From owner-trustedbsd-cvs@FreeBSD.ORG Tue Nov 21 17:24:29 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5210316B5CD for ; Tue, 21 Nov 2006 17:22:56 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F21243D46 for ; Tue, 21 Nov 2006 17:22:32 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by cyrus.watson.org (Postfix) with ESMTP id 7F2BD46F1A for ; Tue, 21 Nov 2006 12:22:54 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [69.147.83.54]) by mx2.freebsd.org (Postfix) with ESMTP id 3E27A91C3E; Tue, 21 Nov 2006 17:18:30 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id C1FEB16AA3F; Tue, 21 Nov 2006 17:17:32 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5A71816A9AE for ; Tue, 21 Nov 2006 17:17:32 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A42943F2E for ; Tue, 21 Nov 2006 17:08:18 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kALH8Nla064671 for ; Tue, 21 Nov 2006 17:08:23 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kALH8ME4064663 for perforce@freebsd.org; Tue, 21 Nov 2006 17:08:22 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 21 Nov 2006 17:08:22 GMT Message-Id: <200611211708.kALH8ME4064663@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 110202 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2006 17:24:29 -0000 http://perforce.freebsd.org/chv.cgi?CH=110202 Change 110202 by rwatson@rwatson_fledge on 2006/11/18 09:42:17 Add encoding and decoding routines for process64_ex, process32_ex, subject64_ex token types. Submitted by: Diego Giagio Affected files ... .. //depot/projects/trustedbsd/openbsm/HISTORY#45 edit .. //depot/projects/trustedbsd/openbsm/README#22 edit .. //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#24 edit .. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#32 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#43 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#53 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/HISTORY#45 (text+ko) ==== @@ -5,6 +5,8 @@ - Countless man page fixes. - praudit XML support via "praudit -x". - audit.log.5 expanded to include additional BSM token types. +- Added encoding and decoding routines for process64_ex, process32_ex, and + subject32_ex tokens. OpenBSM 1.0 alpha 12 @@ -272,4 +274,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/HISTORY#44 $ +$P4: //depot/projects/trustedbsd/openbsm/HISTORY#45 $ ==== //depot/projects/trustedbsd/openbsm/README#22 (text+ko) ==== @@ -78,6 +78,7 @@ Martin Englund Ruslan Ermilov Martin Voros + Diego Giagio In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel Software's FlexeLint tool were used to identify a number of bugs in the @@ -99,4 +100,4 @@ http://www.TrustedBSD.org/ -$P4: //depot/projects/trustedbsd/openbsm/README#21 $ +$P4: //depot/projects/trustedbsd/openbsm/README#22 $ ==== //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#24 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#23 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#24 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -246,6 +246,8 @@ token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm); +token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm); #if !defined(KERNEL) && !defined(_KERNEL) token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); ==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#32 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#31 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#32 $ */ #ifndef _LIBBSM_H_ @@ -164,6 +164,12 @@ u_int32_t addr[4]; } au_tidaddr32_t; +typedef struct au_tidaddr64 { + u_int64_t port; + u_int32_t type; + u_int32_t addr[4]; +} au_tidaddr64_t; + /* * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) @@ -483,6 +489,17 @@ au_tidaddr32_t tid; } au_proc32ex_t; +typedef struct { + u_int32_t auid; + u_int32_t euid; + u_int32_t egid; + u_int32_t ruid; + u_int32_t rgid; + u_int32_t pid; + u_int32_t sid; + au_tidaddr64_t tid; +} au_proc64ex_t; + /* * error status 1 byte * return value 4 bytes/8 bytes (32-bit/64-bit value) @@ -616,6 +633,17 @@ au_tidaddr32_t tid; } au_subject32ex_t; +typedef struct { + u_int32_t auid; + u_int32_t euid; + u_int32_t egid; + u_int32_t ruid; + u_int32_t rgid; + u_int32_t pid; + u_int32_t sid; + au_tidaddr64_t tid; +} au_subject64ex_t; + /* * text length 2 bytes * text N bytes + 1 terminating NULL byte @@ -675,8 +703,9 @@ au_opaque_t opaque; au_path_t path; au_proc32_t proc32; + au_proc32ex_t proc32_ex; au_proc64_t proc64; - au_proc32ex_t proc32_ex; + au_proc64ex_t proc64_ex; au_ret32_t ret32; au_ret64_t ret64; au_seq_t seq; @@ -685,8 +714,9 @@ au_socketinet32_t sockinet32; au_socketunix_t sockunix; au_subject32_t subj32; + au_subject32ex_t subj32_ex; au_subject64_t subj64; - au_subject32ex_t subj32_ex; + au_subject64ex_t subj64_ex; au_text_t text; au_kevent_t kevent; au_invalid_t invalid; ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#43 (text+ko) ==== @@ -32,7 +32,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#42 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#43 $ */ #include @@ -333,6 +333,14 @@ fprintf(fp, "/>"); break; + case AUT_PROCESS64: + fprintf(fp, "/>"); + break; + + case AUT_PROCESS64_EX: + fprintf(fp, "/>"); + break; + case AUT_RETURN32: fprintf(fp, "/>"); break; @@ -369,6 +377,10 @@ fprintf(fp, "/>"); break; + case AUT_SUBJECT64_EX: + fprintf(fp, "/>"); + break; + case AUT_TEXT: fprintf(fp, ""); break; @@ -488,6 +500,14 @@ fprintf(fp, ""); break; @@ -2530,7 +2554,133 @@ } } +/* + * token ID 1 byte + * audit ID 4 bytes + * euid 4 bytes + * egid 4 bytes + * ruid 4 bytes + * rgid 4 bytes + * pid 4 bytes + * sessid 4 bytes + * terminal ID + * portid 8 bytes + * machine id 4 bytes + */ static int +fetch_process64_tok(tokenstr_t *tok, char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.auid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.euid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.egid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.ruid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.rgid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.pid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.sid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT64(buf, len, tok->tt.proc64.tid.port, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_BYTES(buf, len, &tok->tt.proc64.tid.addr, + sizeof(tok->tt.proc64.tid.addr), tok->len, err); + if (err) + return (-1); + + return (0); +} + +static void +print_process64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + print_tok_type(fp, tok->id, "process", raw, xml); + if (xml) { + open_attr(fp, "audit-uid"); + print_user(fp, tok->tt.proc64.auid, raw); + close_attr(fp); + open_attr(fp, "uid"); + print_user(fp, tok->tt.proc64.euid, raw); + close_attr(fp); + open_attr(fp, "gid"); + print_group(fp, tok->tt.proc64.egid, raw); + close_attr(fp); + open_attr(fp, "ruid"); + print_user(fp, tok->tt.proc64.ruid, raw); + close_attr(fp); + open_attr(fp, "rgid"); + print_group(fp, tok->tt.proc64.rgid, raw); + close_attr(fp); + open_attr(fp, "pid"); + print_4_bytes(fp, tok->tt.proc64.pid, "%u"); + close_attr(fp); + open_attr(fp, "sid"); + print_4_bytes(fp, tok->tt.proc64.sid, "%u"); + close_attr(fp); + open_attr(fp, "tid"); + print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu"); + print_ip_address(fp, tok->tt.proc64.tid.addr); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_user(fp, tok->tt.proc64.auid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.proc64.euid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.proc64.egid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.proc64.ruid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.proc64.rgid, raw); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.proc64.pid, "%u"); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.proc64.sid, "%u"); + print_delim(fp, del); + print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu"); + print_delim(fp, del); + print_ip_address(fp, tok->tt.proc64.tid.addr); + } +} + +/* + * token ID 1 byte + * audit ID 4 bytes + * effective user ID 4 bytes + * effective group ID 4 bytes + * real user ID 4 bytes + * real group ID 4 bytes + * process ID 4 bytes + * session ID 4 bytes + * terminal ID + * port ID 4 bytes + * address type-len 4 bytes + * machine address 16 bytes + */ +static int fetch_process32ex_tok(tokenstr_t *tok, char *buf, int len) { int err = 0; @@ -2646,6 +2796,135 @@ } } +/* + * token ID 1 byte + * audit ID 4 bytes + * effective user ID 4 bytes + * effective group ID 4 bytes + * real user ID 4 bytes + * real group ID 4 bytes + * process ID 4 bytes + * session ID 4 bytes + * terminal ID + * port ID 8 bytes + * address type-len 4 bytes + * machine address 16 bytes + */ +static int +fetch_process64ex_tok(tokenstr_t *tok, char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.auid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.euid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.egid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.ruid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.rgid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.pid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.sid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT64(buf, len, tok->tt.proc64_ex.tid.port, tok->len, + err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.tid.type, tok->len, + err); + if (err) + return (-1); + + if (tok->tt.proc64_ex.tid.type == AU_IPv4) { + READ_TOKEN_BYTES(buf, len, &tok->tt.proc64_ex.tid.addr[0], + sizeof(tok->tt.proc64_ex.tid.addr[0]), tok->len, err); + if (err) + return (-1); + } else if (tok->tt.proc64_ex.tid.type == AU_IPv6) { + READ_TOKEN_BYTES(buf, len, tok->tt.proc64_ex.tid.addr, + sizeof(tok->tt.proc64_ex.tid.addr), tok->len, err); + if (err) + return (-1); + } else + return (-1); + + return (0); +} + +static void +print_process64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + print_tok_type(fp, tok->id, "process_ex", raw, xml); + if (xml) { + open_attr(fp, "audit-uid"); + print_user(fp, tok->tt.proc64_ex.auid, raw); + close_attr(fp); + open_attr(fp, "uid"); + print_user(fp, tok->tt.proc64_ex.euid, raw); + close_attr(fp); + open_attr(fp, "gid"); + print_group(fp, tok->tt.proc64_ex.egid, raw); + close_attr(fp); + open_attr(fp, "ruid"); + print_user(fp, tok->tt.proc64_ex.ruid, raw); + close_attr(fp); + open_attr(fp, "rgid"); + print_group(fp, tok->tt.proc64_ex.rgid, raw); + close_attr(fp); + open_attr(fp, "pid"); + print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u"); + close_attr(fp); + open_attr(fp, "sid"); + print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u"); + close_attr(fp); + open_attr(fp, "tid"); + print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu"); + print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type, + tok->tt.proc64_ex.tid.addr); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_user(fp, tok->tt.proc64_ex.auid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.proc64_ex.euid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.proc64_ex.egid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.proc64_ex.ruid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.proc64_ex.rgid, raw); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u"); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u"); + print_delim(fp, del); + print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu"); + print_delim(fp, del); + print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type, + tok->tt.proc64_ex.tid.addr); + } +} + /* * errno 1 byte * return value 4 bytes @@ -3290,6 +3569,134 @@ } /* + * audit ID 4 bytes + * euid 4 bytes + * egid 4 bytes + * ruid 4 bytes + * rgid 4 bytes + * pid 4 bytes + * sessid 4 bytes + * terminal ID + * portid 8 bytes + * type 4 bytes + * machine id 16 bytes + */ +static int +fetch_subject64ex_tok(tokenstr_t *tok, char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.auid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.euid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.egid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.ruid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.rgid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.pid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.sid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT64(buf, len, tok->tt.subj64_ex.tid.port, tok->len, + err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.tid.type, tok->len, + err); + if (err) + return (-1); + + if (tok->tt.subj64_ex.tid.type == AU_IPv4) { + READ_TOKEN_BYTES(buf, len, &tok->tt.subj64_ex.tid.addr[0], + sizeof(tok->tt.subj64_ex.tid.addr[0]), tok->len, err); + if (err) + return (-1); + } else if (tok->tt.subj64_ex.tid.type == AU_IPv6) { + READ_TOKEN_BYTES(buf, len, tok->tt.subj64_ex.tid.addr, + sizeof(tok->tt.subj64_ex.tid.addr), tok->len, err); + if (err) + return (-1); + } else + return (-1); + + return (0); +} + +static void +print_subject64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + print_tok_type(fp, tok->id, "subject_ex", raw, xml); + if (xml) { + open_attr(fp, "audit-uid"); + print_user(fp, tok->tt.subj64_ex.auid, raw); + close_attr(fp); + open_attr(fp, "uid"); + print_user(fp, tok->tt.subj64_ex.euid, raw); + close_attr(fp); + open_attr(fp, "gid"); + print_group(fp, tok->tt.subj64_ex.egid, raw); + close_attr(fp); + open_attr(fp, "ruid"); + print_user(fp, tok->tt.subj64_ex.ruid, raw); + close_attr(fp); + open_attr(fp, "rgid"); + print_group(fp, tok->tt.subj64_ex.rgid, raw); + close_attr(fp); + open_attr(fp, "pid"); + print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); + close_attr(fp); + open_attr(fp, "sid"); + print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u"); + close_attr(fp); + open_attr(fp, "tid"); + print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu"); + print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type, + tok->tt.subj64_ex.tid.addr); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_user(fp, tok->tt.subj64_ex.auid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.subj64_ex.euid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.subj64_ex.egid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.subj64_ex.ruid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.subj64_ex.rgid, raw); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u"); + print_delim(fp, del); + print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu"); + print_delim(fp, del); + print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type, + tok->tt.subj64_ex.tid.addr); + } +} + +/* * size 2 bytes * data size bytes */ @@ -3533,6 +3940,12 @@ case AUT_PROCESS32_EX: return (fetch_process32ex_tok(tok, buf, len)); + case AUT_PROCESS64: + return (fetch_process64_tok(tok, buf, len)); + + case AUT_PROCESS64_EX: + return (fetch_process64ex_tok(tok, buf, len)); + case AUT_RETURN32: return (fetch_return32_tok(tok, buf, len)); @@ -3554,11 +3967,14 @@ case AUT_SUBJECT32: return (fetch_subject32_tok(tok, buf, len)); + case AUT_SUBJECT32_EX: + return (fetch_subject32ex_tok(tok, buf, len)); + case AUT_SUBJECT64: return (fetch_subject64_tok(tok, buf, len)); - case AUT_SUBJECT32_EX: - return (fetch_subject32ex_tok(tok, buf, len)); + case AUT_SUBJECT64_EX: + return (fetch_subject64ex_tok(tok, buf, len)); case AUT_TEXT: return (fetch_text_tok(tok, buf, len)); @@ -3682,6 +4098,14 @@ print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; + case AUT_PROCESS64: + print_process64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + + case AUT_PROCESS64_EX: + print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + case AUT_RETURN32: print_return32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; @@ -3718,6 +4142,10 @@ print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; + case AUT_SUBJECT64_EX: + print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + case AUT_TEXT: print_text_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; @@ -3840,6 +4268,14 @@ print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_XML); return; + case AUT_PROCESS64: + print_process64_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + + case AUT_PROCESS64_EX: + print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + case AUT_RETURN32: print_return32_tok(outfp, tok, del, raw, sfrm, AU_XML); return; @@ -3876,6 +4312,10 @@ print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_XML); return; + case AUT_SUBJECT64_EX: + print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + case AUT_TEXT: print_text_tok(outfp, tok, del, raw, sfrm, AU_XML); return; ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#53 (text+ko) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#52 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#53 $ */ #include @@ -212,9 +212,46 @@ token_t * au_to_attr64(struct vnode_au_info *vni) { + token_t *t; + u_char *dptr = NULL; + u_int16_t pad0_16 = 0; + u_int16_t pad0_32 = 0; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + + 3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2); + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_ATTR64); + + /* + * Darwin defines the size for the file mode + * as 2 bytes; BSM defines 4 so pad with 0 + */ + ADD_U_INT16(dptr, pad0_16); + ADD_U_INT16(dptr, vni->vn_mode); + + ADD_U_INT32(dptr, vni->vn_uid); + ADD_U_INT32(dptr, vni->vn_gid); + ADD_U_INT32(dptr, vni->vn_fsid); - errno = ENOTSUP; - return (NULL); + /* + * Some systems use 32-bit file ID's, other's use 64-bit file IDs. + * Attempt to handle both, and let the compiler sort it out. If we + * could pick this out at compile-time, it would be better, so as to + * avoid the else case below. + */ + if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { + ADD_U_INT32(dptr, pad0_32); + ADD_U_INT32(dptr, vni->vn_fileid); + } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) + ADD_U_INT64(dptr, vni->vn_fileid); + else + ADD_U_INT64(dptr, 0LL); + + ADD_U_INT64(dptr, vni->vn_dev); + + return (t); } token_t * @@ -654,9 +691,26 @@ __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid, __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid) { + token_t *t; + u_char *dptr = NULL; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) + + sizeof(u_int64_t)); + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_PROCESS64); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->port); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); - errno = ENOTSUP; - return (NULL); + return (t); } token_t * @@ -727,9 +781,42 @@ au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { + token_t *t; + u_char *dptr = NULL; + + if (tid->at_type == AU_IPv4) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + + 2 * sizeof(u_int32_t)); + else if (tid->at_type == AU_IPv6) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + + 5 * sizeof(u_int32_t)); + else { + errno = EINVAL; + return (NULL); + } + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_PROCESS64_EX); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->at_port); + ADD_U_INT32(dptr, tid->at_type); + ADD_U_INT32(dptr, tid->at_addr[0]); + if (tid->at_type == AU_IPv6) { + ADD_U_INT32(dptr, tid->at_addr[1]); + ADD_U_INT32(dptr, tid->at_addr[2]); + ADD_U_INT32(dptr, tid->at_addr[3]); + } - errno = ENOTSUP; - return (NULL); + return (t); } token_t * @@ -944,9 +1031,26 @@ au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { + token_t *t; + u_char *dptr = NULL; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + + sizeof(u_int64_t) + sizeof(u_int32_t)); + if (t == NULL) + return (NULL); - errno = ENOTSUP; - return (NULL); + ADD_U_CHAR(dptr, AUT_SUBJECT64); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->port); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); + + return (t); } token_t * @@ -1016,9 +1120,42 @@ au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { + token_t *t; + u_char *dptr = NULL; + + if (tid->at_type == AU_IPv4) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + + 2 * sizeof(u_int32_t)); + else if (tid->at_type == AU_IPv6) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + + 5 * sizeof(u_int32_t)); + else { + errno = EINVAL; + return (NULL); + } + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_SUBJECT64_EX); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->at_port); + ADD_U_INT32(dptr, tid->at_type); + ADD_U_INT32(dptr, tid->at_addr[0]); + if (tid->at_type == AU_IPv6) { + ADD_U_INT32(dptr, tid->at_addr[1]); + ADD_U_INT32(dptr, tid->at_addr[2]); + ADD_U_INT32(dptr, tid->at_addr[3]); + } - errno = ENOTSUP; - return (NULL); + return (t); } token_t * @@ -1166,6 +1303,33 @@ return (t); } +token_t * +au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm) +{ + token_t *t; + u_char *dptr = NULL; + u_int32_t timems; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t)); + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_HEADER64); + ADD_U_INT32(dptr, rec_size); + ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); + ADD_U_INT16(dptr, e_type); + ADD_U_INT16(dptr, e_mod); + + timems = tm.tv_usec/1000; + /* Add the timestamp */ + ADD_U_INT64(dptr, tm.tv_sec); + ADD_U_INT64(dptr, timems); /* We need time in ms. */ + + return (t); +} + #if !defined(KERNEL) && !defined(_KERNEL) token_t * au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) @@ -1181,9 +1345,11 @@ au_to_header64(__unused int rec_size, __unused au_event_t e_type, __unused au_emod_t e_mod) { + struct timeval tm; - errno = ENOTSUP; - return (NULL); + if (gettimeofday(&tm, NULL) == -1) + return (NULL); + return (au_to_header64_tm(rec_size, e_type, e_mod, tm)); } token_t *