From owner-p4-projects@FreeBSD.ORG Mon Feb 6 01:10:59 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2BF6216A423; Mon, 6 Feb 2006 01:10:59 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5A6116A420 for ; Mon, 6 Feb 2006 01:10:58 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8AB8B43D45 for ; Mon, 6 Feb 2006 01:10:58 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k161Awn6094836 for ; Mon, 6 Feb 2006 01:10:58 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k161Aw2J094833 for perforce@freebsd.org; Mon, 6 Feb 2006 01:10:58 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 6 Feb 2006 01:10:58 GMT Message-Id: <200602060110.k161Aw2J094833@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 91206 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2006 01:11:00 -0000 http://perforce.freebsd.org/chv.cgi?CH=91206 Change 91206 by rwatson@rwatson_peppercorn on 2006/02/06 01:10:14 Bring final OpenBSM 1.0 alpha 3 changes into TrustedBSD audit3 branch: - More man page fixes. - Audit review group. - OpenBSM 1.0 alpha 3 notes. - AUE_SYSARCH. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#6 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/VERSION#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.h#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#19 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#6 (text+ko) ==== @@ -1,3 +1,12 @@ +OpenBSM 1.0 alpha 3 + +- Man page formatting, cross reference, mlinks, and accuracy improvements. +- auditd and tools now compile and run on FreeBSD/arm. +- auditd will now fchown() the trail file to the audit review group, if + defined at compile-time. +- Added AUE_SYSARCH for FreeBSD. +- Definition of AUE_SETFSGID fixed for Linux. + OpenBSM 1.0 alpha 2 - Man page formatting improvements. @@ -71,5 +80,6 @@ - Annotate BSM events with origin OS and compatibility information. - auditd(8), audit(8) added to the OpenBSM distribution. auditd extended to support reloading of kernel event table. +- Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#5 $ +$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#6 $ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/VERSION#4 (text+ko) ==== @@ -1,1 +1,1 @@ -OPENBSM_1_0_ALPHA_2 +OPENBSM_1_0_ALPHA_3 ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#3 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#2 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#3 $ */ #include @@ -46,6 +46,7 @@ #include #include +#include #include #include #include @@ -171,6 +172,34 @@ } /* + * Create the new audit file with appropriate permissions and ownership. Try + * to clean up if something goes wrong. + */ +static int +#ifdef AUDIT_REVIEW_GROUP +open_trail(const char *fname, uid_t uid, gid_t gid) +#else +open_trail(const char *fname) +#endif +{ + int error, fd; + + fd = open(fname, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP); + if (fd < 0) + return (-1); +#ifdef AUDIT_REVIEW_GROUP + if (fchown(fd, uid, gid) < 0) { + error = errno; + close(fd); + (void)unlink(fname); + errno = error; + return (-1); + } +#endif + return (fd); +} + +/* * Create the new file name, swap with existing audit file. */ static int @@ -180,7 +209,12 @@ char *fn; char TS[POSTFIX_LEN]; struct dir_ent *dirent; - int fd; +#ifdef AUDIT_REVIEW_GROUP + struct group *grp; + gid_t gid; + uid_t uid; +#endif + int error, fd; if (getTSstr(TS, POSTFIX_LEN) != 0) return (-1); @@ -188,6 +222,22 @@ strcpy(timestr, TS); strcat(timestr, NOT_TERMINATED); +#ifdef AUDIT_REVIEW_GROUP + /* + * XXXRW: Currently, this code falls back to the daemon gid, which is + * likely the wheel group. Is there a better way to deal with this? + */ + grp = getgrnam(AUDIT_REVIEW_GROUP); + if (grp == NULL) { + syslog(LOG_INFO, + "Audit review group '%s' not available, using daemon gid", + AUDIT_REVIEW_GROUP); + gid = -1; + } else + gid = grp->gr_gid; + uid = getuid(); +#endif + /* Try until we succeed. */ while ((dirent = TAILQ_FIRST(&dir_q))) { if ((fn = affixdir(timestr, dirent)) == NULL) { @@ -201,20 +251,27 @@ * kernel if all went well. */ syslog(LOG_INFO, "New audit file is %s\n", fn); - fd = open(fn, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP); +#ifdef AUDIT_REVIEW_GROUP + fd = open_trail(fn, uid, gid); +#else + fd = open_trail(fn); +#endif if (fd < 0) - perror("File open"); - else if (auditctl(fn) != 0) { - syslog(LOG_ERR, - "auditctl failed setting log file! : %s\n", - strerror(errno)); - close(fd); - } else { - /* Success. */ - close_lastfile(TS); - lastfile = fn; - close(fd); - return (0); + warn("open(%s)", fn); + if (fd >= 0) { + error = auditctl(fn); + if (error) { + syslog(LOG_ERR, + "auditctl failed setting log file! : %s\n", + strerror(errno)); + close(fd); + } else { + /* Success. */ + close_lastfile(TS); + lastfile = fn; + close(fd); + return (0); + } } /* ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.h#2 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.h#1 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.h#2 $ */ #ifndef _AUDITD_H_ @@ -43,6 +43,13 @@ #define MAX_DIR_SIZE 255 #define AUDITD_NAME "auditd" +/* + * If defined, then the audit daemon will attempt to chown newly created logs + * to this group. Otherwise, they will be the default for the user running + * auditd, likely the audit group. + */ +#define AUDIT_REVIEW_GROUP "audit" + #define POSTFIX_LEN 16 #define NOT_TERMINATED ".not_terminated" ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#19 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#18 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#19 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ @@ -383,6 +383,7 @@ #define AUE_ACL_DELETE_FD 403 /* FreeBSD. */ #define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */ #define AUE_ACL_CHECK_FD 405 /* FreeBSD. */ +#define AUE_SYSARCH 406 /* FreeBSD. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the