Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 1 Dec 2012 13:46:37 +0000 (UTC)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r243751 - in head/sys: bsm security/audit
Message-ID:  <201212011346.qB1Dkb8v024446@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rwatson
Date: Sat Dec  1 13:46:37 2012
New Revision: 243751
URL: http://svnweb.freebsd.org/changeset/base/243751

Log:
  Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to
  src/sys/{bsm,security/audit}.  There are a few tweaks to help with the
  FreeBSD build environment that will be merged back to OpenBSM.  No
  significant functional changes appear on the kernel side.
  
  Obtained from:	TrustedBSD Project
  Sponsored by:	The FreeBSD Foundation (auditdistd)

Modified:
  head/sys/bsm/audit_errno.h
  head/sys/bsm/audit_internal.h
  head/sys/bsm/audit_record.h
  head/sys/security/audit/audit_bsm_errno.c
  head/sys/security/audit/audit_bsm_token.c

Modified: head/sys/bsm/audit_errno.h
==============================================================================
--- head/sys/bsm/audit_errno.h	Sat Dec  1 11:58:08 2012	(r243750)
+++ head/sys/bsm/audit_errno.h	Sat Dec  1 13:46:37 2012	(r243751)
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#7
  * $FreeBSD$
  */
 

Modified: head/sys/bsm/audit_internal.h
==============================================================================
--- head/sys/bsm/audit_internal.h	Sat Dec  1 11:58:08 2012	(r243750)
+++ head/sys/bsm/audit_internal.h	Sat Dec  1 13:46:37 2012	(r243751)
@@ -15,7 +15,7 @@
  * 2.  Redistributions in binary form must reproduce the above copyright
  *     notice, this list of conditions and the following disclaimer in the
  *     documentation and/or other materials provided with the distribution.
- * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
  *     its contributors may be used to endorse or promote products derived
  *     from this software without specific prior written permission.
  *
@@ -30,7 +30,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#6
  * $FreeBSD$
  */
 

Modified: head/sys/bsm/audit_record.h
==============================================================================
--- head/sys/bsm/audit_record.h	Sat Dec  1 11:58:08 2012	(r243750)
+++ head/sys/bsm/audit_record.h	Sat Dec  1 13:46:37 2012	(r243751)
@@ -234,6 +234,7 @@ token_t	*au_to_ipc_perm(struct ipc_perm 
 token_t	*au_to_iport(uint16_t iport);
 token_t	*au_to_opaque(const char *data, uint16_t bytes);
 token_t	*au_to_path(const char *path);
+token_t	*au_to_privset(char *privtypestr, char *privstr);
 token_t	*au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
 	    gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
 token_t	*au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
@@ -279,6 +280,7 @@ token_t	*au_to_exec_env(char **envp);
 token_t	*au_to_text(const char *text);
 token_t	*au_to_kevent(struct kevent *kev);
 token_t	*au_to_trailer(int rec_size);
+token_t	*au_to_upriv(char sorf, char *priv);
 token_t	*au_to_zonename(const char *zonename);
 
 /*

Modified: head/sys/security/audit/audit_bsm_errno.c
==============================================================================
--- head/sys/security/audit/audit_bsm_errno.c	Sat Dec  1 11:58:08 2012	(r243750)
+++ head/sys/security/audit/audit_bsm_errno.c	Sat Dec  1 13:46:37 2012	(r243751)
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#22
  */
 
 #include <sys/cdefs.h>
@@ -494,7 +494,7 @@ static const struct bsm_errno bsm_errnos
 #ifdef EPROCUNAVAIL
 	EPROCUNAVAIL,
 #else
-	ERRNO_NO_LOCAL_MAPPING
+	ERRNO_NO_LOCAL_MAPPING,
 #endif
 	ES("Bad procedure for program") },
 	{ BSM_ERRNO_EFTYPE,
@@ -666,7 +666,7 @@ static const struct bsm_errno bsm_errnos
 #endif
 	ES("Required key not available") },
 	{ BSM_ERRNO_EKEYEXPIRED,
-#ifdef EKEEXPIRED
+#ifdef EKEYEXPIRED
 	EKEYEXPIRED,
 #else
 	ERRNO_NO_LOCAL_MAPPING,
@@ -680,7 +680,7 @@ static const struct bsm_errno bsm_errnos
 #endif
 	ES("Key has been revoked") },
 	{ BSM_ERRNO_EKEYREJECTED,
-#ifdef EKEREJECTED
+#ifdef EKEYREJECTED
 	EKEYREJECTED,
 #else
 	ERRNO_NO_LOCAL_MAPPING,

Modified: head/sys/security/audit/audit_bsm_token.c
==============================================================================
--- head/sys/security/audit/audit_bsm_token.c	Sat Dec  1 11:58:08 2012	(r243750)
+++ head/sys/security/audit/audit_bsm_token.c	Sat Dec  1 13:46:37 2012	(r243751)
@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99
  */
 
 #include <sys/cdefs.h>
@@ -68,6 +68,57 @@ __FBSDID("$FreeBSD$");
 
 /*
  * token ID                1 byte
+ * success/failure         1 byte
+ * privstrlen              2 bytes
+ * privstr                 N bytes + 1 (\0 byte)
+ */
+token_t *
+au_to_upriv(char sorf, char *priv)
+{
+	u_int16_t textlen;
+	u_char *dptr;
+	token_t *t;
+
+	textlen = strlen(priv) + 1;
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) +
+	    sizeof(u_int16_t) + textlen);
+
+	ADD_U_CHAR(dptr, AUT_UPRIV);
+	ADD_U_CHAR(dptr, sorf);
+	ADD_U_INT16(dptr, textlen);
+	ADD_STRING(dptr, priv, textlen);
+	return (t);
+}
+
+/*
+ * token ID		1 byte
+ * privtstrlen		2 bytes
+ * privtstr		N bytes + 1
+ * privstrlen		2 bytes
+ * privstr		N bytes + 1
+ */
+token_t *
+au_to_privset(char *privtypestr, char *privstr)
+{
+	u_int16_t	 type_len, priv_len;
+	u_char		*dptr;
+	token_t		*t;
+
+	type_len = strlen(privtypestr) + 1;
+	priv_len = strlen(privstr) + 1;
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
+	    sizeof(u_int16_t) + type_len + priv_len);
+
+	ADD_U_CHAR(dptr, AUT_PRIV);
+	ADD_U_INT16(dptr, type_len);
+	ADD_STRING(dptr, privtypestr, type_len);
+	ADD_U_INT16(dptr, priv_len);
+	ADD_STRING(dptr, privstr, priv_len);
+	return (t);
+}
+
+/*
+ * token ID                1 byte
  * argument #              1 byte
  * argument value          4 bytes/8 bytes (32-bit/64-bit value)
  * text length             2 bytes
@@ -1204,9 +1255,9 @@ au_to_me(void)
 				auinfo.ai_asid, &auinfo.ai_termid));
 		} else {
 			/* getaudit_addr(2) failed for some other reason. */
-			return (NULL); 
+			return (NULL);
 		}
-	} 
+	}
 
 	return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
 		getgid(), getpid(), aia.ai_asid, &aia.ai_termid));
@@ -1438,7 +1489,7 @@ au_to_header32_ex_tm(int rec_size, au_ev
 	ADD_U_INT32(dptr, tm.tv_sec);
 	ADD_U_INT32(dptr, timems);      /* We need time in ms. */
 
-	return (t);   
+	return (t);
 }
 
 token_t *



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212011346.qB1Dkb8v024446>