Date: Sat, 1 Dec 2012 13:46:37 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r243751 - in head/sys: bsm security/audit Message-ID: <201212011346.qB1Dkb8v024446@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Sat Dec 1 13:46:37 2012 New Revision: 243751 URL: http://svnweb.freebsd.org/changeset/base/243751 Log: Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to src/sys/{bsm,security/audit}. There are a few tweaks to help with the FreeBSD build environment that will be merged back to OpenBSM. No significant functional changes appear on the kernel side. Obtained from: TrustedBSD Project Sponsored by: The FreeBSD Foundation (auditdistd) Modified: head/sys/bsm/audit_errno.h head/sys/bsm/audit_internal.h head/sys/bsm/audit_record.h head/sys/security/audit/audit_bsm_errno.c head/sys/security/audit/audit_bsm_token.c Modified: head/sys/bsm/audit_errno.h ============================================================================== --- head/sys/bsm/audit_errno.h Sat Dec 1 11:58:08 2012 (r243750) +++ head/sys/bsm/audit_errno.h Sat Dec 1 13:46:37 2012 (r243751) @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#5 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#7 * $FreeBSD$ */ Modified: head/sys/bsm/audit_internal.h ============================================================================== --- head/sys/bsm/audit_internal.h Sat Dec 1 11:58:08 2012 (r243750) +++ head/sys/bsm/audit_internal.h Sat Dec 1 13:46:37 2012 (r243751) @@ -15,7 +15,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -30,7 +30,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#6 * $FreeBSD$ */ Modified: head/sys/bsm/audit_record.h ============================================================================== --- head/sys/bsm/audit_record.h Sat Dec 1 11:58:08 2012 (r243750) +++ head/sys/bsm/audit_record.h Sat Dec 1 13:46:37 2012 (r243751) @@ -234,6 +234,7 @@ token_t *au_to_ipc_perm(struct ipc_perm token_t *au_to_iport(uint16_t iport); token_t *au_to_opaque(const char *data, uint16_t bytes); token_t *au_to_path(const char *path); +token_t *au_to_privset(char *privtypestr, char *privstr); token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, @@ -279,6 +280,7 @@ token_t *au_to_exec_env(char **envp); token_t *au_to_text(const char *text); token_t *au_to_kevent(struct kevent *kev); token_t *au_to_trailer(int rec_size); +token_t *au_to_upriv(char sorf, char *priv); token_t *au_to_zonename(const char *zonename); /* Modified: head/sys/security/audit/audit_bsm_errno.c ============================================================================== --- head/sys/security/audit/audit_bsm_errno.c Sat Dec 1 11:58:08 2012 (r243750) +++ head/sys/security/audit/audit_bsm_errno.c Sat Dec 1 13:46:37 2012 (r243751) @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18 + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#22 */ #include <sys/cdefs.h> @@ -494,7 +494,7 @@ static const struct bsm_errno bsm_errnos #ifdef EPROCUNAVAIL EPROCUNAVAIL, #else - ERRNO_NO_LOCAL_MAPPING + ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad procedure for program") }, { BSM_ERRNO_EFTYPE, @@ -666,7 +666,7 @@ static const struct bsm_errno bsm_errnos #endif ES("Required key not available") }, { BSM_ERRNO_EKEYEXPIRED, -#ifdef EKEEXPIRED +#ifdef EKEYEXPIRED EKEYEXPIRED, #else ERRNO_NO_LOCAL_MAPPING, @@ -680,7 +680,7 @@ static const struct bsm_errno bsm_errnos #endif ES("Key has been revoked") }, { BSM_ERRNO_EKEYREJECTED, -#ifdef EKEREJECTED +#ifdef EKEYREJECTED EKEYREJECTED, #else ERRNO_NO_LOCAL_MAPPING, Modified: head/sys/security/audit/audit_bsm_token.c ============================================================================== --- head/sys/security/audit/audit_bsm_token.c Sat Dec 1 11:58:08 2012 (r243750) +++ head/sys/security/audit/audit_bsm_token.c Sat Dec 1 13:46:37 2012 (r243751) @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99 */ #include <sys/cdefs.h> @@ -68,6 +68,57 @@ __FBSDID("$FreeBSD$"); /* * token ID 1 byte + * success/failure 1 byte + * privstrlen 2 bytes + * privstr N bytes + 1 (\0 byte) + */ +token_t * +au_to_upriv(char sorf, char *priv) +{ + u_int16_t textlen; + u_char *dptr; + token_t *t; + + textlen = strlen(priv) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) + + sizeof(u_int16_t) + textlen); + + ADD_U_CHAR(dptr, AUT_UPRIV); + ADD_U_CHAR(dptr, sorf); + ADD_U_INT16(dptr, textlen); + ADD_STRING(dptr, priv, textlen); + return (t); +} + +/* + * token ID 1 byte + * privtstrlen 2 bytes + * privtstr N bytes + 1 + * privstrlen 2 bytes + * privstr N bytes + 1 + */ +token_t * +au_to_privset(char *privtypestr, char *privstr) +{ + u_int16_t type_len, priv_len; + u_char *dptr; + token_t *t; + + type_len = strlen(privtypestr) + 1; + priv_len = strlen(privstr) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + + sizeof(u_int16_t) + type_len + priv_len); + + ADD_U_CHAR(dptr, AUT_PRIV); + ADD_U_INT16(dptr, type_len); + ADD_STRING(dptr, privtypestr, type_len); + ADD_U_INT16(dptr, priv_len); + ADD_STRING(dptr, privstr, priv_len); + return (t); +} + +/* + * token ID 1 byte * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) * text length 2 bytes @@ -1204,9 +1255,9 @@ au_to_me(void) auinfo.ai_asid, &auinfo.ai_termid)); } else { /* getaudit_addr(2) failed for some other reason. */ - return (NULL); + return (NULL); } - } + } return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); @@ -1438,7 +1489,7 @@ au_to_header32_ex_tm(int rec_size, au_ev ADD_U_INT32(dptr, tm.tv_sec); ADD_U_INT32(dptr, timems); /* We need time in ms. */ - return (t); + return (t); } token_t *
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212011346.qB1Dkb8v024446>