Date: Wed, 18 May 2005 00:38:00 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 77121 for review Message-ID: <200505180038.j4I0c0vG063708@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=77121 Change 77121 by wsalamon@rickenbacker on 2005/05/18 00:37:05 Integrate shared files from the OpenBSM branch. Changes to come. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#1 branch .. //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#13 edit .. //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#3 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_klib.h#5 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#10 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#6 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#13 (text+ko) ==== @@ -267,13 +267,6 @@ struct timespec *endtime, short event); void kau_free(struct au_record *rec); void kau_init(void); -token_t *kau_to_file(char *file, struct timeval *tv); -token_t *kau_to_header(struct timespec *ctime, int rec_size, - au_event_t e_type, au_emod_t e_mod); -token_t *kau_to_header32(struct timespec *ctime, int rec_size, - au_event_t e_type, au_emod_t e_mod); -token_t *kau_to_header64(struct timespec *ctime, int rec_size, - au_event_t e_type, au_emod_t e_mod); /* * The remaining kernel functions are conditionally compiled in as they * are wrapped by a macro, and the macro should be the only place in ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#3 (text+ko) ==== @@ -1,15 +1,15 @@ /* * @APPLE_LICENSE_HEADER_START@ - * + * * Copyright (c) 1999-2004 Apple Computer, Inc. All Rights Reserved. - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,186 +17,154 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ #ifndef _BSM_AUDIT_RECORD_H_ #define _BSM_AUDIT_RECORD_H_ -#include <sys/cdefs.h> -#include <sys/vnode.h> -#include <sys/ipc.h> -#include <sys/un.h> -#include <sys/event.h> -#include <netinet/in_systm.h> -#include <netinet/in.h> -#include <netinet/ip.h> - -/* We could determined the header and trailer sizes by - * defining appropriate structures. We hold off that approach - * till we have a consistant way of using structures for all tokens. - * This is not straightforward since these token structures may - * contain pointers of whose contents we dont know the size - * (e.g text tokens) - */ -#define HEADER_SIZE 18 -#define TRAILER_SIZE 7 - -#define ADD_U_CHAR(loc, val) \ - do {\ - *loc = val;\ - loc += sizeof(u_char);\ - }while(0) - - -#define ADD_U_INT16(loc, val) \ - do { \ - memcpy(loc, (u_char *)&val, sizeof(u_int16_t));\ - loc += sizeof(u_int16_t); \ - }while(0) - -#define ADD_U_INT32(loc, val) \ - do { \ - memcpy(loc, (u_char *)&val, sizeof(u_int32_t));\ - loc += sizeof(u_int32_t); \ - }while(0) - -#define ADD_U_INT64(loc, val)\ - do {\ - memcpy(loc, (u_char *)&val, sizeof(u_int64_t));\ - loc += sizeof(u_int64_t); \ - }while(0) - -#define ADD_MEM(loc, data, size) \ - do { \ - memcpy(loc, data, size);\ - loc += size;\ - }while(0) - -#define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size) - - /* Various token id types */ -/* +/* * Values inside the comments are not documented in the BSM pages and - * have been picked up from the header files - */ - -/* - * Values marked as XXX do not have a value defined in the BSM header files - */ - -/* - * Control token types - -#define AUT_OTHER_FILE ((char)0x11) -#define AUT_OTHER_FILE32 AUT_OTHER_FILE -#define AUT_OHEADER ((char)0x12) - + * have been picked up from the header files */ -#define AUT_INVALID 0x00 -#define AU_FILE_TOKEN 0x11 -#define AU_TRAILER_TOKEN 0x13 -#define AU_HEADER_32_TOKEN 0x14 -#define AU_HEADER_EX_32_TOKEN 0x15 - /* - * Data token types -#define AUT_SERVER ((char)0x25) -#define AUT_SERVER32 AUT_SERVER + * Values marked as XXX do not have a value defined in the BSM header files */ -#define AU_DATA_TOKEN 0x21 -#define AU_ARB_TOKEN AU_DATA_TOKEN -#define AU_IPC_TOKEN 0x22 -#define AU_PATH_TOKEN 0x23 -#define AU_SUBJECT_32_TOKEN 0x24 -#define AU_PROCESS_32_TOKEN 0x26 -#define AU_RETURN_32_TOKEN 0x27 -#define AU_TEXT_TOKEN 0x28 -#define AU_OPAQUE_TOKEN 0x29 -#define AU_IN_ADDR_TOKEN 0x2A -#define AU_IP_TOKEN 0x2B -#define AU_IPORT_TOKEN 0x2C -#define AU_ARG32_TOKEN 0x2D -#define AU_SOCK_TOKEN 0x2E -#define AU_SEQ_TOKEN 0x2F +#define AUT_INVALID 0x00 +#define AUT_OTHER_FILE32 0x11 +#define AUT_OHEADER 0x12 +#define AUT_TRAILER 0x13 +#define AUT_HEADER32 0x14 +#define AUT_HEADER32_EX 0x15 +#define AUT_DATA 0x21 +#define AUT_IPC 0x22 +#define AUT_PATH 0x23 +#define AUT_SUBJECT32 0x24 +#define AUT_SERVER32 0x25 +#define AUT_PROCESS32 0x26 +#define AUT_RETURN32 0x27 +#define AUT_TEXT 0x28 +#define AUT_OPAQUE 0x29 +#define AUT_IN_ADDR 0x2a +#define AUT_IP 0x2b +#define AUT_IPORT 0x2c +#define AUT_ARG32 0x2d +#define AUT_SOCKET 0x2e +#define AUT_SEQ 0x2f +#define AUT_ACL 0x30 +#define AUT_ATTR 0x31 +#define AUT_IPC_PERM 0x32 +#define AUT_LABEL 0x33 +#define AUT_GROUPS 0x34 +#define AUT_ILABEL 0x35 +#define AUT_SLABEL 0x36 +#define AUT_CLEAR 0x37 +#define AUT_PRIV 0x38 +#define AUT_UPRIV 0x39 +#define AUT_LIAISON 0x3a +#define AUT_NEWGROUPS 0x3b +#define AUT_EXEC_ARGS 0x3c +#define AUT_EXEC_ENV 0x3d +#define AUT_ATTR32 0x3e +/* #define AUT_???? 0x3f */ +#define AUT_XATOM 0x40 +#define AUT_XOBJ 0x41 +#define AUT_XPROTO 0x42 +#define AUT_XSELECT 0x43 +/* XXXRW: Additional X11 tokens not defined? */ +#define AUT_CMD 0x51 +#define AUT_EXIT 0x52 +/* XXXRW: OpenBSM AUT_HOST 0x70? */ +#define AUT_ARG64 0x71 +#define AUT_RETURN64 0x72 +#define AUT_ATTR64 0x73 +#define AUT_HEADER64 0x74 +#define AUT_SUBJECT64 0x75 +#define AUT_SERVER64 0x76 +#define AUT_PROCESS64 0x77 +#define AUT_OTHER_FILE64 0x78 +#define AUT_HEADER64_EX 0x79 +#define AUT_SUBJECT32_EX 0x7a +#define AUT_PROCESS32_EX 0x7b +#define AUT_SUBJECT64_EX 0x7c +#define AUT_PROCESS64_EX 0x7d +#define AUT_IN_ADDR_EX 0x7e +#define AUT_SOCKET_EX 0x7f /* - * Modifier token types - -#define AUT_ACL ((char)0x30) -#define AUT_LABEL ((char)0x33) -#define AUT_GROUPS ((char)0x34) -#define AUT_ILABEL ((char)0x35) -#define AUT_SLABEL ((char)0x36) -#define AUT_CLEAR ((char)0x37) -#define AUT_PRIV ((char)0x38) -#define AUT_UPRIV ((char)0x39) -#define AUT_LIAISON ((char)0x3A) - + * Pre-64-bit BSM, 32-bit tokens weren't explicitly named as '32'. We have + * compatibility defines. */ - -#define AU_ATTR_TOKEN 0x31 -#define AU_IPCPERM_TOKEN 0x32 -#define AU_NEWGROUPS_TOKEN 0x3B -#define AU_EXEC_ARG_TOKEN 0x3C -#define AU_EXEC_ENV_TOKEN 0x3D -#define AU_ATTR32_TOKEN 0x3E +#define AUT_HEADER AUT_HEADER32 +#define AUT_ARG AUT_ARG32 +#define AUT_RETURN AUT_RETURN32 +#define AUT_SUBJECT AUT_SUBJECT32 +#define AUT_SERVER AUT_SERVER32 +#define AUT_PROCESS AUT_PROCESS32 +#define AUT_OTHER_FILE AUT_OTHER_FILE32 /* - * Command token types + * Darwin's bsm distribution uses the following non-BSM token name defines. + * We provide them for a single OpenBSM release for compatibility reasons. */ - -#define AU_CMD_TOKEN 0x51 -#define AU_EXIT_TOKEN 0x52 +#define AU_FILE_TOKEN AUT_OTHER_FILE32 +#define AU_TRAILER_TOKEN AUT_TRAILER +#define AU_HEADER_32_TOKEN AUT_HEADER32 +#define AU_DATA_TOKEN AUT_DATA +#define AU_ARB_TOKEN AUT_DATA +#define AU_IPC_TOKEN AUT_IPC +#define AU_PATH_TOKEN AUT_PATH +#define AU_SUBJECT_32_TOKEN AUT_SUBJECT32 +#define AU_PROCESS_32_TOKEN AUT_PROCESS32 +#define AU_RETURN_32_TOKEN AUT_RETURN32 +#define AU_TEXT_TOKEN AUT_TEXT +#define AU_OPAQUE_TOKEN AUT_OPAQUE +#define AU_IN_ADDR_TOKEN AUT_IN_ADDR +#define AU_IP_TOKEN AUT_IP +#define AU_IPORT_TOKEN AUT_IPORT +#define AU_ARG32_TOKEN AUT_ARG32 +#define AU_SOCK_TOKEN AUT_SOCKET +#define AU_SEQ_TOKEN AUT_SEQ +#define AU_ATTR_TOKEN AUT_ATTR +#define AU_IPCPERM_TOKEN AUT_IPC_PERM +#define AU_NEWGROUPS_TOKEN AUT_NEWGROUPS +#define AU_EXEC_ARG_TOKEN AUT_EXEC_ARGS +#define AU_EXEC_ENV_TOKEN AUT_EXEC_ENV +#define AU_ATTR32_TOKEN AUT_ATTR32 +#define AU_CMD_TOKEN AUT_CMD +#define AU_EXIT_TOKEN AUT_EXIT +#define AU_ARG64_TOKEN AUT_ARG64 +#define AU_RETURN_64_TOKEN AUT_RETURN64 +#define AU_ATTR64_TOKEN AUT_ATTR64 +#define AU_HEADER_64_TOKEN AUT_HEADER64 +#define AU_SUBJECT_64_TOKEN AUT_SUBJECT64 +#define AU_PROCESS_64_TOKEN AUT_PROCESS64 +#define AU_HEADER_64_EX_TOKEN AUT_HEADER64_EX +#define AU_SUBJECT_32_EX_TOKEN AUT_SUBJECT32_EX +#define AU_PROCESS_32_EX_TOKEN AUT_PROCESS32_EX +#define AU_SUBJECT_64_EX_TOKEN AUT_SUBJECT64_EX +#define AU_PROCESS_64_EX_TOKEN AUT_PROCESS64_EX +#define AU_IN_ADDR_EX_TOKEN AUT_IN_ADDR_EX +#define AU_SOCK_32_EX_TOKEN AUT_SOCKET_EX /* - * Miscellaneous token types - -#define AUT_HOST ((char)0x70) - + * The values for the following token ids are not defined by BSM. + * + * XXXRW: Not sure how to andle these in OpenBSM yet, but I'll give them + * names more consistent with Sun's BSM. These originally came from Apple's + * BSM. */ - -/* - * 64bit token types - -#define AUT_SERVER64 ((char)0x76) -#define AUT_OTHER_FILE64 ((char)0x78) - - */ - -#define AU_ARG64_TOKEN 0x71 -#define AU_RETURN_64_TOKEN 0x72 -#define AU_ATTR64_TOKEN 0x73 -#define AU_HEADER_64_TOKEN 0x74 -#define AU_SUBJECT_64_TOKEN 0x75 -#define AU_PROCESS_64_TOKEN 0x77 - -/* - * Extended network address token types - */ - -#define AU_HEADER_EX_64_TOKEN 0x79 -#define AU_SUBJECT_32_EX_TOKEN 0x7a -#define AU_PROCESS_32_EX_TOKEN 0x7b -#define AU_SUBJECT_64_EX_TOKEN 0x7c -#define AU_PROCESS_64_EX_TOKEN 0x7d -#define AU_IN_ADDR_EX_TOKEN 0x7e -#define AU_SOCK_EX32_TOKEN 0x7f -#define AU_SOCK_EX128_TOKEN AUT_INVALID /*XXX*/ -#define AU_IP_EX_TOKEN AUT_INVALID /*XXX*/ - -/* - * The values for the following token ids are not - * defined by BSM - */ -#define AU_SOCK_INET_32_TOKEN 0x80 /*XXX*/ -#define AU_SOCK_INET_128_TOKEN 0x81 /*XXX*/ -#define AU_SOCK_UNIX_TOKEN 0x82 /*XXX*/ +#define AUT_SOCKINET32 0x80 /* XXX */ +#define AUT_SOCKINET128 0x81 /* XXX */ +#define AUT_SOCKUNIX 0x82 /* XXX */ +#define AU_SOCK_INET_32_TOKEN AUT_SOCKINET32 +#define AU_SOCK_INET_128_TOKEN AUT_SOCKINET128 +#define AU_SOCK_UNIX_TOKEN AUT_SOCKUNIX /* print values for the arbitrary token */ #define AUP_BINARY 0 @@ -211,7 +179,7 @@ #define AUR_LONG 2 /* ... and their sizes */ -#define AUR_BYTE_SIZE sizeof(u_char) +#define AUR_BYTE_SIZE sizeof(u_char) #define AUR_SHORT_SIZE sizeof(u_int16_t) #define AUR_LONG_SIZE sizeof(u_int32_t) @@ -220,32 +188,65 @@ #define PAD_FAILURE 0x8000 /* fail audit event */ -#define MAX_GROUPS 16 +#define BSM_MAX_GROUPS 16 #define HEADER_VERSION 1 -#define TRAILER_PAD_MAGIC 0xB105 + +/* + * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we + * split the difference, will remove the Apple define for the next release. + */ +#define AUT_TRAILER_MAGIC 0xb105 +#define TRAILER_PAD_MAGIC AUT_TRAILER_MAGIC /* BSM library calls */ __BEGIN_DECLS +struct in_addr; +struct in6_addr; +struct ip; +struct ipc_perm; +struct kevent; +struct sockaddr_in; +struct sockaddr_in6; +struct sockaddr_un; +#if defined(_KERNEL) || defined(KERNEL) +struct vnode_au_info; +#endif + int au_open(void); int au_write(int d, token_t *m); int au_close(int d, int keep, short event); +int au_close_buffer(int d, short event, u_char *buffer, + size_t *buflen); +#if defined(KERNEL) || defined(_KERNEL) +token_t *au_to_file(char *file, struct timeval tm); +#else token_t *au_to_file(char *file); -token_t *au_to_header(int rec_size, au_event_t e_type, +#endif +#if defined(KERNEL) || defined(_KERNEL) +token_t *au_to_header(int rec_size, au_event_t e_type, + au_emod_t e_mod, struct timeval tm); +token_t *au_to_header32(int rec_size, au_event_t e_type, + au_emod_t e_mod, struct timeval tm); +#else +token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); -token_t *au_to_header32(int rec_size, au_event_t e_type, +token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); -token_t *au_to_header64(int rec_size, au_event_t e_type, +#endif +token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_me(void); - + token_t *au_to_arg(char n, char *text, u_int32_t v); token_t *au_to_arg32(char n, char *text, u_int32_t v); token_t *au_to_arg64(char n, char *text, u_int64_t v); -token_t *au_to_attr(struct vattr *attr); -token_t *au_to_attr32(struct vattr *attr); -token_t *au_to_attr64(struct vattr *attr); +#if defined(_KERNEL) || defined(KERNEL) +token_t *au_to_attr(struct vnode_au_info *vni); +token_t *au_to_attr32(struct vnode_au_info *vni); +token_t *au_to_attr64(struct vnode_au_info *vni); +#endif token_t *au_to_data(char unit_print, char unit_type, char unit_count, char *p); token_t *au_to_exit(int retval, int err); @@ -281,9 +282,13 @@ token_t *au_to_return32(char status, u_int32_t ret); token_t *au_to_return64(char status, u_int64_t ret); token_t *au_to_seq(long audit_count); +#if defined(_KERNEL) || defined(KERNEL) token_t *au_to_socket(struct socket *so); -token_t *au_to_socket_ex_32(struct socket *so); -token_t *au_to_socket_ex_128(struct socket *so); +token_t *au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, + struct sockaddr *la, struct sockaddr *ta); +token_t *au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, + struct sockaddr *la, struct sockaddr *ta); +#endif token_t *au_to_sock_inet(struct sockaddr_in *so); token_t *au_to_sock_inet32(struct sockaddr_in *so); token_t *au_to_sock_inet128(struct sockaddr_in6 *so); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_klib.h#5 (text+ko) ==== @@ -36,7 +36,6 @@ * data structures. The prototypes of these functions are declared here. */ token_t *kau_to_socket(struct socket_au_info *soi); -token_t *kau_to_attr32(struct vnode_au_info *vni); /* * audit_klib prototypes ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#10 (text+ko) ==== @@ -32,6 +32,7 @@ #include <sys/systm.h> #include <bsm/audit.h> +#include <bsm/audit_internal.h> #include <bsm/audit_record.h> #include <bsm/audit_kernel.h> #include <bsm/audit_kevents.h> @@ -157,11 +158,14 @@ u_char *dptr; size_t tot_rec_size; token_t *cur, *hdr, *trail; + struct timeval tm; - tot_rec_size = rec->len + HEADER_SIZE + TRAILER_SIZE; + tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE; if(tot_rec_size <= MAX_AUDIT_RECORD_SIZE) { /* Create the header token */ - hdr = kau_to_header32(ctime, tot_rec_size, event, 0); + tm.tv_usec = ctime->tv_nsec / 1000; + tm.tv_sec = ctime->tv_sec; + hdr = au_to_header32(tot_rec_size, event, 0, tm); if(hdr != NULL) { /* Add to head of list */ @@ -237,7 +241,7 @@ kau_write(rec, tok); \ } \ if (ar->ar_valid_arg & ARG_VNODE1) { \ - tok = kau_to_attr32(&ar->ar_arg_vnode1);\ + tok = au_to_attr32(&ar->ar_arg_vnode1);\ kau_write(rec, tok); \ } \ } while (0) @@ -251,7 +255,7 @@ UPATH1_TOKENS; \ } \ if (ar->ar_valid_arg & ARG_VNODE1) { \ - tok = kau_to_attr32(&ar->ar_arg_vnode1);\ + tok = au_to_attr32(&ar->ar_arg_vnode1);\ kau_write(rec, tok); \ } \ } while (0) @@ -263,7 +267,7 @@ kau_write(rec, tok); \ } \ if (ar->ar_valid_arg & ARG_VNODE2) { \ - tok = kau_to_attr32(&ar->ar_arg_vnode2);\ + tok = au_to_attr32(&ar->ar_arg_vnode2);\ kau_write(rec, tok); \ } \ } while (0) @@ -274,7 +278,7 @@ tok = au_to_path(ar->ar_arg_kpath1); \ kau_write(rec, tok); \ if (ar->ar_valid_arg & ARG_VNODE1) { \ - tok = kau_to_attr32(&ar->ar_arg_vnode1);\ + tok = au_to_attr32(&ar->ar_arg_vnode1);\ kau_write(rec, tok); \ } \ } else { \ @@ -1103,10 +1107,10 @@ /* XXXAUDIT There needs to be a token structure to map a token. * XXXAUDIT 'Shouldn't be simply looking at the first char. */ - if ( (c != AU_HEADER_32_TOKEN) && - (c != AU_HEADER_EX_32_TOKEN) && - (c != AU_HEADER_64_TOKEN) && - (c != AU_HEADER_EX_64_TOKEN) ) { + if ( (c != AUT_HEADER32) && + (c != AUT_HEADER32_EX) && + (c != AUT_HEADER64) && + (c != AUT_HEADER64_EX) ) { return (0); } return (1); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#6 (text+ko) ==== @@ -1,44 +1,80 @@ /* - * Copyright (c) 2004 Apple Computer, Inc. All rights reserved. + * Copyright (c) 2004, Apple Computer, Inc. + * Copyright (c) 2005 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. * - * @APPLE_LICENSE_HEADER_START@ - * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. - * - * @APPLE_LICENSE_HEADER_END@ + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ -#include <sys/param.h> -#include <sys/event.h> -#include <sys/libkern.h> -#include <sys/malloc.h> -#include <sys/un.h> +#include <sys/types.h> +#ifdef __APPLE__ +#include <compat/endian.h> +#else /* !__APPLE__ */ +#include <sys/endian.h> +#endif /* __APPLE__*/ +#include <sys/socket.h> +#include <sys/time.h> + +#include <sys/ipc.h> +#include <sys/libkern.h> +#include <sys/malloc.h> +#include <sys/un.h> + +#include <netinet/in.h> +#include <netinet/in_systm.h> +#include <netinet/ip.h> + +#include <sys/socketvar.h> + +#include <bsm/audit.h> +#include <bsm/audit_internal.h> +#include <bsm/audit_kernel.h> +#include <bsm/audit_record.h> +#include <security/audit/audit_klib.h> + +#define GET_TOKEN_AREA(t, dptr, length) \ + do {\ + t = (token_t *) malloc (sizeof(token_t), M_AUDIT, M_WAITOK);\ + if(t != NULL)\ + {\ + t->len = length;\ + t->t_data = (u_char *) malloc (length * sizeof(u_char),\ + M_AUDIT, M_WAITOK);\ + if((dptr = t->t_data) == NULL)\ + {\ + free(t, M_AUDIT);\ + t = NULL;\ + }\ + else\ + {\ + memset(dptr, 0, length);\ + }\ + }\ + }while(0) -#include <bsm/audit.h> -#include <bsm/audit_record.h> -#include <bsm/audit_kernel.h> -#include <security/audit/audit_klib.h> -#define GET_TOKEN_AREA(tok, dptr, length) \ - do { \ - tok = malloc(sizeof(*tok), M_AUDIT, M_WAITOK); \ - tok->len = length; \ - dptr = tok->t_data = malloc(length * sizeof(u_char), \ - M_AUDIT, M_WAITOK); \ - memset(tok->t_data, 0, length); \ - } while(0) /* * token ID 1 byte @@ -50,13 +86,14 @@ token_t *au_to_arg32(char n, char *text, u_int32_t v) { token_t *t; - u_char *dptr; + u_char *dptr = NULL; u_int16_t textlen; - + if(text == NULL) { - return NULL; + errno = EINVAL; + return NULL; } - + textlen = strlen(text); GET_TOKEN_AREA(t, dptr, 9 + textlen); if(t == NULL) { @@ -65,7 +102,7 @@ textlen += 1; - ADD_U_CHAR(dptr, AU_ARG32_TOKEN); + ADD_U_CHAR(dptr, AUT_ARG32); ADD_U_CHAR(dptr, n); ADD_U_INT32(dptr, v); ADD_U_INT16(dptr, textlen); @@ -78,27 +115,28 @@ token_t *au_to_arg64(char n, char *text, u_int64_t v) { token_t *t; - u_char *dptr; + u_char *dptr = NULL; u_int16_t textlen; - + if(text == NULL) { - return NULL; + errno = EINVAL; + return NULL; } - + textlen = strlen(text); GET_TOKEN_AREA(t, dptr, 13 + textlen); if(t == NULL) { return NULL; } - textlen += 1; + textlen += 1; - ADD_U_CHAR(dptr, AU_ARG64_TOKEN); + ADD_U_CHAR(dptr, AUT_ARG64); ADD_U_CHAR(dptr, n); ADD_U_INT64(dptr, v); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); - + return t; } @@ -108,6 +146,7 @@ return au_to_arg32(n, text, v); } +#if defined(_KERNEL) || defined(KERNEL) /* * token ID 1 byte * file access mode 4 bytes @@ -117,72 +156,70 @@ * node ID 8 bytes * device 4 bytes/8 bytes (32-bit/64-bit) */ -token_t *au_to_attr32(struct vattr *attr) +token_t *au_to_attr32(struct vnode_au_info *vni) { - return NULL; -} - -/* Kernel-specific version of the above function */ -token_t *kau_to_attr32(struct vnode_au_info *vni) -{ token_t *t; - u_char *dptr; - u_int32_t pad0_32 = 0; + u_char *dptr = NULL; + u_int16_t pad0_16 = 0; + u_int16_t pad0_32 = 0; if(vni == NULL) { + errno = EINVAL; return NULL; } - + + GET_TOKEN_AREA(t, dptr, 29); if(t == NULL) { return NULL; } - ADD_U_CHAR(dptr, AU_ATTR32_TOKEN); - ADD_U_INT32(dptr, vni->vn_mode); + ADD_U_CHAR(dptr, AUT_ATTR32); + + /* + * Darwin defines the size for the file mode + * as 2 bytes; BSM defines 4 so pad with 0 + */ + ADD_U_INT16(dptr, pad0_16); + ADD_U_INT16(dptr, vni->vn_mode); + ADD_U_INT32(dptr, vni->vn_uid); ADD_U_INT32(dptr, vni->vn_gid); ADD_U_INT32(dptr, vni->vn_fsid); - /* Pad four bytes for the file ID due to BSM's need for 8 bytes */ - ADD_U_INT32(dptr, pad0_32); - ADD_U_INT32(dptr, vni->vn_fileid); - ADD_U_INT32(dptr, vni->vn_gen); - - return t; -} -token_t *au_to_attr64(struct vattr *attr) -{ - token_t *t; - u_char *dptr; + /* + * Some systems use 32-bit file ID's, other's use 64-bit file IDs. + * Attempt to handle both, and let the compiler sort it out. If we + * could pick this out at compile-time, it would be better, so as to + * avoid the else case below. + */ + if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { + ADD_U_INT32(dptr, pad0_32); + ADD_U_INT32(dptr, vni->vn_fileid); + } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) { + ADD_U_INT64(dptr, vni->vn_fileid); + } else { + ADD_U_INT64(dptr, 0LL); + } - if(attr == NULL) { - return NULL; - } - - - GET_TOKEN_AREA(t, dptr, 33); - if(t == NULL) { - return NULL; - } + ADD_U_INT32(dptr, vni->vn_dev); - ADD_U_CHAR(dptr, AU_ATTR64_TOKEN); - ADD_U_INT32(dptr, attr->va_mode); - ADD_U_INT32(dptr, attr->va_uid); - ADD_U_INT32(dptr, attr->va_gid); - ADD_U_INT32(dptr, attr->va_fsid); - ADD_U_INT64(dptr, attr->va_fileid); - ADD_U_INT64(dptr, attr->va_rdev); - return t; } -token_t *au_to_attr(struct vattr *attr) +token_t *au_to_attr64(struct vnode_au_info *vni) { - return au_to_attr32(attr); + errno = ENOTSUP; + return NULL; } +token_t *au_to_attr(struct vnode_au_info *vni) +{ + return au_to_attr32(vni); +} +#endif /* !(defined(_KERNEL) || defined(KERNEL) */ + /* * token ID 1 byte * how to print 1 byte @@ -194,13 +231,14 @@ char unit_count, char *p) { token_t *t; - u_char *dptr; + u_char *dptr = NULL; size_t datasize, totdata; - + if(p == NULL) { + errno = EINVAL; return NULL; } - + /* Determine the size of the basic unit */ switch(unit_type) { case AUR_BYTE: datasize = AUR_BYTE_SIZE; @@ -208,56 +246,59 @@ case AUR_SHORT: datasize = AUR_SHORT_SIZE; break; - + case AUR_LONG: datasize = AUR_LONG_SIZE; break; - - default: return NULL; + + default: + errno = EINVAL; + return NULL; } totdata = datasize * unit_count; - + GET_TOKEN_AREA(t, dptr, totdata + 4); if(t == NULL) { return NULL; } - ADD_U_CHAR(dptr, AU_ARB_TOKEN); + ADD_U_CHAR(dptr, AUT_DATA); ADD_U_CHAR(dptr, unit_print); ADD_U_CHAR(dptr, unit_type); ADD_U_CHAR(dptr, unit_count); ADD_MEM(dptr, p, totdata); - + return t; } + /* * token ID 1 byte * status 4 bytes - * return value 4 bytes + * return value 4 bytes */ token_t *au_to_exit(int retval, int err) { token_t *t; - u_char *dptr; - + u_char *dptr = NULL; + GET_TOKEN_AREA(t, dptr, 9); if(t == NULL) { return NULL; } - - ADD_U_CHAR(dptr, AU_EXIT_TOKEN); + + ADD_U_CHAR(dptr, AUT_EXIT); ADD_U_INT32(dptr, err); ADD_U_INT32(dptr, retval); - return t; + return t; } /* */ token_t *au_to_groups(int *groups) { - return au_to_newgroups(MAX_GROUPS, groups); + return au_to_newgroups(BSM_MAX_GROUPS, groups); } /* @@ -268,25 +309,26 @@ token_t *au_to_newgroups(u_int16_t n, gid_t *groups) { token_t *t; - u_char *dptr; + u_char *dptr = NULL; int i; - + if(groups == NULL) { + errno = EINVAL; return NULL; } - + GET_TOKEN_AREA(t, dptr, n * 4 + 3); if(t == NULL) { return NULL; } - - ADD_U_CHAR(dptr, AU_NEWGROUPS_TOKEN); + + ADD_U_CHAR(dptr, AUT_NEWGROUPS); ADD_U_INT16(dptr, n); for(i = 0; i < n; i++) { ADD_U_INT32(dptr, groups[i]); } - - return t; + + return t; } @@ -299,9 +341,10 @@ token_t *au_to_in_addr(struct in_addr *internet_addr) { token_t *t; - u_char *dptr; - + u_char *dptr = NULL; + if(internet_addr == NULL) { + errno = EINVAL; return NULL; } @@ -309,8 +352,8 @@ if(t == NULL) { return NULL; >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505180038.j4I0c0vG063708>