm_io.c bsm_mask.c bsm_token.c bsm_user.c \
$(am__append_1)
libbsm_la_SOURCES = bsm_audit.c bsm_class.c bsm_control.c bsm_errno.c \
bsm_event.c bsm_flags.c bsm_io.c bsm_mask.c bsm_token.c \
bsm_user.c $(am__append_1)
man3_MANS = \
au_class.3 \
au_control.3 \
au_errno.3 \
au_event.3 \
au_free_token.3 \
au_io.3 \
@ -286,6 +287,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_audit.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_class.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_control.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_errno.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_event.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_flags.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_io.Plo@am__quote@

View File

@ -0,0 +1,111 @@
.\"-
.\" Copyright (c) 2008 Apple Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of
.\" its contributors may be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_errno.3#3 $
.\"
.Dd December 8, 2008
.Dt AU_BSM_TO_ERRNO 3
.Os
.Sh NAME
.Nm au_bsm_to_errno ,
.Nm au_errno_to_bsm ,
.Nm au_strerror
.Nd "convert between BSM and local error numbers"
.Sh LIBRARY
.Lb libbsm
.Sh SYNOPSIS
.In bsm/libbsm.h
.Ft int
.Fn au_bsm_to_errno "u_char bsm_error" "int *errorp"
.Ft u_char
.Fn au_errno_to_bsm "int error"
.Ft const char *
.Fn au_strerror "int bsm_error"
.Sh DESCRIPTION
These interfaces may be used to convert between the local (
.Xr errno 2 )
and BSM error number spaces found in BSM return tokens.
.Pp
The
.Fn au_bsm_to_errno
function accepts a BSM error value,
.Fa bsm_error,
and converts it to an
.Xr errno 2
that will be stored in the integer pointed to by
.Fa errorp
if successful.
This call will fail if the BSM error cannot be mapped into a local error
number, which may occur if the return token was generated on another
operating system.
.Pp
.Fn au_errno_to_bsm
function accepts a local
.Xr errno 2
value, and returns the BSM error number for it.
This call cannot fail, and instead returns a BSM error number indicating to
a later decoder that the error could not be encoded.
.Pp
The
.Fn au_strerror
converts a BSM error value to a string, generally by converting first to a
local error number and using the local
.Xr strerror 3
function, but will also work for errors that are not locally defined.
.Sh RETURN VALULES
On success,
.Fn au_bsm_to_errno
returns 0 and a converted error value; on failure, it returns -1 but does not
set
.Xr errno 2 .
.Pp
On success,
.Fn au_strerror
returns a pointer to an error string; on failure it will return
.Dv NULL .
.Sh SEE ALSO
.Xr au_to_return 3 ,
.Xr au_to_return32 3 ,
.Xr au_to_return64 3 ,
.Xr libbsm 3
.Sh HISTORY
.Fn au_bsm_to_errno
and
.Fn au_errno_to_bsm
were introduced in OpenBSM 1.1.
.Sh AUTHORS
These functions were implemented by
.An Robert Watson
under contract to Apple Inc.
.Pp
The Basic Security Module (BSM) interface to audit records and audit event
stream format were defined by Sun Microsystems.
.Sh BUGS
.Nm au_strerror
is unable to provide localized strings for errors not available in the local
operating system.

View File

@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#15 $
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#16 $
.\"
.Dd April 19, 2005
.Dt AU_TOKEN 3
@ -209,6 +209,15 @@
These interfaces support the allocation of BSM audit tokens, represented by
.Vt token_t ,
for various data types.
.Pp
.Xr au_errno_to_bsm 3
must be used to convert local
.Xr errno 2
errors to BSM error numbers before they are passed to
.Fn au_to_return ,
.Fn au_to_return32 ,
and
.Fn au_to_return64 .
.Sh RETURN VALUES
On success, a pointer to a
.Vt token_t
@ -221,6 +230,7 @@ On failure,
will be returned, and an error condition returned via
.Va errno .
.Sh SEE ALSO
.Xr au_errno_to_bsm 3 ,
.Xr libbsm 3
.Sh HISTORY
The OpenBSM implementation was created by McAfee Research, the security

View File

@ -27,7 +27,7 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#14 $
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#15 $
.\"
.Dd January 18, 2008
.Dt audit_submit 3
@ -58,7 +58,10 @@ The return token is dependent on the
.Fa status
and
.Fa reterr
arguments.
arguments; unlike the argument to
.Xr au_to_return ,
.Fa reterr
should be a local rather than BSM error number.
Optionally, a text token will be created as a part of this record.
.Pp
Text token output is under the control of a

View File

@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#31 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#34 $
*/
#include <sys/types.h>
@ -48,7 +48,9 @@
#include <netinet/in.h>
#include <errno.h>
#ifdef HAVE_PTHREAD_MUTEX_LOCK
#include <pthread.h>
#endif
#include <stdlib.h>
#include <string.h>
@ -65,7 +67,9 @@ static int audit_rec_count = 0;
*/
static LIST_HEAD(, au_record) audit_free_q;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
#endif
/*
* This call frees a token_t and its internal data.
@ -93,7 +97,9 @@ au_open(void)
{
au_record_t *rec = NULL;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
if (audit_rec_count == 0)
LIST_INIT(&audit_free_q);
@ -108,7 +114,9 @@ au_open(void)
LIST_REMOVE(rec, au_rec_q);
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
if (rec == NULL) {
/*
@ -125,10 +133,14 @@ au_open(void)
return (-1);
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
if (audit_rec_count == MAX_AUDIT_RECORDS) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
free(rec->data);
free(rec);
@ -140,7 +152,9 @@ au_open(void)
open_desc_table[audit_rec_count] = rec;
audit_rec_count++;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
@ -221,7 +235,7 @@ au_assemble(au_record_t *rec, short event)
aia.ai_termid.at_type = AU_IPv4;
aia.ai_termid.at_addr[0] = INADDR_ANY;
if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) {
if (errno != ENOSYS)
if (errno != ENOSYS && errno != EPERM)
return (-1);
#endif /* HAVE_AUDIT_SYSCALLS */
tot_rec_size = rec->len + AUDIT_HEADER_SIZE +
@ -242,6 +256,8 @@ au_assemble(au_record_t *rec, short event)
(IN6_IS_ADDR_UNSPECIFIED(aptr)) ?
AUDIT_HEADER_SIZE : AUDIT_HEADER_EX_SIZE(&aia);
break;
default:
return (-1);
}
tot_rec_size = rec->len + hdrsize + AUDIT_TRAILER_SIZE;
/*
@ -299,12 +315,16 @@ au_teardown(au_record_t *rec)
rec->used = 0;
rec->len = 0;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
/* Add the record to the freelist tail */
LIST_INSERT_HEAD(&audit_free_q, rec, au_rec_q);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
#ifdef HAVE_AUDIT_SYSCALLS

View File

@ -27,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_class.c#14 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_class.c#15 $
*/
#include <config/config.h>
@ -35,7 +35,9 @@
#include <bsm/libbsm.h>
#include <string.h>
#ifdef HAVE_PTHREAD_MUTEX_LOCK
#include <pthread.h>
#endif
#include <stdio.h>
#include <stdlib.h>
@ -51,7 +53,9 @@ static FILE *fp = NULL;
static char linestr[AU_LINE_MAX];
static const char *classdelim = ":";
#ifdef HAVE_PTHREAD_MUTEX_LOCK
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
#endif
/*
* Parse a single line from the audit_class file passed in str to the struct
@ -133,9 +137,13 @@ getauclassent_r(struct au_class_ent *c)
{
struct au_class_ent *cp;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
cp = getauclassent_r_locked(c);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (cp);
}
@ -152,9 +160,13 @@ getauclassent(void)
c.ac_name = class_ent_name;
c.ac_desc = class_ent_desc;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
cp = getauclassent_r_locked(&c);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (cp);
}
@ -175,9 +187,13 @@ void
setauclass(void)
{
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setauclass_locked();
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
/*
@ -191,15 +207,21 @@ getauclassnam_r(struct au_class_ent *c, const char *name)
if (name == NULL)
return (NULL);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setauclass_locked();
while ((cp = getauclassent_r_locked(c)) != NULL) {
if (strcmp(name, cp->ac_name) == 0) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (cp);
}
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (NULL);
}
@ -230,13 +252,17 @@ getauclassnum_r(struct au_class_ent *c, au_class_t class_number)
{
struct au_class_ent *cp;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setauclass_locked();
while ((cp = getauclassent_r_locked(c)) != NULL) {
if (class_number == cp->ac_class)
return (cp);
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (NULL);
}
@ -263,10 +289,14 @@ void
endauclass(void)
{
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
if (fp != NULL) {
fclose(fp);
fp = NULL;
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}

View File

@ -27,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#23 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#24 $
*/
#include <config/config.h>
@ -36,7 +36,9 @@
#include <errno.h>
#include <string.h>
#ifdef HAVE_PTHREAD_MUTEX_LOCK
#include <pthread.h>
#endif
#include <stdio.h>
#include <stdlib.h>
@ -58,7 +60,9 @@ static char *delim = ":";
static char inacdir = 0;
static char ptrmoved = 0;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
#endif
/*
* Returns the string value corresponding to the given label from the
@ -318,9 +322,13 @@ void
setac(void)
{
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setac_locked();
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
/*
@ -330,13 +338,17 @@ void
endac(void)
{
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
ptrmoved = 1;
if (fp != NULL) {
fclose(fp);
fp = NULL;
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
/*
@ -352,7 +364,9 @@ getacdir(char *name, int len)
* Check if another function was called between successive calls to
* getacdir.
*/
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
if (inacdir && ptrmoved) {
ptrmoved = 0;
if (fp != NULL)
@ -360,19 +374,27 @@ getacdir(char *name, int len)
ret = 2;
}
if (getstrfromtype_locked(DIR_CONTROL_ENTRY, &dir) < 0) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-2);
}
if (dir == NULL) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-1);
}
if (strlen(dir) >= (size_t)len) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-3);
}
strlcpy(name, dir, len);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (ret);
}
@ -384,18 +406,26 @@ getacmin(int *min_val)
{
char *min;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setac_locked();
if (getstrfromtype_locked(MINFREE_CONTROL_ENTRY, &min) < 0) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-2);
}
if (min == NULL) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (1);
}
*min_val = atoi(min);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (0);
}
@ -408,20 +438,28 @@ getacfilesz(size_t *filesz_val)
char *filesz, *dummy;
long long ll;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setac_locked();
if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &filesz) < 0) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-2);
}
if (filesz == NULL) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
errno = EINVAL;
return (1);
}
ll = strtoll(filesz, &dummy, 10);
if (*dummy != '\0') {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
errno = EINVAL;
return (-1);
}
@ -430,12 +468,16 @@ getacfilesz(size_t *filesz_val)
* indicates no rotation size.
*/
if (ll < 0 || (ll > 0 && ll < MIN_AUDIT_FILE_SIZE)) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
errno = EINVAL;
return (-1);
}
*filesz_val = ll;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (0);
}
@ -447,22 +489,32 @@ getacflg(char *auditstr, int len)
{
char *str;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setac_locked();
if (getstrfromtype_locked(FLAGS_CONTROL_ENTRY, &str) < 0) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-2);
}
if (str == NULL) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (1);
}
if (strlen(str) >= (size_t)len) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-3);
}
strlcpy(auditstr, str, len);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (0);
}
@ -474,22 +526,32 @@ getacna(char *auditstr, int len)
{
char *str;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setac_locked();
if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-2);
}
if (str == NULL) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (1);
}
if (strlen(str) >= (size_t)len) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-3);
}
strlcpy(auditstr, str, len);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (0);
}
@ -501,22 +563,32 @@ getacpol(char *auditstr, size_t len)
{
char *str;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setac_locked();
if (getstrfromtype_locked(POLICY_CONTROL_ENTRY, &str) < 0) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-2);
}
if (str == NULL) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-1);
}
if (strlen(str) >= len) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-3);
}
strlcpy(auditstr, str, len);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (0);
}
@ -525,21 +597,31 @@ getachost(char *auditstr, size_t len)
{
char *str;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setac_locked();
if (getstrfromtype_locked(AUDIT_HOST_CONTROL_ENTRY, &str) < 0) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-2);
}
if (str == NULL) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (1);
}
if (strlen(str) >= len) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-3);
}
strcpy(auditstr, str);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (0);
}

View File

@ -0,0 +1,642 @@
/*-
* Copyright (c) 2008 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#12 $
*/
#include <sys/types.h>
#include <config/config.h>
#include <bsm/audit_errno.h>
#include <bsm/libbsm.h>
#include <errno.h>
#include <string.h>
/*
* Different operating systems use different numeric constants for different
* error numbers, and sometimes error numbers don't exist in more than one
* operating system. These routines convert between BSM and local error
* number spaces, subject to the above realities. BSM error numbers are
* stored in a single 8-bit character, so don't have a byte order.
*/
struct bsm_errors {
int be_bsm_error;
int be_os_error;
const char *be_strerror;
};
#define ERRNO_NO_LOCAL_MAPPING -600
/*
* Mapping table -- please maintain in numeric sorted order with respect to
* the BSM constant. Today we do a linear lookup, but could switch to a
* binary search if it makes sense. We only ifdef errors that aren't
* generally available, but it does make the table a lot more ugly.
*
* XXXRW: It would be nice to have a similar ordered table mapping to BSM
* constant from local constant, but the order of local constants varies by
* OS. Really we need to build that table at compile-time but don't do that
* yet.
*
* XXXRW: We currently embed English-language error strings here, but should
* support catalogues; these are only used if the OS doesn't have an error
* string using strerror(3).
*/
static const struct bsm_errors bsm_errors[] = {
{ BSM_ESUCCESS, 0, "Success" },
{ BSM_EPERM, EPERM, "Operation not permitted" },
{ BSM_ENOENT, ENOENT, "No such file or directory" },
{ BSM_ESRCH, ESRCH, "No such process" },
{ BSM_EINTR, EINTR, "Interrupted system call" },
{ BSM_EIO, EIO, "Input/output error" },
{ BSM_ENXIO, ENXIO, "Device not configured" },
{ BSM_E2BIG, E2BIG, "Argument list too long" },
{ BSM_ENOEXEC, ENOEXEC, "Exec format error" },
{ BSM_EBADF, EBADF, "BAd file descriptor" },
{ BSM_ECHILD, ECHILD, "No child processes" },
{ BSM_EAGAIN, EAGAIN, "Resource temporarily unavailable" },
{ BSM_ENOMEM, ENOMEM, "Cannot allocate memory" },
{ BSM_EACCES, EACCES, "Permission denied" },
{ BSM_EFAULT, EFAULT, "Bad address" },
{ BSM_ENOTBLK, ENOTBLK, "Block device required" },
{ BSM_EBUSY, EBUSY, "Device busy" },
{ BSM_EEXIST, EEXIST, "File exists" },
{ BSM_EXDEV, EXDEV, "Cross-device link" },
{ BSM_ENODEV, ENODEV, "Operation not supported by device" },
{ BSM_ENOTDIR, ENOTDIR, "Not a directory" },
{ BSM_EISDIR, EISDIR, "Is a directory" },
{ BSM_EINVAL, EINVAL, "Invalid argument" },
{ BSM_ENFILE, ENFILE, "Too many open files in system" },
{ BSM_EMFILE, EMFILE, "Too many open files" },
{ BSM_ENOTTY, ENOTTY, "Inappropriate ioctl for device" },
{ BSM_ETXTBSY, ETXTBSY, "Text file busy" },
{ BSM_EFBIG, EFBIG, "File too large" },
{ BSM_ENOSPC, ENOSPC, "No space left on device" },
{ BSM_ESPIPE, ESPIPE, "Illegal seek" },
{ BSM_EROFS, EROFS, "Read-only file system" },
{ BSM_EMLINK, EMLINK, "Too many links" },
{ BSM_EPIPE, EPIPE, "Broken pipe" },
{ BSM_EDOM, EDOM, "Numerical argument out of domain" },
{ BSM_ERANGE, ERANGE, "Result too large" },
{ BSM_ENOMSG, ENOMSG, "No message of desired type" },
{ BSM_EIDRM, EIDRM, "Identifier removed" },
{ BSM_ECHRNG,
#ifdef ECHRNG
ECHRNG,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Channel number out of range" },
{ BSM_EL2NSYNC,
#ifdef EL2NSYNC
EL2NSYNC,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Level 2 not synchronized" },
{ BSM_EL3HLT,
#ifdef EL3HLT
EL3HLT,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Level 3 halted" },
{ BSM_EL3RST,
#ifdef EL3RST
EL3RST,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Level 3 reset" },
{ BSM_ELNRNG,
#ifdef ELNRNG
ELNRNG,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Link number out of range" },
{ BSM_EUNATCH,
#ifdef EUNATCH
EUNATCH,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Protocol driver not attached" },
{ BSM_ENOCSI,
#ifdef ENOCSI
ENOCSI,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"No CSI structure available" },
{ BSM_EL2HLT,
#ifdef EL2HLT
EL2HLT,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Level 2 halted" },
{ BSM_EDEADLK, EDEADLK, "Resource deadlock avoided" },
{ BSM_ENOLCK, ENOLCK, "No locks available" },
{ BSM_ECANCELED, ECANCELED, "Operation canceled" },
{ BSM_ENOTSUP, ENOTSUP, "Operation not supported" },
{ BSM_EDQUOT, EDQUOT, "Disc quota exceeded" },
{ BSM_EBADE,
#ifdef EBADE
EBADE,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Invalid exchange" },
{ BSM_EBADR,
#ifdef EBADR
EBADR,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Invalid request descriptor" },
{ BSM_EXFULL,
#ifdef EXFULL
EXFULL,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Exchange full" },
{ BSM_ENOANO,
#ifdef ENOANO
ENOANO,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"No anode" },
{ BSM_EBADRQC,
#ifdef EBADRQC
EBADRQC,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Invalid request descriptor" },
{ BSM_EBADSLT,
#ifdef EBADSLT
EBADSLT,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Invalid slot" },
{ BSM_EDEADLOCK,
#ifdef EDEADLOCK
EDEADLOCK,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Resource deadlock avoided" },
{ BSM_EBFONT,
#ifdef EBFONT
EBFONT,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Bad font file format" },
{ BSM_EOWNERDEAD,
#ifdef EOWNERDEAD
EOWNERDEAD,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Process died with the lock" },
{ BSM_ENOTRECOVERABLE,
#ifdef ENOTRECOVERABLE
ENOTRECOVERABLE,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Lock is not recoverable" },
{ BSM_ENOSTR,
#ifdef ENOSTR
ENOSTR,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Device not a stream" },
{ BSM_ENONET,
#ifdef ENONET
ENONET,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Machine is not on the network" },
{ BSM_ENOPKG,
#ifdef ENOPKG
ENOPKG,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Package not installed" },
{ BSM_EREMOTE, EREMOTE, "Too many levels of remote in path" },
{ BSM_ENOLINK,
#ifdef ENOLINK
ENOLINK,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Link has been severed" },
{ BSM_EADV,
#ifdef EADV
EADV,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Advertise error" },
{ BSM_ESRMNT,
#ifdef ESRMNT
ESRMNT,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"srmount error" },
{ BSM_ECOMM,
#ifdef ECOMM
ECOMM,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Communication error on send" },
{ BSM_EPROTO,
#ifdef EPROTO
EPROTO,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Protocol error" },
{ BSM_ELOCKUNMAPPED,
#ifdef ELOCKUNMAPPED
ELOCKUNMAPPED,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Locked lock was unmapped" },
{ BSM_ENOTACTIVE,
#ifdef ENOTACTIVE
ENOTACTIVE,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Facility is not active" },
{ BSM_EMULTIHOP,
#ifdef EMULTIHOP
EMULTIHOP,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Multihop attempted" },
{ BSM_EBADMSG,
#ifdef EBADMSG
EBADMSG,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Bad message" },
{ BSM_ENAMETOOLONG, ENAMETOOLONG, "File name too long" },
{ BSM_EOVERFLOW, EOVERFLOW, "Value too large to be stored in data type" },
{ BSM_ENOTUNIQ,
#ifdef ENOTUNIQ
ENOTUNIQ,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Given log name not unique" },
{ BSM_EBADFD,
#ifdef EBADFD
EBADFD,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Given f.d. invalid for this operation" },
{ BSM_EREMCHG,
#ifdef EREMCHG
EREMCHG,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Remote address changed" },
{ BSM_ELIBACC,
#ifdef ELIBACC
ELIBACC,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Can't access a needed shared lib" },
{ BSM_ELIBBAD,
#ifdef ELIBBAD
ELIBBAD,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Accessing a corrupted shared lib" },
{ BSM_ELIBSCN,
#ifdef ELIBSCN
ELIBSCN,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
".lib section in a.out corrupted" },
{ BSM_ELIBMAX,
#ifdef ELIBMAX
ELIBMAX,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Attempting to link in too many libs" },
{ BSM_ELIBEXEC,
#ifdef ELIBEXEC
ELIBEXEC,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Attempting to exec a shared library" },
{ BSM_EILSEQ, EILSEQ, "Illegal byte sequence" },
{ BSM_ENOSYS, ENOSYS, "Function not implemented" },
{ BSM_ELOOP, ELOOP, "Too many levels of symbolic links" },
{ BSM_ERESTART,
#ifdef ERESTART
ERESTART,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Restart syscall" },
{ BSM_ESTRPIPE,
#ifdef ESTRPIPE
ESTRPIPE,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"If pipe/FIFO, don't sleep in stream head" },
{ BSM_ENOTEMPTY, ENOTEMPTY, "Directory not empty" },
{ BSM_EUSERS, EUSERS, "Too many users" },
{ BSM_ENOTSOCK, ENOTSOCK, "Socket operation on non-socket" },
{ BSM_EDESTADDRREQ, EDESTADDRREQ, "Destination address required" },
{ BSM_EMSGSIZE, EMSGSIZE, "Message too long" },
{ BSM_EPROTOTYPE, EPROTOTYPE, "Protocol wrong type for socket" },
{ BSM_ENOPROTOOPT, ENOPROTOOPT, "Protocol not available" },
{ BSM_EPROTONOSUPPORT, EPROTONOSUPPORT, "Protocol not supported" },
{ BSM_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT, "Socket type not supported" },
{ BSM_EOPNOTSUPP, EOPNOTSUPP, "Operation not supported" },
{ BSM_EPFNOSUPPORT, EPFNOSUPPORT, "Protocol family not supported" },
{ BSM_EAFNOSUPPORT, EAFNOSUPPORT, "Address family not supported by protocol family" },
{ BSM_EADDRINUSE, EADDRINUSE, "Address already in use" },
{ BSM_EADDRNOTAVAIL, EADDRNOTAVAIL, "Can't assign requested address" },
{ BSM_ENETDOWN, ENETDOWN, "Network is down" },
{ BSM_ENETRESET, ENETRESET, "Network dropped connection on reset" },
{ BSM_ECONNABORTED, ECONNABORTED, "Software caused connection abort" },
{ BSM_ECONNRESET, ECONNRESET, "Connection reset by peer" },
{ BSM_ENOBUFS, ENOBUFS, "No buffer space available" },
{ BSM_EISCONN, EISCONN, "Socket is already connected" },
{ BSM_ENOTCONN, ENOTCONN, "Socket is not connected" },
{ BSM_ESHUTDOWN, ESHUTDOWN, "Can't send after socket shutdown" },
{ BSM_ETOOMANYREFS, ETOOMANYREFS, "Too many references: can't splice" },
{ BSM_ETIMEDOUT, ETIMEDOUT, "Operation timed out" },
{ BSM_ECONNREFUSED, ECONNREFUSED, "Connection refused" },
{ BSM_EHOSTDOWN, EHOSTDOWN, "Host is down" },
{ BSM_EHOSTUNREACH, EHOSTUNREACH, "No route to host" },
{ BSM_EALREADY, EALREADY, "Operation already in progress" },
{ BSM_EINPROGRESS, EINPROGRESS, "Operation now in progress" },
{ BSM_ESTALE, ESTALE, "Stale NFS file handle" },
{ BSM_EPWROFF,
#ifdef EPWROFF
EPWROFF,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Device power is off" },
{ BSM_EDEVERR,
#ifdef EDEVERR
EDEVERR,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Device error" },
{ BSM_EBADEXEC,
#ifdef EBADEXEC
EBADEXEC,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Bad executable" },
{ BSM_EBADARCH,
#ifdef EBADARCH
EBADARCH,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Bad CPU type in executable" },
{ BSM_ESHLIBVERS,
#ifdef ESHLIBVERS
ESHLIBVERS,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Shared library version mismatch" },
{ BSM_EBADMACHO,
#ifdef EBADMACHO
EBADMACHO,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Malfored Macho file" },
{ BSM_EPOLICY,
#ifdef EPOLICY
EPOLICY,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Operation failed by policy" },
{ BSM_EDOTDOT,
#ifdef EDOTDOT
EDOTDOT,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"RFS specific error" },
{ BSM_EUCLEAN,
#ifdef EUCLEAN
EUCLEAN,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Structure needs cleaning" },
{ BSM_ENOTNAM,
#ifdef ENOTNAM
ENOTNAM,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Not a XENIX named type file" },
{ BSM_ENAVAIL,
#ifdef ENAVAIL
ENAVAIL,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"No XENIX semaphores available" },
{ BSM_EISNAM,
#ifdef EISNAM
EISNAM,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Is a named type file" },
{ BSM_EREMOTEIO,
#ifdef EREMOTEIO
EREMOTEIO,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Remote I/O error" },
{ BSM_ENOMEDIUM,
#ifdef ENOMEDIUM
ENOMEDIUM,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"No medium found" },
{ BSM_EMEDIUMTYPE,
#ifdef EMEDIUMTYPE
EMEDIUMTYPE,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Wrong medium type" },
{ BSM_ENOKEY,
#ifdef ENOKEY
ENOKEY,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Required key not available" },
{ BSM_EKEYEXPIRED,
#ifdef EKEEXPIRED
EKEYEXPIRED,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Key has expired" },
{ BSM_EKEYREVOKED,
#ifdef EKEYREVOKED
EKEYREVOKED,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Key has been revoked" },
{ BSM_EKEYREJECTED,
#ifdef EKEREJECTED
EKEYREJECTED,
#else
ERRNO_NO_LOCAL_MAPPING,
#endif
"Key was rejected by service" },
};
static const int bsm_errors_count = sizeof(bsm_errors) / sizeof(bsm_errors[0]);
static const struct bsm_errors *
au_bsm_error_lookup_errno(int error)
{
int i;
if (error == ERRNO_NO_LOCAL_MAPPING)
return (NULL);
for (i = 0; i < bsm_errors_count; i++) {
if (bsm_errors[i].be_os_error == error)
return (&bsm_errors[i]);
}
return (NULL);
}
static const struct bsm_errors *
au_bsm_error_lookup_bsm(u_char bsm_error)
{
int i;
for (i = 0; i < bsm_errors_count; i++) {
if (bsm_errors[i].be_bsm_error == bsm_error)
return (&bsm_errors[i]);
}
return (NULL);
}
/*
* Converstion from a BSM error to a local error number may fail if either
* OpenBSM doesn't recognize the error on the wire, or because there is no
* appropriate local mapping. However, we don't allow conversion to BSM to
* fail, we just convert to BSM_UKNOWNERR.
*/
int
au_bsm_to_errno(u_char bsm_error, int *errorp)
{
const struct bsm_errors *bsme;
bsme = au_bsm_error_lookup_bsm(bsm_error);
if (bsme == NULL || bsme->be_os_error == ERRNO_NO_LOCAL_MAPPING)
return (-1);
*errorp = bsme->be_os_error;
return (0);
}
u_char
au_errno_to_bsm(int error)
{
const struct bsm_errors *bsme;
/*
* We should never be passed this libbsm-internal constant, and
* because it is ambiguous we just return an error.
*/
if (error == ERRNO_NO_LOCAL_MAPPING)
return (BSM_UNKNOWNERR);
bsme = au_bsm_error_lookup_errno(error);
if (bsme == NULL)
return (BSM_UNKNOWNERR);
return (bsme->be_bsm_error);
}
#if !defined(KERNEL) && !defined(_KERNEL)
const char *
au_strerror(u_char bsm_error)
{
const struct bsm_errors *bsme;
bsme = au_bsm_error_lookup_bsm(bsm_error);
if (bsme == NULL)
return ("Unrecognized BSM error");
if (bsme->be_os_error != ERRNO_NO_LOCAL_MAPPING)
return (strerror(bsme->be_os_error));
return (bsme->be_strerror);
}
#endif

View File

@ -27,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_event.c#16 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_event.c#17 $
*/
#include <config/config.h>
@ -35,7 +35,9 @@
#include <bsm/libbsm.h>
#include <string.h>
#ifdef HAVE_PTHREAD_MUTEX_LOCK
#include <pthread.h>
#endif
#include <stdio.h>
#include <stdlib.h>
@ -52,7 +54,9 @@ static FILE *fp = NULL;
static char linestr[AU_LINE_MAX];
static const char *eventdelim = ":";
#ifdef HAVE_PTHREAD_MUTEX_LOCK
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
#endif
/*
* Parse one line from the audit_event file into the au_event_ent structure.
@ -114,9 +118,13 @@ void
setauevent(void)
{
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setauevent_locked();
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
/*
@ -126,12 +134,16 @@ void
endauevent(void)
{
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
if (fp != NULL) {
fclose(fp);
fp = NULL;
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
/*
@ -171,9 +183,13 @@ getauevent_r(struct au_event_ent *e)
{
struct au_event_ent *ep;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
ep = getauevent_r_locked(e);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (ep);
}
@ -230,9 +246,13 @@ getauevnam_r(struct au_event_ent *e, const char *name)
{
struct au_event_ent *ep;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
ep = getauevnam_r_locked(e, name);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (ep);
}
@ -284,9 +304,13 @@ getauevnum_r(struct au_event_ent *e, au_event_t event_number)
{
struct au_event_ent *ep;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
ep = getauevnum_r_locked(e, event_number);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (ep);
}

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2004 Apple Inc.
* Copyright (c) 2004-2008 Apple Inc.
* Copyright (c) 2005 SPARTA, Inc.
* Copyright (c) 2006 Robert N. M. Watson
* Copyright (c) 2006 Martin Voros
@ -32,15 +32,15 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#55 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#59 $
*/
#include <sys/types.h>
#include <config/config.h>
#ifdef HAVE_SYS_ENDIAN_H
#if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BE32ENC)
#include <sys/endian.h>
#else /* !HAVE_SYS_ENDIAN_H */
#else /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */
#ifdef HAVE_MACHINE_ENDIAN_H
#include <machine/endian.h>
#else /* !HAVE_MACHINE_ENDIAN_H */
@ -51,7 +51,7 @@
#endif /* !HAVE_ENDIAN_H */
#endif /* !HAVE_MACHINE_ENDIAN_H */
#include <compat/endian.h>
#endif /* !HAVE_SYS_ENDIAN_H */
#endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */
#ifdef HAVE_FULL_QUEUE_H
#include <sys/queue.h>
#else /* !HAVE_FULL_QUEUE_H */
@ -771,13 +771,24 @@ print_ip_ex_address(FILE *fp, u_int32_t type, u_int32_t *ipaddr)
static void
print_retval(FILE *fp, u_char status, char raw)
{
int error;
if (raw)
fprintf(fp, "%u", status);
else {
if (status == 0)
fprintf(fp, "success");
else
fprintf(fp, "failure : %s", strerror(status));
/*
* Convert to a local error number and print the OS's version
* of the error string if possible. We may want to provide
* an au_strerror(3) in the future so that we can print
* strings for non-local errors.
*/
if (au_bsm_to_errno(status, &error) == 0) {
if (error == 0)
fprintf(fp, "success");
else
fprintf(fp, "failure : %s", strerror(error));
} else
fprintf(fp, "failure: Unknown error: %d", status);
}
}
@ -3742,53 +3753,71 @@ print_text_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
}
/*
* socket domain 2 bytes
* socket type 2 bytes
* address type 2 bytes
* local port 2 bytes
* address type/length 4 bytes
* local Internet address 4 bytes
* remote port 4 bytes
* address type/length 4 bytes
* remote Internet address 4 bytes
* local Internet address 4/16 bytes
* remote port 2 bytes
* remote Internet address 4/16 bytes
*/
static int
fetch_socketex32_tok(tokenstr_t *tok, u_char *buf, int len)
{
int err = 0;
READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.domain, tok->len,
err);
if (err)
return (-1);
READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.type, tok->len,
err);
if (err)
return (-1);
READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.atype, tok->len,
err);
if (err)
return (-1);
if (tok->tt.socket_ex32.atype != AU_IPv4 &&
tok->tt.socket_ex32.atype != AU_IPv6)
return (-1);
READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.l_port,
sizeof(uint16_t), tok->len, err);
if (err)
return (-1);
READ_TOKEN_U_INT32(buf, len, tok->tt.socket_ex32.l_ad_type, tok->len,
err);
if (err)
return (-1);
READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.l_addr,
sizeof(tok->tt.socket_ex32.l_addr), tok->len, err);
if (err)
return (-1);
if (tok->tt.socket_ex32.atype == AU_IPv4) {
READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.l_addr,
sizeof(tok->tt.socket_ex32.l_addr[0]), tok->len, err);
if (err)
return (-1);
} else {
READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.l_addr,
sizeof(tok->tt.socket_ex32.l_addr), tok->len, err);
if (err)
return (-1);
}
READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.r_port,
sizeof(uint16_t), tok->len, err);
if (err)
return (-1);
READ_TOKEN_U_INT32(buf, len, tok->tt.socket_ex32.r_ad_type, tok->len,
err);
if (err)
return (-1);
READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.r_addr,
sizeof(tok->tt.socket_ex32.r_addr), tok->len, err);
if (err)
return (-1);
if (tok->tt.socket_ex32.atype == AU_IPv4) {
READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.r_addr,
sizeof(tok->tt.socket_ex32.r_addr[0]), tok->len, err);
if (err)
return (-1);
} else {
READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.r_addr,
sizeof(tok->tt.socket_ex32.r_addr), tok->len, err);
if (err)
return (-1);
}
return (0);
}
@ -3800,6 +3829,9 @@ print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_tok_type(fp, tok->id, "socket", raw, xml);
if (xml) {
open_attr(fp, "sock_dom");
print_2_bytes(fp, tok->tt.socket_ex32.domain, "%#x");
close_attr(fp);
open_attr(fp, "sock_type");
print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x");
close_attr(fp);
@ -3807,26 +3839,32 @@ print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x");
close_attr(fp);
open_attr(fp, "laddr");
print_ip_address(fp, tok->tt.socket_ex32.l_addr);
print_ip_ex_address(fp, tok->tt.socket_ex32.atype,
tok->tt.socket_ex32.l_addr);
close_attr(fp);
open_attr(fp, "faddr");
print_ip_address(fp, tok->tt.socket_ex32.r_addr);
print_ip_ex_address(fp, tok->tt.socket_ex32.atype,
tok->tt.socket_ex32.r_addr);
close_attr(fp);
open_attr(fp, "fport");
print_2_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x");
close_attr(fp);
close_tag(fp, tok->id);
} else {
print_delim(fp, del);
print_2_bytes(fp, tok->tt.socket_ex32.domain, "%#x");
print_delim(fp, del);
print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x");
print_delim(fp, del);
print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x");
print_delim(fp, del);
print_ip_address(fp, tok->tt.socket_ex32.l_addr);
print_ip_ex_address(fp, tok->tt.socket_ex32.atype,
tok->tt.socket_ex32.l_addr);
print_delim(fp, del);
print_4_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x");
print_delim(fp, del);
print_ip_address(fp, tok->tt.socket_ex32.r_addr);
print_ip_ex_address(fp, tok->tt.socket_ex32.atype,
tok->tt.socket_ex32.r_addr);
}
}

View File

@ -27,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_mask.c#14 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_mask.c#15 $
*/
#include <sys/types.h>
@ -41,12 +41,16 @@
#include <bsm/libbsm.h>
#ifdef HAVE_PTHREAD_MUTEX_LOCK
#include <pthread.h>
#endif
#include <stdlib.h>
#include <string.h>
/* MT-Safe */
#ifdef HAVE_PTHREAD_MUTEX_LOCK
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
#endif
static int firsttime = 1;
/*
@ -162,11 +166,15 @@ au_preselect(au_event_t event, au_mask_t *mask_p, int sorf, int flag)
return (-1);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
if (firsttime) {
firsttime = 0;
if ( -1 == load_event_table()) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-1);
}
}
@ -174,7 +182,9 @@ au_preselect(au_event_t event, au_mask_t *mask_p, int sorf, int flag)
case AU_PRS_REREAD:
flush_cache();
if (load_event_table() == -1) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-1);
}
ev = read_from_cache(event);
@ -186,14 +196,18 @@ au_preselect(au_event_t event, au_mask_t *mask_p, int sorf, int flag)
ev = NULL;
}
if (ev == NULL) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (-1);
}
if (sorf & AU_PRS_SUCCESS)
effmask |= (mask_p->am_success & ev->ae_class);
if (sorf & AU_PRS_FAILURE)
effmask |= (mask_p->am_failure & ev->ae_class);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
if (effmask != 0)
return (1);
return (0);

View File

@ -30,15 +30,15 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#72 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#85 $
*/
#include <sys/types.h>
#include <config/config.h>
#ifdef HAVE_SYS_ENDIAN_H
#if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BE32ENC)
#include <sys/endian.h>
#else /* !HAVE_SYS_ENDIAN_H */
#else /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */
#ifdef HAVE_MACHINE_ENDIAN_H
#include <machine/endian.h>
#else /* !HAVE_MACHINE_ENDIAN_H */
@ -49,7 +49,7 @@
#endif /* !HAVE_ENDIAN_H */
#endif /* !HAVE_MACHINE_ENDIAN_H */
#include <compat/endian.h>
#endif /* !HAVE_SYS_ENDIAN_H */
#endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */
#ifdef HAVE_FULL_QUEUE_H
#include <sys/queue.h>
#else /* !HAVE_FULL_QUEUE_H */
@ -178,8 +178,12 @@ au_to_attr32(struct vnode_au_info *vni)
ADD_U_CHAR(dptr, AUT_ATTR32);
/*
* Darwin defines the size for the file mode as 2 bytes; BSM defines
* 4 so pad with 0.
* BSD defines the size for the file mode as 2 bytes; BSM defines 4
* so pad with 0.
*
* XXXRW: Possibly should be conditionally compiled.
*
* XXXRW: Should any conversions take place on the mode?
*/
ADD_U_INT16(dptr, pad0_16);
ADD_U_INT16(dptr, vni->vn_mode);
@ -223,8 +227,12 @@ au_to_attr64(struct vnode_au_info *vni)
ADD_U_CHAR(dptr, AUT_ATTR64);
/*
* Darwin defines the size for the file mode as 2 bytes; BSM defines
* 4 so pad with 0.
* BSD defines the size for the file mode as 2 bytes; BSM defines 4
* so pad with 0.
*
* XXXRW: Possibly should be conditionally compiled.
*
* XXXRW: Should any conversions take place on the mode?
*/
ADD_U_INT16(dptr, pad0_16);
ADD_U_INT16(dptr, vni->vn_mode);
@ -305,6 +313,10 @@ au_to_data(char unit_print, char unit_type, char unit_count, const char *p)
if (t == NULL)
return (NULL);
/*
* XXXRW: We should be byte-swapping each data item for multi-byte
* types.
*/
ADD_U_CHAR(dptr, AUT_DATA);
ADD_U_CHAR(dptr, unit_print);
ADD_U_CHAR(dptr, unit_type);
@ -401,7 +413,7 @@ au_to_in_addr_ex(struct in6_addr *internet_addr)
{
token_t *t;
u_char *dptr = NULL;
u_int32_t type = AF_INET6;
u_int32_t type = AU_IPv6;
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t));
if (t == NULL)
@ -482,20 +494,30 @@ au_to_ipc_perm(struct ipc_perm *perm)
ADD_U_CHAR(dptr, AUT_IPC_PERM);
/*
* Darwin defines the sizes for ipc_perm members as 2 bytes; BSM
* defines 4 so pad with 0.
* Systems vary significantly in what types they use in struct
* ipc_perm; at least a few still use 16-bit uid's and gid's, so
* allow for that, as BSM define 32-bit values here.
* Some systems define the sizes for ipc_perm members as 2 bytes;
* BSM defines 4 so pad with 0.
*
* XXXRW: Possibly shoulid be conditionally compiled, and more cases
* need to be handled.
*/
ADD_U_INT16(dptr, pad0);
ADD_U_INT16(dptr, perm->uid);
ADD_U_INT16(dptr, pad0);
ADD_U_INT16(dptr, perm->gid);
ADD_U_INT16(dptr, pad0);
ADD_U_INT16(dptr, perm->cuid);
ADD_U_INT16(dptr, pad0);
ADD_U_INT16(dptr, perm->cgid);
if (sizeof(perm->uid) != sizeof(u_int32_t)) {
ADD_U_INT16(dptr, pad0);
ADD_U_INT16(dptr, perm->uid);
ADD_U_INT16(dptr, pad0);
ADD_U_INT16(dptr, perm->gid);
ADD_U_INT16(dptr, pad0);
ADD_U_INT16(dptr, perm->cuid);
ADD_U_INT16(dptr, pad0);
ADD_U_INT16(dptr, perm->cgid);
} else {
ADD_U_INT32(dptr, perm->uid);
ADD_U_INT32(dptr, perm->gid);
ADD_U_INT32(dptr, perm->cuid);
ADD_U_INT32(dptr, perm->cgid);
}
ADD_U_INT16(dptr, pad0);
ADD_U_INT16(dptr, perm->mode);
@ -616,6 +638,8 @@ au_to_text(const char *text)
textlen = strlen(text);
textlen += 1;
/* XXXRW: Should validate length against token size limit. */
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
if (t == NULL)
return (NULL);
@ -686,6 +710,13 @@ au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
ADD_U_INT32(dptr, pid);
ADD_U_INT32(dptr, sid);
ADD_U_INT32(dptr, tid->port);
/*
* Note: Solaris will write out IPv6 addresses here as a 32-bit
* address type and 16 bytes of address, but for IPv4 addresses it
* simply writes the 4-byte address directly. We support only IPv4
* addresses for process32 tokens.
*/
ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
return (t);
@ -712,6 +743,13 @@ au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
ADD_U_INT32(dptr, pid);
ADD_U_INT32(dptr, sid);
ADD_U_INT64(dptr, tid->port);
/*
* Note: Solaris will write out IPv6 addresses here as a 32-bit
* address type and 16 bytes of address, but for IPv4 addresses it
* simply writes the 4-byte address directly. We support only IPv4
* addresses for process64 tokens.
*/
ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
return (t);
@ -897,6 +935,60 @@ au_to_seq(long audit_count)
return (t);
}
/*
* token ID 1 byte
* socket domain 2 bytes
* socket type 2 bytes
* address type 2 byte
* local port 2 bytes
* local address 4 bytes/16 bytes (IPv4/IPv6 address)
* remote port 2 bytes
* remote address 4 bytes/16 bytes (IPv4/IPv6 address)
*/
token_t *
au_to_socket_ex(u_short so_domain, u_short so_type,
struct sockaddr *sa_local, struct sockaddr *sa_remote)
{
token_t *t;
u_char *dptr = NULL;
struct sockaddr_in *sin;
struct sockaddr_in6 *sin6;
if (so_domain == AF_INET)
GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t));
else if (so_domain == AF_INET6)
GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
5 * sizeof(u_int16_t) + 16 * sizeof(u_int32_t));
else {
errno = EINVAL;
return (NULL);
}
ADD_U_CHAR(dptr, AUT_SOCKET_EX);
ADD_U_INT16(dptr, so_domain); /* XXXRW: explicitly convert? */
ADD_U_INT16(dptr, so_type); /* XXXRW: explicitly convert? */
if (so_domain == AF_INET) {
ADD_U_INT16(dptr, AU_IPv4);
sin = (struct sockaddr_in *)sa_local;
ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t));
ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t));
sin = (struct sockaddr_in *)sa_remote;
ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t));
ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t));
} else {
ADD_U_INT16(dptr, AU_IPv6);
sin6 = (struct sockaddr_in6 *)sa_local;
ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t));
ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t));
sin6 = (struct sockaddr_in6 *)sa_remote;
ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t));
ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t));
}
return (t);
}
/*
* token ID 1 byte
* socket family 2 bytes
@ -971,8 +1063,9 @@ au_to_sock_inet128(struct sockaddr_in6 *so)
ADD_U_CHAR(dptr, AUT_SOCKINET128);
/*
* In Darwin, sin6_family is one octet, but BSM defines the token
* to store two. So we copy in a 0 first.
* In BSD, sin6_family is one octet, but BSM defines the token to
* store two. So we copy in a 0 first. XXXRW: Possibly should be
* conditionally compiled.
*/
ADD_U_CHAR(dptr, 0);
ADD_U_CHAR(dptr, so->sin6_family);
@ -1207,7 +1300,6 @@ au_to_exec_args(char **argv)
nextarg = *(argv + count);
}
totlen += count * sizeof(char); /* nul terminations. */
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen);
if (t == NULL)
return (NULL);
@ -1223,27 +1315,6 @@ au_to_exec_args(char **argv)
return (t);
}
/*
* token ID 1 byte
* zonename length 2 bytes
* zonename N bytes + 1 terminating NULL byte
*/
token_t *
au_to_zonename(const char *zonename)
{
u_char *dptr = NULL;
u_int16_t textlen;
token_t *t;
textlen = strlen(zonename);
textlen += 1;
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
ADD_U_CHAR(dptr, AUT_ZONENAME);
ADD_U_INT16(dptr, textlen);
ADD_STRING(dptr, zonename, textlen);
return (t);
}
/*
* token ID 1 byte
* count 4 bytes
@ -1269,7 +1340,6 @@ au_to_exec_env(char **envp)
nextenv = *(envp + count);
}
totlen += sizeof(char) * count;
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen);
if (t == NULL)
return (NULL);
@ -1285,6 +1355,29 @@ au_to_exec_env(char **envp)
return (t);
}
/*
* token ID 1 byte
* zonename length 2 bytes
* zonename N bytes + 1 terminating NULL byte
*/
token_t *
au_to_zonename(const char *zonename)
{
u_char *dptr = NULL;
u_int16_t textlen;
token_t *t;
textlen = strlen(zonename) + 1;
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
if (t == NULL)
return (NULL);
ADD_U_CHAR(dptr, AUT_ZONENAME);
ADD_U_INT16(dptr, textlen);
ADD_STRING(dptr, zonename, textlen);
return (t);
}
/*
* token ID 1 byte
* record byte count 4 bytes
@ -1338,9 +1431,10 @@ au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
{
token_t *t;
u_char *dptr = NULL;
u_int32_t timems, hostid;
au_tid_addr_t *tid = &aia->ai_termid;
u_int32_t timems;
au_tid_addr_t *tid;
tid = &aia->ai_termid;
if (tid->at_type != AU_IPv4 && tid->at_type != AU_IPv6)
return (NULL);
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
@ -1462,7 +1556,7 @@ au_to_trailer(int rec_size)
{
token_t *t;
u_char *dptr = NULL;
u_int16_t magic = TRAILER_PAD_MAGIC;
u_int16_t magic = AUT_TRAILER_MAGIC;
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
sizeof(u_int32_t));

View File

@ -27,7 +27,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#18 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#19 $
*/
#include <config/config.h>
@ -35,7 +35,9 @@
#include <bsm/libbsm.h>
#include <string.h>
#ifdef HAVE_PTHREAD_MUTEX_LOCK
#include <pthread.h>
#endif
#include <stdio.h>
#include <stdlib.h>
@ -51,7 +53,9 @@ static FILE *fp = NULL;
static char linestr[AU_LINE_MAX];
static const char *user_delim = ":";
#ifdef HAVE_PTHREAD_MUTEX_LOCK
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
#endif
/*
* Parse one line from the audit_user file into the au_user_ent structure.
@ -97,9 +101,13 @@ void
setauuser(void)
{
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setauuser_locked();
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
/*
@ -109,12 +117,16 @@ void
endauuser(void)
{
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
if (fp != NULL) {
fclose(fp);
fp = NULL;
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
/*
@ -154,9 +166,13 @@ getauuserent_r(struct au_user_ent *u)
{
struct au_user_ent *up;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
up = getauuserent_r_locked(u);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (up);
}
@ -184,17 +200,23 @@ getauusernam_r(struct au_user_ent *u, const char *name)
if (name == NULL)
return (NULL);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setauuser_locked();
while ((up = getauuserent_r_locked(u)) != NULL) {
if (strcmp(name, u->au_name) == 0) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (u);
}
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (NULL);
}

View File

@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#26 $
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#28 $
*/
#ifdef __APPLE__
@ -69,6 +69,7 @@ audit_submit(short au_event, au_id_t auid, char status,
int error, afd, subj_ex;
struct auditinfo ai;
struct auditinfo_addr aia;
au_tid_t atid;
if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) {
/*
@ -85,7 +86,6 @@ audit_submit(short au_event, au_id_t auid, char status,
}
if (acond == AUC_NOAUDIT)
return (0);
/* XXXCSJP we should be doing a pre-select here */
afd = au_open();
if (afd < 0) {
error = errno;
@ -95,30 +95,51 @@ audit_submit(short au_event, au_id_t auid, char status,
return (-1);
}
/*
* Some operating systems do not have getaudit_addr(2) implemented
* yet. So we try to use getaudit(2) first, if the subject is
* using IPv6, then we will have to try getaudit_addr(2). Failing
* this, we return error.
* Try to use getaudit_addr(2) first. If this kernel does not support
* it, then fall back on to getaudit(2).
*/
subj_ex = 0;
error = getaudit(&ai);
if (error < 0 && errno == E2BIG) {
error = getaudit_addr(&aia, sizeof(aia));
if (error == 0)
subj_ex = 1;
}
if (error < 0) {
error = getaudit_addr(&aia, sizeof(aia));
if (error < 0 && errno == ENOSYS) {
error = getaudit(&ai);
if (error < 0) {
error = errno;
syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s",
strerror(errno));
errno = error;
return (-1);
}
/*
* Convert this auditinfo_t to an auditinfo_addr_t to make the
* following code less complicated wrt to preselection and
* subject token generation.
*/
aia.ai_auid = ai.ai_auid;
aia.ai_mask = ai.ai_mask;
aia.ai_asid = ai.ai_asid;
aia.ai_termid.at_type = AU_IPv4;
aia.ai_termid.at_addr[0] = ai.ai_termid.machine;
aia.ai_termid.at_port = ai.ai_termid.port;
} else if (error < 0) {
error = errno;
syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s",
syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s",
strerror(errno));
errno = error;
return (-1);
}
/*
* NB: We should be performing pre-selection here now that we have the
* masks for this process.
*/
if (aia.ai_termid.at_type == AU_IPv6)
subj_ex = 1;
pid = getpid();
if (subj_ex == 0)
if (subj_ex == 0) {
atid.port = aia.ai_termid.at_port;
atid.machine = aia.ai_termid.at_addr[0];
token = au_to_subject32(auid, geteuid(), getegid(),
getuid(), getgid(), pid, pid, &ai.ai_termid);
else
getuid(), getgid(), pid, pid, &atid);
} else
token = au_to_subject_ex(auid, geteuid(), getegid(),
getuid(), getgid(), pid, pid, &aia.ai_termid);
if (token == NULL) {
@ -157,7 +178,7 @@ audit_submit(short au_event, au_id_t auid, char status,
return (-1);
}
}
token = au_to_return32(status, reterr);
token = au_to_return32(status, au_errno_to_bsm(reterr));
if (token == NULL) {
syslog(LOG_AUTH | LOG_ERR,
"audit: enable to build return token");

View File

@ -23,9 +23,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#13 $
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#14 $
.\"
.Dd April 19, 2005
.Dd November 12, 2008
.Dt LIBBSM 3
.Os
.Sh NAME
@ -201,6 +201,12 @@ database:
.Xr au_user 3 ,
.Xr audit_class 5 ,
.Xr audit_control 5
.Ss Audit Error Interfaces
These functions convert between BSM and local
.Xr errno 2
error numbers, and must be used to interpret and generate BSM return tokens:
.Xr au_bsm_to_errno 3 ,
.Xr au_errno_to_bsm 3 .
.Sh HISTORY
The OpenBSM implementation was created by McAfee Research, the security
division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile.in#7 $
# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile.in#8 $
#
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@

View File

@ -1,5 +1,6 @@
.\"-
.\" Copyright (c) 2005-2006 Robert N. M. Watson
.\" Copyright (c) 2008 Apple Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@ -23,7 +24,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#19 $
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#23 $
.\"
.Dd November 5, 2006
.Dt AUDIT.LOG 5
@ -139,7 +140,7 @@ token can be created using
The
.Dq trailer
terminates a BSM audit record, and contains a magic number,
.Dv TRAILER_PAD_MAGIC
.Dv AUT_TRAILER_MAGIC
and length that can be used to validate that the record was read properly.
A
.Dq trailer
@ -515,7 +516,7 @@ An exec_args token may be created using
.It Sy "Field Bytes Description"
.It "Token ID 1 byte Token ID"
.It Li "Count" Ta "4 bytes" Ta "Number of arguments"
.It Li "Text" Ta "* bytes" Ta "Count null-terminated strings"
.It Li "Text" Ta "* bytes" Ta "Count nul-terminated strings"
.El
.Ss exec_env Token
The
@ -560,25 +561,24 @@ or
.It Li "Local port" Ta "2 bytes" Ta "Local port"
.It Li "Socket address" Ta "4 bytes" Ta "Socket address"
.El
.Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
.It Sy "Field Bytes Description"
.It "Token ID 1 byte Token ID"
.It Li "Socket domain" Ta "4 bytes" Ta "Socket domain"
.It Li "Socket family" Ta "2 bytes" Ta "Socket family"
.It Li "Address type" Ta "1 byte" Ta "Address type (IPv4/IPv6)"
.It Li "Local port" Ta "2 bytes" Ta "Local port"
.It Li "Local IP address" Ta "4/16 bytes" Ta "Local IP address"
.It Li "Remote port" Ta "2 bytes" Ta "Remote port"
.It Li "Remote IP address" Ta "4/16 bytes" Ta "Remote IP address"
.El
.Ss Expanded Socket Token
The
.Dq expanded socket
token contains information about IPv4 and IPv6 sockets.
A
.Dq expanded socket
token can be created using
.Xr au_to_socket_ex 3 .
.Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
.It Sy "Field Bytes Description"
.It "Token ID 1 byte Token ID"
.It XXXXX
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
.It Li "Socket domain" Ta "2 bytes" Ta "Socket domain"
.It Li "Socket type" Ta "2 bytes" Ta "Socket type"
.It Li "Address type" Ta "2 byte" Ta "Address type (IPv4/IPv6)"
.It Li "Local port" Ta "2 bytes" Ta "Local port"
.It Li "Local IP address" Ta "4/16 bytes" Ta "Local IP address"
.It Li "Remote port" Ta "2 bytes" Ta "Remote port"
.It Li "Remote IP address" Ta "4/16 bytes" Ta "Remote IP address"
.El
.Ss Seq Token
The

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/modules/Makefile.in#5 $
# $P4: //depot/projects/trustedbsd/openbsm/modules/Makefile.in#6 $
#
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/Makefile.in#6 $
# $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/Makefile.in#7 $
#
VPATH = @srcdir@

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/sys/Makefile.in#2 $
# $P4: //depot/projects/trustedbsd/openbsm/sys/Makefile.in#3 $
#
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@

View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#1 $
# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#2 $
#
@ -8,6 +8,7 @@ openbsmdir = $(includedir)/bsm
openbsm_HEADERS = \
audit.h \
audit_errno.h \
audit_internal.h \
audit_kevents.h \
audit_record.h

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#2 $
# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#4 $
#
VPATH = @srcdir@
@ -48,8 +48,8 @@ CONFIG_HEADER = $(top_builddir)/config/config.h
CONFIG_CLEAN_FILES =
SOURCES =
DIST_SOURCES =
am__openbsm_HEADERS_DIST = audit.h audit_internal.h audit_kevents.h \
audit_record.h
am__openbsm_HEADERS_DIST = audit.h audit_errno.h audit_internal.h \
audit_kevents.h audit_record.h
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@ -173,6 +173,7 @@ top_srcdir = @top_srcdir@
@USE_NATIVE_INCLUDES_FALSE@openbsmdir = $(includedir)/bsm
@USE_NATIVE_INCLUDES_FALSE@openbsm_HEADERS = \
@USE_NATIVE_INCLUDES_FALSE@ audit.h \
@USE_NATIVE_INCLUDES_FALSE@ audit_errno.h \
@USE_NATIVE_INCLUDES_FALSE@ audit_internal.h \
@USE_NATIVE_INCLUDES_FALSE@ audit_kevents.h \
@USE_NATIVE_INCLUDES_FALSE@ audit_record.h

View File

@ -26,18 +26,35 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#1 $
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#2 $
*/
#ifndef _BSM_AUDIT_H
#define _BSM_AUDIT_H
#ifdef __APPLE__
/* Temporary until rdar://problem/6133383 is resolved. */
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/cdefs.h>
#include <sys/queue.h>
#endif /* __APPLE__ */
#define AUDIT_RECORD_MAGIC 0x828a0f1b
#define MAX_AUDIT_RECORDS 20
#define MAXAUDITDATA (0x8000 - 1)
#define MAX_AUDIT_RECORD_SIZE MAXAUDITDATA
#define MIN_AUDIT_FILE_SIZE (512 * 1024)
/*
* Minimum noumber of free blocks on the filesystem containing the audit
* log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0
* as the kernel does an unsigned compare, plus we want to leave a few blocks
* free so userspace can terminate the log, etc.
*/
#define AUDIT_HARD_LIMIT_FREE_BLOCKS 4
/*
* Triggers for the audit daemon.
*/
@ -47,8 +64,9 @@
#define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */
#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */
#define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */
#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests roate. */
#define AUDIT_TRIGGER_MAX 6
#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests rotate. */
#define AUDIT_TRIGGER_INITIALIZE 7 /* Initialize audit. */
#define AUDIT_TRIGGER_MAX 7
/*
* The special device filename (FreeBSD).
@ -59,7 +77,9 @@
/*
* Pre-defined audit IDs
*/
#define AU_DEFAUDITID -1
#define AU_DEFAUDITID (uid_t)(-1)
#define AU_DEFAUDITSID 0
#define AU_ASSIGN_ASID -1
/*
* IPC types.
@ -103,6 +123,7 @@
#define A_GETKAUDIT 29
#define A_SETKAUDIT 30
#define A_SENDTRIGGER 31
#define A_GETSINFO_ADDR 32
/*
* Audit policy controls.
@ -183,6 +204,7 @@ struct auditinfo_addr {
au_mask_t ai_mask; /* Audit masks. */
au_tid_addr_t ai_termid; /* Terminal ID. */
au_asid_t ai_asid; /* Audit session ID. */
u_int64_t ai_flags; /* Audit session flags. */
};
typedef struct auditinfo_addr auditinfo_addr_t;
@ -192,6 +214,7 @@ struct auditpinfo {
au_mask_t ap_mask; /* Audit masks. */
au_tid_t ap_termid; /* Terminal ID. */
au_asid_t ap_asid; /* Audit session ID. */
u_int64_t ap_flags; /* Audit session flags. */
};
typedef struct auditpinfo auditpinfo_t;
@ -204,6 +227,16 @@ struct auditpinfo_addr {
};
typedef struct auditpinfo_addr auditpinfo_addr_t;
struct au_session {
auditinfo_addr_t *as_aia_p; /* Ptr to full audit info. */
#define as_asid as_aia_p->ai_asid
#define as_auid as_aia_p->ai_auid
#define as_termid as_aia_p->ai_termid
au_mask_t as_mask; /* Process Audit Masks. */
};
typedef struct au_session au_session_t;
/*
* Contents of token_t are opaque outside of libbsm.
*/

View File

@ -0,0 +1,214 @@
/*-
* Copyright (c) 2008 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#4 $
*/
#ifndef _BSM_AUDIT_ERRNO_H_
#define _BSM_AUDIT_ERRNO_H_
/*
* For the purposes of portable encoding, we convert between local error
* numbers and Solaris error numbers (as well as some extensions for error
* numbers that don't exist in Solaris). Although the first 35 or so
* constants are the same across all OS's, we don't handle that in any
* special way.
*
* When adding constants here, also add them to bsm_errno.c.
*/
#define BSM_ESUCCESS 0
#define BSM_EPERM 1
#define BSM_ENOENT 2
#define BSM_ESRCH 3
#define BSM_EINTR 4
#define BSM_EIO 5
#define BSM_ENXIO 6
#define BSM_E2BIG 7
#define BSM_ENOEXEC 8
#define BSM_EBADF 9
#define BSM_ECHILD 10
#define BSM_EAGAIN 11
#define BSM_ENOMEM 12
#define BSM_EACCES 13
#define BSM_EFAULT 14
#define BSM_ENOTBLK 15
#define BSM_EBUSY 16
#define BSM_EEXIST 17
#define BSM_EXDEV 18
#define BSM_ENODEV 19
#define BSM_ENOTDIR 20
#define BSM_EISDIR 21
#define BSM_EINVAL 22
#define BSM_ENFILE 23
#define BSM_EMFILE 24
#define BSM_ENOTTY 25
#define BSM_ETXTBSY 26
#define BSM_EFBIG 27
#define BSM_ENOSPC 28
#define BSM_ESPIPE 29
#define BSM_EROFS 30
#define BSM_EMLINK 31
#define BSM_EPIPE 32
#define BSM_EDOM 33
#define BSM_ERANGE 34
#define BSM_ENOMSG 35
#define BSM_EIDRM 36
#define BSM_ECHRNG 37 /* Solaris/Linux-specific. */
#define BSM_EL2NSYNC 38 /* Solaris/Linux-specific. */
#define BSM_EL3HLT 39 /* Solaris/Linux-specific. */
#define BSM_EL3RST 40 /* Solaris/Linux-specific. */
#define BSM_ELNRNG 41 /* Solaris/Linux-specific. */
#define BSM_EUNATCH 42 /* Solaris/Linux-specific. */
#define BSM_ENOCSI 43 /* Solaris/Linux-specific. */
#define BSM_EL2HLT 44 /* Solaris/Linux-specific. */
#define BSM_EDEADLK 45
#define BSM_ENOLCK 46
#define BSM_ECANCELED 47
#define BSM_ENOTSUP 48
#define BSM_EDQUOT 49
#define BSM_EBADE 50 /* Solaris/Linux-specific. */
#define BSM_EBADR 51 /* Solaris/Linux-specific. */
#define BSM_EXFULL 52 /* Solaris/Linux-specific. */
#define BSM_ENOANO 53 /* Solaris/Linux-specific. */
#define BSM_EBADRQC 54 /* Solaris/Linux-specific. */
#define BSM_EBADSLT 55 /* Solaris/Linux-specific. */
#define BSM_EDEADLOCK 56 /* Solaris-specific. */
#define BSM_EBFONT 57 /* Solaris/Linux-specific. */
#define BSM_EOWNERDEAD 58 /* Solaris/Linux-specific. */
#define BSM_ENOTRECOVERABLE 59 /* Solaris/Linux-specific. */
#define BSM_ENOSTR 60 /* Solaris/Darwin/Linux-specific. */
#define BSM_ENODATA 61 /* Solaris/Darwin/Linux-specific. */
#define BSM_ETIME 62 /* Solaris/Darwin/Linux-specific. */
#define BSM_ENOSR 63 /* Solaris/Darwin/Linux-specific. */
#define BSM_ENONET 64 /* Solaris/Linux-specific. */
#define BSM_ENOPKG 65 /* Solaris/Linux-specific. */
#define BSM_EREMOTE 66
#define BSM_ENOLINK 67
#define BSM_EADV 68 /* Solaris/Linux-specific. */
#define BSM_ESRMNT 69 /* Solaris/Linux-specific. */
#define BSM_ECOMM 70 /* Solaris/Linux-specific. */
#define BSM_EPROTO 71
#define BSM_ELOCKUNMAPPED 72 /* Solaris-specific. */
#define BSM_ENOTACTIVE 73 /* Solaris-specific. */
#define BSM_EMULTIHOP 74
#define BSM_EBADMSG 77
#define BSM_ENAMETOOLONG 78
#define BSM_EOVERFLOW 79
#define BSM_ENOTUNIQ 80 /* Solaris/Linux-specific. */
#define BSM_EBADFD 81 /* Solaris/Linux-specific. */
#define BSM_EREMCHG 82 /* Solaris/Linux-specific. */
#define BSM_ELIBACC 83 /* Solaris/Linux-specific. */
#define BSM_ELIBBAD 84 /* Solaris/Linux-specific. */
#define BSM_ELIBSCN 85 /* Solaris/Linux-specific. */
#define BSM_ELIBMAX 86 /* Solaris/Linux-specific. */
#define BSM_ELIBEXEC 87 /* Solaris/Linux-specific. */
#define BSM_EILSEQ 88
#define BSM_ENOSYS 89
#define BSM_ELOOP 90
#define BSM_ERESTART 91
#define BSM_ESTRPIPE 92 /* Solaris/Linux-specific. */
#define BSM_ENOTEMPTY 93
#define BSM_EUSERS 94
#define BSM_ENOTSOCK 95
#define BSM_EDESTADDRREQ 96
#define BSM_EMSGSIZE 97
#define BSM_EPROTOTYPE 98
#define BSM_ENOPROTOOPT 99
#define BSM_EPROTONOSUPPORT 120
#define BSM_ESOCKTNOSUPPORT 121
#define BSM_EOPNOTSUPP 122
#define BSM_EPFNOSUPPORT 123
#define BSM_EAFNOSUPPORT 124
#define BSM_EADDRINUSE 125
#define BSM_EADDRNOTAVAIL 126
#define BSM_ENETDOWN 127
#define BSM_ENETUNREACH 128
#define BSM_ENETRESET 129
#define BSM_ECONNABORTED 130
#define BSM_ECONNRESET 131
#define BSM_ENOBUFS 132
#define BSM_EISCONN 133
#define BSM_ENOTCONN 134
#define BSM_ESHUTDOWN 143
#define BSM_ETOOMANYREFS 144
#define BSM_ETIMEDOUT 145
#define BSM_ECONNREFUSED 146
#define BSM_EHOSTDOWN 147
#define BSM_EHOSTUNREACH 148
#define BSM_EALREADY 149
#define BSM_EINPROGRESS 150
#define BSM_ESTALE 151
/*
* OpenBSM constants for error numbers not defined in Solaris. In the event
* that these errors are added to Solaris, we will deprecate the OpenBSM
* numbers in the same way we do for audit event constants.
*
* ELAST doesn't get a constant in the BSM space.
*/
#define BSM_EPROCLIM 190 /* FreeBSD/Darwin-specific. */
#define BSM_EBADRPC 191 /* FreeBSD/Darwin-specific. */
#define BSM_ERPCMISMATCH 192 /* FreeBSD/Darwin-specific. */
#define BSM_EPROGUNAVAIL 193 /* FreeBSD/Darwin-specific. */
#define BSM_EPROGMISMATCH 194 /* FreeBSD/Darwin-specific. */
#define BSM_EPROCUNAVAIL 195 /* FreeBSD/Darwin-specific. */
#define BSM_EFTYPE 196 /* FreeBSD/Darwin-specific. */
#define BSM_EAUTH 197 /* FreeBSD/Darwin-specific. */
#define BSM_ENEEDAUTH 198 /* FreeBSD/Darwin-specific. */
#define BSM_ENOATTR 199 /* FreeBSD/Darwin-specific. */
#define BSM_EDOOFUS 200 /* FreeBSD-specific. */
#define BSM_EJUSTRETURN 201 /* FreeBSD-specific. */
#define BSM_ENOIOCTL 202 /* FreeBSD-specific. */
#define BSM_EDIRIOCTL 203 /* FreeBSD-specific. */
#define BSM_EPWROFF 204 /* Darwin-specific. */
#define BSM_EDEVERR 205 /* Darwin-specific. */
#define BSM_EBADEXEC 206 /* Darwin-specific. */
#define BSM_EBADARCH 207 /* Darwin-specific. */
#define BSM_ESHLIBVERS 208 /* Darwin-specific. */
#define BSM_EBADMACHO 209 /* Darwin-specific. */
#define BSM_EPOLICY 210 /* Darwin-specific. */
#define BSM_EDOTDOT 211 /* Linux-specific. */
#define BSM_EUCLEAN 212 /* Linux-specific. */
#define BSM_ENOTNAM 213 /* Linux(Xenix?)-specific. */
#define BSM_ENAVAIL 214 /* Linux(Xenix?)-specific. */
#define BSM_EISNAM 215 /* Linux(Xenix?)-specific. */
#define BSM_EREMOTEIO 216 /* Linux-specific. */
#define BSM_ENOMEDIUM 217 /* Linux-specific. */
#define BSM_EMEDIUMTYPE 218 /* Linux-specific. */
#define BSM_ENOKEY 219 /* Linux-specific. */
#define BSM_EKEYEXPIRED 220 /* Linux-specific. */
#define BSM_EKEYREVOKED 221 /* Linux-specific. */
#define BSM_EKEYREJECTED 222 /* Linux-specific. */
/*
* In the event that OpenBSM doesn't have a file representation of a local
* error number, use this.
*/
#define BSM_UNKNOWNERR 250 /* OpenBSM-specific. */
#endif /* !_BSM_AUDIT_ERRNO_H_ */

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2005 Apple Inc.
* Copyright (c) 2005-2008 Apple Inc.
* Copyright (c) 2005 SPARTA, Inc.
* All rights reserved.
*
@ -30,7 +30,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#2 $
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5 $
*/
#ifndef _AUDIT_INTERNAL_H

View File

@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#3 $
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#4 $
*/
#ifndef _BSM_AUDIT_KEVENTS_H_
@ -58,7 +58,6 @@
#define AUE_UMOUNT 12
#define AUE_JUNK 13 /* Solaris-specific. */
#define AUE_ACCESS 14
#define AUE_CHECKUSERACCESS AUE_ACCESS /* Darwin-specific. */
#define AUE_KILL 15
#define AUE_STAT 16
#define AUE_LSTAT 17
@ -560,7 +559,7 @@
#define AUE_ACCESS_EXTENDED 43162 /* Darwin. */
#define AUE_CHMOD_EXTENDED 43163 /* Darwin. */
#define AUE_FCHMOD_EXTENDED 43164 /* Darwin. */
#define AUE_FSTAT_EXTENDED 43165 /* Dariwn. */
#define AUE_FSTAT_EXTENDED 43165 /* Darwin. */
#define AUE_LSTAT_EXTENDED 43166 /* Darwin. */
#define AUE_MKDIR_EXTENDED 43167 /* Darwin. */
#define AUE_MKFIFO_EXTENDED 43168 /* Darwin. */
@ -585,6 +584,8 @@
#define AUE_CAP_GETRIGHTS 43187 /* TrustedBSD. */
#define AUE_CAP_ENTER 43188 /* TrustedBSD. */
#define AUE_CAP_GETMODE 43189 /* TrustedBSD. */
#define AUE_POSIX_SPAWN 43190 /* Darwin. */
#define AUE_FSGETPATH 43191 /* Darwin. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@ -656,13 +657,42 @@
/*
* Possible desired future values based on review of BSD/Darwin system calls.
*/
#define AUE_ACCESSEXTENDED AUE_NULL
#define AUE_ATGETMSG AUE_NULL
#define AUE_ATPUTMSG AUE_NULL
#define AUE_ATSOCKET AUE_NULL
#define AUE_ATPGETREQ AUE_NULL
#define AUE_ATPGETRSP AUE_NULL
#define AUE_ATPSNDREQ AUE_NULL
#define AUE_ATPSNDRSP AUE_NULL
#define AUE_BSDTHREADCREATE AUE_NULL
#define AUE_BSDTHREADTERMINATE AUE_NULL
#define AUE_BSDTHREADREGISTER AUE_NULL
#define AUE_CHMODEXTENDED AUE_NULL
#define AUE_CHUD AUE_NULL
#define AUE_CSOPS AUE_NULL
#define AUE_DUP AUE_NULL
#define AUE_FCHMODEXTENDED AUE_NULL
#define AUE_FDATASYNC AUE_NULL
#define AUE_FFSCTL AUE_NULL
#define AUE_FGETATTRLIST AUE_NULL
#define AUE_FGETXATTR AUE_NULL
#define AUE_FLISTXATTR AUE_NULL
#define AUE_FREMOVEXATTR AUE_NULL
#define AUE_FSCTL AUE_NULL
#define AUE_FSETATTRLIST AUE_NULL
#define AUE_FSETXATTR AUE_NULL
#define AUE_FSTATEXTENDED AUE_NULL
#define AUE_FSTATFS64 AUE_NULL
#define AUE_FSTATV AUE_NULL
#define AUE_FSTAT64 AUE_NULL
#define AUE_FSTAT64EXTENDED AUE_NULL
#define AUE_GCCONTROL AUE_NULL
#define AUE_GETDIRENTRIES64 AUE_NULL
#define AUE_GETDTABLESIZE AUE_NULL
#define AUE_GETEGID AUE_NULL
#define AUE_GETEUID AUE_NULL
#define AUE_GETFSSTAT64 AUE_NULL
#define AUE_GETGID AUE_NULL
#define AUE_GETGROUPS AUE_NULL
#define AUE_GETITIMER AUE_NULL
@ -675,24 +705,53 @@
#define AUE_GETPRIORITY AUE_NULL
#define AUE_GETRLIMIT AUE_NULL
#define AUE_GETRUSAGE AUE_NULL
#define AUE_GETSGROUPS AUE_NULL
#define AUE_GETSID AUE_NULL
#define AUE_GETSOCKNAME AUE_NULL
#define AUE_GETTIMEOFDAY AUE_NULL
#define AUE_GETTID AUE_NULL
#define AUE_GETUID AUE_NULL
#define AUE_GETSOCKOPT AUE_NULL
#define AUE_GTSOCKOPT AUE_GETSOCKOPT /* XXX: Typo in Darwin. */
#define AUE_GETWGROUPS AUE_NULL
#define AUE_GETXATTR AUE_NULL
#define AUE_IDENTITYSVC AUE_NULL
#define AUE_INITGROUPS AUE_NULL
#define AUE_IOPOLICYSYS AUE_NULL
#define AUE_ISSETUGID AUE_NULL
#define AUE_LIOLISTIO AUE_NULL
#define AUE_LISTXATTR AUE_NULL
#define AUE_LSTATEXTENDED AUE_NULL
#define AUE_LSTATV AUE_NULL
#define AUE_LSTAT64 AUE_NULL
#define AUE_LSTAT64EXTENDED AUE_NULL
#define AUE_MADVISE AUE_NULL
#define AUE_MINCORE AUE_NULL
#define AUE_MKCOMPLEX AUE_NULL
#define AUE_MKDIREXTENDED AUE_NULL
#define AUE_MKFIFOEXTENDED AUE_NULL
#define AUE_MODWATCH AUE_NULL
#define AUE_MSGCL AUE_NULL
#define AUE_MSYNC AUE_NULL
#define AUE_OPENEXTENDED AUE_NULL
#define AUE_PREAD AUE_NULL
#define AUE_PWRITE AUE_NULL
#define AUE_PREADV AUE_NULL
#define AUE_PROCINFO AUE_NULL
#define AUE_PTHREADCANCELED AUE_NULL
#define AUE_PTHREADCHDIR AUE_NULL
#define AUE_PTHREADCONDBROADCAST AUE_NULL
#define AUE_PTHREADCONDDESTORY AUE_NULL
#define AUE_PTHREADCONDINIT AUE_NULL
#define AUE_PTHREADCONDSIGNAL AUE_NULL
#define AUE_PTHREADCONDWAIT AUE_NULL
#define AUE_PTHREADFCHDIR AUE_NULL
#define AUE_PTHREADMARK AUE_NULL
#define AUE_PTHREADMUTEXDESTROY AUE_NULL
#define AUE_PTHREADMUTEXINIT AUE_NULL
#define AUE_PTHREADMUTEXTRYLOCK AUE_NULL
#define AUE_PTHREADMUTEXUNLOCK AUE_NULL
#define AUE_PWRITEV AUE_NULL
#define AUE_REMOVEXATTR AUE_NULL
#define AUE_SBRK AUE_NULL
#define AUE_SELECT AUE_NULL
#define AUE_SEMDESTROY AUE_NULL
@ -701,7 +760,15 @@
#define AUE_SEMPOST AUE_NULL
#define AUE_SEMTRYWAIT AUE_NULL
#define AUE_SEMWAIT AUE_NULL
#define AUE_SEMWAITSIGNAL AUE_NULL
#define AUE_SETITIMER AUE_NULL
#define AUE_SETSGROUPS AUE_NULL
#define AUE_SETTID AUE_NULL
#define AUE_SETTIDWITHPID AUE_NULL
#define AUE_SETWGROUPS AUE_NULL
#define AUE_SETXATTR AUE_NULL
#define AUE_SHAREDREGIONCHECK AUE_NULL
#define AUE_SHAREDREGIONMAP AUE_NULL
#define AUE_SIGACTION AUE_NULL
#define AUE_SIGALTSTACK AUE_NULL
#define AUE_SIGPENDING AUE_NULL
@ -710,11 +777,21 @@
#define AUE_SIGSUSPEND AUE_NULL
#define AUE_SIGWAIT AUE_NULL
#define AUE_SSTK AUE_NULL
#define AUE_STACKSNAPSHOT AUE_NULL
#define AUE_STATEXTENDED AUE_NULL
#define AUE_STATFS64 AUE_NULL
#define AUE_STATV AUE_NULL
#define AUE_STAT64 AUE_NULL
#define AUE_STAT64EXTENDED AUE_NULL
#define AUE_SYNC AUE_NULL
#define AUE_SYSCALL AUE_NULL
#define AUE_TABLE AUE_NULL
#define AUE_UMASKEXTENDED AUE_NULL
#define AUE_VMPRESSUREMONITOR AUE_NULL
#define AUE_WAITEVENT AUE_NULL
#define AUE_WAITID AUE_NULL
#define AUE_WATCHEVENT AUE_NULL
#define AUE_WORKQOPEN AUE_NULL
#define AUE_WORKQOPS AUE_NULL
#endif /* !_BSM_AUDIT_KEVENTS_H_ */

View File

@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#3 $
* $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#8 $
*/
#ifndef _BSM_AUDIT_RECORD_H_
@ -164,14 +164,11 @@
#define AUDIT_HEADER_VERSION_SOLARIS 2
#define AUDIT_HEADER_VERSION_TSOL25 3
#define AUDIT_HEADER_VERSION_TSOL 4
#define AUDIT_HEADER_VERSION_OPENBSM 10
#define AUDIT_HEADER_VERSION_OPENBSM10 10
#define AUDIT_HEADER_VERSION_OPENBSM11 11
#define AUDIT_HEADER_VERSION_OPENBSM AUDIT_HEADER_VERSION_OPENBSM11
/*
* BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we
* split the difference, will remove the Apple define for the next release.
*/
#define AUT_TRAILER_MAGIC 0xb105
#define TRAILER_PAD_MAGIC AUT_TRAILER_MAGIC
/* BSM library calls */
@ -182,6 +179,7 @@ struct in6_addr;
struct ip;
struct ipc_perm;
struct kevent;
struct sockaddr;
struct sockaddr_in;
struct sockaddr_in6;
struct sockaddr_un;
@ -208,6 +206,7 @@ token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod);
#endif
token_t *au_to_me(void);
@ -251,15 +250,8 @@ token_t *au_to_return(char status, uint32_t ret);
token_t *au_to_return32(char status, uint32_t ret);
token_t *au_to_return64(char status, uint64_t ret);
token_t *au_to_seq(long audit_count);
#if defined(_KERNEL) || defined(KERNEL)
token_t *au_to_socket(struct socket *so);
token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la,
struct sockaddr *ta);
token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la,
struct sockaddr *ta);
#endif
token_t *au_to_socket_ex(u_short so_domain, u_short so_type,
struct sockaddr *sa_local, struct sockaddr *sa_remote);
token_t *au_to_sock_inet(struct sockaddr_in *so);
token_t *au_to_sock_inet32(struct sockaddr_in *so);
token_t *au_to_sock_inet128(struct sockaddr_in6 *so);
@ -277,8 +269,8 @@ token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
#if defined(_KERNEL) || defined(KERNEL)
token_t *au_to_exec_args(const char *args, int argc);
token_t *au_to_exec_env(const char *envs, int envc);
token_t *au_to_exec_args(char *args, int argc);
token_t *au_to_exec_env(char *envs, int envc);
#else
token_t *au_to_exec_args(char **argv);
token_t *au_to_exec_env(char **envp);
@ -288,6 +280,12 @@ token_t *au_to_kevent(struct kevent *kev);
token_t *au_to_trailer(int rec_size);
token_t *au_to_zonename(const char *zonename);
/*
* BSM library routines for manipulating errno values.
*/
int au_bsm_to_errno(u_char bsm_error, int *errorp);
u_char au_errno_to_bsm(int error);
__END_DECLS
#endif /* ! _BSM_AUDIT_RECORD_H_ */

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.in#6 $
# $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.in#7 $
#
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@

View File

@ -15,7 +15,7 @@
@SET_MAKE@
#
# $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.in#6 $
# $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.in#7 $
#
VPATH = @srcdir@

View File

@ -1,5 +1,6 @@
/*-
* Copyright (c) 2006-2007 Robert N. M. Watson
* Copyright (c) 2008 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -23,7 +24,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#9 $
* $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#12 $
*/
/*
@ -553,7 +554,7 @@ generate_process64ex_record(const char *directory, const char *record_filename,
free(buf);
}
static char return32_status = 0xd7;
static char return32_status = EINVAL;
static uint32_t return32_ret = 0x12345678;
static void
@ -561,7 +562,8 @@ generate_return32_token(const char *directory, const char *token_filename)
{
token_t *return32_token;
return32_token = au_to_return32(return32_status, return32_ret);
return32_token = au_to_return32(au_errno_to_bsm(return32_status),
return32_ret);
if (return32_token == NULL)
err(EX_UNAVAILABLE, "au_to_return32");
write_token(directory, token_filename, return32_token);
@ -572,7 +574,8 @@ generate_return32_record(const char *directory, const char *record_filename)
{
token_t *return32_token;
return32_token = au_to_return32(return32_status, return32_ret);
return32_token = au_to_return32(au_errno_to_bsm(return32_status),
return32_ret);
if (return32_token == NULL)
err(EX_UNAVAILABLE, "au_to_return32");
write_record(directory, record_filename, return32_token, AUE_NULL);
@ -913,6 +916,124 @@ generate_zonename_record(const char *directory, const char *record_filename)
write_record(directory, record_filename, zonename_token, AUE_NULL);
}
static u_short socketex_domain = AF_INET;
static u_short socketex_type = SOCK_STREAM;
static struct sockaddr_in socketex_laddr, socketex_raddr;
static void
generate_socketex_token(const char *directory, const char *token_filename)
{
token_t *socketex_token;
bzero(&socketex_laddr, sizeof(socketex_laddr));
socketex_laddr.sin_family = AF_INET;
socketex_laddr.sin_len = sizeof(socketex_laddr);
socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
bzero(&socketex_raddr, sizeof(socketex_raddr));
socketex_raddr.sin_family = AF_INET;
socketex_raddr.sin_len = sizeof(socketex_raddr);
socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
socketex_token = au_to_socket_ex(socketex_domain, socketex_type,
(struct sockaddr *)&socketex_laddr,
(struct sockaddr *)&socketex_raddr);
if (socketex_token == NULL)
err(EX_UNAVAILABLE, "au_to_socket_ex");
write_token(directory, token_filename, socketex_token);
}
static void
generate_socketex_record(const char *directory, const char *record_filename)
{
token_t *socketex_token;
bzero(&socketex_laddr, sizeof(socketex_laddr));
socketex_laddr.sin_family = AF_INET;
socketex_laddr.sin_len = sizeof(socketex_laddr);
socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
bzero(&socketex_raddr, sizeof(socketex_raddr));
socketex_raddr.sin_family = AF_INET;
socketex_raddr.sin_len = sizeof(socketex_raddr);
socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
socketex_token = au_to_socket_ex(socketex_domain, socketex_type,
(struct sockaddr *)&socketex_laddr,
(struct sockaddr *)&socketex_raddr);
if (socketex_token == NULL)
err(EX_UNAVAILABLE, "au_to_socket_ex");
write_record(directory, record_filename, socketex_token, AUE_NULL);
}
/*
* Generate a series of error-number specific return tokens in records.
*/
static void
generate_error_record(const char *directory, const char *filename, int error)
{
char pathname[PATH_MAX];
token_t *return32_token;
return32_token = au_to_return32(au_errno_to_bsm(error), -1);
if (return32_token == NULL)
err(EX_UNAVAILABLE, "au_to_return32");
(void)snprintf(pathname, PATH_MAX, "%s_record", filename);
write_record(directory, pathname, return32_token, AUE_NULL);
}
/*
* Not all the error numbers, just a few present on all platforms for now.
*/
const struct {
int error_number;
const char *error_name;
} error_list[] = {
{ EPERM, "EPERM" },
{ ENOENT, "ENOENT" },
{ ESRCH, "ESRCH" },
{ EINTR, "EINTR" },
{ EIO, "EIO" },
{ ENXIO, "ENXIO" },
{ E2BIG, "E2BIG" },
{ ENOEXEC, "ENOEXEC" },
{ EBADF, "EBADF" },
{ ECHILD, "ECHILD" },
{ EDEADLK, "EDEADLK" },
{ ENOMEM, "ENOMEM" },
{ EACCES, "EACCES" },
{ EFAULT, "EFAULT" },
{ ENOTBLK, "ENOTBLK" },
{ EBUSY, "EBUSY" },
{ EEXIST, "EEXIST" },
{ EXDEV, "EXDEV" },
{ ENODEV, "ENODEV" },
{ ENOTDIR, "ENOTDIR" },
{ EISDIR, "EISDIR" },
{ EINVAL, "EINVAL" },
{ ENFILE, "ENFILE" },
{ EMFILE, "EMFILE" },
{ ENOTTY, "ENOTTY" },
{ ETXTBSY, "ETXTBSY" },
{ EFBIG, "EFBIG" },
{ ENOSPC, "ENOSPC" },
{ ESPIPE, "ESPIPE" },
{ EROFS, "EROFS" },
{ EMLINK, "EMLINK" },
{ EPIPE, "EPIPE" }
};
const int error_list_count = sizeof(error_list)/sizeof(error_list[0]);
static void
do_error_records(const char *directory)
{
int i;
for (i = 0; i < error_list_count; i++)
generate_error_record(directory, error_list[i].error_name,
error_list[i].error_number);
}
int
main(int argc, char *argv[])
{
@ -980,6 +1101,7 @@ main(int argc, char *argv[])
generate_groups_token(directory, "groups_token");
generate_attr32_token(directory, "attr32_token");
generate_zonename_token(directory, "zonename_token");
generate_socketex_token(directory, "socketex_token");
}
if (do_records) {
@ -1015,6 +1137,8 @@ main(int argc, char *argv[])
generate_groups_record(directory, "groups_record");
generate_attr32_record(directory, "attr32_record");
generate_zonename_record(directory, "zonename_record");
generate_socketex_record(directory, "socketex_record");
do_error_records(directory);
}
return (0);

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More