From owner-p4-projects@FreeBSD.ORG Sun Jun 4 23:35:59 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 7516816AC36; Sun, 4 Jun 2006 23:35:59 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEC3016AC20 for ; Sun, 4 Jun 2006 23:35:57 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7AA7143D45 for ; Sun, 4 Jun 2006 23:35:57 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k54NYGTw080865 for ; Sun, 4 Jun 2006 23:34:16 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k54NYGiZ080862 for perforce@freebsd.org; Sun, 4 Jun 2006 23:34:16 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sun, 4 Jun 2006 23:34:16 GMT Message-Id: <200606042334.k54NYGiZ080862@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 98514 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jun 2006 23:36:05 -0000 http://perforce.freebsd.org/chv.cgi?CH=98514 Change 98514 by rwatson@rwatson_zoo on 2006/06/04 23:34:06 Integrate OpenBSM 1.0 alpha 6 changes from OpenBSM work branch to TrustedBSD audit3 branch. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#11 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#8 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/configure#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/audit_submit.3#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#12 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/auditctl.2#5 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#2 (text+ko) ==== @@ -25,10 +25,11 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#1 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#2 $ */ #include +#include #include #include @@ -66,12 +67,14 @@ usage(void) { - fprintf(stderr, "auditfilterd [-c conffile] [-d] [-t trailfile]\n"); + fprintf(stderr, "auditfilterd [-c conffile] [-d] [-p pipefile]" + " [-t trailfile]\n"); fprintf(stderr, " -c Specify configuration file (default: %s)\n", AUDITFILTERD_CONFFILE); fprintf(stderr, " -d Debugging mode, don't daemonize\n"); - fprintf(stderr, " -t Specify audit trail file (default: %s)", - AUDITFILTERD_TRAILFILE); + fprintf(stderr, " -p Specify pipe file (default: %s)\n", + AUDITFILTERD_PIPEFILE); + fprintf(stderr, " -t Specify audit trail file (default: none)\n"); exit(-1); } @@ -147,7 +150,7 @@ * them to modules for processing. */ static void -mainloop(const char *conffile, const char *trailfile, FILE *trail_fp) +mainloop_file(const char *conffile, const char *trailfile, FILE *trail_fp) { struct timespec ts; FILE *conf_fp; @@ -184,10 +187,8 @@ * more at the right blocking and signal behavior here. */ reclen = au_read_rec(trail_fp, &buf); - if (reclen == -1) { - sleep(1); + if (reclen == -1) continue; - } if (clock_gettime(CLOCK_REALTIME, &ts) < 0) err(-1, "clock_gettime"); present_bsmrecord(&ts, buf, reclen); @@ -196,16 +197,68 @@ } } +/* + * The main loop spins pulling records out of the record source and passing + * them to modules for processing. This version of the function accepts + * discrete record input from a file descriptor, as opposed to buffered input + * from a file stream. + */ +static void +mainloop_pipe(const char *conffile, const char *pipefile, int pipe_fd) +{ + u_char record[MAX_AUDIT_RECORD_SIZE]; + struct timespec ts; + FILE *conf_fp; + int reclen; + + while (1) { + /* + * On SIGHUP, we reread the configuration file. Unlike with + * a trail file, we don't reopen the pipe, as we don't want + * to miss records which will be flushed if we do. + */ + if (reread_config) { + reread_config = 0; + warnx("rereading configuration"); + conf_fp = fopen(conffile, "r"); + if (conf_fp == NULL) + err(-1, "%s", conffile); + auditfilterd_conf(conffile, conf_fp); + fclose(conf_fp); + } + if (quit) { + warnx("quitting"); + break; + } + + /* + * For now, be relatively unrobust about incomplete records, + * but in the future will want to do better. Need to look + * more at the right blocking and signal behavior here. + */ + reclen = read(pipe_fd, record, MAX_AUDIT_RECORD_SIZE); + if (reclen < 0) + continue; + if (clock_gettime(CLOCK_REALTIME, &ts) < 0) + err(-1, "clock_gettime"); + present_bsmrecord(&ts, record, reclen); + present_tokens(&ts, record, reclen); + } +} + int main(int argc, char *argv[]) { - const char *trailfile, *conffile; + const char *pipefile, *trailfile, *conffile; FILE *trail_fp, *conf_fp; + struct stat sb; + int pipe_fd; int ch; conffile = AUDITFILTERD_CONFFILE; - trailfile = AUDITFILTERD_TRAILFILE; - while ((ch = getopt(argc, argv, "c:dt:")) != -1) { + trailfile = NULL; + pipefile = NULL; + while ((ch = getopt(argc, argv, "c:dp:t:")) != -1) { switch (ch) { case 'c': conffile = optarg; @@ -216,9 +269,17 @@ break; case 't': + if (trailfile != NULL || pipefile != NULL) + usage(); trailfile = optarg; break; + case 'p': + if (pipefile != NULL || trailfile != NULL) + usage(); + pipefile = optarg; + break; + default: usage(); } @@ -230,9 +291,26 @@ if (argc != 0) usage(); - trail_fp = fopen(trailfile, "r"); - if (trail_fp == NULL) - err(-1, "%s", trailfile); + /* + * We allow only one of a pipe or a trail to be used. If none is + * specified, we provide a default pipe path. + */ + if (pipefile == NULL && trailfile == NULL) + pipefile = AUDITFILTERD_PIPEFILE; + + if (pipefile != NULL) { + pipe_fd = open(pipefile, O_RDONLY); + if (pipe_fd < 0) + err(-1, "open:%s", pipefile); + if (fstat(pipe_fd, &sb) < 0) + err(-1, "stat: %s", pipefile); + if (!S_ISCHR(sb.st_mode)) + errx(-1, "fstat: %s not device", pipefile); + } else { + trail_fp = fopen(trailfile, "r"); + if (trail_fp == NULL) + err(-1, "%s", trailfile); + } conf_fp = fopen(conffile, "r"); if (conf_fp == NULL) @@ -253,7 +331,10 @@ signal(SIGQUIT, signal_handler); signal(SIGTERM, signal_handler); - mainloop(conffile, trailfile, trail_fp); + if (pipefile != NULL) + mainloop_pipe(conffile, pipefile, pipe_fd); + else + mainloop_file(conffile, trailfile, trail_fp); auditfilterd_conf_shutdown(); return (0); ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#2 (text+ko) ==== @@ -25,11 +25,11 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#1 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#2 $ */ #define AUDITFILTERD_CONFFILE "/etc/security/audit_filter" -#define AUDITFILTERD_TRAILFILE "/dev/auditpipe" +#define AUDITFILTERD_PIPEFILE "/dev/auditpipe" /* * Limit on the number of arguments that can appear in an audit_filterd ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#11 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#10 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#11 $ */ #ifndef _BSM_AUDIT_H @@ -264,11 +264,11 @@ unsigned int as_version; unsigned int as_numevent; int as_generated; - int as_nonattring; + int as_nonattrib; int as_kernel; int as_audit; int as_auditctl; - int as_enqueu; + int as_enqueue; int as_written; int as_wblocked; int as_rblocked; ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#2 (text+ko) ==== @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#1 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#2 $ */ #ifndef _BSM_AUDIT_FILTER_H_ @@ -48,7 +48,7 @@ typedef int (*audit_filter_attach_t)(void **instance, int argc, char *argv[]); typedef int (*audit_filter_reinit_t)(void *instance, int argc, char *argv[]); typedef void (*audit_filter_record_t)(void *instance, struct timespec *ts, - int token_count, const tokenstr_t *tok[]); + int token_count, const tokenstr_t tok[]); typedef void (*audit_filter_bsmrecord_t)(void *instance, struct timespec *ts, void *data, u_int len); typedef void (*audit_filter_detach_t)(void *instance); ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#8 (text+ko) ==== @@ -30,23 +30,15 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#7 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#8 $ */ #ifndef _BSM_AUDIT_RECORD_H_ #define _BSM_AUDIT_RECORD_H_ -/* Various token id types */ - /* - * Values inside the comments are not documented in the BSM pages and - * have been picked up from the header files - */ - -/* - * Values marked as XXX do not have a value defined in the BSM header files + * Token type identifiers. */ - #define AUT_INVALID 0x00 #define AUT_OTHER_FILE32 0x11 #define AUT_OHEADER 0x12 ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/configure#4 (xtext) ==== @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#20 . +# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#22 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a5. +# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a6. # # Report bugs to . # @@ -424,8 +424,8 @@ # Identity of this package. PACKAGE_NAME='OpenBSM' PACKAGE_TARNAME='openbsm' -PACKAGE_VERSION='1.0a5' -PACKAGE_STRING='OpenBSM 1.0a5' +PACKAGE_VERSION='1.0a6' +PACKAGE_STRING='OpenBSM 1.0a6' PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org' ac_unique_file="bin/auditreduce/auditreduce.c" @@ -955,7 +955,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenBSM 1.0a5 to adapt to many kinds of systems. +\`configure' configures OpenBSM 1.0a6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1021,7 +1021,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenBSM 1.0a5:";; + short | recursive ) echo "Configuration of OpenBSM 1.0a6:";; esac cat <<\_ACEOF @@ -1162,7 +1162,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -OpenBSM configure 1.0a5 +OpenBSM configure 1.0a6 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1176,7 +1176,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenBSM $as_me 1.0a5, which was +It was created by OpenBSM $as_me 1.0a6, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -19278,7 +19278,7 @@ # Define the identity of the package. PACKAGE=OpenBSM - VERSION=1.0a5 + VERSION=1.0a6 cat >>confdefs.h <<_ACEOF @@ -23477,7 +23477,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by OpenBSM $as_me 1.0a5, which was +This file was extended by OpenBSM $as_me 1.0a6, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23540,7 +23540,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -OpenBSM config.status 1.0a5 +OpenBSM config.status 1.0a6 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#4 (text+ko) ==== @@ -2,8 +2,8 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([OpenBSM], [1.0a5], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) -AC_REVISION([$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#3 $]) +AC_INIT([OpenBSM], [1.0a6], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) +AC_REVISION([$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#4 $]) AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_HEADER([config/config.h]) ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/audit_submit.3#2 (text+ko) ==== @@ -26,8 +26,10 @@ .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. -.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/audit_submit.3#1 $ -.Dd April 11, 2006 +.\" +.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/audit_submit.3#2 $ +.\" +.Dd May 29, 2006 .Dt audit_submit 3 .Os .Sh NAME @@ -44,12 +46,12 @@ .Nm function provides a generic programming interface for audit record submission. This audit record will contain a header, subject token, an optional text token, -return token, and a trailer. The header will contain the event class specified -by +return token, and a trailer. +The header will contain the event class specified by .Fa au_event . The subject token will be generated based on .Fa au_ctx . -The return token of is dependant on the +The return token is dependant on the .Fa status and .Fa reterr @@ -65,6 +67,19 @@ If .Fa format is NULL, then no text token is created in the audit record. +.Pp +It should be noted that +.Nm +assumes that +.Xr setaudit 2 , +or +.Xr setaudit_addr 2 +has already been called. +As a direct result, the terminal ID for the +subject will be retrieved from the kernel via +.Xr getaudit 2 , +or +.Xr getaudit_addr 2 . .Sh EXAMPLES .Bd -literal -offset indent #include @@ -96,12 +111,13 @@ .Ed .Sh SEE ALSO .Xr auditon 2 , +.Xr getaudit 2 , .Xr libbsm 3 , .Xr stdarg 3 .Sh HISTORY The .Nm -first appeared in OpenBSM version 1.0. +function first appeared in OpenBSM version 1.0. OpenBSM 1.0 was introduced in FreeBSD 7.0. .Sh AUTHORS The ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#12 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#11 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#12 $ */ #ifdef __APPLE__ @@ -62,12 +62,12 @@ int reterr, const char *fmt, ...) { char text[MAX_AUDITSTRING_LEN]; - au_tid_t termid; token_t *token; long acond; va_list ap; pid_t pid; int error, afd; + struct auditinfo ai; if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) { /* @@ -92,11 +92,16 @@ errno = error; return (-1); } - /* XXX what should we do for termid? */ - bzero(&termid, sizeof(termid)); + if (getaudit(&ai) < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", + strerror(errno)); + errno = error; + return (-1); + } pid = getpid(); token = au_to_subject32(auid, geteuid(), getegid(), - getuid(), getgid(), pid, pid, &termid); + getuid(), getgid(), pid, pid, &ai.ai_termid); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: unable to build subject token"); ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/auditctl.2#5 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/auditctl.2#4 $ +.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/auditctl.2#5 $ .\" .Dd April 19, 2005 .Dt AUDITCTL 2 @@ -34,7 +34,7 @@ .Sh SYNOPSIS .In bsm/audit.h .Ft int -.Fn auditon "const char *path" +.Fn auditctl "const char *path" .Sh DESCRIPTION The .Fn auditctl