From owner-trustedbsd-audit@FreeBSD.ORG Sat Feb 11 23:10:16 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE62B16A420 for ; Sat, 11 Feb 2006 23:10:16 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9EBEC43D5D for ; Sat, 11 Feb 2006 23:10:16 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 0A34C46B04 for ; Sat, 11 Feb 2006 18:10:04 -0500 (EST) Date: Sat, 11 Feb 2006 23:13:07 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060211231243.M71792@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: trustedbsd-audit: test post X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2006 23:10:17 -0000 This is a test post to test the transition to the FreeBSD.org mailman install. Please ignore. Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Tue Feb 14 17:28:15 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 217A816A43E for ; Tue, 14 Feb 2006 17:28:15 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: from ems01.seccuris.com (ems01.seccuris.com [204.112.0.35]) by mx1.FreeBSD.org (Postfix) with SMTP id 9678B43D46 for ; Tue, 14 Feb 2006 17:28:14 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: (qmail 63290 invoked by uid 0); 14 Feb 2006 17:32:21 -0000 Received: from unknown (HELO ?192.168.11.101?) (unknown) by unknown with SMTP; 14 Feb 2006 17:32:21 -0000 Message-ID: <43F2132D.6090401@FreeBSD.org> Date: Tue, 14 Feb 2006 11:28:13 -0600 From: "Christian S.J. Peron" User-Agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: trustedbsd-audit@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 14 Feb 2006 18:14:47 +0000 Subject: Solaris su audit failures non fatal X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2006 17:28:15 -0000 All, Here is a recent su(1) submit I did. I basically tried to make it follow Sun's behaviour during audit failures, but I am wondering: If auditing an event fails, shouldn't the event be fatal? Doesn't CAPP require that if an event fails to be audited, it shouldn't happen? Here is the commit log: http://perforce.freebsd.org/chv.cgi?CH=91725 Change 91725 by csjp@csjp_xor on 2006/02/14 04:57:23 - Remove some more audits around PAM failures which really wouldn't be a result of the user input - Implement stdargs to audit_su() so we can specify messages which will be used to create text tokens to give more verbose information for the nature of the failures or success. - Add strings to audi_su() calls for text tokens - The user must never know about auditing operations. So change any writes to stderr to syslog(3) calls and simply return. It should be noted that this is what Solaris is doing, however CAPP is pretty clear about failed audits having to result in a failed operation. That said, I am not sure what an appropriate error message would be to report to the user in the event that we have to abort the entire operation due to a audit failure. Thoughts? Discussed with: wsalamon Affected files ... .. //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#8 edit Differences ... ==== //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#8 (text+ko) ==== @@ -96,6 +96,7 @@ #include #include #include +#include #include #include @@ -144,7 +145,7 @@ static void usage(void) __dead2; static void export_pam_environment(void); static int ok_to_export(const char *); -static void audit_su(au_id_t, int); +static void audit_su(au_id_t, int, const char *, ...); extern char **environ; @@ -219,7 +220,7 @@ if (strlen(user) > MAXLOGNAME - 1) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); + audit_su(getuid(), AUDIT_SU_FAILURE, "username too long"); #endif errx(1, "username too long"); } @@ -252,7 +253,8 @@ pwd = getpwuid(ruid); if (pwd == NULL) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); + audit_su(getuid(), AUDIT_SU_FAILURE, + "unable to determain invoking subject"); #endif errx(1, "who are you?"); } @@ -278,9 +280,6 @@ /* Do the whole PAM startup thing */ retcode = pam_start("su", user, &conv, &pamh); if (retcode != PAM_SUCCESS) { -#ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); -#endif syslog(LOG_ERR, "pam_start: %s", pam_strerror(pamh, retcode)); errx(1, "pam_start: %s", pam_strerror(pamh, retcode)); } @@ -295,14 +294,15 @@ retcode = pam_authenticate(pamh, 0); if (retcode != PAM_SUCCESS) { #ifdef USE_BSM_AUDIT - audit_su(ruid, AUDIT_SU_FAILURE); + audit_su(ruid, AUDIT_SU_FAILURE, "bad su %s to %s on %s", + username, user, mytty); #endif syslog(LOG_AUTH|LOG_WARNING, "BAD SU %s to %s on %s", username, user, mytty); errx(1, "Sorry"); } #ifdef USE_BSM_AUDIT - audit_su(ruid, AUDIT_SU_SUCCESS); + audit_su(ruid, AUDIT_SU_SUCCESS, "successful authentication"); #endif retcode = pam_get_item(pamh, PAM_USER, (const void **)&p); if (retcode == PAM_SUCCESS) @@ -313,7 +313,8 @@ pwd = getpwnam(user); if (pwd == NULL) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); + audit_su(getuid(), AUDIT_SU_FAILURE, + "unknown subject: %s", user); #endif errx(1, "unknown login: %s", user); } @@ -323,17 +324,20 @@ retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (retcode != PAM_SUCCESS) { +#ifdef USE_BSM_AUDIT + audit_su(getuid(), AUDIT_SU_FAILURE, + "pam_chauthtok: %s", + pam_strerror(pamh, retcode)); +#endif syslog(LOG_ERR, "pam_chauthtok: %s", pam_strerror(pamh, retcode)); -#ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); -#endif errx(1, "Sorry"); } } if (retcode != PAM_SUCCESS) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); + audit_su(getuid(), AUDIT_SU_FAILURE, "pam_acct_mgmt: %s", + pam_strerror(pamh, retcode)); #endif syslog(LOG_ERR, "pam_acct_mgmt: %s", pam_strerror(pamh, retcode)); @@ -346,15 +350,13 @@ else { if (ruid != 0) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); + audit_su(getuid(), AUDIT_SU_FAILURE, + "only root may use -c"); #endif errx(1, "only root may use -c"); } lc = login_getclass(class); if (lc == NULL) { -#ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); -#endif errx(1, "unknown class: %s", class); } } @@ -362,9 +364,6 @@ /* if asme and non-standard target shell, must be root */ if (asme) { if (ruid != 0 && !chshell(pwd->pw_shell)) { -#ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); -#endif errx(1, "permission denied (shell)"); } } @@ -391,9 +390,6 @@ /* Switch to home directory */ if (asthem) { if (chdir(pwd->pw_dir) < 0) { -#ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); -#endif errx(1, "no directory"); } } @@ -403,17 +399,11 @@ * initialize them first. */ if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) < 0) { -#ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); -#endif err(1, "setusercontext"); } retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED); if (retcode != PAM_SUCCESS) { -#ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); -#endif syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, retcode)); errx(1, "failed to establish credentials."); @@ -421,9 +411,6 @@ if (asthem) { retcode = pam_open_session(pamh, 0); if (retcode != PAM_SUCCESS) { -#ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); -#endif syslog(LOG_ERR, "pam_open_session: %s", pam_strerror(pamh, retcode)); errx(1, "failed to open session."); @@ -512,9 +499,6 @@ if ((asme || (!asthem && class == NULL)) && pwd->pw_uid) setwhat &= ~(LOGIN_SETPRIORITY | LOGIN_SETRESOURCES); if (setusercontext(lc, pwd, pwd->pw_uid, setwhat) < 0) { -#ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE); -#endif err(1, "setusercontext"); } @@ -647,13 +631,15 @@ #ifdef USE_BSM_AUDIT static void -audit_su(au_id_t au_ctx, int what) +audit_su(au_id_t au_ctx, int what, const char *fmt, ...) { token_t *token; long acond; int afd; au_tid_t termid; pid_t pid; + char text[1024]; + va_list ap; if (auditon(A_GETCOND, &acond, sizeof(long)) < 0) { /* @@ -662,20 +648,40 @@ */ if (errno == ENOSYS) return; - err(1, "auditon failed"); + syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", + strerror(errno)); + return; } afd = au_open(); - if (afd < 0) - err(1, "au_open failed"); + if (afd < 0) { + syslog(LOG_AUTH | LOG_ERR, "au_open failed: %s", + strerror(errno)); + return; + } /* XXX what should we do for termid? */ bzero(&termid, sizeof(termid)); pid = getpid(); token = au_to_subject32(au_ctx, geteuid(), getegid(), getuid(), getgid(), pid, pid, &termid); - if (token == NULL) - errx(1, "audit: unable to build subject token"); + if (token == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "audit: unable to build subject token"); + return; + } /* XXX what if au_fails? */ (void) au_write(afd, token); + if (fmt != NULL) { + va_start(ap, fmt); + vsnprintf(&text[0], sizeof(text) - 1, fmt, ap); + va_end(ap); + token = au_to_text(&text[0]); + if (token == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "failed to generate text token"); + return; + } + (void) au_write(afd, token); + } switch (what) { case AUDIT_SU_FAILURE: token = au_to_return32(1, EPERM); @@ -684,10 +690,13 @@ token = au_to_return32(0, 0); break; } - if (token == NULL) - errx(1, "audit: unable to build return32 token"); + if (token == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "audit: enable to build return token"); + return; + } (void) au_write(afd, token); - if (au_close(afd, 1, AUE_su) < 0) - errx(1, "audit: record not committed"); + if (au_close(afd, 1, AUE_su) < 0) + syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); } #endif -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer FreeBSD Security Team From owner-trustedbsd-audit@FreeBSD.ORG Tue Feb 14 23:37:07 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BBB716A420 for ; Tue, 14 Feb 2006 23:37:07 +0000 (GMT) (envelope-from dingo@microbsd.net) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFBF143D45 for ; Tue, 14 Feb 2006 23:37:06 +0000 (GMT) (envelope-from dingo@microbsd.net) Received: from mail.optimhosts.com (bastille.optimhosts.com [203.177.161.185]) by cyrus.watson.org (Postfix) with ESMTP id 20AEF46BC2 for ; Tue, 14 Feb 2006 18:36:52 -0500 (EST) Received: from localhost (unknown [127.0.0.1]) by mail.optimhosts.com (Postfix) with ESMTP id 1E6B68C8953; Wed, 15 Feb 2006 07:38:03 +0800 (PHT) Received: from mail.optimhosts.com ([127.0.0.1]) by localhost (bastille.optimhosts.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 89157-09; Wed, 15 Feb 2006 07:37:35 +0800 (PHT) Received: from [192.168.2.137] (adsl-217-74-108.asm.bellsouth.net [68.217.74.108]) by mail.optimhosts.com (Postfix) with ESMTP id 757E48C893E; Wed, 15 Feb 2006 07:37:33 +0800 (PHT) From: dingo To: Robert Watson , trustedbsd-audit@TrustedBSD.org, trustedbsd-discuss@cyrus.watson.org Content-Type: text/plain Date: Wed, 15 Feb 2006 07:36:41 +0800 Message-Id: <1139960201.4107.6.camel@pavilion.optimlabs.com> Mime-Version: 1.0 X-Mailer: Evolution 2.4.1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at bastille.optimhosts.com Cc: Subject: Migrating SeBSD to CUREENT - Are we alive ??? X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2006 23:37:07 -0000 Sorry for the second post and cross post, but im hoping to get an answer. Since Im waiting for an answer I hope this finds the right person, Ive been holding up commits waiting for a reply to see if this is possible. while im bringing SEBSD up to speed, can I integrate Audit3 into the branch, I actually considered creating a new Branch SEBSD2 to move along migrations, since SEBSD is dated, and capabilities work needs to be brought up to speed. so can I propose to branch SEBSD2, create new branch Capabilities, Update capabilities, and merge AUDIT3 into SEBSD2 ?? I have a diffed 6.0 that applies, though SEBSD2 will be 7.0 based. From owner-trustedbsd-audit@FreeBSD.ORG Thu Feb 16 13:41:56 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4626816A420 for ; Thu, 16 Feb 2006 13:41:56 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id E519043D46 for ; Thu, 16 Feb 2006 13:41:55 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 394F746B4D; Thu, 16 Feb 2006 08:41:41 -0500 (EST) Date: Thu, 16 Feb 2006 13:45:11 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: dingo In-Reply-To: <1139960201.4107.6.camel@pavilion.optimlabs.com> Message-ID: <20060216134229.P18732@fledge.watson.org> References: <1139960201.4107.6.camel@pavilion.optimlabs.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-discuss@cyrus.watson.org, trustedbsd-audit@TrustedBSD.org Subject: Re: Migrating SeBSD to CUREENT - Are we alive ??? X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 13:41:56 -0000 On Wed, 15 Feb 2006, dingo wrote: > Sorry for the second post and cross post, but im hoping to get an answer. > Since Im waiting for an answer I hope this finds the right person, Ive been > holding up commits waiting for a reply to see if this is possible. while im > bringing SEBSD up to speed, can I integrate Audit3 into the branch, I > actually considered creating a new Branch SEBSD2 to move along migrations, > since SEBSD is dated, and capabilities work needs to be brought up to speed. > so can I propose to branch SEBSD2, create new branch Capabilities, Update > capabilities, and merge AUDIT3 into SEBSD2 ?? I have a diffed 6.0 that > applies, though SEBSD2 will be 7.0 based. The audit3 branch is now almost entirely merged to CVS, meaning that audit support in the base tree is now basically complete. There are a few areas where we're currently not auditing some system call arguments in CVS that are audited in audit3, but my hope is that that is resolved in a few days. The MAC branch has recently been integrated, but only very lightly tested post-integration. It should now have most of the audit bits, and I can push it forward a bit more. So the big open question is with regards to how to handle the SEBSD branch. As it stands, it's quite behind the MAC branch -- if integrated, it would gain the audit3 code, but probably require quite a lot of hacking to work through getting everything working. Some of the previous problems relating to nmount should get better now that the base system has moved to nmount for all file systems, however. If you create a new SEBSD2 branch from either //depot/projects/trustedbsd/mac/... or //depot/vendor/freebsd/src/..., you should get the audit bits you need. Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Tue Feb 21 13:37:25 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCF5F16A422 for ; Tue, 21 Feb 2006 13:37:25 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7098043D46 for ; Tue, 21 Feb 2006 13:37:25 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 64CC646BCB for ; Tue, 21 Feb 2006 08:37:09 -0500 (EST) Date: Tue, 21 Feb 2006 13:41:08 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060221133901.O37014@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: FYI: Mac OS X and FreeBSD audit talk at University of Cambridge X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2006 13:37:26 -0000 Late notice, and probably not useful for those of you not in the UK, but -- I'll be giving the weekly security seminar at the Computer Laboratory at the University of Cambridge today. Details attached below. http://www.cl.cam.ac.uk/Research/Security/seminars/2006/2006-02-21.html Robert N M Watson Title: Design and Implementation of a CC CAPP-Compliant Audit Subsystem for the Mac OS X and FreeBSD Operating Systems Speaker: Robert N M Watson, University of Cambridge Date: Tuesday, 21 February 2006, 16:15 Place: Lecture Theatre 2, William Gates Building Abstract: Completing the Common Criteria CAPP (C2) security evaluation of Apple's Mac OS X operating system required the development of a significant new operating system feature, security event auditing. This facility provides for the fine-grained, configurable, and reliable logging of security events ranging from authentication events in user space to system call access control information throughout the kernel. As the leader for the team that implemented Audit for Apple, I had the opportunity to gain interesting insight into the evaluation requirements and process, as well as into the implementation implications of these requirements. This presentation will describe the requirements and how they have been implemented in traditional UNIX systems, as well as how some of the design decisions that make Mac OS X unique impacted the implementation of Audit. I'll also talk briefly about the later port of this source code base to the open source FreeBSD operating system, and the OpenBSM software package, which provides a portable implementation of the de facto industry standard BSM API and file format originally developed by Sun. From owner-trustedbsd-audit@FreeBSD.ORG Thu Feb 23 08:55:01 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA7BF16A420 for ; Thu, 23 Feb 2006 08:55:01 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8394143D48 for ; Thu, 23 Feb 2006 08:55:01 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 9784546BC1 for ; Thu, 23 Feb 2006 03:54:44 -0500 (EST) Date: Thu, 23 Feb 2006 08:58:53 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060223085333.O37014@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: FYI: OpenBSM 1.0 alpha 4 tarball up for download X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 08:55:02 -0000 This is an FYI that the OpenBSM 1.0a4 tarball is now available for download on the OpenBSM web page: http://www.OpenBSM.org/ Right now the web page is fairly minimal, but you'll find the download link at the bottom. OpenBSM 1.0 alpha 4 matches what has most recently been imported into FreeBSD CVS. Hopefully this tarball will be a bit more accessible for people less interested in cvsuping large TrustedBSD source trees or pulling down the entire FreeBSD source tree. In principle this code builds and runs on at least FreeBSD and Darwin; the code should compile and work on other platforms but its make infrastructure currently depends on the BSD makefile infrastructure, which is unlikely to be present on other platforms. For reasons of portability, this should change, but that hasn't yet happened. Contributions on this front would be welcome. :-) Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Thu Feb 23 22:20:17 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7EFE716A431 for ; Thu, 23 Feb 2006 22:20:17 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DC5D43D46 for ; Thu, 23 Feb 2006 22:20:16 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 8E2A046C0B for ; Thu, 23 Feb 2006 17:19:59 -0500 (EST) Date: Thu, 23 Feb 2006 22:24:12 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060223222341.K33959@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: TrustedBSD mailing list server update X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 22:20:17 -0000 Per earlier e-mail, the TrustedBSD Project is now using the FreeBSD Project's mailman server to host its mailing lists, which provides a web interface for subscription management, archives, etc. As of now, to manage your mailing list subscription for this mailing list, view mailing list archives, etc, you should go to the following URL: http://lists.freebsd.org/mailman/listinfo/trustedbsd-audit Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Fri Feb 24 22:23:51 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 556BB16A420 for ; Fri, 24 Feb 2006 22:23:51 +0000 (GMT) (envelope-from martin.fong@sri.com) Received: from mailgate-internal1.sri.com (mailgate-internal1.SRI.COM [128.18.84.103]) by mx1.FreeBSD.org (Postfix) with SMTP id 95F5E43D53 for ; Fri, 24 Feb 2006 22:23:50 +0000 (GMT) (envelope-from martin.fong@sri.com) Received: from localhost (HELO mailgate-internal1.SRI.COM) (127.0.0.1) by mailgate-internal1.sri.com with SMTP; 24 Feb 2006 22:23:49 -0000 Received: from mx1.csl.sri.com ([130.107.1.29]) by mailgate-internal1.SRI.COM (SMSSMTP 4.1.11.41) with SMTP id M2006022414234920853 ; Fri, 24 Feb 2006 14:23:49 -0800 Received: from [130.107.14.22] (pompeii.csl.sri.com [130.107.14.22]) by mx1.csl.sri.com (8.12.11/8.12.11) with ESMTP id k1OMNmPY060190; Fri, 24 Feb 2006 14:23:48 -0800 (PST) (envelope-from martin.fong@sri.com) Message-ID: <43FF8789.80203@sri.com> Date: Fri, 24 Feb 2006 14:24:09 -0800 From: Martin Fong User-Agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: trustedbsd-audit@FreeBSD.org Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070207030308000108070604" X-Mailman-Approved-At: Fri, 24 Feb 2006 23:21:20 +0000 Cc: Robert Watson Subject: Re: FYI: OpenBSM 1.0 alpha 4 tarball up for download X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2006 22:23:51 -0000 This is a cryptographically signed message in MIME format. --------------ms070207030308000108070604 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Robert Watson wrote, > This is an FYI that the OpenBSM 1.0a4 tarball is now available for > download on the OpenBSM web page: > > http://www.OpenBSM.org/ I've downloaded a copy but have encountered the following compilation problems while building on Mac OS X 10.4.5: - Various Makefiles have incorrectly defined CFLAGS+ options; specifically, there are embedded spaces after '-L': ./bin/audit/Makefile 5c5 < CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. --- > CFLAGS+= -I- -I ../.. -I ../../libbsm -L../../libbsm -I. ./bin/auditd/Makefile 5c5 < CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. --- > CFLAGS+= -I- -I ../.. -I ../../libbsm -L../../libbsm -I. ./bin/auditreduce/Makefile 5c5 < CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. --- > CFLAGS+= -I- -I ../.. -I ../../libbsm -L../../libbsm -I. ./bin/praudit/Makefile 5c5 < CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. --- > CFLAGS+= -I- -I ../.. -I ../../libbsm -L../../libbsm -I. ./tools/Makefile 5c5 < CFLAGS+= -I- -I .. -I ../libbsm -L ../libbsm -I. --- > CFLAGS+= -I- -I .. -I ../libbsm -L../libbsm -I. - While building libbsm, I got the following error: bsdmake : : building shared library libbsm.1.dylib /usr/bin/libtool: for architecture: cputype (16777234) cpusubtype (0) file: -lSystem is not an object file (not allowed in a library) *** Error code 1 Stop in projects/trustedbsd/openbsm/libbsm. Is this due to a development environment requirement other than using bsdmake? - While building bin/auditd, I got the following: cc -O -pipe -I- -I../.. -I../../libbsm -L../../libbsm -I. -c auditd.c auditd.c: In function `main': auditd.c:798: error: `LOG_SECURITY' undeclared (first use in this function) auditd.c:798: error: (Each undeclared identifier is reported only once auditd.c:798: error: for each function it appears in.) *** Error code 1 Where is LOG_SECURITY defined? - While building bin/audit, I got the following: make: don't know how to make audit.1. Stop (N.b., audit/Makefile only declares audit.8 and not audit.1.) I look forward to your suggestions, ...Martin Fong --------------ms070207030308000108070604 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPRDCC BQowggRzoAMCAQICEGjfUr2ClKcq8Z8CV5IICNEwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMiBQdWJs aWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykg MTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4XDTAyMDkyMzAwMDAwMFoXDTA3MDkyMjIzNTk1 OVowgdgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFTUkkgSW50ZXJuYXRpb25hbDEfMB0GA1UE CxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDIxMDAuBgNVBAsTJ0NsYXNzIDIgT25T aXRlIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQTEdMBsGA1UEAxMUU1JJIEludGVybmF0aW9u YWwgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM751MJrmZgUkgBVW9KqAtIYVC9W un/gCB8OVKcVuaEU47A7VM7AmvumIBrylJYrK5yP7T2Ra7qbx1TUI0Y9OX4R4gARYp8JZwgO yfNMd4GZQTMB64KCmK4mydRk1ZnNUdBZgAeCmMwXmYyWYjaaixLBG9DkXcyWG9v1GWs4y/35 AgMBAAGjggHoMIIB5DASBgNVHRMBAf8ECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4 RQEHFwIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTA0BgNV HR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2EyLWcyLmNybDALBgNV HQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMCgGA1UdEQQhMB+kHTAbMRkwFwYDVQQDExBQ cml2YXRlTGFiZWwyLTgyMB0GA1UdDgQWBBQtTn4J8G1FQRGscdo/O/YmSn9kZDCB6AYDVR0j BIHgMIHdoYHHpIHEMIHBMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4x PDA6BgNVBAsTM0NsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkgLSBHMjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29ya4IRALkvYMyI n6F6Rgm4W3Bsiq8wDQYJKoZIhvcNAQEFBQADgYEAeZjG2scHcdTpRhvwfGmezMSKzV3ZCm+l phlAGtAVksYu/YuHF1+Jkq9jaHZAluQ6feev3SvFhw8vP9AcT1QfQRoachKTj+MXksV4Z8Hf OS8P7kmuQOQLR0f9e53j5lPJ5i7TM/lt1MzHWEZSbYNFSPssm7mmGzekzrMT9MiTXaUwggUX MIIEgKADAgECAhBhTNrTTFd1SW4GmPpxbvA6MA0GCSqGSIb3DQEBBAUAMIHYMQswCQYDVQQG EwJVUzEaMBgGA1UEChMRU1JJIEludGVybmF0aW9uYWwxHzAdBgNVBAsTFlZlcmlTaWduIFRy dXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJp c2lnbi5jb20vcnBhIChjKTAyMTAwLgYDVQQLEydDbGFzcyAyIE9uU2l0ZSBJbmRpdmlkdWFs IFN1YnNjcmliZXIgQ0ExHTAbBgNVBAMTFFNSSSBJbnRlcm5hdGlvbmFsIENBMB4XDTA1MDcy NTAwMDAwMFoXDTA2MDcyNTIzNTk1OVowgegxGjAYBgNVBAoUEVNSSSBJbnRlcm5hdGlvbmFs MSgwJgYDVQQLFB9JbmZvcm1hdGlvbiBUZWNobm9sb2d5IFNlcnZpY2VzMUYwRAYDVQQLEz13 d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIEluY29ycC4gYnkgUmVmLixMSUFCLkxU RChjKTk5MRwwGgYDVQQLFBNFbXBsb3llZUlEIC0gRTE3MTA1MRYwFAYDVQQDEw1NYXJ0aW4g VyBGb25nMSIwIAYJKoZIhvcNAQkBFhNtYXJ0aW4uZm9uZ0BzcmkuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4vxbSMuguUE4qsDS4lXXrXmjErcbH6jASEiYRo5eGrRq Nr8xCkULd1Vbyx7oK3lJ9Qe7QpJrNixQEFCd/A4EF1joFlNDZ8cmja4OGqBOCadBl6j4xYp3 cpt5YSsJ2fjIz3AZGbD07ubas3RVKsOF/HbCmJfQgr7XKNUF6l7qjD9V38A2OMSvsf1H2Fb/ 2udaucOAbIgZMxrFJvnrkaL/xg0yJESGWkpsByP5ov9iH/e8mD1jjlK0ZqmAjoOycm3fT4eT mr1faCOOWUZwuZyfw3YhQ5PTw5VVSF7kH+tMWuSZoMKjP7L1f6OGHQoz+FvinPQYDuq4wfkC Untwvz9fJQIDAQABo4IBSjCCAUYwCQYDVR0TBAIwADCBrAYDVR0gBIGkMIGhMIGeBgtghkgB hvhFAQcXAjCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBi BggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGlu Y29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wCwYDVR0PBAQD AgWgMBEGCWCGSAGG+EIBAQQEAwIHgDBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vb25zaXRl Y3JsLnZlcmlzaWduLmNvbS9TUklJbnRlcm5hdGlvbmFsSW5mb3JtYXRpb25UZWNobm9sb2d5 U2VydmljZXMvTGF0ZXN0Q1JMLmNybDANBgkqhkiG9w0BAQQFAAOBgQBnjQRMhhdlJC0uwaPQ h5Hoh0pOGgYxeFov/L6ZBVnb+DSxcs/7Zf/Ix8r4QH+HkdIP/7Tz9LW/IzynJrB9gZVnvZYk 7ICa9tcVLvuRPzH3/iIGB83wSjlbfPpc+3KqCzSFO4lTze4Aarj/FmG3kH30cNS5ruTrmJNt EDEpClrS5TCCBRcwggSAoAMCAQICEGFM2tNMV3VJbgaY+nFu8DowDQYJKoZIhvcNAQEEBQAw gdgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFTUkkgSW50ZXJuYXRpb25hbDEfMB0GA1UECxMW VmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBz Oi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDIxMDAuBgNVBAsTJ0NsYXNzIDIgT25TaXRl IEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQTEdMBsGA1UEAxMUU1JJIEludGVybmF0aW9uYWwg Q0EwHhcNMDUwNzI1MDAwMDAwWhcNMDYwNzI1MjM1OTU5WjCB6DEaMBgGA1UEChQRU1JJIElu dGVybmF0aW9uYWwxKDAmBgNVBAsUH0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgU2VydmljZXMx RjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMgSW5jb3JwLiBieSBS ZWYuLExJQUIuTFREKGMpOTkxHDAaBgNVBAsUE0VtcGxveWVlSUQgLSBFMTcxMDUxFjAUBgNV BAMTDU1hcnRpbiBXIEZvbmcxIjAgBgkqhkiG9w0BCQEWE21hcnRpbi5mb25nQHNyaS5jb20w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi/FtIy6C5QTiqwNLiVdeteaMStxsf qMBISJhGjl4atGo2vzEKRQt3VVvLHugreUn1B7tCkms2LFAQUJ38DgQXWOgWU0NnxyaNrg4a oE4Jp0GXqPjFindym3lhKwnZ+MjPcBkZsPTu5tqzdFUqw4X8dsKYl9CCvtco1QXqXuqMP1Xf wDY4xK+x/UfYVv/a51q5w4BsiBkzGsUm+euRov/GDTIkRIZaSmwHI/mi/2If97yYPWOOUrRm qYCOg7Jybd9Ph5OavV9oI45ZRnC5nJ/DdiFDk9PDlVVIXuQf60xa5JmgwqM/svV/o4YdCjP4 W+Kc9BgO6rjB+QJSe3C/P18lAgMBAAGjggFKMIIBRjAJBgNVHRMEAjAAMIGsBgNVHSAEgaQw gaEwgZ4GC2CGSAGG+EUBBxcCMIGOMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2ln bi5jb20vQ1BTMGIGCCsGAQUFBwICMFYwFRYOVmVyaVNpZ24sIEluYy4wAwIBARo9VmVyaVNp Z24ncyBDUFMgaW5jb3JwLiBieSByZWZlcmVuY2UgbGlhYi4gbHRkLiAoYyk5NyBWZXJpU2ln bjALBgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgeAMGoGA1UdHwRjMGEwX6BdoFuGWWh0 dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1NSSUludGVybmF0aW9uYWxJbmZvcm1hdGlv blRlY2hub2xvZ3lTZXJ2aWNlcy9MYXRlc3RDUkwuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAGeN BEyGF2UkLS7Bo9CHkeiHSk4aBjF4Wi/8vpkFWdv4NLFyz/tl/8jHyvhAf4eR0g//tPP0tb8j PKcmsH2BlWe9liTsgJr21xUu+5E/Mff+IgYHzfBKOVt8+lz7cqoLNIU7iVPN7gBquP8WYbeQ ffRw1Lmu5OuYk20QMSkKWtLlMYIEzzCCBMsCAQEwge0wgdgxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFTUkkgSW50ZXJuYXRpb25hbDEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y azE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9y cGEgKGMpMDIxMDAuBgNVBAsTJ0NsYXNzIDIgT25TaXRlIEluZGl2aWR1YWwgU3Vic2NyaWJl ciBDQTEdMBsGA1UEAxMUU1JJIEludGVybmF0aW9uYWwgQ0ECEGFM2tNMV3VJbgaY+nFu8Dow CQYFKw4DAhoFAKCCArYwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx DxcNMDYwMjI0MjIyNDA5WjAjBgkqhkiG9w0BCQQxFgQUx67kB667ummTRcHdgtGiKidZg/Ew UgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgf4GCSsGAQQBgjcQBDGB8DCB7TCB2DEL MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVNSSSBJbnRlcm5hdGlvbmFsMR8wHQYDVQQLExZWZXJp U2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93 d3cudmVyaXNpZ24uY29tL3JwYSAoYykwMjEwMC4GA1UECxMnQ2xhc3MgMiBPblNpdGUgSW5k aXZpZHVhbCBTdWJzY3JpYmVyIENBMR0wGwYDVQQDExRTUkkgSW50ZXJuYXRpb25hbCBDQQIQ YUza00xXdUluBpj6cW7wOjCCAQAGCyqGSIb3DQEJEAILMYHwoIHtMIHYMQswCQYDVQQGEwJV UzEaMBgGA1UEChMRU1JJIEludGVybmF0aW9uYWwxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2ln bi5jb20vcnBhIChjKTAyMTAwLgYDVQQLEydDbGFzcyAyIE9uU2l0ZSBJbmRpdmlkdWFsIFN1 YnNjcmliZXIgQ0ExHTAbBgNVBAMTFFNSSSBJbnRlcm5hdGlvbmFsIENBAhBhTNrTTFd1SW4G mPpxbvA6MA0GCSqGSIb3DQEBAQUABIIBAF71MjSpZY5MnAjpLo7WccC/daeSX0CgqRYJdpHc cBf6ANNZoEg5B7TKD/+4Xq5iqvh/xgpm5NoHRZTxVjvyjWGEASGSZJydP3Z9PNahNcP0D3sP FhjuH6amf1DTM9nsMAU2OgLbdVdNWIhyULKeQzJ9VgKHTbenBpI36L3XhMgT5+q9I79jyb18 UFMQTGzXwu2lW/DP6KED0w1oFOPwiZGVAYRp0ROJ72qzeZV3CqcCF2xsUvRedEc1FWsGOiHe 2dPryO9dFAcl2x1LOMGt6ZGXEMBuZe+LtFvoyyGo5dUGhXe1Nfdzie9N74zupjplo05uN30S mayA6VnT0PHHVUIAAAAAAAA= --------------ms070207030308000108070604-- From owner-trustedbsd-audit@FreeBSD.ORG Sat Feb 25 00:25:51 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 274D816A420 for ; Sat, 25 Feb 2006 00:25:51 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDE6243D66 for ; Sat, 25 Feb 2006 00:25:45 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id E662946C21; Fri, 24 Feb 2006 19:25:27 -0500 (EST) Date: Sat, 25 Feb 2006 00:29:46 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Martin Fong In-Reply-To: <43FF8789.80203@sri.com> Message-ID: <20060225001858.R37939@fledge.watson.org> References: <43FF8789.80203@sri.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org Subject: Re: FYI: OpenBSM 1.0 alpha 4 tarball up for download X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2006 00:25:51 -0000 On Fri, 24 Feb 2006, Martin Fong wrote: > Robert Watson wrote, > >> This is an FYI that the OpenBSM 1.0a4 tarball is now available for >> download on the OpenBSM web page: >> >> http://www.OpenBSM.org/ > > I've downloaded a copy but have encountered the following compilation > problems while building on Mac OS X 10.4.5: It sounds like all of these problems, with the exception of LOG_SECURITY, have to do with differences in the BSD make framework in FreeBSD and Darwin. At least some of these problems did not always exist, so it could well be that the BSD make parts in Darwin are decaying over time (the -lSystem error, for example). More below. > - Various Makefiles have incorrectly defined CFLAGS+ options; > specifically, there are embedded spaces after '-L': I've merged changes to remove these spaces. I'm unclear whether this is a new problem or not. > building shared library libbsm.1.dylib > /usr/bin/libtool: for architecture: cputype (16777234) cpusubtype > (0) file: -lSystem is not an object file (not allowed in a > library) ... > Is this due to a development environment requirement other than > using bsdmake? I'm sure this error wasn't always present -- it could be a result of changes in Tiger. > - While building bin/auditd, I got the following: > > cc -O -pipe -I- -I../.. -I../../libbsm -L../../libbsm -I. -c auditd.c > auditd.c: In function `main': > auditd.c:798: error: `LOG_SECURITY' undeclared (first use in this > function) > auditd.c:798: error: (Each undeclared identifier is reported only once > auditd.c:798: error: for each function it appears in.) > *** Error code 1 > > Where is LOG_SECURITY defined? In FreeBSD. In Darwin, we should use LOG_AUTH. I've submitted a change to Perforce to check for the definition of LOG_SECURITY and use LOG_AUTH instead if it's not present. It might be desirable to use LOG_AUTHPRIV, which appears to be in 10.4.x, but I've not checked earlier versions. > - While building bin/audit, I got the following: > > make: don't know how to make audit.1. Stop > > (N.b., audit/Makefile only declares audit.8 and not audit.1.) > > I look forward to your suggestions, This sounds like a different in the BSD makefile infrastructure. Sadly, I think the lesson here is one we knew already: that for the portable distribution of OpenBSM, we need to use a more portable Makefile infrastructure. For the version integrated into FreeBSD, we can use the FreeBSD Makefile infrastructure. The direction taken in OpenPAM was to use GNU make and configure for the separate (non-FreeBSD-integrated) distribution. This sounds like it's probably the right way to go. However, I don't have much experience with these, so it may take a bit of reading, or someone else contributing those changes. However, getting the build working on Solaris and Linux would be great, and might well fall out more naturally once that change is made. Once I worked around the above problems, I also ran into an issue where the build of auditd was missing the symbol for gatauevent_r. This appears to be because the Apple libbsm in /usr/lib is taking precedence over the local one in the openbsm/libbsm tree. Thanks for the feedback! Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Mon Feb 27 02:25:17 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C3DC16A420 for ; Mon, 27 Feb 2006 02:25:17 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93FE443D46 for ; Mon, 27 Feb 2006 02:25:16 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 9203746B95; Sun, 26 Feb 2006 21:24:57 -0500 (EST) Date: Mon, 27 Feb 2006 02:29:28 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Martin Fong In-Reply-To: <43FF8789.80203@sri.com> Message-ID: <20060227022732.Q52695@fledge.watson.org> References: <43FF8789.80203@sri.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org Subject: Re: FYI: OpenBSM 1.0 alpha 4 tarball up for download X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2006 02:25:17 -0000 On Fri, 24 Feb 2006, Martin Fong wrote: > building shared library libbsm.1.dylib > /usr/bin/libtool: for architecture: cputype (16777234) cpusubtype > (0) file: -lSystem is not an object file (not allowed in a > library) > *** Error code 1 > > Stop in projects/trustedbsd/openbsm/libbsm. > > Is this due to a development environment requirement other than > using bsdmake? BTW, Google suggests that this is a product of an old Xcode install on a recent Tiger, and that an upgrade to a recent Xcode should help. My ADC account seems to be broken so I can't pull down a new one tonight to see if that helps, but it would be great if you could give it a try. I'm now most of the way through putting an autoconf/automake build infrastructure around OpenBSM to make it easier to build on non BSD-derived systems also. Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Mon Feb 27 17:10:55 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B6C416A420 for ; Mon, 27 Feb 2006 17:10:55 +0000 (GMT) (envelope-from martin.fong@sri.com) Received: from mailgate-internal1.sri.com (mailgate-internal1.SRI.COM [128.18.84.103]) by mx1.FreeBSD.org (Postfix) with SMTP id 30B4343D81 for ; Mon, 27 Feb 2006 17:10:37 +0000 (GMT) (envelope-from martin.fong@sri.com) Received: from localhost (HELO mailgate-internal1.SRI.COM) (127.0.0.1) by mailgate-internal1.sri.com with SMTP; 27 Feb 2006 17:10:37 -0000 Received: from mx1.csl.sri.com ([130.107.1.29]) by mailgate-internal1.SRI.COM (SMSSMTP 4.1.11.41) with SMTP id M2006022709103630862 ; Mon, 27 Feb 2006 09:10:36 -0800 Received: from [130.107.14.22] (pompeii.csl.sri.com [130.107.14.22]) by mx1.csl.sri.com (8.12.11/8.12.11) with ESMTP id k1RHAaMh020390; Mon, 27 Feb 2006 09:10:36 -0800 (PST) (envelope-from martin.fong@sri.com) Message-ID: <440332A9.4060207@sri.com> Date: Mon, 27 Feb 2006 09:11:05 -0800 From: Martin Fong User-Agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Robert Watson References: <43FF8789.80203@sri.com> <20060227022732.Q52695@fledge.watson.org> In-Reply-To: <20060227022732.Q52695@fledge.watson.org> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030308060203070707040905" Cc: trustedbsd-audit@FreeBSD.org Subject: Re: FYI: OpenBSM 1.0 alpha 4 tarball up for download X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2006 17:10:55 -0000 This is a cryptographically signed message in MIME format. --------------ms030308060203070707040905 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Robert, > On Fri, 24 Feb 2006, Martin Fong wrote: > >> building shared library libbsm.1.dylib >> /usr/bin/libtool: for architecture: cputype (16777234) cpusubtype >> (0) file: -lSystem is not an object file (not allowed in a >> library) >> *** Error code 1 >> >> Stop in projects/trustedbsd/openbsm/libbsm. >> >> Is this due to a development environment requirement other than >> using bsdmake? > > BTW, Google suggests that this is a product of an old Xcode install > on a recent Tiger, and that an upgrade to a recent Xcode should > help.... [It] would be great if you could give it a try. I've installed the latest Xcode 2.2 distribution (xcode_2.2_8m654_018213974.dmg) on my Mac OS X 10.4.5 machine and, ignoring linting issues (e.g., signedness differences on arguments), I now have the following compilation error: % bsdmake ===> bsm (all) ===> libbsm (all) [Snip.] cc -O -pipe -I- -I.. -Wall -c bsm_wrappers.c cc1: note: obsolete option -I- used, please use -iquote instead In file included from /usr/include/sys/ucred.h:64, from /usr/include/sys/sysctl.h:71, from bsm_wrappers.c:38: ../bsm/audit.h:248: error: parse error before 'TAILQ_ENTRY' ../bsm/audit.h:255: error: parse error before 'TAILQ_HEAD' ../bsm/audit.h:258: error: parse error before 'au_rec_q' In file included from /usr/include/sys/sysctl.h:71, from bsm_wrappers.c:38: /usr/include/sys/ucred.h:75: error: parse error before 'TAILQ_ENTRY' /usr/include/sys/ucred.h:88: error: parse error before '}' token *** Error code 1 Stop in /projects/trustedbsd/openbsm/libbsm. *** Error code 1 Stop in /projects/trustedbsd/openbsm. (BTW, I've put a log of the build in ftp://ftp.csl.sri.com/pub/emerald/.macbsm/.rwatson as build3.log.) Thanks! ...Martin --------------ms030308060203070707040905 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPRDCC BQowggRzoAMCAQICEGjfUr2ClKcq8Z8CV5IICNEwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMiBQdWJs aWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykg MTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4XDTAyMDkyMzAwMDAwMFoXDTA3MDkyMjIzNTk1 OVowgdgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFTUkkgSW50ZXJuYXRpb25hbDEfMB0GA1UE CxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDIxMDAuBgNVBAsTJ0NsYXNzIDIgT25T aXRlIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQTEdMBsGA1UEAxMUU1JJIEludGVybmF0aW9u YWwgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM751MJrmZgUkgBVW9KqAtIYVC9W un/gCB8OVKcVuaEU47A7VM7AmvumIBrylJYrK5yP7T2Ra7qbx1TUI0Y9OX4R4gARYp8JZwgO yfNMd4GZQTMB64KCmK4mydRk1ZnNUdBZgAeCmMwXmYyWYjaaixLBG9DkXcyWG9v1GWs4y/35 AgMBAAGjggHoMIIB5DASBgNVHRMBAf8ECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4 RQEHFwIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTA0BgNV HR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2EyLWcyLmNybDALBgNV HQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMCgGA1UdEQQhMB+kHTAbMRkwFwYDVQQDExBQ cml2YXRlTGFiZWwyLTgyMB0GA1UdDgQWBBQtTn4J8G1FQRGscdo/O/YmSn9kZDCB6AYDVR0j BIHgMIHdoYHHpIHEMIHBMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4x PDA6BgNVBAsTM0NsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkgLSBHMjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29ya4IRALkvYMyI n6F6Rgm4W3Bsiq8wDQYJKoZIhvcNAQEFBQADgYEAeZjG2scHcdTpRhvwfGmezMSKzV3ZCm+l phlAGtAVksYu/YuHF1+Jkq9jaHZAluQ6feev3SvFhw8vP9AcT1QfQRoachKTj+MXksV4Z8Hf OS8P7kmuQOQLR0f9e53j5lPJ5i7TM/lt1MzHWEZSbYNFSPssm7mmGzekzrMT9MiTXaUwggUX MIIEgKADAgECAhBhTNrTTFd1SW4GmPpxbvA6MA0GCSqGSIb3DQEBBAUAMIHYMQswCQYDVQQG EwJVUzEaMBgGA1UEChMRU1JJIEludGVybmF0aW9uYWwxHzAdBgNVBAsTFlZlcmlTaWduIFRy dXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJp c2lnbi5jb20vcnBhIChjKTAyMTAwLgYDVQQLEydDbGFzcyAyIE9uU2l0ZSBJbmRpdmlkdWFs IFN1YnNjcmliZXIgQ0ExHTAbBgNVBAMTFFNSSSBJbnRlcm5hdGlvbmFsIENBMB4XDTA1MDcy NTAwMDAwMFoXDTA2MDcyNTIzNTk1OVowgegxGjAYBgNVBAoUEVNSSSBJbnRlcm5hdGlvbmFs MSgwJgYDVQQLFB9JbmZvcm1hdGlvbiBUZWNobm9sb2d5IFNlcnZpY2VzMUYwRAYDVQQLEz13 d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIEluY29ycC4gYnkgUmVmLixMSUFCLkxU RChjKTk5MRwwGgYDVQQLFBNFbXBsb3llZUlEIC0gRTE3MTA1MRYwFAYDVQQDEw1NYXJ0aW4g VyBGb25nMSIwIAYJKoZIhvcNAQkBFhNtYXJ0aW4uZm9uZ0BzcmkuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4vxbSMuguUE4qsDS4lXXrXmjErcbH6jASEiYRo5eGrRq Nr8xCkULd1Vbyx7oK3lJ9Qe7QpJrNixQEFCd/A4EF1joFlNDZ8cmja4OGqBOCadBl6j4xYp3 cpt5YSsJ2fjIz3AZGbD07ubas3RVKsOF/HbCmJfQgr7XKNUF6l7qjD9V38A2OMSvsf1H2Fb/ 2udaucOAbIgZMxrFJvnrkaL/xg0yJESGWkpsByP5ov9iH/e8mD1jjlK0ZqmAjoOycm3fT4eT mr1faCOOWUZwuZyfw3YhQ5PTw5VVSF7kH+tMWuSZoMKjP7L1f6OGHQoz+FvinPQYDuq4wfkC Untwvz9fJQIDAQABo4IBSjCCAUYwCQYDVR0TBAIwADCBrAYDVR0gBIGkMIGhMIGeBgtghkgB hvhFAQcXAjCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBi BggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGlu Y29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wCwYDVR0PBAQD AgWgMBEGCWCGSAGG+EIBAQQEAwIHgDBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vb25zaXRl Y3JsLnZlcmlzaWduLmNvbS9TUklJbnRlcm5hdGlvbmFsSW5mb3JtYXRpb25UZWNobm9sb2d5 U2VydmljZXMvTGF0ZXN0Q1JMLmNybDANBgkqhkiG9w0BAQQFAAOBgQBnjQRMhhdlJC0uwaPQ h5Hoh0pOGgYxeFov/L6ZBVnb+DSxcs/7Zf/Ix8r4QH+HkdIP/7Tz9LW/IzynJrB9gZVnvZYk 7ICa9tcVLvuRPzH3/iIGB83wSjlbfPpc+3KqCzSFO4lTze4Aarj/FmG3kH30cNS5ruTrmJNt EDEpClrS5TCCBRcwggSAoAMCAQICEGFM2tNMV3VJbgaY+nFu8DowDQYJKoZIhvcNAQEEBQAw gdgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFTUkkgSW50ZXJuYXRpb25hbDEfMB0GA1UECxMW VmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBz Oi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDIxMDAuBgNVBAsTJ0NsYXNzIDIgT25TaXRl IEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQTEdMBsGA1UEAxMUU1JJIEludGVybmF0aW9uYWwg Q0EwHhcNMDUwNzI1MDAwMDAwWhcNMDYwNzI1MjM1OTU5WjCB6DEaMBgGA1UEChQRU1JJIElu dGVybmF0aW9uYWwxKDAmBgNVBAsUH0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgU2VydmljZXMx RjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMgSW5jb3JwLiBieSBS ZWYuLExJQUIuTFREKGMpOTkxHDAaBgNVBAsUE0VtcGxveWVlSUQgLSBFMTcxMDUxFjAUBgNV BAMTDU1hcnRpbiBXIEZvbmcxIjAgBgkqhkiG9w0BCQEWE21hcnRpbi5mb25nQHNyaS5jb20w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi/FtIy6C5QTiqwNLiVdeteaMStxsf qMBISJhGjl4atGo2vzEKRQt3VVvLHugreUn1B7tCkms2LFAQUJ38DgQXWOgWU0NnxyaNrg4a oE4Jp0GXqPjFindym3lhKwnZ+MjPcBkZsPTu5tqzdFUqw4X8dsKYl9CCvtco1QXqXuqMP1Xf wDY4xK+x/UfYVv/a51q5w4BsiBkzGsUm+euRov/GDTIkRIZaSmwHI/mi/2If97yYPWOOUrRm qYCOg7Jybd9Ph5OavV9oI45ZRnC5nJ/DdiFDk9PDlVVIXuQf60xa5JmgwqM/svV/o4YdCjP4 W+Kc9BgO6rjB+QJSe3C/P18lAgMBAAGjggFKMIIBRjAJBgNVHRMEAjAAMIGsBgNVHSAEgaQw gaEwgZ4GC2CGSAGG+EUBBxcCMIGOMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2ln bi5jb20vQ1BTMGIGCCsGAQUFBwICMFYwFRYOVmVyaVNpZ24sIEluYy4wAwIBARo9VmVyaVNp Z24ncyBDUFMgaW5jb3JwLiBieSByZWZlcmVuY2UgbGlhYi4gbHRkLiAoYyk5NyBWZXJpU2ln bjALBgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgeAMGoGA1UdHwRjMGEwX6BdoFuGWWh0 dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1NSSUludGVybmF0aW9uYWxJbmZvcm1hdGlv blRlY2hub2xvZ3lTZXJ2aWNlcy9MYXRlc3RDUkwuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAGeN BEyGF2UkLS7Bo9CHkeiHSk4aBjF4Wi/8vpkFWdv4NLFyz/tl/8jHyvhAf4eR0g//tPP0tb8j PKcmsH2BlWe9liTsgJr21xUu+5E/Mff+IgYHzfBKOVt8+lz7cqoLNIU7iVPN7gBquP8WYbeQ ffRw1Lmu5OuYk20QMSkKWtLlMYIEzzCCBMsCAQEwge0wgdgxCzAJBgNVBAYTAlVTMRowGAYD VQQKExFTUkkgSW50ZXJuYXRpb25hbDEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y azE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9y cGEgKGMpMDIxMDAuBgNVBAsTJ0NsYXNzIDIgT25TaXRlIEluZGl2aWR1YWwgU3Vic2NyaWJl ciBDQTEdMBsGA1UEAxMUU1JJIEludGVybmF0aW9uYWwgQ0ECEGFM2tNMV3VJbgaY+nFu8Dow CQYFKw4DAhoFAKCCArYwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx DxcNMDYwMjI3MTcxMTA1WjAjBgkqhkiG9w0BCQQxFgQUXAusMVNkG4BmMNgOJLIGEtHtpf4w UgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgf4GCSsGAQQBgjcQBDGB8DCB7TCB2DEL MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVNSSSBJbnRlcm5hdGlvbmFsMR8wHQYDVQQLExZWZXJp U2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93 d3cudmVyaXNpZ24uY29tL3JwYSAoYykwMjEwMC4GA1UECxMnQ2xhc3MgMiBPblNpdGUgSW5k aXZpZHVhbCBTdWJzY3JpYmVyIENBMR0wGwYDVQQDExRTUkkgSW50ZXJuYXRpb25hbCBDQQIQ YUza00xXdUluBpj6cW7wOjCCAQAGCyqGSIb3DQEJEAILMYHwoIHtMIHYMQswCQYDVQQGEwJV UzEaMBgGA1UEChMRU1JJIEludGVybmF0aW9uYWwxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2ln bi5jb20vcnBhIChjKTAyMTAwLgYDVQQLEydDbGFzcyAyIE9uU2l0ZSBJbmRpdmlkdWFsIFN1 YnNjcmliZXIgQ0ExHTAbBgNVBAMTFFNSSSBJbnRlcm5hdGlvbmFsIENBAhBhTNrTTFd1SW4G mPpxbvA6MA0GCSqGSIb3DQEBAQUABIIBAIua4gA6y2N1SWzocNDAXldOtAOrrxPzrWkuFdBq ynLUXz/4B89tdMMzFK19EpUzUR/7qxrqUA86uWCm9nJJYXE1eXi5YFcpUFvcGnSexgANbEjv xIWdBQ1bNX9ziXLQ1KBOZtGGIDMBxxjbuPmdHQ9AhXPxwEamMj2DuTR28ho7+aRq7wNIjno5 F+WyNRZ7XxXKhDZ0VzqgKnpjh39NhsEyIqKInlRYINEBlARHevp5Vyh9+SBTarcvbThv3Uo0 GCIWFhG4n8sqB/qzz9S9GY7fF7m/KXVy6hYWvY9pBSQKzddMROPqFX1MWF/hSkJW3PF1p5e4 WgbOkzhnT/D9Db8AAAAAAAA= --------------ms030308060203070707040905-- From owner-trustedbsd-audit@FreeBSD.ORG Sat Mar 4 17:30:39 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FE8616A420 for ; Sat, 4 Mar 2006 17:30:39 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3754743D46 for ; Sat, 4 Mar 2006 17:30:39 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 22F4346BC8 for ; Sat, 4 Mar 2006 12:30:19 -0500 (EST) Date: Sat, 4 Mar 2006 17:35:22 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060304173111.O61086@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: OpenBSM 1.0 alpha 5 tarball now on the web site. X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Mar 2006 17:30:39 -0000 I've now put the OpenBSM 1.0 alpha 5 tarball up on the www.TrustedBSD.org web site: http://www.TrustedBSD.org/openbsm.html I've attached a list of changes present in alpha 5 at the end of this message. The primary change is that we've moved from using BSD make to GNU autoconf/automake for the build and portability infrastructure. Many thanks to Martin Fong for working with me to get the Tiger build up and running, which it now appears to be. The source code base also now builds out of the box on my Fedora Core release 3 box, although it has not seen much testing on Linux. As Linux doesn't support the various audit system calls, we only build the audit trail printing and reduction tools, and the library omits API calls that submit audit records to the kernel. As of today, I've also imported OpenBSM 1.0 alpha 5 into the FreeBSD 7.x source tree. It continues to use the integrated BSD make build infrastructure in FreeBSD, and the plan is to continue to do so. Robert N M Watson OpenBSM 1.0 alpha 5 - Update install notes to indicate /etc files are to be installed manually. - On systems without LOG_SECURITY, use LOG_AUTH. - Convert to autoconf/automake in order to move to a more portable (not BSD-specific) build infrastructure, and more easy conditional building of components. Currently, the primary feature loss is that automake does not have native support for manual symlinks. This will be addressed in a future OpenBSM release. - Add compat/queue.h, to be used on systems dated BSD queue macro libraries (as found on Linux). - Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the existing conventions for a CHANGELOG. - Some private data structures moved from audit.h to audit_internal.h to prevent inappropriate use by applications and name space pollution. - Improved detection and use of endian macros using autoconf. - Avoid non-portable use of struct in6_addr, which is largely opaque. - Avoid leaking BSD kernel socket related token code to user space in bsm_token.c. - Teach System V IPC calls to look for Linux naming variations for certain struct ipc_perm fields. - Test for audit system calls, and if not present, don't build bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on those system calls. - au_close() is not implemented on systems that don't have audit system calls, but au_close_buffer() is. - Work around missing BSDisms in bsm_wrapper.c. - Fix nested includes so including libbsm.h in an application on Linux picks up the necessary definitions. From owner-trustedbsd-audit@FreeBSD.ORG Tue Mar 28 15:16:01 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0B0C16A400 for ; Tue, 28 Mar 2006 15:16:00 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F4D643D46 for ; Tue, 28 Mar 2006 15:16:00 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id A370C46BEF for ; Tue, 28 Mar 2006 10:15:59 -0500 (EST) Date: Tue, 28 Mar 2006 15:15:59 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060328150017.U19236@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: Defining an API for audit filter modules X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2006 15:16:01 -0000 Recently as part of the audit3 work, I added a new facility, audit pipes, to the FreeBSD kernel. Audit pipes are synthetic devices that appear in /dev, and allow direct access to the the BSM audit record stream without dealing with the complexities of accessing the trail via the file system. This avoids locating the trail files, parsing the files to seek to current events, dealing with file ownership and rotation issues, synchronizing with the audit daemon, etc. It also moves us in the direction of avoiding having to commit the records to disk at all if live analysis (such as intrusion detection) is the goal of the logging, rather than producing a reliable trail for later use. Audit pipes, in particular, offer lossy delivery of discete records: the application can set the maximum queue depth, and track overflows (drops), etc. In order to make audit pipes more accessible and immediately useful for application developers, I have recently prototyped an audit filter daemon and audit filter API. The goal of this work is to allow developers to produce "pluggable modules" to a standard module API, which will be presented audit records as they arrive via a live audit pipe (or potentially other source, such as a socket). The daemon provides both the I/O engine and execution context for BSM record management: the shared objects simply have to present an API to the daemon that it can use to submit records to for examination and handling. Right now, the module API defined in audit_filter.h is quite limited: typedef int (*audit_filter_attach_t)(void **instance, int argc, char *argv[]); Called when a module is attached by the daemon, in order to allow the filter to register state (via 'instance'), accept arguments (via 'argc' and 'argv'), and optionally to reject attachment if the circumstances aren't right. typedef int (*audit_filter_reinit_t)(void *instance, int argc, char *argv[]); Called when the auditfilterd configuration file is changed, resulting in the arguments for a module changing. The new arguments are presented via 'argc' and 'argv'. If an error is returned, the module is detached. typedef void (*audit_filter_record_t)(void *instance, struct timespec *ts, int token_count, const tokenstr_t *tok[]); Called when an audit record is available for inspection by the module. The record is pre-parsed into an array of token structures using au_fetch_tok(). typedef void (*audit_filter_bsmrecord_t)(void *instance, struct timespec *ts, void *data, u_int len); Called when an audit record is available for inspection by the module. The record is presented in BSM bytestream, as some modules may wish to perform their own BSM handling rather than relying on the parsing performed using the libbsm routine. typedef void (*audit_filter_detach_t)(void *instance); Called when the module is being detached, in order to allow the module to free any state, close files, etc. This API will appear in OpenBSM 1.0a6 in the next week or so, once the code has stabilized a bit more. However, the purpose of this e-mail isn't just to draw your attention to this new part of OpenBSM, but also to solicit feedback. In particular, I'm interested in two sorts of feedback: (1) Comments on the API components thus far defined. I do currently provide instance state, although a module could currently as easily use its own global state. I did this to allow for the possibility of a module being loaded more than once at a time with different arguments, although that is currently not supported. However, maybe there's more that needs to be done here. (2) Comments on future API components. One of the things I'd like to do is add an interest filter mechanism so that modules can push interest into the daemon, and eventually the kernel, to control the set of records gathered. An easy obvious direction would be to allow the specification based on mechanisms already present via pre-selection: i.e., the request a mask of event classes based on audit identity. You can imagine more complicated things, and ideas on how far to take this would be welcome. Are there other useful things that are clearly missing for an application you may have in mind? Thanks, Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Sat Apr 15 16:19:27 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0277E16A401 for ; Sat, 15 Apr 2006 16:19:27 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 70C9143D45 for ; Sat, 15 Apr 2006 16:19:26 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 389B146C11 for ; Sat, 15 Apr 2006 12:19:23 -0400 (EDT) Date: Sat, 15 Apr 2006 17:19:23 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060415171759.J85663@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: FYI: short technical report on audit implementation on web site X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Apr 2006 16:19:27 -0000 FYI: The short paper Wayne Salamon and I submitted to the UKUUG Lisa 2006 conference, and I presented in March, 2006, is now available on the TrustedBSD web site under Documentation. This basically a short technical report on the implementation. Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Sat Apr 15 16:47:11 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4317F16A401 for ; Sat, 15 Apr 2006 16:47:11 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id E499243D45 for ; Sat, 15 Apr 2006 16:47:10 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 89D4346C53 for ; Sat, 15 Apr 2006 12:47:10 -0400 (EDT) Date: Sat, 15 Apr 2006 17:47:10 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060415171927.T85663@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: Audit pipe "interest" expression X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Apr 2006 16:47:11 -0000 FreeBSD 7.x's audit pipe facility currently provides a direct pipe of audit record data as generated; the set of records received is limited by three factors: - Global audit selection settings in /etc/security. - Ability for the audit pipe reader to keep up with audit record flow (the queue is lossy). - The audit pipe reader providing sufficiently large buffers to hold complete audit records (a requirement which may change). This is quite useful, but raises a specific problem: if intrusion detection interests associated with audit pipe consumers don't align with global audit requirements, you either end up with insufficient information being fed to the intrusion detection application, or unnecessary information going into the global audit trail. The obvious solution is to allow audit pipe consumers to receive records selected using different criteria than the global trail. This would add an additional criteria to the above list: - The audit record has been selected based on per-pipe selection criteria. Then the obvious question becomes: what facility for criteria specification should the audit pipe facility provide? The global selection facility, in the style of Sun's BSM, allows selection of records based on audit identity, event class, and success/failure status of the event. Events are mapped to event classes in order to provide a level of indirection and avoid administrators from having to futz with individual event types, which are often opaque to everyone but application, and possibly system, developers. One possibility is to extend this facility to allow each audit pipe to specify its own independent criteria along the same lines: for example, allowing IDS tools to request mappings of {class mask, success/failure, audit ID} which will match events. This would rely on the existing globally defined classes, and have fairly minimal implementation requirements. Another more complex possibility is to allow audit pipes to each have their own mask context, or to allow pipe consumers to additionally specify direct event requirements. This would require significantly more state management and a more complex configuration mechanism. My leaning, for now, is to implement only the first. Record pre-selection points that currently exist would be enhanced to: - Examine audit pipe requirements in addition to current global requirements. - Tag accepted records with information on which consumer (trail, pipes, etc) had selected the record, so that the record is only delivered to requesting consumers. This raises an additional issue: drop behavior under overload. The existing audit trail facility will cause system stalls on overload, maintaining a maximum queue size for delivery to the file system. This maintains audit trail reliability in the presence of load. Intrusion detection consumers may not be interested in this behavior, and may prefer that records be dropped. The current audit pipe facility takes the approach of providing a fixed (but configurable) maximum queue depth for each pipe; when the pipe buffer is filled, new records are dropped. It has been suggested that allowing pipe consumers to specify priorities would permit a more informed drop decision: i.e., keep login/logout records in preference to stat() system calls. This makes a lot of sense for audit pipe consumers who track system events and maintain state associated with the running system -- for example, back-tracking socket communications to the executed command that lead to the communications. One possible approach here would be to extend the selection facility to allow priorities to be assigned to records, not just a simple boolean match. Comments on the above thoughts would be most welcome; I hope to spend some time working on adding an audit pipe selection facility in the next few weeks. In particular, I'd welcome information on intrusion detection consumers of audit data and their requirements -- confirmation that the lossy approach is good, thoughts on a precedence mechanism, and thoughts on what selection criteria are important to application writers. The current BSM selection mechanism is derived from the evaluation requirements of the Orange Book and CAPP. These don't necessarily match current real-world application requirements for IDS and monitoring, so advice along those lines would be great! I'd especially like to thank Martin Fong at SRI for his input and feedback relating to audit pipes, as his interest has driven current thinking about audit pipe selection facilities. Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Sat May 6 12:11:54 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D6A616A400; Sat, 6 May 2006 12:11:54 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7FF143D45; Sat, 6 May 2006 12:11:53 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 6A01746B03; Sat, 6 May 2006 08:11:53 -0400 (EDT) Date: Sat, 6 May 2006 13:11:53 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-discuss@TrustedBSD.org, trustedbsd-audit@TrustedBSD.org Message-ID: <20060506131100.Y17611@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: [FreeBSD-Announce] Summer of Code Application Deadline in 1 week (fwd) X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 May 2006 12:11:54 -0000 Just as a reminder, the summer of code application deadline is approaching rapidly. There's lots of room for original work proposals for students interested in getting paid to to TrustedBSD work this summer (or winter, if you're in the Southern Hemisphere :-). Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 1 May 2006 13:22:52 -0700 From: Murray Stokely To: announce@FreeBSD.org Subject: [FreeBSD-Announce] Summer of Code Application Deadline in 1 week The Summer of Code application process has officially begun. This is an excellent opportunity for students to get involved with improving FreeBSD. Successful student applicants will receive $4,500 in funding from Google, will be granted an account on the FreeBSD.org Perforce revision control system, and will receive an @freebsd.org mail forward to help interact with other FreeBSD developers this summer. We have identified a number of senior developers to serve as mentors to introduce students to contributing to FreeBSD. We have also identified some example project ideas and guidelines for writing a good proposal on our Summer of Code web page : http://www.freebsd.org/projects/summerofcode.html There you will find a partial list of example proposal ideas in all areas of operating system design, including networking, filesystems, installation tools, parallel programming, security research and more. Once a suitable project and mentor have been identified, interested students should complete a proposal and submit it to Google. Proposals are now being accepted and the final deadline is May 8, 2006 at 17:00 Pacific Daylight Time (midnight May 9, 2006 0:00 UTC). Winning candidates will be announced in late May. Interacting with a global team of open source developers in a centralized revision control system is excellent preparation for a future career as a software engineer. Many of the students that participated last year are still contributing code to FreeBSD. For additional information about this program, please see the student frequently asked questions page: http://code.google.com/soc/studentfaq.html Thanks and good luck! - Murray Stokely _______________________________________________ freebsd-announce@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org" From owner-trustedbsd-audit@FreeBSD.ORG Sat May 6 18:37:43 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A05316A400 for ; Sat, 6 May 2006 18:37:43 +0000 (UTC) (envelope-from patrick_dkt@yahoo.com.hk) Received: from web54306.mail.yahoo.com (web54306.mail.yahoo.com [206.190.49.116]) by mx1.FreeBSD.org (Postfix) with SMTP id A9C5A43D45 for ; Sat, 6 May 2006 18:37:42 +0000 (GMT) (envelope-from patrick_dkt@yahoo.com.hk) Received: (qmail 17218 invoked by uid 60001); 6 May 2006 18:37:41 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.hk; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=H3Qk5YZglp3plvABU96d6GaagYoVAoACfkra8KSA1/cWfxRCHvtpjroVs1FUYsvxRIj/MJEwcjR6U3gEz5OMhGagFzbJdUaZdVNGVOkZMXjT13DbDX+5pbXLpE7fpjlZSPnk9/jUL0XX+Aq4alW8KpEI9gdpDQdff6cHnW6I2Ys= ; Message-ID: <20060506183741.17216.qmail@web54306.mail.yahoo.com> Received: from [202.134.67.165] by web54306.mail.yahoo.com via HTTP; Sat, 06 May 2006 11:37:41 PDT Date: Sat, 6 May 2006 11:37:41 -0700 (PDT) From: Patrick Dung To: trustedbsd-audit@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Any good way to log all commands execuated by users? X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 May 2006 18:37:43 -0000 Is it possible to log all commands run by the users? I found openbsm is included in Freebsd-current, but i can't figure a good way to log command run by users. Logging all stat/read access to files is not a good idea, this will generate a hugh log file and slows down the server. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-trustedbsd-audit@FreeBSD.ORG Wed May 17 12:54:50 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D21416A43C for ; Wed, 17 May 2006 12:54:50 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 662F843D5C for ; Wed, 17 May 2006 12:54:48 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 070BF46C06; Wed, 17 May 2006 08:54:48 -0400 (EDT) Date: Wed, 17 May 2006 13:54:47 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Rong-En Fan In-Reply-To: <6eb82e0605051303k4a5cd73of0b99d46e1146deb@mail.gmail.com> Message-ID: <20060517135248.F69235@fledge.watson.org> References: <6eb82e0605051303k4a5cd73of0b99d46e1146deb@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@TrustedBSD.org Subject: Re: audit [Was: quota deadlock on 6.1-RC1] X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 May 2006 12:54:54 -0000 On Fri, 5 May 2006, Rong-En Fan wrote: >> So what to expect in the future? A slightly less agressive feature >> schedule for major releases -- 5.x had UFS2, KSE, SMPng, TrustedBSD, >> OpenPAM, a new gcc, etc. 6.x had significant network stack refinements, >> VFS SMPng work, etc, but nothing like the feature list of 5.x. The main >> distinguishing factor for 7.x right now is Audit, which while a good bullet >> feature, but relatively non-intrusive. I'd expect to see further UFS and >> VFS work, etc, possibly including a move to UFS journalling from the bgfsck >> model, a Giant-free NFS client, further refinement of locking in the >> storage stack, ARM support, and so on. But by driving feature integration >> by schedule, things should go more smoothly. For example, Audit is in 7.x >> -- we wanted to merge it for 6.1, but decided that the 6.1 schedule simply >> didn't allow it, so it will likely appear in 6.2 and 7.0. That's a lot >> better than merging it prematurely, deferring the release 6 months for it >> to stabilize, and shipping it prematurely anyway. > > Speaking of audit, are there any HOWTOs? Or some docs that explain what > audit can do and perhaps some simple examples. I'm really confused after > looking at TrustedBSD site. Rong-En, Sorry about the delay in getting back to you; I was at the FreeBSD Developer Summit and BSDCan conference in Ottawa, Canada, for the last week, so wasn't very online. Right now the main user documentation we have can be found in the FreeBSD Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html Was this one of the documents you looked at before? It's gone through some revision in the past month. Are there specific secctions you find hard to follow that can be fixed up? I know Tom has been working actively to improve the document, and I've also revised some pieces of it. Thanks, Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Fri Jun 2 13:57:10 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2EFA16A441 for ; Fri, 2 Jun 2006 13:57:10 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1DAD443D73 for ; Fri, 2 Jun 2006 13:57:02 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id E0B5746DB9 for ; Fri, 2 Jun 2006 09:57:01 -0400 (EDT) Date: Fri, 2 Jun 2006 14:57:01 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060602145432.O4034@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: OpenBSM 1.0 alpha 6 X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jun 2006 13:57:16 -0000 FYI, OpenBSM 1.0a6 is now online on the TrustedBSD web site. A short list of changes in this revision can be found below. The purpose of this release is primarily to do a code drop that can be brought back into the FreeBSD tree so that the new audit pipe changes can be merged. The pipe changes are for support for per-auditpipe preselection properties, allowing IDS or other monitoring packages to separately configure the collection of audit records independent of the global trail. Robert N M Watson OpenBSM 1.0 alpha 6 - Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close(); previously we used hard-coded 0 and 1 values. - Add man page for au_open(), au_write(), au_close(), and au_close_buffer(). - Support a more complete range of data types for the arbitrary data token: add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias to AUR_INT), add AUR_INT64. - Add au_close_token(), which allows writing a single token_t to a memory buffer. Not likely to be used much by applications, but useful for writing test tools. - Modify au_to_file() so that it accepts a timeval in user space, not just kernel -- this is not a Solaris BSM API so can be modified without causing compatibility issues. - Define a new API, au_to_header32_tm(), which adds a struct timeval argument to the ordinary au_to_header32(), which is now implemented by wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL the APIs that invoke gettimeofday(), rather than having a variable definition. Don't try to retrieve time zone information using gettimeofday(), as it's not needed, and introduces possible failure modes. - Don't perform byte order transformations on the addr/machine fields of the terminal ID that appears in the process32/subject32 tokens. These are assumed to be IP addresses, and as such, to be in network byte order. - Universally, APIs now assume that IP addresses and ports are provided in network byte order. APIs now generally provide these types in network byte order when decoding. - Beginnings of an OpenBSM test framework can now be found in openbsm/test. This code is not built or installed by default. - auditd now assigns more appropriate syslog levels to its debugging and error information. - Support for audit filters introduced: audit filters are dynamically loaded shared objects that run in the context of a new daemon, auditfilterd. The daemon reads from an audit pipe and feeds both BSM and parsed versions of records to shared objects using a module API. This will provide a framework for the writing of intrusion detection services. - New utility API, audit_submit(), added to capture common elements of audit record submission for many applications. From owner-trustedbsd-audit@FreeBSD.ORG Sun Jun 4 09:23:40 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C524F16A500 for ; Sun, 4 Jun 2006 09:23:40 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B26243D46 for ; Sun, 4 Jun 2006 09:23:40 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 07D0A46C44; Sun, 4 Jun 2006 05:23:40 -0400 (EDT) Date: Sun, 4 Jun 2006 10:23:39 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Patrick Dung In-Reply-To: <20060506183741.17216.qmail@web54306.mail.yahoo.com> Message-ID: <20060604102038.K90662@fledge.watson.org> References: <20060506183741.17216.qmail@web54306.mail.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@freebsd.org Subject: Re: Any good way to log all commands execuated by users? X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jun 2006 09:23:43 -0000 On Sat, 6 May 2006, Patrick Dung wrote: > Is it possible to log all commands run by the users? > > I found openbsm is included in Freebsd-current, but i can't figure a good > way to log command run by users. Logging all stat/read access to files is > not a good idea, this will generate a hugh log file and slows down the > server. Patrick, Sorry for the delay in responding, I was at BSDCan when you wrote that e-mail and am only now just catching up! The typical way to do this is to turn on process accounting, which generates one log record per execution (only, after the program executes, not before), captures CPU usage information, how the program exited, etc. Command line arguments are not captured. accounting_enabled="YES" and a reboot turn it on, and acct(2) describes what it does. You can use lastcomm(1) to review the basic accounting logs. With audit, you can also capture similar information by setting the 'ex'audit class flag for users, or globally. However, full support for execve() logging is not complete yet, currently we don't audit the command line arguments. This will follow in the near future. Robert N M Watson From owner-trustedbsd-audit@FreeBSD.ORG Mon Jun 5 16:01:05 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 311B016A551; Mon, 5 Jun 2006 16:01:05 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7BB143D53; Mon, 5 Jun 2006 16:01:04 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id D1C8646C4D; Mon, 5 Jun 2006 12:01:03 -0400 (EDT) Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: current@FreeBSD.org Message-ID: <20060605165946.L61202@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jun 2006 16:01:16 -0000 This is a heads up to current@ users regarding two moderate sized sets of changes that entered FreeBSD CVS today: (1) I imported OpenBSM 1.0 alpha 6. (2) I imported support for per-auditpipe preselection. Detailed commit messages are below. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 10:52:14 +0000 (UTC) From: Robert Watson To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/openbsm - Imported sources rwatson 2006-06-05 10:52:14 UTC FreeBSD src repository src/contrib/openbsm - Imported sources Update of /home/ncvs/src/contrib/openbsm In directory repoman.freebsd.org:/tmp/cvs-serv59860 Log Message: Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 6: - Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close(); previously we used hard-coded 0 and 1 values. - Add man page for au_open(), au_write(), au_close(), and au_close_buffer(). - Support a more complete range of data types for the arbitrary data token: add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias to AUR_INT), add AUR_INT64. - Add au_close_token(), which allows writing a single token_t to a memory buffer. Not likely to be used much by applications, but useful for writing test tools. - Modify au_to_file() so that it accepts a timeval in user space, not just kernel -- this is not a Solaris BSM API so can be modified without causing compatibility issues. - Define a new API, au_to_header32_tm(), which adds a struct timeval argument to the ordinary au_to_header32(), which is now implemented by wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL the APIs that invoke gettimeofday(), rather than having a variable definition. Don't try to retrieve time zone information using gettimeofday(), as it's not needed, and introduces possible failure modes. - Don't perform byte order transformations on the addr/machine fields of the terminal ID that appears in the process32/subject32 tokens. These are assumed to be IP addresses, and as such, to be in network byte order. - Universally, APIs now assume that IP addresses and ports are provided in network byte order. APIs now generally provide these types in network byte order when decoding. - Beginnings of an OpenBSM test framework can now be found in openbsm/test. This code is not built or installed by default. - auditd now assigns more appropriate syslog levels to its debugging and error information. - Support for audit filters introduced: audit filters are dynamically loaded shared objects that run in the context of a new daemon, auditfilterd. The daemon reads from an audit pipe and feeds both BSM and parsed versions of records to shared objects using a module API. This will provide a framework for the writing of intrusion detection services. - New utility API, audit_submit(), added to capture common elements of audit record submission for many applications. Obtained from: TrustedBSD Project Status: Vendor Tag: TrustedBSD Release Tags: OPENBSM_1_0_ALPHA_6 U src/contrib/openbsm/HISTORY U src/contrib/openbsm/LICENSE U src/contrib/openbsm/Makefile.am U src/contrib/openbsm/Makefile.in U src/contrib/openbsm/README U src/contrib/openbsm/TODO U src/contrib/openbsm/VERSION U src/contrib/openbsm/aclocal.m4 U src/contrib/openbsm/autogen.sh U src/contrib/openbsm/configure U src/contrib/openbsm/configure.ac U src/contrib/openbsm/bin/Makefile.am U src/contrib/openbsm/bin/Makefile.in U src/contrib/openbsm/bin/audit/Makefile.am U src/contrib/openbsm/bin/audit/Makefile.in U src/contrib/openbsm/bin/audit/audit.8 U src/contrib/openbsm/bin/audit/audit.c U src/contrib/openbsm/bin/auditd/Makefile.am U src/contrib/openbsm/bin/auditd/Makefile.in U src/contrib/openbsm/bin/auditd/audit_warn.c U src/contrib/openbsm/bin/auditd/auditd.8 U src/contrib/openbsm/bin/auditd/auditd.c U src/contrib/openbsm/bin/auditd/auditd.h N src/contrib/openbsm/bin/auditfilterd/Makefile.am N src/contrib/openbsm/bin/auditfilterd/Makefile.in N src/contrib/openbsm/bin/auditfilterd/auditfilterd.8 N src/contrib/openbsm/bin/auditfilterd/auditfilterd.c N src/contrib/openbsm/bin/auditfilterd/auditfilterd.h N src/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c U src/contrib/openbsm/bin/auditreduce/Makefile.am U src/contrib/openbsm/bin/auditreduce/Makefile.in U src/contrib/openbsm/bin/auditreduce/auditreduce.1 U src/contrib/openbsm/bin/auditreduce/auditreduce.c U src/contrib/openbsm/bin/auditreduce/auditreduce.h U src/contrib/openbsm/bin/praudit/Makefile.am U src/contrib/openbsm/bin/praudit/Makefile.in U src/contrib/openbsm/bin/praudit/praudit.1 U src/contrib/openbsm/bin/praudit/praudit.c U src/contrib/openbsm/bsm/Makefile.am U src/contrib/openbsm/bsm/Makefile.in U src/contrib/openbsm/bsm/audit.h N src/contrib/openbsm/bsm/audit_filter.h U src/contrib/openbsm/bsm/audit_internal.h U src/contrib/openbsm/bsm/audit_kevents.h U src/contrib/openbsm/bsm/audit_record.h U src/contrib/openbsm/bsm/audit_uevents.h U src/contrib/openbsm/bsm/libbsm.h U src/contrib/openbsm/compat/endian.h U src/contrib/openbsm/compat/queue.h U src/contrib/openbsm/config/config.guess U src/contrib/openbsm/config/config.h.in U src/contrib/openbsm/config/config.sub U src/contrib/openbsm/config/depcomp U src/contrib/openbsm/config/install-sh U src/contrib/openbsm/config/ltmain.sh U src/contrib/openbsm/config/missing U src/contrib/openbsm/etc/audit_class U src/contrib/openbsm/etc/audit_control U src/contrib/openbsm/etc/audit_event N src/contrib/openbsm/etc/audit_filter U src/contrib/openbsm/etc/audit_user U src/contrib/openbsm/etc/audit_warn U src/contrib/openbsm/libbsm/Makefile.am U src/contrib/openbsm/libbsm/Makefile.in U src/contrib/openbsm/libbsm/au_class.3 U src/contrib/openbsm/libbsm/au_control.3 U src/contrib/openbsm/libbsm/au_event.3 U src/contrib/openbsm/libbsm/au_free_token.3 U src/contrib/openbsm/libbsm/au_io.3 U src/contrib/openbsm/libbsm/au_mask.3 N src/contrib/openbsm/libbsm/au_open.3 U src/contrib/openbsm/libbsm/au_token.3 U src/contrib/openbsm/libbsm/au_user.3 N src/contrib/openbsm/libbsm/audit_submit.3 U src/contrib/openbsm/libbsm/bsm_audit.c U src/contrib/openbsm/libbsm/bsm_class.c U src/contrib/openbsm/libbsm/bsm_control.c U src/contrib/openbsm/libbsm/bsm_event.c U src/contrib/openbsm/libbsm/bsm_flags.c U src/contrib/openbsm/libbsm/bsm_io.c U src/contrib/openbsm/libbsm/bsm_mask.c U src/contrib/openbsm/libbsm/bsm_notify.c U src/contrib/openbsm/libbsm/bsm_token.c U src/contrib/openbsm/libbsm/bsm_user.c U src/contrib/openbsm/libbsm/libbsm.3 U src/contrib/openbsm/libbsm/bsm_wrappers.c U src/contrib/openbsm/man/Makefile.am U src/contrib/openbsm/man/Makefile.in U src/contrib/openbsm/man/audit.2 U src/contrib/openbsm/man/audit.log.5 U src/contrib/openbsm/man/audit_class.5 U src/contrib/openbsm/man/audit_control.5 U src/contrib/openbsm/man/audit_event.5 U src/contrib/openbsm/man/audit_user.5 U src/contrib/openbsm/man/audit_warn.5 U src/contrib/openbsm/man/auditctl.2 U src/contrib/openbsm/man/auditon.2 U src/contrib/openbsm/man/getaudit.2 U src/contrib/openbsm/man/getauid.2 U src/contrib/openbsm/man/setaudit.2 U src/contrib/openbsm/man/setauid.2 N src/contrib/openbsm/modules/Makefile.am N src/contrib/openbsm/modules/Makefile.in N src/contrib/openbsm/modules/auditfilter_noop/Makefile.am N src/contrib/openbsm/modules/auditfilter_noop/Makefile.in N src/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c N src/contrib/openbsm/test/Makefile.am N src/contrib/openbsm/test/Makefile.in N src/contrib/openbsm/test/bsm/Makefile.am N src/contrib/openbsm/test/bsm/Makefile.in N src/contrib/openbsm/test/bsm/generate.c U src/contrib/openbsm/tools/Makefile.am U src/contrib/openbsm/tools/Makefile.in U src/contrib/openbsm/tools/audump.c No conflicts created by this import ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 14:48:17 +0000 (UTC) From: Robert Watson To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/security/audit audit.c audit_bsm_klib.c audit_ioctl.h audit_pipe.c audit_private.h audit_worker.c rwatson 2006-06-05 14:48:17 UTC FreeBSD src repository Modified files: sys/security/audit audit.c audit_bsm_klib.c audit_ioctl.h audit_pipe.c audit_private.h audit_worker.c Log: Introduce support for per-audit pipe preselection independent from the global audit trail configuration. This allows applications consuming audit trails to specify parameters for which audit records are of interest, including selecting records not required by the global trail. Allowing application interest specification without changing the global configuration allows intrusion detection systems to run without interfering with global auditing or each other (if multiple are present). To implement this: - Kernel audit records now carry a flag to indicate whether they have been selected by the global trail or by the audit pipe subsystem, set during record commit, so that this information is available after BSM conversion when delivering the BSM to the trail and audit pipes in the audit worker thread asynchronously. Preselection by either record target will cause the record to be kept. - Similar changes to preselection when the audit record is created when the system call is entering: consult both the global trail and pipes. - au_preselect() now accepts the class in order to avoid repeatedly looking up the mask for each preselection test. - Define a series of ioctls that allow applications to specify whether they want to track the global trail, or program their own preselection parameters: they may specify their own flags and naflags masks, similar to the global masks of the same name, as well as a set of per-auid masks. They also set a per-pipe mode specifying whether they track the global trail, or user their own -- the door is left open for future additional modes. A new ioctl is defined to allow a user process to flush the current audit pipe queue, which can be used after reprogramming pre-selection to make sure that only records of interest are received in future reads. - Audit pipe data structures are extended to hold the additional fields necessary to support preselection. By default, audit pipes track the global trail, so "praudit /dev/auditpipe" will track the global audit trail even though praudit doesn't program the audit pipe selection model. - Comment about the complexities of potentially adding partial read support to audit pipes. By using a set of ioctls, applications can select which records are of interest, and toggle the preselection mode. Obtained from: TrustedBSD Project Revision Changes Path 1.15 +28 -16 src/sys/security/audit/audit.c 1.4 +3 -6 src/sys/security/audit/audit_bsm_klib.c 1.3 +32 -0 src/sys/security/audit/audit_ioctl.h 1.7 +393 -13 src/sys/security/audit/audit_pipe.c 1.9 +13 -3 src/sys/security/audit/audit_private.h 1.8 +49 -27 src/sys/security/audit/audit_worker.c From owner-trustedbsd-audit@FreeBSD.ORG Tue Aug 15 05:00:38 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 349D416A4DA for ; Tue, 15 Aug 2006 05:00:38 +0000 (UTC) (envelope-from tyler@bleepsoft.com) Received: from zeus.lunarpages.com (zeus.lunarpages.com [216.193.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E709C43D45 for ; Tue, 15 Aug 2006 05:00:37 +0000 (GMT) (envelope-from tyler@bleepsoft.com) Received: from cpe-24-26-253-44.satx.res.rr.com ([24.26.253.44] helo=[192.168.1.42]) by zeus.lunarpages.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.52) id 1GCr4N-0004rx-Cc for trustedbsd-audit@FreeBSD.org; Mon, 14 Aug 2006 22:02:27 -0700 Mime-Version: 1.0 (Apple Message framework v752.2) Content-Transfer-Encoding: 7bit Message-Id: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: trustedbsd-audit@FreeBSD.org From: "R. Tyler Ballance" Date: Tue, 15 Aug 2006 00:00:22 -0500 X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - zeus.lunarpages.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - bleepsoft.com X-Source: X-Source-Args: X-Source-Dir: Subject: Darwin work X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 05:00:38 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I suppose it's worth mentioning here, after talking to rwatson@ a bit about what work needs to be done on openbsm and the audit3 code. I'll be initially starting with the openbsm code of course, but I'll be toying with it more academically in my spurious free time, so I'd be more than happy to accept any help ;) FWIW, I also uploaded notes from rwatson's conversation with me: http://tyler.geekisp.com/doc/openbsm_notes.txt The best plan of attack that we (ok, more him than me) came up with was making the Darwin openbsm code operate in the same manner (the / dev/audit pseudo-device) as the FreeBSD and Linux code, and then work from there. I'm branching the mainline openbsm and audit3 code into my user directory in perforce right now, and I'll be sending the autoconf stub patches there for testing, you'll be able to get the code from: //depot/user/tyler/openbsm/... and //depot/user/tyler/ audit3/... Cheers, - -R. Tyler Ballance Lead Developer, bleep. LLC http://www.bleepsoft.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFE4VTpqO6nEJfroRsRAs7KAJ4n4WbzxJjvz2K67ZfxUOePA6WH9ACfdG1I hFmDQFyLFlISUrj235nOZp8= =ToMT -----END PGP SIGNATURE----- From owner-trustedbsd-audit@FreeBSD.ORG Tue Aug 15 19:14:21 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 673AF16A4F5 for ; Tue, 15 Aug 2006 19:14:21 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 974FE43DCD for ; Tue, 15 Aug 2006 19:13:33 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 0FDF246BCF; Tue, 15 Aug 2006 15:13:25 -0400 (EDT) Date: Tue, 15 Aug 2006 20:13:24 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: "R. Tyler Ballance" In-Reply-To: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com> Message-ID: <20060815193600.H45647@fledge.watson.org> References: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org Subject: Re: Darwin work X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 19:14:21 -0000 On Tue, 15 Aug 2006, R. Tyler Ballance wrote: > I suppose it's worth mentioning here, after talking to rwatson@ a bit about > what work needs to be done on openbsm and the audit3 code. I'll be initially > starting with the openbsm code of course, but I'll be toying with it more > academically in my spurious free time, so I'd be more than happy to accept > any help ;) > > FWIW, I also uploaded notes from rwatson's conversation with me: > http://tyler.geekisp.com/doc/openbsm_notes.txt > > The best plan of attack that we (ok, more him than me) came up with was > making the Darwin openbsm code operate in the same manner (the /dev/audit > pseudo-device) as the FreeBSD and Linux code, and then work from there. I'm > branching the mainline openbsm and audit3 code into my user directory in > perforce right now, and I'll be sending the autoconf stub patches there for > testing, you'll be able to get the code from: //depot/user/tyler/openbsm/... > and //depot/user/tyler/audit3/... Bringing the audit3 kernel code to Mac OS X is a fairly serious undertaking, as it requires basically replacing the older kernel audit framework in Darwin with the newere one from FreeBSD. It's certainly not impossible -- it's been demonstrated on a number of occasions that porting FreeBSD code to Darwin can be done, especially if one avoids areas that have diverged significantly. The first step is to get OpenBSM fully working on Darwin. We've been compiling and testing most OpenBSM components at least minimally on Mac OS X and Linux during development. This means that the configuration files, library, and user space BSM tools, such as auditreduce and praudit, should pretty much "just work" on both platforms. It's components like auditd and auditfilterd, which interact with the kernel as a source of audit events, where the work becomes more tricky. As I mentioned to you in IRC, and appears in the above transcript, the first major issue is teaching the new OpenBSM auditd about the Darwin trigger model, which is based on Mach port IPC, rather than the pseudo-device /dev/audit as found on FreeBSD. At least, if you want OpenBSM to run with an unmodified kernel. If you don't mind a modified XNU kernel, porting just src/sys/security/audit/audit_trigger.c from FreeBSD to Darwin is probably pretty straight forward. Getting OpenBSM working properly on Darwin would be very useful indeed, even without doing all the kernel work. After the OpenBSM pieces are fully working on Darwin, it's desirable to substitute the new OpenBSM bsm/ include files for the existing Darwin ones. That will, among other things, teach the Darwin kernel to generate records using the new OpenBSM header version and event numbers, rather than ones that may (in the future) conflict with Solaris events. Finally, without doing a full audit3 port, a desirable change to port to Darwin is the token generation changes, which fix some bugs and add endian-independence (writing out in network byte order rather than native byte order). Doing a full port requires basically porting over src/sys/security/audit from the FreeBSD tree to Darwin, and also src/sys/bsm, replacing the current files, which are largely in xnu/bsd/kern and xnu/bsd/bsm. Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Wed Aug 16 11:15:10 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF55616A4E0 for ; Wed, 16 Aug 2006 11:15:09 +0000 (UTC) (envelope-from tyler@bleepsoft.com) Received: from zeus.lunarpages.com (zeus.lunarpages.com [216.193.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A4CA43D45 for ; Wed, 16 Aug 2006 11:15:09 +0000 (GMT) (envelope-from tyler@bleepsoft.com) Received: from cpe-24-26-253-44.satx.res.rr.com ([24.26.253.44] helo=[192.168.1.42]) by zeus.lunarpages.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.52) id 1GDJOP-0005pL-CX for trustedbsd-audit@FreeBSD.org; Wed, 16 Aug 2006 04:17:01 -0700 Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: <20060815193600.H45647@fledge.watson.org> References: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com> <20060815193600.H45647@fledge.watson.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: "R. Tyler Ballance" Date: Wed, 16 Aug 2006 06:14:46 -0500 To: trustedbsd-audit@FreeBSD.org X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - zeus.lunarpages.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - bleepsoft.com X-Source: X-Source-Args: X-Source-Dir: Subject: Re: Darwin work X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 11:15:10 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 15, 2006, at 2:13 PM, Robert Watson wrote: > The first step is to get OpenBSM fully working on Darwin. We've > been compiling and testing most OpenBSM components at least > minimally on Mac OS X and Linux during development. This means > that the configuration files, library, and user space BSM tools, > such as auditreduce and praudit, should pretty much "just work" on > both platforms. It's components like auditd and auditfilterd, > which interact with the kernel as a source of audit events, where > the work becomes more tricky. > > As I mentioned to you in IRC, and appears in the above transcript, > the first major issue is teaching the new OpenBSM auditd about the > Darwin trigger model, which is based on Mach port IPC, rather than > the pseudo-device /dev/audit as found on FreeBSD. At least, if you > want OpenBSM to run with an unmodified kernel. If you don't mind a > modified XNU kernel, porting just src/sys/security/audit/ > audit_trigger.c from FreeBSD to Darwin is probably pretty straight > forward. Getting OpenBSM working properly on Darwin would be very > useful indeed, even without doing all the kernel work. That said, should I be using Apple's own bsm module as a reference for writing the mach ports specific code, or is there existing code for receiving the audit events from Xnu already somewhere lurking around within OpenBSM? (I've been glancing over Apple's bsm code, which is under a 3-clause license, so I don't think it would be a probably for me to base my code off of it). > After the OpenBSM pieces are fully working on Darwin, it's > desirable to substitute the new OpenBSM bsm/ include files for the > existing Darwin ones. That will, among other things, teach the > Darwin kernel to generate records using the new OpenBSM header > version and event numbers, rather than ones that may (in the > future) conflict with Solaris events. Finally, without doing a > full audit3 port, a desirable change to port to Darwin is the token > generation changes, which fix some bugs and add endian-independence > (writing out in network byte order rather than native byte order). > > Doing a full port requires basically porting over src/sys/security/ > audit from the FreeBSD tree to Darwin, and also src/sys/bsm, > replacing the current files, which are largely in xnu/bsd/kern and > xnu/bsd/bsm. The full audit3 port would be something, IMHO, that would be best done with a reasonable amount of conjunction with the SEDarwin project, although it seems that they are aiming more at bringing the MAC framework and some of the security enhancements that SELinux brought to the table, so I'm not sure if an audit3 port necessarily fits within their project goals. That said, I suppose it's time to finally reboot this bloody machine to enable auditing from the Common Criteria Tools :-/ Cheers, - -R. Tyler Ballance Lead Developer, bleep. LLC http://www.bleepsoft.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFE4v4vqO6nEJfroRsRApyYAJ4mov9M9Q9Se2Ya6cTqEERpfqB8JQCeISNl tb49LK0k58/VrTIgkf+v5gw= =LQlf -----END PGP SIGNATURE----- From owner-trustedbsd-audit@FreeBSD.ORG Wed Aug 16 11:24:14 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE4EF16A4DE; Wed, 16 Aug 2006 11:24:14 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D6D243D58; Wed, 16 Aug 2006 11:24:14 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id ADBE346CDE; Wed, 16 Aug 2006 07:24:13 -0400 (EDT) Date: Wed, 16 Aug 2006 12:24:13 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: stable@FreeBSD.org Message-ID: <20060816120709.N45647@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@TrustedBSD.org, freebsd-security@FreeBSD.org Subject: Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 11:24:15 -0000 Dear 6-STABLE users, In the next 2-3 weeks, I plan to MFC support for CAPP security eventing auditing from 7-CURRENT to 6-STABLE. The implementation has been running quite nicely in -CURRENT for several months. Right now, I'm just waiting on a confirmation from Sun regarding formal allocation of a BSM header version number so as to avoid accidental version number conflicts in the future, which I hope to get this week, as well as a bug fix in the handling of per-pipe preselection, which Christian Peron is currently working on. The audit implementation will be considered an experimental feature in 6.2-RELEASE, but in practice runs quite well, so is ready for more wide-spread deployment. For those who are unfamiliar with it, security event auditing ("audit") is the fine-grained logging of system security events, from login events to security relevant system calls. The result is a secure audit trail, which can be used for post-mortem analysis, intrusion detection, etc. The FreeBSD implementation is based on the Mac OS X audit implementation, implemented by my team at McAfee Research a few years ago, which Apple has kindly donated under a BSD license. However, it has been substantially enhanced since forking the Apple code. Additions include infrastructure to support live intrusion detection (live "audit pipes" with per-pipe preselection facilities independent of the global trail), 64-bit support, additional cross-platform portability, endian-independent trail files, and a great number of other cleanups, including support for FreeBSD's fine-grained SMP architecture. Both Mac OS X and FreeBSD implement Sun's de facto standard BSM API and audit trail format (with extensions for FreeBSD and Mac OS X events not present in Solaris), so many existing monitoring and analysis tools will run "out of the box", and FreeBSD and Mac OS X can be integrated into existing Sun-based audit infrastructure without too much work. While the open source FreeBSD releases have not been evaluated, this implementation is intended to be compliant with the CAPP standard's audit requirements. If you are interested in getting FreeBSD evaluated, and have been waiting on audit support (I know there are several people out there who have talked to me about this in the past), please let me know, and we can talk about how this might affect the evaluation of FreeBSD. Configuring audit requires the addition of "options AUDIT" to your kernel configuration file, modification of /etc/rc.conf, and any necessary tweaking of /etc/security/audit* to configure. There are detailed man pages, as well as a chapter in the FreeBSD Handbook, thanks to Tom Rhodes, explaining audit and audit configuration at a high level. Feedback on both the documentation and implementation would be most welcome; please direct this to the trustedbsd-audit@TrustedBSD.org mailing list. Until the implementation is upgraded from "experimental", AUDIT will remain disabled in the GENERIC kernel by default. I hope to compile AUDIT in by default starting around FreeBSD 6.3 or 6.4, but exactly when will depend on the nature of feedback, bug reports, etc, over the next few months. In its disabled state, some audit code is present in userland applications, but should not be run by default. We provide a NO_AUDIT build option to prevent audit support from being compiled into user space applications at all, which may be appropriate in embedded environments where space constraints are more of a pressing issue. The integration process will take around a week, and may result in intermitent build failures or other unexpected quirks in 6-STABLE. We have planned this fairly carefully in order to minimize disruption, but with any large set of source code changes, there is the risk of unexpected consequences. Once the code base to be merged is finalized, I will post a more specific merge schedule to the freebsd-stable and trustedbsd-audit mailing lists detailing how things will go. Once the merge is complete, I will post tutorial information to various mailing lists for those interested in giving this a try. You can learn more about Audit by reading the handbook chapter, and visiting http://www.TrustedBSD.org/audit.html As an FYI for those interested, we are shipping the user space audit components as a portable package, OpenBSM, so that BSM-based applications can be built to process Solaris, FreeBSD, and Mac OS X audit trails on a variety of platforms, including Linux, older versions of FreeBSD, and other *BSD systems. OpenBSM is present in the contrib tree in the FreeBSD source tree as a vendor branch import, and will track the most recent OpenBSM release. You can learn more about this at http://www.OpenBSM.org/. Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Wed Aug 16 12:32:50 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CECF216A4E6 for ; Wed, 16 Aug 2006 12:32:50 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 781DC43D53 for ; Wed, 16 Aug 2006 12:29:02 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 51C7246D11; Wed, 16 Aug 2006 08:29:01 -0400 (EDT) Date: Wed, 16 Aug 2006 13:29:01 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: "R. Tyler Ballance" In-Reply-To: Message-ID: <20060816132406.Y15941@fledge.watson.org> References: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com> <20060815193600.H45647@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org Subject: Re: Darwin work X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 12:32:51 -0000 On Wed, 16 Aug 2006, R. Tyler Ballance wrote: >> As I mentioned to you in IRC, and appears in the above transcript, the >> first major issue is teaching the new OpenBSM auditd about the Darwin >> trigger model, which is based on Mach port IPC, rather than the >> pseudo-device /dev/audit as found on FreeBSD. At least, if you want >> OpenBSM to run with an unmodified kernel. If you don't mind a modified XNU >> kernel, porting just src/sys/security/audit/audit_trigger.c from FreeBSD to >> Darwin is probably pretty straight forward. Getting OpenBSM working >> properly on Darwin would be very useful indeed, even without doing all the >> kernel work. > > That said, should I be using Apple's own bsm module as a reference for > writing the mach ports specific code, or is there existing code for > receiving the audit events from Xnu already somewhere lurking around within > OpenBSM? (I've been glancing over Apple's bsm code, which is under a > 3-clause license, so I don't think it would be a probably for me to base my > code off of it). I believe that current OpenBSM tree, the mach event code for auditd isn't present, so you will need to look at the original Apple BSM package. The most recent Apple BSM import was from Darwin 8.0 (Tiger 10.4.0, I believe). My recommendation is to look at ways to break auditd.c into three different source files: auditd_devaudit.c (/dev/audit), auditd_mach.c (mach ports), and auditd.c, and try to capture as much of the common behavior in auditd.c as possible. How exactly the details will shake out, I can't say -- it depends a bit how the control loop has to be changed to add in the Mach support. >> After the OpenBSM pieces are fully working on Darwin, it's desirable to >> substitute the new OpenBSM bsm/ include files for the existing Darwin ones. >> That will, among other things, teach the Darwin kernel to generate records >> using the new OpenBSM header version and event numbers, rather than ones >> that may (in the future) conflict with Solaris events. Finally, without >> doing a full audit3 port, a desirable change to port to Darwin is the token >> generation changes, which fix some bugs and add endian-independence >> (writing out in network byte order rather than native byte order). >> >> Doing a full port requires basically porting over src/sys/security/audit >> from the FreeBSD tree to Darwin, and also src/sys/bsm, replacing the >> current files, which are largely in xnu/bsd/kern and xnu/bsd/bsm. > > The full audit3 port would be something, IMHO, that would be best done with > a reasonable amount of conjunction with the SEDarwin project, although it > seems that they are aiming more at bringing the MAC framework and some of > the security enhancements that SELinux brought to the table, so I'm not sure > if an audit3 port necessarily fits within their project goals. > > That said, I suppose it's time to finally reboot this bloody machine to > enable auditing from the Common Criteria Tools :-/ Doing the audit3 port is desirable in that it will update the BSM code in the Darwin kernel, bring in support for audit pipes, etc. However, it is not necessary in order to get OpenBSM working, and a much smaller set of kernel changes would be quite useful (i.e., updating only the token encoding). Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Wed Aug 23 05:21:49 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F7CF16A4E0 for ; Wed, 23 Aug 2006 05:21:49 +0000 (UTC) (envelope-from tyler@bleepsoft.com) Received: from zeus.lunarpages.com (zeus.lunarpages.com [216.193.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3E7243D45 for ; Wed, 23 Aug 2006 05:21:48 +0000 (GMT) (envelope-from tyler@bleepsoft.com) Received: from cpe-24-26-238-91.satx.res.rr.com ([24.26.238.91] helo=[192.168.250.100]) by zeus.lunarpages.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.52) id 1GFlCh-0005Kz-N9 for trustedbsd-audit@FreeBSD.org; Tue, 22 Aug 2006 22:23:03 -0700 Mime-Version: 1.0 (Apple Message framework v752.2) Content-Transfer-Encoding: 7bit Message-Id: <94174834-4825-4686-8E2C-F1D5224723B1@bleepsoft.com> Content-Type: text/plain; charset=US-ASCII; format=flowed To: trustedbsd-audit@FreeBSD.org From: "R. Tyler Ballance" Date: Wed, 23 Aug 2006 00:21:40 -0500 X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - zeus.lunarpages.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - bleepsoft.com X-Source: X-Source-Args: X-Source-Dir: Subject: The autoconf nightmare X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Aug 2006 05:21:49 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm growing to hate autoconf all over again Here's the Darwin transcript: intellian% glibtool --version ltmain.sh (GNU libtool) 1.5 (1.1220.2.1 2003/04/14 22:48:00) Copyright (C) 2003 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. intellian% autoconf --version autoconf (GNU Autoconf) 2.59 Written by David J. MacKenzie and Akim Demaille. Copyright (C) 2003 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. intellian% ./autogen.sh Putting files in AC_CONFIG_AUX_DIR, `config'. /opt/local/share/aclocal/smpeg.m4:13: warning: underquoted definition of AM_PATH_SMPEG run info '(automake)Extending aclocal' or see http://sources.redhat.com/automake/automake.html#Extending- aclocal /opt/local/share/aclocal/libmikmod.m4:11: warning: underquoted definition of AM_PATH_LIBMIKMOD /opt/local/share/aclocal/audiofile.m4:12: warning: underquoted definition of AM_PATH_AUDIOFILE /opt/local/share/aclocal/aalib.m4:12: warning: underquoted definition of AM_PATH_AALIB intellian% ==================[ snip ]================== Here's the FreeBSD transcript: %libtool --version ltmain.sh (GNU libtool) 1.5.22 (1.1220.2.365 2005/12/18 22:14:06) Copyright (C) 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. %autoconf --version autoconf (GNU Autoconf) 2.59 Written by David J. MacKenzie and Akim Demaille. Copyright (C) 2003 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. %./autogen.sh You should update your `aclocal.m4' by running aclocal. Putting files in AC_CONFIG_AUX_DIR, `config'. libbsm/Makefile.am:7: Libtool library used but `LIBTOOL' is undefined libbsm/Makefile.am:7: libbsm/Makefile.am:7: The usual way to define `LIBTOOL' is to add `AC_PROG_LIBTOOL' libbsm/Makefile.am:7: to `configure.ac' and run `aclocal' and `autoconf' again. modules/auditfilter_noop/Makefile.am:7: Libtool library used but `LIBTOOL' is undefined modules/auditfilter_noop/Makefile.am:7: modules/auditfilter_noop/Makefile.am:7: The usual way to define `LIBTOOL' is to add `AC_PROG_LIBTOOL' modules/auditfilter_noop/Makefile.am:7: to `configure.ac' and run `aclocal' and `autoconf' again. % ==================[ snip ]================== On Darwin this project recreates the autoconf stubs properly, on FreeBSD, it fails miserably. ARGH! Ideas? Cheers, - -R. Tyler Ballance Lead Developer, bleep. LLC http://www.bleepsoft.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFE6+XmqO6nEJfroRsRAuTJAJ49KnlaYbrExR5IoAKnqyaViknewgCghgM9 iltl1CRnZA6sV4AsrK77ydU= =6jiZ -----END PGP SIGNATURE----- From owner-trustedbsd-audit@FreeBSD.ORG Wed Aug 23 06:17:00 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CAF416A4DA for ; Wed, 23 Aug 2006 06:17:00 +0000 (UTC) (envelope-from plumber@gnu-darwin.org) Received: from smtp6-g19.free.fr (smtp6-g19.free.fr [212.27.42.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1441543D46 for ; Wed, 23 Aug 2006 06:16:57 +0000 (GMT) (envelope-from plumber@gnu-darwin.org) Received: from [192.168.0.2] (bob75-1-81-57-229-223.fbx.proxad.net [81.57.229.223]) by smtp6-g19.free.fr (Postfix) with ESMTP id 2BA3F1D3B3; Wed, 23 Aug 2006 08:16:57 +0200 (CEST) In-Reply-To: <94174834-4825-4686-8E2C-F1D5224723B1@bleepsoft.com> References: <94174834-4825-4686-8E2C-F1D5224723B1@bleepsoft.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <673EF5F2-E834-4239-97B3-7A6CC3CE10EF@gnu-darwin.org> Content-Transfer-Encoding: 7bit From: plumber Idraulico Date: Wed, 23 Aug 2006 08:16:55 +0200 To: R. Tyler Ballance X-Mailer: Apple Mail (2.752.2) Cc: trustedbsd-audit@FreeBSD.org Subject: Re: The autoconf nightmare X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Aug 2006 06:17:00 -0000 try something like that autoreconf -f Best Regards, {Plum} {Plumber Idraulico} Software Engineer/Unix Client/Server Software Engineer Paris - France _ /o\ // \\ The ASCII \\ // Ribbon Campaign \V/ Against HTML /A\ eMail! // \\ From owner-trustedbsd-audit@FreeBSD.ORG Wed Aug 23 06:45:37 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2288F16A4DE for ; Wed, 23 Aug 2006 06:45:37 +0000 (UTC) (envelope-from tyler@bleepsoft.com) Received: from zeus.lunarpages.com (zeus.lunarpages.com [216.193.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C920843D45 for ; Wed, 23 Aug 2006 06:45:36 +0000 (GMT) (envelope-from tyler@bleepsoft.com) Received: from cpe-24-26-238-91.satx.res.rr.com ([24.26.238.91] helo=[192.168.250.100]) by zeus.lunarpages.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.52) id 1GFmVn-0003gv-GA for trustedbsd-audit@FreeBSD.org; Tue, 22 Aug 2006 23:46:51 -0700 Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: <673EF5F2-E834-4239-97B3-7A6CC3CE10EF@gnu-darwin.org> References: <94174834-4825-4686-8E2C-F1D5224723B1@bleepsoft.com> <673EF5F2-E834-4239-97B3-7A6CC3CE10EF@gnu-darwin.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <12253575-6FA8-4055-8606-D1790C74FC33@bleepsoft.com> Content-Transfer-Encoding: 7bit From: "R. Tyler Ballance" Date: Wed, 23 Aug 2006 01:45:28 -0500 To: trustedbsd-audit@FreeBSD.org X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - zeus.lunarpages.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - bleepsoft.com X-Source: X-Source-Args: X-Source-Dir: Subject: Re: The autoconf nightmare X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Aug 2006 06:45:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 configure.ac:15: error: possibly undefined macro: AC_PROG_LIBTOOL If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. The fun never ends, I updated things on my Darwin machine, and then submitted, and synced to my FreeBSD workstation to make sure my FreeBSD related changes were functional, and things came crashing down. Autoconf is the same version, I'm terribly confused as to what magic GNU/voodoo needs to be done, anybody? :-/ Cheers, - -R. Tyler Ballance Lead Developer, bleep. LLC http://www.bleepsoft.com On Aug 23, 2006, at 1:16 AM, plumber Idraulico wrote: > autoreconf -f -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFE6/mNqO6nEJfroRsRAmRlAJ0QSl07Ruu8ZjeMZ7D2nufAagrKxgCfdwyE g+iGK3r2yuSlJEbigxcSzdw= =XlIZ -----END PGP SIGNATURE----- From owner-trustedbsd-audit@FreeBSD.ORG Wed Aug 23 08:25:11 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5936716A4DE for ; Wed, 23 Aug 2006 08:25:11 +0000 (UTC) (envelope-from plumber@gnu-darwin.org) Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6DD043D46 for ; Wed, 23 Aug 2006 08:25:10 +0000 (GMT) (envelope-from plumber@gnu-darwin.org) Received: from [192.168.0.2] (bob75-1-81-57-229-223.fbx.proxad.net [81.57.229.223]) by smtp4-g19.free.fr (Postfix) with ESMTP id 910C0549B8; Wed, 23 Aug 2006 10:25:09 +0200 (CEST) In-Reply-To: <12253575-6FA8-4055-8606-D1790C74FC33@bleepsoft.com> References: <94174834-4825-4686-8E2C-F1D5224723B1@bleepsoft.com> <673EF5F2-E834-4239-97B3-7A6CC3CE10EF@gnu-darwin.org> <12253575-6FA8-4055-8606-D1790C74FC33@bleepsoft.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <41791690-D614-40C5-949D-2C0B5051FEFD@gnu-darwin.org> Content-Transfer-Encoding: 7bit From: plumber Idraulico Date: Wed, 23 Aug 2006 10:25:07 +0200 To: R. Tyler Ballance X-Mailer: Apple Mail (2.752.2) Cc: trustedbsd-audit@FreeBSD.org Subject: Re: The autoconf nightmare X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Aug 2006 08:25:11 -0000 > The fun never ends, I updated things on my Darwin machine, and then > submitted, and synced to my FreeBSD workstation to make sure my > FreeBSD related changes were functional, and things came crashing > down. > > Autoconf is the same version, I'm terribly confused as to what > magic GNU/voodoo needs to be done, anybody? :-/ :D try a wizard, seriously u can explore 2 ways 1 - on Darwin libtool is not glibtool 2 - mk file encoding (can produce misfits ) this is my common experiment Best Regards, {Plum} {Plumber Idraulico} _ /o\ // \\ The ASCII \\ // Ribbon Campaign \V/ Against HTML /A\ eMail! // \\ From owner-trustedbsd-audit@FreeBSD.ORG Wed Aug 23 08:32:43 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E6DBC16A4DA for ; Wed, 23 Aug 2006 08:32:43 +0000 (UTC) (envelope-from plumber@gnu-darwin.org) Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CABC43D60 for ; Wed, 23 Aug 2006 08:32:41 +0000 (GMT) (envelope-from plumber@gnu-darwin.org) Received: from [192.168.0.2] (bob75-1-81-57-229-223.fbx.proxad.net [81.57.229.223]) by smtp4-g19.free.fr (Postfix) with ESMTP id 511C4547B0; Wed, 23 Aug 2006 10:32:40 +0200 (CEST) In-Reply-To: <12253575-6FA8-4055-8606-D1790C74FC33@bleepsoft.com> References: <94174834-4825-4686-8E2C-F1D5224723B1@bleepsoft.com> <673EF5F2-E834-4239-97B3-7A6CC3CE10EF@gnu-darwin.org> <12253575-6FA8-4055-8606-D1790C74FC33@bleepsoft.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <2CBE0D23-0499-4C89-967D-DEA75D98A034@gnu-darwin.org> Content-Transfer-Encoding: 7bit From: plumber Idraulico Date: Wed, 23 Aug 2006 10:32:38 +0200 To: R. Tyler Ballance X-Mailer: Apple Mail (2.752.2) Cc: trustedbsd-audit@FreeBSD.org Subject: Re: The autoconf nightmare X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Aug 2006 08:32:44 -0000 then define AC_PROG_LIBTOOL Best Regards, {Plum} {Plumber Idraulico} _ /o\ // \\ The ASCII \\ // Ribbon Campaign \V/ Against HTML /A\ eMail! // \\ From owner-trustedbsd-audit@FreeBSD.ORG Wed Aug 23 18:27:51 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E796116A4E0 for ; Wed, 23 Aug 2006 18:27:51 +0000 (UTC) (envelope-from tyler@bleepsoft.com) Received: from zeus.lunarpages.com (zeus.lunarpages.com [216.193.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8300943D78 for ; Wed, 23 Aug 2006 18:27:46 +0000 (GMT) (envelope-from tyler@bleepsoft.com) Received: from cpe-24-26-238-91.satx.res.rr.com ([24.26.238.91] helo=[192.168.250.100]) by zeus.lunarpages.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.52) id 1GFxTK-0001bo-1l for trustedbsd-audit@FreeBSD.org; Wed, 23 Aug 2006 11:29:02 -0700 Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: <20060816132406.Y15941@fledge.watson.org> References: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com> <20060815193600.H45647@fledge.watson.org> <20060816132406.Y15941@fledge.watson.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: "R. Tyler Ballance" Date: Wed, 23 Aug 2006 13:27:36 -0500 To: trustedbsd-audit@FreeBSD.org X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - zeus.lunarpages.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - bleepsoft.com X-Source: X-Source-Args: X-Source-Dir: Subject: Re: Darwin work X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Aug 2006 18:27:52 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 16, 2006, at 7:29 AM, Robert Watson wrote: > I believe that current OpenBSM tree, the mach event code for auditd > isn't present, so you will need to look at the original Apple BSM > package. The most recent Apple BSM import was from Darwin 8.0 > (Tiger 10.4.0, I believe). My recommendation is to look at ways to > break auditd.c into three different source files: auditd_devaudit.c > (/dev/audit), auditd_mach.c (mach ports), and auditd.c, and try to > capture as much of the common behavior in auditd.c as possible. > How exactly the details will shake out, I can't say -- it depends a > bit how the control loop has to be changed to add in the Mach support. It seems that there's no trigger support in the Apple BSM package from what I can tell, most of the bsm package that I downloaded from the darwinsource site is for examining audit trails after the fact (once they've been dumped in /var/audit/) but there doesn't seem to be anything related to "feeding" off the Mach port for the triggers straight from the auditing subsystem. Am I looking in the wrong place? Should I be grepping some of the Xnu source for the Audit related code to find out how to handle the triggers spewed from Xnu's audit system? Or am i just being too dense to find the appropriate code in Apple's BSM code ;) Cheers, - -R. Tyler Ballance Lead Developer, bleep. LLC http://www.bleepsoft.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFE7J4eqO6nEJfroRsRAl7IAJwJns4I5ODsFgFU2rEw7eW4Tfd3ZwCeL8Nv AmPZQN4BLGhOgbVV8Psj6LY= =f3df -----END PGP SIGNATURE----- From owner-trustedbsd-audit@FreeBSD.ORG Thu Aug 24 12:47:28 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30BEB16A4DE for ; Thu, 24 Aug 2006 12:47:28 +0000 (UTC) (envelope-from wsalamon@computer.org) Received: from wsalamon.net (wsalamon.net [216.127.158.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB20643D90 for ; Thu, 24 Aug 2006 12:47:20 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from [129.6.61.136] (tomservo.ncsl.nist.gov [129.6.61.136]) by wsalamon.net (Postfix) with ESMTP id A06BE184DC2; Thu, 24 Aug 2006 08:47:13 -0400 (EDT) In-Reply-To: References: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com> <20060815193600.H45647@fledge.watson.org> <20060816132406.Y15941@fledge.watson.org> Mime-Version: 1.0 (Apple Message framework v752.2) X-Gpgmail-State: !signed Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Wayne Salamon Date: Thu, 24 Aug 2006 08:47:12 -0400 To: R.Tyler Ballance X-Mailer: Apple Mail (2.752.2) Cc: trustedbsd-audit@FreeBSD.org Subject: Re: Darwin work X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Aug 2006 12:47:28 -0000 On Aug 23, 2006, at 2:27 PM, R. Tyler Ballance wrote: > Am I looking in the wrong place? Should I be grepping some of the > Xnu source for the Audit related code to find out how to handle the > triggers spewed from Xnu's audit system? Or am i just being too > dense to find the appropriate code in Apple's BSM code ;) The audit daemon handles the Mach triggers. The source is contained in the system_cmds Darwin package, at http://www.opensource.apple.com/darwinsource/10.4.7.ppc/ Wayne ---------------------- Wayne Salamon wsalamon@freebsd.org From owner-trustedbsd-audit@FreeBSD.ORG Thu Aug 24 19:52:13 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B2DD16A4E1 for ; Thu, 24 Aug 2006 19:52:13 +0000 (UTC) (envelope-from tyler@bleepsoft.com) Received: from zeus.lunarpages.com (zeus.lunarpages.com [216.193.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5757E43D80 for ; Thu, 24 Aug 2006 19:51:56 +0000 (GMT) (envelope-from tyler@bleepsoft.com) Received: from cpe-24-26-238-91.satx.res.rr.com ([24.26.238.91] helo=[192.168.250.100]) by zeus.lunarpages.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.52) id 1GGLGO-00038i-Bi for trustedbsd-audit@FreeBSD.org; Thu, 24 Aug 2006 12:53:16 -0700 Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: References: <8C40F149-F305-46DC-A39E-66E26C46822D@bleepsoft.com> <20060815193600.H45647@fledge.watson.org> <20060816132406.Y15941@fledge.watson.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <3408FA10-C9BA-4D48-9A1B-5537A02F1B7D@bleepsoft.com> Content-Transfer-Encoding: 7bit From: "R. Tyler Ballance" Date: Thu, 24 Aug 2006 14:51:49 -0500 To: trustedbsd-audit@FreeBSD.org X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - zeus.lunarpages.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - bleepsoft.com X-Source: X-Source-Args: X-Source-Dir: Subject: Re: Darwin work X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Aug 2006 19:52:13 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 24, 2006, at 7:47 AM, Wayne Salamon wrote: > > On Aug 23, 2006, at 2:27 PM, R. Tyler Ballance wrote: > >> Am I looking in the wrong place? Should I be grepping some of the >> Xnu source for the Audit related code to find out how to handle >> the triggers spewed from Xnu's audit system? Or am i just being >> too dense to find the appropriate code in Apple's BSM code ;) > > The audit daemon handles the Mach triggers. The source is contained > in the system_cmds Darwin package, at > http://www.opensource.apple.com/darwinsource/10.4.7.ppc/ Ahck! Whoops, I had forgotten that Apple has a bunch of those smaller daemons packed away into the system_cmds package on the darwin source site. Thanks for the correction, I wasn't thinking properly yesterday it seems :) Cheers, - -R. Tyler Ballance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFE7gNXqO6nEJfroRsRAu96AJ9S+EY8mBbFW/g/QvLC3whRDrkvYACeJqYo deJb/jnvzRcxbnQbugqQXFY= =kLSS -----END PGP SIGNATURE----- From owner-trustedbsd-audit@FreeBSD.ORG Sat Aug 26 08:25:04 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 790A116A4DA; Sat, 26 Aug 2006 08:25:04 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id B5E3F43D45; Sat, 26 Aug 2006 08:25:03 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 3C83846D3E; Sat, 26 Aug 2006 04:25:03 -0400 (EDT) Date: Sat, 26 Aug 2006 09:25:03 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: freebsd-current@FreeBSD.org Message-ID: <20060826092027.C54235@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@TrustedBSD.org Subject: HEADS UP: TrustedBSD OpenBSM 1.0 alpha 9 imported X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Aug 2006 08:25:04 -0000 I've imported the most recent release of OpenBSM, which includes a renumbering of audit events and a chance in the BSM version. Old audit trail files will be readable by the new implementation, but older /etc/security/audit_event files are not able to translate the new event numbers to strings (etc). Make sure to run mergemaster if using audit. These changes are to avoid potential future event number conflicts with Solaris, and to assign our implementation a unique version number so it can be distinguished from existing Solaris and Darwin versions. OpenBSM is now about at the point where it's ready for import into the RELENG_6 tree, which I hope to do in the next couple of days in preparation for inclusion in FreeBSD 6.2. (Post import builds are now running locally to confirm it all committed properly.) Robert N M Watson Computer Laboratory University of Cambridge ---------- Forwarded message ---------- Date: Sat, 26 Aug 2006 08:04:17 +0000 (UTC) From: Robert Watson To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/openbsm - Imported sources rwatson 2006-08-26 08:04:17 UTC FreeBSD src repository src/contrib/openbsm - Imported sources Update of /home/ncvs/src/contrib/openbsm In directory repoman.freebsd.org:/tmp/cvs-serv19917 Log Message: Vendor import of OpenBSM 1.0 alpha 9, with the following change history notes since the last import: OpenBSM 1.0 alpha 9 - Rename many OpenBSM-specific constants and API elements containing the strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true for almost all existing constants and APIs. - Instead of passing a per-instance cookie directly into all audit filter APIs, pass in the audit filter daemon state pointer, which is then used by the module using an audit_filter_{get,set}cookie() API. This will allow future service APIs provided by the filter daemon to maintain their own state -- for example, per-module preselection state. OpenBSM 1.0 alpha 8 - Correct typo in definition of AUR_INT. - Adopt OpenSolaris constant values for AUDIT_* configuration flags. - Arguments to au_to_exec_args() and au_to_exec_env() no longer const. - Add kernel versions of au_to_exec_args() and au_to_exec_env(). - Fix exec argument type that is printed for env strings from 'arg' to 'env'. - New OpenBSM token version number assigned, constants added for other commonly seen version numbers. - OpenBSM-specific events assigned numbers in the 43xxx range to avoid future collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they are now deprecated numberings. - autoconf now detects clock_gettime(), which is not available on Darwin. - praudit output fixes relating to arg32 and arg64 tokens. - Maximum record size updated to 64k-1 to match Solaris record size limit. - Various style and comment cleanups in include files. This is an MFC candidate to RELENG_6. Obtained from: TrustedBSD Project Status: Vendor Tag: TrustedBSD Release Tags: OPENBSM_1_0_ALPHA_9 U src/contrib/openbsm/HISTORY U src/contrib/openbsm/LICENSE U src/contrib/openbsm/Makefile.am U src/contrib/openbsm/Makefile.in U src/contrib/openbsm/README U src/contrib/openbsm/TODO U src/contrib/openbsm/VERSION U src/contrib/openbsm/aclocal.m4 U src/contrib/openbsm/autogen.sh U src/contrib/openbsm/configure U src/contrib/openbsm/configure.ac U src/contrib/openbsm/bin/Makefile.am U src/contrib/openbsm/bin/Makefile.in U src/contrib/openbsm/bin/audit/Makefile.am U src/contrib/openbsm/bin/audit/Makefile.in U src/contrib/openbsm/bin/audit/audit.8 U src/contrib/openbsm/bin/audit/audit.c U src/contrib/openbsm/bin/auditd/Makefile.am U src/contrib/openbsm/bin/auditd/Makefile.in U src/contrib/openbsm/bin/auditd/audit_warn.c U src/contrib/openbsm/bin/auditd/auditd.8 U src/contrib/openbsm/bin/auditd/auditd.c U src/contrib/openbsm/bin/auditd/auditd.h U src/contrib/openbsm/bin/auditfilterd/Makefile.am U src/contrib/openbsm/bin/auditfilterd/Makefile.in U src/contrib/openbsm/bin/auditfilterd/auditfilterd.8 U src/contrib/openbsm/bin/auditfilterd/auditfilterd.c U src/contrib/openbsm/bin/auditfilterd/auditfilterd.h U src/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c U src/contrib/openbsm/bin/auditreduce/Makefile.am U src/contrib/openbsm/bin/auditreduce/Makefile.in U src/contrib/openbsm/bin/auditreduce/auditreduce.1 U src/contrib/openbsm/bin/auditreduce/auditreduce.c U src/contrib/openbsm/bin/auditreduce/auditreduce.h U src/contrib/openbsm/bin/praudit/Makefile.am U src/contrib/openbsm/bin/praudit/Makefile.in U src/contrib/openbsm/bin/praudit/praudit.1 U src/contrib/openbsm/bin/praudit/praudit.c U src/contrib/openbsm/bsm/Makefile.am U src/contrib/openbsm/bsm/Makefile.in U src/contrib/openbsm/bsm/audit.h U src/contrib/openbsm/bsm/audit_filter.h U src/contrib/openbsm/bsm/audit_internal.h U src/contrib/openbsm/bsm/audit_kevents.h U src/contrib/openbsm/bsm/audit_record.h U src/contrib/openbsm/bsm/audit_uevents.h U src/contrib/openbsm/bsm/libbsm.h U src/contrib/openbsm/compat/endian.h U src/contrib/openbsm/compat/queue.h U src/contrib/openbsm/config/config.guess U src/contrib/openbsm/config/config.h.in U src/contrib/openbsm/config/config.sub U src/contrib/openbsm/config/depcomp U src/contrib/openbsm/config/install-sh U src/contrib/openbsm/config/ltmain.sh U src/contrib/openbsm/config/missing U src/contrib/openbsm/etc/audit_class U src/contrib/openbsm/etc/audit_control C src/contrib/openbsm/etc/audit_event U src/contrib/openbsm/etc/audit_filter U src/contrib/openbsm/etc/audit_user U src/contrib/openbsm/etc/audit_warn U src/contrib/openbsm/libbsm/Makefile.am U src/contrib/openbsm/libbsm/Makefile.in U src/contrib/openbsm/libbsm/au_class.3 U src/contrib/openbsm/libbsm/au_control.3 U src/contrib/openbsm/libbsm/au_event.3 U src/contrib/openbsm/libbsm/au_free_token.3 U src/contrib/openbsm/libbsm/au_io.3 U src/contrib/openbsm/libbsm/au_mask.3 U src/contrib/openbsm/libbsm/au_open.3 U src/contrib/openbsm/libbsm/au_token.3 U src/contrib/openbsm/libbsm/au_user.3 U src/contrib/openbsm/libbsm/audit_submit.3 U src/contrib/openbsm/libbsm/bsm_audit.c U src/contrib/openbsm/libbsm/bsm_class.c U src/contrib/openbsm/libbsm/bsm_control.c U src/contrib/openbsm/libbsm/bsm_event.c U src/contrib/openbsm/libbsm/bsm_flags.c U src/contrib/openbsm/libbsm/bsm_io.c U src/contrib/openbsm/libbsm/bsm_mask.c U src/contrib/openbsm/libbsm/bsm_notify.c U src/contrib/openbsm/libbsm/bsm_token.c U src/contrib/openbsm/libbsm/bsm_user.c U src/contrib/openbsm/libbsm/libbsm.3 U src/contrib/openbsm/libbsm/bsm_wrappers.c U src/contrib/openbsm/man/Makefile.am U src/contrib/openbsm/man/Makefile.in U src/contrib/openbsm/man/audit.2 U src/contrib/openbsm/man/audit.log.5 U src/contrib/openbsm/man/audit_class.5 U src/contrib/openbsm/man/audit_control.5 U src/contrib/openbsm/man/audit_event.5 U src/contrib/openbsm/man/audit_user.5 U src/contrib/openbsm/man/audit_warn.5 U src/contrib/openbsm/man/auditctl.2 U src/contrib/openbsm/man/auditon.2 U src/contrib/openbsm/man/getaudit.2 U src/contrib/openbsm/man/getauid.2 U src/contrib/openbsm/man/setaudit.2 U src/contrib/openbsm/man/setauid.2 U src/contrib/openbsm/modules/Makefile.am U src/contrib/openbsm/modules/Makefile.in U src/contrib/openbsm/modules/auditfilter_noop/Makefile.am U src/contrib/openbsm/modules/auditfilter_noop/Makefile.in U src/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c U src/contrib/openbsm/test/Makefile.am U src/contrib/openbsm/test/Makefile.in U src/contrib/openbsm/test/bsm/Makefile.am U src/contrib/openbsm/test/bsm/Makefile.in U src/contrib/openbsm/test/bsm/generate.c U src/contrib/openbsm/tools/Makefile.am U src/contrib/openbsm/tools/Makefile.in U src/contrib/openbsm/tools/audump.c 1 conflicts created by this import. Use the following command to help the merge: cvs checkout -jTrustedBSD:yesterday -jTrustedBSD src/contrib/openbsm From owner-trustedbsd-audit@FreeBSD.ORG Sat Sep 2 10:42:21 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85BC416A4E0; Sat, 2 Sep 2006 10:42:21 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2CD5C43D49; Sat, 2 Sep 2006 10:42:21 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id CBCE846DC6; Sat, 2 Sep 2006 06:42:20 -0400 (EDT) Date: Sat, 2 Sep 2006 11:42:20 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: stable@FreeBSD.org In-Reply-To: <20060816120709.N45647@fledge.watson.org> Message-ID: <20060902113521.P84468@fledge.watson.org> References: <20060816120709.N45647@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@TrustedBSD.org, freebsd-security@FreeBSD.org Subject: Re: Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Sep 2006 10:42:21 -0000 On Wed, 16 Aug 2006, Robert Watson wrote: > Dear 6-STABLE users, > > In the next 2-3 weeks, I plan to MFC support for CAPP security eventing > auditing from 7-CURRENT to 6-STABLE. The implementation has been running > quite nicely in -CURRENT for several months. Right now, I'm just waiting on > a confirmation from Sun regarding formal allocation of a BSM header version > number so as to avoid accidental version number conflicts in the future, > which I hope to get this week, as well as a bug fix in the handling of > per-pipe preselection, which Christian Peron is currently working on. The > audit implementation will be considered an experimental feature in > 6.2-RELEASE, but in practice runs quite well, so is ready for more > wide-spread deployment. Dear 6-STABLE users, After a couple of weeks of settling, polishing, etc, the MFC of audit support is about to begin. Over the next couple of days, the 6-STABLE build may be briefly broken as inter-dependent components are merged. I do not anticipate any serious disruption, but some caution is called for. In principle, all the potentially tricky kernel ABI dependencies, etc, were dealt with before 6.0-RELEASE, such as changes in the size of the kernel system call data structures. The approximate merge plan, run by re@ a few days ago, is as follows: - Merge OpenBSM contrib subtree detached from build. - Merge kernel trees (src/sys/bsm, src/sys/security/audit), attach to build. - Merge kernel audit event hooks across the kernel. In principle, we've reserved space in the syscall table, etc, so that there is no disruptive kernel ABI change for critical data structures. - Merge OpenBSM library and command line tools build, as well as install of /etc/security, /etc/rc.d files. - Merge kernel man pages (src/share/man/man4/audit*). - Merge user space tool changes, such as to login, sshd, su, etc, so that events are audited. - Loose ends, such as make.conf man page, etc. - Update Handbook to indicate that Audit applies to 6.x and 7.x. I will send out a status e-mail once the merge is completed, and send out a notice if any problems are encountered. If you experience any problems, especially problems not related to the build (which will likely get picked up and fixed quickly, if they occur), please let me know. I'm especially interested in any issues relating to changes in ability to log in, programs exiting due to using unrecognized system calls (SIGSYS), etc. As I said above, these sorts of problems are unlikely to occur, but if they do occur, I'd like to fix them as quickly as possible. I would like to have the merge largely done by 4 September 2006, although it's possible a few straggling tweaks will come in after that. Thanks, Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Sat Sep 9 10:19:22 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFB1516A403; Sat, 9 Sep 2006 10:19:22 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5166043D58; Sat, 9 Sep 2006 10:19:22 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 4121A46CF8; Sat, 9 Sep 2006 06:19:21 -0400 (EDT) Date: Sat, 9 Sep 2006 11:19:21 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: stable@FreeBSD.org In-Reply-To: <20060902113521.P84468@fledge.watson.org> Message-ID: <20060909111657.F76453@fledge.watson.org> References: <20060816120709.N45647@fledge.watson.org> <20060902113521.P84468@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@TrustedBSD.org, freebsd-security@FreeBSD.org Subject: Re: Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Sep 2006 10:19:23 -0000 On Sat, 2 Sep 2006, Robert Watson wrote: > After a couple of weeks of settling, polishing, etc, the MFC of audit > support is about to begin. Over the next couple of days, the 6-STABLE build > may be briefly broken as inter-dependent components are merged. I do not > anticipate any serious disruption, but some caution is called for. In > principle, all the potentially tricky kernel ABI dependencies, etc, were > dealt with before 6.0-RELEASE, such as changes in the size of the kernel > system call data structures. The approximate merge plan, run by re@ a few > days ago, is as follows: Just as a status update -- the vast majority of audit code has now been MFC'd to -STABLE. There are a few areas where the merge is not yet complete -- primarily as relates to non-native/emulated/compatibility system calls, and non-i386/amd64 system calls. I anticipate these being merged in the near future. We've also seen a number of problem reports relating to starting the auditd daemon, a problem not seen during testing on -CURRENT, so we're working on debugging that, and we've found some bugs in audit log rotation. I'm currently travelling for a few days, but will follow up when I get back to the UK on Tuesday on where things stand, and what (if any) further changes are in the pipeline. Once these problems are fixed, it sounds like we're well on track to ship with audit as a 6.2 (experimental) feature. thanks, Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Wed Sep 20 16:00:53 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D98B16A403 for ; Wed, 20 Sep 2006 16:00:53 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2B0B43D49 for ; Wed, 20 Sep 2006 16:00:52 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 29DA146D2C for ; Wed, 20 Sep 2006 12:00:51 -0400 (EDT) Date: Wed, 20 Sep 2006 17:00:51 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060920165423.C37863@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: OpenBSM 1.0 alpha 11 released X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2006 16:00:53 -0000 OpenBSM 1.0 alpha 11 is now up the web site, and is the first release after incorporation into the FreeBSD 6-STABLE tree. It incorporates a number of bug fixes and enhancements resulting from use by 6-STABLE users. The download can be found at: http://www.TrustedBSD.org/openbsm.html Change notes from OpenBSM 1.0 alpha 10 below. I'll be incorporating this drop into FreeBSD 7-CURRENT today, and 6-STABLE a few days later for inclusion in 6.2-BETA2. Robert N M Watson Computer Laboratory University of Cambridge OpenBSM 1.0 alpha 11 - Reclassify certain read/write operations as having no class rather than the fr/fw class; our default classes audit intent (open) not operations (read, write). - Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads and writes of sysctls as separate events. Add additional kernel environment and jail events for FreeBSD. - Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued by the kernel audit implementation) so that they can be distinguished. - Disable rate limiting of rotate requests; as the kernel doesn't retransmit a dropped request, the log file will otherwise grow indefinitely if the trigger is dropped. - Improve auditd debugging output. - Fix a number of threading related bugs in audit_control file reading routines. - Add APIs au_poltostr() and au_strtopol() to convert between text representations of audit_control policy flags and the flags passed to auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY). - Add API getacpol() to return the 'policy:' entry from audit_control, an extension to the Solaris file format to allow specification of policy persistent flags. - Update audump to print the audit_control policy field. - Update auditd to read the audit_control policy field and set the kernel policy to match it when configuring/reconfiguring. Remove the -s and -h arguments as these policies are now set via the configuration file. If a policy line is not found in the configuration file, continue with the current default of setting AUDIT_CNT. - Fix bugs in the parsing of large execve(2) arguments and environmental variable tokens; increase maximum parsed argument and variable count. - configure now detects strlcat(), used by policy-related functions. - Reference token and record sample files added to test tree. From owner-trustedbsd-audit@FreeBSD.ORG Thu Sep 21 07:55:01 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD1B416A403; Thu, 21 Sep 2006 07:55:01 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5576243D53; Thu, 21 Sep 2006 07:55:01 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id E0ACD46CAC; Thu, 21 Sep 2006 03:55:00 -0400 (EDT) Date: Thu, 21 Sep 2006 08:55:00 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Andrew Storms In-Reply-To: Message-ID: <20060921084320.N55647@fledge.watson.org> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: "freebsd-security@freebsd.org" , trustedbsd-audit@TrustedBSD.org Subject: Re: Status of MFC security event audit support in RELENG_6? X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2006 07:55:02 -0000 On Wed, 20 Sep 2006, Andrew Storms wrote: > A few weeks back Robert Watson announced the merge of these features from 7 > back into 6-STABLE. I hadn't seen any updates and was curious as to the > status. Us 6-STABLE users are curious to test it out. The MFC is largely complete, and we're now basically chasing and address bugs being reported by -CURRENT and -STABLE users of audit. BETA1 ships with audit support, but there are a few known issues with it: - The sparc64 BETA1 ISO doesn't include the auditctl(2) bugfix, so auditd cannot be started. amd64 and i386 both do include this fix so auditd should start properly. - User applications are unable to submit audit records due to a bug in uer record audit preselection. The fix has been tested and merged to RELENG_6, but didn't make the BETA1 cutoff. BETA2 will include the fix, and it's available if you update to the latest RELENG_6 also. - There are both kernel and praudit bugs relating to extremely large audit records generated by turning on argv or envv auditing with execve(1). These bugs have been fixed in -CURRENT but the fixes are not yet merged to RELENG_6. They will be merged in the next few days once they've settled a bit in HEAD. However, as the version of OpenBSM in RELENG_6 doesn't currently allow turning on the argv and envv auditing flag, this doesn't present an immediate problem for audit users in RELENG_6. Support for turning on argv/arge auditing via audit_control(5) will appear in the OpenBSM 1.0 alpha 11 MFC to RELENG_6 in a few days (prior to BETA2). - There are some known usability issues when the audit store partition becomes very full. In particular, you get a lot of kernel printfs, which can slow the system down a lot and could make the console unusable. Fixes for this are on my notebook, and will be merged to P4 and CVS HEAD shortly, with an MFC planned before BETA2. Basically, these changes rate limit warning messages and are a bit more careful to avoid hitting out of space errors. Bug fixes to improve auditd's handling of low space conditions and triggers are in HEAD and will be MFC'd with OpenBSM 1.0 alpha 11. - 32-bit compatibility system calls on amd64 are not currently audited, as with emulated Linux system calls in RELENG_6. I'm working on the MFC patch for this currently, so hope to get the compat32 auditing merged in the next day or so (once approved by re@). Testing and feedback would be extremely welcome. While the above list of RELENG_6 problems is non-trivial, the code currently in RELENG_6 is quite functional, and I've deployed it on several servers, as have a number of other developers and end-users. Another thing that needs to happen before the release is that the Handbook chapter needs to be reviewed and updated. In particular, we've added the policy: line to audit_control(5) since it was written, and since this is quite useful/important, an update is required for that. Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Mon Sep 25 09:43:12 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0C9916A403 for ; Mon, 25 Sep 2006 09:43:12 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E2C643D72 for ; Mon, 25 Sep 2006 09:43:07 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id DCEDD46CB9 for ; Mon, 25 Sep 2006 05:43:06 -0400 (EDT) Date: Mon, 25 Sep 2006 10:43:06 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060925104148.U42437@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: OpenBSM 1.0 alpha 12 released X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Sep 2006 09:43:12 -0000 OpenBSM 1.0 alpha 12 is now up the web site, and will be the second release after incorporated into the FreeBSD 6-STABLE tree. It incorporates a number of bug fixes and enhancements resulting from use by 6-STABLE users. The download can be found at: http://www.TrustedBSD.org/openbsm.html Change notes from OpenBSM 1.0 alpha 11 below. I'll be incorporating this drop into FreeBSD 7-CURRENT today, and 6-STABLE a few days later for inclusion in 6.2-BETA2 (skipping alpha 11, since this supercedes it). Robert N M Watson Computer Laboratory University of Cambridge OpenBSM 1.0 alpha 12 - Correct bug in auditreduce which prevented the -c option from working correctly when the user specifies to process successful or failed events. The problem stemmed from not having access to the return token at the time the initial preselection occurred, but now a second preselection process occurs while processing the return token. - getacfilesz(3) API added to read new audit_control(5) filesz setting, which auditd(8) now sets the kernel audit trail rotation size to. - auditreduce(1) now uses stdin if no file names are specified on the command line; this was the documented behavior previously, but it was not implemented. Be more specific in auditreduce(1)'s examples section about what might be done with the output of auditreduce. - Add audit_warn(5) closefile event so that administrators can hook termination of an audit trail file. For example, this might be used to compress the trail file after it is closed. - auditreduce(1) now uses regular expressions for pathname matching. Users can now supply one or more (comma delimited) regular expressions for searching the pathnames. If one of the regular expressions is prefixed with a tilde (~), and a path matches, it will be excluded from the search results. From owner-trustedbsd-audit@FreeBSD.ORG Fri Sep 29 05:16:45 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1580416A407 for ; Fri, 29 Sep 2006 05:16:45 +0000 (UTC) (envelope-from tyler@bleepsoft.com) Received: from zeus.lunarpages.com (zeus.lunarpages.com [216.193.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D92743D46 for ; Fri, 29 Sep 2006 05:16:44 +0000 (GMT) (envelope-from tyler@bleepsoft.com) Received: from cpe-24-26-238-91.satx.res.rr.com ([24.26.238.91] helo=[192.168.250.100]) by zeus.lunarpages.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.52) id 1GTAkQ-0002Bb-F5; Thu, 28 Sep 2006 22:17:18 -0700 In-Reply-To: <9DDE008A-5B91-4DA0-A55B-E4AA7E4A3369@free.fr> References: <9DDE008A-5B91-4DA0-A55B-E4AA7E4A3369@free.fr> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: "R. Tyler Ballance" Date: Fri, 29 Sep 2006 00:16:27 -0500 To: "benjamin.morin" X-Pgp-Agent: GPGMail 1.1.2 (Tiger) X-Mailer: Apple Mail (2.752.2) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - zeus.lunarpages.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - bleepsoft.com X-Source: X-Source-Args: X-Source-Dir: Cc: trustedbsd-audit@FreeBSD.org Subject: Re: BSM audit on Mac OS X X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2006 05:16:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sep 27, 2006, at 1:22 PM, benjamin.morin wrote: > Hi, > > I would be interested in monitoring system calls on Mac OS X (for > intrusion detection purpose). > > I have tried to compile trustedbsd-audit (package openbsm-1.0- > alpha12.tgz) on a mac mini (Mac OS 10.4.7, powerpc-apple-darwin8- > gcc-4.0.0 (GCC) 4.0.0 20041026 (Apple Computer, Inc. build 4061)). > > The compilation fails with the following message : > > auditfilterd.c: In function 'mainloop_file': > auditfilterd.c:200: error: 'CLOCK_REALTIME' undeclared (first use > in this function) > auditfilterd.c:200: error: (Each undeclared identifier is reported > only once > auditfilterd.c:200: error: for each function it appears in.) > auditfilterd.c: In function 'mainloop_pipe': > auditfilterd.c:250: error: 'CLOCK_REALTIME' undeclared (first use > in this function) > make[2]: *** [auditfilterd.o] Error 1 > make[1]: *** [all-recursive] Error 1 > make: *** [all-recursive] Error 1 > > Is this "normal"? > > Thanks for any help, Heh, this was one of the first things I hit when I was starting to work on openbsm/Darwin, the FreeBSD kernel has a few different options for fetching the time from the kernel, but Xnu doesn't, so the quickest solution IMHO was just to call out to the standard libc, and form a response that auditfilterd.c wants, I've not tested, but it compiles, and that's all that's really important anyways right? ;) My solution was to add a header compat/kernel_time.h ( http:// perforce.freebsd.org/fileViewer.cgi?FSPC=//depot/user/tyler/openbsm/ compat/kernel%5ftime.h&REV=3 ) and then include that in auditfilterd.c It *should* work, but I can't do much testing on my single intel iMac for openbsm and auditing at the moment because I'm busy with contracts and I'm scared to hose my work computer ;) Cheers, - -R. Tyler Ballance p.s. just CC'ing this to the list just for grins :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFFHKwtqO6nEJfroRsRAqMaAJ9i78dA9F8u1IZAV7jSiYDhLSyMngCcDZXW 8jLjIZXqAiq7pLDiMcyPUro= =6j4a -----END PGP SIGNATURE----- From owner-trustedbsd-audit@FreeBSD.ORG Fri Sep 29 14:35:31 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 658A716A412 for ; Fri, 29 Sep 2006 14:35:31 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15C8D43D4C for ; Fri, 29 Sep 2006 14:35:31 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 9144D46C98; Fri, 29 Sep 2006 10:35:30 -0400 (EDT) Date: Fri, 29 Sep 2006 15:35:30 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: "R. Tyler Ballance" In-Reply-To: Message-ID: <20060929153340.Y74256@fledge.watson.org> References: <9DDE008A-5B91-4DA0-A55B-E4AA7E4A3369@free.fr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org, "benjamin.morin" Subject: Re: BSM audit on Mac OS X X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2006 14:35:31 -0000 On Fri, 29 Sep 2006, R. Tyler Ballance wrote: > Heh, this was one of the first things I hit when I was starting to work on > openbsm/Darwin, the FreeBSD kernel has a few different options for fetching > the time from the kernel, but Xnu doesn't, so the quickest solution IMHO was > just to call out to the standard libc, and form a response that > auditfilterd.c wants, I've not tested, but it compiles, and that's all > that's really important anyways right? ;) > > My solution was to add a header compat/kernel_time.h ( > http://perforce.freebsd.org/fileViewer.cgi?FSPC=//depot/user/tyler/openbsm/compat/kernel%5ftime.h&REV=3 > ) and then include that in auditfilterd.c > > It *should* work, but I can't do much testing on my single intel iMac for > openbsm and auditing at the moment because I'm busy with contracts and I'm > scared to hose my work computer ;) The fix for this will appear in OpenBSM 1.0 alpha 13, and is in Perforce, but is not yet released. I don't currently have an ETA on that, since I'm focusing on getting alpha 12 into FreeBSD's 6-STABLE tree today so that it will appear in BETA2. If it's useful, we can cut an alpha 13 next week so that there's a baseline that builds on Mac OS X on the web site. Since Christian has some works in progress, I am hoping to defer the release until those issues are resolved (relating to IPv6 address auditing). Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Sat Sep 30 00:01:17 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BC5316A40F; Sat, 30 Sep 2006 00:01:17 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91F2D43D78; Sat, 30 Sep 2006 00:01:09 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id A99C446CDC; Fri, 29 Sep 2006 20:01:08 -0400 (EDT) Date: Sat, 30 Sep 2006 01:01:08 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: freebsd-stable@FreeBSD.org Message-ID: <20060930005644.R76119@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@TrustedBSD.org Subject: OpenBSM 1.0 alpha 12 MFC to FreeBSD RELENG_6 done X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Sep 2006 00:01:17 -0000 FYI, I have just completed the merge of the OpenBSM 1.0 alpha 12 release to RELENG_6. This is very likely the version of OpenBSM that will ship in 6.2-RELEASE. Most of the changes are bug fixes based on the feedback from users (thanks!), but there are a couple of minor features. The four important ones are: - extensions to the /etc/security/audit_control file format to allow specification of policy flags persistently there (such as the argv and envv flags, which control the level of auditing for execve(2) events), - the filesz paramater, which controls automated rotation of the audit log based on file size, and - A tweak to the audit_user(5) invocation event set to include an event for audit log rotate. This makes it easy to do things like configure automatic compression of archiving of terminated trails, etc. - auditreduce can now filter paths using regular expressions, not just simple string matching. Please report any bugs/problems. The above/below changes will appear in 6.2-BETA2, and should already be available via cvsup. Thanks, Robert N M Watson Computer Laboratory University of Cambridge ---------- Forwarded message ---------- Date: Fri, 29 Sep 2006 22:41:55 +0000 (UTC) From: Robert Watson To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/openbsm HISTORY TODO VERSION configure configure.ac src/contrib/openbsm/bin/audit audit.c src/contrib/openbsm/bin/auditd audit_warn.c auditd.8 auditd.c auditd.h src/contrib/openbsm/bin/auditreduce auditreduce.1 ... rwatson 2006-09-29 22:41:55 UTC FreeBSD src repository Modified files: (Branch: RELENG_6) contrib/openbsm HISTORY TODO VERSION configure configure.ac contrib/openbsm/bin/audit audit.c contrib/openbsm/bin/auditd audit_warn.c auditd.8 auditd.c auditd.h contrib/openbsm/bin/auditreduce auditreduce.1 auditreduce.c auditreduce.h contrib/openbsm/bsm libbsm.h contrib/openbsm/config config.h config.h.in contrib/openbsm/etc audit_control audit_event contrib/openbsm/libbsm au_control.3 au_open.3 bsm_control.c bsm_io.c bsm_token.c libbsm.3 contrib/openbsm/man audit_control.5 auditon.2 contrib/openbsm/tools audump.c Added files: (Branch: RELENG_6) contrib/openbsm/compat strlcat.h contrib/openbsm/test/reference arg32_record arg32_token data_record data_token file_record file_token header32_token in_addr_record in_addr_token ip_record ip_token ipc_record ipc_token iport_record iport_token opaque_record opaque_token path_record path_token process32_record process32_token process32ex_record process32ex_token return32_record return32_token seq_record seq_token subject32_record subject32_token subject32ex_record subject32ex_token-IPv4 subject32ex_token-IPv6 text_record text_token trailer_token contrib/openbsm/test/samples execve-long-args.trail Log: Merge OpenBSM 1.0 alpha 12 from HEAD to RELENG_6, which includes a broad range of bug fixes made as a result of reports on 6.x, as well as some minor enhancements: OpenBSM 1.0 alpha 12 - Correct bug in auditreduce which prevented the -c option from working correctly when the user specifies to process successful or failed events. The problem stemmed from not having access to the return token at the time the initial preselection occurred, but now a second preselection process occurs while processing the return token. - getacfilesz(3) API added to read new audit_control(5) filesz setting, which auditd(8) now sets the kernel audit trail rotation size to. - auditreduce(1) now uses stdin if no file names are specified on the command line; this was the documented behavior previously, but it was not implemented. Be more specific in auditreduce(1)'s examples section about what might be done with the output of auditreduce. - Add audit_warn(5) closefile event so that administrators can hook termination of an audit trail file. For example, this might be used to compress the trail file after it is closed. - auditreduce(1) now uses regular expressions for pathname matching. Users can now supply one or more (comma delimited) regular expressions for searching the pathnames. If one of the regular expressions is prefixed with a tilde (~), and a path matches, it will be excluded from the search results. OpenBSM 1.0 alpha 11 - Reclassify certain read/write operations as having no class rather than the fr/fw class; our default classes audit intent (open) not operations (read, write). - Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads and writes of sysctls as separate events. Add additional kernel environment and jail events for FreeBSD. - Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued by the kernel audit implementation) so that they can be distinguished. - Disable rate limiting of rotate requests; as the kernel doesn't retransmit a dropped request, the log file will otherwise grow indefinitely if the trigger is dropped. - Improve auditd debugging output. - Fix a number of threading related bugs in audit_control file reading routines. - Add APIs au_poltostr() and au_strtopol() to convert between text representations of audit_control policy flags and the flags passed to auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY). - Add API getacpol() to return the 'policy:' entry from audit_control, an extension to the Solaris file format to allow specification of policy persistent flags. - Update audump to print the audit_control policy field. - Update auditd to read the audit_control policy field and set the kernel policy to match it when configuring/reconfiguring. Remove the -s and -h arguments as these policies are now set via the configuration file. If a policy line is not found in the configuration file, continue with the current default of setting AUDIT_CNT. - Fix bugs in the parsing of large execve(2) arguments and environmental variable tokens; increase maximum parsed argument and variable count. - configure now detects strlcat(), used by policy-related functions. - Reference token and record sample files added to test tree. Approved by: re (kensmith) Revision Changes Path 1.1.1.5.2.2 +56 -1 src/contrib/openbsm/HISTORY 1.1.1.3.2.2 +3 -1 src/contrib/openbsm/TODO 1.1.1.6.2.2 +1 -1 src/contrib/openbsm/VERSION 1.1.1.4.2.2 +2 -2 src/contrib/openbsm/bin/audit/audit.c 1.1.1.2.2.2 +16 -1 src/contrib/openbsm/bin/auditd/audit_warn.c 1.1.1.2.2.2 +14 -8 src/contrib/openbsm/bin/auditd/auditd.8 1.1.1.7.2.2 +101 -42 src/contrib/openbsm/bin/auditd/auditd.c 1.1.1.2.2.2 +4 -2 src/contrib/openbsm/bin/auditd/auditd.h 1.1.1.3.2.2 +36 -7 src/contrib/openbsm/bin/auditreduce/auditreduce.1 1.1.1.3.2.2 +103 -17 src/contrib/openbsm/bin/auditreduce/auditreduce.c 1.1.1.1.2.2 +8 -1 src/contrib/openbsm/bin/auditreduce/auditreduce.h 1.1.1.6.2.2 +22 -7 src/contrib/openbsm/bsm/libbsm.h 1.1.1.1.2.1 +66 -0 src/contrib/openbsm/compat/strlcat.h (new) 1.3.2.2 +7 -4 src/contrib/openbsm/config/config.h 1.1.1.3.2.2 +3 -0 src/contrib/openbsm/config/config.h.in 1.1.1.5.2.2 +13 -12 src/contrib/openbsm/configure 1.1.1.5.2.2 +3 -3 src/contrib/openbsm/configure.ac 1.2.2.2 +4 -2 src/contrib/openbsm/etc/audit_control 1.4.2.2 +14 -7 src/contrib/openbsm/etc/audit_event 1.1.1.2.2.2 +47 -4 src/contrib/openbsm/libbsm/au_control.3 1.1.1.1.2.2 +6 -4 src/contrib/openbsm/libbsm/au_open.3 1.1.1.1.2.2 +310 -69 src/contrib/openbsm/libbsm/bsm_control.c 1.1.1.4.2.2 +10 -4 src/contrib/openbsm/libbsm/bsm_io.c 1.1.1.7.2.2 +1 -2 src/contrib/openbsm/libbsm/bsm_token.c 1.1.1.3.2.2 +12 -4 src/contrib/openbsm/libbsm/libbsm.3 1.1.1.2.2.2 +69 -2 src/contrib/openbsm/man/audit_control.5 1.1.1.2.2.2 +2 -2 src/contrib/openbsm/man/auditon.2 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/arg32_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/arg32_token (new) 1.1.1.1.2.1 +3 -0 src/contrib/openbsm/test/reference/data_record (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/data_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/file_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/file_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/header32_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/in_addr_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/in_addr_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/ip_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/ip_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/ipc_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/ipc_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/iport_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/iport_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/opaque_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/opaque_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/path_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/path_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/process32_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/process32_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/process32ex_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/process32ex_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/return32_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/return32_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/seq_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/seq_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/subject32_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/subject32_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/subject32ex_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/subject32ex_token-IPv4 (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/subject32ex_token-IPv6 (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/reference/text_record (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/text_token (new) 1.1.1.1.2.1 +1 -0 src/contrib/openbsm/test/reference/trailer_token (new) 1.1.1.1.2.1 +2 -0 src/contrib/openbsm/test/samples/execve-long-args.trail (new) 1.1.1.2.2.2 +13 -3 src/contrib/openbsm/tools/audump.c From owner-trustedbsd-audit@FreeBSD.ORG Mon Oct 2 10:38:56 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63E9B16A403; Mon, 2 Oct 2006 10:38:56 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C85E43D4C; Mon, 2 Oct 2006 10:38:55 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 4611546CA0; Mon, 2 Oct 2006 06:38:55 -0400 (EDT) Date: Mon, 2 Oct 2006 11:38:55 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20061002113239.P1763@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@FreeBSD.org Subject: Audit handbook chapter review, call for general testing X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 10:38:56 -0000 Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested in Audit to read the handbook chapter and give Audit a try. And then, of course, send feedback to the TrustedBSD audit mailing list with all the bugs and problems you find :-). This will give us time to shake out these bugs, further enhance the documentation, etc, before BETA3 in a week or so, and ideally chase out any remaining significant bugs over the next month before the release. You can find the handbook chapter here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html The man pages installed as part of recent RELENG_6 and 6.2-BETA2 are also pretty complete, and include more detailed reference information. The audit(4) man page has a good set of cross-references to various commands (audit(8), auditd(8), praudit(8), auditreduce(8)), as well as the audit configuration files (audit_control(5), audit_user(5), etc). Remember that audit support in 6.2-RELEASE will be considered experimental, and has a number of known limitations (such as not fully auditing all non-native FreeBSD system call interfaces, and not auditing all userland administrative events of interest), but it should be useful and usable enough to run on many production systems and contribute to system security. Thanks, Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Mon Oct 2 11:15:56 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA40D16A415 for ; Mon, 2 Oct 2006 11:15:56 +0000 (UTC) (envelope-from artifact.one@googlemail.com) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF63543D58 for ; Mon, 2 Oct 2006 11:15:55 +0000 (GMT) (envelope-from artifact.one@googlemail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.233]) by cyrus.watson.org (Postfix) with ESMTP id E8D9A46C7D for ; Mon, 2 Oct 2006 07:15:52 -0400 (EDT) Received: by wx-out-0506.google.com with SMTP id h27so1652721wxd for ; Mon, 02 Oct 2006 04:15:44 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=BSLAVzKAxDqpIvB2WuX8c+tRiu2JhhkbeLNqBTZgc8EPDaINnos846WsmhgSfWxwzaACR46nbZceFVU0d9WZTEX61XcCHB0aD4W6yfZ/Jyqsnnq2+v3XFIZJeVd4ksSgNtlm6iWb7SI8F/z+xycg9+oEzwO1t2mb/pG7msPH270= Received: by 10.90.118.10 with SMTP id q10mr2549895agc; Mon, 02 Oct 2006 04:15:44 -0700 (PDT) Received: by 10.90.119.2 with HTTP; Mon, 2 Oct 2006 04:15:44 -0700 (PDT) Message-ID: <8e96a0b90610020415s2443d061lc85876e5470aefcd@mail.gmail.com> Date: Mon, 2 Oct 2006 12:15:44 +0100 From: "mal content" To: "Robert Watson" In-Reply-To: <20061002113239.P1763@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20061002113239.P1763@fledge.watson.org> X-Mailman-Approved-At: Mon, 02 Oct 2006 11:24:36 +0000 Cc: trustedbsd-audit@trustedbsd.org Subject: Re: Audit handbook chapter review, call for general testing X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 11:15:56 -0000 On 02/10/06, Robert Watson wrote: > > Dear All, > > Over the past week or so, I have spent some time updating Tom Rhodes' > excellent FreeBSD Handbook chapter on Audit for some of the more recent audit > changes, Hello Robert, there's a typo on this page: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit-install.html "User space support for Event Auditing is installed as part of the base FreeBSD operating as of 6.2-RELEASE." Should obviously read: "User space support for Event Auditing is installed as part of the base FreeBSD operating system as of 6.2-RELEASE." MC From owner-trustedbsd-audit@FreeBSD.ORG Mon Oct 2 13:44:32 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8ADFB16A407 for ; Mon, 2 Oct 2006 13:44:32 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A50C43D46 for ; Mon, 2 Oct 2006 13:44:32 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 111EC46CCD; Mon, 2 Oct 2006 09:44:31 -0400 (EDT) Date: Mon, 2 Oct 2006 14:44:30 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: mal content In-Reply-To: <8e96a0b90610020415s2443d061lc85876e5470aefcd@mail.gmail.com> Message-ID: <20061002144415.A10704@fledge.watson.org> References: <20061002113239.P1763@fledge.watson.org> <8e96a0b90610020415s2443d061lc85876e5470aefcd@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@trustedbsd.org Subject: Re: Audit handbook chapter review, call for general testing X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 13:44:32 -0000 On Mon, 2 Oct 2006, mal content wrote: > On 02/10/06, Robert Watson wrote: >> >> Over the past week or so, I have spent some time updating Tom Rhodes' >> excellent FreeBSD Handbook chapter on Audit for some of the more recent >> audit changes, > > Hello Robert, there's a typo on this page: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit-install.html > > "User space support for Event Auditing is installed as part of the base > FreeBSD operating as of 6.2-RELEASE." > > Should obviously read: > > "User space support for Event Auditing is installed as part of the base > FreeBSD operating system as of 6.2-RELEASE." Fixed, thanks! Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Thu Oct 12 03:00:56 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C66416A416 for ; Thu, 12 Oct 2006 03:00:56 +0000 (UTC) (envelope-from nocooling@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A20D43D4C for ; Thu, 12 Oct 2006 03:00:55 +0000 (GMT) (envelope-from nocooling@gmail.com) Received: by wx-out-0506.google.com with SMTP id i27so404692wxd for ; Wed, 11 Oct 2006 20:00:55 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=WXnKLnKhPdxVBrYIaxHaMgftSCLmexr231/jhFDbucgchVgzhH1dMdGZR/3eRvOMU7Pw1A4s6e4yRHtwdGqnyv/taaYTiw3IYEquJdHUa8ME+g3DBmVrDbtwbzYLy8bN8Ibi7loVT9CgoNVSuK64Xuth+BdSLgQYBj3pOV78emQ= Received: by 10.90.52.18 with SMTP id z18mr965760agz; Wed, 11 Oct 2006 20:00:55 -0700 (PDT) Received: by 10.90.66.1 with HTTP; Wed, 11 Oct 2006 20:00:54 -0700 (PDT) Message-ID: <9d688f090610112000n696e0823nda21d80f4f1a2fee@mail.gmail.com> Date: Thu, 12 Oct 2006 11:00:55 +0800 From: "=?GB2312?B?1Pi6o8zO?=" To: trustedbsd-audit@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Audit handbook chapter review X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Oct 2006 03:00:56 -0000 Hello Robert: I found some confusion description in Chapter 16.4.1. According to the source codes of trustedbsd, you can find the symbol '^' do not just mean "Audit neither successful nor failed events in this class". Particularly in the config file, audit_user, you can find the symbol '^' can be use to restrict both always audit and never audit items. For example: www:no:+all,^+ad,^+lo This config item means that no special events should be always audit for www user, and we never care all success events for him, except the events belong to ad and lo class. So, at here ^+ad means to audit +ad events. I think it is more exactly to describe symbol '^' as counter or minus computation. (+all)-(+ad)-(+lo) From owner-trustedbsd-audit@FreeBSD.ORG Thu Oct 19 14:23:57 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 814C316A415 for ; Thu, 19 Oct 2006 14:23:57 +0000 (UTC) (envelope-from martin_voros@yahoo.com) Received: from web55515.mail.re4.yahoo.com (web55515.mail.re4.yahoo.com [206.190.58.224]) by mx1.FreeBSD.org (Postfix) with SMTP id 0A6EA43E27 for ; Thu, 19 Oct 2006 14:21:15 +0000 (GMT) (envelope-from martin_voros@yahoo.com) Received: (qmail 30661 invoked by uid 60001); 19 Oct 2006 14:21:14 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=KKH+SbWWht1JIEko/1/aoaNHAisau03kiBn60Qi2m3De7woLuAS5b+j4t8/x/n+jJg35Yfv9lbR9ZQAKtz/3f1/NLqq4W5+jtwKvpsVwzRMAKg+lC2yoWkgsbI4qQz+FrH84aTTeLEQVsFLYTUDdddv9bi+IA5/wu0Nb8OHIRa0= ; Message-ID: <20061019142114.30659.qmail@web55515.mail.re4.yahoo.com> Received: from [193.136.122.18] by web55515.mail.re4.yahoo.com via HTTP; Thu, 19 Oct 2006 07:21:14 PDT Date: Thu, 19 Oct 2006 07:21:14 -0700 (PDT) From: Martin Voros To: trustedbsd-audit@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="0-26714257-1161267674=:28910" Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Thu, 19 Oct 2006 23:42:55 +0000 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: praudit - xml output patches X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2006 14:23:57 -0000 --0-26714257-1161267674=:28910 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Hi all, finally I found some time and prepared patches which add XML output for OpenBSM praudit utility and improve audit.log.5 manual page. I made these patches against OpenBSM 1.0 alpha 12 release. Unfortunately, I can't test 64 bits tokens and also I couldn't test some other tokens so I call for testing. Of course all comments and suggestions are welcome. I also added some token descriptions to audit.log.5 manual page. Instructions: # cd DIR_WITH_OBSM_alpha12 # patch < xml.patch # patch < doc.patch Best regards MV --------------------------------- Get your email and more, right on the new Yahoo.com --0-26714257-1161267674=:28910 Content-Type: application/octet-stream; name="xml.patch" Content-Transfer-Encoding: base64 Content-Description: 2279654603-xml.patch Content-Disposition: attachment; filename="xml.patch" SW5kZXg6ICBiaW4vcHJhdWRpdC9wcmF1ZGl0LmMKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gYmluL3ByYXVkaXQvcHJhdWRpdC5jCVNhdCBTZXAgIDIg MTA6NDU6NTkgMjAwNgorKysgYmluL3ByYXVkaXQvcHJhdWRpdC5jCVdlZCBP Y3QgMTEgMTU6NTA6MjEgMjAwNgpAQCAtMzQsNyArMzQsNyBAQAogICovCiAK IC8qCi0gKiBwcmF1ZGl0IFstbHJzXSBbLWRkZWxdIFtmaWxlbmFtZXNdCisg KiBwcmF1ZGl0IFstbHJzeF0gWy1kZGVsXSBbZmlsZW5hbWVzXQogICovCiAK ICNpbmNsdWRlIDxic20vbGliYnNtLmg+CkBAIC01MSwxMiArNTEsMTMgQEAK IHN0YXRpYyBpbnQJIHJhdyA9IDA7CiBzdGF0aWMgaW50CSBzaG9ydGZybSA9 IDA7CiBzdGF0aWMgaW50CSBwYXJ0aWFsID0gMDsKK3N0YXRpYyBpbnQgCSB4 bWwgPSAwOwogCiBzdGF0aWMgdm9pZAogdXNhZ2UoKQogewogCi0JZnByaW50 ZihzdGRlcnIsICJVc2FnZTogcHJhdWRpdCBbLWxyc10gWy1kZGVsXSBbZmls ZW5hbWVzXVxuIik7CisJZnByaW50ZihzdGRlcnIsICJVc2FnZTogcHJhdWRp dCBbLWxyc3hdIFstZGRlbF0gW2ZpbGVuYW1lc11cbiIpOwogCWV4aXQoMSk7 CiB9CiAKQEAgLTg4LDcgKzg5LDcgQEAKIAkJCWlmICgtMSA9PSBhdV9mZXRj aF90b2soJnRvaywgYnVmICsgYnl0ZXNyZWFkLAogCQkJICAgIHJlY2xlbiAt IGJ5dGVzcmVhZCkpCiAJCQkJYnJlYWs7Ci0JCQlhdV9wcmludF90b2soc3Rk b3V0LCAmdG9rLCBkZWwsIHJhdywgc2hvcnRmcm0pOworCQkJYXVfcHJpbnRf dG9rKHN0ZG91dCwgJnRvaywgZGVsLCByYXcsIHNob3J0ZnJtLCB4bWwpOwog CQkJYnl0ZXNyZWFkICs9IHRvay5sZW47CiAJCQlpZiAob25lbGluZSkKIAkJ CQlwcmludGYoIiVzIiwgZGVsKTsKQEAgLTEwOSw3ICsxMTAsNyBAQAogCWlu dCBpOwogCUZJTEUgKmZwOwogCi0Jd2hpbGUgKChjaCA9IGdldG9wdChhcmdj LCBhcmd2LCAibHByc2Q6IikpICE9IC0xKSB7CisJd2hpbGUgKChjaCA9IGdl dG9wdChhcmdjLCBhcmd2LCAibHByc3hkOiIpKSAhPSAtMSkgewogCQlzd2l0 Y2goY2gpIHsKIAkJY2FzZSAnbCc6CiAJCQlvbmVsaW5lID0gMTsKQEAgLTEy Nyw2ICsxMjgsMTAgQEAKIAkJCXNob3J0ZnJtID0gMTsKIAkJCWJyZWFrOwog CisJCWNhc2UgJ3gnOgorCQkJeG1sID0gMTsKKwkJCWJyZWFrOworIAogCQlj YXNlICdkJzoKIAkJCWRlbCA9IG9wdGFyZzsKIAkJCWJyZWFrOwpAQCAtMTQx LDYgKzE0Niw5IEBACiAJCX0KIAl9CiAKKwlpZiAoeG1sKSAKKwkJcHJpbnRf eG1sX2hlYWRlcihzdGRvdXQpOworCiAJLyogRm9yIGVhY2ggb2YgdGhlIGZp bGVzIHBhc3NlZCBhcyBhcmd1bWVudHMgZHVtcCB0aGUgY29udGVudHMuICov CiAJaWYgKG9wdGluZCA9PSBhcmdjKSB7CiAJCXByaW50X3Rva2VucyhzdGRp bik7CkBAIC0xNTMsNSArMTYxLDkgQEAKIAkJaWYgKGZwICE9IE5VTEwpCiAJ CQlmY2xvc2UoZnApOwogCX0KKworCWlmICh4bWwpCisJCXByaW50X3htbF9m b290ZXIoc3Rkb3V0KTsKKwogCXJldHVybiAoMSk7CiB9CkluZGV4OiAgIGJz bS9saWJic20uaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBic20vbGli YnNtLmgJVHVlIE9jdCAgMyAxMToyODozMSAyMDA2CisrKyBic20vbGliYnNt LmgJV2VkIE9jdCAxMSAxNTo0ODo1MyAyMDA2CkBAIC03NzAsNyArNzcwLDEz IEBACiBpbnQJCQkgYXVfZmV0Y2hfdG9rKHRva2Vuc3RyX3QgKnRvaywgdV9j aGFyICpidWYsIGludCBsZW4pOwogLy9YWFggVGhlIGZvbGxvd2luZyBpbnRl cmZhY2UgaGFzIGRpZmZlcmVudCBwcm90b3R5cGUgZnJvbSBCU00KIHZvaWQJ CQkgYXVfcHJpbnRfdG9rKEZJTEUgKm91dGZwLCB0b2tlbnN0cl90ICp0b2ss Ci0JCQkgICAgY2hhciAqZGVsLCBjaGFyIHJhdywgY2hhciBzZnJtKTsKKwkJ CSAgICBjaGFyICpkZWwsIGNoYXIgcmF3LCBjaGFyIHNmcm0sIGNoYXIgeG1s KTsKKworLyogCisgKiBGdW5jdG9pbnMgcmVsYXRpbmcgdG8gWE1MIG91dHB1 dAorICovCit2b2lkCQkJIHByaW50X3htbF9oZWFkZXIoRklMRSAqb3V0ZnAp Owordm9pZAkJCSBwcmludF94bWxfZm9vdGVyKEZJTEUgKm91dGZwKTsKIF9f RU5EX0RFQ0xTCiAKIC8qCgpJbmRleDogbGliYnNtL2JzbV9pby5jCj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT0KLS0tIGxpYmJzbS9ic21faW8uYwlUdWUgT2N0 ICAzIDExOjI4OjM1IDIwMDYKKysrIGxpYmJzbS9ic21faW8uYwlXZWQgT2N0 IDExIDE2OjAxOjU2IDIwMDYKQEAgLTIwNywxNiArMjA3LDMzNCBAQAogfQog CiAvKgorICogUHJpbnRzIHRoZSBiZWdnaW5pbmcgb2YgYXR0cmlidXRlLgor ICovCitzdGF0aWMgdm9pZAorb3Blbl9hdHRyKEZJTEUgKmZwLCB1X2NoYXIg KnN0cikKK3sKKworCWZwcmludGYoZnAsIiVzPVwiIiwgc3RyKTsKK30KKwor LyoKKyAqIFByaW50cyB0aGUgZW5kIG9mIGF0dHJpYnV0ZS4KKyAqLworc3Rh dGljIHZvaWQKK2Nsb3NlX2F0dHIoRklMRSAqZnApCit7CisKKwlmcHJpbnRm KGZwLCJcIiAiKTsKK30KKworLyoKKyAqIFByaW50cyB0aGUgZW5kIG9mIHRh Zy4KKyAqLworc3RhdGljIHZvaWQKK2Nsb3NlX3RhZyhGSUxFICpmcCwgdV9j aGFyIHR5cGUpCit7CisKKwlzd2l0Y2godHlwZSkgeworCQljYXNlIEFVVF9I RUFERVIzMjoKKwkJCWZwcmludGYoZnAsICI+Iik7CisJCQlicmVhazsKKwor CQljYXNlIEFVVF9IRUFERVIzMl9FWDoKKwkJCWZwcmludGYoZnAsICI+Iik7 CisJCQlicmVhazsKKworCQljYXNlIEFVVF9IRUFERVI2NDoKKwkJCWZwcmlu dGYoZnAsICI+Iik7CisJCQlicmVhazsKKworCQljYXNlIEFVVF9IRUFERVI2 NF9FWDoKKwkJCWZwcmludGYoZnAsICI+Iik7CisJCQlicmVhazsKKworCQlj YXNlIEFVVF9BUkczMjoKKwkJCWZwcmludGYoZnAsICIvPiIpOworCQkJYnJl YWs7CisKKwkJY2FzZSBBVVRfQVJHNjQ6CisJCQlmcHJpbnRmKGZwLCAiLz4i KTsKKwkJCWJyZWFrOworCisJCWNhc2UgQVVUX0FUVFIzMjoKKwkJCWZwcmlu dGYoZnAsICIvPiIpOworCQkJYnJlYWs7CisKKwkJY2FzZSBBVVRfQVRUUjY0 OgorCQkJZnByaW50ZihmcCwgIi8+Iik7CisJCQlicmVhazsKKworCQljYXNl IEFVVF9FWElUOgorCQkJZnByaW50ZihmcCwgIi8+Iik7CisJCQlicmVhazsK KworCQljYXNlIEFVVF9FWEVDX0FSR1M6CisJCQlmcHJpbnRmKGZwLCAiPC9l eGVjX2FyZ3M+Iik7CisJCQlicmVhazsKKworCQljYXNlIEFVVF9FWEVDX0VO VjoKKwkJCWZwcmludGYoZnAsICI8L2V4ZWNfZW52PiIpOworCQkJYnJlYWs7 CisKKwkJY2FzZSBBVVRfT1RIRVJfRklMRTMyOgorCQkJZnByaW50ZihmcCwg IjwvZmlsZT4iKTsKKwkJCWJyZWFrOworCisJCWNhc2UgQVVUX05FV0dST1VQ UzoKKwkJCWZwcmludGYoZnAsICI8L2dyb3VwPiIpOworCQkJYnJlYWs7CisK KwkJY2FzZSBBVVRfSU5fQUREUjoKKwkJCWZwcmludGYoZnAsICI8L2lwX2Fk ZHJlc3M+Iik7CisJCQlicmVhazsKKworCQljYXNlIEFVVF9JTl9BRERSX0VY OgorCQkJZnByaW50ZihmcCwgIjwvaXBfYWRkcmVzcz4iKTsKKwkJCWJyZWFr OworCisJCWNhc2UgQVVUX0lQOgorCQkJZnByaW50ZihmcCwgIi8+Iik7CisJ CQlicmVhazsKKworCQljYXNlIEFVVF9JUEM6CisJCQlmcHJpbnRmKGZwLCAi Lz4iKTsKKwkJCWJyZWFrOworCisJCWNhc2UgQVVUX0lQQ19QRVJNOgorCQkJ ZnByaW50ZihmcCwgIi8+Iik7CisJCQlicmVhazsKKworCQljYXNlIEFVVF9J UE9SVDoKKwkJCWZwcmludGYoZnAsICI8L2lwX3BvcnQ+Iik7CisJCQlicmVh azsKKworCQljYXNlIEFVVF9PUEFRVUU6CisJCQlmcHJpbnRmKGZwLCAiPC9v cGFxdWU+Iik7CisJCQlicmVhazsKKworCQljYXNlIEFVVF9QQVRIOgorCQkJ ZnByaW50ZihmcCwgIjwvcGF0aD4iKTsKKwkJCWJyZWFrOworCisJCWNhc2Ug QVVUX1BST0NFU1MzMjoKKwkJCWZwcmludGYoZnAsICIvPiIpOworCQkJYnJl YWs7CisKKwkJY2FzZSBBVVRfUFJPQ0VTUzMyX0VYOgorCQkJZnByaW50Zihm cCwgIi8+Iik7CisJCQlicmVhazsKKworCQljYXNlIEFVVF9SRVRVUk4zMjoK KwkJCWZwcmludGYoZnAsICIvPiIpOworCQkJYnJlYWs7CisKKwkJY2FzZSBB VVRfUkVUVVJONjQ6CisJCQlmcHJpbnRmKGZwLCAiLz4iKTsKKwkJCWJyZWFr OworCisJCWNhc2UgQVVUX1NFUToKKwkJCWZwcmludGYoZnAsICIvPiIpOwor CQkJYnJlYWs7CisKKwkJY2FzZSBBVVRfU09DS0VUOgorCQkJZnByaW50Zihm cCwgIi8+Iik7CisJCQlicmVhazsKKworCQljYXNlIEFVVF9TT0NLSU5FVDMy OgorCQkJZnByaW50ZihmcCwgIi8+Iik7CisJCQlicmVhazsKKworCQljYXNl IEFVVF9TT0NLVU5JWDoKKwkJCWZwcmludGYoZnAsICIvPiIpOworCQkJYnJl YWs7CisKKwkJY2FzZSBBVVRfU1VCSkVDVDMyOgorCQkJZnByaW50ZihmcCwg Ii8+Iik7CisJCQlicmVhazsKKworCQljYXNlIEFVVF9TVUJKRUNUNjQ6CisJ CQlmcHJpbnRmKGZwLCAiLz4iKTsKKwkJCWJyZWFrOworCisJCWNhc2UgQVVU X1NVQkpFQ1QzMl9FWDoKKwkJCWZwcmludGYoZnAsICIvPiIpOworCQkJYnJl YWs7CisKKwkJY2FzZSBBVVRfVEVYVDoKKwkJCWZwcmludGYoZnAsICI8L3Rl eHQ+Iik7CisJCQlicmVhazsKKworCQljYXNlIEFVVF9TT0NLRVRfRVg6CisJ CQlmcHJpbnRmKGZwLCAiLz4iKTsKKwkJCWJyZWFrOworCisJCWNhc2UgQVVU X0RBVEE6CisJCQlmcHJpbnRmKGZwLCAiPC9hcmJpdHJhcnk+Iik7CisJCQli cmVhazsKKwl9Cit9CisKKy8qCiAgKiBQcmludHMgdGhlIHRva2VuIHR5cGUg aW4gZWl0aGVyIHRoZSByYXcgb3IgdGhlIGRlZmF1bHQgZm9ybS4KICAqLwog c3RhdGljIHZvaWQKLXByaW50X3Rva190eXBlKEZJTEUgKmZwLCB1X2NoYXIg dHlwZSwgY29uc3QgY2hhciAqdG9rbmFtZSwgY2hhciByYXcpCitwcmludF90 b2tfdHlwZShGSUxFICpmcCwgdV9jaGFyIHR5cGUsIGNvbnN0IGNoYXIgKnRv a25hbWUsIGNoYXIgcmF3LCBjaGFyIHhtbCkKIHsKIAotCWlmIChyYXcpCi0J CWZwcmludGYoZnAsICIldSIsIHR5cGUpOwotCWVsc2UKLQkJZnByaW50Zihm cCwgIiVzIiwgdG9rbmFtZSk7CisJaWYgKHhtbCkgeworCQlzd2l0Y2godHlw ZSkgeworCQkJY2FzZSBBVVRfSEVBREVSMzI6CisJCQkJZnByaW50ZihmcCwg IjxyZWNvcmQgIik7CisJCQkJYnJlYWs7CisKKwkJCWNhc2UgQVVUX0hFQURF UjMyX0VYOgorCQkJCWZwcmludGYoZnAsICI8cmVjb3JkICIpOworCQkJCWJy ZWFrOworCisJCQljYXNlIEFVVF9IRUFERVI2NDoKKwkJCQlmcHJpbnRmKGZw LCAiPHJlY29yZCAiKTsKKwkJCQlicmVhazsKKworCQkJY2FzZSBBVVRfSEVB REVSNjRfRVg6CisJCQkJZnByaW50ZihmcCwgIjxyZWNvcmQgIik7CisJCQkJ YnJlYWs7CisKKwkJCWNhc2UgQVVUX1RSQUlMRVI6CisJCQkJZnByaW50Zihm cCwgIjwvcmVjb3JkPiIpOworCQkJCWJyZWFrOworCisJCQljYXNlIEFVVF9B UkczMjoKKwkJCQlmcHJpbnRmKGZwLCAiPGFyZ3VtZW50ICIpOworCQkJCWJy ZWFrOworCisJCQljYXNlIEFVVF9BUkc2NDoKKwkJCQlmcHJpbnRmKGZwLCAi PGFyZ3VtZW50ICIpOworCQkJCWJyZWFrOworCisJCQljYXNlIEFVVF9BVFRS MzI6CisJCQkJZnByaW50ZihmcCwgIjxhdHRyaWJ1dGUgIik7CisJCQkJYnJl YWs7CisKKwkJCWNhc2UgQVVUX0FUVFI2NDoKKwkJCQlmcHJpbnRmKGZwLCAi PGF0dHJpYnV0ZSAiKTsKKwkJCQlicmVhazsKKworCQkJY2FzZSBBVVRfRVhJ VDoKKwkJCQlmcHJpbnRmKGZwLCAiPGV4aXQgIik7CisJCQkJYnJlYWs7CisK KwkJCWNhc2UgQVVUX0VYRUNfQVJHUzoKKwkJCQlmcHJpbnRmKGZwLCAiPGV4 ZWNfYXJncz4iKTsKKwkJCQlicmVhazsKKworCQkJY2FzZSBBVVRfRVhFQ19F TlY6CisJCQkJZnByaW50ZihmcCwgIjxleGVjX2Vudj4iKTsKKwkJCQlicmVh azsKKworCQkJY2FzZSBBVVRfT1RIRVJfRklMRTMyOgorCQkJCWZwcmludGYo ZnAsICI8ZmlsZSAiKTsKKwkJCQlicmVhazsKKworCQkJY2FzZSBBVVRfTkVX R1JPVVBTOgorCQkJCWZwcmludGYoZnAsICI8Z3JvdXA+Iik7CisJCQkJYnJl YWs7CisKKwkJCWNhc2UgQVVUX0lOX0FERFI6CisJCQkJZnByaW50ZihmcCwg IjxpcF9hZGRyZXNzPiIpOworCQkJCWJyZWFrOworCisJCQljYXNlIEFVVF9J Tl9BRERSX0VYOgorCQkJCWZwcmludGYoZnAsICI8aXBfYWRkcmVzcz4iKTsK KwkJCQlicmVhazsKKworCQkJY2FzZSBBVVRfSVA6CisJCQkJZnByaW50Zihm cCwgIjxpcCAiKTsKKwkJCQlicmVhazsKKworCQkJY2FzZSBBVVRfSVBDOgor CQkJCWZwcmludGYoZnAsICI8SVBDIik7CisJCQkJYnJlYWs7CisKKwkJCWNh c2UgQVVUX0lQQ19QRVJNOgorCQkJCWZwcmludGYoZnAsICI8SVBDX3Blcm0g Iik7CisJCQkJYnJlYWs7CisKKwkJCWNhc2UgQVVUX0lQT1JUOgorCQkJCWZw cmludGYoZnAsICI8aXBfcG9ydD4iKTsKKwkJCQlicmVhazsKKworCQkJY2Fz ZSBBVVRfT1BBUVVFOgorCQkJCWZwcmludGYoZnAsICI8b3BhcXVlPiIpOwor CQkJCWJyZWFrOworCisJCQljYXNlIEFVVF9QQVRIOgorCQkJCWZwcmludGYo ZnAsICI8cGF0aD4iKTsKKwkJCQlicmVhazsKKworCQkJY2FzZSBBVVRfUFJP Q0VTUzMyOgorCQkJCWZwcmludGYoZnAsICI8cHJvY2VzcyAiKTsKKwkJCQli cmVhazsKKworCQkJY2FzZSBBVVRfUFJPQ0VTUzMyX0VYOgorCQkJCWZwcmlu dGYoZnAsICI8cHJvY2VzcyAiKTsKKwkJCQlicmVhazsKKworCQkJY2FzZSBB VVRfUkVUVVJOMzI6CisJCQkJZnByaW50ZihmcCwgIjxyZXR1cm4gIik7CisJ CQkJYnJlYWs7CisKKwkJCWNhc2UgQVVUX1JFVFVSTjY0OgorCQkJCWZwcmlu dGYoZnAsICI8cmV0dXJuICIpOworCQkJCWJyZWFrOworCisJCQljYXNlIEFV VF9TRVE6CisJCQkJZnByaW50ZihmcCwgIjxzZXF1ZW5jZSAiKTsKKwkJCQli cmVhazsKKworCQkJY2FzZSBBVVRfU09DS0VUOgorCQkJCWZwcmludGYoZnAs ICI8c29ja2V0ICIpOworCQkJCWJyZWFrOworCisJCQljYXNlIEFVVF9TT0NL SU5FVDMyOgorCQkJCWZwcmludGYoZnAsICI8b2xkX3NvY2tldCIpOworCQkJ CWJyZWFrOworCisJCQljYXNlIEFVVF9TT0NLVU5JWDoKKwkJCQlmcHJpbnRm KGZwLCAiPG9sZF9zb2NrZXQiKTsKKwkJCQlicmVhazsKKworCQkJY2FzZSBB VVRfU1VCSkVDVDMyOgorCQkJCWZwcmludGYoZnAsICI8c3ViamVjdCAiKTsK KwkJCQlicmVhazsKKworCQkJY2FzZSBBVVRfU1VCSkVDVDY0OgorCQkJCWZw cmludGYoZnAsICI8c3ViamVjdCAiKTsKKwkJCQlicmVhazsKKworCQkJY2Fz ZSBBVVRfU1VCSkVDVDMyX0VYOgorCQkJCWZwcmludGYoZnAsICI8c3ViamVj dCAiKTsKKwkJCQlicmVhazsKKworCQkJY2FzZSBBVVRfVEVYVDoKKwkJCQlm cHJpbnRmKGZwLCAiPHRleHQ+Iik7CisJCQkJYnJlYWs7CisKKwkJCWNhc2Ug QVVUX1NPQ0tFVF9FWDoKKwkJCQlmcHJpbnRmKGZwLCAiPHNvY2tldCAiKTsK KwkJCQlicmVhazsKKworCQkJY2FzZSBBVVRfREFUQToKKwkJCQlmcHJpbnRm KGZwLCAiPGFyYml0cmFyeSAiKTsKKwkJCQlicmVhazsKKwkJfQorCX0gZWxz ZSB7CisJCWlmIChyYXcpCisJCQlmcHJpbnRmKGZwLCAiJXUiLCB0eXBlKTsK KwkJZWxzZQorCQkJZnByaW50ZihmcCwgIiVzIiwgdG9rbmFtZSk7CisJfQog fQogCiAvKgpAQCAtNDU1LDYgKzc3MywyNyBAQAogfQogCiAvKgorICogUHJp bnQgWE1MIGhlYWRlcgorICovCit2b2lkCitwcmludF94bWxfaGVhZGVyKEZJ TEUgKm91dGZwKQoreworCQorCWZwcmludGYob3V0ZnAsICI8P3htbCB2ZXJz aW9uPScxLjAnID8+XG4iKTsKKwlmcHJpbnRmKG91dGZwLCAiPGF1ZGl0Plxu Iik7Cit9CisKKy8qCisgKiBQcmludCBYTUwgZm9vdGVyCisgKi8KK3ZvaWQK K3ByaW50X3htbF9mb290ZXIoRklMRSAqb3V0ZnApCit7CisJCisJZnByaW50 ZihvdXRmcCwgIjwvYXVkaXQ+XG4iKTsKK30KKworLyoKICAqIHJlY29yZCBi eXRlIGNvdW50ICAgICAgIDQgYnl0ZXMKICAqIHZlcnNpb24gIyAgICAgICAg ICAgICAgIDEgYnl0ZSAgICBbMl0KICAqIGV2ZW50IHR5cGUgICAgICAgICAg ICAgIDIgYnl0ZXMKQEAgLTQ5NSwyMiArODM0LDQxIEBACiB9CiAKIHN0YXRp YyB2b2lkCi1wcmludF9oZWFkZXIzMl90b2soRklMRSAqZnAsIHRva2Vuc3Ry X3QgKnRvaywgY2hhciAqZGVsLCBjaGFyIHJhdywgY2hhciBzZnJtKQorcHJp bnRfaGVhZGVyMzJfdG9rKEZJTEUgKmZwLCB0b2tlbnN0cl90ICp0b2ssIGNo YXIgKmRlbCwgY2hhciByYXcsIGNoYXIgc2ZybSwgY2hhciB4bWwpCiB7CiAK LQlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgImhlYWRlciIsIHJhdyk7 Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfNF9ieXRlcyhmcCwg dG9rLT50dC5oZHIzMi5zaXplLCAiJXUiKTsKLQlwcmludF9kZWxpbShmcCwg ZGVsKTsKLQlwcmludF8xX2J5dGUoZnAsIHRvay0+dHQuaGRyMzIudmVyc2lv biwgIiV1Iik7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfZXZl bnQoZnAsIHRvay0+dHQuaGRyMzIuZV90eXBlLCByYXcsIHNmcm0pOwotCXBy aW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2V2bW9kKGZwLCB0b2stPnR0 LmhkcjMyLmVfbW9kLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwot CXByaW50X3NlYzMyKGZwLCB0b2stPnR0LmhkcjMyLnMsIHJhdyk7Ci0JcHJp bnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfbXNlYzMyKGZwLCB0b2stPnR0 LmhkcjMyLm1zLCByYXcpOworCXByaW50X3Rva190eXBlKGZwLCB0b2stPmlk LCAiaGVhZGVyIiwgcmF3LCB4bWwpOworCWlmICh4bWwpIHsKKwkJb3Blbl9h dHRyKGZwLCAidmVyc2lvbiIpOworCQlwcmludF8xX2J5dGUoZnAsIHRvay0+ dHQuaGRyMzIudmVyc2lvbiwgIiV1Iik7CisJCWNsb3NlX2F0dHIoZnApOwor CQlvcGVuX2F0dHIoZnAsICJldmVudCIpOworCQlwcmludF9ldmVudChmcCwg dG9rLT50dC5oZHIzMi5lX3R5cGUsIHJhdywgc2ZybSk7CisJCWNsb3NlX2F0 dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJtb2RpZmllciIpOworCQlwcmlu dF9ldm1vZChmcCwgdG9rLT50dC5oZHIzMi5lX21vZCwgcmF3KTsKKwkJY2xv c2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgInRpbWUiKTsKKwkJcHJp bnRfc2VjMzIoZnAsIHRvay0+dHQuaGRyMzIucywgcmF3KTsKKwkJY2xvc2Vf YXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgIm1zZWMiKTsKKwkJcHJpbnRf bXNlYzMyKGZwLCB0b2stPnR0LmhkcjMyLm1zLCAxKTsKKwkJY2xvc2VfYXR0 cihmcCk7CisJCWNsb3NlX3RhZyhmcCx0b2stPmlkKTsKKwl9IGVsc2Ugewor CQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfNF9ieXRlcyhmcCwg dG9rLT50dC5oZHIzMi5zaXplLCAiJXUiKTsKKwkJcHJpbnRfZGVsaW0oZnAs IGRlbCk7CisJCXByaW50XzFfYnl0ZShmcCwgdG9rLT50dC5oZHIzMi52ZXJz aW9uLCAiJXUiKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50 X2V2ZW50KGZwLCB0b2stPnR0LmhkcjMyLmVfdHlwZSwgcmF3LCBzZnJtKTsK KwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X2V2bW9kKGZwLCB0 b2stPnR0LmhkcjMyLmVfbW9kLCByYXcpOworCQlwcmludF9kZWxpbShmcCwg ZGVsKTsKKwkJcHJpbnRfc2VjMzIoZnAsIHRvay0+dHQuaGRyMzIucywgcmF3 KTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X21zZWMzMihm cCwgdG9rLT50dC5oZHIzMi5tcywgcmF3KTsKKwl9CiB9CiAKIC8qCkBAIC01 ODQsMjUgKzk0Miw0OCBAQAogCiBzdGF0aWMgdm9pZAogcHJpbnRfaGVhZGVy MzJfZXhfdG9rKEZJTEUgKmZwLCB0b2tlbnN0cl90ICp0b2ssIGNoYXIgKmRl bCwgY2hhciByYXcsCi0gICAgY2hhciBzZnJtKQorICAgIGNoYXIgc2ZybSwg Y2hhciB4bWwpCiB7CiAKLQlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwg ImhlYWRlcl9leCIsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0J cHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5oZHIzMl9leC5zaXplLCAiJXUi KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF8xX2J5dGUoZnAs IHRvay0+dHQuaGRyMzJfZXgudmVyc2lvbiwgIiV1Iik7Ci0JcHJpbnRfZGVs aW0oZnAsIGRlbCk7Ci0JcHJpbnRfZXZlbnQoZnAsIHRvay0+dHQuaGRyMzJf ZXguZV90eXBlLCByYXcsIHNmcm0pOwotCXByaW50X2RlbGltKGZwLCBkZWwp OwotCXByaW50X2V2bW9kKGZwLCB0b2stPnR0LmhkcjMyX2V4LmVfbW9kLCBy YXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2lwX2V4X2Fk ZHJlc3MoZnAsIHRvay0+dHQuaGRyMzJfZXguYWRfdHlwZSwKLQkgICAgdG9r LT50dC5oZHIzMl9leC5hZGRyKTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsK LQlwcmludF9zZWMzMihmcCwgdG9rLT50dC5oZHIzMl9leC5zLCByYXcpOwot CXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X21zZWMzMihmcCwgdG9r LT50dC5oZHIzMl9leC5tcywgcmF3KTsKKwlwcmludF90b2tfdHlwZShmcCwg dG9rLT5pZCwgImhlYWRlcl9leCIsIHJhdywgeG1sKTsKKwlpZiAoeG1sKSB7 CisJCW9wZW5fYXR0cihmcCwgInZlcnNpb24iKTsKKwkJcHJpbnRfMV9ieXRl KGZwLCB0b2stPnR0LmhkcjMyX2V4LnZlcnNpb24sICIldSIpOworCQljbG9z ZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAiZXZlbnQiKTsKKwkJcHJp bnRfZXZlbnQoZnAsIHRvay0+dHQuaGRyMzJfZXguZV90eXBlLCByYXcsIHNm cm0pOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAibW9k aWZpZXIiKTsKKwkJcHJpbnRfZXZtb2QoZnAsIHRvay0+dHQuaGRyMzJfZXgu ZV9tb2QsIHJhdyk7CisJCWNsb3NlX2F0dHIoZnApOworLyogTm8gYXR0cmli dXQgZm9yIGFkZC4gdHlwZQkJCisJCXByaW50X2lwX2V4X2FkZHJlc3MoZnAs IHRvay0+dHQuaGRyMzJfZXguYWRfdHlwZSwKKwkJCXRvay0+dHQuaGRyMzJf ZXguYWRkcik7CisqLworCQlvcGVuX2F0dHIoZnAsICJ0aW1lIik7CisJCXBy aW50X3NlYzMyKGZwLCB0b2stPnR0LmhkcjMyX2V4LnMsIHJhdyk7CisJCWNs b3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJtc2VjIik7CisJCXBy aW50X21zZWMzMihmcCwgdG9rLT50dC5oZHIzMl9leC5tcywgcmF3KTsKKwkJ Y2xvc2VfYXR0cihmcCk7CisJCWNsb3NlX3RhZyhmcCwgdG9rLT5pZCk7CisJ fSBlbHNlIHsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50XzRf Ynl0ZXMoZnAsIHRvay0+dHQuaGRyMzJfZXguc2l6ZSwgIiV1Iik7CisJCXBy aW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF8xX2J5dGUoZnAsIHRvay0+ dHQuaGRyMzJfZXgudmVyc2lvbiwgIiV1Iik7CisJCXByaW50X2RlbGltKGZw LCBkZWwpOworCQlwcmludF9ldmVudChmcCwgdG9rLT50dC5oZHIzMl9leC5l X3R5cGUsIHJhdywgc2ZybSk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOwor CQlwcmludF9ldm1vZChmcCwgdG9rLT50dC5oZHIzMl9leC5lX21vZCwgcmF3 KTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X2lwX2V4X2Fk ZHJlc3MoZnAsIHRvay0+dHQuaGRyMzJfZXguYWRfdHlwZSwKKwkJCXRvay0+ dHQuaGRyMzJfZXguYWRkcik7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOwor CQlwcmludF9zZWMzMihmcCwgdG9rLT50dC5oZHIzMl9leC5zLCByYXcpOwor CQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfbXNlYzMyKGZwLCB0 b2stPnR0LmhkcjMyX2V4Lm1zLCByYXcpOworCX0KIH0KIAogLyoKQEAgLTY0 NiwyMiArMTAyNyw0MyBAQAogfQogCiBzdGF0aWMgdm9pZAotcHJpbnRfaGVh ZGVyNjRfdG9rKEZJTEUgKmZwLCB0b2tlbnN0cl90ICp0b2ssIGNoYXIgKmRl bCwgY2hhciByYXcsIGNoYXIgc2ZybSkKK3ByaW50X2hlYWRlcjY0X3RvayhG SUxFICpmcCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3 LCBjaGFyIHNmcm0sIGNoYXIgeG1sKQogeworCQorCXByaW50X3Rva190eXBl KGZwLCB0b2stPmlkLCAiaGVhZGVyIiwgcmF3LCB4bWwpOyAKKwlpZiAoeG1s KSB7CisJCW9wZW5fYXR0cihmcCwgInZlcnNpb24iKTsKKwkJcHJpbnRfMV9i eXRlKGZwLCB0b2stPnR0LmhkcjY0LnZlcnNpb24sICIldSIpOworCQljbG9z ZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAiZXZlbnQiKTsKKwkJcHJp bnRfZXZlbnQoZnAsIHRvay0+dHQuaGRyNjQuZV90eXBlLCByYXcsIHNmcm0p OworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAibW9kaWZp ZXIiKTsKKwkJcHJpbnRfZXZtb2QoZnAsIHRvay0+dHQuaGRyNjQuZV9tb2Qs IHJhdyk7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJ0 aW1lIik7CisJCXByaW50X3NlYzY0KGZwLCB0b2stPnR0LmhkcjY0LnMsIHJh dyk7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJtc2Vj Iik7CisJCXByaW50X21zZWM2NChmcCwgdG9rLT50dC5oZHI2NC5tcywgcmF3 KTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCWNsb3NlX3RhZyhmcCwgdG9rLT5p ZCk7CisJfSBlbHNlIHsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXBy aW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuaGRyNjQuc2l6ZSwgIiV1Iik7CisJ CXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF8xX2J5dGUoZnAsIHRv ay0+dHQuaGRyNjQudmVyc2lvbiwgIiV1Iik7CisJCXByaW50X2RlbGltKGZw LCBkZWwpOworCQlwcmludF9ldmVudChmcCwgdG9rLT50dC5oZHI2NC5lX3R5 cGUsIHJhdywgc2ZybSk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlw cmludF9ldm1vZChmcCwgdG9rLT50dC5oZHI2NC5lX21vZCwgcmF3KTsKKwkJ cHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X3NlYzY0KGZwLCB0b2st PnR0LmhkcjY0LnMsIHJhdyk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOwor CQlwcmludF9tc2VjNjQoZnAsIHRvay0+dHQuaGRyNjQubXMsIHJhdyk7CisJ fQorCiAKLQlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgImhlYWRlciIs IHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfNF9ieXRl cyhmcCwgdG9rLT50dC5oZHI2NC5zaXplLCAiJXUiKTsKLQlwcmludF9kZWxp bShmcCwgZGVsKTsKLQlwcmludF8xX2J5dGUoZnAsIHRvay0+dHQuaGRyNjQu dmVyc2lvbiwgIiV1Iik7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJp bnRfZXZlbnQoZnAsIHRvay0+dHQuaGRyNjQuZV90eXBlLCByYXcsIHNmcm0p OwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2V2bW9kKGZwLCB0 b2stPnR0LmhkcjY0LmVfbW9kLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBk ZWwpOwotCXByaW50X3NlYzY0KGZwLCB0b2stPnR0LmhkcjY0LnMsIHJhdyk7 Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfbXNlYzY0KGZwLCB0 b2stPnR0LmhkcjY0Lm1zLCByYXcpOwogfQogLyoKICAqIHJlY29yZCBieXRl IGNvdW50ICAgICAgIDQgYnl0ZXMKQEAgLTcyOSwyNSArMTEzMSw0OCBAQAog fQogCiBzdGF0aWMgdm9pZAotcHJpbnRfaGVhZGVyNjRfZXhfdG9rKEZJTEUg KmZwLCB0b2tlbnN0cl90ICp0b2ssIGNoYXIgKmRlbCwgY2hhciByYXcsIGNo YXIgc2ZybSkKK3ByaW50X2hlYWRlcjY0X2V4X3RvayhGSUxFICpmcCwgdG9r ZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LCBjaGFyIHNmcm0s IGNoYXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQs ICJoZWFkZXJfZXgiLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwot CXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuaGRyNjRfZXguc2l6ZSwgIiV1 Iik7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfMV9ieXRlKGZw LCB0b2stPnR0LmhkcjY0X2V4LnZlcnNpb24sICIldSIpOwotCXByaW50X2Rl bGltKGZwLCBkZWwpOwotCXByaW50X2V2ZW50KGZwLCB0b2stPnR0LmhkcjY0 X2V4LmVfdHlwZSwgcmF3LCBzZnJtKTsKLQlwcmludF9kZWxpbShmcCwgZGVs KTsKLQlwcmludF9ldm1vZChmcCwgdG9rLT50dC5oZHI2NF9leC5lX21vZCwg cmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF9pcF9leF9h ZGRyZXNzKGZwLCB0b2stPnR0LmhkcjY0X2V4LmFkX3R5cGUsCi0JICAgIHRv ay0+dHQuaGRyNjRfZXguYWRkcik7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7 Ci0JcHJpbnRfc2VjNjQoZnAsIHRvay0+dHQuaGRyNjRfZXgucywgcmF3KTsK LQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF9tc2VjNjQoZnAsIHRv ay0+dHQuaGRyNjRfZXgubXMsIHJhdyk7CisJcHJpbnRfdG9rX3R5cGUoZnAs IHRvay0+aWQsICJoZWFkZXJfZXgiLCByYXcsIHhtbCk7CisJaWYgKHhtbCkg eworCQlvcGVuX2F0dHIoZnAsICJ2ZXJzaW9uIik7CisJCXByaW50XzFfYnl0 ZShmcCwgdG9rLT50dC5oZHI2NF9leC52ZXJzaW9uLCAiJXUiKTsKKwkJY2xv c2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgImV2ZW50Iik7CisJCXBy aW50X2V2ZW50KGZwLCB0b2stPnR0LmhkcjY0X2V4LmVfdHlwZSwgcmF3LCBz ZnJtKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgIm1v ZGlmaWVyIik7CisJCXByaW50X2V2bW9kKGZwLCB0b2stPnR0LmhkcjY0X2V4 LmVfbW9kLCByYXcpOworCQljbG9zZV9hdHRyKGZwKTsKKy8qIE5vIGF0dHJp YnV0ZSBmb3IgYWRkLiB0eXBlCQkKKwkJcHJpbnRfaXBfZXhfYWRkcmVzcyhm cCwgdG9rLT50dC5oZHI2NF9leC5hZF90eXBlLAorCQkJdG9rLT50dC5oZHI2 NF9leC5hZGRyKTsKKyovCisJCW9wZW5fYXR0cihmcCwgInRpbWUiKTsKKwkJ cHJpbnRfc2VjNjQoZnAsIHRvay0+dHQuaGRyNjRfZXgucywgcmF3KTsKKwkJ Y2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgIm1zZWMiKTsKKwkJ cHJpbnRfbXNlYzY0KGZwLCB0b2stPnR0LmhkcjY0X2V4Lm1zLCByYXcpOwor CQljbG9zZV9hdHRyKGZwKTsKKwkJY2xvc2VfdGFnKGZwLCB0b2stPmlkKTsK Kwl9IGVsc2UgeworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRf NF9ieXRlcyhmcCwgdG9rLT50dC5oZHI2NF9leC5zaXplLCAiJXUiKTsKKwkJ cHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50XzFfYnl0ZShmcCwgdG9r LT50dC5oZHI2NF9leC52ZXJzaW9uLCAiJXUiKTsKKwkJcHJpbnRfZGVsaW0o ZnAsIGRlbCk7CisJCXByaW50X2V2ZW50KGZwLCB0b2stPnR0LmhkcjY0X2V4 LmVfdHlwZSwgcmF3LCBzZnJtKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7 CisJCXByaW50X2V2bW9kKGZwLCB0b2stPnR0LmhkcjY0X2V4LmVfbW9kLCBy YXcpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfaXBfZXhf YWRkcmVzcyhmcCwgdG9rLT50dC5oZHI2NF9leC5hZF90eXBlLAorCQkJdG9r LT50dC5oZHI2NF9leC5hZGRyKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7 CisJCXByaW50X3NlYzY0KGZwLCB0b2stPnR0LmhkcjY0X2V4LnMsIHJhdyk7 CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF9tc2VjNjQoZnAs IHRvay0+dHQuaGRyNjRfZXgubXMsIHJhdyk7CisJCX0KIH0KIAogLyoKQEAg LTc3MiwxMiArMTE5NywxNCBAQAogCiBzdGF0aWMgdm9pZAogcHJpbnRfdHJh aWxlcl90b2soRklMRSAqZnAsIHRva2Vuc3RyX3QgKnRvaywgY2hhciAqZGVs LCBjaGFyIHJhdywKLSAgICBfX3VudXNlZCBjaGFyIHNmcm0pCisgICAgX191 bnVzZWQgY2hhciBzZnJtLCBjaGFyIHhtbCkKIHsKIAotCXByaW50X3Rva190 eXBlKGZwLCB0b2stPmlkLCAidHJhaWxlciIsIHJhdyk7Ci0JcHJpbnRfZGVs aW0oZnAsIGRlbCk7Ci0JcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC50cmFp bC5jb3VudCwgIiV1Iik7CisJcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQs ICJ0cmFpbGVyIiwgcmF3LCB4bWwpOworCWlmICgheG1sKSB7CisJCXByaW50 X2RlbGltKGZwLCBkZWwpOworCQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0 LnRyYWlsLmNvdW50LCAiJXUiKTsKKwl9CiB9CiAKIC8qCkBAIC04MTMsMTYg KzEyNDAsMjggQEAKIAogc3RhdGljIHZvaWQKIHByaW50X2FyZzMyX3RvayhG SUxFICpmcCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3 LAotICAgIF9fdW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBjaGFy IHNmcm0sIGNoYXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAsIHRv ay0+aWQsICJhcmd1bWVudCIsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRl bCk7Ci0JcHJpbnRfMV9ieXRlKGZwLCB0b2stPnR0LmFyZzMyLm5vLCAiJXUi KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF80X2J5dGVzKGZw LCB0b2stPnR0LmFyZzMyLnZhbCwgIjB4JXgiKTsKLQlwcmludF9kZWxpbShm cCwgZGVsKTsKLQlwcmludF9zdHJpbmcoZnAsIHRvay0+dHQuYXJnMzIudGV4 dCwgdG9rLT50dC5hcmczMi5sZW4pOworCXByaW50X3Rva190eXBlKGZwLCB0 b2stPmlkLCAiYXJndW1lbnQiLCByYXcsIHhtbCk7CisJaWYgKHhtbCkgewor CQlvcGVuX2F0dHIoZnAsICJhcmctbnVtIik7CisJCXByaW50XzFfYnl0ZShm cCwgdG9rLT50dC5hcmczMi5ubywgIiV1Iik7CisJCWNsb3NlX2F0dHIoZnAp OworCQlvcGVuX2F0dHIoZnAsICJ2YWx1ZSIpOworCQlwcmludF80X2J5dGVz KGZwLCB0b2stPnR0LmFyZzMyLnZhbCwgIjB4JXgiKTsKKwkJY2xvc2VfYXR0 cihmcCk7CisJCW9wZW5fYXR0cihmcCwgImRlc2MiKTsKKwkJcHJpbnRfc3Ry aW5nKGZwLCB0b2stPnR0LmFyZzMyLnRleHQsIHRvay0+dHQuYXJnMzIubGVu KTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCWNsb3NlX3RhZyhmcCwgdG9rLT5p ZCk7CisJfSBlbHNlIHsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXBy aW50XzFfYnl0ZShmcCwgdG9rLT50dC5hcmczMi5ubywgIiV1Iik7CisJCXBy aW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF80X2J5dGVzKGZwLCB0b2st PnR0LmFyZzMyLnZhbCwgIjB4JXgiKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRl bCk7CisJfQogfQogCiBzdGF0aWMgaW50CkBAIC04NTIsMTYgKzEyOTEsMjkg QEAKIAogc3RhdGljIHZvaWQKIHByaW50X2FyZzY0X3RvayhGSUxFICpmcCwg dG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LAotICAgIF9f dW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBjaGFyIHNmcm0sIGNo YXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQsICJh cmd1bWVudCIsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJp bnRfMV9ieXRlKGZwLCB0b2stPnR0LmFyZzY0Lm5vLCAiJXUiKTsKLQlwcmlu dF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF84X2J5dGVzKGZwLCB0b2stPnR0 LmFyZzY0LnZhbCwgIjB4JWxseCIpOwotCXByaW50X2RlbGltKGZwLCBkZWwp OwotCXByaW50X3N0cmluZyhmcCwgdG9rLT50dC5hcmc2NC50ZXh0LCB0b2st PnR0LmFyZzY0Lmxlbik7CisJcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQs ICJhcmd1bWVudCIsIHJhdywgeG1sKTsKKwlpZiAoeG1sKSB7CisJCW9wZW5f YXR0cihmcCwgImFyZy1udW0iKTsKKwkJcHJpbnRfMV9ieXRlKGZwLCB0b2st PnR0LmFyZzY0Lm5vLCAiJXUiKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9w ZW5fYXR0cihmcCwgInZhbHVlIik7CisJCXByaW50XzhfYnl0ZXMoZnAsIHRv ay0+dHQuYXJnNjQudmFsLCAiMHglbGx4Iik7CisJCWNsb3NlX2F0dHIoZnAp OworCQlvcGVuX2F0dHIoZnAsICJkZXNjIik7CisJCXByaW50X3N0cmluZyhm cCwgdG9rLT50dC5hcmc2NC50ZXh0LCB0b2stPnR0LmFyZzY0Lmxlbik7CisJ CWNsb3NlX2F0dHIoZnApOworCQljbG9zZV90YWcoZnAsIHRvay0+aWQpOwor CX0gZWxzZSB7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF8x X2J5dGUoZnAsIHRvay0+dHQuYXJnNjQubm8sICIldSIpOworCQlwcmludF9k ZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfOF9ieXRlcyhmcCwgdG9rLT50dC5h cmc2NC52YWwsICIweCVsbHgiKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7 CisJCXByaW50X3N0cmluZyhmcCwgdG9rLT50dC5hcmc2NC50ZXh0LCB0b2st PnR0LmFyZzY0Lmxlbik7CisJfQogfQogCiAvKgpAQCAtOTI0LDE1ICsxMzc2 LDE2IEBACiAKIHN0YXRpYyB2b2lkCiBwcmludF9hcmJfdG9rKEZJTEUgKmZw LCB0b2tlbnN0cl90ICp0b2ssIGNoYXIgKmRlbCwgY2hhciByYXcsCi0gICAg X191bnVzZWQgY2hhciBzZnJtKQorICAgIF9fdW51c2VkIGNoYXIgc2ZybSwg Y2hhciB4bWwpCiB7CiAJY2hhciAqc3RyOwogCWNoYXIgKmZvcm1hdDsKIAlz aXplX3Qgc2l6ZTsKIAlpbnQgaTsKIAotCXByaW50X3Rva190eXBlKGZwLCB0 b2stPmlkLCAiYXJiaXRyYXJ5IiwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwg ZGVsKTsKKwlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgImFyYml0cmFy eSIsIHJhdywgeG1sKTsgCisJaWYgKCF4bWwpCisJCXByaW50X2RlbGltKGZw LCBkZWwpOwogCiAJc3dpdGNoKHRvay0+dHQuYXJiLmhvd3RvcHIpIHsKIAlj YXNlIEFVUF9CSU5BUlk6CkBAIC05NjQsNTYgKzE0MTcsMTE3IEBACiAJCXJl dHVybjsKIAl9CiAKLQlwcmludF9zdHJpbmcoZnAsIHN0ciwgc3RybGVuKHN0 cikpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOworCWlmICh4bWwpIHsKKwkJ b3Blbl9hdHRyKGZwLCAicHJpbnQiKTsKKwkJZnByaW50ZihmcCwgIiVzIixz dHIpOworCQljbG9zZV9hdHRyKGZwKTsKKwl9IGVsc2UgeworCQlwcmludF9z dHJpbmcoZnAsIHN0ciwgc3RybGVuKHN0cikpOworCQlwcmludF9kZWxpbShm cCwgZGVsKTsKKwl9CiAJc3dpdGNoKHRvay0+dHQuYXJiLmJ1KSB7CiAJY2Fz ZSBBVVJfQllURToKIAkvKiBjYXNlIEFVUl9DSEFSOiAqLwogCQlzdHIgPSAi Ynl0ZSI7CiAJCXNpemUgPSBBVVJfQllURV9TSVpFOwotCQlwcmludF9zdHJp bmcoZnAsIHN0ciwgc3RybGVuKHN0cikpOwotCQlwcmludF9kZWxpbShmcCwg ZGVsKTsKLQkJcHJpbnRfMV9ieXRlKGZwLCB0b2stPnR0LmFyYi51YywgIiV1 Iik7Ci0JCXByaW50X2RlbGltKGZwLCBkZWwpOwotCQlmb3IgKGkgPSAwOyBp PHRvay0+dHQuYXJiLnVjOyBpKyspCi0JCQlmcHJpbnRmKGZwLCBmb3JtYXQs ICoodG9rLT50dC5hcmIuZGF0YSArIChzaXplICogaSkpKTsKKwkJaWYgKHht bCkgeworCQkJb3Blbl9hdHRyKGZwLCAidHlwZSIpOworCQkJZnByaW50Zihm cCwgIiV1Iiwgc2l6ZSk7CisJCQljbG9zZV9hdHRyKGZwKTsKKwkJCW9wZW5f YXR0cihmcCwgImNvdW50Iik7CisJCQlwcmludF8xX2J5dGUoZnAsIHRvay0+ dHQuYXJiLnVjLCAiJXUiKTsKKwkJCWNsb3NlX2F0dHIoZnApOworCQkJZnBy aW50ZihmcCwgIj4iKTsKKwkJCWZvciAoaSA9IDA7IGk8dG9rLT50dC5hcmIu dWM7IGkrKykKKwkJCQlmcHJpbnRmKGZwLCBmb3JtYXQsICoodG9rLT50dC5h cmIuZGF0YSArIChzaXplICogaSkpKTsKKwkJCWNsb3NlX3RhZyhmcCwgdG9r LT5pZCk7CisJCX0gZWxzZSB7CisJCQlwcmludF9zdHJpbmcoZnAsIHN0ciwg c3RybGVuKHN0cikpOworCQkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCQlw cmludF8xX2J5dGUoZnAsIHRvay0+dHQuYXJiLnVjLCAiJXUiKTsKKwkJCXBy aW50X2RlbGltKGZwLCBkZWwpOworCQkJZm9yIChpID0gMDsgaTx0b2stPnR0 LmFyYi51YzsgaSsrKQorCQkJCWZwcmludGYoZnAsIGZvcm1hdCwgKih0b2st PnR0LmFyYi5kYXRhICsgKHNpemUgKiBpKSkpOworCQl9CiAJCWJyZWFrOwog CiAJY2FzZSBBVVJfU0hPUlQ6CiAJCXN0ciA9ICJzaG9ydCI7CiAJCXNpemUg PSBBVVJfU0hPUlRfU0laRTsKLQkJcHJpbnRfc3RyaW5nKGZwLCBzdHIsIHN0 cmxlbihzdHIpKTsKLQkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JCXByaW50 XzFfYnl0ZShmcCwgdG9rLT50dC5hcmIudWMsICIldSIpOwotCQlwcmludF9k ZWxpbShmcCwgZGVsKTsKLQkJZm9yIChpID0gMDsgaSA8IHRvay0+dHQuYXJi LnVjOyBpKyspCi0JCQlmcHJpbnRmKGZwLCBmb3JtYXQsICooKHVfaW50MTZf dCAqKSh0b2stPnR0LmFyYi5kYXRhICsKLQkJCSAgICAoc2l6ZSAqIGkpKSkp OworCQlpZiAoeG1sKSB7CisJCQlvcGVuX2F0dHIoZnAsICJ0eXBlIik7CisJ CQlmcHJpbnRmKGZwLCAiJXUiLCBzaXplKTsKKwkJCWNsb3NlX2F0dHIoZnAp OworCQkJb3Blbl9hdHRyKGZwLCAiY291bnQiKTsKKwkJCXByaW50XzFfYnl0 ZShmcCwgdG9rLT50dC5hcmIudWMsICIldSIpOworCQkJY2xvc2VfYXR0cihm cCk7CisJCQlmcHJpbnRmKGZwLCAiPiIpOworCQkJZm9yIChpID0gMDsgaSA8 IHRvay0+dHQuYXJiLnVjOyBpKyspCisJCQkJZnByaW50ZihmcCwgZm9ybWF0 LCAqKCh1X2ludDE2X3QgKikodG9rLT50dC5hcmIuZGF0YSArCisJCQkJCShz aXplICogaSkpKSk7CisJCQljbG9zZV90YWcoZnAsIHRvay0+aWQpOworCQl9 IGVsc2UgeworCQkJcHJpbnRfc3RyaW5nKGZwLCBzdHIsIHN0cmxlbihzdHIp KTsKKwkJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQkJcHJpbnRfMV9ieXRl KGZwLCB0b2stPnR0LmFyYi51YywgIiV1Iik7CisJCQlwcmludF9kZWxpbShm cCwgZGVsKTsKKwkJCWZvciAoaSA9IDA7IGkgPCB0b2stPnR0LmFyYi51Yzsg aSsrKQorCQkJCWZwcmludGYoZnAsIGZvcm1hdCwgKigodV9pbnQxNl90ICop KHRvay0+dHQuYXJiLmRhdGEgKworCQkJCQkoc2l6ZSAqIGkpKSkpOworCQl9 CiAJCWJyZWFrOwogCiAJY2FzZSBBVVJfSU5UMzI6CiAJLyogY2FzZSBBVVJf SU5UOiAqLwogCQlzdHIgPSAiaW50IjsKIAkJc2l6ZSA9IEFVUl9JTlQzMl9T SVpFOwotCQlwcmludF9zdHJpbmcoZnAsIHN0ciwgc3RybGVuKHN0cikpOwot CQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQkJcHJpbnRfMV9ieXRlKGZwLCB0 b2stPnR0LmFyYi51YywgIiV1Iik7Ci0JCXByaW50X2RlbGltKGZwLCBkZWwp OwotCQlmb3IgKGkgPSAwOyBpIDwgdG9rLT50dC5hcmIudWM7IGkrKykKLQkJ CWZwcmludGYoZnAsIGZvcm1hdCwgKigodV9pbnQzMl90ICopKHRvay0+dHQu YXJiLmRhdGEgKwotCQkJICAgIChzaXplICogaSkpKSk7CisJCWlmICh4bWwp IHsKKwkJCW9wZW5fYXR0cihmcCwgInR5cGUiKTsKKwkJCWZwcmludGYoZnAs ICIldSIsIHNpemUpOworCQkJY2xvc2VfYXR0cihmcCk7CisJCQlvcGVuX2F0 dHIoZnAsICJjb3VudCIpOworCQkJcHJpbnRfMV9ieXRlKGZwLCB0b2stPnR0 LmFyYi51YywgIiV1Iik7CisJCQljbG9zZV9hdHRyKGZwKTsKKwkJCWZwcmlu dGYoZnAsICI+Iik7CisJCQlmb3IgKGkgPSAwOyBpIDwgdG9rLT50dC5hcmIu dWM7IGkrKykKKwkJCQlmcHJpbnRmKGZwLCBmb3JtYXQsICooKHVfaW50MzJf dCAqKSh0b2stPnR0LmFyYi5kYXRhICsKKwkJCQkJKHNpemUgKiBpKSkpKTsK KwkJCWNsb3NlX3RhZyhmcCwgdG9rLT5pZCk7CisJCX0gZWxzZSB7CisJCQlw cmludF9zdHJpbmcoZnAsIHN0ciwgc3RybGVuKHN0cikpOworCQkJcHJpbnRf ZGVsaW0oZnAsIGRlbCk7CisJCQlwcmludF8xX2J5dGUoZnAsIHRvay0+dHQu YXJiLnVjLCAiJXUiKTsKKwkJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQkJ Zm9yIChpID0gMDsgaSA8IHRvay0+dHQuYXJiLnVjOyBpKyspCisJCQkJZnBy aW50ZihmcCwgZm9ybWF0LCAqKCh1X2ludDMyX3QgKikodG9rLT50dC5hcmIu ZGF0YSArCisJCQkJCShzaXplICogaSkpKSk7CisJCX0KIAkJYnJlYWs7CiAK IAljYXNlIEFVUl9JTlQ2NDoKIAkJc3RyID0gImludDY0IjsKIAkJc2l6ZSA9 IEFVUl9JTlQ2NF9TSVpFOwotCQlwcmludF9zdHJpbmcoZnAsIHN0ciwgc3Ry bGVuKHN0cikpOwotCQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQkJcHJpbnRf MV9ieXRlKGZwLCB0b2stPnR0LmFyYi51YywgIiV1Iik7Ci0JCXByaW50X2Rl bGltKGZwLCBkZWwpOwotCQlmb3IgKGkgPSAwOyBpIDwgdG9rLT50dC5hcmIu dWM7IGkrKykKLQkJCWZwcmludGYoZnAsIGZvcm1hdCwgKigodV9pbnQ2NF90 ICopKHRvay0+dHQuYXJiLmRhdGEgKwotCQkJICAgIChzaXplICogaSkpKSk7 CisJCWlmICh4bWwpIHsKKwkJCW9wZW5fYXR0cihmcCwgInR5cGUiKTsKKwkJ CWZwcmludGYoZnAsICIldSIsIHNpemUpOworCQkJY2xvc2VfYXR0cihmcCk7 CisJCQlvcGVuX2F0dHIoZnAsICJjb3VudCIpOworCQkJcHJpbnRfMV9ieXRl KGZwLCB0b2stPnR0LmFyYi51YywgIiV1Iik7CisJCQljbG9zZV9hdHRyKGZw KTsKKwkJCWZwcmludGYoZnAsICI+Iik7CisJCQlmb3IgKGkgPSAwOyBpIDwg dG9rLT50dC5hcmIudWM7IGkrKykKKwkJCQlmcHJpbnRmKGZwLCBmb3JtYXQs ICooKHVfaW50NjRfdCAqKSh0b2stPnR0LmFyYi5kYXRhICsKKwkJCQkJKHNp emUgKiBpKSkpKTsKKwkJCWNsb3NlX3RhZyhmcCwgdG9rLT5pZCk7CisJCX0g ZWxzZSB7CisJCQlwcmludF9zdHJpbmcoZnAsIHN0ciwgc3RybGVuKHN0cikp OworCQkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCQlwcmludF8xX2J5dGUo ZnAsIHRvay0+dHQuYXJiLnVjLCAiJXUiKTsKKwkJCXByaW50X2RlbGltKGZw LCBkZWwpOworCQkJZm9yIChpID0gMDsgaSA8IHRvay0+dHQuYXJiLnVjOyBp KyspCisJCQkJZnByaW50ZihmcCwgZm9ybWF0LCAqKCh1X2ludDY0X3QgKiko dG9rLT50dC5hcmIuZGF0YSArCisJCQkJCShzaXplICogaSkpKSk7CisJCX0K IAkJYnJlYWs7CiAKIAlkZWZhdWx0OgpAQCAtMTA2MywyMiArMTU3Nyw0NCBA QAogCiBzdGF0aWMgdm9pZAogcHJpbnRfYXR0cjMyX3RvayhGSUxFICpmcCwg dG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LAotICAgIF9f dW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBjaGFyIHNmcm0sIGNo YXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQsICJh dHRyaWJ1dGUiLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXBy aW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuYXR0cjMyLm1vZGUsICIlbyIpOwot CXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X3VzZXIoZnAsIHRvay0+ dHQuYXR0cjMyLnVpZCwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsK LQlwcmludF9ncm91cChmcCwgdG9rLT50dC5hdHRyMzIuZ2lkLCByYXcpOwot CXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50XzRfYnl0ZXMoZnAsIHRv ay0+dHQuYXR0cjMyLmZzaWQsICIldSIpOwotCXByaW50X2RlbGltKGZwLCBk ZWwpOwotCXByaW50XzhfYnl0ZXMoZnAsIHRvay0+dHQuYXR0cjMyLm5pZCwg IiVsbGQiKTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF80X2J5 dGVzKGZwLCB0b2stPnR0LmF0dHIzMi5kZXYsICIldSIpOworCXByaW50X3Rv a190eXBlKGZwLCB0b2stPmlkLCAiYXR0cmlidXRlIiwgcmF3LCB4bWwpOwor CWlmICh4bWwpIHsKKwkJb3Blbl9hdHRyKGZwLCAibW9kZSIpOworCQlwcmlu dF80X2J5dGVzKGZwLCB0b2stPnR0LmF0dHIzMi5tb2RlLCAiJW8iKTsKKwkJ Y2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgInVpZCIpOworCQlw cmludF91c2VyKGZwLCB0b2stPnR0LmF0dHIzMi51aWQsIHJhdyk7CisJCWNs b3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJnaWQiKTsKKwkJcHJp bnRfZ3JvdXAoZnAsIHRvay0+dHQuYXR0cjMyLmdpZCwgcmF3KTsKKwkJY2xv c2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgImZzaWQiKTsKKwkJcHJp bnRfNF9ieXRlcyhmcCwgdG9rLT50dC5hdHRyMzIuZnNpZCwgIiV1Iik7CisJ CWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJub2RlaWQiKTsK KwkJcHJpbnRfOF9ieXRlcyhmcCwgdG9rLT50dC5hdHRyMzIubmlkLCAiJWxs ZCIpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAiZGV2 aWNlIik7CisJCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuYXR0cjMyLmRl diwgIiV1Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQljbG9zZV90YWcoZnAs IHRvay0+aWQpOworCX0gZWxzZSB7CisJCXByaW50X2RlbGltKGZwLCBkZWwp OworCQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LmF0dHIzMi5tb2RlLCAi JW8iKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X3VzZXIo ZnAsIHRvay0+dHQuYXR0cjMyLnVpZCwgcmF3KTsKKwkJcHJpbnRfZGVsaW0o ZnAsIGRlbCk7CisJCXByaW50X2dyb3VwKGZwLCB0b2stPnR0LmF0dHIzMi5n aWQsIHJhdyk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF80 X2J5dGVzKGZwLCB0b2stPnR0LmF0dHIzMi5mc2lkLCAiJXUiKTsKKwkJcHJp bnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50XzhfYnl0ZXMoZnAsIHRvay0+ dHQuYXR0cjMyLm5pZCwgIiVsbGQiKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRl bCk7CisJCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuYXR0cjMyLmRldiwg IiV1Iik7CisJfQogfQogCiAvKgpAQCAtMTEyMywyMiArMTY1OSw0NCBAQAog CiBzdGF0aWMgdm9pZAogcHJpbnRfYXR0cjY0X3RvayhGSUxFICpmcCwgdG9r ZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LAotICAgIF9fdW51 c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBjaGFyIHNmcm0sIGNoYXIg eG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQsICJhdHRy aWJ1dGUiLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50 XzRfYnl0ZXMoZnAsIHRvay0+dHQuYXR0cjY0Lm1vZGUsICIlbyIpOwotCXBy aW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X3VzZXIoZnAsIHRvay0+dHQu YXR0cjY0LnVpZCwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlw cmludF9ncm91cChmcCwgdG9rLT50dC5hdHRyNjQuZ2lkLCByYXcpOwotCXBy aW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+ dHQuYXR0cjY0LmZzaWQsICIldSIpOwotCXByaW50X2RlbGltKGZwLCBkZWwp OwotCXByaW50XzhfYnl0ZXMoZnAsIHRvay0+dHQuYXR0cjY0Lm5pZCwgIiVs bGQiKTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF84X2J5dGVz KGZwLCB0b2stPnR0LmF0dHI2NC5kZXYsICIlbGx1Iik7CisJcHJpbnRfdG9r X3R5cGUoZnAsIHRvay0+aWQsICJhdHRyaWJ1dGUiLCByYXcsIHhtbCk7CisJ aWYgKHhtbCkgeworCQlvcGVuX2F0dHIoZnAsICJtb2RlIik7CisJCXByaW50 XzRfYnl0ZXMoZnAsIHRvay0+dHQuYXR0cjY0Lm1vZGUsICIlbyIpOworCQlj bG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAidWlkIik7CisJCXBy aW50X3VzZXIoZnAsIHRvay0+dHQuYXR0cjY0LnVpZCwgcmF3KTsKKwkJY2xv c2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgImdpZCIpOworCQlwcmlu dF9ncm91cChmcCwgdG9rLT50dC5hdHRyNjQuZ2lkLCByYXcpOworCQljbG9z ZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAiZnNpZCIpOworCQlwcmlu dF80X2J5dGVzKGZwLCB0b2stPnR0LmF0dHI2NC5mc2lkLCAiJXUiKTsKKwkJ Y2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgIm5vZGVpZCIpOwor CQlwcmludF84X2J5dGVzKGZwLCB0b2stPnR0LmF0dHI2NC5uaWQsICIlbGxk Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJkZXZp Y2UiKTsKKwkJcHJpbnRfOF9ieXRlcyhmcCwgdG9rLT50dC5hdHRyNjQuZGV2 LCAiJWxsdSIpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJY2xvc2VfdGFnKGZw LCB0b2stPmlkKTsKKwl9IGVsc2UgeworCQlwcmludF9kZWxpbShmcCwgZGVs KTsKKwkJcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5hdHRyNjQubW9kZSwg IiVvIik7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF91c2Vy KGZwLCB0b2stPnR0LmF0dHI2NC51aWQsIHJhdyk7CisJCXByaW50X2RlbGlt KGZwLCBkZWwpOworCQlwcmludF9ncm91cChmcCwgdG9rLT50dC5hdHRyNjQu Z2lkLCByYXcpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRf NF9ieXRlcyhmcCwgdG9rLT50dC5hdHRyNjQuZnNpZCwgIiV1Iik7CisJCXBy aW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF84X2J5dGVzKGZwLCB0b2st PnR0LmF0dHI2NC5uaWQsICIlbGxkIik7CisJCXByaW50X2RlbGltKGZwLCBk ZWwpOworCQlwcmludF84X2J5dGVzKGZwLCB0b2stPnR0LmF0dHI2NC5kZXYs ICIlbGx1Iik7CisJfQogfQogCiAvKgpAQCAtMTE2MywxNCArMTcyMSwyNCBA QAogCiBzdGF0aWMgdm9pZAogcHJpbnRfZXhpdF90b2soRklMRSAqZnAsIHRv a2Vuc3RyX3QgKnRvaywgY2hhciAqZGVsLCBjaGFyIHJhdywKLSAgICBfX3Vu dXNlZCBjaGFyIHNmcm0pCisgICAgX191bnVzZWQgY2hhciBzZnJtLCBjaGFy IHhtbCkKIHsKIAotCXByaW50X3Rva190eXBlKGZwLCB0b2stPmlkLCAiZXhp dCIsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfZXJy dmFsKGZwLCB0b2stPnR0LmV4aXQuc3RhdHVzKTsKLQlwcmludF9kZWxpbShm cCwgZGVsKTsKLQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LmV4aXQucmV0 LCAiJXUiKTsKKwlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgImV4aXQi LCByYXcsIHhtbCk7IAorCWlmICh4bWwpIHsKKwkJb3Blbl9hdHRyKGZwLCAi ZXJydmFsIik7CisJCXByaW50X2VycnZhbChmcCwgdG9rLT50dC5leGl0LnN0 YXR1cyk7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJy ZXR2YWwiKTsKKwkJcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5leGl0LnJl dCwgIiV1Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQljbG9zZV90YWcoZnAs IHRvay0+aWQpOworCX0gZWxzZSB7CisJCXByaW50X2RlbGltKGZwLCBkZWwp OworCQlwcmludF9lcnJ2YWwoZnAsIHRvay0+dHQuZXhpdC5zdGF0dXMpOwor CQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfNF9ieXRlcyhmcCwg dG9rLT50dC5leGl0LnJldCwgIiV1Iik7CisJfQogfQogCiAvKgpAQCAtMTIx MSwxNiArMTc3OSwyNSBAQAogCiBzdGF0aWMgdm9pZAogcHJpbnRfZXhlY2Fy Z190b2soRklMRSAqZnAsIHRva2Vuc3RyX3QgKnRvaywgY2hhciAqZGVsLCBj aGFyIHJhdywKLSAgICBfX3VudXNlZCBjaGFyIHNmcm0pCisgICAgX191bnVz ZWQgY2hhciBzZnJtLCBjaGFyIHhtbCkKIHsKIAlpbnQgaTsKIAotCXByaW50 X3Rva190eXBlKGZwLCB0b2stPmlkLCAiZXhlYyBhcmciLCByYXcpOworCXBy aW50X3Rva190eXBlKGZwLCB0b2stPmlkLCAiZXhlYyBhcmciLCByYXcsIHht bCk7IAogCWZvciAoaSA9IDA7IGkgPCB0b2stPnR0LmV4ZWNhcmcuY291bnQ7 IGkrKykgewotCQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQkJcHJpbnRfc3Ry aW5nKGZwLCB0b2stPnR0LmV4ZWNhcmcudGV4dFtpXSwKLQkJICAgIHN0cmxl bih0b2stPnR0LmV4ZWNhcmcudGV4dFtpXSkpOworCQlpZiAoeG1sKSB7CisJ CQlmcHJpbnRmKGZwLCAiPGFyZz4iKTsKKwkJCXByaW50X3N0cmluZyhmcCwg dG9rLT50dC5leGVjYXJnLnRleHRbaV0sCisJCQkJc3RybGVuKHRvay0+dHQu ZXhlY2FyZy50ZXh0W2ldKSk7CisJCQlmcHJpbnRmKGZwLCAiPC9hcmc+Iik7 CisJCX0gZWxzZSB7CisJCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJCXBy aW50X3N0cmluZyhmcCwgdG9rLT50dC5leGVjYXJnLnRleHRbaV0sCisJCQkJ c3RybGVuKHRvay0+dHQuZXhlY2FyZy50ZXh0W2ldKSk7CisJCX0KIAl9CisJ aWYgKHhtbCkKKwkJY2xvc2VfdGFnKGZwLCB0b2stPmlkKTsKIH0KIAogLyoK QEAgLTEyNjEsMTYgKzE4MzgsMjUgQEAKIAogc3RhdGljIHZvaWQKIHByaW50 X2V4ZWNlbnZfdG9rKEZJTEUgKmZwLCB0b2tlbnN0cl90ICp0b2ssIGNoYXIg KmRlbCwgY2hhciByYXcsCi0gICAgX191bnVzZWQgY2hhciBzZnJtKQorICAg IF9fdW51c2VkIGNoYXIgc2ZybSwgY2hhciB4bWwpCiB7CiAJaW50IGk7CiAK LQlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgImV4ZWMgZW52IiwgcmF3 KTsKKwlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgImV4ZWMgZW52Iiwg cmF3LCB4bWwpOyAKIAlmb3IgKGkgPSAwOyBpPCB0b2stPnR0LmV4ZWNlbnYu Y291bnQ7IGkrKykgewotCQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQkJcHJp bnRfc3RyaW5nKGZwLCB0b2stPnR0LmV4ZWNlbnYudGV4dFtpXSwKLQkJICAg IHN0cmxlbih0b2stPnR0LmV4ZWNlbnYudGV4dFtpXSkpOworCQlpZiAoeG1s KSB7CisJCQlmcHJpbnRmKGZwLCAiPGVudj4iKTsKKwkJCXByaW50X3N0cmlu ZyhmcCwgdG9rLT50dC5leGVjZW52LnRleHRbaV0sCisJCQkJc3RybGVuKHRv ay0+dHQuZXhlY2Vudi50ZXh0W2ldKSk7CisJCQlmcHJpbnRmKGZwLCAiPC9l bnY+Iik7CisJCX0gZWxzZSB7CisJCQlwcmludF9kZWxpbShmcCwgZGVsKTsK KwkJCXByaW50X3N0cmluZyhmcCwgdG9rLT50dC5leGVjZW52LnRleHRbaV0s CisJCQkJc3RybGVuKHRvay0+dHQuZXhlY2Vudi50ZXh0W2ldKSk7CisJCX0K IAl9CisJaWYgKHhtbCkKKwkJY2xvc2VfdGFnKGZwLCB0b2stPmlkKTsKIH0K IAogLyoKQEAgLTEzMDUsMTYgKzE4OTEsMjggQEAKIAogc3RhdGljIHZvaWQK IHByaW50X2ZpbGVfdG9rKEZJTEUgKmZwLCB0b2tlbnN0cl90ICp0b2ssIGNo YXIgKmRlbCwgY2hhciByYXcsCi0gICAgX191bnVzZWQgY2hhciBzZnJtKQor ICAgIF9fdW51c2VkIGNoYXIgc2ZybSwgY2hhciB4bWwpCiB7CiAKLQlwcmlu dF90b2tfdHlwZShmcCwgdG9rLT5pZCwgImZpbGUiLCByYXcpOwotCXByaW50 X2RlbGltKGZwLCBkZWwpOwotCXByaW50X3NlYzMyKGZwLCB0b2stPnR0LmZp bGUucywgcmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF9t c2VjMzIoZnAsIHRvay0+dHQuZmlsZS5tcywgcmF3KTsKLQlwcmludF9kZWxp bShmcCwgZGVsKTsKLQlwcmludF9zdHJpbmcoZnAsIHRvay0+dHQuZmlsZS5u YW1lLCB0b2stPnR0LmZpbGUubGVuKTsKKwlwcmludF90b2tfdHlwZShmcCwg dG9rLT5pZCwgImZpbGUiLCByYXcsIHhtbCk7IAorCWlmICh4bWwpIHsKKwkJ b3Blbl9hdHRyKGZwLCAidGltZSIpOworCQlwcmludF9zZWMzMihmcCwgdG9r LT50dC5maWxlLnMsIHJhdyk7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVu X2F0dHIoZnAsICJtc2VjIik7CisJCXByaW50X21zZWMzMihmcCwgdG9rLT50 dC5maWxlLm1zLCByYXcpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJZnByaW50 ZihmcCwgIj4iKTsKKwkJcHJpbnRfc3RyaW5nKGZwLCB0b2stPnR0LmZpbGUu bmFtZSwgdG9rLT50dC5maWxlLmxlbik7CisJCWNsb3NlX3RhZyhmcCwgdG9r LT5pZCk7CisJfSBlbHNlIHsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJ CXByaW50X3NlYzMyKGZwLCB0b2stPnR0LmZpbGUucywgcmF3KTsKKwkJcHJp bnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X21zZWMzMihmcCwgdG9rLT50 dC5maWxlLm1zLCByYXcpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJ cHJpbnRfc3RyaW5nKGZwLCB0b2stPnR0LmZpbGUubmFtZSwgdG9rLT50dC5m aWxlLmxlbik7CisJfQogfQogCiAvKgpAQCAtMTM0MywxNCArMTk0MSwyMSBA QAogCiBzdGF0aWMgdm9pZAogcHJpbnRfbmV3Z3JvdXBzX3RvayhGSUxFICpm cCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LAotICAg IF9fdW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBjaGFyIHNmcm0s IGNoYXIgeG1sKQogewogCWludCBpOwogCi0JcHJpbnRfdG9rX3R5cGUoZnAs IHRvay0+aWQsICJncm91cCIsIHJhdyk7CisJcHJpbnRfdG9rX3R5cGUoZnAs IHRvay0+aWQsICJncm91cCIsIHJhdywgeG1sKTsgCiAJZm9yIChpID0gMDsg aSA8IHRvay0+dHQuZ3Jwcy5ubzsgaSsrKSB7Ci0JCXByaW50X2RlbGltKGZw LCBkZWwpOwotCQlwcmludF9ncm91cChmcCwgdG9rLT50dC5ncnBzLmxpc3Rb aV0sIHJhdyk7CisJCWlmICh4bWwpIHsKKwkJCWZwcmludGYoZnAsICI8Z2lk PiIpOworCQkJcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQuZ3Jwcy5saXN0W2ld LCByYXcpOworCQkJZnByaW50ZihmcCwgIjwvZ2lkPiIpOworCQkJY2xvc2Vf dGFnKGZwLCB0b2stPmlkKTsKKwkJfSBlbHNlIHsKKwkJCXByaW50X2RlbGlt KGZwLCBkZWwpOworCQkJcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQuZ3Jwcy5s aXN0W2ldLCByYXcpOworCQl9CiAJfQogfQogCkBAIC0xMzczLDEyICsxOTc4 LDE3IEBACiAKIHN0YXRpYyB2b2lkCiBwcmludF9pbmFkZHJfdG9rKEZJTEUg KmZwLCB0b2tlbnN0cl90ICp0b2ssIGNoYXIgKmRlbCwgY2hhciByYXcsCi0g ICAgX191bnVzZWQgY2hhciBzZnJtKQorICAgIF9fdW51c2VkIGNoYXIgc2Zy bSwgY2hhciB4bWwpCiB7CiAKLQlwcmludF90b2tfdHlwZShmcCwgdG9rLT5p ZCwgImlwIGFkZHIiLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwot CXByaW50X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQuaW5hZGRyLmFkZHIpOwor CXByaW50X3Rva190eXBlKGZwLCB0b2stPmlkLCAiaXAgYWRkciIsIHJhdywg eG1sKTsKKwlpZiAoeG1sKSB7CisJCXByaW50X2lwX2FkZHJlc3MoZnAsIHRv ay0+dHQuaW5hZGRyLmFkZHIpOworCQljbG9zZV90YWcoZnAsIHRvay0+aWQp OworCX0gZWxzZSB7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmlu dF9pcF9hZGRyZXNzKGZwLCB0b2stPnR0LmluYWRkci5hZGRyKTsKKwl9CiB9 CiAKIC8qCkBAIC0xNDEyLDEzICsyMDIyLDE5IEBACiAKIHN0YXRpYyB2b2lk CiBwcmludF9pbmFkZHJfZXhfdG9rKEZJTEUgKmZwLCB0b2tlbnN0cl90ICp0 b2ssIGNoYXIgKmRlbCwgY2hhciByYXcsCi0gICAgX191bnVzZWQgY2hhciBz ZnJtKQorICAgIF9fdW51c2VkIGNoYXIgc2ZybSwgY2hhciB4bWwpCiB7CiAK LQlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgImlwIGFkZHIgZXgiLCBy YXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2lwX2V4X2Fk ZHJlc3MoZnAsIHRvay0+dHQuaW5hZGRyX2V4LnR5cGUsCi0JICAgIHRvay0+ dHQuaW5hZGRyX2V4LmFkZHIpOworCXByaW50X3Rva190eXBlKGZwLCB0b2st PmlkLCAiaXAgYWRkciBleCIsIHJhdywgeG1sKTsgCisJaWYgKHhtbCkgewor CQlwcmludF9pcF9leF9hZGRyZXNzKGZwLCB0b2stPnR0LmluYWRkcl9leC50 eXBlLAorCQkJdG9rLT50dC5pbmFkZHJfZXguYWRkcik7CisJCWNsb3NlX3Rh ZyhmcCwgdG9rLT5pZCk7CisJfSBlbHNlIHsKKwkJcHJpbnRfZGVsaW0oZnAs IGRlbCk7CisJCXByaW50X2lwX2V4X2FkZHJlc3MoZnAsIHRvay0+dHQuaW5h ZGRyX2V4LnR5cGUsCisJCQl0b2stPnR0LmluYWRkcl9leC5hZGRyKTsKKwl9 CiB9CiAKIC8qCkBAIC0xNDgwLDMwICsyMDk2LDY0IEBACiAKIHN0YXRpYyB2 b2lkCiBwcmludF9pcF90b2soRklMRSAqZnAsIHRva2Vuc3RyX3QgKnRvaywg Y2hhciAqZGVsLCBjaGFyIHJhdywKLSAgICBfX3VudXNlZCBjaGFyIHNmcm0p CisgICAgX191bnVzZWQgY2hhciBzZnJtLCBjaGFyIHhtbCkKIHsKIAotCXBy aW50X3Rva190eXBlKGZwLCB0b2stPmlkLCAiaXAiLCByYXcpOwotCXByaW50 X2RlbGltKGZwLCBkZWwpOwotCXByaW50X21lbShmcCwgKHVfY2hhciAqKSgm dG9rLT50dC5pcC52ZXJzaW9uKSwgc2l6ZW9mKHVfY2hhcikpOwotCXByaW50 X2RlbGltKGZwLCBkZWwpOwotCXByaW50X21lbShmcCwgKHVfY2hhciAqKSgm dG9rLT50dC5pcC50b3MpLCBzaXplb2YodV9jaGFyKSk7Ci0JcHJpbnRfZGVs aW0oZnAsIGRlbCk7Ci0JcHJpbnRfMl9ieXRlcyhmcCwgbnRvaHModG9rLT50 dC5pcC5sZW4pLCAiJXUiKTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlw cmludF8yX2J5dGVzKGZwLCBudG9ocyh0b2stPnR0LmlwLmlkKSwgIiV1Iik7 Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfMl9ieXRlcyhmcCwg bnRvaHModG9rLT50dC5pcC5vZmZzZXQpLCAiJXUiKTsKLQlwcmludF9kZWxp bShmcCwgZGVsKTsKLQlwcmludF9tZW0oZnAsICh1X2NoYXIgKikoJnRvay0+ dHQuaXAudHRsKSwgc2l6ZW9mKHVfY2hhcikpOwotCXByaW50X2RlbGltKGZw LCBkZWwpOwotCXByaW50X21lbShmcCwgKHVfY2hhciAqKSgmdG9rLT50dC5p cC5wcm90KSwgc2l6ZW9mKHVfY2hhcikpOwotCXByaW50X2RlbGltKGZwLCBk ZWwpOwotCXByaW50XzJfYnl0ZXMoZnAsIG50b2hzKHRvay0+dHQuaXAuY2hr c20pLCAiJXUiKTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF9p cF9hZGRyZXNzKGZwLCB0b2stPnR0LmlwLnNyYyk7Ci0JcHJpbnRfZGVsaW0o ZnAsIGRlbCk7Ci0JcHJpbnRfaXBfYWRkcmVzcyhmcCwgdG9rLT50dC5pcC5k ZXN0KTsKKwlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgImlwIiwgcmF3 LCB4bWwpOyAKKwlpZiAoeG1sKSB7CisJCW9wZW5fYXR0cihmcCwgInZlcnNp b24iKTsKKwkJcHJpbnRfbWVtKGZwLCAodV9jaGFyICopKCZ0b2stPnR0Lmlw LnZlcnNpb24pLCBzaXplb2YodV9jaGFyKSk7CisJCWNsb3NlX2F0dHIoZnAp OworCQlvcGVuX2F0dHIoZnAsICJzZXJ2aWNlX3R5cGUiKTsKKwkJcHJpbnRf bWVtKGZwLCAodV9jaGFyICopKCZ0b2stPnR0LmlwLnRvcyksIHNpemVvZih1 X2NoYXIpKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwg ImxlbiIpOworCQlwcmludF8yX2J5dGVzKGZwLCBudG9ocyh0b2stPnR0Lmlw LmxlbiksICIldSIpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRy KGZwLCAiaWQiKTsKKwkJcHJpbnRfMl9ieXRlcyhmcCwgbnRvaHModG9rLT50 dC5pcC5pZCksICIldSIpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9h dHRyKGZwLCAib2Zmc2V0Iik7CisJCXByaW50XzJfYnl0ZXMoZnAsIG50b2hz KHRvay0+dHQuaXAub2Zmc2V0KSwgIiV1Iik7CisJCWNsb3NlX2F0dHIoZnAp OworCQlvcGVuX2F0dHIoZnAsICJ0aW1lX3RvX2xpdmUiKTsKKwkJcHJpbnRf bWVtKGZwLCAodV9jaGFyICopKCZ0b2stPnR0LmlwLnR0bCksIHNpemVvZih1 X2NoYXIpKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwg InByb3RvY29sIik7CisJCXByaW50X21lbShmcCwgKHVfY2hhciAqKSgmdG9r LT50dC5pcC5wcm90KSwgc2l6ZW9mKHVfY2hhcikpOworCQljbG9zZV9hdHRy KGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAiY2tzdW0iKTsKKwkJcHJpbnRfMl9i eXRlcyhmcCwgbnRvaHModG9rLT50dC5pcC5jaGtzbSksICIldSIpOworCQlj bG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAic3JjX2FkZHIiKTsK KwkJcHJpbnRfaXBfYWRkcmVzcyhmcCwgdG9rLT50dC5pcC5zcmMpOworCQlj bG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAiZGVzdF9hZGRyIik7 CisJCXByaW50X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQuaXAuZGVzdCk7CisJ CWNsb3NlX2F0dHIoZnApOworCQljbG9zZV90YWcoZnAsIHRvay0+aWQpOwor CX0gZWxzZSB7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF9t ZW0oZnAsICh1X2NoYXIgKikoJnRvay0+dHQuaXAudmVyc2lvbiksIHNpemVv Zih1X2NoYXIpKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50 X21lbShmcCwgKHVfY2hhciAqKSgmdG9rLT50dC5pcC50b3MpLCBzaXplb2Yo dV9jaGFyKSk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF8y X2J5dGVzKGZwLCBudG9ocyh0b2stPnR0LmlwLmxlbiksICIldSIpOworCQlw cmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfMl9ieXRlcyhmcCwgbnRv aHModG9rLT50dC5pcC5pZCksICIldSIpOworCQlwcmludF9kZWxpbShmcCwg ZGVsKTsKKwkJcHJpbnRfMl9ieXRlcyhmcCwgbnRvaHModG9rLT50dC5pcC5v ZmZzZXQpLCAiJXUiKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXBy aW50X21lbShmcCwgKHVfY2hhciAqKSgmdG9rLT50dC5pcC50dGwpLCBzaXpl b2YodV9jaGFyKSk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmlu dF9tZW0oZnAsICh1X2NoYXIgKikoJnRvay0+dHQuaXAucHJvdCksIHNpemVv Zih1X2NoYXIpKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50 XzJfYnl0ZXMoZnAsIG50b2hzKHRvay0+dHQuaXAuY2hrc20pLCAiJXUiKTsK KwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X2lwX2FkZHJlc3Mo ZnAsIHRvay0+dHQuaXAuc3JjKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7 CisJCXByaW50X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQuaXAuZGVzdCk7CisJ fQogfQogCiAvKgpAQCAtMTUyOCwxNCArMjE3OCwyNCBAQAogCiBzdGF0aWMg dm9pZAogcHJpbnRfaXBjX3RvayhGSUxFICpmcCwgdG9rZW5zdHJfdCAqdG9r LCBjaGFyICpkZWwsIGNoYXIgcmF3LAotICAgIF9fdW51c2VkIGNoYXIgc2Zy bSkKKyAgICBfX3VudXNlZCBjaGFyIHNmcm0sIGNoYXIgeG1sKQogewogCi0J cHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQsICJJUEMiLCByYXcpOwotCXBy aW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2lwY3R5cGUoZnAsIHRvay0+ dHQuaXBjLnR5cGUsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0J cHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5pcGMuaWQsICIldSIpOworCXBy aW50X3Rva190eXBlKGZwLCB0b2stPmlkLCAiSVBDIiwgcmF3LCB4bWwpOyAK KwlpZiAoeG1sKSB7CisJCW9wZW5fYXR0cihmcCwgImlwYy10eXBlIik7CisJ CXByaW50X2lwY3R5cGUoZnAsIHRvay0+dHQuaXBjLnR5cGUsIHJhdyk7CisJ CWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJpcGMtaWQiKTsK KwkJcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5pcGMuaWQsICIldSIpOwor CQljbG9zZV9hdHRyKGZwKTsKKwkJY2xvc2VfdGFnKGZwLCB0b2stPmlkKTsK Kwl9IGVsc2UgeworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRf aXBjdHlwZShmcCwgdG9rLT50dC5pcGMudHlwZSwgcmF3KTsKKwkJcHJpbnRf ZGVsaW0oZnAsIGRlbCk7CisJCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQu aXBjLmlkLCAiJXUiKTsKKwl9CiB9CiAKIC8qCkBAIC0xNTg1LDI0ICsyMjQ1 LDQ5IEBACiAKIHN0YXRpYyB2b2lkCiBwcmludF9pcGNwZXJtX3RvayhGSUxF ICpmcCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LAot ICAgIF9fdW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBjaGFyIHNm cm0sIGNoYXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+ aWQsICJJUEMgcGVybSIsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7 Ci0JcHJpbnRfdXNlcihmcCwgdG9rLT50dC5pcGNwZXJtLnVpZCwgcmF3KTsK LQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF9ncm91cChmcCwgdG9r LT50dC5pcGNwZXJtLmdpZCwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVs KTsKLQlwcmludF91c2VyKGZwLCB0b2stPnR0LmlwY3Blcm0ucHVpZCwgcmF3 KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF9ncm91cChmcCwg dG9rLT50dC5pcGNwZXJtLnBnaWQsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAs IGRlbCk7Ci0JcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5pcGNwZXJtLm1v ZGUsICIlbyIpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50XzRf Ynl0ZXMoZnAsIHRvay0+dHQuaXBjcGVybS5zZXEsICIldSIpOwotCXByaW50 X2RlbGltKGZwLCBkZWwpOwotCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQu aXBjcGVybS5rZXksICIldSIpOworCXByaW50X3Rva190eXBlKGZwLCB0b2st PmlkLCAiSVBDIHBlcm0iLCByYXcsIHhtbCk7IAorCWlmICh4bWwpIHsKKwkJ b3Blbl9hdHRyKGZwLCAidWlkIik7CisJCXByaW50X3VzZXIoZnAsIHRvay0+ dHQuaXBjcGVybS51aWQsIHJhdyk7CisJCWNsb3NlX2F0dHIoZnApOworCQlv cGVuX2F0dHIoZnAsICJnaWQiKTsKKwkJcHJpbnRfZ3JvdXAoZnAsIHRvay0+ dHQuaXBjcGVybS5naWQsIHJhdyk7CisJCWNsb3NlX2F0dHIoZnApOworCQlv cGVuX2F0dHIoZnAsICJjcmVhdG9yLXVpZCIpOworCQlwcmludF91c2VyKGZw LCB0b2stPnR0LmlwY3Blcm0ucHVpZCwgcmF3KTsKKwkJY2xvc2VfYXR0cihm cCk7CisJCW9wZW5fYXR0cihmcCwgImNyZWF0b3ItZ2lkIik7CisJCXByaW50 X2dyb3VwKGZwLCB0b2stPnR0LmlwY3Blcm0ucGdpZCwgcmF3KTsKKwkJY2xv c2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgIm1vZGUiKTsKKwkJcHJp bnRfNF9ieXRlcyhmcCwgdG9rLT50dC5pcGNwZXJtLm1vZGUsICIlbyIpOwor CQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAic2VxIik7CisJ CXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuaXBjcGVybS5zZXEsICIldSIp OworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAia2V5Iik7 CisJCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuaXBjcGVybS5rZXksICIl dSIpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJY2xvc2VfdGFnKGZwLCB0b2st PmlkKTsKKwl9IGVsc2UgeworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJ cHJpbnRfdXNlcihmcCwgdG9rLT50dC5pcGNwZXJtLnVpZCwgcmF3KTsKKwkJ cHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X2dyb3VwKGZwLCB0b2st PnR0LmlwY3Blcm0uZ2lkLCByYXcpOworCQlwcmludF9kZWxpbShmcCwgZGVs KTsKKwkJcHJpbnRfdXNlcihmcCwgdG9rLT50dC5pcGNwZXJtLnB1aWQsIHJh dyk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF9ncm91cChm cCwgdG9rLT50dC5pcGNwZXJtLnBnaWQsIHJhdyk7CisJCXByaW50X2RlbGlt KGZwLCBkZWwpOworCQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LmlwY3Bl cm0ubW9kZSwgIiVvIik7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlw cmludF80X2J5dGVzKGZwLCB0b2stPnR0LmlwY3Blcm0uc2VxLCAiJXUiKTsK KwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50XzRfYnl0ZXMoZnAs IHRvay0+dHQuaXBjcGVybS5rZXksICIldSIpOworCX0KIH0KIAogLyoKQEAg LTE2MjMsMTIgKzIzMDgsMTggQEAKIAogc3RhdGljIHZvaWQKIHByaW50X2lw b3J0X3RvayhGSUxFICpmcCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWws IGNoYXIgcmF3LAotICAgIF9fdW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3Vu dXNlZCBjaGFyIHNmcm0sIGNoYXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5 cGUoZnAsIHRvay0+aWQsICJpcCBwb3J0IiwgcmF3KTsKLQlwcmludF9kZWxp bShmcCwgZGVsKTsKLQlwcmludF8yX2J5dGVzKGZwLCBudG9ocyh0b2stPnR0 Lmlwb3J0LnBvcnQpLCAiJSN4Iik7CisJcHJpbnRfdG9rX3R5cGUoZnAsIHRv ay0+aWQsICJpcCBwb3J0IiwgcmF3LCB4bWwpOworCWlmICh4bWwpIHsKKwkJ cHJpbnRfMl9ieXRlcyhmcCwgbnRvaHModG9rLT50dC5pcG9ydC5wb3J0KSwg IiUjeCIpOworCQljbG9zZV90YWcoZnAsIHRvay0+aWQpOworCX0gZWxzZSB7 CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF8yX2J5dGVzKGZw LCBudG9ocyh0b2stPnR0Lmlwb3J0LnBvcnQpLCAiJSN4Iik7CisJfQorCiB9 CiAKIC8qCkBAIC0xNjU0LDE0ICsyMzQ1LDE5IEBACiAKIHN0YXRpYyB2b2lk CiBwcmludF9vcGFxdWVfdG9rKEZJTEUgKmZwLCB0b2tlbnN0cl90ICp0b2ss IGNoYXIgKmRlbCwgY2hhciByYXcsCi0gICAgX191bnVzZWQgY2hhciBzZnJt KQorICAgIF9fdW51c2VkIGNoYXIgc2ZybSwgY2hhciB4bWwpCiB7CiAKLQlw cmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgIm9wYXF1ZSIsIHJhdyk7Ci0J cHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfMl9ieXRlcyhmcCwgdG9r LT50dC5vcGFxdWUuc2l6ZSwgIiV1Iik7Ci0JcHJpbnRfZGVsaW0oZnAsIGRl bCk7Ci0JcHJpbnRfbWVtKGZwLCB0b2stPnR0Lm9wYXF1ZS5kYXRhLCB0b2st PnR0Lm9wYXF1ZS5zaXplKTsKKwlwcmludF90b2tfdHlwZShmcCwgdG9rLT5p ZCwgIm9wYXF1ZSIsIHJhdywgeG1sKTsKKwlpZiAoeG1sKSB7CisJCXByaW50 X21lbShmcCwgdG9rLT50dC5vcGFxdWUuZGF0YSwgdG9rLT50dC5vcGFxdWUu c2l6ZSk7CisJCWNsb3NlX3RhZyhmcCwgdG9rLT5pZCk7CisJfSBlbHNlIHsK KwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50XzJfYnl0ZXMoZnAs IHRvay0+dHQub3BhcXVlLnNpemUsICIldSIpOworCQlwcmludF9kZWxpbShm cCwgZGVsKTsKKwkJcHJpbnRfbWVtKGZwLCB0b2stPnR0Lm9wYXF1ZS5kYXRh LCB0b2stPnR0Lm9wYXF1ZS5zaXplKTsKKwl9CiB9CiAKIC8qCkBAIC0xNjg2 LDEyICsyMzgyLDE3IEBACiAKIHN0YXRpYyB2b2lkCiBwcmludF9wYXRoX3Rv ayhGSUxFICpmcCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIg cmF3LAotICAgIF9fdW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBj aGFyIHNmcm0sIGNoYXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAs IHRvay0+aWQsICJwYXRoIiwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVs KTsKLQlwcmludF9zdHJpbmcoZnAsIHRvay0+dHQucGF0aC5wYXRoLCB0b2st PnR0LnBhdGgubGVuKTsKKwlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwg InBhdGgiLCByYXcsIHhtbCk7IAorCWlmICh4bWwpIHsKKwkJcHJpbnRfc3Ry aW5nKGZwLCB0b2stPnR0LnBhdGgucGF0aCwgdG9rLT50dC5wYXRoLmxlbik7 CisJCWNsb3NlX3RhZyhmcCwgdG9rLT5pZCk7CisJfSBlbHNlIHsKKwkJcHJp bnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X3N0cmluZyhmcCwgdG9rLT50 dC5wYXRoLnBhdGgsIHRvay0+dHQucGF0aC5sZW4pOworCX0KIH0KIAogLyoK QEAgLTE3NTQsMjggKzI0NTUsNTcgQEAKIAogc3RhdGljIHZvaWQKIHByaW50 X3Byb2Nlc3MzMl90b2soRklMRSAqZnAsIHRva2Vuc3RyX3QgKnRvaywgY2hh ciAqZGVsLCBjaGFyIHJhdywKLSAgICBfX3VudXNlZCBjaGFyIHNmcm0pCisg ICAgX191bnVzZWQgY2hhciBzZnJtLCBjaGFyIHhtbCkKIHsKIAotCXByaW50 X3Rva190eXBlKGZwLCB0b2stPmlkLCAicHJvY2VzcyIsIHJhdyk7Ci0JcHJp bnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfdXNlcihmcCwgdG9rLT50dC5w cm9jMzIuYXVpZCwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlw cmludF91c2VyKGZwLCB0b2stPnR0LnByb2MzMi5ldWlkLCByYXcpOwotCXBy aW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2dyb3VwKGZwLCB0b2stPnR0 LnByb2MzMi5lZ2lkLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwot CXByaW50X3VzZXIoZnAsIHRvay0+dHQucHJvYzMyLnJ1aWQsIHJhdyk7Ci0J cHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfZ3JvdXAoZnAsIHRvay0+ dHQucHJvYzMyLnJnaWQsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7 Ci0JcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5wcm9jMzIucGlkLCAiJXUi KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF80X2J5dGVzKGZw LCB0b2stPnR0LnByb2MzMi5zaWQsICIldSIpOwotCXByaW50X2RlbGltKGZw LCBkZWwpOwotCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQucHJvYzMyLnRp ZC5wb3J0LCAiJXUiKTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmlu dF9pcF9hZGRyZXNzKGZwLCB0b2stPnR0LnByb2MzMi50aWQuYWRkcik7CisJ cHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQsICJwcm9jZXNzIiwgcmF3LCB4 bWwpOyAKKwlpZiAoeG1sKSB7CisJCW9wZW5fYXR0cihmcCwgImF1ZGl0LXVp ZCIpOworCQlwcmludF91c2VyKGZwLCB0b2stPnR0LnByb2MzMi5hdWlkLCBy YXcpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAidWlk Iik7CisJCXByaW50X3VzZXIoZnAsIHRvay0+dHQucHJvYzMyLmV1aWQsIHJh dyk7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJnaWQi KTsKKwkJcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQucHJvYzMyLmVnaWQsIHJh dyk7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJydWlk Iik7CisJCXByaW50X3VzZXIoZnAsIHRvay0+dHQucHJvYzMyLnJ1aWQsIHJh dyk7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJyZ2lk Iik7CisJCXByaW50X2dyb3VwKGZwLCB0b2stPnR0LnByb2MzMi5yZ2lkLCBy YXcpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAicGlk Iik7CisJCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQucHJvYzMyLnBpZCwg IiV1Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJz aWQiKTsKKwkJcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5wcm9jMzIuc2lk LCAiJXUiKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwg InRpZCIpOworCQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnByb2MzMi50 aWQucG9ydCwgIiV1Iik7CisJCXByaW50X2lwX2FkZHJlc3MoZnAsIHRvay0+ dHQucHJvYzMyLnRpZC5hZGRyKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCWNs b3NlX3RhZyhmcCwgdG9rLT5pZCk7CisJfSBlbHNlIHsKKwkJcHJpbnRfZGVs aW0oZnAsIGRlbCk7CisJCXByaW50X3VzZXIoZnAsIHRvay0+dHQucHJvYzMy LmF1aWQsIHJhdyk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmlu dF91c2VyKGZwLCB0b2stPnR0LnByb2MzMi5ldWlkLCByYXcpOworCQlwcmlu dF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQu cHJvYzMyLmVnaWQsIHJhdyk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOwor CQlwcmludF91c2VyKGZwLCB0b2stPnR0LnByb2MzMi5ydWlkLCByYXcpOwor CQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfZ3JvdXAoZnAsIHRv ay0+dHQucHJvYzMyLnJnaWQsIHJhdyk7CisJCXByaW50X2RlbGltKGZwLCBk ZWwpOworCQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnByb2MzMi5waWQs ICIldSIpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfNF9i eXRlcyhmcCwgdG9rLT50dC5wcm9jMzIuc2lkLCAiJXUiKTsKKwkJcHJpbnRf ZGVsaW0oZnAsIGRlbCk7CisJCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQu cHJvYzMyLnRpZC5wb3J0LCAiJXUiKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRl bCk7CisJCXByaW50X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQucHJvYzMyLnRp ZC5hZGRyKTsKKwl9CiB9CiAKIHN0YXRpYyBpbnQKQEAgLTE4MzksMjkgKzI1 NjksNTkgQEAKIAogc3RhdGljIHZvaWQKIHByaW50X3Byb2Nlc3MzMmV4X3Rv ayhGSUxFICpmcCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIg cmF3LAotICAgIF9fdW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBj aGFyIHNmcm0sIGNoYXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAs IHRvay0+aWQsICJwcm9jZXNzX2V4IiwgcmF3KTsKLQlwcmludF9kZWxpbShm cCwgZGVsKTsKLQlwcmludF91c2VyKGZwLCB0b2stPnR0LnByb2MzMl9leC5h dWlkLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X3Vz ZXIoZnAsIHRvay0+dHQucHJvYzMyX2V4LmV1aWQsIHJhdyk7Ci0JcHJpbnRf ZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQucHJv YzMyX2V4LmVnaWQsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0J cHJpbnRfdXNlcihmcCwgdG9rLT50dC5wcm9jMzJfZXgucnVpZCwgcmF3KTsK LQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF9ncm91cChmcCwgdG9r LT50dC5wcm9jMzJfZXgucmdpZCwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwg ZGVsKTsKLQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnByb2MzMl9leC5w aWQsICIldSIpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50XzRf Ynl0ZXMoZnAsIHRvay0+dHQucHJvYzMyX2V4LnNpZCwgIiV1Iik7Ci0JcHJp bnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50 dC5wcm9jMzJfZXgudGlkLnBvcnQsICIldSIpOwotCXByaW50X2RlbGltKGZw LCBkZWwpOwotCXByaW50X2lwX2V4X2FkZHJlc3MoZnAsIHRvay0+dHQucHJv YzMyX2V4LnRpZC50eXBlLAotCSAgICB0b2stPnR0LnByb2MzMl9leC50aWQu YWRkcik7CisJcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQsICJwcm9jZXNz X2V4IiwgcmF3LCB4bWwpOyAgCisJaWYgKHhtbCkgeworCQlvcGVuX2F0dHIo ZnAsICJhdWRpdC11aWQiKTsKKwkJcHJpbnRfdXNlcihmcCwgdG9rLT50dC5w cm9jMzJfZXguYXVpZCwgcmF3KTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9w ZW5fYXR0cihmcCwgInVpZCIpOworCQlwcmludF91c2VyKGZwLCB0b2stPnR0 LnByb2MzMl9leC5ldWlkLCByYXcpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJ b3Blbl9hdHRyKGZwLCAiZ2lkIik7CisJCXByaW50X2dyb3VwKGZwLCB0b2st PnR0LnByb2MzMl9leC5lZ2lkLCByYXcpOworCQljbG9zZV9hdHRyKGZwKTsK KwkJb3Blbl9hdHRyKGZwLCAicnVpZCIpOworCQlwcmludF91c2VyKGZwLCB0 b2stPnR0LnByb2MzMl9leC5ydWlkLCByYXcpOworCQljbG9zZV9hdHRyKGZw KTsKKwkJb3Blbl9hdHRyKGZwLCAicmdpZCIpOworCQlwcmludF9ncm91cChm cCwgdG9rLT50dC5wcm9jMzJfZXgucmdpZCwgcmF3KTsKKwkJY2xvc2VfYXR0 cihmcCk7CisJCW9wZW5fYXR0cihmcCwgInBpZCIpOworCQlwcmludF80X2J5 dGVzKGZwLCB0b2stPnR0LnByb2MzMl9leC5waWQsICIldSIpOworCQljbG9z ZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAic2lkIik7CisJCXByaW50 XzRfYnl0ZXMoZnAsIHRvay0+dHQucHJvYzMyX2V4LnNpZCwgIiV1Iik7CisJ CWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJ0aWQiKTsKKwkJ cHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5wcm9jMzJfZXgudGlkLnBvcnQs ICIldSIpOworCQlwcmludF9pcF9leF9hZGRyZXNzKGZwLCB0b2stPnR0LnBy b2MzMl9leC50aWQudHlwZSwKKwkJCXRvay0+dHQucHJvYzMyX2V4LnRpZC5h ZGRyKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCWNsb3NlX3RhZyhmcCwgdG9r LT5pZCk7CisJfSBlbHNlIHsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJ CXByaW50X3VzZXIoZnAsIHRvay0+dHQucHJvYzMyX2V4LmF1aWQsIHJhdyk7 CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF91c2VyKGZwLCB0 b2stPnR0LnByb2MzMl9leC5ldWlkLCByYXcpOworCQlwcmludF9kZWxpbShm cCwgZGVsKTsKKwkJcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQucHJvYzMyX2V4 LmVnaWQsIHJhdyk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmlu dF91c2VyKGZwLCB0b2stPnR0LnByb2MzMl9leC5ydWlkLCByYXcpOworCQlw cmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfZ3JvdXAoZnAsIHRvay0+ dHQucHJvYzMyX2V4LnJnaWQsIHJhdyk7CisJCXByaW50X2RlbGltKGZwLCBk ZWwpOworCQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnByb2MzMl9leC5w aWQsICIldSIpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRf NF9ieXRlcyhmcCwgdG9rLT50dC5wcm9jMzJfZXguc2lkLCAiJXUiKTsKKwkJ cHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50XzRfYnl0ZXMoZnAsIHRv ay0+dHQucHJvYzMyX2V4LnRpZC5wb3J0LCAiJXUiKTsKKwkJcHJpbnRfZGVs aW0oZnAsIGRlbCk7CisJCXByaW50X2lwX2V4X2FkZHJlc3MoZnAsIHRvay0+ dHQucHJvYzMyX2V4LnRpZC50eXBlLAorCQkJdG9rLT50dC5wcm9jMzJfZXgu dGlkLmFkZHIpOworCX0KIH0KIAogLyoKQEAgLTE4ODYsMTQgKzI2NDYsMjQg QEAKIAogc3RhdGljIHZvaWQKIHByaW50X3JldHVybjMyX3RvayhGSUxFICpm cCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LAotICAg IF9fdW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBjaGFyIHNmcm0s IGNoYXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQs ICJyZXR1cm4iLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXBy aW50X3JldHZhbChmcCwgdG9rLT50dC5yZXQzMi5zdGF0dXMsIHJhdyk7Ci0J cHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfNF9ieXRlcyhmcCwgdG9r LT50dC5yZXQzMi5yZXQsICIldSIpOworCXByaW50X3Rva190eXBlKGZwLCB0 b2stPmlkLCAicmV0dXJuIiwgcmF3LCB4bWwpOyAKKwlpZiAoeG1sKSB7CisJ CW9wZW5fYXR0cihmcCAsImVycnZhbCIpOworCQlwcmludF9yZXR2YWwoZnAs IHRvay0+dHQucmV0MzIuc3RhdHVzLCByYXcpOworCQljbG9zZV9hdHRyKGZw KTsKKwkJb3Blbl9hdHRyKGZwLCAicmV0dmFsIik7CisJCXByaW50XzRfYnl0 ZXMoZnAsIHRvay0+dHQucmV0MzIucmV0LCAiJXUiKTsKKwkJY2xvc2VfYXR0 cihmcCk7CisJCWNsb3NlX3RhZyhmcCwgdG9rLT5pZCk7CisJfSBlbHNlIHsK KwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X3JldHZhbChmcCwg dG9rLT50dC5yZXQzMi5zdGF0dXMsIHJhdyk7CisJCXByaW50X2RlbGltKGZw LCBkZWwpOworCQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnJldDMyLnJl dCwgIiV1Iik7CisJfQogfQogCiBzdGF0aWMgaW50CkBAIC0xOTE0LDE0ICsy Njg0LDI0IEBACiAKIHN0YXRpYyB2b2lkCiBwcmludF9yZXR1cm42NF90b2so RklMRSAqZnAsIHRva2Vuc3RyX3QgKnRvaywgY2hhciAqZGVsLCBjaGFyIHJh dywKLSAgICBfX3VudXNlZCBjaGFyIHNmcm0pCisgICAgX191bnVzZWQgY2hh ciBzZnJtLCBjaGFyIHhtbCkKIHsKIAotCXByaW50X3Rva190eXBlKGZwLCB0 b2stPmlkLCAicmV0dXJuIiwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVs KTsKLQlwcmludF9yZXR2YWwoZnAsIHRvay0+dHQucmV0NjQuZXJyLCByYXcp OwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50XzhfYnl0ZXMoZnAs IHRvay0+dHQucmV0NjQudmFsLCAiJWxsZCIpOworCXByaW50X3Rva190eXBl KGZwLCB0b2stPmlkLCAicmV0dXJuIiwgcmF3LCB4bWwpOworCWlmICh4bWwp IHsKKwkJb3Blbl9hdHRyKGZwLCAiZXJydmFsIik7CisJCXByaW50X3JldHZh bChmcCwgdG9rLT50dC5yZXQ2NC5lcnIsIHJhdyk7CisJCWNsb3NlX2F0dHIo ZnApOworCQlvcGVuX2F0dHIoZnAsICJyZXR2YWwiKTsKKwkJcHJpbnRfOF9i eXRlcyhmcCwgdG9rLT50dC5yZXQ2NC52YWwsICIlbGxkIik7CisJCWNsb3Nl X2F0dHIoZnApOworCQljbG9zZV90YWcoZnAsIHRvay0+aWQpOworCX0gZWxz ZSB7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF9yZXR2YWwo ZnAsIHRvay0+dHQucmV0NjQuZXJyLCByYXcpOworCQlwcmludF9kZWxpbShm cCwgZGVsKTsKKwkJcHJpbnRfOF9ieXRlcyhmcCwgdG9rLT50dC5yZXQ2NC52 YWwsICIlbGxkIik7CisJfQogfQogCiAvKgpAQCAtMTk0MSwxMiArMjcyMSwx OSBAQAogCiBzdGF0aWMgdm9pZAogcHJpbnRfc2VxX3RvayhGSUxFICpmcCwg dG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LAotICAgIF9f dW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBjaGFyIHNmcm0sIGNo YXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQsICJz ZXF1ZW5jZSIsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJp bnRfNF9ieXRlcyhmcCwgdG9rLT50dC5zZXEuc2Vxbm8sICIldSIpOworCXBy aW50X3Rva190eXBlKGZwLCB0b2stPmlkLCAic2VxdWVuY2UiLCByYXcsIHht bCk7IAorCWlmICh4bWwpIHsKKwkJb3Blbl9hdHRyKGZwLCAic2VxLW51bSIp OworCQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnNlcS5zZXFubywgIiV1 Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQljbG9zZV90YWcoZnAsIHRvay0+ aWQpOworCX0gZWxzZSB7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlw cmludF80X2J5dGVzKGZwLCB0b2stPnR0LnNlcS5zZXFubywgIiV1Iik7CisJ fQogfQogCiAvKgpAQCAtMTk3OSwxNiArMjc2NiwyOSBAQAogCiBzdGF0aWMg dm9pZAogcHJpbnRfc29ja19pbmV0MzJfdG9rKEZJTEUgKmZwLCB0b2tlbnN0 cl90ICp0b2ssIGNoYXIgKmRlbCwgY2hhciByYXcsCi0gICAgX191bnVzZWQg Y2hhciBzZnJtKQorICAgIF9fdW51c2VkIGNoYXIgc2ZybSwgY2hhciB4bWwp CiB7CiAKLQlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgInNvY2tldC1p bmV0IiwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF8y X2J5dGVzKGZwLCB0b2stPnR0LnNvY2tpbmV0MzIuZmFtaWx5LCAiJXUiKTsK LQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF8yX2J5dGVzKGZwLCBu dG9ocyh0b2stPnR0LnNvY2tpbmV0MzIucG9ydCksICIldSIpOwotCXByaW50 X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2lwX2FkZHJlc3MoZnAsIHRvay0+ dHQuc29ja2luZXQzMi5hZGRyKTsKKwlwcmludF90b2tfdHlwZShmcCwgdG9r LT5pZCwgInNvY2tldC1pbmV0IiwgcmF3LCB4bWwpOyAKKwlpZiAoeG1sKSB7 CisJCW9wZW5fYXR0cihmcCwgInR5cGUiKTsKKwkJcHJpbnRfMl9ieXRlcyhm cCwgdG9rLT50dC5zb2NraW5ldDMyLmZhbWlseSwgIiV1Iik7CisJCWNsb3Nl X2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJwb3J0Iik7CisJCXByaW50 XzJfYnl0ZXMoZnAsIG50b2hzKHRvay0+dHQuc29ja2luZXQzMi5wb3J0KSwg IiV1Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJh ZGRyIik7CisJCXByaW50X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQuc29ja2lu ZXQzMi5hZGRyKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCWNsb3NlX3RhZyhm cCwgdG9rLT5pZCk7CisJfSBlbHNlIHsKKwkJcHJpbnRfZGVsaW0oZnAsIGRl bCk7CisJCXByaW50XzJfYnl0ZXMoZnAsIHRvay0+dHQuc29ja2luZXQzMi5m YW1pbHksICIldSIpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJp bnRfMl9ieXRlcyhmcCwgbnRvaHModG9rLT50dC5zb2NraW5ldDMyLnBvcnQp LCAiJXUiKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X2lw X2FkZHJlc3MoZnAsIHRvay0+dHQuc29ja2luZXQzMi5hZGRyKTsKKwl9CiB9 CiAKIC8qCkBAIC0yMDE0LDE1ICsyODE0LDI4IEBACiAKIHN0YXRpYyB2b2lk CiBwcmludF9zb2NrX3VuaXhfdG9rKEZJTEUgKmZwLCB0b2tlbnN0cl90ICp0 b2ssIGNoYXIgKmRlbCwgY2hhciByYXcsCi0gICAgX191bnVzZWQgY2hhciBz ZnJtKQorICAgIF9fdW51c2VkIGNoYXIgc2ZybSwgY2hhciB4bWwpCiB7CiAK LQlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgInNvY2tldC11bml4Iiwg cmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF8yX2J5dGVz KGZwLCB0b2stPnR0LnNvY2t1bml4LmZhbWlseSwgIiV1Iik7Ci0JcHJpbnRf ZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfc3RyaW5nKGZwLCB0b2stPnR0LnNv Y2t1bml4LnBhdGgsCi0JICAgIHN0cmxlbih0b2stPnR0LnNvY2t1bml4LnBh dGgpKTsKKwlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgInNvY2tldC11 bml4IiwgcmF3LCB4bWwpOworCWlmICh4bWwpIHsKKwkJb3Blbl9hdHRyKGZw LCAidHlwZSIpOworCQlwcmludF8yX2J5dGVzKGZwLCB0b2stPnR0LnNvY2t1 bml4LmZhbWlseSwgIiV1Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVu X2F0dHIoZnAsICJwb3J0Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVu X2F0dHIoZnAsICJhZGRyIik7CisJCXByaW50X3N0cmluZyhmcCwgdG9rLT50 dC5zb2NrdW5peC5wYXRoLAorCQkJc3RybGVuKHRvay0+dHQuc29ja3VuaXgu cGF0aCkpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJY2xvc2VfdGFnKGZwLCB0 b2stPmlkKTsKKwl9IGVsc2UgeworCQlwcmludF9kZWxpbShmcCwgZGVsKTsK KwkJcHJpbnRfMl9ieXRlcyhmcCwgdG9rLT50dC5zb2NrdW5peC5mYW1pbHks ICIldSIpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfc3Ry aW5nKGZwLCB0b2stPnR0LnNvY2t1bml4LnBhdGgsCisJCQlzdHJsZW4odG9r LT50dC5zb2NrdW5peC5wYXRoKSk7CisJfQogfQogCiAvKgpAQCAtMjA2Niwy MCArMjg3OSwzOSBAQAogCiBzdGF0aWMgdm9pZAogcHJpbnRfc29ja2V0X3Rv ayhGSUxFICpmcCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIg cmF3LAotICAgIF9fdW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3VudXNlZCBj aGFyIHNmcm0sIGNoYXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5cGUoZnAs IHRvay0+aWQsICJzb2NrZXQiLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBk ZWwpOwotCXByaW50XzJfYnl0ZXMoZnAsIHRvay0+dHQuc29ja2V0LnR5cGUs ICIldSIpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50XzJfYnl0 ZXMoZnAsIG50b2hzKHRvay0+dHQuc29ja2V0LmxfcG9ydCksICIldSIpOwot CXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2lwX2FkZHJlc3MoZnAs IHRvay0+dHQuc29ja2V0LmxfYWRkcik7Ci0JcHJpbnRfZGVsaW0oZnAsIGRl bCk7Ci0JcHJpbnRfMl9ieXRlcyhmcCwgbnRvaHModG9rLT50dC5zb2NrZXQu cl9wb3J0KSwgIiV1Iik7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJp bnRfaXBfYWRkcmVzcyhmcCwgdG9rLT50dC5zb2NrZXQucl9hZGRyKTsKKwlw cmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgInNvY2tldCIsIHJhdywgeG1s KTsgCisJaWYgKHhtbCkgeworCQlvcGVuX2F0dHIoZnAsICJzb2NrX3R5cGUi KTsKKwkJcHJpbnRfMl9ieXRlcyhmcCwgdG9rLT50dC5zb2NrZXQudHlwZSwg IiV1Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJs cG9ydCIpOworCQlwcmludF8yX2J5dGVzKGZwLCBudG9ocyh0b2stPnR0LnNv Y2tldC5sX3BvcnQpLCAiJXUiKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9w ZW5fYXR0cihmcCwgImxhZGRyIik7CisJCXByaW50X2lwX2FkZHJlc3MoZnAs IHRvay0+dHQuc29ja2V0LmxfYWRkcik7CisJCWNsb3NlX2F0dHIoZnApOwor CQlvcGVuX2F0dHIoZnAsICJmcG9ydCIpOworCQlwcmludF8yX2J5dGVzKGZw LCBudG9ocyh0b2stPnR0LnNvY2tldC5yX3BvcnQpLCAiJXUiKTsKKwkJY2xv c2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgImZhZGRyIik7CisJCXBy aW50X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQuc29ja2V0LnJfYWRkcik7CisJ CWNsb3NlX2F0dHIoZnApOworCQljbG9zZV90YWcoZnAsIHRvay0+aWQpOwor CX0gZWxzZSB7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF8y X2J5dGVzKGZwLCB0b2stPnR0LnNvY2tldC50eXBlLCAiJXUiKTsKKwkJcHJp bnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50XzJfYnl0ZXMoZnAsIG50b2hz KHRvay0+dHQuc29ja2V0LmxfcG9ydCksICIldSIpOworCQlwcmludF9kZWxp bShmcCwgZGVsKTsKKwkJcHJpbnRfaXBfYWRkcmVzcyhmcCwgdG9rLT50dC5z b2NrZXQubF9hZGRyKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXBy aW50XzJfYnl0ZXMoZnAsIG50b2hzKHRvay0+dHQuc29ja2V0LnJfcG9ydCks ICIldSIpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfaXBf YWRkcmVzcyhmcCwgdG9rLT50dC5zb2NrZXQucl9hZGRyKTsKKwl9CiB9CiAK IC8qCkBAIC0yMTQxLDI4ICsyOTczLDU3IEBACiAKIHN0YXRpYyB2b2lkCiBw cmludF9zdWJqZWN0MzJfdG9rKEZJTEUgKmZwLCB0b2tlbnN0cl90ICp0b2ss IGNoYXIgKmRlbCwgY2hhciByYXcsCi0gICAgX191bnVzZWQgY2hhciBzZnJt KQorICAgIF9fdW51c2VkIGNoYXIgc2ZybSwgY2hhciB4bWwpCiB7CiAKLQlw cmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgInN1YmplY3QiLCByYXcpOwot CXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X3VzZXIoZnAsIHRvay0+ dHQuc3ViajMyLmF1aWQsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7 Ci0JcHJpbnRfdXNlcihmcCwgdG9rLT50dC5zdWJqMzIuZXVpZCwgcmF3KTsK LQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF9ncm91cChmcCwgdG9r LT50dC5zdWJqMzIuZWdpZCwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVs KTsKLQlwcmludF91c2VyKGZwLCB0b2stPnR0LnN1YmozMi5ydWlkLCByYXcp OwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2dyb3VwKGZwLCB0 b2stPnR0LnN1YmozMi5yZ2lkLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBk ZWwpOwotCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuc3ViajMyLnBpZCwg IiV1Iik7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfNF9ieXRl cyhmcCwgdG9rLT50dC5zdWJqMzIuc2lkLCAiJXUiKTsKLQlwcmludF9kZWxp bShmcCwgZGVsKTsKLQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnN1Ymoz Mi50aWQucG9ydCwgIiV1Iik7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0J cHJpbnRfaXBfYWRkcmVzcyhmcCwgdG9rLT50dC5zdWJqMzIudGlkLmFkZHIp OworCXByaW50X3Rva190eXBlKGZwLCB0b2stPmlkLCAic3ViamVjdCIsIHJh dywgeG1sKTsgCisJaWYgKHhtbCkgeworCQlvcGVuX2F0dHIoZnAsICJhdWRp dC11aWQiKTsKKwkJcHJpbnRfdXNlcihmcCwgdG9rLT50dC5zdWJqMzIuYXVp ZCwgcmF3KTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwg InVpZCIpOworCQlwcmludF91c2VyKGZwLCB0b2stPnR0LnN1YmozMi5ldWlk LCByYXcpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAi Z2lkIik7CisJCXByaW50X2dyb3VwKGZwLCB0b2stPnR0LnN1YmozMi5lZ2lk LCByYXcpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAi cnVpZCIpOworCQlwcmludF91c2VyKGZwLCB0b2stPnR0LnN1YmozMi5ydWlk LCByYXcpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAi cmdpZCIpOworCQlwcmludF9ncm91cChmcCwgdG9rLT50dC5zdWJqMzIucmdp ZCwgcmF3KTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwi cGlkIik7CisJCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuc3ViajMyLnBp ZCwgIiV1Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAs InNpZCIpOworCQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnN1YmozMi5z aWQsICIldSIpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9hdHRyKGZw LCJ0aWQiKTsKKwkJcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5zdWJqMzIu dGlkLnBvcnQsICIldSAiKTsKKwkJcHJpbnRfaXBfYWRkcmVzcyhmcCwgdG9r LT50dC5zdWJqMzIudGlkLmFkZHIpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJ Y2xvc2VfdGFnKGZwLCB0b2stPmlkKTsKKwl9IGVsc2UgeworCQlwcmludF9k ZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfdXNlcihmcCwgdG9rLT50dC5zdWJq MzIuYXVpZCwgcmF3KTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXBy aW50X3VzZXIoZnAsIHRvay0+dHQuc3ViajMyLmV1aWQsIHJhdyk7CisJCXBy aW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF9ncm91cChmcCwgdG9rLT50 dC5zdWJqMzIuZWdpZCwgcmF3KTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7 CisJCXByaW50X3VzZXIoZnAsIHRvay0+dHQuc3ViajMyLnJ1aWQsIHJhdyk7 CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF9ncm91cChmcCwg dG9rLT50dC5zdWJqMzIucmdpZCwgcmF3KTsKKwkJcHJpbnRfZGVsaW0oZnAs IGRlbCk7CisJCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuc3ViajMyLnBp ZCwgIiV1Iik7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF80 X2J5dGVzKGZwLCB0b2stPnR0LnN1YmozMi5zaWQsICIldSIpOworCQlwcmlu dF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50 dC5zdWJqMzIudGlkLnBvcnQsICIldSIpOworCQlwcmludF9kZWxpbShmcCwg ZGVsKTsKKwkJcHJpbnRfaXBfYWRkcmVzcyhmcCwgdG9rLT50dC5zdWJqMzIu dGlkLmFkZHIpOworCX0KIH0KIAogLyoKQEAgLTIyMjQsMjggKzMwODUsNTcg QEAKIAogc3RhdGljIHZvaWQKIHByaW50X3N1YmplY3Q2NF90b2soRklMRSAq ZnAsIHRva2Vuc3RyX3QgKnRvaywgY2hhciAqZGVsLCBjaGFyIHJhdywKLSAg ICBfX3VudXNlZCBjaGFyIHNmcm0pCisgICAgX191bnVzZWQgY2hhciBzZnJt LCBjaGFyIHhtbCkKIHsKIAotCXByaW50X3Rva190eXBlKGZwLCB0b2stPmlk LCAic3ViamVjdCIsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0J cHJpbnRfdXNlcihmcCwgdG9rLT50dC5zdWJqNjQuYXVpZCwgcmF3KTsKLQlw cmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF91c2VyKGZwLCB0b2stPnR0 LnN1Ymo2NC5ldWlkLCByYXcpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwot CXByaW50X2dyb3VwKGZwLCB0b2stPnR0LnN1Ymo2NC5lZ2lkLCByYXcpOwot CXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X3VzZXIoZnAsIHRvay0+ dHQuc3ViajY0LnJ1aWQsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7 Ci0JcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQuc3ViajY0LnJnaWQsIHJhdyk7 Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfNF9ieXRlcyhmcCwg dG9rLT50dC5zdWJqNjQucGlkLCAiJXUiKTsKLQlwcmludF9kZWxpbShmcCwg ZGVsKTsKLQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnN1Ymo2NC5zaWQs ICIldSIpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50XzhfYnl0 ZXMoZnAsIHRvay0+dHQuc3ViajY0LnRpZC5wb3J0LCAiJWxsdSIpOwotCXBy aW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2lwX2FkZHJlc3MoZnAsIHRv ay0+dHQuc3ViajY0LnRpZC5hZGRyKTsKKwlwcmludF90b2tfdHlwZShmcCwg dG9rLT5pZCwgInN1YmplY3QiLCByYXcsIHhtbCk7CisJaWYgKHhtbCkgewor CQlvcGVuX2F0dHIoZnAsICJhdWRpdC11aWQiKTsKKwkJcHJpbnRfdXNlcihm cCwgdG9rLT50dC5zdWJqNjQuYXVpZCwgcmF3KTsKKwkJY2xvc2VfYXR0cihm cCk7CisJCW9wZW5fYXR0cihmcCwgInVpZCIpOworCQlwcmludF91c2VyKGZw LCB0b2stPnR0LnN1Ymo2NC5ldWlkLCByYXcpOworCQljbG9zZV9hdHRyKGZw KTsKKwkJb3Blbl9hdHRyKGZwLCAiZ2lkIik7CisJCXByaW50X2dyb3VwKGZw LCB0b2stPnR0LnN1Ymo2NC5lZ2lkLCByYXcpOworCQljbG9zZV9hdHRyKGZw KTsKKwkJb3Blbl9hdHRyKGZwLCAicnVpZCIpOworCQlwcmludF91c2VyKGZw LCB0b2stPnR0LnN1Ymo2NC5ydWlkLCByYXcpOworCQljbG9zZV9hdHRyKGZw KTsKKwkJb3Blbl9hdHRyKGZwLCAicmdpZCIpOworCQlwcmludF9ncm91cChm cCwgdG9rLT50dC5zdWJqNjQucmdpZCwgcmF3KTsKKwkJY2xvc2VfYXR0cihm cCk7CisJCW9wZW5fYXR0cihmcCwgInBpZCIpOworCQlwcmludF80X2J5dGVz KGZwLCB0b2stPnR0LnN1Ymo2NC5waWQsICIldSIpOworCQljbG9zZV9hdHRy KGZwKTsKKwkJb3Blbl9hdHRyKGZwLCAic2lkIik7CisJCXByaW50XzRfYnl0 ZXMoZnAsIHRvay0+dHQuc3ViajY0LnNpZCwgIiV1Iik7CisJCWNsb3NlX2F0 dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJ0aWQiKTsKKwkJcHJpbnRfOF9i eXRlcyhmcCwgdG9rLT50dC5zdWJqNjQudGlkLnBvcnQsICIlbGx1Iik7CisJ CXByaW50X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQuc3ViajY0LnRpZC5hZGRy KTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCWNsb3NlX3RhZyhmcCwgdG9rLT5p ZCk7CisJfSBlbHNlIHsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXBy aW50X3VzZXIoZnAsIHRvay0+dHQuc3ViajY0LmF1aWQsIHJhdyk7CisJCXBy aW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF91c2VyKGZwLCB0b2stPnR0 LnN1Ymo2NC5ldWlkLCByYXcpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsK KwkJcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQuc3ViajY0LmVnaWQsIHJhdyk7 CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF91c2VyKGZwLCB0 b2stPnR0LnN1Ymo2NC5ydWlkLCByYXcpOworCQlwcmludF9kZWxpbShmcCwg ZGVsKTsKKwkJcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQuc3ViajY0LnJnaWQs IHJhdyk7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF80X2J5 dGVzKGZwLCB0b2stPnR0LnN1Ymo2NC5waWQsICIldSIpOworCQlwcmludF9k ZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5z dWJqNjQuc2lkLCAiJXUiKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJ CXByaW50XzhfYnl0ZXMoZnAsIHRvay0+dHQuc3ViajY0LnRpZC5wb3J0LCAi JWxsdSIpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfaXBf YWRkcmVzcyhmcCwgdG9rLT50dC5zdWJqNjQudGlkLmFkZHIpOworCX0KIH0K IAogLyoKQEAgLTIzMjIsMjkgKzMyMTIsNTkgQEAKIAogc3RhdGljIHZvaWQK IHByaW50X3N1YmplY3QzMmV4X3RvayhGSUxFICpmcCwgdG9rZW5zdHJfdCAq dG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LAotICAgIF9fdW51c2VkIGNoYXIg c2ZybSkKKyAgICBfX3VudXNlZCBjaGFyIHNmcm0sIGNoYXIgeG1sKQogewog Ci0JcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQsICJzdWJqZWN0X2V4Iiwg cmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF91c2VyKGZw LCB0b2stPnR0LnN1YmozMl9leC5hdWlkLCByYXcpOwotCXByaW50X2RlbGlt KGZwLCBkZWwpOwotCXByaW50X3VzZXIoZnAsIHRvay0+dHQuc3ViajMyX2V4 LmV1aWQsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRf Z3JvdXAoZnAsIHRvay0+dHQuc3ViajMyX2V4LmVnaWQsIHJhdyk7Ci0JcHJp bnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfdXNlcihmcCwgdG9rLT50dC5z dWJqMzJfZXgucnVpZCwgcmF3KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsK LQlwcmludF9ncm91cChmcCwgdG9rLT50dC5zdWJqMzJfZXgucmdpZCwgcmF3 KTsKLQlwcmludF9kZWxpbShmcCwgZGVsKTsKLQlwcmludF80X2J5dGVzKGZw LCB0b2stPnR0LnN1YmozMl9leC5waWQsICIldSIpOwotCXByaW50X2RlbGlt KGZwLCBkZWwpOwotCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuc3ViajMy X2V4LnNpZCwgIiV1Iik7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJp bnRfNF9ieXRlcyhmcCwgdG9rLT50dC5zdWJqMzJfZXgudGlkLnBvcnQsICIl dSIpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50X2lwX2V4X2Fk ZHJlc3MoZnAsIHRvay0+dHQuc3ViajMyX2V4LnRpZC50eXBlLAotCSAgICB0 b2stPnR0LnN1YmozMl9leC50aWQuYWRkcik7CisJcHJpbnRfdG9rX3R5cGUo ZnAsIHRvay0+aWQsICJzdWJqZWN0X2V4IiwgcmF3LCB4bWwpOworCWlmICh4 bWwpIHsKKwkJb3Blbl9hdHRyKGZwLCAiYXVkaXQtdWlkIik7CisJCXByaW50 X3VzZXIoZnAsIHRvay0+dHQuc3ViajMyX2V4LmF1aWQsIHJhdyk7CisJCWNs b3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJ1aWQiKTsKKwkJcHJp bnRfdXNlcihmcCwgdG9rLT50dC5zdWJqMzJfZXguZXVpZCwgcmF3KTsKKwkJ Y2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgImdpZCIpOworCQlw cmludF9ncm91cChmcCwgdG9rLT50dC5zdWJqMzJfZXguZWdpZCwgcmF3KTsK KwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgInJ1aWQiKTsK KwkJcHJpbnRfdXNlcihmcCwgdG9rLT50dC5zdWJqMzJfZXgucnVpZCwgcmF3 KTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgInJnaWQi KTsKKwkJcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQuc3ViajMyX2V4LnJnaWQs IHJhdyk7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0dHIoZnAsICJw aWQiKTsKKwkJcHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5zdWJqMzJfZXgu cGlkLCAiJXUiKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihm cCwgInNpZCIpOworCQlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnN1Ymoz Ml9leC5zaWQsICIldSIpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJb3Blbl9h dHRyKGZwLCAidGlkIik7CisJCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQu c3ViajMyX2V4LnRpZC5wb3J0LCAiJXUiKTsKKwkJcHJpbnRfaXBfZXhfYWRk cmVzcyhmcCwgdG9rLT50dC5zdWJqMzJfZXgudGlkLnR5cGUsCisJCQl0b2st PnR0LnN1YmozMl9leC50aWQuYWRkcik7CisJCWNsb3NlX2F0dHIoZnApOwor CQljbG9zZV90YWcoZnAsIHRvay0+aWQpOworCX0gZWxzZSB7CisJCXByaW50 X2RlbGltKGZwLCBkZWwpOworCQlwcmludF91c2VyKGZwLCB0b2stPnR0LnN1 YmozMl9leC5hdWlkLCByYXcpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsK KwkJcHJpbnRfdXNlcihmcCwgdG9rLT50dC5zdWJqMzJfZXguZXVpZCwgcmF3 KTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X2dyb3VwKGZw LCB0b2stPnR0LnN1YmozMl9leC5lZ2lkLCByYXcpOworCQlwcmludF9kZWxp bShmcCwgZGVsKTsKKwkJcHJpbnRfdXNlcihmcCwgdG9rLT50dC5zdWJqMzJf ZXgucnVpZCwgcmF3KTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXBy aW50X2dyb3VwKGZwLCB0b2stPnR0LnN1YmozMl9leC5yZ2lkLCByYXcpOwor CQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfNF9ieXRlcyhmcCwg dG9rLT50dC5zdWJqMzJfZXgucGlkLCAiJXUiKTsKKwkJcHJpbnRfZGVsaW0o ZnAsIGRlbCk7CisJCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQuc3ViajMy X2V4LnNpZCwgIiV1Iik7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlw cmludF80X2J5dGVzKGZwLCB0b2stPnR0LnN1YmozMl9leC50aWQucG9ydCwg IiV1Iik7CisJCXByaW50X2RlbGltKGZwLCBkZWwpOworCQlwcmludF9pcF9l eF9hZGRyZXNzKGZwLCB0b2stPnR0LnN1YmozMl9leC50aWQudHlwZSwKKwkJ CXRvay0+dHQuc3ViajMyX2V4LnRpZC5hZGRyKTsKKwl9CiB9CiAKIC8qCkBA IC0yMzcwLDEyICszMjkwLDE3IEBACiAKIHN0YXRpYyB2b2lkCiBwcmludF90 ZXh0X3RvayhGSUxFICpmcCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWws IGNoYXIgcmF3LAotICAgIF9fdW51c2VkIGNoYXIgc2ZybSkKKyAgICBfX3Vu dXNlZCBjaGFyIHNmcm0sIGNoYXIgeG1sKQogewogCi0JcHJpbnRfdG9rX3R5 cGUoZnAsIHRvay0+aWQsICJ0ZXh0IiwgcmF3KTsKLQlwcmludF9kZWxpbShm cCwgZGVsKTsKLQlwcmludF9zdHJpbmcoZnAsIHRvay0+dHQudGV4dC50ZXh0 LCB0b2stPnR0LnRleHQubGVuKTsKKwlwcmludF90b2tfdHlwZShmcCwgdG9r LT5pZCwgInRleHQiLCByYXcsIHhtbCk7IAorCWlmICh4bWwpIHsKKwkJcHJp bnRfc3RyaW5nKGZwLCB0b2stPnR0LnRleHQudGV4dCwgdG9rLT50dC50ZXh0 Lmxlbik7CisJCWNsb3NlX3RhZyhmcCwgdG9rLT5pZCk7CisJfSBlbHNlIHsK KwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50X3N0cmluZyhmcCwg dG9rLT50dC50ZXh0LnRleHQsIHRvay0+dHQudGV4dC5sZW4pOworCX0KIH0K IAogLyoKQEAgLTI0MzIsMjAgKzMzNTcsMzkgQEAKIAogc3RhdGljIHZvaWQK IHByaW50X3NvY2tldGV4MzJfdG9rKEZJTEUgKmZwLCB0b2tlbnN0cl90ICp0 b2ssIGNoYXIgKmRlbCwgY2hhciByYXcsCi0gICAgX191bnVzZWQgY2hhciBz ZnJtKQorICAgIF9fdW51c2VkIGNoYXIgc2ZybSwgY2hhciB4bWwpCiB7CiAK LQlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgInNvY2tldCIsIHJhdyk7 Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfMl9ieXRlcyhmcCwg dG9rLT50dC5zb2NrZXRfZXgzMi50eXBlLCAiJSN4Iik7Ci0JcHJpbnRfZGVs aW0oZnAsIGRlbCk7Ci0JcHJpbnRfMl9ieXRlcyhmcCwgbnRvaHModG9rLT50 dC5zb2NrZXRfZXgzMi5sX3BvcnQpLCAiJSN4Iik7Ci0JcHJpbnRfZGVsaW0o ZnAsIGRlbCk7Ci0JcHJpbnRfaXBfYWRkcmVzcyhmcCwgdG9rLT50dC5zb2Nr ZXRfZXgzMi5sX2FkZHIpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXBy aW50XzRfYnl0ZXMoZnAsIG50b2hzKHRvay0+dHQuc29ja2V0X2V4MzIucl9w b3J0KSwgIiUjeCIpOwotCXByaW50X2RlbGltKGZwLCBkZWwpOwotCXByaW50 X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQuc29ja2V0X2V4MzIucl9hZGRyKTsK KwlwcmludF90b2tfdHlwZShmcCwgdG9rLT5pZCwgInNvY2tldCIsIHJhdywg eG1sKTsgCisJaWYgKHhtbCkgeworCQlvcGVuX2F0dHIoZnAsICJzb2NrX3R5 cGUiKTsKKwkJcHJpbnRfMl9ieXRlcyhmcCwgdG9rLT50dC5zb2NrZXRfZXgz Mi50eXBlLCAiJSN4Iik7CisJCWNsb3NlX2F0dHIoZnApOworCQlvcGVuX2F0 dHIoZnAsICJscG9ydCIpOworCQlwcmludF8yX2J5dGVzKGZwLCBudG9ocyh0 b2stPnR0LnNvY2tldF9leDMyLmxfcG9ydCksICIlI3giKTsKKwkJY2xvc2Vf YXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgImxhZGRyIik7CisJCXByaW50 X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQuc29ja2V0X2V4MzIubF9hZGRyKTsK KwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwgImZhZGRyIik7 CisJCXByaW50X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQuc29ja2V0X2V4MzIu cl9hZGRyKTsKKwkJY2xvc2VfYXR0cihmcCk7CisJCW9wZW5fYXR0cihmcCwg ImZwb3J0Iik7CisJCXByaW50XzJfYnl0ZXMoZnAsIHRvay0+dHQuc29ja2V0 X2V4MzIudHlwZSwgIiUjeCIpOworCQljbG9zZV9hdHRyKGZwKTsKKwkJY2xv c2VfdGFnKGZwLCB0b2stPmlkKTsKKwl9IGVsc2UgeworCQlwcmludF9kZWxp bShmcCwgZGVsKTsKKwkJcHJpbnRfMl9ieXRlcyhmcCwgdG9rLT50dC5zb2Nr ZXRfZXgzMi50eXBlLCAiJSN4Iik7CisJCXByaW50X2RlbGltKGZwLCBkZWwp OworCQlwcmludF8yX2J5dGVzKGZwLCBudG9ocyh0b2stPnR0LnNvY2tldF9l eDMyLmxfcG9ydCksICIlI3giKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7 CisJCXByaW50X2lwX2FkZHJlc3MoZnAsIHRvay0+dHQuc29ja2V0X2V4MzIu bF9hZGRyKTsKKwkJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJCXByaW50XzRf Ynl0ZXMoZnAsIG50b2hzKHRvay0+dHQuc29ja2V0X2V4MzIucl9wb3J0KSwg IiUjeCIpOworCQlwcmludF9kZWxpbShmcCwgZGVsKTsKKwkJcHJpbnRfaXBf YWRkcmVzcyhmcCwgdG9rLT50dC5zb2NrZXRfZXgzMi5yX2FkZHIpOworCX0K IH0KIAogc3RhdGljIGludApAQCAtMjQ2OSwxMiArMzQxMywxNCBAQAogCiBz dGF0aWMgdm9pZAogcHJpbnRfaW52YWxpZF90b2soRklMRSAqZnAsIHRva2Vu c3RyX3QgKnRvaywgY2hhciAqZGVsLCBjaGFyIHJhdywKLSAgICBfX3VudXNl ZCBjaGFyIHNmcm0pCisgICAgX191bnVzZWQgY2hhciBzZnJtLCBjaGFyIHht bCkKIHsKIAotCXByaW50X3Rva190eXBlKGZwLCB0b2stPmlkLCAidW5rbm93 biIsIHJhdyk7Ci0JcHJpbnRfZGVsaW0oZnAsIGRlbCk7Ci0JcHJpbnRfbWVt KGZwLCB0b2stPnR0LmludmFsaWQuZGF0YSwgdG9rLT50dC5pbnZhbGlkLmxl bmd0aCk7CisJaWYgKCF4bWwpIHsKKwkJcHJpbnRfdG9rX3R5cGUoZnAsIHRv ay0+aWQsICJ1bmtub3duIiwgcmF3LCAwKTsKKwkJcHJpbnRfZGVsaW0oZnAs IGRlbCk7CisJCXByaW50X21lbShmcCwgdG9rLT50dC5pbnZhbGlkLmRhdGEs IHRvay0+dHQuaW52YWxpZC5sZW5ndGgpOworCX0KIH0KIAogCkBAIC0yNjEw LDE1NiArMzU1NiwxNTYgQEAKICAqICdwcmludHMnIHRoZSB0b2tlbiBvdXQg dG8gb3V0ZnAKICAqLwogdm9pZAotYXVfcHJpbnRfdG9rKEZJTEUgKm91dGZw LCB0b2tlbnN0cl90ICp0b2ssIGNoYXIgKmRlbCwgY2hhciByYXcsIGNoYXIg c2ZybSkKK2F1X3ByaW50X3RvayhGSUxFICpvdXRmcCwgdG9rZW5zdHJfdCAq dG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LCBjaGFyIHNmcm0sIGNoYXIgeG1s KQogewogCiAJc3dpdGNoKHRvay0+aWQpIHsKIAljYXNlIEFVVF9IRUFERVIz MjoKLQkJcHJpbnRfaGVhZGVyMzJfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3 LCBzZnJtKTsKKwkJcHJpbnRfaGVhZGVyMzJfdG9rKG91dGZwLCB0b2ssIGRl bCwgcmF3LCBzZnJtLCB4bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9I RUFERVIzMl9FWDoKLQkJcHJpbnRfaGVhZGVyMzJfZXhfdG9rKG91dGZwLCB0 b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJpbnRfaGVhZGVyMzJfZXhfdG9r KG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtLCB4bWwpOwogCQlyZXR1cm47 CiAKIAljYXNlIEFVVF9IRUFERVI2NDoKLQkJcHJpbnRfaGVhZGVyNjRfdG9r KG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJpbnRfaGVhZGVy NjRfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtLCB4bWwpOwogCQly ZXR1cm47CiAKIAljYXNlIEFVVF9IRUFERVI2NF9FWDoKLQkJcHJpbnRfaGVh ZGVyNjRfZXhfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJ cHJpbnRfaGVhZGVyNjRfZXhfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBz ZnJtLCB4bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9UUkFJTEVSOgot CQlwcmludF90cmFpbGVyX3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2Zy bSk7CisJCXByaW50X3RyYWlsZXJfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3 LCBzZnJtLCB4bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9BUkczMjoK LQkJcHJpbnRfYXJnMzJfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJt KTsKKwkJcHJpbnRfYXJnMzJfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBz ZnJtLCB4bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9BUkc2NDoKLQkJ cHJpbnRfYXJnNjRfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsK KwkJcHJpbnRfYXJnNjRfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJt LCB4bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9EQVRBOgotCQlwcmlu dF9hcmJfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJp bnRfYXJiX3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSwgeG1sKTsK IAkJcmV0dXJuOwogCiAJY2FzZSBBVVRfQVRUUjMyOgotCQlwcmludF9hdHRy MzJfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJpbnRf YXR0cjMyX3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSwgeG1sKTsK IAkJcmV0dXJuOwogCiAJY2FzZSBBVVRfQVRUUjY0OgotCQlwcmludF9hdHRy NjRfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJpbnRf YXR0cjY0X3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSwgeG1sKTsK IAkJcmV0dXJuOwogCiAJY2FzZSBBVVRfRVhJVDoKLQkJcHJpbnRfZXhpdF90 b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0pOworCQlwcmludF9leGl0 X3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSwgeG1sKTsKIAkJcmV0 dXJuOwogCiAJY2FzZSBBVVRfRVhFQ19BUkdTOgotCQlwcmludF9leGVjYXJn X3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSk7CisJCXByaW50X2V4 ZWNhcmdfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtLCB4bWwpOwog CQlyZXR1cm47CiAKIAljYXNlIEFVVF9FWEVDX0VOVjoKLQkJcHJpbnRfZXhl Y2Vudl90b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0pOworCQlwcmlu dF9leGVjZW52X3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSwgeG1s KTsKIAkJcmV0dXJuOwogCiAJY2FzZSBBVVRfT1RIRVJfRklMRTMyOgotCQlw cmludF9maWxlX3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSk7CisJ CXByaW50X2ZpbGVfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtLCB4 bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9ORVdHUk9VUFM6Ci0JCXBy aW50X25ld2dyb3Vwc190b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0p OworCQlwcmludF9uZXdncm91cHNfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3 LCBzZnJtLCB4bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9JTl9BRERS OgotCQlwcmludF9pbmFkZHJfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBz ZnJtKTsKKwkJcHJpbnRfaW5hZGRyX3RvayhvdXRmcCwgdG9rLCBkZWwsIHJh dywgc2ZybSwgeG1sKTsKIAkJcmV0dXJuOwogCiAJY2FzZSBBVVRfSU5fQURE Ul9FWDoKLQkJcHJpbnRfaW5hZGRyX2V4X3RvayhvdXRmcCwgdG9rLCBkZWws IHJhdywgc2ZybSk7CisJCXByaW50X2luYWRkcl9leF90b2sob3V0ZnAsIHRv aywgZGVsLCByYXcsIHNmcm0sIHhtbCk7CiAJCXJldHVybjsKIAogCWNhc2Ug QVVUX0lQOgotCQlwcmludF9pcF90b2sob3V0ZnAsIHRvaywgZGVsLCByYXcs IHNmcm0pOworCQlwcmludF9pcF90b2sob3V0ZnAsIHRvaywgZGVsLCByYXcs IHNmcm0sIHhtbCk7CiAJCXJldHVybjsKIAogCWNhc2UgQVVUX0lQQzoKLQkJ cHJpbnRfaXBjX3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSk7CisJ CXByaW50X2lwY190b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0sIHht bCk7CiAJCXJldHVybjsKIAogCWNhc2UgQVVUX0lQQ19QRVJNOgotCQlwcmlu dF9pcGNwZXJtX3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSk7CisJ CXByaW50X2lwY3Blcm1fdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJt LCB4bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9JUE9SVDoKLQkJcHJp bnRfaXBvcnRfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJ cHJpbnRfaXBvcnRfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtLCB4 bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9PUEFRVUU6Ci0JCXByaW50 X29wYXF1ZV90b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0pOworCQlw cmludF9vcGFxdWVfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtLCB4 bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9QQVRIOgotCQlwcmludF9w YXRoX3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSk7CisJCXByaW50 X3BhdGhfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtLCB4bWwpOwog CQlyZXR1cm47CiAKIAljYXNlIEFVVF9QUk9DRVNTMzI6Ci0JCXByaW50X3By b2Nlc3MzMl90b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0pOworCQlw cmludF9wcm9jZXNzMzJfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJt LCB4bWwpOwogCQlyZXR1cm47CiAKIAljYXNlIEFVVF9QUk9DRVNTMzJfRVg6 Ci0JCXByaW50X3Byb2Nlc3MzMmV4X3RvayhvdXRmcCwgdG9rLCBkZWwsIHJh dywgc2ZybSk7CisJCXByaW50X3Byb2Nlc3MzMmV4X3RvayhvdXRmcCwgdG9r LCBkZWwsIHJhdywgc2ZybSwgeG1sKTsKIAkJcmV0dXJuOwogCiAJY2FzZSBB VVRfUkVUVVJOMzI6Ci0JCXByaW50X3JldHVybjMyX3RvayhvdXRmcCwgdG9r LCBkZWwsIHJhdywgc2ZybSk7CisJCXByaW50X3JldHVybjMyX3RvayhvdXRm cCwgdG9rLCBkZWwsIHJhdywgc2ZybSwgeG1sKTsKIAkJcmV0dXJuOwogCiAJ Y2FzZSBBVVRfUkVUVVJONjQ6Ci0JCXByaW50X3JldHVybjY0X3RvayhvdXRm cCwgdG9rLCBkZWwsIHJhdywgc2ZybSk7CisJCXByaW50X3JldHVybjY0X3Rv ayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSwgeG1sKTsKIAkJcmV0dXJu OwogCiAJY2FzZSBBVVRfU0VROgotCQlwcmludF9zZXFfdG9rKG91dGZwLCB0 b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJpbnRfc2VxX3RvayhvdXRmcCwg dG9rLCBkZWwsIHJhdywgc2ZybSwgeG1sKTsKIAkJcmV0dXJuOwogCiAJY2Fz ZSBBVVRfU09DS0VUOgotCQlwcmludF9zb2NrZXRfdG9rKG91dGZwLCB0b2ss IGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJpbnRfc29ja2V0X3RvayhvdXRmcCwg dG9rLCBkZWwsIHJhdywgc2ZybSwgeG1sKTsKIAkJcmV0dXJuOwogCiAJY2Fz ZSBBVVRfU09DS0lORVQzMjoKLQkJcHJpbnRfc29ja19pbmV0MzJfdG9rKG91 dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJpbnRfc29ja19pbmV0 MzJfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtLCB4bWwpOwogCQly ZXR1cm47CiAKIAljYXNlIEFVVF9TT0NLVU5JWDoKLQkJcHJpbnRfc29ja191 bml4X3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSk7CisJCXByaW50 X3NvY2tfdW5peF90b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0sIHht bCk7CiAJCXJldHVybjsKIAogCWNhc2UgQVVUX1NVQkpFQ1QzMjoKLQkJcHJp bnRfc3ViamVjdDMyX3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSk7 CisJCXByaW50X3N1YmplY3QzMl90b2sob3V0ZnAsIHRvaywgZGVsLCByYXcs IHNmcm0sIHhtbCk7CiAJCXJldHVybjsKIAogCWNhc2UgQVVUX1NVQkpFQ1Q2 NDoKLQkJcHJpbnRfc3ViamVjdDY0X3RvayhvdXRmcCwgdG9rLCBkZWwsIHJh dywgc2ZybSk7CisJCXByaW50X3N1YmplY3Q2NF90b2sob3V0ZnAsIHRvaywg ZGVsLCByYXcsIHNmcm0sIHhtbCk7CiAJCXJldHVybjsKIAogCWNhc2UgQVVU X1NVQkpFQ1QzMl9FWDoKLQkJcHJpbnRfc3ViamVjdDMyZXhfdG9rKG91dGZw LCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJpbnRfc3ViamVjdDMyZXhf dG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtLCB4bWwpOwogCQlyZXR1 cm47CiAKIAljYXNlIEFVVF9URVhUOgotCQlwcmludF90ZXh0X3RvayhvdXRm cCwgdG9rLCBkZWwsIHJhdywgc2ZybSk7CisJCXByaW50X3RleHRfdG9rKG91 dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtLCB4bWwpOwogCQlyZXR1cm47CiAK IAljYXNlIEFVVF9TT0NLRVRfRVg6Ci0JCXByaW50X3NvY2tldGV4MzJfdG9r KG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJpbnRfc29ja2V0 ZXgzMl90b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0sIHhtbCk7CiAJ CXJldHVybjsKIAogCWRlZmF1bHQ6Ci0JCXByaW50X2ludmFsaWRfdG9rKG91 dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwkJcHJpbnRfaW52YWxpZF90 b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0sIHhtbCk7CiAJfQogfQo= --0-26714257-1161267674=:28910 Content-Type: application/octet-stream; name="doc.patch" Content-Transfer-Encoding: base64 Content-Description: 3101188344-doc.patch Content-Disposition: attachment; filename="doc.patch" SW5kZXg6ICBtYW4vYXVkaXQubG9nLjUKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gbWFuL2F1ZGl0LmxvZy41CVRodSBPY3QgMTkgMTM6MzE6MTMgMjAw NgorKysgbWFuL2F1ZGl0LmxvZy41CVN1biBTZXAgMjQgMjA6MjA6MTEgMjAw NgpAQCAtNDE0LDggKzQxNCw3IEBACiAuU3MgU3lzdGVtIFYgSVBDIFRva2Vu CiBUaGUKIC5EdiBTeXN0ZW0gViBJUEMKLXRva2VuIGNvbnRhaW5zIHRoZSBT eXN0ZW0gViBJUEMgbWVzc2FnZSBoYW5kbGUsIHNlbWFwaG9yZSBoYW5kbGUg b3Igc2hhcmVkIG1lbW9yeSBoYW5kbGUuIEEgU3lzdGVtIFYgSVBDIHRva2Vu IG1heSBiZSBjcmVhdGVkIHVzaW5nIAotLlhyIGF1X3RvX2lwYyAzIC4gCit0 b2tlbiAuLi4KIC5CbCAtY29sdW1uIC1vZmZzZXQgaW5kICIuU3kgRmllbGQg TmFtZSBXaWR0aCBYWCIgIi5TeSBYWCBCeXRlcyBYWFhYIiAiLlN5IERlc2Ny aXB0aW9uIgogLkl0IFN5ICJGaWVsZCIgVGEgU3kgQnl0ZXMgVGEgU3kgRGVz Y3JpcHRpb24KIC5JdCBMaSAiVG9rZW4gSUQiIFRhICIxIGJ5dGUiIFRhICJU b2tlbiBJRCIKQEAgLTQ3OCw1NSArNDc3LDM4IEBACiAuU3MgU3lzdGVtIFYg SVBDIFBlcm1pc3Npb24gVG9rZW4KIFRoZQogLkR2IFN5c3RlbSBWIElQQyBw ZXJtaXNzaW9uCi10b2tlbiBjb250YWlucyBhIFN5c3RlbSBWIElQQyBhY2Nl c3MgcGVybWlzc2lvbnMuIEEgSVBDIHBlcm1pc3Npb24gdG9rZW4gbWF5IGJl IGNyZWF0ZWQgdXNpbmcKLS5YciBhdV90b19pcGNfcGVybSAzIC4gCit0b2tl biAuLi4KIC5CbCAtY29sdW1uIC1vZmZzZXQgaW5kICIuU3kgRmllbGQgTmFt ZSBXaWR0aCBYWCIgIi5TeSBYWCBCeXRlcyBYWFhYIiAiLlN5IERlc2NyaXB0 aW9uIgogLkl0IFN5ICJGaWVsZCIgVGEgU3kgQnl0ZXMgVGEgU3kgRGVzY3Jp cHRpb24KIC5JdCBMaSAiVG9rZW4gSUQiIFRhICIxIGJ5dGUiIFRhICJUb2tl biBJRCIKLS5JdCBMaSAiT3duZXIgdXNlciBJRCIgVGEgIjQgYnl0ZXMiIFRh ICJVc2VyIElEIG9mIElQQyBvd25lciIKLS5JdCBMaSAiT3duZXIgZ3JvdXAg SUQiIFRhICI0IGJ5dGVzIiBUYSAiR3JvdXAgSUQgb2YgSVBDIG93bmVyIgot Lkl0IExpICJDcmVhdG9yIHVzZXIgSUQiIFRhICI0IGJ5dGVzIiBUYSAiVXNl ciBJRCBvZiBJUEMgY3JlYXRvciIKLS5JdCBMaSAiQ3JlYXRvciBncm91cCBJ RCIgVGEgIjQgYnl0ZXMiIFRhICJHcm91cCBJRCBvZiBJUEMgY3JlYXRvciIK LS5JdCBMaSAiQWNjZXNzIG1vZGUiIFRhICI0IGJ5dGVzIiBUYSAiQWNjZXNz IG1vZGUiCi0uSXQgTGkgIlNlcXVuY2UgbnVtYmVyIiBUYSAiNCBieXRlcyIg VGEgIlNlcXVuY2UgbnVtYmVyIgotLkl0IExpICJLZXkiIFRhICI0IGJ5dGVz IiBUYSAiSVBDIGtleSIKKy5JdCBMaSBYWFhYWAogLkVsCiAuU3MgQXJnIFRv a2VuCiBUaGUKIC5EdiBhcmcKLXRva2VuIGNvbnRhaW5zIGluZm9ybWF0aW9u cyBhYm91dCBhcmd1bWVudHMgb2YgdGhlIHN5c3RlbSBjYWxsLiBEZXBlbmQg b24gc2l6ZSBvZiBhcmd1bWVudCB2YWx1ZSBhbiBBcmcgdG9rZW4gbWF5IGJl IGNyZWF0ZWQgdXNpbmcKLS5YciBhdV90b19hcmczMiAzIAotb3IKLS5YciBh dV90b19hcmc2NCAzIC4KK3Rva2VuIC4uLgogLkJsIC1jb2x1bW4gLW9mZnNl dCBpbmQgIi5TeSBGaWVsZCBOYW1lIFdpZHRoIFhYIiAiLlN5IFhYIEJ5dGVz IFhYWFgiICIuU3kgRGVzY3JpcHRpb24iCiAuSXQgU3kgIkZpZWxkIiBUYSBT eSBCeXRlcyBUYSBTeSBEZXNjcmlwdGlvbgogLkl0IExpICJUb2tlbiBJRCIg VGEgIjEgYnl0ZSIgVGEgIlRva2VuIElEIgotLkl0IExpICJBcmd1bWVudCBJ RCIgVGEgIjEgYnl0ZSIgVGEgIkFyZ3VtZW50IElEIgotLkl0IExpICJBcmd1 bWVudCB2YWx1ZSIgVGEgIjQvOCBieXRlcyIgVGEgIkFyZ3VtZW50IHZhbHVl IgotLkl0IExpICJMZW5ndGgiIFRhICIyIGJ5dGVzIiBUYSAiTGVuZ3RoIG9m IHRoZSB0ZXh0IgotLkl0IExpICJUZXh0IiBUYSAiTiBieXRlcyArIDEgbnVs IiBUYSAiVGhlIHN0cmluZyBpbmNsdWRpbmcgbnVsIgorLkl0IExpIFhYWFhY CiAuRWwKIC5TcyBleGVjX2FyZ3MgVG9rZW4KIFRoZQogLkR2IGV4ZWNfYXJn cwotdG9rZW4gY29udGFpbnMgaW5mb3JtYXRpb25zIGFib3V0IGFyZ3VlbWVu dHMgb2YgdGhlIGV4ZWMoKSBzeXN0ZW0gY2FsbC4gQSBleGVjX2FyZ3MgdG9r ZW4gbWF5IGJlIGNyZWF0ZWQgdXNpbmcKLS5YciBhdV90b19leGVjX2FyZ3Mg MyAuCit0b2tlbiAuLi4KIC5CbCAtY29sdW1uIC1vZmZzZXQgaW5kICIuU3kg RmllbGQgTmFtZSBXaWR0aCBYWCIgIi5TeSBYWCBCeXRlcyBYWFhYIiAiLlN5 IERlc2NyaXB0aW9uIgogLkl0IFN5ICJGaWVsZCIgVGEgU3kgQnl0ZXMgVGEg U3kgRGVzY3JpcHRpb24KIC5JdCBMaSAiVG9rZW4gSUQiIFRhICIxIGJ5dGUi IFRhICJUb2tlbiBJRCIKLS5JdCBMaSAiQ291bnQiIFRhICI0IGJ5dGVzIiBU YSAiTnVtYmVyIG9mIGFyZ3VtZW50cyIKLS5JdCBMaSAiVGV4dCIgVGEgIiog Ynl0ZXMiIFRhICJDb3VudCBudWxsLXRlcm1pbmF0ZWQgc3RyaW5ncyIKKy5J dCBMaSBYWFhYWAogLkVsCiAuU3MgZXhlY19lbnYgVG9rZW4KIFRoZQogLkR2 IGV4ZWNfZW52Ci10b2tlbiBjb250YWlucyBjdXJyZW50IGV2aXJvbWVudCB2 YXJpYWJsZXMgdG8gYW4gZXhlYygpIHN5c3RlbSBjYWxsLiBBIGV4ZWNfYXJn cyB0b2tlbiBtYXkgYmUgY3JlYXRlZCB1c2luZwotLlhyIGF1X3RvX2V4ZWNf ZW52IDMgLgordG9rZW4gLi4uCiAuQmwgLWNvbHVtbiAtb2Zmc2V0IGluZCAi LlN5IEZpZWxkIE5hbWUgV2lkdGggWFgiICIuU3kgWFggQnl0ZXMgWFhYWCIg Ii5TeSBEZXNjcmlwdGlvbiIKIC5JdCBTeSAiRmllbGQiIFRhIFN5IEJ5dGVz IFRhIFN5IERlc2NyaXB0aW9uCiAuSXQgTGkgIlRva2VuIElEIiBUYSAiMSBi eXRlIiBUYSAiVG9rZW4gSUQiCi0uSXQgTGkgIkNvdW50IElEIiBUYSAiNCBi eXRlcyIgVGEgIk51bWJlciBvZiB2YXJpYWJsZXMiCi0uSXQgTGkgIlRleHQi IFRhICIqIGJ5dGVzIiBUYSAiQ291bnQgbnVsbC10ZXJtaW5hdGVkIHN0cmlu Z3MiCisuSXQgTGkgWFhYWFgKIC5FbAogLlNzIEV4aXQgVG9rZW4KIFRoZQpA QCAtNTQ1LDI3ICs1MjcsMTEgQEAKIC5TcyBTb2NrZXQgVG9rZW4KIFRoZQog LkR2IHNvY2tldAotdG9rZW4gY29udGFpbnMgaW5mb3JtYXRpb25zIGFib3V0 IEludGVybmV0IHNvY2tldC4gVG9rZW4gaGFzIGZvdXIgZmllbGRzIG9yIGVp Z2h0IGZpZWxkcy4gRGVwZW5kIG9uIHR5cGUgb2Ygc29ja2V0IGEgc29ja2V0 IHRva2VuIG1heSBiZSBjcmVhdGVkIHVzaW5nICAgCi0uWHIgYXVfdG9fc29j a191bml4IDMgLAotLlhyIGF1X3RvX3NvY2tfaW5ldDMyIDMgb3IKLS5YciBh dV90b19zb2NrX2luZXQxMjggMyAuCi0uQmwgLWNvbHVtbiAtb2Zmc2V0IGlu ZCAiLlN5IEZpZWxkIE5hbWUgV2lkdGggWFgiICIuU3kgWFggQnl0ZXMgWFhY WCIgIi5TeSBEZXNjcmlwdGlvbiIKLS5JdCBTeSAiRmllbGQiIFRhIFN5IEJ5 dGVzIFRhIFN5IERlc2NyaXB0aW9uCi0uSXQgTGkgIlRva2VuIElEIiBUYSAi MSBieXRlIiBUYSAiVG9rZW4gSUQiCi0uSXQgTGkgIlNvY2tldCBmYW1pbHki IFRhICIyIGJ5dGVzIiBUYSAiU29ja2V0IGZhbWlseSIKLS5JdCBMaSAiTG9j YWwgcG9ydCIgVGEgIjIgYnl0ZXMiIFRhICJMb2NhbCBwb3J0IgotLkl0IExp ICJTb2NrZXQgYWRkcmVzcyIgVGEgIjQgYnl0ZXMiIFRhICJTb2NrZXQgYWRk cmVzcyIKLS5FbAordG9rZW4gLi4uCiAuQmwgLWNvbHVtbiAtb2Zmc2V0IGlu ZCAiLlN5IEZpZWxkIE5hbWUgV2lkdGggWFgiICIuU3kgWFggQnl0ZXMgWFhY WCIgIi5TeSBEZXNjcmlwdGlvbiIKIC5JdCBTeSAiRmllbGQiIFRhIFN5IEJ5 dGVzIFRhIFN5IERlc2NyaXB0aW9uCiAuSXQgTGkgIlRva2VuIElEIiBUYSAi MSBieXRlIiBUYSAiVG9rZW4gSUQiCi0uSXQgTGkgIlNvY2tldCBkb21haW4i IFRhICI0IGJ5dGVzIiBUYSAiU29ja2V0IGRvbWFpbiIKLS5JdCBMaSAiU29j a2V0IGZhbWlseSIgVGEgIjIgYnl0ZXMiIFRhICJTb2NrZXQgZmFtaWx5Igot Lkl0IExpICJBZGRyZXNzIHR5cGUiIFRhICIxIGJ5dGUiIFRhICJBZGRyZXNz IHR5cGUgKElQdjQvSVB2NikiCi0uSXQgTGkgIkxvY2FsIHBvcnQiIFRhICIy IGJ5dGVzIiBUYSAiTG9jYWwgcG9ydCIKLS5JdCBMaSAiTG9jYWwgSVAgYWRk cmVzcyIgVGEgIjQvMTYgYnl0ZXMiIFRhICJMb2NhbCBJUCBhZGRyZXNzIgot Lkl0IExpICJSZW1vdGUgcG9ydCIgVGEgIjIgYnl0ZXMiIFRhICJSZW1vdGUg cG9ydCIKLS5JdCBMaSAiUmVtb3RlIElQIGFkZHJlc3MiIFRhICI0LzE2IGJ5 dGVzIiBUYSAiUmVtb3RlIElQIGFkZHJlc3MiCisuSXQgTGkgWFhYWFgKIC5F bAogLlNzIEV4cGFuZGVkIFNvY2tldCBUb2tlbgogVGhlCg== --0-26714257-1161267674=:28910-- From owner-trustedbsd-audit@FreeBSD.ORG Sun Oct 22 12:17:42 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C866516A40F for ; Sun, 22 Oct 2006 12:17:42 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7713043D58 for ; Sun, 22 Oct 2006 12:17:42 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 1667346B17; Sun, 22 Oct 2006 08:17:42 -0400 (EDT) Date: Sun, 22 Oct 2006 13:17:41 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Martin Voros In-Reply-To: <20061019142114.30659.qmail@web55515.mail.re4.yahoo.com> Message-ID: <20061022131504.V60062@fledge.watson.org> References: <20061019142114.30659.qmail@web55515.mail.re4.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org Subject: Re: praudit - xml output patches X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Oct 2006 12:17:42 -0000 On Thu, 19 Oct 2006, Martin Voros wrote: > finally I found some time and prepared patches which add XML output for > OpenBSM praudit utility and improve audit.log.5 manual page. I made these > patches against OpenBSM 1.0 alpha 12 release. Unfortunately, I can't test 64 > bits tokens and also I couldn't test some other tokens so I call for > testing. Of course all comments and suggestions are welcome. I also added > some token descriptions to audit.log.5 manual page. > > Instructions: > # cd DIR_WITH_OBSM_alpha12 > # patch < xml.patch > # patch < doc.patch This sounds really good! A few high level comments, without having really dug in yet: - Is xml mode exclusive of other modes, such as short? If so, we should check for combined use and print a usage message if the requested use isn't allowed. - Functions mis-spelled in libbsm.h comment. - In general, we should prefix public function names in libbsm with au_, in order to avoid symbol name collisions with applications and other libraries. This should definitely be the case for non-static f unction names, and we should think about also doing it for new static ones. So, for example, the header printing functions. - I wonder if we should be introducing a new au_print_tok_xml() call, since the current API is one we expose to applications and probably shouldn't be changed? Should "short form" and "xml form" be mutually exclusive? Presumably "raw" is still interesting when combined with "xml"? Combining them for internal APIs (and changing them) makes sense and is fine, it's just changing current application interfaces that is undesirable. Mind you, our au_print_tok() appears to be different from the one in Solaris. - Is the patch for audit.log.5 backwards (i.e., the revert patch rather than the apply patch)? It looks good, just backwards, I think. - Is this the same XML format that Solaris's praudit uses, or a different one? Could you produce documentation for the parseable XML format, or at least, notes that someone with nroff clue could convert to a man page for you? Thanks, Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 4 01:32:36 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E021716A407 for ; Sat, 4 Nov 2006 01:32:36 +0000 (UTC) (envelope-from dgiagio@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id A427843D83 for ; Sat, 4 Nov 2006 01:32:35 +0000 (GMT) (envelope-from dgiagio@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so499805uge for ; Fri, 03 Nov 2006 17:32:34 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=RGQbEixUFbqyXtB5FoyQuG7C5PREXnE7yp465g/3koHx98FgUKcylYMvqENymZ/8rmDcelrgwmwNJFXmKblW5l656vrQ6xDQOq+6nfHXHW6FRtZ6OUiq+/TKdIK2Ahl7jW7HksPRHhe8x3eKLhJhYB0yEnD/FzSbK0OHiCXFcMc= Received: by 10.67.22.14 with SMTP id z14mr3667498ugi.1162603954207; Fri, 03 Nov 2006 17:32:34 -0800 (PST) Received: by 10.67.30.9 with HTTP; Fri, 3 Nov 2006 17:32:34 -0800 (PST) Message-ID: <1b0798830611031732k682b85bey4ea6f769e9692a01@mail.gmail.com> Date: Fri, 3 Nov 2006 23:32:34 -0200 From: "Diego Giagio" To: trustedbsd-audit@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: I would like to help X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Nov 2006 01:32:37 -0000 Hi, Let me introduce myself. I'm a software engineer in Brazil and I would like to help the FreeBSD audit project. I have a strong C/ASM (x86) background and can help with both user-level and kernel-level coding. I've also been involved with computer security for some time now and I'm very comfortably with FreeBSD, OpenBSD, Mac OSX and Linux. Do you have any suggestions where to begin with ? I've been reading the page http://www.freebsd.org/projects/ideas/ and I find the "Distributed audit daemon" idea very interesting, but don't know if its a good starting point. I also checked http://www.trustedbsd.org/20060303-ukuug2006lisa-audit.pdf. Thanks, Diego Giagio From owner-trustedbsd-audit@FreeBSD.ORG Sun Nov 5 23:50:10 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25F6016A407 for ; Sun, 5 Nov 2006 23:50:10 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id A53A843D53 for ; Sun, 5 Nov 2006 23:50:07 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 31C2D46B1C; Sun, 5 Nov 2006 18:50:07 -0500 (EST) Date: Sun, 5 Nov 2006 23:50:07 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Martin Voros In-Reply-To: <20061022131504.V60062@fledge.watson.org> Message-ID: <20061105234905.C62710@fledge.watson.org> References: <20061019142114.30659.qmail@web55515.mail.re4.yahoo.com> <20061022131504.V60062@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org Subject: Re: praudit - xml output patches X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2006 23:50:10 -0000 On Sun, 22 Oct 2006, Robert Watson wrote: > On Thu, 19 Oct 2006, Martin Voros wrote: > >> finally I found some time and prepared patches which add XML output for >> OpenBSM praudit utility and improve audit.log.5 manual page. I made these >> patches against OpenBSM 1.0 alpha 12 release. Unfortunately, I can't test >> 64 bits tokens and also I couldn't test some other tokens so I call for >> testing. Of course all comments and suggestions are welcome. I also added >> some token descriptions to audit.log.5 manual page. >> >> Instructions: >> # cd DIR_WITH_OBSM_alpha12 >> # patch < xml.patch >> # patch < doc.patch > > This sounds really good! A few high level comments, without having really > dug in yet: As an FYI to others on the list, Martin sent me updated patches, and I've now merged them into the Perforce repository. XML printing will appear in OpenBSM 1.0 alpha 13 in a few weeks. Thanks! Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Tue Nov 7 09:44:39 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A4F316A415 for ; Tue, 7 Nov 2006 09:44:39 +0000 (UTC) (envelope-from martin_voros@yahoo.com) Received: from web55513.mail.re4.yahoo.com (web55513.mail.re4.yahoo.com [206.190.58.222]) by mx1.FreeBSD.org (Postfix) with SMTP id 9007C43D5D for ; Tue, 7 Nov 2006 09:44:38 +0000 (GMT) (envelope-from martin_voros@yahoo.com) Received: (qmail 6199 invoked by uid 60001); 7 Nov 2006 09:44:38 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Z+ZgQeL2J8jmTYTO+LUNW9oT8yuoPbKkbFnLF97g0AMPr910RD5LMbxK8Ifn2B+8ZViEss5frDd2e/orBtpa4zTQp33FvtOKYFHuChmEWs5AvM1wr78f/ECOPxO+Pd1NQifwSJ4tcM3GlxXJvKXqEHYGg+/F4KLT/G1xbrfSLR8= ; Message-ID: <20061107094438.6197.qmail@web55513.mail.re4.yahoo.com> Received: from [193.136.122.18] by web55513.mail.re4.yahoo.com via HTTP; Tue, 07 Nov 2006 01:44:38 PST Date: Tue, 7 Nov 2006 01:44:38 -0800 (PST) From: Martin Voros To: trustedbsd-audit@FreeBSD.org MIME-Version: 1.0 X-Mailman-Approved-At: Wed, 08 Nov 2006 13:00:41 +0000 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Bug in man pages for libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Nov 2006 09:44:39 -0000 Hi, I think I found small mistake in man pages for libbsm. In all man pages in libbsm directory, there is line #include right after SYNOPSIS. IMO it should be #include . Best regards MV --------------------------------- Sponsored Link Try Netflix today! With plans starting at only $5.99 a month what are you waiting for? From owner-trustedbsd-audit@FreeBSD.ORG Fri Nov 10 23:14:01 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7981516A412 for ; Fri, 10 Nov 2006 23:14:01 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3227743D7C for ; Fri, 10 Nov 2006 23:13:59 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 1E42B46D4D; Fri, 10 Nov 2006 18:13:58 -0500 (EST) Date: Fri, 10 Nov 2006 23:13:58 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Martin Voros In-Reply-To: <20061107094438.6197.qmail@web55513.mail.re4.yahoo.com> Message-ID: <20061110231311.P85749@fledge.watson.org> References: <20061107094438.6197.qmail@web55513.mail.re4.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org Subject: Re: Bug in man pages for libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Nov 2006 23:14:01 -0000 On Tue, 7 Nov 2006, Martin Voros wrote: > I think I found small mistake in man pages for libbsm. In all man pages in > libbsm directory, there is line #include right after SYNOPSIS. > IMO it should be #include . Ruslan has kindly fixed this in Perforce as of a few weeks ago; the fixes will appear in the next drop of OpenBSM next week. Thanks, Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 11 09:38:17 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FC3816A407 for ; Sat, 11 Nov 2006 09:38:17 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9300543D8A for ; Sat, 11 Nov 2006 09:38:16 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id B1AED46CE4; Sat, 11 Nov 2006 04:38:15 -0500 (EST) Date: Sat, 11 Nov 2006 09:38:15 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Diego Giagio In-Reply-To: <1b0798830611031732k682b85bey4ea6f769e9692a01@mail.gmail.com> Message-ID: <20061111092821.I63959@fledge.watson.org> References: <1b0798830611031732k682b85bey4ea6f769e9692a01@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org Subject: Re: I would like to help X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Nov 2006 09:38:17 -0000 On Fri, 3 Nov 2006, Diego Giagio wrote: > Let me introduce myself. I'm a software engineer in Brazil and I would like > to help the FreeBSD audit project. I have a strong C/ASM (x86) background > and can help with both user-level and kernel-level coding. I've also been > involved with computer security for some time now and I'm very comfortably > with FreeBSD, OpenBSD, Mac OSX and Linux. > > Do you have any suggestions where to begin with ? I've been reading the page > http://www.freebsd.org/projects/ideas/ and I find the "Distributed audit > daemon" idea very interesting, but don't know if its a good starting point. > I also checked http://www.trustedbsd.org/20060303-ukuug2006lisa-audit.pdf. Diego, Thanks for your e-mail! Your help would be most welcome. There is quite a bit of work to be done; right now we're not maintaining a unified TODO list for the FreeBSD audit implementation, rather, there are a few lists scattered in various places. You can find a short TODO list in the OpenBSM distribution (some of the items in the most recent release have now been done, FYI, so check first). The distributed audit daemon is one of the more interesting outstanding areas to work in, but there are others that probably ought to go into a TODO list somewhere. In my recent presentation at the FreeBSD developer summit, I identified the following areas in which interesting new work can and should be done: -Finish syscall assignments, especially for ABIs - Flesh out argument auditing - Audit + NSS - Userland sweep - Ports + packages - Language bindings - Enhance audit pipe preselection - Multiple audit pipelines - IDS/monitoring tools - Distributed audit - New parsing API Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 11 16:06:16 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63DB416A403 for ; Sat, 11 Nov 2006 16:06:16 +0000 (UTC) (envelope-from dgiagio@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF89043D53 for ; Sat, 11 Nov 2006 16:06:15 +0000 (GMT) (envelope-from dgiagio@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so678368uge for ; Sat, 11 Nov 2006 08:06:14 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=ZPBxGM98A/A8ZuxOMZvNqQXXBTe2ww10Mo3tZ17KBCUN8SsaTd+YnoT5ipmh49jcrLLEcxCbolGE5NINGE/mnIykhYqpaDob6QkCFOj5lPWEAFAHIVSP2DXscgOJwCEsO7sRezzCLta9NO7UIgjHjAPa1O87M22zkmfdaUD2tx0= Received: by 10.67.121.15 with SMTP id y15mr5153412ugm.1163261174670; Sat, 11 Nov 2006 08:06:14 -0800 (PST) Received: by 10.67.30.9 with HTTP; Sat, 11 Nov 2006 08:06:14 -0800 (PST) Message-ID: <1b0798830611110806v788e8ffbp2a0b864256e36c55@mail.gmail.com> Date: Sat, 11 Nov 2006 14:06:14 -0200 From: "Diego Giagio" To: trustedbsd-audit@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Nov 2006 16:06:16 -0000 Hi, I've been looking at OpenBSM 1.0a12 distribution's TODO list and would like to start contributing. The first item on the list appears to have already been commited (praudit with XML output) so I'm skipping it. The next one is for adding support for some newer 64-bit tokens to libbsm. Is there anyone already working on this one? Thanks DG From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 11 16:08:36 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4550716A412 for ; Sat, 11 Nov 2006 16:08:36 +0000 (UTC) (envelope-from dgiagio@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B81043D46 for ; Sat, 11 Nov 2006 16:08:35 +0000 (GMT) (envelope-from dgiagio@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so678630uge for ; Sat, 11 Nov 2006 08:08:34 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=CQO890JnpIpRnqJyhyQXbxEj5TPlj7YXaNPYpDS2q0JuQ+fy3JnlTvtykyL9oS6hl9BS7C4JGSghgyyqR4ZpO112lwuJ7Me0SFr1bO0vzHwOl9qfwilbEL5pE+F6GKhvqbHd/FHsUMZ8p/lBwNCSuk2q3R4DdeD8PpfGryfmP6E= Received: by 10.67.103.7 with SMTP id f7mr5220599ugm.1163261314579; Sat, 11 Nov 2006 08:08:34 -0800 (PST) Received: by 10.67.30.9 with HTTP; Sat, 11 Nov 2006 08:08:34 -0800 (PST) Message-ID: <1b0798830611110808g747e91b1xf1912b9b1193cd2b@mail.gmail.com> Date: Sat, 11 Nov 2006 14:08:34 -0200 From: "Diego Giagio" To: "Robert Watson" In-Reply-To: <20061111092821.I63959@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1b0798830611031732k682b85bey4ea6f769e9692a01@mail.gmail.com> <20061111092821.I63959@fledge.watson.org> Cc: trustedbsd-audit@freebsd.org Subject: Re: I would like to help X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Nov 2006 16:08:36 -0000 On 11/11/06, Robert Watson wrote: > Diego, > > Thanks for your e-mail! Your help would be most welcome. There is quite a > bit of work to be done; right now we're not maintaining a unified TODO list > for the FreeBSD audit implementation, rather, there are a few lists scattered > in various places. You can find a short TODO list in the OpenBSM distribution > (some of the items in the most recent release have now been done, FYI, so > check first). The distributed audit daemon is one of the more interesting > outstanding areas to work in, but there are others that probably ought to go > into a TODO list somewhere. In my recent presentation at the FreeBSD > developer summit, I identified the following areas in which interesting new > work can and should be done: > > -Finish syscall assignments, especially for ABIs > > - Flesh out argument auditing > - Audit + NSS > - Userland sweep > - Ports + packages > - Language bindings > - Enhance audit pipe preselection > - Multiple audit pipelines > > > - IDS/monitoring tools > - Distributed audit > - New parsing API > Let the work begin! I'll be sending specific e-mails to the list to collect information and begin contributing. Thanks. DG From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 11 16:37:52 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC8BB16A412 for ; Sat, 11 Nov 2006 16:37:52 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4335343D5E for ; Sat, 11 Nov 2006 16:37:47 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id A47F446D99; Sat, 11 Nov 2006 11:37:46 -0500 (EST) Date: Sat, 11 Nov 2006 16:37:46 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Diego Giagio In-Reply-To: <1b0798830611110808g747e91b1xf1912b9b1193cd2b@mail.gmail.com> Message-ID: <20061111161120.T11522@fledge.watson.org> References: <1b0798830611031732k682b85bey4ea6f769e9692a01@mail.gmail.com> <20061111092821.I63959@fledge.watson.org> <1b0798830611110808g747e91b1xf1912b9b1193cd2b@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@freebsd.org Subject: Re: I would like to help X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Nov 2006 16:37:52 -0000 On Sat, 11 Nov 2006, Diego Giagio wrote: > On 11/11/06, Robert Watson wrote: >> Thanks for your e-mail! Your help would be most welcome. There is quite a >> bit of work to be done; right now we're not maintaining a unified TODO list >> for the FreeBSD audit implementation, rather, there are a few lists >> scattered in various places. You can find a short TODO list in the OpenBSM >> distribution (some of the items in the most recent release have now been >> done, FYI, so check first). The distributed audit daemon is one of the >> more interesting outstanding areas to work in, but there are others that >> probably ought to go into a TODO list somewhere. In my recent presentation >> at the FreeBSD developer summit, I identified the following areas in which >> interesting new work can and should be done: >> >> -Finish syscall assignments, especially for ABIs >> >> - Flesh out argument auditing >> - Audit + NSS >> - Userland sweep >> - Ports + packages >> - Language bindings >> - Enhance audit pipe preselection >> - Multiple audit pipelines >> >> - IDS/monitoring tools - Distributed audit > - New parsing API > > Let the work begin! I'll be sending specific e-mails to the list to collect > information and begin contributing. Thanks. Heh. I actually intended to postpone that e-mail and flesh out each of the ideas some before sending. Sorry about that! I'll try again here rather than sending you on an excessive wild goose chase: - Finish syscall assignments, especially for ABIs For the native FreeBSD ABIs, we've assigned audit events to almost all system calls (see src/sys/kern/syscalls.master, src/sys/compat/freebsd32/syscalls.master). However, there are still some system calls that need events assigned, and certainly reviewed in detail. In addition, there are a number of system call tables, such as the Linux emulation tables, which need both assignment and review work. - Audit + NSS Right now, libbsm implements the /etc/security databases purely based on files; it may well be desirable to support distributing them using NIS, LDAP, etc, along with the accout database (especially audit_user), in which case it will need NSS support. - Userland sweep A moderate number of the interesting audit events come from user space -- especially, authentication, user login access control, login/logout, user administration, etc. We've updated some tools (login(1), su(1), sshd(8)) to generate audit records using various APIs, but quite a number still remain. A sweep to identify these programs, as well as addition of audit record generation, is required, and needs to be done in the context of CAPP. One that needs early attention is ftpd. - Ports + packages There are some important ports/packages that need adaptation; some already have BSM support (OpenSSH, for example), but others need modifications. The most critical ones are things like xdm/gdm/kdm/lukemftpd/etc. - Language bindings Right now we provide a C API (that can, I believe, be used with C++). There are existing Java classes for BSM; there might also be perl. A possible project might be to work with various language developers to create classes (etc) to support BSM. - Enhance audit pipe preselection Applications can open /dev/auditpipe to create and open a new audit pipe instance, teeing the live audit stream. By default, you get records destined for the trail. We also support putting the audit pipe into a "local" mode, in which the preselection properties of the pipe can be changed locally to the pipe, operating independently from the trail and any other pipes in use. This works quite well; however, the preselection model is simply a mirror of the model used for the global trail, consisting of global flags, naflags, and optional per-auid masks. It could well be that another model would be more useful for real-world monitoring and IDS applications. In the context of these applications (i.e., real-world experience) it might be a useful activity to explore adding alternative models to preselect records for a pipe. - Multiple audit pipelines Traditional OS audit has largely been intended to audit system security events -- login, file system accesses, password changes, etc. However, there are many situations in which you may also want to generate audit trails from critical applications, such as databases, web servers, etc. It seems desirable that we be able to handle these event pipelines independently, since they have quite different security properties. This suggests allowing more than one "audit pipeline" to exist, each with its own security and reliability characteristics, trail destination, etc. This is a complex thing to do, and the requirements are a bit unclear, but I think that there are some quite interesting things that can be done. - IDS/monitoring tools The audit trail and audit pipes allow access to very fine-grained security information -- while historically this was intended for post-mortem "after the fact" analysis, the obvious things to do are IDS and system monitoring. There are several commercial and research IDS systems out there that can already consume audit trail data, often even BSM data on Solaris, and many can be adapted to run in FreeBSD. There's also lots of room to write new IDS and monitoring tools, especially given the flexibility of the audit pipe model. - Distributed audit This is a slightly vague concept, but I think really comes down to two things: (1) distributed monitoring and management of audit on multiple machines, and (2) [secure, reliable] transmission of audit trails across multiple machines The details and requirements require quite a bit of thinking, but obvious issues to look at would be cryptographic transport, reliable sequencing and spooling of trail segments, etc. - New parsing API One of the problems we've run into with BSM parsing is that it's difficult to process BSM without significant context: the most basic example of this is that trails exist in both big- and little-endian formats on some platforms (Solaris), and you need that information to properly parse records and tokens. Likewise, at a higher level, it's helpful to keep track of the OS, BSM version, source machine, security context, etc, in use when it comes to interpreting records. There are also issues in how to manage the I/O model, integrate with sockets, etc. The solution is probably a new parsing API that is stateful. Exploring this to see what the requirements are (etc) could well make an interesting project. Hopefully this provides a bit more insight. :-) Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 11 16:57:44 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07C5016A403; Sat, 11 Nov 2006 16:57:44 +0000 (UTC) (envelope-from trhodes@FreeBSD.org) Received: from pittgoth.com (ns1.pittgoth.com [216.38.206.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DCD843D46; Sat, 11 Nov 2006 16:57:41 +0000 (GMT) (envelope-from trhodes@FreeBSD.org) Received: from localhost (ip70-177-190-239.dc.dc.cox.net [70.177.190.239]) (authenticated bits=0) by pittgoth.com (8.13.6/8.13.6) with ESMTP id kABGvdjZ002382 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 11 Nov 2006 11:57:40 -0500 (EST) (envelope-from trhodes@FreeBSD.org) Date: Sat, 11 Nov 2006 11:57:38 -0500 From: Tom Rhodes To: Robert Watson Message-Id: <20061111115738.2aeb1d11.trhodes@FreeBSD.org> In-Reply-To: <20061111161120.T11522@fledge.watson.org> References: <1b0798830611031732k682b85bey4ea6f769e9692a01@mail.gmail.com> <20061111092821.I63959@fledge.watson.org> <1b0798830611110808g747e91b1xf1912b9b1193cd2b@mail.gmail.com> <20061111161120.T11522@fledge.watson.org> Organization: The FreeBSD Project X-Mailer: Sylpheed version 1.0.6 (GTK+ 1.2.10; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: trustedbsd-audit@FreeBSD.org Subject: Re: I would like to help X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Nov 2006 16:57:44 -0000 On Sat, 11 Nov 2006 16:37:46 +0000 (GMT) Robert Watson wrote: > > On Sat, 11 Nov 2006, Diego Giagio wrote: > > > On 11/11/06, Robert Watson wrote: > >> Thanks for your e-mail! Your help would be most welcome. There is quite a > >> bit of work to be done; right now we're not maintaining a unified TODO list > >> for the FreeBSD audit implementation, rather, there are a few lists > >> scattered in various places. You can find a short TODO list in the OpenBSM > >> distribution (some of the items in the most recent release have now been > >> done, FYI, so check first). The distributed audit daemon is one of the > >> more interesting outstanding areas to work in, but there are others that > >> probably ought to go into a TODO list somewhere. In my recent presentation > >> at the FreeBSD developer summit, I identified the following areas in which > >> interesting new work can and should be done: > >> > >> -Finish syscall assignments, especially for ABIs > >> > >> - Flesh out argument auditing > >> - Audit + NSS > >> - Userland sweep > >> - Ports + packages > >> - Language bindings > >> - Enhance audit pipe preselection > >> - Multiple audit pipelines > >> > >> - IDS/monitoring tools - Distributed audit > > - New parsing API > > > > Let the work begin! I'll be sending specific e-mails to the list to collect > > information and begin contributing. Thanks. > > Heh. I actually intended to postpone that e-mail and flesh out each of the > ideas some before sending. Sorry about that! I'll try again here rather than > sending you on an excessive wild goose chase: [SNIP]: wonderfully authored TODO list by Robert. At one point, in www/, I placed a todo list. What ever became of that? I know we never used it and if memory serves me right we were waiting on a repo-copy? Is there anything keeping us from making use of that? Thanks, -- Tom Rhodes From owner-trustedbsd-audit@FreeBSD.ORG Sun Nov 12 22:00:11 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C291E16A47B for ; Sun, 12 Nov 2006 22:00:11 +0000 (UTC) (envelope-from dgiagio@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id C663143D8C for ; Sun, 12 Nov 2006 21:59:59 +0000 (GMT) (envelope-from dgiagio@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so801411uge for ; Sun, 12 Nov 2006 13:59:58 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=L+8dNBVjs+LRNyIclo90hzKvhzQSmY4mlN4ZBRsFNRxRWla9t2b09K/HG2nRFlGfN6l2nCAsGvWh7utQYFvyBIsG3mxK5OyTOHB6p0LJC7uURwsWguzA5Twlu6GBsnQkLsxoEZoJgUfq2lWbgBBuCjaBYKsXvhr1BZhKDstby/M= Received: by 10.67.119.13 with SMTP id w13mr7050916ugm.1163368798183; Sun, 12 Nov 2006 13:59:58 -0800 (PST) Received: by 10.67.30.9 with HTTP; Sun, 12 Nov 2006 13:59:58 -0800 (PST) Message-ID: <1b0798830611121359r877d4ces5182f1ec1eb2b646@mail.gmail.com> Date: Sun, 12 Nov 2006 19:59:58 -0200 From: "Diego Giagio" To: trustedbsd-audit@freebsd.org In-Reply-To: <1b0798830611110806v788e8ffbp2a0b864256e36c55@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_89867_23814094.1163368798140" References: <1b0798830611110806v788e8ffbp2a0b864256e36c55@mail.gmail.com> Cc: Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2006 22:00:11 -0000 ------=_Part_89867_23814094.1163368798140 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline On 11/11/06, Diego Giagio wrote: > Hi, > > I've been looking at OpenBSM 1.0a12 distribution's TODO list and would > like to start contributing. The first item on the list appears to have > already been commited (praudit with XML output) so I'm skipping it. > The next one is for adding support for some newer 64-bit tokens to > libbsm. Is there anyone already working on this one? Well, since I received no answer I created myself a patch to implement some 64-bit tokens that were ENOTSUP on the distribution. They are: au_to_attr64 au_to_process64 au_to_process64_ex au_to_subject64 au_to_subject64_ex au_to_header64 (and newly created au_to_header64_tm) The tokens were based on existing tokens (*32) and OpenSolaris BSM implementation. The patch applies to OPENBSM_1_0_ALPHA_12. It's not yet fully tested, so be warned. $ cd openbsm $ patch -p1 < tokens64.patch There are some X11 and misc tokens we don't yet support. Are we going to support them? DG ------=_Part_89867_23814094.1163368798140 Content-Type: application/octet-stream; name=tokens64.patch Content-Transfer-Encoding: base64 X-Attachment-Id: f_eufzkdgn Content-Disposition: attachment; filename="tokens64.patch" ZGlmZiAtdSAtciBvcGVuYnNtL2JzbS9hdWRpdF9yZWNvcmQuaCBvcGVuYnNtLWRnaWFnaW8vYnNt L2F1ZGl0X3JlY29yZC5oCi0tLSBvcGVuYnNtL2JzbS9hdWRpdF9yZWNvcmQuaAkyMDA2LTA5LTI0 IDE3OjIwOjAzLjAwMDAwMDAwMCAtMDMwMAorKysgb3BlbmJzbS1kZ2lhZ2lvL2JzbS9hdWRpdF9y ZWNvcmQuaAkyMDA2LTExLTEyIDE4OjQxOjEzLjAwMDAwMDAwMCAtMDIwMApAQCAtMjQ2LDYgKzI0 Niw4IEBACiAKIHRva2VuX3QJKmF1X3RvX2hlYWRlcjMyX3RtKGludCByZWNfc2l6ZSwgYXVfZXZl bnRfdCBlX3R5cGUsIGF1X2Vtb2RfdCBlX21vZCwKIAkgICAgc3RydWN0IHRpbWV2YWwgdG0pOwor dG9rZW5fdAkqYXVfdG9faGVhZGVyNjRfdG0oaW50IHJlY19zaXplLCBhdV9ldmVudF90IGVfdHlw ZSwgYXVfZW1vZF90IGVfbW9kLAorCSAgICBzdHJ1Y3QgdGltZXZhbCB0bSk7CiAjaWYgIWRlZmlu ZWQoS0VSTkVMKSAmJiAhZGVmaW5lZChfS0VSTkVMKQogdG9rZW5fdAkqYXVfdG9faGVhZGVyKGlu dCByZWNfc2l6ZSwgYXVfZXZlbnRfdCBlX3R5cGUsIGF1X2Vtb2RfdCBlX21vZCk7CiB0b2tlbl90 CSphdV90b19oZWFkZXIzMihpbnQgcmVjX3NpemUsIGF1X2V2ZW50X3QgZV90eXBlLCBhdV9lbW9k X3QgZV9tb2QpOwpkaWZmIC11IC1yIG9wZW5ic20vbGliYnNtL2JzbV90b2tlbi5jIG9wZW5ic20t ZGdpYWdpby9saWJic20vYnNtX3Rva2VuLmMKLS0tIG9wZW5ic20vbGliYnNtL2JzbV90b2tlbi5j CTIwMDYtMDktMjQgMTc6MjA6MTEuMDAwMDAwMDAwIC0wMzAwCisrKyBvcGVuYnNtLWRnaWFnaW8v bGliYnNtL2JzbV90b2tlbi5jCTIwMDYtMTEtMTIgMTg6NDk6MzMuMDAwMDAwMDAwIC0wMjAwCkBA IC0yMTIsOSArMjEyLDQ2IEBACiB0b2tlbl90ICoKIGF1X3RvX2F0dHI2NChzdHJ1Y3Qgdm5vZGVf YXVfaW5mbyAqdm5pKQogeworCXRva2VuX3QgKnQ7CisJdV9jaGFyICpkcHRyID0gTlVMTDsKKwl1 X2ludDE2X3QgcGFkMF8xNiA9IDA7CisJdV9pbnQxNl90IHBhZDBfMzIgPSAwOworCisJR0VUX1RP S0VOX0FSRUEodCwgZHB0ciwgc2l6ZW9mKHVfY2hhcikgKyAyICogc2l6ZW9mKHVfaW50MTZfdCkg KworCSAgICAzICogc2l6ZW9mKHVfaW50MzJfdCkgKyBzaXplb2YodV9pbnQ2NF90KSAqIDIpOwor CWlmICh0ID09IE5VTEwpCisJCXJldHVybiAoTlVMTCk7CisKKwlBRERfVV9DSEFSKGRwdHIsIEFV VF9BVFRSNjQpOworCisJLyoKKwkgKiBEYXJ3aW4gZGVmaW5lcyB0aGUgc2l6ZSBmb3IgdGhlIGZp bGUgbW9kZQorCSAqIGFzIDIgYnl0ZXM7IEJTTSBkZWZpbmVzIDQgc28gcGFkIHdpdGggMAorCSAq LworCUFERF9VX0lOVDE2KGRwdHIsIHBhZDBfMTYpOworCUFERF9VX0lOVDE2KGRwdHIsIHZuaS0+ dm5fbW9kZSk7CisKKwlBRERfVV9JTlQzMihkcHRyLCB2bmktPnZuX3VpZCk7CisJQUREX1VfSU5U MzIoZHB0ciwgdm5pLT52bl9naWQpOworCUFERF9VX0lOVDMyKGRwdHIsIHZuaS0+dm5fZnNpZCk7 CisKKwkvKgorCSAqIFNvbWUgc3lzdGVtcyB1c2UgMzItYml0IGZpbGUgSUQncywgb3RoZXIncyB1 c2UgNjQtYml0IGZpbGUgSURzLgorCSAqIEF0dGVtcHQgdG8gaGFuZGxlIGJvdGgsIGFuZCBsZXQg dGhlIGNvbXBpbGVyIHNvcnQgaXQgb3V0LiAgSWYgd2UKKwkgKiBjb3VsZCBwaWNrIHRoaXMgb3V0 IGF0IGNvbXBpbGUtdGltZSwgaXQgd291bGQgYmUgYmV0dGVyLCBzbyBhcyB0bworCSAqIGF2b2lk IHRoZSBlbHNlIGNhc2UgYmVsb3cuCisJICovCisJaWYgKHNpemVvZih2bmktPnZuX2ZpbGVpZCkg PT0gc2l6ZW9mKHVpbnQzMl90KSkgeworCQlBRERfVV9JTlQzMihkcHRyLCBwYWQwXzMyKTsKKwkJ QUREX1VfSU5UMzIoZHB0ciwgdm5pLT52bl9maWxlaWQpOworCX0gZWxzZSBpZiAoc2l6ZW9mKHZu aS0+dm5fZmlsZWlkKSA9PSBzaXplb2YodWludDY0X3QpKQorCQlBRERfVV9JTlQ2NChkcHRyLCB2 bmktPnZuX2ZpbGVpZCk7CisJZWxzZQorCQlBRERfVV9JTlQ2NChkcHRyLCAwTEwpOwogCi0JZXJy bm8gPSBFTk9UU1VQOwotCXJldHVybiAoTlVMTCk7CisJQUREX1VfSU5UNjQoZHB0ciwgdm5pLT52 bl9kZXYpOworCisJcmV0dXJuICh0KTsKIH0KIAogdG9rZW5fdCAqCkBAIC02NTQsOSArNjkxLDI2 IEBACiAgICAgX191bnVzZWQgZ2lkX3QgZWdpZCwgX191bnVzZWQgdWlkX3QgcnVpZCwgX191bnVz ZWQgZ2lkX3QgcmdpZCwKICAgICBfX3VudXNlZCBwaWRfdCBwaWQsIF9fdW51c2VkIGF1X2FzaWRf dCBzaWQsIF9fdW51c2VkIGF1X3RpZF90ICp0aWQpCiB7CisJdG9rZW5fdCAqdDsKKwl1X2NoYXIg KmRwdHIgPSBOVUxMOworCisJR0VUX1RPS0VOX0FSRUEodCwgZHB0ciwgc2l6ZW9mKHVfY2hhcikg KyA4ICogc2l6ZW9mKHVfaW50MzJfdCkgKworCSAgICBzaXplb2YodV9pbnQ2NF90KSk7CisJaWYg KHQgPT0gTlVMTCkKKwkJcmV0dXJuIChOVUxMKTsKKworCUFERF9VX0NIQVIoZHB0ciwgQVVUX1BS T0NFU1M2NCk7CisJQUREX1VfSU5UMzIoZHB0ciwgYXVpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwg ZXVpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgZWdpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcnVp ZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcmdpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcGlkKTsK KwlBRERfVV9JTlQzMihkcHRyLCBzaWQpOworCUFERF9VX0lOVDY0KGRwdHIsIHRpZC0+cG9ydCk7 CisJQUREX01FTShkcHRyLCAmdGlkLT5tYWNoaW5lLCBzaXplb2YodV9pbnQzMl90KSk7CiAKLQll cnJubyA9IEVOT1RTVVA7Ci0JcmV0dXJuIChOVUxMKTsKKwlyZXR1cm4gKHQpOwogfQogCiB0b2tl bl90ICoKQEAgLTcyNyw5ICs3ODEsNDIgQEAKIGF1X3RvX3Byb2Nlc3M2NF9leChhdV9pZF90IGF1 aWQsIHVpZF90IGV1aWQsIGdpZF90IGVnaWQsIHVpZF90IHJ1aWQsCiAgICAgZ2lkX3QgcmdpZCwg cGlkX3QgcGlkLCBhdV9hc2lkX3Qgc2lkLCBhdV90aWRfYWRkcl90ICp0aWQpCiB7CisJdG9rZW5f dCAqdDsKKwl1X2NoYXIgKmRwdHIgPSBOVUxMOworCisJaWYgKHRpZC0+YXRfdHlwZSA9PSBBVV9J UHY0KQorCQlHRVRfVE9LRU5fQVJFQSh0LCBkcHRyLCBzaXplb2YodV9jaGFyKSArIAorCQkgICAg NyAqIHNpemVvZih1X2ludDMyX3QpICsgc2l6ZW9mKHVfaW50NjRfdCkgKworCQkgICAgMiAqIHNp emVvZih1X2ludDMyX3QpKTsKKwllbHNlIGlmICh0aWQtPmF0X3R5cGUgPT0gQVVfSVB2NikKKwkJ R0VUX1RPS0VOX0FSRUEodCwgZHB0ciwgc2l6ZW9mKHVfY2hhcikgKworCQkgICAgNyAqIHNpemVv Zih1X2ludDMyX3QpICsgc2l6ZW9mKHVfaW50NjRfdCkgKworCQkgICAgNSAqIHNpemVvZih1X2lu dDMyX3QpKTsKKwllbHNlIHsKKwkJZXJybm8gPSBFSU5WQUw7CisJCXJldHVybiAoTlVMTCk7CisJ fQorCWlmICh0ID09IE5VTEwpCisJCXJldHVybiAoTlVMTCk7CisKKwlBRERfVV9DSEFSKGRwdHIs IEFVVF9QUk9DRVNTNjRfRVgpOworCUFERF9VX0lOVDMyKGRwdHIsIGF1aWQpOworCUFERF9VX0lO VDMyKGRwdHIsIGV1aWQpOworCUFERF9VX0lOVDMyKGRwdHIsIGVnaWQpOworCUFERF9VX0lOVDMy KGRwdHIsIHJ1aWQpOworCUFERF9VX0lOVDMyKGRwdHIsIHJnaWQpOworCUFERF9VX0lOVDMyKGRw dHIsIHBpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgc2lkKTsKKwlBRERfVV9JTlQ2NChkcHRyLCB0 aWQtPmF0X3BvcnQpOworCUFERF9VX0lOVDMyKGRwdHIsIHRpZC0+YXRfdHlwZSk7CisJQUREX1Vf SU5UMzIoZHB0ciwgdGlkLT5hdF9hZGRyWzBdKTsKKwlpZiAodGlkLT5hdF90eXBlID09IEFVX0lQ djYpIHsKKwkJQUREX1VfSU5UMzIoZHB0ciwgdGlkLT5hdF9hZGRyWzFdKTsKKwkJQUREX1VfSU5U MzIoZHB0ciwgdGlkLT5hdF9hZGRyWzJdKTsKKwkJQUREX1VfSU5UMzIoZHB0ciwgdGlkLT5hdF9h ZGRyWzNdKTsKKwl9CiAKLQllcnJubyA9IEVOT1RTVVA7Ci0JcmV0dXJuIChOVUxMKTsKKwlyZXR1 cm4gKHQpOwogfQogCiB0b2tlbl90ICoKQEAgLTk0NCw5ICsxMDMxLDI2IEBACiBhdV90b19zdWJq ZWN0NjQoYXVfaWRfdCBhdWlkLCB1aWRfdCBldWlkLCBnaWRfdCBlZ2lkLCB1aWRfdCBydWlkLCBn aWRfdCByZ2lkLAogICAgIHBpZF90IHBpZCwgYXVfYXNpZF90IHNpZCwgYXVfdGlkX3QgKnRpZCkK IHsKKwl0b2tlbl90ICp0OworCXVfY2hhciAqZHB0ciA9IE5VTEw7CisKKwlHRVRfVE9LRU5fQVJF QSh0LCBkcHRyLCBzaXplb2YodV9jaGFyKSArIDcgKiBzaXplb2YodV9pbnQzMl90KSArCisJICAg IHNpemVvZih1X2ludDY0X3QpICsgc2l6ZW9mKHVfaW50MzJfdCkpOworCWlmICh0ID09IE5VTEwp CisJCXJldHVybiAoTlVMTCk7CiAKLQllcnJubyA9IEVOT1RTVVA7Ci0JcmV0dXJuIChOVUxMKTsK KwlBRERfVV9DSEFSKGRwdHIsIEFVVF9TVUJKRUNUNjQpOworCUFERF9VX0lOVDMyKGRwdHIsIGF1 aWQpOworCUFERF9VX0lOVDMyKGRwdHIsIGV1aWQpOworCUFERF9VX0lOVDMyKGRwdHIsIGVnaWQp OworCUFERF9VX0lOVDMyKGRwdHIsIHJ1aWQpOworCUFERF9VX0lOVDMyKGRwdHIsIHJnaWQpOwor CUFERF9VX0lOVDMyKGRwdHIsIHBpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgc2lkKTsKKwlBRERf VV9JTlQ2NChkcHRyLCB0aWQtPnBvcnQpOworCUFERF9NRU0oZHB0ciwgJnRpZC0+bWFjaGluZSwg c2l6ZW9mKHVfaW50MzJfdCkpOworCisJcmV0dXJuICh0KTsKIH0KIAogdG9rZW5fdCAqCkBAIC0x MDE2LDkgKzExMjAsNDIgQEAKIGF1X3RvX3N1YmplY3Q2NF9leChhdV9pZF90IGF1aWQsIHVpZF90 IGV1aWQsIGdpZF90IGVnaWQsIHVpZF90IHJ1aWQsCiAgICAgZ2lkX3QgcmdpZCwgcGlkX3QgcGlk LCBhdV9hc2lkX3Qgc2lkLCBhdV90aWRfYWRkcl90ICp0aWQpCiB7CisJdG9rZW5fdCAqdDsKKwl1 X2NoYXIgKmRwdHIgPSBOVUxMOworCisJaWYgKHRpZC0+YXRfdHlwZSA9PSBBVV9JUHY0KQorCQlH RVRfVE9LRU5fQVJFQSh0LCBkcHRyLCBzaXplb2YodV9jaGFyKSArCisJCSAgICA3ICogc2l6ZW9m KHVfaW50MzJfdCkgKyBzaXplb2YodV9pbnQ2NF90KSArCisJCSAgICAyICogc2l6ZW9mKHVfaW50 MzJfdCkpOworCWVsc2UgaWYgKHRpZC0+YXRfdHlwZSA9PSBBVV9JUHY2KQorCQlHRVRfVE9LRU5f QVJFQSh0LCBkcHRyLCBzaXplb2YodV9jaGFyKSArCisJCSAgICA3ICogc2l6ZW9mKHVfaW50MzJf dCkgKyBzaXplb2YodV9pbnQ2NF90KSArCisJCSAgICA1ICogc2l6ZW9mKHVfaW50MzJfdCkpOwor CWVsc2UgeworCQllcnJubyA9IEVJTlZBTDsKKwkJcmV0dXJuIChOVUxMKTsKKwl9CisJaWYgKHQg PT0gTlVMTCkKKwkJcmV0dXJuIChOVUxMKTsKKworCUFERF9VX0NIQVIoZHB0ciwgQVVUX1NVQkpF Q1Q2NF9FWCk7CisJQUREX1VfSU5UMzIoZHB0ciwgYXVpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwg ZXVpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgZWdpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcnVp ZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcmdpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcGlkKTsK KwlBRERfVV9JTlQzMihkcHRyLCBzaWQpOworCUFERF9VX0lOVDY0KGRwdHIsIHRpZC0+YXRfcG9y dCk7CisJQUREX1VfSU5UMzIoZHB0ciwgdGlkLT5hdF90eXBlKTsKKwlBRERfVV9JTlQzMihkcHRy LCB0aWQtPmF0X2FkZHJbMF0pOworCWlmICh0aWQtPmF0X3R5cGUgPT0gQVVfSVB2NikgeworCQlB RERfVV9JTlQzMihkcHRyLCB0aWQtPmF0X2FkZHJbMV0pOworCQlBRERfVV9JTlQzMihkcHRyLCB0 aWQtPmF0X2FkZHJbMl0pOworCQlBRERfVV9JTlQzMihkcHRyLCB0aWQtPmF0X2FkZHJbM10pOwor CX0KIAotCWVycm5vID0gRU5PVFNVUDsKLQlyZXR1cm4gKE5VTEwpOworCXJldHVybiAodCk7CiB9 CiAKIHRva2VuX3QgKgpAQCAtMTE2Niw2ICsxMzAzLDMzIEBACiAJcmV0dXJuICh0KTsKIH0KIAor dG9rZW5fdCAqCithdV90b19oZWFkZXI2NF90bShpbnQgcmVjX3NpemUsIGF1X2V2ZW50X3QgZV90 eXBlLCBhdV9lbW9kX3QgZV9tb2QsCisgICAgc3RydWN0IHRpbWV2YWwgdG0pCit7CisJdG9rZW5f dCAqdDsKKwl1X2NoYXIgKmRwdHIgPSBOVUxMOworCXVfaW50MzJfdCB0aW1lbXM7CisKKwlHRVRf VE9LRU5fQVJFQSh0LCBkcHRyLCBzaXplb2YodV9jaGFyKSArIHNpemVvZih1X2ludDMyX3QpICsK KwkgICAgc2l6ZW9mKHVfY2hhcikgKyAyICogc2l6ZW9mKHVfaW50MTZfdCkgKyAyICogc2l6ZW9m KHVfaW50NjRfdCkpOworCWlmICh0ID09IE5VTEwpCisJCXJldHVybiAoTlVMTCk7CisKKwlBRERf VV9DSEFSKGRwdHIsIEFVVF9IRUFERVI2NCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcmVjX3NpemUp OworCUFERF9VX0NIQVIoZHB0ciwgQVVESVRfSEVBREVSX1ZFUlNJT05fT1BFTkJTTSk7CisJQURE X1VfSU5UMTYoZHB0ciwgZV90eXBlKTsKKwlBRERfVV9JTlQxNihkcHRyLCBlX21vZCk7CisKKwl0 aW1lbXMgPSB0bS50dl91c2VjLzEwMDA7CisJLyogQWRkIHRoZSB0aW1lc3RhbXAgKi8KKwlBRERf VV9JTlQ2NChkcHRyLCB0bS50dl9zZWMpOworCUFERF9VX0lOVDY0KGRwdHIsIHRpbWVtcyk7CS8q IFdlIG5lZWQgdGltZSBpbiBtcy4gKi8KKworCXJldHVybiAodCk7Cit9CisKICNpZiAhZGVmaW5l ZChLRVJORUwpICYmICFkZWZpbmVkKF9LRVJORUwpCiB0b2tlbl90ICoKIGF1X3RvX2hlYWRlcjMy KGludCByZWNfc2l6ZSwgYXVfZXZlbnRfdCBlX3R5cGUsIGF1X2Vtb2RfdCBlX21vZCkKQEAgLTEx ODEsOSArMTM0NSwxMSBAQAogYXVfdG9faGVhZGVyNjQoX191bnVzZWQgaW50IHJlY19zaXplLCBf X3VudXNlZCBhdV9ldmVudF90IGVfdHlwZSwKICAgICBfX3VudXNlZCBhdV9lbW9kX3QgZV9tb2Qp CiB7CisJc3RydWN0IHRpbWV2YWwgdG07CiAKLQllcnJubyA9IEVOT1RTVVA7Ci0JcmV0dXJuIChO VUxMKTsKKwlpZiAoZ2V0dGltZW9mZGF5KCZ0bSwgTlVMTCkgPT0gLTEpCisJCXJldHVybiAoTlVM TCk7CisJcmV0dXJuIChhdV90b19oZWFkZXI2NF90bShyZWNfc2l6ZSwgZV90eXBlLCBlX21vZCwg dG0pKTsKIH0KIAogdG9rZW5fdCAqCg== ------=_Part_89867_23814094.1163368798140-- From owner-trustedbsd-audit@FreeBSD.ORG Mon Nov 13 15:17:30 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABCBC16A40F; Mon, 13 Nov 2006 15:17:30 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id A46854417F; Mon, 13 Nov 2006 14:56:26 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id B97B946CF4; Mon, 13 Nov 2006 09:56:00 -0500 (EST) Date: Mon, 13 Nov 2006 14:56:00 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20061113145030.F38359@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-discuss@TrustedBSD.org Subject: SecurityFocus.com interview on FreeBSD 6.2 audit support X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2006 15:17:30 -0000 Federico Biancuzzi of SecurityFocus.com interviewed me for an article that went up a couple of days ago on the FreeBSD audit implementation: http://www.securityfocus.com/columnists/422 FreeBSD 6.2-RELEASE, the first version on FreeBSD that will ship with integrated support for security audit, will be released in the next month (or so). Robert N M Watson Computer Laboratory University of Cambridg From owner-trustedbsd-audit@FreeBSD.ORG Mon Nov 13 15:23:19 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA98E16A6E5 for ; Mon, 13 Nov 2006 15:23:19 +0000 (UTC) (envelope-from martin_voros@yahoo.com) Received: from web55504.mail.re4.yahoo.com (web55504.mail.re4.yahoo.com [206.190.58.213]) by mx1.FreeBSD.org (Postfix) with SMTP id 3EE8B4415A for ; Mon, 13 Nov 2006 15:13:55 +0000 (GMT) (envelope-from martin_voros@yahoo.com) Received: (qmail 26311 invoked by uid 60001); 13 Nov 2006 15:13:41 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=xl8EIHPMpwFtTq3YTriyL3JhVylLKEhEY//EKDYSsbYFEqH1ezXBbQ3kMN4Sp/GWQPcrxgaykqXz0UxEmuCuZDil62voDwzJKRusT/5xFyfehvXj8jsWJwMOaMTQOn6SI96F9+a60ybInLqsho0/PaHXzG8q0fuuBNPhXV4Klm0= ; Message-ID: <20061113151341.26309.qmail@web55504.mail.re4.yahoo.com> Received: from [193.136.122.18] by web55504.mail.re4.yahoo.com via HTTP; Mon, 13 Nov 2006 07:13:41 PST Date: Mon, 13 Nov 2006 07:13:41 -0800 (PST) From: Martin Voros To: trustedbsd-audit@freebsd.org In-Reply-To: <1b0798830611121359r877d4ces5182f1ec1eb2b646@mail.gmail.com> MIME-Version: 1.0 X-Mailman-Approved-At: Mon, 13 Nov 2006 18:58:02 +0000 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2006 15:23:19 -0000 Hi, Diego Giagio wrote: On 11/11/06, Diego Giagio wrote: > Hi, > > I've been looking at OpenBSM 1.0a12 distribution's TODO list and would > like to start contributing. The first item on the list appears to have > already been commited (praudit with XML output) so I'm skipping it. > The next one is for adding support for some newer 64-bit tokens to > libbsm. Is there anyone already working on this one? Well, since I received no answer I created myself a patch to implement some 64-bit tokens that were ENOTSUP on the distribution. They are: au_to_attr64 au_to_process64 au_to_process64_ex au_to_subject64 au_to_subject64_ex au_to_header64 (and newly created au_to_header64_tm) The tokens were based on existing tokens (*32) and OpenSolaris BSM implementation. The patch applies to OPENBSM_1_0_ALPHA_12. It's not yet fully tested, so be warned. $ cd openbsm $ patch -p1 < tokens64.patch I think that you should also define output functions (bsm_io.c) in your patch, because now it's not possible to display new tokens by praudit. Best regards MV --------------------------------- Want to start your own business? Learn how on Yahoo! Small Business. From owner-trustedbsd-audit@FreeBSD.ORG Mon Nov 13 19:34:23 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21EA816A4A0 for ; Mon, 13 Nov 2006 19:34:23 +0000 (UTC) (envelope-from dgiagio@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 995A243D60 for ; Mon, 13 Nov 2006 19:33:32 +0000 (GMT) (envelope-from dgiagio@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so1028038uge for ; Mon, 13 Nov 2006 11:33:32 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=d6ruXQ4dD4yPuPtCgIckPw3kFndSpcgrPZcxLDX5fPphm99zRc+pmks0MjrZ7sy0PqxKi2Yqp8zg4ZKwIXSqaE2rdt3k70tqNBcX3UZFPb0BxzRwymdeQiaW7WfIZuyOuvLP+lm81ZNDuddN7Yy+Jc4/HJpG/sjwhSMLnKFLMoE= Received: by 10.67.30.6 with SMTP id h6mr8619652ugj.1163446411727; Mon, 13 Nov 2006 11:33:31 -0800 (PST) Received: by 10.67.30.9 with HTTP; Mon, 13 Nov 2006 11:33:30 -0800 (PST) Message-ID: <1b0798830611131133q2c65d167if18fdd291bdfb391@mail.gmail.com> Date: Mon, 13 Nov 2006 17:33:30 -0200 From: "Diego Giagio" To: "Martin Voros" In-Reply-To: <20061113151341.26309.qmail@web55504.mail.re4.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1b0798830611121359r877d4ces5182f1ec1eb2b646@mail.gmail.com> <20061113151341.26309.qmail@web55504.mail.re4.yahoo.com> Cc: trustedbsd-audit@freebsd.org Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2006 19:34:23 -0000 On 11/13/06, Martin Voros wrote: > Hi, > > I think that you should also define output functions (bsm_io.c) in your patch, because now it's not possible to display new tokens by praudit. > Hi Martin, Thanks for pointing that out. I'll add those functions and re-submit the patch. Thanks. DG From owner-trustedbsd-audit@FreeBSD.ORG Wed Nov 15 00:25:42 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A01A016A494 for ; Wed, 15 Nov 2006 00:25:42 +0000 (UTC) (envelope-from dgiagio@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id B37A743F44 for ; Wed, 15 Nov 2006 00:21:25 +0000 (GMT) (envelope-from dgiagio@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so7921uge for ; Tue, 14 Nov 2006 16:21:11 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=ZzYDJe0QIP66b5YYqwTDMor4zM8SETBW+9ti4GxVtk04Ohf6ztR2lKwLj87zFVa0/8IpcytKKPqLFshQZU4NI9rKKZIjuX89ETbKLtPC8uFsNU2mgI3cW4HuvolNNZWMjGmH2b8OhSg3+9zSuSm8284OL7s+tEq3lwuw46wAxrQ= Received: by 10.67.19.17 with SMTP id w17mr530646ugi.1163550070933; Tue, 14 Nov 2006 16:21:10 -0800 (PST) Received: by 10.67.30.9 with HTTP; Tue, 14 Nov 2006 16:21:10 -0800 (PST) Message-ID: <1b0798830611141621s49b30399l68a2241be3e91dc3@mail.gmail.com> Date: Tue, 14 Nov 2006 22:21:10 -0200 From: "Diego Giagio" To: "Martin Voros" In-Reply-To: <1b0798830611131133q2c65d167if18fdd291bdfb391@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_18902_5933769.1163550070888" References: <1b0798830611121359r877d4ces5182f1ec1eb2b646@mail.gmail.com> <20061113151341.26309.qmail@web55504.mail.re4.yahoo.com> <1b0798830611131133q2c65d167if18fdd291bdfb391@mail.gmail.com> Cc: trustedbsd-audit@freebsd.org Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2006 00:25:42 -0000 ------=_Part_18902_5933769.1163550070888 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline On 11/13/06, Diego Giagio wrote: > On 11/13/06, Martin Voros wrote: > > Hi, > > > > I think that you should also define output functions (bsm_io.c) in your patch, because now it's not possible to display new tokens by praudit. > > > > Thanks for pointing that out. I'll add those functions and re-submit the patch. > The new patch is attached. All needed output functions were implemented. DG ------=_Part_18902_5933769.1163550070888 Content-Type: application/octet-stream; name=tokens64_2.patch Content-Transfer-Encoding: base64 X-Attachment-Id: f_euizmlfo Content-Disposition: attachment; filename="tokens64_2.patch" ZGlmZiAtdSAtciBvcGVuYnNtL2JzbS9hdWRpdF9yZWNvcmQuaCBvcGVuYnNtLWRnaWFnaW8vYnNt L2F1ZGl0X3JlY29yZC5oCi0tLSBvcGVuYnNtL2JzbS9hdWRpdF9yZWNvcmQuaAkyMDA2LTA5LTI0 IDE3OjIwOjAzLjAwMDAwMDAwMCAtMDMwMAorKysgb3BlbmJzbS1kZ2lhZ2lvL2JzbS9hdWRpdF9y ZWNvcmQuaAkyMDA2LTExLTEyIDE5OjMxOjIxLjAwMDAwMDAwMCAtMDIwMApAQCAtMjQ2LDYgKzI0 Niw4IEBACiAKIHRva2VuX3QJKmF1X3RvX2hlYWRlcjMyX3RtKGludCByZWNfc2l6ZSwgYXVfZXZl bnRfdCBlX3R5cGUsIGF1X2Vtb2RfdCBlX21vZCwKIAkgICAgc3RydWN0IHRpbWV2YWwgdG0pOwor dG9rZW5fdAkqYXVfdG9faGVhZGVyNjRfdG0oaW50IHJlY19zaXplLCBhdV9ldmVudF90IGVfdHlw ZSwgYXVfZW1vZF90IGVfbW9kLAorCSAgICBzdHJ1Y3QgdGltZXZhbCB0bSk7CiAjaWYgIWRlZmlu ZWQoS0VSTkVMKSAmJiAhZGVmaW5lZChfS0VSTkVMKQogdG9rZW5fdAkqYXVfdG9faGVhZGVyKGlu dCByZWNfc2l6ZSwgYXVfZXZlbnRfdCBlX3R5cGUsIGF1X2Vtb2RfdCBlX21vZCk7CiB0b2tlbl90 CSphdV90b19oZWFkZXIzMihpbnQgcmVjX3NpemUsIGF1X2V2ZW50X3QgZV90eXBlLCBhdV9lbW9k X3QgZV9tb2QpOwpkaWZmIC11IC1yIG9wZW5ic20vYnNtL2xpYmJzbS5oIG9wZW5ic20tZGdpYWdp by9ic20vbGliYnNtLmgKLS0tIG9wZW5ic20vYnNtL2xpYmJzbS5oCTIwMDYtMDktMjQgMTc6MjA6 MDMuMDAwMDAwMDAwIC0wMzAwCisrKyBvcGVuYnNtLWRnaWFnaW8vYnNtL2xpYmJzbS5oCTIwMDYt MTEtMTQgMjI6MTA6MjYuMDAwMDAwMDAwIC0wMjAwCkBAIC0xNjQsNiArMTY0LDEyIEBACiAJdV9p bnQzMl90CWFkZHJbNF07CiB9IGF1X3RpZGFkZHIzMl90OwogCit0eXBlZGVmIHN0cnVjdCBhdV90 aWRhZGRyNjQgeworCXVfaW50NjRfdAlwb3J0OworCXVfaW50MzJfdAl0eXBlOworCXVfaW50MzJf dAlhZGRyWzRdOworfSBhdV90aWRhZGRyNjRfdDsKKwogLyoKICAqIGFyZ3VtZW50ICMgICAgICAg ICAgICAgIDEgYnl0ZQogICogYXJndW1lbnQgdmFsdWUgICAgICAgICAgNCBieXRlcy84IGJ5dGVz ICgzMi1iaXQvNjQtYml0IHZhbHVlKQpAQCAtNDgzLDYgKzQ4OSwxNyBAQAogCWF1X3RpZGFkZHIz Ml90CXRpZDsKIH0gYXVfcHJvYzMyZXhfdDsKIAordHlwZWRlZiBzdHJ1Y3QgeworCXVfaW50MzJf dAlhdWlkOworCXVfaW50MzJfdAlldWlkOworCXVfaW50MzJfdAllZ2lkOworCXVfaW50MzJfdAly dWlkOworCXVfaW50MzJfdAlyZ2lkOworCXVfaW50MzJfdAlwaWQ7CisJdV9pbnQzMl90CXNpZDsK KwlhdV90aWRhZGRyNjRfdAl0aWQ7Cit9IGF1X3Byb2M2NGV4X3Q7CisKIC8qCiAgKiBlcnJvciBz dGF0dXMgICAgICAgICAgICAxIGJ5dGUKICAqIHJldHVybiB2YWx1ZSAgICAgICAgICAgIDQgYnl0 ZXMvOCBieXRlcyAoMzItYml0LzY0LWJpdCB2YWx1ZSkKQEAgLTYxNiw2ICs2MzMsMTcgQEAKIAlh dV90aWRhZGRyMzJfdAl0aWQ7CiB9IGF1X3N1YmplY3QzMmV4X3Q7CiAKK3R5cGVkZWYgc3RydWN0 IHsKKwl1X2ludDMyX3QJYXVpZDsKKwl1X2ludDMyX3QJZXVpZDsKKwl1X2ludDMyX3QJZWdpZDsK Kwl1X2ludDMyX3QJcnVpZDsKKwl1X2ludDMyX3QJcmdpZDsKKwl1X2ludDMyX3QJcGlkOworCXVf aW50MzJfdAlzaWQ7CisJYXVfdGlkYWRkcjY0X3QJdGlkOworfSBhdV9zdWJqZWN0NjRleF90Owor CiAvKgogICogdGV4dCBsZW5ndGggICAgICAgICAgICAgMiBieXRlcwogICogdGV4dCAgICAgICAg ICAgICAgICAgICAgTiBieXRlcyArIDEgdGVybWluYXRpbmcgTlVMTCBieXRlCkBAIC02NzUsOCAr NzAzLDkgQEAKIAkJYXVfb3BhcXVlX3QJCW9wYXF1ZTsKIAkJYXVfcGF0aF90CQlwYXRoOwogCQlh dV9wcm9jMzJfdAkJcHJvYzMyOwotCQlhdV9wcm9jNjRfdAkJcHJvYzY0OwogCQlhdV9wcm9jMzJl eF90CQlwcm9jMzJfZXg7CisJCWF1X3Byb2M2NF90CQlwcm9jNjQ7CisJCWF1X3Byb2M2NGV4X3QJ CXByb2M2NF9leDsKIAkJYXVfcmV0MzJfdAkJcmV0MzI7CiAJCWF1X3JldDY0X3QJCXJldDY0Owog CQlhdV9zZXFfdAkJc2VxOwpAQCAtNjg1LDggKzcxNCw5IEBACiAJCWF1X3NvY2tldGluZXQzMl90 CXNvY2tpbmV0MzI7CiAJCWF1X3NvY2tldHVuaXhfdAkJc29ja3VuaXg7CiAJCWF1X3N1YmplY3Qz Ml90CQlzdWJqMzI7Ci0JCWF1X3N1YmplY3Q2NF90CQlzdWJqNjQ7CiAJCWF1X3N1YmplY3QzMmV4 X3QJc3ViajMyX2V4OworCQlhdV9zdWJqZWN0NjRfdAkJc3ViajY0OworCQlhdV9zdWJqZWN0NjRl eF90CXN1Ymo2NF9leDsKIAkJYXVfdGV4dF90CQl0ZXh0OwogCQlhdV9rZXZlbnRfdAkJa2V2ZW50 OwogCQlhdV9pbnZhbGlkX3QJCWludmFsaWQ7CmRpZmYgLXUgLXIgb3BlbmJzbS9saWJic20vYnNt X2lvLmMgb3BlbmJzbS1kZ2lhZ2lvL2xpYmJzbS9ic21faW8uYwotLS0gb3BlbmJzbS9saWJic20v YnNtX2lvLmMJMjAwNi0wOS0yNCAxNzoyMDoxMC4wMDAwMDAwMDAgLTAzMDAKKysrIG9wZW5ic20t ZGdpYWdpby9saWJic20vYnNtX2lvLmMJMjAwNi0xMS0xNCAyMjowMToxMi4wMDAwMDAwMDAgLTAy MDAKQEAgLTE3NzgsNiArMTc3OCwxMDUgQEAKIAlwcmludF9pcF9hZGRyZXNzKGZwLCB0b2stPnR0 LnByb2MzMi50aWQuYWRkcik7CiB9CiAKKy8qCisgKiB0b2tlbiBJRCAgICAgICAgICAgICAgICAg ICAgIDEgYnl0ZQorICogYXVkaXQgSUQgICAgICAgICAgICAgICAgICAgICA0IGJ5dGVzCisgKiBl dWlkICAgICAgICAgICAgICAgICAgICAgICAgIDQgYnl0ZXMKKyAqIGVnaWQgICAgICAgICAgICAg ICAgICAgICAgICAgNCBieXRlcworICogcnVpZCAgICAgICAgICAgICAgICAgICAgICAgICA0IGJ5 dGVzCisgKiByZ2lkICAgICAgICAgICAgICAgICAgICAgICAgIDQgYnl0ZXMKKyAqIHBpZCAgICAg ICAgICAgICAgICAgICAgICAgICAgNCBieXRlcworICogc2Vzc2lkICAgICAgICAgICAgICAgICAg ICAgICA0IGJ5dGVzCisgKiB0ZXJtaW5hbCBJRAorICogICBwb3J0aWQgICAgICAgICAgICAgOCBi eXRlcworICogICBtYWNoaW5lIGlkICAgICAgICAgNCBieXRlcworICovCitzdGF0aWMgaW50Citm ZXRjaF9wcm9jZXNzNjRfdG9rKHRva2Vuc3RyX3QgKnRvaywgY2hhciAqYnVmLCBpbnQgbGVuKQor eworCWludCBlcnIgPSAwOworCisJUkVBRF9UT0tFTl9VX0lOVDMyKGJ1ZiwgbGVuLCB0b2stPnR0 LnByb2M2NC5hdWlkLCB0b2stPmxlbiwgZXJyKTsKKwlpZiAoZXJyKQorCQlyZXR1cm4gKC0xKTsK KworCVJFQURfVE9LRU5fVV9JTlQzMihidWYsIGxlbiwgdG9rLT50dC5wcm9jNjQuZXVpZCwgdG9r LT5sZW4sIGVycik7CisJaWYgKGVycikKKwkJcmV0dXJuICgtMSk7CisKKwlSRUFEX1RPS0VOX1Vf SU5UMzIoYnVmLCBsZW4sIHRvay0+dHQucHJvYzY0LmVnaWQsIHRvay0+bGVuLCBlcnIpOworCWlm IChlcnIpCisJCXJldHVybiAoLTEpOworCisJUkVBRF9UT0tFTl9VX0lOVDMyKGJ1ZiwgbGVuLCB0 b2stPnR0LnByb2M2NC5ydWlkLCB0b2stPmxlbiwgZXJyKTsKKwlpZiAoZXJyKQorCQlyZXR1cm4g KC0xKTsKKworCVJFQURfVE9LRU5fVV9JTlQzMihidWYsIGxlbiwgdG9rLT50dC5wcm9jNjQucmdp ZCwgdG9rLT5sZW4sIGVycik7CisJaWYgKGVycikKKwkJcmV0dXJuICgtMSk7CisKKwlSRUFEX1RP S0VOX1VfSU5UMzIoYnVmLCBsZW4sIHRvay0+dHQucHJvYzY0LnBpZCwgdG9rLT5sZW4sIGVycik7 CisJaWYgKGVycikKKwkJcmV0dXJuICgtMSk7CisKKwlSRUFEX1RPS0VOX1VfSU5UMzIoYnVmLCBs ZW4sIHRvay0+dHQucHJvYzY0LnNpZCwgdG9rLT5sZW4sIGVycik7CisJaWYgKGVycikKKwkJcmV0 dXJuICgtMSk7CisKKwlSRUFEX1RPS0VOX1VfSU5UNjQoYnVmLCBsZW4sIHRvay0+dHQucHJvYzY0 LnRpZC5wb3J0LCB0b2stPmxlbiwgZXJyKTsKKwlpZiAoZXJyKQorCQlyZXR1cm4gKC0xKTsKKwor CVJFQURfVE9LRU5fQllURVMoYnVmLCBsZW4sICZ0b2stPnR0LnByb2M2NC50aWQuYWRkciwKKwkg ICAgc2l6ZW9mKHRvay0+dHQucHJvYzY0LnRpZC5hZGRyKSwgdG9rLT5sZW4sIGVycik7CisJaWYg KGVycikKKwkJcmV0dXJuICgtMSk7CisKKwlyZXR1cm4gKDApOworfQorCitzdGF0aWMgdm9pZAor cHJpbnRfcHJvY2VzczY0X3RvayhGSUxFICpmcCwgdG9rZW5zdHJfdCAqdG9rLCBjaGFyICpkZWws IGNoYXIgcmF3LAorICAgIF9fdW51c2VkIGNoYXIgc2ZybSkKK3sKKworCXByaW50X3Rva190eXBl KGZwLCB0b2stPmlkLCAicHJvY2VzcyIsIHJhdyk7CisJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJ cHJpbnRfdXNlcihmcCwgdG9rLT50dC5wcm9jNjQuYXVpZCwgcmF3KTsKKwlwcmludF9kZWxpbShm cCwgZGVsKTsKKwlwcmludF91c2VyKGZwLCB0b2stPnR0LnByb2M2NC5ldWlkLCByYXcpOworCXBy aW50X2RlbGltKGZwLCBkZWwpOworCXByaW50X2dyb3VwKGZwLCB0b2stPnR0LnByb2M2NC5lZ2lk LCByYXcpOworCXByaW50X2RlbGltKGZwLCBkZWwpOworCXByaW50X3VzZXIoZnAsIHRvay0+dHQu cHJvYzY0LnJ1aWQsIHJhdyk7CisJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJcHJpbnRfZ3JvdXAo ZnAsIHRvay0+dHQucHJvYzY0LnJnaWQsIHJhdyk7CisJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJ cHJpbnRfNF9ieXRlcyhmcCwgdG9rLT50dC5wcm9jNjQucGlkLCAiJXUiKTsKKwlwcmludF9kZWxp bShmcCwgZGVsKTsKKwlwcmludF80X2J5dGVzKGZwLCB0b2stPnR0LnByb2M2NC5zaWQsICIldSIp OworCXByaW50X2RlbGltKGZwLCBkZWwpOworCXByaW50XzhfYnl0ZXMoZnAsIHRvay0+dHQucHJv YzY0LnRpZC5wb3J0LCAiJWxsdSIpOworCXByaW50X2RlbGltKGZwLCBkZWwpOworCXByaW50X2lw X2FkZHJlc3MoZnAsIHRvay0+dHQucHJvYzY0LnRpZC5hZGRyKTsKK30KKworCisvKiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCisgKiB0b2tlbiBJ RCAgICAgICAgICAgICAgICAxIGJ5dGUgICAgICAgICAgICAgICAgICAgICAgCisgKiBhdWRpdCBJ RCAgICAgICAgICAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisgKiBlZmZlY3Rp dmUgdXNlciBJRCAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisgKiBlZmZlY3Rp dmUgZ3JvdXAgSUQgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisgKiByZWFsIHVz ZXIgSUQgICAgICAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisgKiByZWFsIGdy b3VwIElEICAgICAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisgKiBwcm9jZXNz IElEICAgICAgICAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisgKiBzZXNzaW9u IElEICAgICAgICAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisgKiB0ZXJtaW5h bCBJRCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCisgKiAgIHBvcnQg SUQgICAgICAgICAgICAgICA0IGJ5dGVzCisgKiAgIGFkZHJlc3MgdHlwZS1sZW4gICAgICA0IGJ5 dGVzICAgICAgICAgICAgICAgICAgICAgCisgKiAgIG1hY2hpbmUgYWRkcmVzcyAgICAgIDE2IGJ5 dGVzICAgICAgICAgICAgICAgICAgICAgCisgKi8KIHN0YXRpYyBpbnQKIGZldGNoX3Byb2Nlc3Mz MmV4X3Rvayh0b2tlbnN0cl90ICp0b2ssIGNoYXIgKmJ1ZiwgaW50IGxlbikKIHsKQEAgLTE4NjQs NiArMTk2MywxMDYgQEAKIAkgICAgdG9rLT50dC5wcm9jMzJfZXgudGlkLmFkZHIpOwogfQogCisv KiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCisg KiB0b2tlbiBJRCAgICAgICAgICAgICAgICAxIGJ5dGUgICAgICAgICAgICAgICAgICAgICAgCisg KiBhdWRpdCBJRCAgICAgICAgICAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisg KiBlZmZlY3RpdmUgdXNlciBJRCAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisg KiBlZmZlY3RpdmUgZ3JvdXAgSUQgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisg KiByZWFsIHVzZXIgSUQgICAgICAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisg KiByZWFsIGdyb3VwIElEICAgICAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisg KiBwcm9jZXNzIElEICAgICAgICAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisg KiBzZXNzaW9uIElEICAgICAgICAgICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisg KiB0ZXJtaW5hbCBJRCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCisg KiAgIHBvcnQgSUQgICAgICAgICAgICAgICA4IGJ5dGVzCisgKiAgIGFkZHJlc3MgdHlwZS1sZW4g ICAgICA0IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisgKiAgIG1hY2hpbmUgYWRkcmVzcyAg ICAgIDE2IGJ5dGVzICAgICAgICAgICAgICAgICAgICAgCisgKi8KK3N0YXRpYyBpbnQKK2ZldGNo X3Byb2Nlc3M2NGV4X3Rvayh0b2tlbnN0cl90ICp0b2ssIGNoYXIgKmJ1ZiwgaW50IGxlbikKK3sK KwlpbnQgZXJyID0gMDsKKworCVJFQURfVE9LRU5fVV9JTlQzMihidWYsIGxlbiwgdG9rLT50dC5w cm9jNjRfZXguYXVpZCwgdG9rLT5sZW4sIGVycik7CisJaWYgKGVycikKKwkJcmV0dXJuICgtMSk7 CisKKwlSRUFEX1RPS0VOX1VfSU5UMzIoYnVmLCBsZW4sIHRvay0+dHQucHJvYzY0X2V4LmV1aWQs IHRvay0+bGVuLCBlcnIpOworCWlmIChlcnIpCisJCXJldHVybiAoLTEpOworCisJUkVBRF9UT0tF Tl9VX0lOVDMyKGJ1ZiwgbGVuLCB0b2stPnR0LnByb2M2NF9leC5lZ2lkLCB0b2stPmxlbiwgZXJy KTsKKwlpZiAoZXJyKQorCQlyZXR1cm4gKC0xKTsKKworCVJFQURfVE9LRU5fVV9JTlQzMihidWYs IGxlbiwgdG9rLT50dC5wcm9jNjRfZXgucnVpZCwgdG9rLT5sZW4sIGVycik7CisJaWYgKGVycikK KwkJcmV0dXJuICgtMSk7CisKKwlSRUFEX1RPS0VOX1VfSU5UMzIoYnVmLCBsZW4sIHRvay0+dHQu cHJvYzY0X2V4LnJnaWQsIHRvay0+bGVuLCBlcnIpOworCWlmIChlcnIpCisJCXJldHVybiAoLTEp OworCisJUkVBRF9UT0tFTl9VX0lOVDMyKGJ1ZiwgbGVuLCB0b2stPnR0LnByb2M2NF9leC5waWQs IHRvay0+bGVuLCBlcnIpOworCWlmIChlcnIpCisJCXJldHVybiAoLTEpOworCisJUkVBRF9UT0tF Tl9VX0lOVDMyKGJ1ZiwgbGVuLCB0b2stPnR0LnByb2M2NF9leC5zaWQsIHRvay0+bGVuLCBlcnIp OworCWlmIChlcnIpCisJCXJldHVybiAoLTEpOworCisJUkVBRF9UT0tFTl9VX0lOVDY0KGJ1Ziwg bGVuLCB0b2stPnR0LnByb2M2NF9leC50aWQucG9ydCwgdG9rLT5sZW4sCisJICAgIGVycik7CisJ aWYgKGVycikKKwkJcmV0dXJuICgtMSk7CisKKwlSRUFEX1RPS0VOX1VfSU5UMzIoYnVmLCBsZW4s IHRvay0+dHQucHJvYzY0X2V4LnRpZC50eXBlLCB0b2stPmxlbiwKKwkgICAgZXJyKTsKKwlpZiAo ZXJyKQorCQlyZXR1cm4gKC0xKTsKKworCWlmICh0b2stPnR0LnByb2M2NF9leC50aWQudHlwZSA9 PSBBVV9JUHY0KSB7CisJCVJFQURfVE9LRU5fQllURVMoYnVmLCBsZW4sICZ0b2stPnR0LnByb2M2 NF9leC50aWQuYWRkclswXSwKKwkJICAgIHNpemVvZih0b2stPnR0LnByb2M2NF9leC50aWQuYWRk clswXSksIHRvay0+bGVuLCBlcnIpOworCQlpZiAoZXJyKQorCQkJcmV0dXJuICgtMSk7CisJfSBl bHNlIGlmICh0b2stPnR0LnByb2M2NF9leC50aWQudHlwZSA9PSBBVV9JUHY2KSB7CisJCVJFQURf VE9LRU5fQllURVMoYnVmLCBsZW4sIHRvay0+dHQucHJvYzY0X2V4LnRpZC5hZGRyLAorCQkgICAg c2l6ZW9mKHRvay0+dHQucHJvYzY0X2V4LnRpZC5hZGRyKSwgdG9rLT5sZW4sIGVycik7CisJCWlm IChlcnIpCisJCQlyZXR1cm4gKC0xKTsKKwl9IGVsc2UKKwkJcmV0dXJuICgtMSk7CisKKwlyZXR1 cm4gKDApOworfQorCitzdGF0aWMgdm9pZAorcHJpbnRfcHJvY2VzczY0ZXhfdG9rKEZJTEUgKmZw LCB0b2tlbnN0cl90ICp0b2ssIGNoYXIgKmRlbCwgY2hhciByYXcsCisgICAgX191bnVzZWQgY2hh ciBzZnJtKQoreworCisJcHJpbnRfdG9rX3R5cGUoZnAsIHRvay0+aWQsICJwcm9jZXNzX2V4Iiwg cmF3KTsKKwlwcmludF9kZWxpbShmcCwgZGVsKTsKKwlwcmludF91c2VyKGZwLCB0b2stPnR0LnBy b2M2NF9leC5hdWlkLCByYXcpOworCXByaW50X2RlbGltKGZwLCBkZWwpOworCXByaW50X3VzZXIo ZnAsIHRvay0+dHQucHJvYzY0X2V4LmV1aWQsIHJhdyk7CisJcHJpbnRfZGVsaW0oZnAsIGRlbCk7 CisJcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQucHJvYzY0X2V4LmVnaWQsIHJhdyk7CisJcHJpbnRf ZGVsaW0oZnAsIGRlbCk7CisJcHJpbnRfdXNlcihmcCwgdG9rLT50dC5wcm9jNjRfZXgucnVpZCwg cmF3KTsKKwlwcmludF9kZWxpbShmcCwgZGVsKTsKKwlwcmludF9ncm91cChmcCwgdG9rLT50dC5w cm9jNjRfZXgucmdpZCwgcmF3KTsKKwlwcmludF9kZWxpbShmcCwgZGVsKTsKKwlwcmludF80X2J5 dGVzKGZwLCB0b2stPnR0LnByb2M2NF9leC5waWQsICIldSIpOworCXByaW50X2RlbGltKGZwLCBk ZWwpOworCXByaW50XzRfYnl0ZXMoZnAsIHRvay0+dHQucHJvYzY0X2V4LnNpZCwgIiV1Iik7CisJ cHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJcHJpbnRfOF9ieXRlcyhmcCwgdG9rLT50dC5wcm9jNjRf ZXgudGlkLnBvcnQsICIlbGx1Iik7CisJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJcHJpbnRfaXBf ZXhfYWRkcmVzcyhmcCwgdG9rLT50dC5wcm9jNjRfZXgudGlkLnR5cGUsCisJICAgIHRvay0+dHQu cHJvYzY0X2V4LnRpZC5hZGRyKTsKK30KKwogLyoKICAqIGVycm5vICAgICAgICAgICAgICAgICAg ICAgICAgMSBieXRlCiAgKiByZXR1cm4gdmFsdWUgICAgICAgICA0IGJ5dGVzCkBAIC0yMzQ4LDYg KzI1NDcsMTA1IEBACiB9CiAKIC8qCisgKiBhdWRpdCBJRCAgICAgICAgICAgICAgICAgICAgIDQg Ynl0ZXMKKyAqIGV1aWQgICAgICAgICAgICAgICAgICAgICAgICAgNCBieXRlcworICogZWdpZCAg ICAgICAgICAgICAgICAgICAgICAgICA0IGJ5dGVzCisgKiBydWlkICAgICAgICAgICAgICAgICAg ICAgICAgIDQgYnl0ZXMKKyAqIHJnaWQgICAgICAgICAgICAgICAgICAgICAgICAgNCBieXRlcwor ICogcGlkICAgICAgICAgICAgICAgICAgICAgICAgICA0IGJ5dGVzCisgKiBzZXNzaWQgICAgICAg ICAgICAgICAgICAgICAgIDQgYnl0ZXMKKyAqIHRlcm1pbmFsIElECisgKiAgIHBvcnRpZCAgICAg ICAgICAgICA4IGJ5dGVzCisgKiAgIHR5cGUgICAgICAgICAgICAgICA0IGJ5dGVzCisgKiAgIG1h Y2hpbmUgaWQgICAgICAgICAxNiBieXRlcworICovCitzdGF0aWMgaW50CitmZXRjaF9zdWJqZWN0 NjRleF90b2sodG9rZW5zdHJfdCAqdG9rLCBjaGFyICpidWYsIGludCBsZW4pCit7CisJaW50IGVy ciA9IDA7CisKKwlSRUFEX1RPS0VOX1VfSU5UMzIoYnVmLCBsZW4sIHRvay0+dHQuc3ViajY0X2V4 LmF1aWQsIHRvay0+bGVuLCBlcnIpOworCWlmIChlcnIpCisJCXJldHVybiAoLTEpOworCisJUkVB RF9UT0tFTl9VX0lOVDMyKGJ1ZiwgbGVuLCB0b2stPnR0LnN1Ymo2NF9leC5ldWlkLCB0b2stPmxl biwgZXJyKTsKKwlpZiAoZXJyKQorCQlyZXR1cm4gKC0xKTsKKworCVJFQURfVE9LRU5fVV9JTlQz MihidWYsIGxlbiwgdG9rLT50dC5zdWJqNjRfZXguZWdpZCwgdG9rLT5sZW4sIGVycik7CisJaWYg KGVycikKKwkJcmV0dXJuICgtMSk7CisKKwlSRUFEX1RPS0VOX1VfSU5UMzIoYnVmLCBsZW4sIHRv ay0+dHQuc3ViajY0X2V4LnJ1aWQsIHRvay0+bGVuLCBlcnIpOworCWlmIChlcnIpCisJCXJldHVy biAoLTEpOworCisJUkVBRF9UT0tFTl9VX0lOVDMyKGJ1ZiwgbGVuLCB0b2stPnR0LnN1Ymo2NF9l eC5yZ2lkLCB0b2stPmxlbiwgZXJyKTsKKwlpZiAoZXJyKQorCQlyZXR1cm4gKC0xKTsKKworCVJF QURfVE9LRU5fVV9JTlQzMihidWYsIGxlbiwgdG9rLT50dC5zdWJqNjRfZXgucGlkLCB0b2stPmxl biwgZXJyKTsKKwlpZiAoZXJyKQorCQlyZXR1cm4gKC0xKTsKKworCVJFQURfVE9LRU5fVV9JTlQz MihidWYsIGxlbiwgdG9rLT50dC5zdWJqNjRfZXguc2lkLCB0b2stPmxlbiwgZXJyKTsKKwlpZiAo ZXJyKQorCQlyZXR1cm4gKC0xKTsKKworCVJFQURfVE9LRU5fVV9JTlQ2NChidWYsIGxlbiwgdG9r LT50dC5zdWJqNjRfZXgudGlkLnBvcnQsIHRvay0+bGVuLAorCSAgICBlcnIpOworCWlmIChlcnIp CisJCXJldHVybiAoLTEpOworCisJUkVBRF9UT0tFTl9VX0lOVDMyKGJ1ZiwgbGVuLCB0b2stPnR0 LnN1Ymo2NF9leC50aWQudHlwZSwgdG9rLT5sZW4sCisJICAgIGVycik7CisJaWYgKGVycikKKwkJ cmV0dXJuICgtMSk7CisKKwlpZiAodG9rLT50dC5zdWJqNjRfZXgudGlkLnR5cGUgPT0gQVVfSVB2 NCkgeworCQlSRUFEX1RPS0VOX0JZVEVTKGJ1ZiwgbGVuLCAmdG9rLT50dC5zdWJqNjRfZXgudGlk LmFkZHJbMF0sCisJCSAgICBzaXplb2YodG9rLT50dC5zdWJqNjRfZXgudGlkLmFkZHJbMF0pLCB0 b2stPmxlbiwgZXJyKTsKKwkJaWYgKGVycikKKwkJCXJldHVybiAoLTEpOworCX0gZWxzZSBpZiAo dG9rLT50dC5zdWJqNjRfZXgudGlkLnR5cGUgPT0gQVVfSVB2NikgeworCQlSRUFEX1RPS0VOX0JZ VEVTKGJ1ZiwgbGVuLCB0b2stPnR0LnN1Ymo2NF9leC50aWQuYWRkciwKKwkJICAgIHNpemVvZih0 b2stPnR0LnN1Ymo2NF9leC50aWQuYWRkciksIHRvay0+bGVuLCBlcnIpOworCQlpZiAoZXJyKQor CQkJcmV0dXJuICgtMSk7CisJfSBlbHNlCisJCXJldHVybiAoLTEpOworCisJcmV0dXJuICgwKTsK K30KKworc3RhdGljIHZvaWQKK3ByaW50X3N1YmplY3Q2NGV4X3RvayhGSUxFICpmcCwgdG9rZW5z dHJfdCAqdG9rLCBjaGFyICpkZWwsIGNoYXIgcmF3LAorICAgIF9fdW51c2VkIGNoYXIgc2ZybSkK K3sKKworCXByaW50X3Rva190eXBlKGZwLCB0b2stPmlkLCAic3ViamVjdF9leCIsIHJhdyk7CisJ cHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJcHJpbnRfdXNlcihmcCwgdG9rLT50dC5zdWJqNjRfZXgu YXVpZCwgcmF3KTsKKwlwcmludF9kZWxpbShmcCwgZGVsKTsKKwlwcmludF91c2VyKGZwLCB0b2st PnR0LnN1Ymo2NF9leC5ldWlkLCByYXcpOworCXByaW50X2RlbGltKGZwLCBkZWwpOworCXByaW50 X2dyb3VwKGZwLCB0b2stPnR0LnN1Ymo2NF9leC5lZ2lkLCByYXcpOworCXByaW50X2RlbGltKGZw LCBkZWwpOworCXByaW50X3VzZXIoZnAsIHRvay0+dHQuc3ViajY0X2V4LnJ1aWQsIHJhdyk7CisJ cHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJcHJpbnRfZ3JvdXAoZnAsIHRvay0+dHQuc3ViajY0X2V4 LnJnaWQsIHJhdyk7CisJcHJpbnRfZGVsaW0oZnAsIGRlbCk7CisJcHJpbnRfNF9ieXRlcyhmcCwg dG9rLT50dC5zdWJqNjRfZXgucGlkLCAiJXUiKTsKKwlwcmludF9kZWxpbShmcCwgZGVsKTsKKwlw cmludF80X2J5dGVzKGZwLCB0b2stPnR0LnN1Ymo2NF9leC5zaWQsICIldSIpOworCXByaW50X2Rl bGltKGZwLCBkZWwpOworCXByaW50XzhfYnl0ZXMoZnAsIHRvay0+dHQuc3ViajY0X2V4LnRpZC5w b3J0LCAiJWxsdSIpOworCXByaW50X2RlbGltKGZwLCBkZWwpOworCXByaW50X2lwX2V4X2FkZHJl c3MoZnAsIHRvay0+dHQuc3ViajY0X2V4LnRpZC50eXBlLAorCSAgICB0b2stPnR0LnN1Ymo2NF9l eC50aWQuYWRkcik7Cit9CisKKy8qCiAgKiBzaXplICAgICAgICAgICAgICAgICAgICAgICAgIDIg Ynl0ZXMKICAqIGRhdGEgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZSBieXRlcwogICovCkBA IC0yNTY1LDYgKzI4NjMsMTIgQEAKIAljYXNlIEFVVF9QUk9DRVNTMzJfRVg6CiAJCXJldHVybiAo ZmV0Y2hfcHJvY2VzczMyZXhfdG9rKHRvaywgYnVmLCBsZW4pKTsKIAorCWNhc2UgQVVUX1BST0NF U1M2NDoKKwkJcmV0dXJuIChmZXRjaF9wcm9jZXNzNjRfdG9rKHRvaywgYnVmLCBsZW4pKTsKKwor CWNhc2UgQVVUX1BST0NFU1M2NF9FWDoKKwkJcmV0dXJuIChmZXRjaF9wcm9jZXNzNjRleF90b2so dG9rLCBidWYsIGxlbikpOworCiAJY2FzZSBBVVRfUkVUVVJOMzI6CiAJCXJldHVybiAoZmV0Y2hf cmV0dXJuMzJfdG9rKHRvaywgYnVmLCBsZW4pKTsKIApAQCAtMjU4NiwxMSArMjg5MCwxNCBAQAog CWNhc2UgQVVUX1NVQkpFQ1QzMjoKIAkJcmV0dXJuIChmZXRjaF9zdWJqZWN0MzJfdG9rKHRvaywg YnVmLCBsZW4pKTsKIAorCWNhc2UgQVVUX1NVQkpFQ1QzMl9FWDoKKwkJcmV0dXJuIChmZXRjaF9z dWJqZWN0MzJleF90b2sodG9rLCBidWYsIGxlbikpOworCiAJY2FzZSBBVVRfU1VCSkVDVDY0Ogog CQlyZXR1cm4gKGZldGNoX3N1YmplY3Q2NF90b2sodG9rLCBidWYsIGxlbikpOwogCi0JY2FzZSBB VVRfU1VCSkVDVDMyX0VYOgotCQlyZXR1cm4gKGZldGNoX3N1YmplY3QzMmV4X3Rvayh0b2ssIGJ1 ZiwgbGVuKSk7CisJY2FzZSBBVVRfU1VCSkVDVDY0X0VYOgorCQlyZXR1cm4gKGZldGNoX3N1Ympl Y3Q2NGV4X3Rvayh0b2ssIGJ1ZiwgbGVuKSk7CiAKIAljYXNlIEFVVF9URVhUOgogCQlyZXR1cm4g KGZldGNoX3RleHRfdG9rKHRvaywgYnVmLCBsZW4pKTsKQEAgLTI3MTQsNiArMzAyMSwxNCBAQAog CQlwcmludF9wcm9jZXNzMzJleF90b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0pOwogCQly ZXR1cm47CiAKKwljYXNlIEFVVF9QUk9DRVNTNjQ6CisJCXByaW50X3Byb2Nlc3M2NF90b2sob3V0 ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0pOworCQlyZXR1cm47CisKKwljYXNlIEFVVF9QUk9DRVNT NjRfRVg6CisJCXByaW50X3Byb2Nlc3M2NGV4X3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2Zy bSk7CisJCXJldHVybjsKKwogCWNhc2UgQVVUX1JFVFVSTjMyOgogCQlwcmludF9yZXR1cm4zMl90 b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNmcm0pOwogCQlyZXR1cm47CkBAIC0yNzQyLDEyICsz MDU3LDE2IEBACiAJCXByaW50X3N1YmplY3QzMl90b2sob3V0ZnAsIHRvaywgZGVsLCByYXcsIHNm cm0pOwogCQlyZXR1cm47CiAKKwljYXNlIEFVVF9TVUJKRUNUMzJfRVg6CisJCXByaW50X3N1Ympl Y3QzMmV4X3RvayhvdXRmcCwgdG9rLCBkZWwsIHJhdywgc2ZybSk7CisJCXJldHVybjsKKwogCWNh c2UgQVVUX1NVQkpFQ1Q2NDoKIAkJcHJpbnRfc3ViamVjdDY0X3RvayhvdXRmcCwgdG9rLCBkZWws IHJhdywgc2ZybSk7CiAJCXJldHVybjsKIAotCWNhc2UgQVVUX1NVQkpFQ1QzMl9FWDoKLQkJcHJp bnRfc3ViamVjdDMyZXhfdG9rKG91dGZwLCB0b2ssIGRlbCwgcmF3LCBzZnJtKTsKKwljYXNlIEFV VF9TVUJKRUNUNjRfRVg6CisJCXByaW50X3N1YmplY3Q2NGV4X3RvayhvdXRmcCwgdG9rLCBkZWws IHJhdywgc2ZybSk7CiAJCXJldHVybjsKIAogCWNhc2UgQVVUX1RFWFQ6CmRpZmYgLXUgLXIgb3Bl bmJzbS9saWJic20vYnNtX3Rva2VuLmMgb3BlbmJzbS1kZ2lhZ2lvL2xpYmJzbS9ic21fdG9rZW4u YwotLS0gb3BlbmJzbS9saWJic20vYnNtX3Rva2VuLmMJMjAwNi0wOS0yNCAxNzoyMDoxMS4wMDAw MDAwMDAgLTAzMDAKKysrIG9wZW5ic20tZGdpYWdpby9saWJic20vYnNtX3Rva2VuLmMJMjAwNi0x MS0xMiAxOTozMToyMS4wMDAwMDAwMDAgLTAyMDAKQEAgLTIxMiw5ICsyMTIsNDYgQEAKIHRva2Vu X3QgKgogYXVfdG9fYXR0cjY0KHN0cnVjdCB2bm9kZV9hdV9pbmZvICp2bmkpCiB7CisJdG9rZW5f dCAqdDsKKwl1X2NoYXIgKmRwdHIgPSBOVUxMOworCXVfaW50MTZfdCBwYWQwXzE2ID0gMDsKKwl1 X2ludDE2X3QgcGFkMF8zMiA9IDA7CisKKwlHRVRfVE9LRU5fQVJFQSh0LCBkcHRyLCBzaXplb2Yo dV9jaGFyKSArIDIgKiBzaXplb2YodV9pbnQxNl90KSArCisJICAgIDMgKiBzaXplb2YodV9pbnQz Ml90KSArIHNpemVvZih1X2ludDY0X3QpICogMik7CisJaWYgKHQgPT0gTlVMTCkKKwkJcmV0dXJu IChOVUxMKTsKKworCUFERF9VX0NIQVIoZHB0ciwgQVVUX0FUVFI2NCk7CisKKwkvKgorCSAqIERh cndpbiBkZWZpbmVzIHRoZSBzaXplIGZvciB0aGUgZmlsZSBtb2RlCisJICogYXMgMiBieXRlczsg QlNNIGRlZmluZXMgNCBzbyBwYWQgd2l0aCAwCisJICovCisJQUREX1VfSU5UMTYoZHB0ciwgcGFk MF8xNik7CisJQUREX1VfSU5UMTYoZHB0ciwgdm5pLT52bl9tb2RlKTsKKworCUFERF9VX0lOVDMy KGRwdHIsIHZuaS0+dm5fdWlkKTsKKwlBRERfVV9JTlQzMihkcHRyLCB2bmktPnZuX2dpZCk7CisJ QUREX1VfSU5UMzIoZHB0ciwgdm5pLT52bl9mc2lkKTsKKworCS8qCisJICogU29tZSBzeXN0ZW1z IHVzZSAzMi1iaXQgZmlsZSBJRCdzLCBvdGhlcidzIHVzZSA2NC1iaXQgZmlsZSBJRHMuCisJICog QXR0ZW1wdCB0byBoYW5kbGUgYm90aCwgYW5kIGxldCB0aGUgY29tcGlsZXIgc29ydCBpdCBvdXQu ICBJZiB3ZQorCSAqIGNvdWxkIHBpY2sgdGhpcyBvdXQgYXQgY29tcGlsZS10aW1lLCBpdCB3b3Vs ZCBiZSBiZXR0ZXIsIHNvIGFzIHRvCisJICogYXZvaWQgdGhlIGVsc2UgY2FzZSBiZWxvdy4KKwkg Ki8KKwlpZiAoc2l6ZW9mKHZuaS0+dm5fZmlsZWlkKSA9PSBzaXplb2YodWludDMyX3QpKSB7CisJ CUFERF9VX0lOVDMyKGRwdHIsIHBhZDBfMzIpOworCQlBRERfVV9JTlQzMihkcHRyLCB2bmktPnZu X2ZpbGVpZCk7CisJfSBlbHNlIGlmIChzaXplb2Yodm5pLT52bl9maWxlaWQpID09IHNpemVvZih1 aW50NjRfdCkpCisJCUFERF9VX0lOVDY0KGRwdHIsIHZuaS0+dm5fZmlsZWlkKTsKKwllbHNlCisJ CUFERF9VX0lOVDY0KGRwdHIsIDBMTCk7CiAKLQllcnJubyA9IEVOT1RTVVA7Ci0JcmV0dXJuIChO VUxMKTsKKwlBRERfVV9JTlQ2NChkcHRyLCB2bmktPnZuX2Rldik7CisKKwlyZXR1cm4gKHQpOwog fQogCiB0b2tlbl90ICoKQEAgLTY1NCw5ICs2OTEsMjYgQEAKICAgICBfX3VudXNlZCBnaWRfdCBl Z2lkLCBfX3VudXNlZCB1aWRfdCBydWlkLCBfX3VudXNlZCBnaWRfdCByZ2lkLAogICAgIF9fdW51 c2VkIHBpZF90IHBpZCwgX191bnVzZWQgYXVfYXNpZF90IHNpZCwgX191bnVzZWQgYXVfdGlkX3Qg KnRpZCkKIHsKKwl0b2tlbl90ICp0OworCXVfY2hhciAqZHB0ciA9IE5VTEw7CisKKwlHRVRfVE9L RU5fQVJFQSh0LCBkcHRyLCBzaXplb2YodV9jaGFyKSArIDggKiBzaXplb2YodV9pbnQzMl90KSAr CisJICAgIHNpemVvZih1X2ludDY0X3QpKTsKKwlpZiAodCA9PSBOVUxMKQorCQlyZXR1cm4gKE5V TEwpOworCisJQUREX1VfQ0hBUihkcHRyLCBBVVRfUFJPQ0VTUzY0KTsKKwlBRERfVV9JTlQzMihk cHRyLCBhdWlkKTsKKwlBRERfVV9JTlQzMihkcHRyLCBldWlkKTsKKwlBRERfVV9JTlQzMihkcHRy LCBlZ2lkKTsKKwlBRERfVV9JTlQzMihkcHRyLCBydWlkKTsKKwlBRERfVV9JTlQzMihkcHRyLCBy Z2lkKTsKKwlBRERfVV9JTlQzMihkcHRyLCBwaWQpOworCUFERF9VX0lOVDMyKGRwdHIsIHNpZCk7 CisJQUREX1VfSU5UNjQoZHB0ciwgdGlkLT5wb3J0KTsKKwlBRERfTUVNKGRwdHIsICZ0aWQtPm1h Y2hpbmUsIHNpemVvZih1X2ludDMyX3QpKTsKIAotCWVycm5vID0gRU5PVFNVUDsKLQlyZXR1cm4g KE5VTEwpOworCXJldHVybiAodCk7CiB9CiAKIHRva2VuX3QgKgpAQCAtNzI3LDkgKzc4MSw0MiBA QAogYXVfdG9fcHJvY2VzczY0X2V4KGF1X2lkX3QgYXVpZCwgdWlkX3QgZXVpZCwgZ2lkX3QgZWdp ZCwgdWlkX3QgcnVpZCwKICAgICBnaWRfdCByZ2lkLCBwaWRfdCBwaWQsIGF1X2FzaWRfdCBzaWQs IGF1X3RpZF9hZGRyX3QgKnRpZCkKIHsKKwl0b2tlbl90ICp0OworCXVfY2hhciAqZHB0ciA9IE5V TEw7CisKKwlpZiAodGlkLT5hdF90eXBlID09IEFVX0lQdjQpCisJCUdFVF9UT0tFTl9BUkVBKHQs IGRwdHIsIHNpemVvZih1X2NoYXIpICsgCisJCSAgICA3ICogc2l6ZW9mKHVfaW50MzJfdCkgKyBz aXplb2YodV9pbnQ2NF90KSArCisJCSAgICAyICogc2l6ZW9mKHVfaW50MzJfdCkpOworCWVsc2Ug aWYgKHRpZC0+YXRfdHlwZSA9PSBBVV9JUHY2KQorCQlHRVRfVE9LRU5fQVJFQSh0LCBkcHRyLCBz aXplb2YodV9jaGFyKSArCisJCSAgICA3ICogc2l6ZW9mKHVfaW50MzJfdCkgKyBzaXplb2YodV9p bnQ2NF90KSArCisJCSAgICA1ICogc2l6ZW9mKHVfaW50MzJfdCkpOworCWVsc2UgeworCQllcnJu byA9IEVJTlZBTDsKKwkJcmV0dXJuIChOVUxMKTsKKwl9CisJaWYgKHQgPT0gTlVMTCkKKwkJcmV0 dXJuIChOVUxMKTsKKworCUFERF9VX0NIQVIoZHB0ciwgQVVUX1BST0NFU1M2NF9FWCk7CisJQURE X1VfSU5UMzIoZHB0ciwgYXVpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgZXVpZCk7CisJQUREX1Vf SU5UMzIoZHB0ciwgZWdpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcnVpZCk7CisJQUREX1VfSU5U MzIoZHB0ciwgcmdpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcGlkKTsKKwlBRERfVV9JTlQzMihk cHRyLCBzaWQpOworCUFERF9VX0lOVDY0KGRwdHIsIHRpZC0+YXRfcG9ydCk7CisJQUREX1VfSU5U MzIoZHB0ciwgdGlkLT5hdF90eXBlKTsKKwlBRERfVV9JTlQzMihkcHRyLCB0aWQtPmF0X2FkZHJb MF0pOworCWlmICh0aWQtPmF0X3R5cGUgPT0gQVVfSVB2NikgeworCQlBRERfVV9JTlQzMihkcHRy LCB0aWQtPmF0X2FkZHJbMV0pOworCQlBRERfVV9JTlQzMihkcHRyLCB0aWQtPmF0X2FkZHJbMl0p OworCQlBRERfVV9JTlQzMihkcHRyLCB0aWQtPmF0X2FkZHJbM10pOworCX0KIAotCWVycm5vID0g RU5PVFNVUDsKLQlyZXR1cm4gKE5VTEwpOworCXJldHVybiAodCk7CiB9CiAKIHRva2VuX3QgKgpA QCAtOTQ0LDkgKzEwMzEsMjYgQEAKIGF1X3RvX3N1YmplY3Q2NChhdV9pZF90IGF1aWQsIHVpZF90 IGV1aWQsIGdpZF90IGVnaWQsIHVpZF90IHJ1aWQsIGdpZF90IHJnaWQsCiAgICAgcGlkX3QgcGlk LCBhdV9hc2lkX3Qgc2lkLCBhdV90aWRfdCAqdGlkKQogeworCXRva2VuX3QgKnQ7CisJdV9jaGFy ICpkcHRyID0gTlVMTDsKKworCUdFVF9UT0tFTl9BUkVBKHQsIGRwdHIsIHNpemVvZih1X2NoYXIp ICsgNyAqIHNpemVvZih1X2ludDMyX3QpICsKKwkgICAgc2l6ZW9mKHVfaW50NjRfdCkgKyBzaXpl b2YodV9pbnQzMl90KSk7CisJaWYgKHQgPT0gTlVMTCkKKwkJcmV0dXJuIChOVUxMKTsKIAotCWVy cm5vID0gRU5PVFNVUDsKLQlyZXR1cm4gKE5VTEwpOworCUFERF9VX0NIQVIoZHB0ciwgQVVUX1NV QkpFQ1Q2NCk7CisJQUREX1VfSU5UMzIoZHB0ciwgYXVpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwg ZXVpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgZWdpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcnVp ZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcmdpZCk7CisJQUREX1VfSU5UMzIoZHB0ciwgcGlkKTsK KwlBRERfVV9JTlQzMihkcHRyLCBzaWQpOworCUFERF9VX0lOVDY0KGRwdHIsIHRpZC0+cG9ydCk7 CisJQUREX01FTShkcHRyLCAmdGlkLT5tYWNoaW5lLCBzaXplb2YodV9pbnQzMl90KSk7CisKKwly ZXR1cm4gKHQpOwogfQogCiB0b2tlbl90ICoKQEAgLTEwMTYsOSArMTEyMCw0MiBAQAogYXVfdG9f c3ViamVjdDY0X2V4KGF1X2lkX3QgYXVpZCwgdWlkX3QgZXVpZCwgZ2lkX3QgZWdpZCwgdWlkX3Qg cnVpZCwKICAgICBnaWRfdCByZ2lkLCBwaWRfdCBwaWQsIGF1X2FzaWRfdCBzaWQsIGF1X3RpZF9h ZGRyX3QgKnRpZCkKIHsKKwl0b2tlbl90ICp0OworCXVfY2hhciAqZHB0ciA9IE5VTEw7CisKKwlp ZiAodGlkLT5hdF90eXBlID09IEFVX0lQdjQpCisJCUdFVF9UT0tFTl9BUkVBKHQsIGRwdHIsIHNp emVvZih1X2NoYXIpICsKKwkJICAgIDcgKiBzaXplb2YodV9pbnQzMl90KSArIHNpemVvZih1X2lu dDY0X3QpICsKKwkJICAgIDIgKiBzaXplb2YodV9pbnQzMl90KSk7CisJZWxzZSBpZiAodGlkLT5h dF90eXBlID09IEFVX0lQdjYpCisJCUdFVF9UT0tFTl9BUkVBKHQsIGRwdHIsIHNpemVvZih1X2No YXIpICsKKwkJICAgIDcgKiBzaXplb2YodV9pbnQzMl90KSArIHNpemVvZih1X2ludDY0X3QpICsK KwkJICAgIDUgKiBzaXplb2YodV9pbnQzMl90KSk7CisJZWxzZSB7CisJCWVycm5vID0gRUlOVkFM OworCQlyZXR1cm4gKE5VTEwpOworCX0KKwlpZiAodCA9PSBOVUxMKQorCQlyZXR1cm4gKE5VTEwp OworCisJQUREX1VfQ0hBUihkcHRyLCBBVVRfU1VCSkVDVDY0X0VYKTsKKwlBRERfVV9JTlQzMihk cHRyLCBhdWlkKTsKKwlBRERfVV9JTlQzMihkcHRyLCBldWlkKTsKKwlBRERfVV9JTlQzMihkcHRy LCBlZ2lkKTsKKwlBRERfVV9JTlQzMihkcHRyLCBydWlkKTsKKwlBRERfVV9JTlQzMihkcHRyLCBy Z2lkKTsKKwlBRERfVV9JTlQzMihkcHRyLCBwaWQpOworCUFERF9VX0lOVDMyKGRwdHIsIHNpZCk7 CisJQUREX1VfSU5UNjQoZHB0ciwgdGlkLT5hdF9wb3J0KTsKKwlBRERfVV9JTlQzMihkcHRyLCB0 aWQtPmF0X3R5cGUpOworCUFERF9VX0lOVDMyKGRwdHIsIHRpZC0+YXRfYWRkclswXSk7CisJaWYg KHRpZC0+YXRfdHlwZSA9PSBBVV9JUHY2KSB7CisJCUFERF9VX0lOVDMyKGRwdHIsIHRpZC0+YXRf YWRkclsxXSk7CisJCUFERF9VX0lOVDMyKGRwdHIsIHRpZC0+YXRfYWRkclsyXSk7CisJCUFERF9V X0lOVDMyKGRwdHIsIHRpZC0+YXRfYWRkclszXSk7CisJfQogCi0JZXJybm8gPSBFTk9UU1VQOwot CXJldHVybiAoTlVMTCk7CisJcmV0dXJuICh0KTsKIH0KIAogdG9rZW5fdCAqCkBAIC0xMTY2LDYg KzEzMDMsMzMgQEAKIAlyZXR1cm4gKHQpOwogfQogCit0b2tlbl90ICoKK2F1X3RvX2hlYWRlcjY0 X3RtKGludCByZWNfc2l6ZSwgYXVfZXZlbnRfdCBlX3R5cGUsIGF1X2Vtb2RfdCBlX21vZCwKKyAg ICBzdHJ1Y3QgdGltZXZhbCB0bSkKK3sKKwl0b2tlbl90ICp0OworCXVfY2hhciAqZHB0ciA9IE5V TEw7CisJdV9pbnQzMl90IHRpbWVtczsKKworCUdFVF9UT0tFTl9BUkVBKHQsIGRwdHIsIHNpemVv Zih1X2NoYXIpICsgc2l6ZW9mKHVfaW50MzJfdCkgKworCSAgICBzaXplb2YodV9jaGFyKSArIDIg KiBzaXplb2YodV9pbnQxNl90KSArIDIgKiBzaXplb2YodV9pbnQ2NF90KSk7CisJaWYgKHQgPT0g TlVMTCkKKwkJcmV0dXJuIChOVUxMKTsKKworCUFERF9VX0NIQVIoZHB0ciwgQVVUX0hFQURFUjY0 KTsKKwlBRERfVV9JTlQzMihkcHRyLCByZWNfc2l6ZSk7CisJQUREX1VfQ0hBUihkcHRyLCBBVURJ VF9IRUFERVJfVkVSU0lPTl9PUEVOQlNNKTsKKwlBRERfVV9JTlQxNihkcHRyLCBlX3R5cGUpOwor CUFERF9VX0lOVDE2KGRwdHIsIGVfbW9kKTsKKworCXRpbWVtcyA9IHRtLnR2X3VzZWMvMTAwMDsK KwkvKiBBZGQgdGhlIHRpbWVzdGFtcCAqLworCUFERF9VX0lOVDY0KGRwdHIsIHRtLnR2X3NlYyk7 CisJQUREX1VfSU5UNjQoZHB0ciwgdGltZW1zKTsJLyogV2UgbmVlZCB0aW1lIGluIG1zLiAqLwor CisJcmV0dXJuICh0KTsKK30KKwogI2lmICFkZWZpbmVkKEtFUk5FTCkgJiYgIWRlZmluZWQoX0tF Uk5FTCkKIHRva2VuX3QgKgogYXVfdG9faGVhZGVyMzIoaW50IHJlY19zaXplLCBhdV9ldmVudF90 IGVfdHlwZSwgYXVfZW1vZF90IGVfbW9kKQpAQCAtMTE4MSw5ICsxMzQ1LDExIEBACiBhdV90b19o ZWFkZXI2NChfX3VudXNlZCBpbnQgcmVjX3NpemUsIF9fdW51c2VkIGF1X2V2ZW50X3QgZV90eXBl LAogICAgIF9fdW51c2VkIGF1X2Vtb2RfdCBlX21vZCkKIHsKKwlzdHJ1Y3QgdGltZXZhbCB0bTsK IAotCWVycm5vID0gRU5PVFNVUDsKLQlyZXR1cm4gKE5VTEwpOworCWlmIChnZXR0aW1lb2ZkYXko JnRtLCBOVUxMKSA9PSAtMSkKKwkJcmV0dXJuIChOVUxMKTsKKwlyZXR1cm4gKGF1X3RvX2hlYWRl cjY0X3RtKHJlY19zaXplLCBlX3R5cGUsIGVfbW9kLCB0bSkpOwogfQogCiB0b2tlbl90ICoK ------=_Part_18902_5933769.1163550070888-- From owner-trustedbsd-audit@FreeBSD.ORG Wed Nov 15 10:33:51 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2ABD216A415 for ; Wed, 15 Nov 2006 10:33:51 +0000 (UTC) (envelope-from martin_voros@yahoo.com) Received: from web55503.mail.re4.yahoo.com (web55503.mail.re4.yahoo.com [206.190.58.212]) by mx1.FreeBSD.org (Postfix) with SMTP id C436143D5E for ; Wed, 15 Nov 2006 10:33:45 +0000 (GMT) (envelope-from martin_voros@yahoo.com) Received: (qmail 36636 invoked by uid 60001); 15 Nov 2006 10:33:45 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=WRRi+ri0xws8UYioNocc4ovCndTyOy5Ami1eLgf0R/Xxqwl4EcCks/IHqTD7XjHJuat8hpwzbAM3icmg8WgXGXDhP1SrJpHa4eka+JplQm6SegRRFM1vfJzqS/PbfaNlxrEYbErXUggny+mig102NzGQs2MHV/f1xxwLmmLpkhc=; X-YMail-OSG: wD8QGUwVM1n9zbWHmacQk9vFR5JfXYbIyjiBKKZsNPpkeOrOY74O.FYND4hvTPhqw31UQqJfRfFAR2fo4zT1MvAxDdInMGuwEC5EouCM64iiy2cKspIyPg-- Received: from [193.136.122.17] by web55503.mail.re4.yahoo.com via HTTP; Wed, 15 Nov 2006 02:33:44 PST Date: Wed, 15 Nov 2006 02:33:44 -0800 (PST) From: Martin Voros To: trustedbsd-audit@FreeBSD.org In-Reply-To: <1b0798830611141621s49b30399l68a2241be3e91dc3@mail.gmail.com> MIME-Version: 1.0 Message-ID: <33453.36565.qm@web55503.mail.re4.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2006 10:33:51 -0000 Diego Giagio wrote: On 11/13/06, Diego Giagio wrote: > On 11/13/06, Martin Voros wrote: > > Hi, > > > > I think that you should also define output functions (bsm_io.c) in your patch, because now it's not possible to display new tokens by praudit. > > > > Thanks for pointing that out. I'll add those functions and re-submit the patch. > The new patch is attached. All needed output functions were implemented. DG Hi, I'm so sorry but I forgot to tell you that you have to get fresh sources, beacause in alpha12 there is not xml output support. You can easily get fresh sources by cvsup. More here http://www.trustedbsd.org/components.html MV --------------------------------- Sponsored Link $420,000 Mortgage for $1,399/month - Think You Pay Too Much For Your Mortgage? Find Out! From owner-trustedbsd-audit@FreeBSD.ORG Wed Nov 15 21:42:12 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9825816A512 for ; Wed, 15 Nov 2006 21:42:12 +0000 (UTC) (envelope-from dgiagio@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08B8343D68 for ; Wed, 15 Nov 2006 21:42:11 +0000 (GMT) (envelope-from dgiagio@gmail.com) Received: by nz-out-0102.google.com with SMTP id i11so147289nzh for ; Wed, 15 Nov 2006 13:42:11 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type; b=oyTTzTsFz4owF4QM3pt5hhTj4u1mwcD6antf+vryKar504i0Lo5dGxDuIyVOmEp4uZ9s4tUpug9U5j60zF3UFtsK6qcKd+taeevzuko616ne3NA+yppDjwrBiK7vB+vAn75SMP2J+2xlvNzorvni3gUYfBM6CO7N/kaJ6fSFTAs= Received: by 10.65.84.5 with SMTP id m5mr4122828qbl.1163626931021; Wed, 15 Nov 2006 13:42:11 -0800 (PST) Received: from ?192.168.0.100? ( [201.37.35.25]) by mx.google.com with ESMTP id p4sm1815844qba.2006.11.15.13.42.06; Wed, 15 Nov 2006 13:42:09 -0800 (PST) Message-ID: <455B89A5.1070607@gmail.com> Date: Wed, 15 Nov 2006 19:41:57 -0200 From: Diego Giagio User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Martin Voros References: <33453.36565.qm@web55503.mail.re4.yahoo.com> In-Reply-To: <33453.36565.qm@web55503.mail.re4.yahoo.com> Content-Type: multipart/mixed; boundary="------------010907030009030504070804" Cc: trustedbsd-audit@FreeBSD.org Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2006 21:42:12 -0000 This is a multi-part message in MIME format. --------------010907030009030504070804 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Martin Voros wrote: > Hi, > > I'm so sorry but I forgot to tell you that you have to get fresh sources, beacause in alpha12 there is not xml output support. You can easily get fresh sources by cvsup. More here http://www.trustedbsd.org/components.html > No problem. Attached is a patch with XML printing support that applies cleanly to HEAD as of today. DG --------------010907030009030504070804 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="tokens64_3.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="tokens64_3.patch" diff -u -r openbsm/bsm/audit_record.h openbsm-dgiagio/bsm/audit_record.h --- openbsm/bsm/audit_record.h 2006-08-23 03:15:34.000000000 -0300 +++ openbsm-dgiagio/bsm/audit_record.h 2006-11-15 14:22:53.000000000 -0200 @@ -246,6 +246,8 @@ token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm); +token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm); #if !defined(KERNEL) && !defined(_KERNEL) token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); diff -u -r openbsm/bsm/libbsm.h openbsm-dgiagio/bsm/libbsm.h --- openbsm/bsm/libbsm.h 2006-11-05 21:32:00.000000000 -0200 +++ openbsm-dgiagio/bsm/libbsm.h 2006-11-15 14:22:53.000000000 -0200 @@ -164,6 +164,12 @@ u_int32_t addr[4]; } au_tidaddr32_t; +typedef struct au_tidaddr64 { + u_int64_t port; + u_int32_t type; + u_int32_t addr[4]; +} au_tidaddr64_t; + /* * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) @@ -483,6 +489,17 @@ au_tidaddr32_t tid; } au_proc32ex_t; +typedef struct { + u_int32_t auid; + u_int32_t euid; + u_int32_t egid; + u_int32_t ruid; + u_int32_t rgid; + u_int32_t pid; + u_int32_t sid; + au_tidaddr64_t tid; +} au_proc64ex_t; + /* * error status 1 byte * return value 4 bytes/8 bytes (32-bit/64-bit value) @@ -616,6 +633,17 @@ au_tidaddr32_t tid; } au_subject32ex_t; +typedef struct { + u_int32_t auid; + u_int32_t euid; + u_int32_t egid; + u_int32_t ruid; + u_int32_t rgid; + u_int32_t pid; + u_int32_t sid; + au_tidaddr64_t tid; +} au_subject64ex_t; + /* * text length 2 bytes * text N bytes + 1 terminating NULL byte @@ -675,8 +703,9 @@ au_opaque_t opaque; au_path_t path; au_proc32_t proc32; - au_proc64_t proc64; au_proc32ex_t proc32_ex; + au_proc64_t proc64; + au_proc64ex_t proc64_ex; au_ret32_t ret32; au_ret64_t ret64; au_seq_t seq; @@ -685,8 +714,9 @@ au_socketinet32_t sockinet32; au_socketunix_t sockunix; au_subject32_t subj32; - au_subject64_t subj64; au_subject32ex_t subj32_ex; + au_subject64_t subj64; + au_subject64ex_t subj64_ex; au_text_t text; au_kevent_t kevent; au_invalid_t invalid; diff -u -r openbsm/libbsm/bsm_io.c openbsm-dgiagio/libbsm/bsm_io.c --- openbsm/libbsm/bsm_io.c 2006-11-05 21:32:01.000000000 -0200 +++ openbsm-dgiagio/libbsm/bsm_io.c 2006-11-15 15:25:11.000000000 -0200 @@ -333,6 +333,14 @@ fprintf(fp, "/>"); break; + case AUT_PROCESS64: + fprintf(fp, "/>"); + break; + + case AUT_PROCESS64_EX: + fprintf(fp, "/>"); + break; + case AUT_RETURN32: fprintf(fp, "/>"); break; @@ -369,6 +377,10 @@ fprintf(fp, "/>"); break; + case AUT_SUBJECT64_EX: + fprintf(fp, "/>"); + break; + case AUT_TEXT: fprintf(fp, ""); break; @@ -488,6 +500,14 @@ fprintf(fp, ""); break; @@ -2530,6 +2554,132 @@ } } +/* + * token ID 1 byte + * audit ID 4 bytes + * euid 4 bytes + * egid 4 bytes + * ruid 4 bytes + * rgid 4 bytes + * pid 4 bytes + * sessid 4 bytes + * terminal ID + * portid 8 bytes + * machine id 4 bytes + */ +static int +fetch_process64_tok(tokenstr_t *tok, char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.auid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.euid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.egid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.ruid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.rgid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.pid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.sid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT64(buf, len, tok->tt.proc64.tid.port, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_BYTES(buf, len, &tok->tt.proc64.tid.addr, + sizeof(tok->tt.proc64.tid.addr), tok->len, err); + if (err) + return (-1); + + return (0); +} + +static void +print_process64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + print_tok_type(fp, tok->id, "process", raw, xml); + if (xml) { + open_attr(fp, "audit-uid"); + print_user(fp, tok->tt.proc64.auid, raw); + close_attr(fp); + open_attr(fp, "uid"); + print_user(fp, tok->tt.proc64.euid, raw); + close_attr(fp); + open_attr(fp, "gid"); + print_group(fp, tok->tt.proc64.egid, raw); + close_attr(fp); + open_attr(fp, "ruid"); + print_user(fp, tok->tt.proc64.ruid, raw); + close_attr(fp); + open_attr(fp, "rgid"); + print_group(fp, tok->tt.proc64.rgid, raw); + close_attr(fp); + open_attr(fp, "pid"); + print_4_bytes(fp, tok->tt.proc64.pid, "%u"); + close_attr(fp); + open_attr(fp, "sid"); + print_4_bytes(fp, tok->tt.proc64.sid, "%u"); + close_attr(fp); + open_attr(fp, "tid"); + print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu"); + print_ip_address(fp, tok->tt.proc64.tid.addr); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_user(fp, tok->tt.proc64.auid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.proc64.euid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.proc64.egid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.proc64.ruid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.proc64.rgid, raw); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.proc64.pid, "%u"); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.proc64.sid, "%u"); + print_delim(fp, del); + print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu"); + print_delim(fp, del); + print_ip_address(fp, tok->tt.proc64.tid.addr); + } +} + +/* + * token ID 1 byte + * audit ID 4 bytes + * effective user ID 4 bytes + * effective group ID 4 bytes + * real user ID 4 bytes + * real group ID 4 bytes + * process ID 4 bytes + * session ID 4 bytes + * terminal ID + * port ID 4 bytes + * address type-len 4 bytes + * machine address 16 bytes + */ static int fetch_process32ex_tok(tokenstr_t *tok, char *buf, int len) { @@ -2646,6 +2796,135 @@ } } +/* + * token ID 1 byte + * audit ID 4 bytes + * effective user ID 4 bytes + * effective group ID 4 bytes + * real user ID 4 bytes + * real group ID 4 bytes + * process ID 4 bytes + * session ID 4 bytes + * terminal ID + * port ID 8 bytes + * address type-len 4 bytes + * machine address 16 bytes + */ +static int +fetch_process64ex_tok(tokenstr_t *tok, char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.auid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.euid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.egid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.ruid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.rgid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.pid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.sid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT64(buf, len, tok->tt.proc64_ex.tid.port, tok->len, + err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.tid.type, tok->len, + err); + if (err) + return (-1); + + if (tok->tt.proc64_ex.tid.type == AU_IPv4) { + READ_TOKEN_BYTES(buf, len, &tok->tt.proc64_ex.tid.addr[0], + sizeof(tok->tt.proc64_ex.tid.addr[0]), tok->len, err); + if (err) + return (-1); + } else if (tok->tt.proc64_ex.tid.type == AU_IPv6) { + READ_TOKEN_BYTES(buf, len, tok->tt.proc64_ex.tid.addr, + sizeof(tok->tt.proc64_ex.tid.addr), tok->len, err); + if (err) + return (-1); + } else + return (-1); + + return (0); +} + +static void +print_process64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + print_tok_type(fp, tok->id, "process_ex", raw, xml); + if (xml) { + open_attr(fp, "audit-uid"); + print_user(fp, tok->tt.proc64_ex.auid, raw); + close_attr(fp); + open_attr(fp, "uid"); + print_user(fp, tok->tt.proc64_ex.euid, raw); + close_attr(fp); + open_attr(fp, "gid"); + print_group(fp, tok->tt.proc64_ex.egid, raw); + close_attr(fp); + open_attr(fp, "ruid"); + print_user(fp, tok->tt.proc64_ex.ruid, raw); + close_attr(fp); + open_attr(fp, "rgid"); + print_group(fp, tok->tt.proc64_ex.rgid, raw); + close_attr(fp); + open_attr(fp, "pid"); + print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u"); + close_attr(fp); + open_attr(fp, "sid"); + print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u"); + close_attr(fp); + open_attr(fp, "tid"); + print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu"); + print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type, + tok->tt.proc64_ex.tid.addr); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_user(fp, tok->tt.proc64_ex.auid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.proc64_ex.euid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.proc64_ex.egid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.proc64_ex.ruid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.proc64_ex.rgid, raw); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u"); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u"); + print_delim(fp, del); + print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu"); + print_delim(fp, del); + print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type, + tok->tt.proc64_ex.tid.addr); + } +} + /* * errno 1 byte * return value 4 bytes @@ -3290,6 +3569,134 @@ } /* + * audit ID 4 bytes + * euid 4 bytes + * egid 4 bytes + * ruid 4 bytes + * rgid 4 bytes + * pid 4 bytes + * sessid 4 bytes + * terminal ID + * portid 8 bytes + * type 4 bytes + * machine id 16 bytes + */ +static int +fetch_subject64ex_tok(tokenstr_t *tok, char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.auid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.euid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.egid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.ruid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.rgid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.pid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.sid, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT64(buf, len, tok->tt.subj64_ex.tid.port, tok->len, + err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.tid.type, tok->len, + err); + if (err) + return (-1); + + if (tok->tt.subj64_ex.tid.type == AU_IPv4) { + READ_TOKEN_BYTES(buf, len, &tok->tt.subj64_ex.tid.addr[0], + sizeof(tok->tt.subj64_ex.tid.addr[0]), tok->len, err); + if (err) + return (-1); + } else if (tok->tt.subj64_ex.tid.type == AU_IPv6) { + READ_TOKEN_BYTES(buf, len, tok->tt.subj64_ex.tid.addr, + sizeof(tok->tt.subj64_ex.tid.addr), tok->len, err); + if (err) + return (-1); + } else + return (-1); + + return (0); +} + +static void +print_subject64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + print_tok_type(fp, tok->id, "subject_ex", raw, xml); + if (xml) { + open_attr(fp, "audit-uid"); + print_user(fp, tok->tt.subj64_ex.auid, raw); + close_attr(fp); + open_attr(fp, "uid"); + print_user(fp, tok->tt.subj64_ex.euid, raw); + close_attr(fp); + open_attr(fp, "gid"); + print_group(fp, tok->tt.subj64_ex.egid, raw); + close_attr(fp); + open_attr(fp, "ruid"); + print_user(fp, tok->tt.subj64_ex.ruid, raw); + close_attr(fp); + open_attr(fp, "rgid"); + print_group(fp, tok->tt.subj64_ex.rgid, raw); + close_attr(fp); + open_attr(fp, "pid"); + print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); + close_attr(fp); + open_attr(fp, "sid"); + print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u"); + close_attr(fp); + open_attr(fp, "tid"); + print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu"); + print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type, + tok->tt.subj64_ex.tid.addr); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_user(fp, tok->tt.subj64_ex.auid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.subj64_ex.euid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.subj64_ex.egid, raw); + print_delim(fp, del); + print_user(fp, tok->tt.subj64_ex.ruid, raw); + print_delim(fp, del); + print_group(fp, tok->tt.subj64_ex.rgid, raw); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u"); + print_delim(fp, del); + print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu"); + print_delim(fp, del); + print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type, + tok->tt.subj64_ex.tid.addr); + } +} + +/* * size 2 bytes * data size bytes */ @@ -3533,6 +3940,12 @@ case AUT_PROCESS32_EX: return (fetch_process32ex_tok(tok, buf, len)); + case AUT_PROCESS64: + return (fetch_process64_tok(tok, buf, len)); + + case AUT_PROCESS64_EX: + return (fetch_process64ex_tok(tok, buf, len)); + case AUT_RETURN32: return (fetch_return32_tok(tok, buf, len)); @@ -3554,11 +3967,14 @@ case AUT_SUBJECT32: return (fetch_subject32_tok(tok, buf, len)); + case AUT_SUBJECT32_EX: + return (fetch_subject32ex_tok(tok, buf, len)); + case AUT_SUBJECT64: return (fetch_subject64_tok(tok, buf, len)); - case AUT_SUBJECT32_EX: - return (fetch_subject32ex_tok(tok, buf, len)); + case AUT_SUBJECT64_EX: + return (fetch_subject64ex_tok(tok, buf, len)); case AUT_TEXT: return (fetch_text_tok(tok, buf, len)); @@ -3682,6 +4098,14 @@ print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; + case AUT_PROCESS64: + print_process64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + + case AUT_PROCESS64_EX: + print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + case AUT_RETURN32: print_return32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; @@ -3718,6 +4142,10 @@ print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; + case AUT_SUBJECT64_EX: + print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + case AUT_TEXT: print_text_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; @@ -3840,6 +4268,14 @@ print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_XML); return; + case AUT_PROCESS64: + print_process64_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + + case AUT_PROCESS64_EX: + print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + case AUT_RETURN32: print_return32_tok(outfp, tok, del, raw, sfrm, AU_XML); return; @@ -3876,6 +4312,10 @@ print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_XML); return; + case AUT_SUBJECT64_EX: + print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + case AUT_TEXT: print_text_tok(outfp, tok, del, raw, sfrm, AU_XML); return; diff -u -r openbsm/libbsm/bsm_token.c openbsm-dgiagio/libbsm/bsm_token.c --- openbsm/libbsm/bsm_token.c 2006-09-20 12:08:21.000000000 -0300 +++ openbsm-dgiagio/libbsm/bsm_token.c 2006-11-15 14:22:53.000000000 -0200 @@ -212,9 +212,46 @@ token_t * au_to_attr64(struct vnode_au_info *vni) { + token_t *t; + u_char *dptr = NULL; + u_int16_t pad0_16 = 0; + u_int16_t pad0_32 = 0; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + + 3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2); + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_ATTR64); + + /* + * Darwin defines the size for the file mode + * as 2 bytes; BSM defines 4 so pad with 0 + */ + ADD_U_INT16(dptr, pad0_16); + ADD_U_INT16(dptr, vni->vn_mode); + + ADD_U_INT32(dptr, vni->vn_uid); + ADD_U_INT32(dptr, vni->vn_gid); + ADD_U_INT32(dptr, vni->vn_fsid); + + /* + * Some systems use 32-bit file ID's, other's use 64-bit file IDs. + * Attempt to handle both, and let the compiler sort it out. If we + * could pick this out at compile-time, it would be better, so as to + * avoid the else case below. + */ + if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { + ADD_U_INT32(dptr, pad0_32); + ADD_U_INT32(dptr, vni->vn_fileid); + } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) + ADD_U_INT64(dptr, vni->vn_fileid); + else + ADD_U_INT64(dptr, 0LL); - errno = ENOTSUP; - return (NULL); + ADD_U_INT64(dptr, vni->vn_dev); + + return (t); } token_t * @@ -654,9 +691,26 @@ __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid, __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid) { + token_t *t; + u_char *dptr = NULL; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) + + sizeof(u_int64_t)); + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_PROCESS64); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->port); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); - errno = ENOTSUP; - return (NULL); + return (t); } token_t * @@ -727,9 +781,42 @@ au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { + token_t *t; + u_char *dptr = NULL; + + if (tid->at_type == AU_IPv4) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + + 2 * sizeof(u_int32_t)); + else if (tid->at_type == AU_IPv6) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + + 5 * sizeof(u_int32_t)); + else { + errno = EINVAL; + return (NULL); + } + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_PROCESS64_EX); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->at_port); + ADD_U_INT32(dptr, tid->at_type); + ADD_U_INT32(dptr, tid->at_addr[0]); + if (tid->at_type == AU_IPv6) { + ADD_U_INT32(dptr, tid->at_addr[1]); + ADD_U_INT32(dptr, tid->at_addr[2]); + ADD_U_INT32(dptr, tid->at_addr[3]); + } - errno = ENOTSUP; - return (NULL); + return (t); } token_t * @@ -944,9 +1031,26 @@ au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { + token_t *t; + u_char *dptr = NULL; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + + sizeof(u_int64_t) + sizeof(u_int32_t)); + if (t == NULL) + return (NULL); - errno = ENOTSUP; - return (NULL); + ADD_U_CHAR(dptr, AUT_SUBJECT64); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->port); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); + + return (t); } token_t * @@ -1016,9 +1120,42 @@ au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { + token_t *t; + u_char *dptr = NULL; + + if (tid->at_type == AU_IPv4) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + + 2 * sizeof(u_int32_t)); + else if (tid->at_type == AU_IPv6) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + + 5 * sizeof(u_int32_t)); + else { + errno = EINVAL; + return (NULL); + } + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_SUBJECT64_EX); + ADD_U_INT32(dptr, auid); + ADD_U_INT32(dptr, euid); + ADD_U_INT32(dptr, egid); + ADD_U_INT32(dptr, ruid); + ADD_U_INT32(dptr, rgid); + ADD_U_INT32(dptr, pid); + ADD_U_INT32(dptr, sid); + ADD_U_INT64(dptr, tid->at_port); + ADD_U_INT32(dptr, tid->at_type); + ADD_U_INT32(dptr, tid->at_addr[0]); + if (tid->at_type == AU_IPv6) { + ADD_U_INT32(dptr, tid->at_addr[1]); + ADD_U_INT32(dptr, tid->at_addr[2]); + ADD_U_INT32(dptr, tid->at_addr[3]); + } - errno = ENOTSUP; - return (NULL); + return (t); } token_t * @@ -1166,6 +1303,33 @@ return (t); } +token_t * +au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm) +{ + token_t *t; + u_char *dptr = NULL; + u_int32_t timems; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t)); + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_HEADER64); + ADD_U_INT32(dptr, rec_size); + ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); + ADD_U_INT16(dptr, e_type); + ADD_U_INT16(dptr, e_mod); + + timems = tm.tv_usec/1000; + /* Add the timestamp */ + ADD_U_INT64(dptr, tm.tv_sec); + ADD_U_INT64(dptr, timems); /* We need time in ms. */ + + return (t); +} + #if !defined(KERNEL) && !defined(_KERNEL) token_t * au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) @@ -1181,9 +1345,11 @@ au_to_header64(__unused int rec_size, __unused au_event_t e_type, __unused au_emod_t e_mod) { + struct timeval tm; - errno = ENOTSUP; - return (NULL); + if (gettimeofday(&tm, NULL) == -1) + return (NULL); + return (au_to_header64_tm(rec_size, e_type, e_mod, tm)); } token_t * --------------010907030009030504070804-- From owner-trustedbsd-audit@FreeBSD.ORG Fri Nov 17 16:31:35 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE40B16A407 for ; Fri, 17 Nov 2006 16:31:35 +0000 (UTC) (envelope-from dgiagio@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.174]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FD9043D53 for ; Fri, 17 Nov 2006 16:31:34 +0000 (GMT) (envelope-from dgiagio@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so669853uge for ; Fri, 17 Nov 2006 08:31:34 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Iu07uVzo6gzzWNuL5Tb9S6Ayp7I+L89xtrDS//+i8XvD7hTHWh9n3SYdQih9Crmvtj3NMwB/teIijtUf9nPBUqOHYWBjWI4ypFDF4JjQUQ7KYf11UcAbW5FjHJJSys0XOonZsJKj1GakSPnsWo9ILrpvIqWmCCmig7iAY81cWmw= Received: by 10.67.117.2 with SMTP id u2mr1301176ugm.1163780575078; Fri, 17 Nov 2006 08:22:55 -0800 (PST) Received: by 10.67.30.9 with HTTP; Fri, 17 Nov 2006 08:22:54 -0800 (PST) Message-ID: <1b0798830611170822x15add173hfcad44ed830ec01e@mail.gmail.com> Date: Fri, 17 Nov 2006 14:22:54 -0200 From: "Diego Giagio" To: trustedbsd-audit@freebsd.org In-Reply-To: <455B89A5.1070607@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <33453.36565.qm@web55503.mail.re4.yahoo.com> <455B89A5.1070607@gmail.com> Cc: Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2006 16:31:36 -0000 On 11/15/06, Diego Giagio wrote: > > No problem. Attached is a patch with XML printing support that applies > cleanly to HEAD as of today. > Could anyone please review the patch? I didn't receive any response for the last two days. I'm about to assume its not any good. Thanks. DG From owner-trustedbsd-audit@FreeBSD.ORG Fri Nov 17 18:59:30 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B72016A412 for ; Fri, 17 Nov 2006 18:59:30 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E19D43D53 for ; Fri, 17 Nov 2006 18:59:28 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 3D52146E2E; Fri, 17 Nov 2006 13:59:28 -0500 (EST) Date: Fri, 17 Nov 2006 18:59:28 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Diego Giagio In-Reply-To: <1b0798830611170822x15add173hfcad44ed830ec01e@mail.gmail.com> Message-ID: <20061117185840.P67585@fledge.watson.org> References: <33453.36565.qm@web55503.mail.re4.yahoo.com> <455B89A5.1070607@gmail.com> <1b0798830611170822x15add173hfcad44ed830ec01e@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@freebsd.org Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2006 18:59:30 -0000 On Fri, 17 Nov 2006, Diego Giagio wrote: > On 11/15/06, Diego Giagio wrote: >> >> No problem. Attached is a patch with XML printing support that applies >> cleanly to HEAD as of today. > > Could anyone please review the patch? I didn't receive any response for the > last two days. I'm about to assume its not any good. I think you should assume instead that people are generally busy but interested. :-) I'll try to take a look at it this evening. I'm still catching up from my trip to EuroBSDCon last week, unfortunately, from which I have quite an e-mail backlog. thanks, Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Fri Nov 17 20:29:40 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE40F16A47E for ; Fri, 17 Nov 2006 20:29:40 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83E6043D9E for ; Fri, 17 Nov 2006 20:29:20 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 727D820014D for ; Fri, 17 Nov 2006 21:29:19 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 592B8200146; Fri, 17 Nov 2006 21:29:13 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 8265B444889 for ; Fri, 17 Nov 2006 20:28:45 +0000 (UTC) Date: Fri, 17 Nov 2006 20:28:45 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: trustedbsd-audit@freebsd.org Message-ID: <20061117200831.S18512@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: Subject: firewall audit records X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2006 20:29:40 -0000 Hi, I chatted with Robert Watson about firewall audit records at EuroBSDCon. There were some basic questions coming up that I'd like to put up for discussion: - how to decide what rules one wants auditing enabled for? for example adding an "audit" flag to a rule and generate records for matches [implying the question who might do or change that]. - what to put into the audit record? protocol / rule number / addresses / deny|permit|log / ... this is especially interesting as different firewalls may provide different data and different rules/protocols may have different payload. What kind of payload - if at all - should be in the audit record? - how to reliably generate audit records? usually one pre-allocates memory for the audit record and uses flags like M_WAITOK. This might not be feasible for (high bandwidth) network traffic passing the firewall. /bz -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 18 09:44:57 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1154016A492 for ; Sat, 18 Nov 2006 09:44:57 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 66C1943D46 for ; Sat, 18 Nov 2006 09:44:54 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 4A2AD46E7F; Sat, 18 Nov 2006 04:44:56 -0500 (EST) Date: Sat, 18 Nov 2006 09:44:56 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Diego Giagio In-Reply-To: <1b0798830611170822x15add173hfcad44ed830ec01e@mail.gmail.com> Message-ID: <20061118094331.H67585@fledge.watson.org> References: <33453.36565.qm@web55503.mail.re4.yahoo.com> <455B89A5.1070607@gmail.com> <1b0798830611170822x15add173hfcad44ed830ec01e@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@freebsd.org Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2006 09:44:57 -0000 On Fri, 17 Nov 2006, Diego Giagio wrote: > On 11/15/06, Diego Giagio wrote: >> >> No problem. Attached is a patch with XML printing support that applies >> cleanly to HEAD as of today. > > Could anyone please review the patch? I didn't receive any response for the > last two days. I'm about to assume its not any good. The version after Martin's comments looked good to me, so I've submitted it to P4. I'll cut a new OpenBSM release in the next couple of days that will include these changes and Martin's XML changes. I'll also look at getting Martin's hostname changes (to include the hostname in the trail filename) in before doing so. Thanks! Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 18 12:05:59 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8106816A403 for ; Sat, 18 Nov 2006 12:05:59 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D01B43D7D for ; Sat, 18 Nov 2006 12:05:56 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id CA46C46C44; Sat, 18 Nov 2006 07:05:58 -0500 (EST) Date: Sat, 18 Nov 2006 12:05:58 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Diego Giagio In-Reply-To: <20061118094331.H67585@fledge.watson.org> Message-ID: <20061118120246.U50450@fledge.watson.org> References: <33453.36565.qm@web55503.mail.re4.yahoo.com> <455B89A5.1070607@gmail.com> <1b0798830611170822x15add173hfcad44ed830ec01e@mail.gmail.com> <20061118094331.H67585@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@freebsd.org Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2006 12:05:59 -0000 On Sat, 18 Nov 2006, Robert Watson wrote: > On Fri, 17 Nov 2006, Diego Giagio wrote: > >> On 11/15/06, Diego Giagio wrote: >>> >>> No problem. Attached is a patch with XML printing support that applies >>> cleanly to HEAD as of today. >> >> Could anyone please review the patch? I didn't receive any response for the >> last two days. I'm about to assume its not any good. > > The version after Martin's comments looked good to me, so I've submitted it > to P4. I'll cut a new OpenBSM release in the next couple of days that will > include these changes and Martin's XML changes. I'll also look at getting > Martin's hostname changes (to include the hostname in the trail filename) in > before doing so. FYI, I modified the patch in the following ways in P4: - I modified the ex variants to write out addresses in the byte order passed to the function, rather than in network byte order, since we assume that passed addresses are already in network byte order. - I added test generation functions to openbsm/test/bsm and generated reference tokens. - I removed the now-unneeded __unused qualifiers to some functions (including some that already existed before your patch). Our code for generating ex tokens seems to differ slightly from OpenSolaris with respect to handling variable length addresses: the OpenSolaris code appears to always write out the full length 3x32-bit field for both IPv4 and IPv6 arguments, although it's possibly they generate ex entries for only IPv6 addresses, in which case this may not have a practical import yet. Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 18 14:23:10 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BF57A16A415 for ; Sat, 18 Nov 2006 14:23:10 +0000 (UTC) (envelope-from dgiagio@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A77A43D5A for ; Sat, 18 Nov 2006 14:23:03 +0000 (GMT) (envelope-from dgiagio@gmail.com) Received: by nz-out-0102.google.com with SMTP id i11so681187nzh for ; Sat, 18 Nov 2006 06:23:07 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=gVSO0P7fqbr/UljRtOzU3uUl2FKkSFSBiKlIP54yM5At5KovytpCCzyzGMSzbwR+zUOts4RpeWgQHoIUCsuz9G/e8K2Bz5uKbbIM98bY3xOhW3aszhQOfeZvQjThiCZ46JenAKRIJ1q6Jf8l5iEC65z5zb5pM295FxjEh6obcwk= Received: by 10.65.59.20 with SMTP id m20mr5290988qbk.1163859786645; Sat, 18 Nov 2006 06:23:06 -0800 (PST) Received: from ?192.168.0.100? ( [201.37.35.25]) by mx.google.com with ESMTP id d5sm6203562qbd.2006.11.18.06.23.02; Sat, 18 Nov 2006 06:23:06 -0800 (PST) Message-ID: <455F1732.9000204@gmail.com> Date: Sat, 18 Nov 2006 12:22:42 -0200 From: Diego Giagio User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Robert Watson References: <33453.36565.qm@web55503.mail.re4.yahoo.com> <455B89A5.1070607@gmail.com> <1b0798830611170822x15add173hfcad44ed830ec01e@mail.gmail.com> <20061117185840.P67585@fledge.watson.org> In-Reply-To: <20061117185840.P67585@fledge.watson.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: trustedbsd-audit@freebsd.org Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2006 14:23:10 -0000 Robert Watson wrote: > > I think you should assume instead that people are generally busy but > interested. :-) I'll try to take a look at it this evening. I'm still > catching up from my trip to EuroBSDCon last week, unfortunately, from > which I have quite an e-mail backlog. > Robert, Since this is my first contribution I was a bit in a hurry for review. I strongly apologize. DG From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 18 15:49:47 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CE00516A40F for ; Sat, 18 Nov 2006 15:49:47 +0000 (UTC) (envelope-from rwatson2FreeBSD.org@fledge.watson.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id A9D2543D6A for ; Sat, 18 Nov 2006 15:49:43 +0000 (GMT) (envelope-from rwatson2FreeBSD.org@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 09D0246B5D; Sat, 18 Nov 2006 10:49:47 -0500 (EST) Date: Sat, 18 Nov 2006 15:49:46 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Diego Giagio In-Reply-To: <455F1732.9000204@gmail.com> Message-ID: <20061118154921.M50450@fledge.watson.org> References: <33453.36565.qm@web55503.mail.re4.yahoo.com> <455B89A5.1070607@gmail.com> <1b0798830611170822x15add173hfcad44ed830ec01e@mail.gmail.com> <20061117185840.P67585@fledge.watson.org> <455F1732.9000204@gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Mailman-Approved-At: Sat, 18 Nov 2006 16:33:18 +0000 Cc: trustedbsd-audit@freebsd.org Subject: Re: Additional 64-bit token types to libbsm X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2006 15:49:47 -0000 On Sat, 18 Nov 2006, Diego Giagio wrote: > Robert Watson wrote: >> >> I think you should assume instead that people are generally busy but >> interested. :-) I'll try to take a look at it this evening. I'm still >> catching up from my trip to EuroBSDCon last week, unfortunately, from which >> I have quite an e-mail backlog. > > Since this is my first contribution I was a bit in a hurry for review. I > strongly apologize. There's no need to apologize, and your contribution is much appreciated :-). Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Sun Nov 19 22:20:16 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A025816A412 for ; Sun, 19 Nov 2006 22:20:16 +0000 (UTC) (envelope-from dgiagio@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F46943D46 for ; Sun, 19 Nov 2006 22:19:56 +0000 (GMT) (envelope-from dgiagio@gmail.com) Received: by py-out-1112.google.com with SMTP id f31so865436pyh for ; Sun, 19 Nov 2006 14:20:08 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type; b=upK+qc1/uX8tdvRyK4o1hn/SXodgNWBYwc7gKodGgAMRbUMfc50L1OHPJHmJqgjFpjRABZ1MreHsNV7jB1WnzOs+P3fQdUDOBuostURJxKoDX2BWG2MWGM3PGW8xmv5PZAVrikDtZsszfAsrx2oX8fja1GCCDvMpNX6eAA30+Y8= Received: by 10.65.219.4 with SMTP id w4mr6702812qbq.1163974807807; Sun, 19 Nov 2006 14:20:07 -0800 (PST) Received: from ?192.168.0.100? ( [201.37.35.25]) by mx.google.com with ESMTP id e13sm8486739qba.2006.11.19.14.20.05; Sun, 19 Nov 2006 14:20:07 -0800 (PST) Message-ID: <4560D883.7040409@gmail.com> Date: Sun, 19 Nov 2006 20:19:47 -0200 From: Diego Giagio User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: trustedbsd-audit@FreeBSD.org Content-Type: multipart/mixed; boundary="------------030308060902000608060002" Subject: OpenBSM compiler warnings patch X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Nov 2006 22:20:16 -0000 This is a multi-part message in MIME format. --------------030308060902000608060002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I've created a patch that removes all the compiler warnings I was getting, mostly signed/unsigned stuff. bsm_io.c: I've sticked with the following rules to resolve the conflicts: - Buffers are u_char* - Strings are char* (or const char*) - Casts are used when pointing strings inside buffers. bsm_notify.c: notify_check function on my Mac OS X 10.4.8 expects an int on the second parameter, not an unsigned int. bsm_token.c: au_to_newgroups expect a gid_t* on the second parameter, not an int*. In fact a gid_t may expand to an int or even an unsigned int. Instructions: $ cd openbsm $ patch -p1 < warnings.patch Please review. Thanks. DG --------------030308060902000608060002 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="warnings.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="warnings.patch" diff -u -r openbsm/libbsm/bsm_io.c openbsm-dgiagio/libbsm/bsm_io.c --- openbsm/libbsm/bsm_io.c 2006-11-18 07:44:23.000000000 -0200 +++ openbsm-dgiagio/libbsm/bsm_io.c 2006-11-19 19:18:38.000000000 -0200 @@ -201,7 +201,7 @@ * Prints the given data bytes as a string. */ static void -print_string(FILE *fp, u_char *str, size_t len) +print_string(FILE *fp, const char *str, size_t len) { int i; @@ -217,7 +217,7 @@ * Prints the beggining of attribute. */ static void -open_attr(FILE *fp, u_char *str) +open_attr(FILE *fp, const char *str) { fprintf(fp,"%s=\"", str); @@ -833,7 +833,7 @@ * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ static int -fetch_header32_tok(tokenstr_t *tok, char *buf, int len) +fetch_header32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -922,7 +922,7 @@ * nanoseconds of time 4 bytes/8 bytes (32/64-bits) */ static int -fetch_header32_ex_tok(tokenstr_t *tok, char *buf, int len) +fetch_header32_ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -1029,7 +1029,7 @@ * version # */ static int -fetch_header64_tok(tokenstr_t *tok, char *buf, int len) +fetch_header64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -1114,7 +1114,7 @@ * accuracy of the BSM spec. */ static int -fetch_header64_ex_tok(tokenstr_t *tok, char *buf, int len) +fetch_header64_ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -1217,7 +1217,7 @@ * record size 4 bytes */ static int -fetch_trailer_tok(tokenstr_t *tok, char *buf, int len) +fetch_trailer_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -1251,7 +1251,7 @@ * text N bytes + 1 terminating NULL byte */ static int -fetch_arg32_tok(tokenstr_t *tok, char *buf, int len) +fetch_arg32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -1267,8 +1267,8 @@ if (err) return (-1); - SET_PTR(buf, len, tok->tt.arg32.text, tok->tt.arg32.len, tok->len, - err); + SET_PTR((char*)buf, len, tok->tt.arg32.text, tok->tt.arg32.len, + tok->len, err); if (err) return (-1); @@ -1302,7 +1302,7 @@ } static int -fetch_arg64_tok(tokenstr_t *tok, char *buf, int len) +fetch_arg64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -1318,8 +1318,8 @@ if (err) return (-1); - SET_PTR(buf, len, tok->tt.arg64.text, tok->tt.arg64.len, tok->len, - err); + SET_PTR((char*)buf, len, tok->tt.arg64.text, tok->tt.arg64.len, + tok->len, err); if (err) return (-1); @@ -1360,7 +1360,7 @@ * data items (depends on basic unit) */ static int -fetch_arb_tok(tokenstr_t *tok, char *buf, int len) +fetch_arb_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; int datasize; @@ -1589,7 +1589,7 @@ * device 4 bytes/8 bytes (32-bit/64-bit) */ static int -fetch_attr32_tok(tokenstr_t *tok, char *buf, int len) +fetch_attr32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -1671,7 +1671,7 @@ * device 4 bytes/8 bytes (32-bit/64-bit) */ static int -fetch_attr64_tok(tokenstr_t *tok, char *buf, int len) +fetch_attr64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -1749,7 +1749,7 @@ * return value 4 bytes */ static int -fetch_exit_tok(tokenstr_t *tok, char *buf, int len) +fetch_exit_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -1791,11 +1791,11 @@ * text count null-terminated string(s) */ static int -fetch_execarg_tok(tokenstr_t *tok, char *buf, int len) +fetch_execarg_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; int i; - char *bptr; + u_char *bptr; READ_TOKEN_U_INT32(buf, len, tok->tt.execarg.count, tok->len, err); if (err) @@ -1804,7 +1804,7 @@ for (i = 0; i < tok->tt.execarg.count; i++) { bptr = buf + tok->len; if (i < AUDIT_MAX_ARGS) - tok->tt.execarg.text[i] = bptr; + tok->tt.execarg.text[i] = (char*)bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { @@ -1850,11 +1850,11 @@ * text count null-terminated string(s) */ static int -fetch_execenv_tok(tokenstr_t *tok, char *buf, int len) +fetch_execenv_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; int i; - char *bptr; + u_char *bptr; READ_TOKEN_U_INT32(buf, len, tok->tt.execenv.count, tok->len, err); if (err) @@ -1863,7 +1863,7 @@ for (i = 0; i < tok->tt.execenv.count; i++) { bptr = buf + tok->len; if (i < AUDIT_MAX_ENV) - tok->tt.execenv.text[i] = bptr; + tok->tt.execenv.text[i] = (char*)bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { @@ -1911,7 +1911,7 @@ * file pathname N bytes + 1 terminating NULL byte */ static int -fetch_file_tok(tokenstr_t *tok, char *buf, int len) +fetch_file_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -1927,7 +1927,8 @@ if (err) return (-1); - SET_PTR(buf, len, tok->tt.file.name, tok->tt.file.len, tok->len, err); + SET_PTR((char*)buf, len, tok->tt.file.name, tok->tt.file.len, tok->len, + err); if (err) return (-1); @@ -1965,7 +1966,7 @@ * group list count * 4 bytes */ static int -fetch_newgroups_tok(tokenstr_t *tok, char *buf, int len) +fetch_newgroups_tok(tokenstr_t *tok, u_char *buf, int len) { int i; int err = 0; @@ -2008,7 +2009,7 @@ * Internet addr 4 bytes */ static int -fetch_inaddr_tok(tokenstr_t *tok, char *buf, int len) +fetch_inaddr_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2041,7 +2042,7 @@ * address 16 bytes */ static int -fetch_inaddr_ex_tok(tokenstr_t *tok, char *buf, int len) +fetch_inaddr_ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2086,7 +2087,7 @@ * ip header 20 bytes */ static int -fetch_ip_tok(tokenstr_t *tok, char *buf, int len) +fetch_ip_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2208,7 +2209,7 @@ * Object ID 4 bytes */ static int -fetch_ipc_tok(tokenstr_t *tok, char *buf, int len) +fetch_ipc_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2255,7 +2256,7 @@ * key 4 bytes */ static int -fetch_ipcperm_tok(tokenstr_t *tok, char *buf, int len) +fetch_ipcperm_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2341,7 +2342,7 @@ * port Ip address 2 bytes */ static int -fetch_iport_tok(tokenstr_t *tok, char *buf, int len) +fetch_iport_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2373,7 +2374,7 @@ * data size bytes */ static int -fetch_opaque_tok(tokenstr_t *tok, char *buf, int len) +fetch_opaque_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2381,8 +2382,8 @@ if (err) return (-1); - SET_PTR(buf, len, tok->tt.opaque.data, tok->tt.opaque.size, tok->len, - err); + SET_PTR((char*)buf, len, tok->tt.opaque.data, tok->tt.opaque.size, + tok->len, err); if (err) return (-1); @@ -2396,13 +2397,15 @@ print_tok_type(fp, tok->id, "opaque", raw, xml); if (xml) { - print_mem(fp, tok->tt.opaque.data, tok->tt.opaque.size); + print_mem(fp, (u_char*)tok->tt.opaque.data, + tok->tt.opaque.size); close_tag(fp, tok->id); } else { print_delim(fp, del); print_2_bytes(fp, tok->tt.opaque.size, "%u"); print_delim(fp, del); - print_mem(fp, tok->tt.opaque.data, tok->tt.opaque.size); + print_mem(fp, (u_char*)tok->tt.opaque.data, + tok->tt.opaque.size); } } @@ -2411,7 +2414,7 @@ * data size bytes */ static int -fetch_path_tok(tokenstr_t *tok, char *buf, int len) +fetch_path_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2419,7 +2422,8 @@ if (err) return (-1); - SET_PTR(buf, len, tok->tt.path.path, tok->tt.path.len, tok->len, err); + SET_PTR((char*)buf, len, tok->tt.path.path, tok->tt.path.len, tok->len, + err); if (err) return (-1); @@ -2455,7 +2459,7 @@ * machine id 4 bytes */ static int -fetch_process32_tok(tokenstr_t *tok, char *buf, int len) +fetch_process32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2568,7 +2572,7 @@ * machine id 4 bytes */ static int -fetch_process64_tok(tokenstr_t *tok, char *buf, int len) +fetch_process64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2681,7 +2685,7 @@ * machine address 16 bytes */ static int -fetch_process32ex_tok(tokenstr_t *tok, char *buf, int len) +fetch_process32ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2811,7 +2815,7 @@ * machine address 16 bytes */ static int -fetch_process64ex_tok(tokenstr_t *tok, char *buf, int len) +fetch_process64ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2930,7 +2934,7 @@ * return value 4 bytes */ static int -fetch_return32_tok(tokenstr_t *tok, char *buf, int len) +fetch_return32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -2968,7 +2972,7 @@ } static int -fetch_return64_tok(tokenstr_t *tok, char *buf, int len) +fetch_return64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3009,7 +3013,7 @@ * seq 4 bytes */ static int -fetch_seq_tok(tokenstr_t *tok, char *buf, int len) +fetch_seq_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3043,7 +3047,7 @@ * socket address 4 bytes */ static int -fetch_sock_inet32_tok(tokenstr_t *tok, char *buf, int len) +fetch_sock_inet32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3097,7 +3101,7 @@ * path 104 bytes */ static int -fetch_sock_unix_tok(tokenstr_t *tok, char *buf, int len) +fetch_sock_unix_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3147,7 +3151,7 @@ * remote address 4 bytes */ static int -fetch_socket_tok(tokenstr_t *tok, char *buf, int len) +fetch_socket_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3228,7 +3232,7 @@ * machine id 4 bytes */ static int -fetch_subject32_tok(tokenstr_t *tok, char *buf, int len) +fetch_subject32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3340,7 +3344,7 @@ * machine id 4 bytes */ static int -fetch_subject64_tok(tokenstr_t *tok, char *buf, int len) +fetch_subject64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3453,7 +3457,7 @@ * machine id 16 bytes */ static int -fetch_subject32ex_tok(tokenstr_t *tok, char *buf, int len) +fetch_subject32ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3582,7 +3586,7 @@ * machine id 16 bytes */ static int -fetch_subject64ex_tok(tokenstr_t *tok, char *buf, int len) +fetch_subject64ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3701,7 +3705,7 @@ * data size bytes */ static int -fetch_text_tok(tokenstr_t *tok, char *buf, int len) +fetch_text_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3709,7 +3713,7 @@ if (err) return (-1); - SET_PTR(buf, len, tok->tt.text.text, tok->tt.text.len, tok->len, + SET_PTR((char*)buf, len, tok->tt.text.text, tok->tt.text.len, tok->len, err); if (err) return (-1); @@ -3742,7 +3746,7 @@ * remote Internet address 4 bytes */ static int -fetch_socketex32_tok(tokenstr_t *tok, char *buf, int len) +fetch_socketex32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; @@ -3822,7 +3826,7 @@ } static int -fetch_invalid_tok(tokenstr_t *tok, char *buf, int len) +fetch_invalid_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; int recoversize; @@ -3833,7 +3837,8 @@ tok->tt.invalid.length = recoversize; - SET_PTR(buf, len, tok->tt.invalid.data, recoversize, tok->len, err); + SET_PTR((char*)buf, len, tok->tt.invalid.data, recoversize, tok->len, + err); if (err) return (-1); @@ -3848,7 +3853,8 @@ if (!xml) { print_tok_type(fp, tok->id, "unknown", raw, 0); print_delim(fp, del); - print_mem(fp, tok->tt.invalid.data, tok->tt.invalid.length); + print_mem(fp, (u_char*)tok->tt.invalid.data, + tok->tt.invalid.length); } } diff -u -r openbsm/libbsm/bsm_notify.c openbsm-dgiagio/libbsm/bsm_notify.c --- openbsm/libbsm/bsm_notify.c 2006-06-16 17:32:11.000000000 -0300 +++ openbsm-dgiagio/libbsm/bsm_notify.c 2006-11-19 19:20:07.000000000 -0200 @@ -66,7 +66,8 @@ au_notify_initialize(void) { #if AUDIT_NOTIFICATION_ENABLED - uint32_t status, ignore_first; + uint32_t status; + int ignore_first; status = notify_register_check(__BSM_INTERNAL_NOTIFY_KEY, &token); if (status != NOTIFY_STATUS_OK) @@ -108,7 +109,7 @@ au_get_state(void) { #if AUDIT_NOTIFICATION_ENABLED - uint32_t did_notify; + int did_notify; #endif int status; diff -u -r openbsm/libbsm/bsm_token.c openbsm-dgiagio/libbsm/bsm_token.c --- openbsm/libbsm/bsm_token.c 2006-11-18 09:18:44.000000000 -0200 +++ openbsm-dgiagio/libbsm/bsm_token.c 2006-11-19 19:19:50.000000000 -0200 @@ -345,7 +345,7 @@ au_to_groups(int *groups) { - return (au_to_newgroups(AUDIT_MAX_GROUPS, groups)); + return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t*)groups)); } /* --------------030308060902000608060002-- From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 25 11:46:12 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4771516A4FD for ; Sat, 25 Nov 2006 11:46:12 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A59E43E23 for ; Sat, 25 Nov 2006 11:44:52 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id C29DE46D19; Sat, 25 Nov 2006 06:45:29 -0500 (EST) Date: Sat, 25 Nov 2006 11:45:29 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Martin Voros In-Reply-To: <20061114122442.63529.qmail@web55506.mail.re4.yahoo.com> Message-ID: <20061125114324.N46163@fledge.watson.org> References: <20061114122442.63529.qmail@web55506.mail.re4.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@TrustedBSD.org Subject: Re: auditd - hostname in trail file name patch X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Nov 2006 11:46:12 -0000 On Tue, 14 Nov 2006, Martin Voros wrote: > Robert Watson wrote: > On Thu, 26 Oct 2006, Martin Voros wrote: > >> I've prepared another patch which put hostname in trail file name (another >> point from TODO list). Format is timestamp.timestamp.hostname or >> timestamp.not_terminated.hostname >> >> Again of course all comments are welcome. > > Having now returned from EuroBSDCon, I'm trying to catch up on e-mail. My > suggestion here would be to switch to using asprintf() to de-complicate the > buffer length calculation, which otherwise is probably the riskiest part of > the change. > > I've prepared new patch, which use asprintf instead of strcat and malloc. Martin, Again, a rather long delay -- sorry about that! Thanks for the revised patch. I've run into a problem with it, however -- if the hostname changes between when auditd opens a trail (affixdir) and when it closes if (close_lastfile), then the filename at creation and removal differs. I think we need to rearrange things in auditd so that close_lastfile() operates on a cached copy of the filename, rather than attempting to reconstruct the last filename since it can no longer be done without maintaining state. Is this something you could investigate? Thanks, Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Sat Nov 25 14:20:07 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9255D16A4FE for ; Sat, 25 Nov 2006 14:20:07 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1063343D68 for ; Sat, 25 Nov 2006 14:19:17 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 80E1546C4F for ; Sat, 25 Nov 2006 09:20:05 -0500 (EST) Date: Sat, 25 Nov 2006 14:20:05 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20061125141233.Q46163@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: OpenBSM 1.0 alpha 13 released X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Nov 2006 14:20:07 -0000 Dear all, I'm pleased to announce the release of OpenBSM 1.0 alpha 13, the first release of OpenBSM following the integration of Audit support into freeBSD 6.2. The following are the change notes from the OpenBSM history file found in this release: OpenBSM 1.0 alpha 13 - compat/clock_gettime.h now provides a compatibility implementation of clock_gettime(), which fixes building on Mac OS X. - Countless man page improvements, markup fixes, content fixs, etc. - XML printing support via "praudit -x". - audit.log.5 expanded to include additional BSM token types. - Added encoding and decoding routines for process64_ex, process32_ex, subject32_ex, header64, and attr64 tokens. - Additional audit event identifiers for listen, mlockall/munlockall, getpath, POSIX message queues, and mandatory access control. You can download OpenBSM from the OpenBSM project web page: http://www.OpenBSM.org/ This release is known to build and run on FreeBSD 7.x, FreeBSD 6.2, and RedHat Fedora core 3 Linux. I'd particularly like to think the following for their contributions to this release: Christian Peron Ruslan Ermilov Martin Voros Diego Giagio Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Fri Dec 15 08:25:44 2006 Return-Path: X-Original-To: trustedbsd-audit@FreeBSD.org Delivered-To: trustedbsd-audit@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 29B1916A4B3 for ; Fri, 15 Dec 2006 08:25:44 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A96643CCB for ; Fri, 15 Dec 2006 08:24:00 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id B7B0A46E59; Fri, 15 Dec 2006 03:25:39 -0500 (EST) Date: Fri, 15 Dec 2006 08:25:39 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Diego Giagio In-Reply-To: <4560D883.7040409@gmail.com> Message-ID: <20061215082453.R29087@fledge.watson.org> References: <4560D883.7040409@gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@FreeBSD.org Subject: Re: OpenBSM compiler warnings patch X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 08:25:44 -0000 On Sun, 19 Nov 2006, Diego Giagio wrote: > I've created a patch that removes all the compiler warnings I was getting, > mostly signed/unsigned stuff. > > bsm_io.c: I've sticked with the following rules to resolve the conflicts: > > - Buffers are u_char* > - Strings are char* (or const char*) > - Casts are used when pointing strings inside buffers. > > bsm_notify.c: notify_check function on my Mac OS X 10.4.8 expects an int on > the second parameter, not an unsigned int. > > bsm_token.c: au_to_newgroups expect a gid_t* on the second parameter, not an > int*. In fact a gid_t may expand to an int or even an unsigned int. > > Instructions: > $ cd openbsm > $ patch -p1 < warnings.patch > > Please review. Diego, Sorry for the long delay in getting back to you on this. I've installed gcc41 on my desktop box, confirmed the warning fixes, and merged to Perforce. These changes will appear starting in OpenBSM 1.0 alpha 14. Thanks! Robert N M Watson Computer Laboratory University of Cambridge From owner-trustedbsd-audit@FreeBSD.ORG Mon Jan 15 12:26:14 2007 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E0E1D16A407 for ; Mon, 15 Jan 2007 12:26:14 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id 6D47413C44C for ; Mon, 15 Jan 2007 12:26:14 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 6A81B49989 for ; Mon, 15 Jan 2007 06:53:09 -0500 (EST) Date: Mon, 15 Jan 2007 11:53:09 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20070115114729.G24395@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: TrustedBSD: [FreeBSD-Announce] FreeBSD 6.2 Released (fwd) X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jan 2007 12:26:15 -0000 By now everyone on this mailing list is undoubtably aware of this, but I forward this gratuitously nonetheless. The goal is for Audit to be a production feature in FreeBSD 6.3, with "options AUDIT" compiled into the kernel by default. There are quite a few things that need to be done before we're ready for that, including: - Creating and assigning audit events for some loose end native ABI system calls. - Completing audit event assignment for non-native APIs. - Identifying key remaining unaudited system call arguments and adding auditing for them. - Merging MAC Framework hooks allowing MAC modules to control access to kernel audit services. - Refining and merging MAC labeling support in audit, including support for MAC annotations in the audit trail. - Completing pass through user space services adding audit support to system management tools (and ftpd?). - Working with third party application vendors to add audit support to their tools, as necessary. In particular, {gdm,kdm,xdm} so that X11 logins have proper audit configuration set up for them. - Merging the latest OpenBSM, which has XML output support. Some other things high on my TODO list are to look at refining the preselection model for audit pipes based on feedback we're starting to get from IDS authors. Right now, IDS applications can track either the audit event stream using the global audit preselection model and configuration, or create their own instance of preselection configuration based on the same preselection model. We may wish to allow more flexibility in preselection, such as the ability to match events based on uids other than the audit uid. Robert N M Watson Computer Laboratory University of Cambridge ---------- Forwarded message ---------- Date: Mon, 15 Jan 2007 10:51:15 +0000 (GMT) From: Robert Watson To: trustedbsd-announce@TrustedBSD.org Subject: TrustedBSD: [FreeBSD-Announce] FreeBSD 6.2 Released I'm pleased to announce that FreeBSD 6.2-RELEASE is the first release of FreeBSD to include experimental support for security event auditing. TrustedBSD Audit provides fine-grained and configurable logging of system security events. FreeBSD 6.2 includes OpenBSM, a portable audit library and command line tool suite implementing Sun's de facto industry standard BSM API and file format. The TrustedBSD audit implementation is a significantly enhanced and extended version of the audit implementation generously contributed by Apple Computer, Inc., under a BSD license. You can read more audit in some of the following places: FreeBSD Handbook: Security Event Auditing http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html Security Focus: FreeBSD Security Event Auditing http://www.securityfocus.com/columnists/422 Slides and paper from UKUUG LISA 2006: http://www.watson.org/~robert/freebsd/2006ukuuglisa/ TrustedBSD Audit and OpenBSM were made possible through the contributions by: Apple Computer, Inc., McAfee Research, McAfee, Inc., SPARTA, Inc., Robert Watson, Wayne Salamon, Suresh Krishnaswamy, Kevin Van Vechten, Tom Rhodes, Wojciech Koszek, Chunyang Yuan, Poul-Henning Kamp, Christian Brueffer, Olivier Houchard, Christian Peron, Martin Fong, Pawel Worach, Martin Englund, Ruslan Ermilov, Martin Voros, Diego Giagio. Robert N M Watson Computer Laboratory University of Cambridge ---------- Forwarded message ---------- Date: Mon, 15 Jan 2007 00:29:19 -0500 From: Ken Smith To: freebsd-announce@freebsd.org Subject: [FreeBSD-Announce] FreeBSD 6.2 Released The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 6.2-RELEASE. This release continues the development of the 6-STABLE branch providing performance and stability improvements, many bug fixes and new features. Some of the highlights: - freebsd-update(8) provides officially supported binary updates for security fixes and errata patches - Experimental support for CAPP security event auditing - OpenBSM audit command line tool suite and library - KDE updated to 3.5.4, GNOME updated to 2.16.1 - csup(1) integrated cvsup client now included - Disk integrity protection and authentication added to geli(4) - New amdsmb(4), enc(4) ipmi(4), nfsmb(4), stge(4) drivers - IPFW(4) packet tagging - Linux emulation support for sysfs - BIND updated to 9.3.3 - Many driver updates including em(4), arcmsr(4), ath(4), bce(4), ata(4), and iwi(4) For a complete list of new features and known problems, please see the online release notes and errata list, available at: http://www.FreeBSD.org/releases/6.2R/relnotes.html http://www.FreeBSD.org/releases/6.2R/errata.html For more information about FreeBSD release engineering activities, please see: http://www.FreeBSD.org/releng/ Availability ------------- FreeBSD 6.2-RELEASE is now available for the alpha, amd64, i386, ia64, pc98, powerpc, and sparc64 architectures. It can be installed from bootable ISO images or over the network; the required files can be downloaded via FTP or BitTorrent as described in the sections below. While some of the smaller FTP mirrors may not carry all architectures, they will all generally contain the more common ones, such as i386 and amd64. MD5 and SHA256 hashes for the release ISO images are included at the bottom of this message. The contents of the ISO images provided as part of the release has changed for most of the architectures. Using the i386 architecture as an example, there are ISO images named "bootonly", "disc1", "disc2", and "docs". The "bootonly" image is suitable for booting a machine to do a network based installation using FTP or NFS. The "disc1" and "disc2" images are used to do a full installation that includes a basic set of packages and does not require network access to an FTP or NFS server during the installation. In addition, "disc1" supports booting into a "live CD-based filesystem" and system rescue mode. The "docs" image has all of the documentation for all supported languages. Most people will find that "disc1" and "disc2" are all that are needed. FreeBSD 6.2-RELEASE can also be purchased on CD-ROM from several vendors. Two of the vendors that will be offering FreeBSD 6.2-based products are: ~ FreeBSD Mall, Inc. http://www.freebsdmall.com/ ~ Daemonnews, Inc. http://www.bsdmall.com/freebsd1.html BitTorrent ---------- 6.2-RELEASE ISOs are available via BitTorrent. A collection of torrent files to download the images is available at: http://torrents.freebsd.org:8080/ FTP --- At the time of this announcement the following FTP sites have FreeBSD 6.2-RELEASE available. ftp://ftp.FreeBSD.org/pub/FreeBSD/ ftp://ftp3.FreeBSD.org/pub/FreeBSD/ ftp://ftp5.FreeBSD.org/pub/FreeBSD/ ftp://ftp7.FreeBSD.org/pub/FreeBSD/ ftp://ftp.at.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.ch.FreeBSD.org/pub/FreeBSD/ ftp://ftp.cn.FreeBSD.org/pub/FreeBSD/ ftp://ftp.cz.FreeBSD.org/pub/FreeBSD/ ftp://ftp.ee.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.fr.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.ie.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.ru.FreeBSD.org/pub/FreeBSD/ ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ ftp://ftp1.tw.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.uk.FreeBSD.org/pub/FreeBSD/ ftp://ftp5.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp13.us.FreeBSD.org/pub/FreeBSD/ FreeBSD is also available via anonymous FTP from mirror sites in the following countries and territories: Argentina, Australia, Brazil, Bulgaria, Canada, China, Czech Republic, Denmark, Estonia, Finland, France, Germany, Hong Kong, Hungary, Iceland, Ireland, Israel, Japan, Korea, Latvia, Lithuania, the Netherlands, New Zealand, Poland, Portugal, Romania, Russia, Saudi Arabia, South Africa, Slovak Republic, Slovenia, Spain, Sweden, Taiwan, Thailand, Ukraine, and the United Kingdom. Before trying the central FTP site, please check your regional mirror(s) first by going to: ftp://ftp..FreeBSD.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. More information about FreeBSD mirror sites can be found at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html For instructions on installing FreeBSD, please see Chapter 2 of The FreeBSD Handbook. It provides a complete installation walk-through for users new to FreeBSD, and can be found online at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/install.html FreeBSD Update -------------- The freebsd-update(8) utility, which is the client half of the FreeBSD Update binary update system, is now included in the FreeBSD base system and supported by the FreeBSD Security Team, which will be building binary security and errata updates for the i386 and amd64 platforms. In addition, an experimental version of the freebsd-update(8) utility is available which supports upgrading systems between FreeBSD releases. Administrators of FreeBSD 6.1 systems are encouraged to test this and report any problems encountered on the freebsd-stable mailing list. For more information, see http://www.daemonology.net/blog/2006-11-26-freebsd-6.1-to-6.2-binary-upgrade.html Acknowledgments ---------------- Many companies donated equipment, network access, or man-hours to finance the release engineering activities for FreeBSD 6.2 including The FreeBSD Foundation, FreeBSD Systems, Hewlett-Packard, Yahoo!, Network Appliances, Sentex Communications, and Copan Systems. The release engineering team for 6.2-RELEASE includes: Ken Smith Release Engineering, amd64, i386, sparc64 Release Building, Mirror Site Coordination Robert Watson Release Engineering, Security Doug White Release Engineering Maxime Henrion Release Engineering Hiroki Sato Release Engineering, Documentation Murray Stokely Release Engineering Bruce A. Mah Release Engineering, Documentation Marcel Moolenaar ia64, powerpc Release Building Takahashi Yoshihiro PC98 Release Building Wilko Bulte Alpha Release Building Kris Kennaway Package Building Colin Percival Security Officer Trademark --------- FreeBSD is a registered trademark of The FreeBSD Foundation. ISO Image Checksums ------------------- MD5 (6.2-RELEASE-alpha-bootonly.iso) = e8e29790cb6e621c7dfbe3ab4b5a30f5 MD5 (6.2-RELEASE-alpha-disc1.iso) = 8c80f84e59aff027eab3dcebac87c823 MD5 (6.2-RELEASE-alpha-docs.iso) = 9de4213a490341738cd06f0e943cabfd MD5 (6.2-RELEASE-amd64-bootonly.iso) = da90d52b86f956c8eb0980ca77d06fd7 MD5 (6.2-RELEASE-amd64-disc1.iso) = bf42599b11b7d8fb468160bd8168e053 MD5 (6.2-RELEASE-amd64-disc2.iso) = 703435e3e34c1c7729cab8a98378d6df MD5 (6.2-RELEASE-amd64-docs.iso) = 0c826df4dd7280738392cb04188cb183 MD5 (6.2-RELEASE-i386-bootonly.iso) = 4e8701ac951bc4537f8420fdac7efbb5 MD5 (6.2-RELEASE-i386-disc1.iso) = 3d27214700687c0b5390e8b6dd3706e3 MD5 (6.2-RELEASE-i386-disc2.iso) = fd30bfc65ef8adaa67aeffd07c72bf21 MD5 (6.2-RELEASE-i386-docs.iso) = e3512834982a9beebc3670499c7f3817 MD5 (6.2-RELEASE-ia64-bootonly.iso) = a678f17e66b306c9ceabf17d2e820cfc MD5 (6.2-RELEASE-ia64-disc1.iso) = 30ea0bbef1d6400f8d9c30e2d7cea764 MD5 (6.2-RELEASE-ia64-disc2.iso) = fd0d68530582208fab0377c419500153 MD5 (6.2-RELEASE-ia64-docs.iso) = 4abb963dec5d4f957a3185cebd8534e8 MD5 (6.2-RELEASE-ia64-livefs.iso) = d5325d0084f59b6dbbca4706da7c78e6 MD5 (6.2-RELEASE-pc98-bootonly.iso) = da1bdf4c43dd6e8adcf5bd610a0aa3ad MD5 (6.2-RELEASE-pc98-disc1.iso) = 31b56ea419c7d1071cbd68f8a1fa2628 MD5 (6.2-RELEASE-powerpc-bootonly.iso) = 3d5ecb6c20a692be9554ba9959e34519 MD5 (6.2-RELEASE-powerpc-disc1.iso) = 53f47b625ef4a6e2ab9ef51e415333d0 MD5 (6.2-RELEASE-sparc64-bootonly.iso) = 40d2e78c023284722478e82f16f77963 MD5 (6.2-RELEASE-sparc64-disc1.iso) = d9830e979013d9e4ac67eab4565aecde MD5 (6.2-RELEASE-sparc64-disc2.iso) = 9f93f1cf2cb07e40b78b1217b52242c2 MD5 (6.2-RELEASE-sparc64-docs.iso) = 7226efa1edb55a6ee0b8286ee2fe3be6 SHA256 (6.2-RELEASE-alpha-bootonly.iso) = ce8d9183b8c15a9b1fe6ebbf2a72f9797baa5fe3a80e726041eea23efe027b59 SHA256 (6.2-RELEASE-alpha-disc1.iso) = 6ecb22ddd1b400699707c7584bef4fc90ea53852b23859a95aa2b4d659c6baf4 SHA256 (6.2-RELEASE-alpha-docs.iso) = 086b58bda8f89ca942f9f46af77de0ee95cf5a5aa15045b7bbe043ea0d220ae7 SHA256 (6.2-RELEASE-amd64-bootonly.iso) = 29b3c796fffbe758913e45787f2467f2d21f9e2074ff642b3f1b092f59888960 SHA256 (6.2-RELEASE-amd64-disc1.iso) = 60d2d13a23c0e6ecac5547c5e83c53c378c37ae40a04ef4f5f0964c79955cc6f SHA256 (6.2-RELEASE-amd64-disc2.iso) = b4e9d7e396d60c0b1311853a3f67e8edbbe882ce1ed65b885eaf91e1f553c171 SHA256 (6.2-RELEASE-amd64-docs.iso) = 5c9a5c1ff8d8b588485cfbedf0d7482e3c70841d53f4750ab33e4efdccd67911 SHA256 (6.2-RELEASE-i386-bootonly.iso) = f338404690ebca656c6c15b20a8f82d10fb3f37c237808a3ce7d786509123378 SHA256 (6.2-RELEASE-i386-disc1.iso) = 2099715d561df721833322bc56a4fa8b02c2b77713a1e0bc17fc4b2dded20212 SHA256 (6.2-RELEASE-i386-disc2.iso) = 7399fa52298a76eebedd70436361f0de980412a2d88679054ed5338b7c30a4bf SHA256 (6.2-RELEASE-i386-docs.iso) = 3962be41cbdf8341e5ed38c8a7ceb762d3b1feb275f961fe21d74e5312e43377 SHA256 (6.2-RELEASE-ia64-bootonly.iso) = 950bdbd9c46aef3e55e98b429813bd7812e2300bbea4c31304282930e04ae25e SHA256 (6.2-RELEASE-ia64-disc1.iso) = eaf3fe8ffb1458fc0629453ffe58b44f161d4a915dba1fca7f055b4b8209db24 SHA256 (6.2-RELEASE-ia64-disc2.iso) = e43e1360984dae64b9f917118fab8e9e6f0428b9533e11996190f894b035b3ad SHA256 (6.2-RELEASE-ia64-docs.iso) = f69c57f47fb289da1bee1a812c17f209b48fb7dd1b28cbc7d9ae9719d12f5755 SHA256 (6.2-RELEASE-ia64-livefs.iso) = 0af88079c7451169b09d3765a85042bdc33e1334df5dd5c8a1fbff33e8d16170 SHA256 (6.2-RELEASE-pc98-bootonly.iso) = ee73ce2ab7a7f37adb5d71eb054e6e0ca3d986d2f7b6d80273139bba029cb091 SHA256 (6.2-RELEASE-pc98-disc1.iso) = 22ffa26aecbfad9efafd115ec6b4a74ce75bc920b0b63d159ee5c4bb35d79d1d SHA256 (6.2-RELEASE-powerpc-bootonly.iso) = 7abc11e7bc9c80e11bcd87e8c85016ca3a6affbc986bbd9b4e02aec4dea17958 SHA256 (6.2-RELEASE-powerpc-disc1.iso) = 0c4533f474f6b79b37bfd3bf3297ef6fc044d82e2b8a64829900924685d2d1db SHA256 (6.2-RELEASE-sparc64-bootonly.iso) = 902509d63d4beef190c0260ea570901769cb87e30904f7144e45583a5d81913b SHA256 (6.2-RELEASE-sparc64-disc1.iso) = 9a864e017d652e584a959335088aa36be85d3c78568546afddf2c743e74111c1 SHA256 (6.2-RELEASE-sparc64-disc2.iso) = b5c34512fbc2edc1920ab1f7d811b06be0f79cd27f58ca9c8b93c5d5ebd041d7 SHA256 (6.2-RELEASE-sparc64-docs.iso) = 9d974edf7f100512b2c67fd1b8c0124e370e7b687120f5284e5cc8979e0e18d2 _______________________________________________ trustedbsd-announce@FreeBSD.org mailing list http://lists.freebsd.org/mailman/listinfo/trustedbsd-announce To unsubscribe, send any mail to "trustedbsd-announce-unsubscribe@FreeBSD.org"