Date: Mon, 17 Oct 2005 07:50:19 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 85415 for review Message-ID: <200510170750.j9H7oJKL037567@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=85415 Change 85415 by rwatson@rwatson_peppercorn on 2005/10/17 07:49:40 Synchronize kern_bsm_token.c to libbsm's bsm_token.c: update copyright and credits, white space, style, general cleanup, annotate some potential issues. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#10 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#10 (text+ko) ==== @@ -1,8 +1,11 @@ /* * Copyright (c) 2004, Apple Computer, Inc. - * Copyright (c) 2005 Robert N. M. Watson + * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * + * This code was developed in part by Robert N. M. Watson, Senior Principal + * Scientist, SPARTA, Inc. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -54,28 +57,20 @@ #include <security/audit/audit.h> #include <security/audit/audit_private.h> -#define GET_TOKEN_AREA(t, dptr, length) \ - do {\ - t = (token_t *) malloc (sizeof(token_t), M_AUDIT, M_WAITOK);\ - if(t != NULL)\ - {\ - t->len = length;\ - t->t_data = (u_char *) malloc (length * sizeof(u_char),\ - M_AUDIT, M_WAITOK);\ - if((dptr = t->t_data) == NULL)\ - {\ - free(t, M_AUDIT);\ - t = NULL;\ - }\ - else\ - {\ - memset(dptr, 0, length);\ - }\ - }\ - }while(0) +#define GET_TOKEN_AREA(t, dptr, length) do { \ + t = malloc(sizeof(token_t), M_AUDIT, M_WAITOK); \ + if (t != NULL) { \ + t->len = length; \ + t->t_data = malloc(length * sizeof(u_char), \ + M_AUDIT, M_WAITOK); \ + if ((dptr = t->t_data) == NULL) { \ + free(t, M_AUDIT); \ + t = NULL; \ + } else \ + memset(dptr, 0, length); \ + } \ +} while (0) - - /* * token ID 1 byte * argument # 1 byte @@ -83,20 +78,20 @@ * text length 2 bytes * text N bytes + 1 terminating NULL byte */ -token_t *au_to_arg32(char n, char *text, u_int32_t v) +token_t * +au_to_arg32(char n, char *text, u_int32_t v) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; - if(text == NULL) - return NULL; + if (text == NULL) + return (NULL); textlen = strlen(text); GET_TOKEN_AREA(t, dptr, 9 + textlen); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); textlen += 1; @@ -106,24 +101,24 @@ ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); - return t; + return (t); } -token_t *au_to_arg64(char n, char *text, u_int64_t v) +token_t * +au_to_arg64(char n, char *text, u_int64_t v) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; - if(text == NULL) - return NULL; + if (text == NULL) + return (NULL); textlen = strlen(text); GET_TOKEN_AREA(t, dptr, 13 + textlen); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); textlen += 1; @@ -133,13 +128,15 @@ ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); - return t; + return (t); } -token_t *au_to_arg(char n, char *text, u_int32_t v) +token_t * +au_to_arg(char n, char *text, u_int32_t v) { - return au_to_arg32(n, text, v); + + return (au_to_arg32(n, text, v)); } #if defined(_KERNEL) || defined(KERNEL) @@ -152,20 +149,20 @@ * node ID 8 bytes * device 4 bytes/8 bytes (32-bit/64-bit) */ -token_t *au_to_attr32(struct vnode_au_info *vni) +token_t * +au_to_attr32(struct vnode_au_info *vni) { token_t *t; u_char *dptr = NULL; u_int16_t pad0_16 = 0; u_int16_t pad0_32 = 0; - if(vni == NULL) - return NULL; + if (vni == NULL) + return (NULL); GET_TOKEN_AREA(t, dptr, 29); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_ATTR32); @@ -189,27 +186,28 @@ if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { ADD_U_INT32(dptr, pad0_32); ADD_U_INT32(dptr, vni->vn_fileid); - } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) { + } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) ADD_U_INT64(dptr, vni->vn_fileid); - } else { + else ADD_U_INT64(dptr, 0LL); - } ADD_U_INT32(dptr, vni->vn_dev); - return t; + return (t); } -token_t *au_to_attr64(struct vnode_au_info *vni) +token_t * +au_to_attr64(struct vnode_au_info *vni) { - return NULL; + return (NULL); } -token_t *au_to_attr(struct vnode_au_info *vni) +token_t * +au_to_attr(struct vnode_au_info *vni) { - return au_to_attr32(vni); + return (au_to_attr32(vni)); } #endif /* !(defined(_KERNEL) || defined(KERNEL) */ @@ -220,37 +218,39 @@ * unit count 1 byte * data items (depends on basic unit) */ -token_t *au_to_data(char unit_print, char unit_type, - char unit_count, char *p) +token_t * +au_to_data(char unit_print, char unit_type, char unit_count, char *p) { token_t *t; u_char *dptr = NULL; size_t datasize, totdata; - if(p == NULL) - return NULL; + if (p == NULL) + return (NULL); - /* Determine the size of the basic unit */ - switch(unit_type) { - case AUR_BYTE: datasize = AUR_BYTE_SIZE; - break; + /* Determine the size of the basic unit. */ + switch (unit_type) { + case AUR_BYTE: + datasize = AUR_BYTE_SIZE; + break; - case AUR_SHORT: datasize = AUR_SHORT_SIZE; - break; + case AUR_SHORT: + datasize = AUR_SHORT_SIZE; + break; - case AUR_LONG: datasize = AUR_LONG_SIZE; - break; + case AUR_LONG: + datasize = AUR_LONG_SIZE; + break; - default: - return NULL; + default: + return (NULL); } totdata = datasize * unit_count; GET_TOKEN_AREA(t, dptr, totdata + 4); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_DATA); ADD_U_CHAR(dptr, unit_print); @@ -258,7 +258,7 @@ ADD_U_CHAR(dptr, unit_count); ADD_MEM(dptr, p, totdata); - return t; + return (t); } @@ -267,28 +267,30 @@ * status 4 bytes * return value 4 bytes */ -token_t *au_to_exit(int retval, int err) +token_t * +au_to_exit(int retval, int err) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 9); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_EXIT); ADD_U_INT32(dptr, err); ADD_U_INT32(dptr, retval); - return t; + return (t); } /* */ -token_t *au_to_groups(int *groups) +token_t * +au_to_groups(int *groups) { - return au_to_newgroups(BSM_MAX_GROUPS, groups); + + return (au_to_newgroups(BSM_MAX_GROUPS, groups)); } /* @@ -296,53 +298,49 @@ * number groups 2 bytes * group list count * 4 bytes */ -token_t *au_to_newgroups(u_int16_t n, gid_t *groups) +token_t * +au_to_newgroups(u_int16_t n, gid_t *groups) { token_t *t; u_char *dptr = NULL; int i; - if(groups == NULL) - return NULL; + if (groups == NULL) + return (NULL); GET_TOKEN_AREA(t, dptr, n * 4 + 3); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_NEWGROUPS); ADD_U_INT16(dptr, n); - for(i = 0; i < n; i++) { - ADD_U_INT32(dptr, groups[i]); - } + for (i = 0; i < n; i++) + ADD_U_INT32(dptr, groups[i]); - return t; + return (t); } - - - /* * token ID 1 byte * internet address 4 bytes */ -token_t *au_to_in_addr(struct in_addr *internet_addr) +token_t * +au_to_in_addr(struct in_addr *internet_addr) { token_t *t; u_char *dptr = NULL; - if(internet_addr == NULL) - return NULL; + if (internet_addr == NULL) + return (NULL); GET_TOKEN_AREA(t, dptr, 5); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_IN_ADDR); ADD_U_INT32(dptr, internet_addr->s_addr); - return t; + return (t); } /* @@ -350,19 +348,19 @@ * address type/length 4 bytes * Address 16 bytes */ -token_t *au_to_in_addr_ex(struct in6_addr *internet_addr) +token_t * +au_to_in_addr_ex(struct in6_addr *internet_addr) { token_t *t; u_char *dptr = NULL; u_int32_t type = AF_INET6; - if(internet_addr == NULL) - return NULL; + if (internet_addr == NULL) + return (NULL); GET_TOKEN_AREA(t, dptr, 21); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); ADD_U_INT32(dptr, type); @@ -371,25 +369,25 @@ ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[2]); ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[3]); - return t; + return (t); } /* * token ID 1 byte * ip header 20 bytes */ -token_t *au_to_ip(struct ip *ip) +token_t * +au_to_ip(struct ip *ip) { token_t *t; u_char *dptr = NULL; - if(ip == NULL) - return NULL; + if (ip == NULL) + return (NULL); GET_TOKEN_AREA(t, dptr, 21); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_IP); /* @@ -397,7 +395,7 @@ */ ADD_MEM(dptr, ip, sizeof(struct ip)); - return t; + return (t); } /* @@ -405,22 +403,22 @@ * object ID type 1 byte * object ID 4 bytes */ -token_t *au_to_ipc(char type, int id) +token_t * +au_to_ipc(char type, int id) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 6); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_IPC); ADD_U_CHAR(dptr, type); ADD_U_INT32(dptr, id); - return t; + return (t); } /* @@ -433,24 +431,23 @@ * slot sequence # 4 bytes * key 4 bytes */ -token_t *au_to_ipc_perm(struct ipc_perm *perm) +token_t * +au_to_ipc_perm(struct ipc_perm *perm) { token_t *t; u_char *dptr = NULL; u_int16_t pad0 = 0; - if(perm == NULL) - return NULL; + if (perm == NULL) + return (NULL); GET_TOKEN_AREA(t, dptr, 29); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_IPC_PERM); - /* * Darwin defines the sizes for ipc_perm members * as 2 bytes; BSM defines 4 so pad with 0 @@ -475,7 +472,7 @@ ADD_U_INT32(dptr, perm->key); - return t; + return (t); } @@ -483,60 +480,61 @@ * token ID 1 byte * port IP address 2 bytes */ -token_t *au_to_iport(u_int16_t iport) +token_t * +au_to_iport(u_int16_t iport) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 3); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_IPORT); ADD_U_INT16(dptr, iport); - return t; + return (t); } /* * token ID 1 byte - * size 2 bytes + * size 2 bytes * data size bytes */ -token_t *au_to_opaque(char *data, u_int16_t bytes) +token_t * +au_to_opaque(char *data, u_int16_t bytes) { token_t *t; u_char *dptr = NULL; - if((data == NULL) || (bytes <= 0)) - return NULL; + if ((data == NULL) || (bytes <= 0)) + return (NULL); GET_TOKEN_AREA(t, dptr, bytes + 3); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_OPAQUE); ADD_U_INT16(dptr, bytes); ADD_MEM(dptr, data, bytes); - return t; + return (t); } /* - * token ID 1 byte - * seconds of time 4 bytes - * milliseconds of time 4 bytes - * file name len 2 bytes - * file pathname N bytes + 1 terminating NULL byte + * token ID 1 byte + * seconds of time 4 bytes + * milliseconds of time 4 bytes + * file name len 2 bytes + * file pathname N bytes + 1 terminating NULL byte */ +token_t * #if defined(KERNEL) || defined(_KERNEL) -token_t *au_to_file(char *file, struct timeval tm) +au_to_file(char *file, struct timeval tm) #else -token_t *au_to_file(char *file) +au_to_file(char *file) #endif { token_t *t; @@ -547,53 +545,50 @@ struct timeval tm; struct timezone tzp; - if(gettimeofday(&tm, &tzp) == -1) { - return NULL; - } + if (gettimeofday(&tm, &tzp) == -1) + return (NULL); #endif + /* XXXRW: else ...? */ - if(file == NULL) - return NULL; + if (file == NULL) + return (NULL); filelen = strlen(file); GET_TOKEN_AREA(t, dptr, filelen + 12); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); filelen += 1; timems = tm.tv_usec/1000; ADD_U_CHAR(dptr, AUT_OTHER_FILE32); ADD_U_INT32(dptr, tm.tv_sec); - ADD_U_INT32(dptr, timems); /* We need time in ms */ + ADD_U_INT32(dptr, timems); /* We need time in ms. */ ADD_U_INT16(dptr, filelen); ADD_STRING(dptr, file, filelen); - return t; - + return (t); } - /* * token ID 1 byte * text length 2 bytes * text N bytes + 1 terminating NULL byte */ -token_t *au_to_text(char *text) +token_t * +au_to_text(char *text) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; - if(text == NULL) - return NULL; + if (text == NULL) + return (NULL); textlen = strlen(text); GET_TOKEN_AREA(t, dptr, textlen + 4); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); textlen += 1; @@ -601,7 +596,7 @@ ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); - return t; + return (t); } /* @@ -609,20 +604,20 @@ * path length 2 bytes * path N bytes + 1 terminating NULL byte */ -token_t *au_to_path(char *text) +token_t * +au_to_path(char *text) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; - if(text == NULL) - return NULL; + if (text == NULL) + return (NULL); textlen = strlen(text); GET_TOKEN_AREA(t, dptr, textlen + 4); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); textlen += 1; @@ -630,7 +625,7 @@ ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); - return t; + return (t); } /* @@ -646,21 +641,19 @@ * port ID 4 bytes/8 bytes (32-bit/64-bit value) * machine address 4 bytes */ -token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid) +token_t * +au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, + pid_t pid, au_asid_t sid, au_tid_t *tid) { token_t *t; u_char *dptr = NULL; - if(tid == NULL) - return NULL; - + if (tid == NULL) + return (NULL); GET_TOKEN_AREA(t, dptr, 37); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_PROCESS32); ADD_U_INT32(dptr, auid); @@ -673,23 +666,24 @@ ADD_U_INT32(dptr, tid->port); ADD_U_INT32(dptr, tid->machine); - return t; + return (t); } -token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid) +token_t * +au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, + pid_t pid, au_asid_t sid, au_tid_t *tid) { - return NULL; + return (NULL); } -token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid) +token_t * +au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, + pid_t pid, au_asid_t sid, au_tid_t *tid) { - return au_to_process32(auid, euid, egid, ruid, rgid, pid, - sid, tid); + + return (au_to_process32(auid, euid, egid, ruid, rgid, pid, sid, + tid)); } /* @@ -706,20 +700,19 @@ * address type-len 4 bytes * machine address 16 bytes */ -token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid) +token_t * +au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { token_t *t; u_char *dptr = NULL; - if(tid == NULL) - return NULL; + if (tid == NULL) + return (NULL); GET_TOKEN_AREA(t, dptr, 53); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_PROCESS32_EX); ADD_U_INT32(dptr, auid); @@ -736,23 +729,24 @@ ADD_U_INT32(dptr, tid->at_addr[2]); ADD_U_INT32(dptr, tid->at_addr[3]); - return t; + return (t); } -token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid) +token_t * +au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { - return NULL; + return (NULL); } -token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid) +token_t * +au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { - return au_to_process32_ex(auid, euid, egid, ruid, rgid, - pid, sid, tid); + + return (au_to_process32_ex(auid, euid, egid, ruid, rgid, pid, sid, + tid)); } /* @@ -760,66 +754,65 @@ * error status 1 byte * return value 4 bytes/8 bytes (32-bit/64-bit value) */ -token_t *au_to_return32(char status, u_int32_t ret) +token_t * +au_to_return32(char status, u_int32_t ret) { token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, 6); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_RETURN32); ADD_U_CHAR(dptr, status); ADD_U_INT32(dptr, ret); - return t; + return (t); } -token_t *au_to_return64(char status, u_int64_t ret) +token_t * +au_to_return64(char status, u_int64_t ret) { token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, 10); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_RETURN64); ADD_U_CHAR(dptr, status); ADD_U_INT64(dptr, ret); - return t; + return (t); } -token_t *au_to_return(char status, u_int32_t ret) +token_t * +au_to_return(char status, u_int32_t ret) { - return au_to_return32(status, ret); + + return (au_to_return32(status, ret)); } /* * token ID 1 byte * sequence number 4 bytes */ -token_t *au_to_seq(long audit_count) +token_t * +au_to_seq(long audit_count) { token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, 5); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_SEQ); ADD_U_INT32(dptr, audit_count); - return t; + return (t); } /* @@ -830,29 +823,31 @@ * remote port 2 bytes * remote Internet address 4 bytes */ -token_t *au_to_socket(struct socket *so) { +token_t * +au_to_socket(struct socket *so) +{ - return NULL; + /* XXXRW ... */ + return (NULL); } /* * Kernel-specific version of the above function. */ #ifdef _KERNEL -token_t *kau_to_socket(struct socket_au_info *soi) +token_t * +kau_to_socket(struct socket_au_info *soi) { token_t *t; u_char *dptr; u_int16_t so_type; - if(soi == NULL) { - return NULL; - } + if (soi == NULL) + return (NULL); GET_TOKEN_AREA(t, dptr, 15); - if(t == NULL) { - return NULL; - } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AU_SOCK_TOKEN); /* Coerce the socket type into a short value */ @@ -863,7 +858,7 @@ ADD_U_INT16(dptr, soi->so_rport); ADD_U_INT32(dptr, soi->so_raddr); - return t; + return (t); } #endif @@ -877,18 +872,20 @@ * address type/length 4 bytes * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address) */ -token_t *au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, - struct sockaddr *la, struct sockaddr *ra) +token_t * +au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, struct sockaddr *la, + struct sockaddr *ra) { - return NULL; + return (NULL); } -token_t *au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, - struct sockaddr *la, struct sockaddr *ra) +token_t * +au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, struct sockaddr *la, + struct sockaddr *ra) >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510170750.j9H7oJKL037567>