Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 17 Feb 2008 17:43:25 GMT
From:      "Christian S.J. Peron" <csjp@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 135579 for review
Message-ID:  <200802171743.m1HHhPJX062260@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=135579

Change 135579 by csjp@csjp_xor on 2008/02/17 17:42:30

	Lets try that again, but this time on the correct branch.

Affected files ...

.. //depot/projects/trustedbsd/bsmtrace/Makefile#2 edit
.. //depot/projects/trustedbsd/bsmtrace/README#2 edit
.. //depot/projects/trustedbsd/bsmtrace/bsm.c#2 edit
.. //depot/projects/trustedbsd/bsmtrace/bsmtrace.c#2 edit
.. //depot/projects/trustedbsd/bsmtrace/bsmtrace.conf#2 edit
.. //depot/projects/trustedbsd/bsmtrace/bsmtrace.conf.5#2 edit
.. //depot/projects/trustedbsd/bsmtrace/bsmtrace.ebnf#2 edit
.. //depot/projects/trustedbsd/bsmtrace/bsmtrace.h#2 edit
.. //depot/projects/trustedbsd/bsmtrace/conf.c#2 edit
.. //depot/projects/trustedbsd/bsmtrace/deuce.h#2 edit
.. //depot/projects/trustedbsd/bsmtrace/grammar.y#2 edit
.. //depot/projects/trustedbsd/bsmtrace/includes.h#2 edit
.. //depot/projects/trustedbsd/bsmtrace/log.c#2 edit
.. //depot/projects/trustedbsd/bsmtrace/pipe.c#1 add
.. //depot/projects/trustedbsd/bsmtrace/pipe.h#1 add
.. //depot/projects/trustedbsd/bsmtrace/token.l#2 edit
.. //depot/projects/trustedbsd/bsmtrace/trigger.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/bsmtrace/Makefile#2 (text+ko) ====

@@ -1,18 +1,18 @@
-# $Id: Makefile,v 1.7 2007/04/13 14:45:12 csjp Exp $
+# $Id: Makefile,v 1.8 2007/07/13 00:03:50 csjp Exp $
 
 CC	= gcc
 CFLAGS 	= -Wall -g
 TARGETS = bsmtrace
-OBJ	= bsm.o bsmtrace.o conf.o y.tab.o lex.yy.o log.o trigger.o
+OBJ	= bsm.o bsmtrace.o conf.o y.tab.o lex.yy.o log.o pipe.o trigger.o
 PREFIX	= /usr/local
 LIBS	= -lbsm
 
-.ifdef PCRE
-CFLAGS	+= -I /usr/local/include
-CFLAGS	+= -L /usr/local/lib
-CFLAGS	+= -D PCRE
-LIBS	+= -lpcre
-.endif
+#.ifdef PCRE
+#CFLAGS	+= -I /usr/local/include
+#CFLAGS	+= -L /usr/local/lib
+#CFLAGS	+= -D PCRE
+#LIBS	+= -lpcre
+#.endif
 
 all: $(TARGETS)
 

==== //depot/projects/trustedbsd/bsmtrace/README#2 (text+ko) ====


==== //depot/projects/trustedbsd/bsmtrace/bsm.c#2 (text+ko) ====

@@ -3,7 +3,7 @@
  * Copyright (c) 2007 Christian S.J. Peron
  * All rights reserved.
  *
- * $Id: bsm.c,v 1.44 2007/04/15 01:23:49 csjp Exp $
+ * $Id: bsm.c,v 1.45 2007/10/09 02:24:30 csjp Exp $
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -122,8 +122,7 @@
 	 * on the object we are interested in, but a write on some anonymous
 	 * object has occured, should we still raise an alert?
 	 */
-	if (bd->br_path == NULL)
-		return (0);
+
 	/*
 	 * Check to see if the user has supplied any objects. If not, then this
 	 * is a member match.
@@ -132,6 +131,12 @@
 	if (ap->a_cnt == 0)
 		return (1);
 	/*
+	 * We are interested in particular objects, but the audit record has
+	 * not supplied any.  We will treat this as a fail to match.
+	 */
+	if (bd->br_path == NULL)
+		return (0);
+	/*
 	 * Otherwise, the record contains a pathname which may be represented as
 	 * a static string, or as a pcre.
 	 */
@@ -185,7 +190,7 @@
 	 * sequence, use stderr. This really needs to be fixed to look at what
 	 * if anything is specified in the global logging options.
 	 */
-	if (TAILQ_EMPTY(&bs->bs_log_channel)) {
+	if (TAILQ_EMPTY(&bs->bs_log_channel) && opts.Fflag != 0) {
 		log_bsm_stderr(NULL, bs, bd);
 		return;
 	}
@@ -361,12 +366,38 @@
 #endif
 }
 
+/*
+ * Implement a function which produces random values with an interesting
+ * property.  This function will produce a random value, where the probability
+ * of this value being between 0 and size is specified by prob.
+ *
+ * Let v be > 0 and < 1 (random value)
+ * Let P (probability) be > 0 and < 1
+ *
+ * Rv = v * (range / P); 
+ *
+ */
+static float
+bsm_rand_bias(float size, float prob)
+{
+	unsigned int val;
+	float r;
+
+	val = arc4random();
+	r = (float)val;
+	while (r > 1)
+		r = r / 10;
+	return (r * (size / prob));
+}
+
 static struct bsm_sequence *
 bsm_sequence_clone(struct bsm_sequence *bs, u_int subj,
     struct bsm_record_data *bd)
 {
 	struct bsm_sequence *bs_new;
 	struct bsm_state *bm;
+	float size, prob;
+	int rnd;
 
 	bs_new = bsm_dyn_sequence_find(bs, bd, subj);
 	if (bs_new != NULL) {
@@ -403,6 +434,18 @@
 	bm->bm_raw = bsm_copy_record_data(bd);
 	bm->bm_raw_len = bd->br_raw_len;
 	bs_new->bs_cur_state = TAILQ_NEXT(bm, bm_glue);
+	/*
+	 * Handle the randomization of the timeout window here.
+	 */
+	if (bs_new->bs_seq_time_wnd != 0) {
+		size = bs_new->bs_seq_time_wnd;
+		if (bs_new->bs_seq_time_wnd_prob > 0)
+			prob = (float)bs_new->bs_seq_time_wnd_prob / 100;
+		else
+			prob = (float)(65 / 100);
+		rnd = bsm_rand_bias(size, prob);
+		bs_new->bs_timeout = bs_new->bs_timeout + rnd;
+	}
 	return (bs_new);
 }
 
@@ -490,7 +533,7 @@
 bsm_loop(char *atrail)
 {
 	struct bsm_record_data bd;
-	int reclen, bytesread;
+	int reclen, bytesread, recsread;
 	u_char *bsm_rec;
 	tokenstr_t tok;
 	FILE *fp;
@@ -501,10 +544,22 @@
 		fp = fopen(opts.aflag, "r");
 	if (fp == NULL)
 		bsmtrace_error(1, "%s: %s", opts.aflag, strerror(errno));
+	if (strcmp(opts.aflag, DEFAULT_AUDIT_TRAIL) == 0)
+		audit_pipe_fd = fileno(fp);
+	dprintf("opened '%s' for audit monitoring\n", opts.aflag);
 	/*
 	 * Process the BSM record, one token at a time.
 	 */
+	recsread = 0;
 	while ((reclen = au_read_rec(fp, &bsm_rec)) != -1) {
+		/*
+		 * If we are reading data from the audit pipe, we need check
+		 * how many records, if any have been dropped by the kernel.
+		 * If any record loss has been identified, pipe_analyze_loss()
+		 * should increase the internal audit pipe queue length.
+		 */
+		if (audit_pipe_fd > 0 && (recsread % 50) == 0)
+			pipe_analyze_loss(audit_pipe_fd);
 		bzero(&bd, sizeof(bd));
 		bd.br_raw = bsm_rec;
 		bd.br_raw_len = reclen;
@@ -581,6 +636,7 @@
 		}
 		bsm_sequence_scan(&bd);
 		free(bsm_rec);
+		recsread++;
 	}
-	fclose(fp);
+	(void) fclose(fp);
 }

==== //depot/projects/trustedbsd/bsmtrace/bsmtrace.c#2 (text+ko) ====

@@ -3,7 +3,7 @@
  * Copyright (c) 2007 Christian S.J. Peron
  * All rights reserved.
  *
- * $Id: bsmtrace.c,v 1.18 2007/04/13 14:45:12 csjp Exp $
+ * $Id: bsmtrace.c,v 1.19 2007/10/09 02:22:15 csjp Exp $
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -48,7 +48,7 @@
 	(void) sprintf(pidbuf, "%d", getpid());
 	if (write(fd, pidbuf, strlen(pidbuf)) < 0)
 		bsmtrace_error(1, "write pid file faled");
-	close(fd);
+	(void) close(fd);
 }
 
 /*
@@ -68,7 +68,7 @@
 	else
 		pri = LOG_WARNING;
 	va_start(ap, fmt);
-	vsnprintf(fmtbuf, sizeof(fmtbuf), fmt, ap);
+	(void) vsnprintf(fmtbuf, sizeof(fmtbuf), fmt, ap);
 	va_end(ap);
 	syslog(pri, "%s: %s", flag != 0 ? "fatal" : "warning", fmtbuf);
 	/* if we are not yet a daemon, we also write the error message
@@ -87,6 +87,7 @@
 void
 bsmtrace_exit(int x)
 {
+
 	exit(x);
 }
 
@@ -99,10 +100,22 @@
 	if (!opts.dflag)
 		return;
 	va_start(ap, fmt);
-	memset(buf, 0, sizeof(buf));
-	vsnprintf(buf, sizeof(buf) - 1, fmt, ap);
+	(void) memset(buf, 0, sizeof(buf));
+	(void) vsnprintf(buf, sizeof(buf) - 1, fmt, ap);
 	va_end(ap);
-	fprintf(stderr, "debug: %s", buf);
+	(void) fprintf(stderr, "debug: %s", buf);
+	(void) fflush(stderr);
+}
+
+void
+bsmtrace_handle_sigint(int sig)
+{
+
+	if (audit_pipe_fd != 0) {
+		(void) fputs("\n", stderr);
+		pipe_report_stats(audit_pipe_fd);
+	}
+	bsmtrace_exit(1);
 }
 
 void
@@ -115,13 +128,30 @@
 	openlog("bsmtrace", LOG_NDELAY | LOG_PID, LOG_AUTH | LOG_ALERT);
 }
 
+static void
+bsmtrace_seed(void)
+{
+	unsigned long seed;
+	int fd;
+
+	fd = open("/dev/random", O_RDONLY);
+	if (fd < 0)
+		bsmtrace_error(1, "open random device failed");
+	if (read(fd, &seed, sizeof(seed)) != sizeof(seed))
+		bsmtrace_error(1, "read random device failed");
+	srandom(seed);
+	(void) close(fd);
+}
+
 int
 main(int argc, char *argv[])
 {
 	int ret, fd;
 	char ch;
 
-	signal(SIGCHLD, SIG_IGN); /* Ignore dying children */
+	bsmtrace_seed();
+	(void) signal(SIGCHLD, SIG_IGN); /* Ignore dying children */
+	(void) signal(SIGINT, bsmtrace_handle_sigint);
 	set_default_settings(&opts);
 	while ((ch = getopt(argc, argv, "Fa:bdf:hp:v")) != -1) {
 		switch (ch) {
@@ -172,7 +202,9 @@
 		(void) dup2(fd, STDERR_FILENO);
 		if (fd > 2)
 			(void) close(fd);
-		setsid();
+		if (setsid() < 0)
+			bsmtrace_error(1, "setsid failed: %s",
+			    strerror(errno));
 		bsmtrace_write_pidfile(opts.pflag);
 		daemonized = 1;
 	}

==== //depot/projects/trustedbsd/bsmtrace/bsmtrace.conf#2 (text+ko) ====

@@ -67,9 +67,13 @@
 #
 ############################################################
 
+#
+#
+# XXX add a sequence which detects system accounts executing code
+#
+#
 sequence firewall.change.attempt {
 	subject not $fwadmins;
-	log <logchannel> { $bsm; };
 	state {
 		event $execution;
 		object $fwtools;
@@ -79,7 +83,6 @@
 
 sequence non.trusted.exec {
 	subject any;
-	log <logchannel> { $bsm; };
 	state {
 		event $execution;
 		object not $trusteddirs;
@@ -90,7 +93,6 @@
 
 sequence mktemp.race {
 	subject any;
-	log <logchannel> { $bsm; };
 	state {
 		event <auditevent> { AUE_SYMLINK; };
 		object $opendirs;
@@ -104,7 +106,7 @@
 	state {
 		event $login;
 		status failure;
-		multiplier 5;
+		multiplier 2;
 	};
 	state {
 		event $login;
@@ -114,7 +116,6 @@
 
 sequence httpd.exec {
 	subject <auid> { nobody; };
-	log <logchannel> { $bsm; };
 	state {
 		event <auditevent> { AUE_SOCKET; };
 		status success;
@@ -131,7 +132,7 @@
 
 sequence named.exec {
 	subject <auid> { bind; };
-	log <logchannel> { $bsm; };
+	scope process;
 	state {
 		event <auditevent> { AUE_SOCKET; };
 		status success;
@@ -146,24 +147,47 @@
 	};
 };
 
+sequence failed.file.write {
+	subject <auid> { csjp; };
+	state {
+		event <auditclass> { fw; };
+		status failure;
+	};
+};
+
 #
-# Test for PCRE's
+# This is a comment
 #
-#sequence passwd.access {
-#	subject any;
-#	log <logchannel> { $bsm; };
-#	state {
-#		event <auditclass> { fr; };
-#		status any;
-#		object <pcre> { ^/etc/pass[Ww][Dd]; };
-#	};
-#};
-#sequence etc.access {
-#	subject any;
-#	log <logchannel> { $bsm; };
-#	state {
-#		event <auditclass> { fr; };
-#		status any;
-#		object <pcre> { ^/[Ee][Tt][Cc]/*; };
-#	};
-#};
+sequence five.config.file.read {
+	subject <auid> { csjp; };
+	serial 2343445445;
+	timeout 60 seconds;
+	scope global;
+	priority 100;
+	state {
+		event <auditclass> { fr; };
+		status any;
+		object <path> { /etc; };
+		trigger "/usr/bin/logger config file read";
+		multiplier 5;
+	};
+};
+
+sequence passwd.access {
+	subject any;
+	state {
+		event <auditclass> { fr; };
+		status any;
+		object <pcre> { /etc/pass[Ww][Dd]; };
+		multiplier 5;
+	};
+};
+
+sequence etc.access {
+	subject any;
+	state {
+		event <auditclass> { fr; };
+		status any;
+		object <pcre> { /[Ee][Tt][Cc]/*; };
+	};
+};

==== //depot/projects/trustedbsd/bsmtrace/bsmtrace.conf.5#2 (text+ko) ====

@@ -90,6 +90,8 @@
 <sequence> ::= "sequence" <sequence_name> "{"
                "subject" ["not"] ( <set> | (<set_name> | "any")) ";"
                ["timeout" <value> <time_scale> ";"]
+               ["timeout-window" <value> <time_scale> ";"]
+               ["timeout-probability" <value> ";"]
 	       ["priority" <value> ";"]
 	       ["log" (<set> | <set_name>) ";"]
 	       ["serial" <value> ";"]

==== //depot/projects/trustedbsd/bsmtrace/bsmtrace.ebnf#2 (text+ko) ====

@@ -55,6 +55,8 @@
 <sequence> ::= "sequence" <sequence_name> "{"
                "subject" ["not"] ( <set> | (<set_name> | "any")) ";"
                ["timeout" <value> <time_scale> ";"]
+               ["timeout-window" <value> <time_scale> ";"]
+               ["timeout-probability" <value> ";"]
 	       ["priority" <value> ";"]
 	       ["log" (<set> | <set_name>) ";"]
 	       ["serial" <value> ";"]

==== //depot/projects/trustedbsd/bsmtrace/bsmtrace.h#2 (text+ko) ====

@@ -28,7 +28,7 @@
 #ifndef BSM_TRACE_H_
 #define	BSM_TRACE_H_
 
-#define BSMTRACE_VERSION "BSMTRACE 1.0.0-BETA"
+#define BSMTRACE_VERSION "BSMTRACE 1.2.0-HEAD"
 struct g_conf {
 	char	*aflag;
 	int	 bflag;
@@ -39,6 +39,7 @@
 };
 
 struct g_conf opts;
+int	audit_pipe_fd;	/* XXX not happy about this global */
 
 void	bsmtrace_error(int, char *, ...);
 void	bsmtrace_exit(int);

==== //depot/projects/trustedbsd/bsmtrace/conf.c#2 (text+ko) ====

@@ -97,7 +97,7 @@
 	yyin = f;
 	TAILQ_INIT(&bsm_set_head);
 	yyparse();
-	fclose(f);
+	(void) fclose(f);
 }
 
 /*

==== //depot/projects/trustedbsd/bsmtrace/deuce.h#2 (text+ko) ====

@@ -131,6 +131,8 @@
 	int				 bs_seq_scope;
 	pid_t				 bs_seq_scope_data;
 	int				 bs_seq_serial;
+	int				 bs_seq_time_wnd;
+	int				 bs_seq_time_wnd_prob;
 };
 
 struct bsm_record_data {

==== //depot/projects/trustedbsd/bsmtrace/grammar.y#2 (text+ko) ====

@@ -51,9 +51,10 @@
 %token	STATUS MULTIPLIER OBRACE EBRACE SEMICOLON COMMA SUBJECT
 %token	STRING ANY SUCCESS FAILURE INTEGER TIMEOUT NOT HOURS MINUTES DAYS
 %token	PRIORITY WEEKS SECONDS NONE QUOTE OPBRACKET EPBRACKET LOGCHAN
-%token	DIRECTORY LOG SCOPE SERIAL
+%token	DIRECTORY LOG SCOPE SERIAL TIMEOUTWND TIMEOUTPROB
 %type	<num> status_spec SUCCESS FAILURE INTEGER multiplier_spec timeout_spec
-%type	<num> serial_spec negate_spec priority_spec scope_spec
+%type	<num> serial_spec negate_spec priority_spec scope_spec timeout_wnd_spec
+%type	<num> timeout_prob_spec time_spec
 %type	<str> STRING
 %type	<array> set_list set_list_ent
 %type	<bsm_set> anon_set
@@ -207,33 +208,54 @@
 	}
 	;
 
-timeout_spec:
-	TIMEOUT INTEGER SECONDS SEMICOLON
+timeout_prob_spec:
+	TIMEOUTPROB INTEGER SEMICOLON
+	{
+		$$ = $2;
+	}
+	;
+
+timeout_wnd_spec:
+	TIMEOUTWND time_spec SEMICOLON
 	{
 		$$ = $2;
 	}
-	| TIMEOUT INTEGER HOURS SEMICOLON
+	;
+
+time_spec:
+	INTEGER SECONDS
+	{
+		$$ = $1;
+	}
+	| INTEGER HOURS
 	{
-		$$ = $2 * 3600;
+		$$ = $1 * 3600;
 	}
-	| TIMEOUT INTEGER MINUTES SEMICOLON
+	| INTEGER MINUTES
 	{
-		$$ = $2 * 60;
+		$$ = $1 * 60;
 	}
-	| TIMEOUT INTEGER DAYS SEMICOLON
+	| INTEGER DAYS
 	{
-		$$ = $2 * 3600 * 24;
+		$$ = $1 * 3600 * 24;
 	}
-	| TIMEOUT INTEGER WEEKS SEMICOLON
+	| INTEGER WEEKS
 	{
-		$$ = $2 * 3600 * 24 * 7;
+		$$ = $1 * 3600 * 24 * 7;
 	}
-	| TIMEOUT NONE SEMICOLON
+	| NONE
 	{
 		$$ = 0;
 	}
 	;
 
+timeout_spec:
+	TIMEOUT time_spec SEMICOLON
+	{
+		$$ = $2;
+	}
+	;
+
 sequence_def:
 	SEQUENCE
 	{
@@ -337,8 +359,19 @@
 	}
 	| sequence_options serial_spec
 	{
+		assert(bs_state != NULL);
 		bs_state->bs_seq_serial = $2;
 	}
+	| sequence_options timeout_wnd_spec
+	{
+		assert(bs_state != NULL);
+		bs_state->bs_seq_time_wnd = $2;
+	}
+	| sequence_options timeout_prob_spec
+	{
+		assert(bs_state != NULL);
+		bs_state->bs_seq_time_wnd_prob = $2;
+	}
 	;
 
 type_spec:

==== //depot/projects/trustedbsd/bsmtrace/includes.h#2 (text+ko) ====

@@ -3,7 +3,7 @@
  * Copyright (c) 2007 Christian S.J. Peron
  * All rights reserved.
  *
- * $Id: includes.h,v 1.4 2007/04/13 14:45:12 csjp Exp $
+ * $Id: includes.h,v 1.5 2007/07/13 00:03:50 csjp Exp $
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -33,6 +33,11 @@
 #endif
 #include <sys/stat.h>
 #include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/msg.h>
+#include <sys/uio.h>
+#include <sys/un.h>
 
 #include <stdio.h>
 #include <string.h>
@@ -50,7 +55,9 @@
 
 #include <bsm/libbsm.h>
 #include <bsm/audit.h>
+#ifndef __APPLE__
 #include <security/audit/audit_ioctl.h>
+#endif
 #ifdef PCRE
 #include <pcre.h>
 #endif
@@ -64,4 +71,5 @@
 #include "conf.h"
 #include "bsm.h"
 #include "log.h"
+#include "pipe.h"
 #include "trigger.h"

==== //depot/projects/trustedbsd/bsmtrace/log.c#2 (text+ko) ====

@@ -104,18 +104,18 @@
 	struct bsm_state *bm;
 
 	(void) snprintf(dir, MAXPATHLEN,
-	    "%s/%s", lc->log_data.bsm_log_dir,
-	    bs->bs_label);
+	    "%s/%s", lc->log_data.bsm_log_dir, bs->bs_label);
 	error = stat(dir, &sb);
 	if (error < 0 && errno == ENOENT) {
 		if (mkdir(dir, S_IRWXU) < 0)
 			bsmtrace_error(1, "mkdir failed");
 	} else if (error < 0)
 		bsmtrace_error(1, "stat failed");
-	(void) sprintf(path, "%s/%d.%d", dir, br->br_sec, br->br_usec);
+	(void) sprintf(path, "%s/%d.%d.%lu",
+	    dir, br->br_sec, br->br_usec, random());
 	fd = open(path, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
 	if (fd < 0)
-		bsmtrace_error(1, "open failed");
+		bsmtrace_error(1, "open: %s: %s", path, strerror(errno));
 	/*
 	 * The logic here becomes a bit complex.  We need to check to see if
 	 * this is a single state sequence, and if it is, log the BSM record
@@ -126,13 +126,13 @@
 	if ((bs->bs_seq_flags & BSM_SEQUENCE_PARENT) != 0) {
 		if (write(fd, br->br_raw, br->br_raw_len) < 0)
 			bsmtrace_error(1, "write failed");
-		close(fd);
+		(void) close(fd);
 		return (0);
 	}
 	TAILQ_FOREACH(bm, &bs->bs_mhead, bm_glue)
 		if (write(fd, bm->bm_raw, bm->bm_raw_len) < 0)
 			bsmtrace_error(1, "write failed");
-	close(fd);
+	(void) close(fd);
 	return (0);
 }
 

==== //depot/projects/trustedbsd/bsmtrace/token.l#2 (text+ko) ====

@@ -64,6 +64,8 @@
 subject		return (SUBJECT);
 success		return (SUCCESS);
 timeout		return (TIMEOUT);
+timeout-window	return (TIMEOUTWND);
+timeout-prob	return (TIMEOUTPROB);
 trigger		return (TRIGGER);
 weeks		return (WEEKS);
 {integer}	{

==== //depot/projects/trustedbsd/bsmtrace/trigger.c#2 (text+ko) ====

@@ -72,15 +72,15 @@
 			switch (expptr->val) {
 			case EXP_USER:
 				if ((pw = getpwuid(bd->br_auid)) == NULL)
-					strlcpy(token, "non-attributable",
+					(void) strlcpy(token, "non-attributable",
 					    sizeof(token));
 				else
-					strlcpy(token, pw->pw_name,
+					(void) strlcpy(token, pw->pw_name,
 					    sizeof(token));
 				break;
 			case EXP_OBJECT:
 				if (bd->br_path != NULL)
-					strlcpy(token, bd->br_path,
+					(void) strlcpy(token, bd->br_path,
 					    sizeof(token));
 				else {
 					free(ret);
@@ -90,7 +90,7 @@
 			default:
 				assert(0);
 			}
-			strlcat(ret, token, allocated);
+			(void) strlcat(ret, token, allocated);
 			p1 = ret + strlen(ret);
 		} else
 			*(p1++) = *(p0++);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802171743.m1HHhPJX062260>