Date: Sun, 15 Jan 2006 23:44:37 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 89759 for review Message-ID: <200601152344.k0FNib8c029976@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=89759 Change 89759 by rwatson@rwatson_zoo on 2006/01/15 23:44:30 Integrate OpenBSM branch into TrustedBSD audit3 contrib/openbsm: - Updated change log. - Updated contributors. - Further style(9)ification. - OpenSolaris BSM API memory allocation model, _r() APIs. - Many bugfixes, especially relating to threading and error handling. - Further audump work. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/README#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_class.3#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_event.3#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_user.3#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_class.c#5 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_control.c#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_flags.c#5 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#5 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_mask.c#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_user.c#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/audump.c#2 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#2 (text+ko) ==== @@ -41,3 +41,24 @@ to run praudit(1) on basic Solaris BSM streams. - Switched to Solaris spelling of token names; Darwin spellings are now deprecated and will be removed in a future version of OpenBSM. +- Adopt Solaris model for representing IPv4 and IPv6 addresses. +- Prefer C99 types. +- Attempt to universally adopt the BSD style(9) coding style for + consistency. +- auditreduce(1) now has a usage message. +- Update support for auditctl(2) system call to support FreeBSD. +- Add support for /dev/audit as the trigger source on FreeBSD. +- Add additional event types for Darwin, FreeBSD, and Solaris. Annotate + conflicts (there are a few, unfortunately). Correct spellings, comment, + sort, etc. These include {get,set}res[ug]id(), sendfile(), lchflags(), + eaccess(), kqueue(), kevent(), poll(), lchmod(). +- Relicensed under a BSD license, many thanks to Apple, Inc! +- Many bug fixes, cleanups, thread safety in the class, control, event, + and user system audit databases. Annotate some persisting atomicity + bugs associated with the API and implementation. +- Add audump test tool. +- Adopt OpenSolaris BSM API memory semantics: caller allocates memory, + or static memory is returned for non-_r() versions of API calls. + _free() calls dropped as a result, and source code compatibility with + OpenSolaris improved significantly. + ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/README#3 (text+ko) ==== @@ -58,6 +58,7 @@ Wayne Salamon Tom Rhodes Wojciech Koszek + Chunyang Yuan Contributions ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#3 (text+ko) ==== @@ -27,16 +27,15 @@ */ #ifndef _LIBBSM_H_ -#define _LIBBSM_H_ +#define _LIBBSM_H_ /* - * NB: definitions, etc., marked with "OpenSSH compatibility" were - * introduced solely to allow OpenSSH to compile; Darwin/Apple code should - * not use them. + * NB: definitions, etc., marked with "OpenSSH compatibility" were introduced + * solely to allow OpenSSH to compile; Darwin/Apple code should not use them. */ -#define MAX_ARGS 10 -#define MAX_ENV 10 +#define MAX_ARGS 10 +#define MAX_ENV 10 #include <sys/types.h> #include <sys/cdefs.h> @@ -46,138 +45,120 @@ #include <bsm/audit_record.h> #include <stdio.h> +#include <stdint.h> #ifdef __APPLE__ #include <mach/mach.h> /* audit_token_t */ #endif -#define AU_PRS_SUCCESS 1 -#define AU_PRS_FAILURE 2 -#define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) +#define AU_PRS_SUCCESS 1 +#define AU_PRS_FAILURE 2 +#define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) -#define AU_PRS_USECACHE 0 -#define AU_PRS_REREAD 1 +#define AU_PRS_USECACHE 0 +#define AU_PRS_REREAD 1 -#define AUDIT_EVENT_FILE "/etc/security/audit_event" -#define AUDIT_CLASS_FILE "/etc/security/audit_class" -#define AUDIT_CONTROL_FILE "/etc/security/audit_control" -#define AUDIT_USER_FILE "/etc/security/audit_user" +#define AUDIT_EVENT_FILE "/etc/security/audit_event" +#define AUDIT_CLASS_FILE "/etc/security/audit_class" +#define AUDIT_CONTROL_FILE "/etc/security/audit_control" +#define AUDIT_USER_FILE "/etc/security/audit_user" -#define DIR_CONTROL_ENTRY "dir" -#define MINFREE_CONTROL_ENTRY "minfree" -#define FLAGS_CONTROL_ENTRY "flags" -#define NA_CONTROL_ENTRY "naflags" +#define DIR_CONTROL_ENTRY "dir" +#define MINFREE_CONTROL_ENTRY "minfree" +#define FLAGS_CONTROL_ENTRY "flags" +#define NA_CONTROL_ENTRY "naflags" -#define AU_CLASS_NAME_MAX 8 -#define AU_CLASS_DESC_MAX 72 -#define AU_EVENT_NAME_MAX 30 -#define AU_EVENT_DESC_MAX 50 -#define AU_USER_NAME_MAX 50 -#define AU_LINE_MAX 256 -#define MAX_AUDITSTRING_LEN 256 -#define BSM_TEXTBUFSZ MAX_AUDITSTRING_LEN /* OpenSSH compatibility */ +#define AU_CLASS_NAME_MAX 8 +#define AU_CLASS_DESC_MAX 72 +#define AU_EVENT_NAME_MAX 30 +#define AU_EVENT_DESC_MAX 50 +#define AU_USER_NAME_MAX 50 +#define AU_LINE_MAX 256 +#define MAX_AUDITSTRING_LEN 256 +#define BSM_TEXTBUFSZ MAX_AUDITSTRING_LEN /* OpenSSH compatibility */ /* * These are referenced in Solaris 9 au_open(3BSM); values are guesses. * Provided for OpenSSH compatibility. */ -#define AU_TO_NO_WRITE 0 -#define AU_TO_WRITE 1 +#define AU_TO_NO_WRITE 0 +#define AU_TO_WRITE 1 __BEGIN_DECLS struct au_event_ent { - au_event_t ae_number; - char *ae_name; - char *ae_desc; - au_class_t ae_class; + au_event_t ae_number; + char *ae_name; + char *ae_desc; + au_class_t ae_class; }; typedef struct au_event_ent au_event_ent_t; struct au_class_ent { - char *ac_name; - au_class_t ac_class; - char *ac_desc; + char *ac_name; + au_class_t ac_class; + char *ac_desc; }; typedef struct au_class_ent au_class_ent_t; struct au_user_ent { - char *au_name; - au_mask_t au_always; - au_mask_t au_never; + char *au_name; + au_mask_t au_always; + au_mask_t au_never; }; typedef struct au_user_ent au_user_ent_t; __END_DECLS +#define ADD_TO_MASK(m, c, sel) do { \ + if (sel & AU_PRS_SUCCESS) \ + (m)->am_success |= c; \ + if (sel & AU_PRS_FAILURE) \ + (m)->am_failure |= c; \ +} while (0) -#define ADD_TO_MASK(m, c, sel) \ - do {\ - if(sel & AU_PRS_SUCCESS) {\ - (m)->am_success |= c;\ - }\ - if(sel & AU_PRS_FAILURE) {\ - (m)->am_failure |= c;\ - }\ - }while(0) +#define SUB_FROM_MASK(m, c, sel) do { \ + if (sel & AU_PRS_SUCCESS) \ + (m)->am_success &= ((m)->am_success ^ c); \ + if (sel & AU_PRS_FAILURE) \ + (m)->am_failure &= ((m)->am_failure ^ c); \ +} while (0) -#define SUB_FROM_MASK(m, c, sel) \ - do {\ - if(sel & AU_PRS_SUCCESS) {\ - (m)->am_success &= ((m)->am_success ^ c);\ - }\ - if(sel & AU_PRS_FAILURE) {\ - (m)->am_failure &= ((m)->am_failure ^ c);\ - }\ - }while(0) +#define ADDMASK(m, v) do { \ + (m)->am_success |= (v)->am_success; \ + (m)->am_failure |= (v)->am_failure; \ +} while(0) -#define ADDMASK(m, v) \ - do {\ - (m)->am_success |= (v)->am_success;\ - (m)->am_failure |= (v)->am_failure;\ - } while(0) - -#define SUBMASK(m, v) \ - do {\ - (m)->am_success &= ((m)->am_success ^ (v)->am_success);\ - (m)->am_failure &= ((m)->am_failure ^ (v)->am_failure);\ - } while(0) - +#define SUBMASK(m, v) do { \ + (m)->am_success &= ((m)->am_success ^ (v)->am_success); \ + (m)->am_failure &= ((m)->am_failure ^ (v)->am_failure); \ +} while(0) __BEGIN_DECLS -struct audit_event_map { - struct au_event_ent *ev; - LIST_ENTRY(audit_event_map) ev_list; -}; - /* - * Internal representation of audit user in libnsl + * Internal representation of audit user in libnsl. */ typedef struct au_user_str_s { - char *au_name; - char *au_always; - char *au_never; + char *au_name; + char *au_always; + char *au_never; } au_user_str_t; +typedef struct au_tid32 { + u_int32_t port; + u_int32_t addr; +} au_tid32_t; -struct au_tid32 { - u_int32_t port; - u_int32_t addr; -}; -typedef struct au_tid32 au_tid32_t; +typedef struct au_tid64 { + u_int64_t port; + u_int32_t addr; +} au_tid64_t; -struct au_tid64 { - u_int64_t port; - u_int32_t addr; -}; -typedef struct au_tid64 au_tid64_t; +typedef struct au_tidaddr32 { + u_int32_t port; + u_int32_t type; + u_int32_t addr[4]; +} au_tidaddr32_t; -struct au_tidaddr32 { - u_int32_t port; - u_int32_t type; - u_int32_t addr[4]; -}; -typedef struct au_tidaddr32 au_tidaddr32_t; - /* * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) @@ -185,24 +166,19 @@ * text N bytes + 1 terminating NULL byte */ typedef struct { - - u_char no; - u_int32_t val; - u_int16_t len; - char *text; - + u_char no; + u_int32_t val; + u_int16_t len; + char *text; } au_arg32_t; typedef struct { - - u_char no; - u_int64_t val; - u_int16_t len; - char *text; - + u_char no; + u_int64_t val; + u_int16_t len; + char *text; } au_arg64_t; - /* * how to print 1 byte * basic unit 1 byte @@ -210,16 +186,12 @@ * data items (depends on basic unit) */ typedef struct { - - u_char howtopr; - u_char bu; - u_char uc; - u_char *data; - + u_char howtopr; + u_char bu; + u_char uc; + u_char *data; } au_arb_t; - - /* * file access mode 4 bytes * owner user ID 4 bytes @@ -229,49 +201,39 @@ * device 4 bytes/8 bytes (32-bit/64-bit) */ typedef struct { - - u_int32_t mode; - u_int32_t uid; - u_int32_t gid; - u_int32_t fsid; - u_int64_t nid; - u_int32_t dev; - + u_int32_t mode; + u_int32_t uid; + u_int32_t gid; + u_int32_t fsid; + u_int64_t nid; + u_int32_t dev; } au_attr32_t; typedef struct { - - u_int32_t mode; - u_int32_t uid; - u_int32_t gid; - u_int32_t fsid; - u_int64_t nid; - u_int64_t dev; - + u_int32_t mode; + u_int32_t uid; + u_int32_t gid; + u_int32_t fsid; + u_int64_t nid; + u_int64_t dev; } au_attr64_t; - /* * count 4 bytes * text count null-terminated string(s) */ typedef struct { - - u_int32_t count; - char *text[MAX_ARGS]; - + u_int32_t count; + char *text[MAX_ARGS]; } au_execarg_t; - /* * count 4 bytes * text count null-terminated string(s) */ typedef struct { - - u_int32_t count; - char *text[MAX_ENV]; - + u_int32_t count; + char *text[MAX_ENV]; } au_execenv_t; /* @@ -279,10 +241,8 @@ * return value 4 bytes */ typedef struct { - - u_int32_t status; - u_int32_t ret; - + u_int32_t status; + u_int32_t ret; } au_exit_t; /* @@ -292,12 +252,10 @@ * file pathname N bytes + 1 terminating NULL byte */ typedef struct { - - u_int32_t s; - u_int32_t ms; - u_int16_t len; - char *name; - + u_int32_t s; + u_int32_t ms; + u_int16_t len; + char *name; } au_file_t; @@ -306,13 +264,10 @@ * group list N * 4 bytes */ typedef struct { - - u_int16_t no; - u_int32_t list[BSM_MAX_GROUPS]; - + u_int16_t no; + u_int32_t list[BSM_MAX_GROUPS]; } au_groups_t; - /* * record byte count 4 bytes * version # 1 byte [2] @@ -322,14 +277,12 @@ * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ typedef struct { - - u_int32_t size; - u_char version; - u_int16_t e_type; - u_int16_t e_mod; - u_int32_t s; - u_int32_t ms; - + u_int32_t size; + u_char version; + u_int16_t e_type; + u_int16_t e_mod; + u_int32_t s; + u_int32_t ms; } au_header32_t; /* @@ -343,50 +296,41 @@ * nanoseconds of time 4 bytes/8 bytes (32/64-bits) */ typedef struct { - - u_int32_t size; - u_char version; - u_int16_t e_type; - u_int16_t e_mod; - u_int32_t ad_type; - u_int32_t addr[4]; - u_int32_t s; - u_int32_t ms; - + u_int32_t size; + u_char version; + u_int16_t e_type; + u_int16_t e_mod; + u_int32_t ad_type; + u_int32_t addr[4]; + u_int32_t s; + u_int32_t ms; } au_header32_ex_t; typedef struct { - - u_int32_t size; - u_char version; - u_int16_t e_type; - u_int16_t e_mod; - u_int64_t s; - u_int64_t ms; - + u_int32_t size; + u_char version; + u_int16_t e_type; + u_int16_t e_mod; + u_int64_t s; + u_int64_t ms; } au_header64_t; typedef struct { - - u_int32_t size; - u_char version; - u_int16_t e_type; - u_int16_t e_mod; - u_int32_t ad_type; - u_int32_t addr[4]; - u_int64_t s; - u_int64_t ms; - + u_int32_t size; + u_char version; + u_int16_t e_type; + u_int16_t e_mod; + u_int32_t ad_type; + u_int32_t addr[4]; + u_int64_t s; + u_int64_t ms; } au_header64_ex_t; - /* * internet address 4 bytes */ typedef struct { - - u_int32_t addr; - + u_int32_t addr; } au_inaddr_t; /* @@ -394,10 +338,8 @@ * internet address 16 bytes */ typedef struct { - - u_int32_t type; - u_int32_t addr[4]; - + u_int32_t type; + u_int32_t addr[4]; } au_inaddr_ex_t; /* @@ -413,18 +355,16 @@ * destination address 4 bytes */ typedef struct { - - u_char version; - u_char tos; - u_int16_t len; - u_int16_t id; - u_int16_t offset; - u_char ttl; - u_char prot; - u_int16_t chksm; - u_int32_t src; - u_int32_t dest; - + u_char version; + u_char tos; + u_int16_t len; + u_int16_t id; + u_int16_t offset; + u_char ttl; + u_char prot; + u_int16_t chksm; + u_int32_t src; + u_int32_t dest; } au_ip_t; /* @@ -432,10 +372,8 @@ * object ID 4 bytes */ typedef struct { - - u_char type; - u_int32_t id; - + u_char type; + u_int32_t id; } au_ipc_t; /* @@ -448,53 +386,40 @@ * key 4 bytes */ typedef struct { - - u_int32_t uid; - u_int32_t gid; - u_int32_t puid; - u_int32_t pgid; - u_int32_t mode; - u_int32_t seq; - u_int32_t key; - + u_int32_t uid; + u_int32_t gid; + u_int32_t puid; + u_int32_t pgid; + u_int32_t mode; + u_int32_t seq; + u_int32_t key; } au_ipcperm_t; - /* * port IP address 2 bytes */ typedef struct { - - u_int16_t port; - + u_int16_t port; } au_iport_t; - /* * length 2 bytes * data length bytes */ typedef struct { - - u_int16_t size; - char *data; - + u_int16_t size; + char *data; } au_opaque_t; - /* * path length 2 bytes * path N bytes + 1 terminating NULL byte */ typedef struct { - - u_int16_t len; - char *path; - + u_int16_t len; + char *path; } au_path_t; - - /* * audit ID 4 bytes * effective user ID 4 bytes @@ -508,29 +433,25 @@ * machine address 4 bytes */ typedef struct { - - u_int32_t auid; - u_int32_t euid; - u_int32_t egid; - u_int32_t ruid; - u_int32_t rgid; - u_int32_t pid; - u_int32_t sid; - au_tid32_t tid; - + u_int32_t auid; + u_int32_t euid; + u_int32_t egid; + u_int32_t ruid; + u_int32_t rgid; + u_int32_t pid; + u_int32_t sid; + au_tid32_t tid; } au_proc32_t; typedef struct { - - u_int32_t auid; - u_int32_t euid; - u_int32_t egid; - u_int32_t ruid; - u_int32_t rgid; - u_int32_t pid; - u_int32_t sid; - au_tid64_t tid; - + u_int32_t auid; + u_int32_t euid; + u_int32_t egid; + u_int32_t ruid; + u_int32_t rgid; + u_int32_t pid; + u_int32_t sid; + au_tid64_t tid; } au_proc64_t; /* @@ -547,16 +468,14 @@ * machine address 16 bytes */ typedef struct { - - u_int32_t auid; - u_int32_t euid; - u_int32_t egid; - u_int32_t ruid; - u_int32_t rgid; - u_int32_t pid; - u_int32_t sid; - au_tidaddr32_t tid; - + u_int32_t auid; + u_int32_t euid; + u_int32_t egid; + u_int32_t ruid; + u_int32_t rgid; + u_int32_t pid; + u_int32_t sid; + au_tidaddr32_t tid; } au_proc32ex_t; /* @@ -564,27 +483,20 @@ * return value 4 bytes/8 bytes (32-bit/64-bit value) */ typedef struct { - - u_char status; - u_int32_t ret; - + u_char status; + u_int32_t ret; } au_ret32_t; typedef struct { - - u_char err; - u_int64_t val; - + u_char err; + u_int64_t val; } au_ret64_t; - /* * sequence number 4 bytes */ typedef struct { - - u_int32_t seqno; - + u_int32_t seqno; } au_seq_t; /* @@ -595,13 +507,11 @@ * remote Internet address 4 bytes */ typedef struct { - - u_int16_t type; - u_int16_t l_port; - u_int32_t l_addr; - u_int16_t r_port; - u_int32_t r_addr; - + u_int16_t type; + u_int16_t l_port; + u_int32_t l_addr; + u_int16_t r_port; + u_int32_t r_addr; } au_socket_t; /* @@ -613,17 +523,14 @@ * address type/length 4 bytes * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address) */ - typedef struct { - - u_int16_t type; - u_int16_t l_port; - u_int32_t l_ad_type; - u_int32_t l_addr; - u_int32_t r_port; - u_int32_t r_ad_type; - u_int32_t r_addr; - + u_int16_t type; + u_int16_t l_port; + u_int32_t l_ad_type; + u_int32_t l_addr; + u_int32_t r_port; + u_int32_t r_ad_type; + u_int32_t r_addr; } au_socket_ex32_t; /* @@ -632,11 +539,9 @@ * socket address 4 bytes/16 bytes (IPv4/IPv6 address) */ typedef struct { - - u_int16_t family; - u_int16_t port; - u_int32_t addr; - + u_int16_t family; + u_int16_t port; + u_int32_t addr; } au_socketinet32_t; /* @@ -644,10 +549,8 @@ * path 104 bytes */ typedef struct { - - u_int16_t family; - char path[104]; - + u_int16_t family; + char path[104]; } au_socketunix_t; /* @@ -663,29 +566,25 @@ * machine address 4 bytes */ typedef struct { - - u_int32_t auid; - u_int32_t euid; - u_int32_t egid; - u_int32_t ruid; - u_int32_t rgid; - u_int32_t pid; - u_int32_t sid; - au_tid32_t tid; - + u_int32_t auid; + u_int32_t euid; + u_int32_t egid; + u_int32_t ruid; + u_int32_t rgid; + u_int32_t pid; + u_int32_t sid; + au_tid32_t tid; } au_subject32_t; typedef struct { - - u_int32_t auid; - u_int32_t euid; - u_int32_t egid; - u_int32_t ruid; - u_int32_t rgid; - u_int32_t pid; - u_int32_t sid; - au_tid64_t tid; - + u_int32_t auid; + u_int32_t euid; + u_int32_t egid; + u_int32_t ruid; + u_int32_t rgid; + u_int32_t pid; + u_int32_t sid; + au_tid64_t tid; } au_subject64_t; /* @@ -702,69 +601,52 @@ * machine address 16 bytes */ typedef struct { - - u_int32_t auid; - u_int32_t euid; - u_int32_t egid; - u_int32_t ruid; - u_int32_t rgid; - u_int32_t pid; - u_int32_t sid; - au_tidaddr32_t tid; - + u_int32_t auid; + u_int32_t euid; + u_int32_t egid; + u_int32_t ruid; + u_int32_t rgid; + u_int32_t pid; + u_int32_t sid; + au_tidaddr32_t tid; } au_subject32ex_t; - /* * text length 2 bytes * text N bytes + 1 terminating NULL byte */ typedef struct { - - u_int16_t len; - char *text; - + u_int16_t len; + char *text; } au_text_t; typedef struct { - - u_int32_t ident; - u_int16_t filter; - u_int16_t flags; - u_int32_t fflags; - u_int32_t data; - + u_int32_t ident; + u_int16_t filter; + u_int16_t flags; + u_int32_t fflags; + u_int32_t data; } au_kevent_t; typedef struct { - - u_int16_t length; - char *data; + u_int16_t length; + char *data; } au_invalid_t; - /* * trailer magic number 2 bytes * record byte count 4 bytes */ typedef struct { - - u_int16_t magic; - u_int32_t count; - + u_int16_t magic; + u_int32_t count; } au_trailer_t; - - struct tokenstr { - - u_char id; - - u_char *data; - size_t len; - + u_char id; + u_char *data; + size_t len; union { - au_arg32_t arg32; >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601152344.k0FNib8c029976>