Date: Mon, 24 Apr 2006 20:11:30 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 96011 for review Message-ID: <200604242011.k3OKBUgX088747@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=96011 Change 96011 by rwatson@rwatson_peppercorn on 2006/04/24 20:11:07 Integrate OpenBSM changes from audit3 to audit3/sys. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#26 integrate .. //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#9 integrate .. //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#11 integrate .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#13 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#26 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#25 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#26 $ * $FreeBSD: src/sys/bsm/audit.h,v 1.3 2006/03/04 16:54:21 rwatson Exp $ */ ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#9 (text+ko) ==== @@ -34,7 +34,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#8 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#9 $ * $FreeBSD: src/sys/bsm/audit_internal.h,v 1.2 2006/03/04 16:54:21 rwatson Exp $ */ ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#11 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#10 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#11 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -187,13 +187,19 @@ /* data-types for the arbitrary token */ #define AUR_BYTE 0 +#define AUR_CHAR AUR_BYTE #define AUR_SHORT 1 -#define AUR_LONG 2 +#define AUR_INT32 2 +#define AUR_INT AUR_INT +#define AUR_INT64 3 /* ... and their sizes */ #define AUR_BYTE_SIZE sizeof(u_char) +#define AUR_CHAR_SIZE AUR_BYTE_SIZE #define AUR_SHORT_SIZE sizeof(uint16_t) -#define AUR_LONG_SIZE sizeof(uint32_t) +#define AUR_INT32_SIZE sizeof(uint32_t) +#define AUR_INT_SIZE AUR_INT32_SIZE +#define AUR_INT64_SIZE sizeof(uint64_t) /* Modifiers for the header token */ #define PAD_NOTATTR 0x4000 /* nonattributable event */ @@ -230,24 +236,18 @@ int au_write(int d, token_t *m); int au_close(int d, int keep, short event); int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen); +int au_close_token(token_t *tok, u_char *buffer, size_t *buflen); -#if defined(KERNEL) || defined(_KERNEL) token_t *au_to_file(char *file, struct timeval tm); -#else -token_t *au_to_file(char *file); -#endif -#if defined(KERNEL) || defined(_KERNEL) -token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod, +token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm); -token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod, - struct timeval tm); -#else +#if !defined(KERNEL) && !defined(_KERNEL) token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); +token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); #endif -token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_me(void); token_t *au_to_arg(char n, char *text, uint32_t v); token_t *au_to_arg32(char n, char *text, uint32_t v); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#13 (text+ko) ==== @@ -30,12 +30,13 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#12 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#13 $ * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.2 2006/03/04 17:00:55 rwatson Exp $ */ #include <sys/types.h> #include <sys/endian.h> +#include <sys/queue.h> #include <sys/socket.h> #include <sys/time.h> @@ -208,6 +209,7 @@ /* Determine the size of the basic unit. */ switch (unit_type) { case AUR_BYTE: + /* case AUR_CHAR: */ datasize = AUR_BYTE_SIZE; break; @@ -215,8 +217,13 @@ datasize = AUR_SHORT_SIZE; break; - case AUR_LONG: - datasize = AUR_LONG_SIZE; + case AUR_INT32: + /* case AUR_INT: */ + datasize = AUR_INT32_SIZE; + break; + + case AUR_INT64: + datasize = AUR_INT64_SIZE; break; default: @@ -225,7 +232,7 @@ totdata = datasize * unit_count; - GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char)); + GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); ADD_U_CHAR(dptr, AUT_DATA); ADD_U_CHAR(dptr, unit_print); @@ -299,10 +306,10 @@ token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_IN_ADDR); - ADD_U_INT32(dptr, internet_addr->s_addr); + ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); return (t); } @@ -319,11 +326,11 @@ u_char *dptr = NULL; u_int32_t type = AF_INET6; - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); ADD_U_INT32(dptr, type); - ADD_MEM(dptr, internet_addr, sizeof(*internet_addr)); + ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t)); return (t); } @@ -463,23 +470,12 @@ * file pathname N bytes + 1 terminating NULL byte */ token_t * -#if defined(KERNEL) || defined(_KERNEL) au_to_file(char *file, struct timeval tm) -#else -au_to_file(char *file) -#endif { token_t *t; u_char *dptr = NULL; u_int16_t filelen; u_int32_t timems; -#if !defined(KERNEL) && !defined(_KERNEL) - struct timeval tm; - struct timezone tzp; - - if (gettimeofday(&tm, &tzp) == -1) - return (NULL); -#endif /* XXXRW: else ...? */ filelen = strlen(file); @@ -578,7 +574,7 @@ ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); - ADD_U_INT32(dptr, tid->machine); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } @@ -822,19 +818,26 @@ { token_t *t; u_char *dptr = NULL; + uint16_t family; - GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + - sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + + sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_SOCKINET32); /* - * In Darwin, sin_family is one octet, but BSM defines the token - * to store two. So we copy in a 0 first. + * BSM defines the family field as 16 bits, but many operating + * systems have an 8-bit sin_family field. Extend to 16 bits before + * writing into the token. Assume that both the port and the address + * in the sockaddr_in are already in network byte order, but family + * is in local byte order. + * + * XXXRW: Should a name space conversion be taking place on the value + * of sin_family? */ - ADD_U_CHAR(dptr, 0); - ADD_U_CHAR(dptr, so->sin_family); - ADD_U_INT16(dptr, so->sin_port); - ADD_U_INT32(dptr, so->sin_addr.s_addr); + family = so->sin_family; + ADD_U_INT16(dptr, family); + ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); + ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); return (t); @@ -858,7 +861,7 @@ ADD_U_CHAR(dptr, so->sin6_family); ADD_U_INT16(dptr, so->sin6_port); - ADD_MEM(dptr, &so->sin6_addr, sizeof(so->sin6_addr)); + ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); return (t); @@ -902,7 +905,7 @@ ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); - ADD_U_INT32(dptr, tid->machine); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } @@ -1088,24 +1091,12 @@ * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * -#if defined(KERNEL) || defined(_KERNEL) -au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod, +au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm) -#else -au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) -#endif { token_t *t; u_char *dptr = NULL; u_int32_t timems; -#if !defined(KERNEL) && !defined(_KERNEL) - struct timeval tm; - struct timezone tzp; - - if (gettimeofday(&tm, &tzp) == -1) - return (NULL); -#endif - /* XXXRW: else ...? */ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); @@ -1125,6 +1116,14 @@ } token_t * +au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm) +{ + + return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); +} + +token_t * au_to_header64(__unused int rec_size, __unused au_event_t e_type, __unused au_emod_t e_mod) { @@ -1133,20 +1132,12 @@ } token_t * -#if defined(KERNEL) || defined(_KERNEL) au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm) { return (au_to_header32(rec_size, e_type, e_mod, tm)); } -#else -au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) -{ - - return (au_to_header32(rec_size, e_type, e_mod)); -} -#endif /* * token ID 1 byte
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604242011.k3OKBUgX088747>