From owner-svn-src-head@FreeBSD.ORG Sat Dec 1 13:46:38 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 24E888F0; Sat, 1 Dec 2012 13:46:38 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 09F9B8FC08; Sat, 1 Dec 2012 13:46:38 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qB1DkbNw024451; Sat, 1 Dec 2012 13:46:37 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qB1Dkb8v024446; Sat, 1 Dec 2012 13:46:37 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201212011346.qB1Dkb8v024446@svn.freebsd.org> From: Robert Watson Date: Sat, 1 Dec 2012 13:46:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r243751 - in head/sys: bsm security/audit X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Dec 2012 13:46:38 -0000 Author: rwatson Date: Sat Dec 1 13:46:37 2012 New Revision: 243751 URL: http://svnweb.freebsd.org/changeset/base/243751 Log: Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to src/sys/{bsm,security/audit}. There are a few tweaks to help with the FreeBSD build environment that will be merged back to OpenBSM. No significant functional changes appear on the kernel side. Obtained from: TrustedBSD Project Sponsored by: The FreeBSD Foundation (auditdistd) Modified: head/sys/bsm/audit_errno.h head/sys/bsm/audit_internal.h head/sys/bsm/audit_record.h head/sys/security/audit/audit_bsm_errno.c head/sys/security/audit/audit_bsm_token.c Modified: head/sys/bsm/audit_errno.h ============================================================================== --- head/sys/bsm/audit_errno.h Sat Dec 1 11:58:08 2012 (r243750) +++ head/sys/bsm/audit_errno.h Sat Dec 1 13:46:37 2012 (r243751) @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#5 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#7 * $FreeBSD$ */ Modified: head/sys/bsm/audit_internal.h ============================================================================== --- head/sys/bsm/audit_internal.h Sat Dec 1 11:58:08 2012 (r243750) +++ head/sys/bsm/audit_internal.h Sat Dec 1 13:46:37 2012 (r243751) @@ -15,7 +15,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -30,7 +30,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#6 * $FreeBSD$ */ Modified: head/sys/bsm/audit_record.h ============================================================================== --- head/sys/bsm/audit_record.h Sat Dec 1 11:58:08 2012 (r243750) +++ head/sys/bsm/audit_record.h Sat Dec 1 13:46:37 2012 (r243751) @@ -234,6 +234,7 @@ token_t *au_to_ipc_perm(struct ipc_perm token_t *au_to_iport(uint16_t iport); token_t *au_to_opaque(const char *data, uint16_t bytes); token_t *au_to_path(const char *path); +token_t *au_to_privset(char *privtypestr, char *privstr); token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, @@ -279,6 +280,7 @@ token_t *au_to_exec_env(char **envp); token_t *au_to_text(const char *text); token_t *au_to_kevent(struct kevent *kev); token_t *au_to_trailer(int rec_size); +token_t *au_to_upriv(char sorf, char *priv); token_t *au_to_zonename(const char *zonename); /* Modified: head/sys/security/audit/audit_bsm_errno.c ============================================================================== --- head/sys/security/audit/audit_bsm_errno.c Sat Dec 1 11:58:08 2012 (r243750) +++ head/sys/security/audit/audit_bsm_errno.c Sat Dec 1 13:46:37 2012 (r243751) @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18 + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#22 */ #include @@ -494,7 +494,7 @@ static const struct bsm_errno bsm_errnos #ifdef EPROCUNAVAIL EPROCUNAVAIL, #else - ERRNO_NO_LOCAL_MAPPING + ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad procedure for program") }, { BSM_ERRNO_EFTYPE, @@ -666,7 +666,7 @@ static const struct bsm_errno bsm_errnos #endif ES("Required key not available") }, { BSM_ERRNO_EKEYEXPIRED, -#ifdef EKEEXPIRED +#ifdef EKEYEXPIRED EKEYEXPIRED, #else ERRNO_NO_LOCAL_MAPPING, @@ -680,7 +680,7 @@ static const struct bsm_errno bsm_errnos #endif ES("Key has been revoked") }, { BSM_ERRNO_EKEYREJECTED, -#ifdef EKEREJECTED +#ifdef EKEYREJECTED EKEYREJECTED, #else ERRNO_NO_LOCAL_MAPPING, Modified: head/sys/security/audit/audit_bsm_token.c ============================================================================== --- head/sys/security/audit/audit_bsm_token.c Sat Dec 1 11:58:08 2012 (r243750) +++ head/sys/security/audit/audit_bsm_token.c Sat Dec 1 13:46:37 2012 (r243751) @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99 */ #include @@ -68,6 +68,57 @@ __FBSDID("$FreeBSD$"); /* * token ID 1 byte + * success/failure 1 byte + * privstrlen 2 bytes + * privstr N bytes + 1 (\0 byte) + */ +token_t * +au_to_upriv(char sorf, char *priv) +{ + u_int16_t textlen; + u_char *dptr; + token_t *t; + + textlen = strlen(priv) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) + + sizeof(u_int16_t) + textlen); + + ADD_U_CHAR(dptr, AUT_UPRIV); + ADD_U_CHAR(dptr, sorf); + ADD_U_INT16(dptr, textlen); + ADD_STRING(dptr, priv, textlen); + return (t); +} + +/* + * token ID 1 byte + * privtstrlen 2 bytes + * privtstr N bytes + 1 + * privstrlen 2 bytes + * privstr N bytes + 1 + */ +token_t * +au_to_privset(char *privtypestr, char *privstr) +{ + u_int16_t type_len, priv_len; + u_char *dptr; + token_t *t; + + type_len = strlen(privtypestr) + 1; + priv_len = strlen(privstr) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + + sizeof(u_int16_t) + type_len + priv_len); + + ADD_U_CHAR(dptr, AUT_PRIV); + ADD_U_INT16(dptr, type_len); + ADD_STRING(dptr, privtypestr, type_len); + ADD_U_INT16(dptr, priv_len); + ADD_STRING(dptr, privstr, priv_len); + return (t); +} + +/* + * token ID 1 byte * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) * text length 2 bytes @@ -1204,9 +1255,9 @@ au_to_me(void) auinfo.ai_asid, &auinfo.ai_termid)); } else { /* getaudit_addr(2) failed for some other reason. */ - return (NULL); + return (NULL); } - } + } return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); @@ -1438,7 +1489,7 @@ au_to_header32_ex_tm(int rec_size, au_ev ADD_U_INT32(dptr, tm.tv_sec); ADD_U_INT32(dptr, timems); /* We need time in ms. */ - return (t); + return (t); } token_t *