From owner-p4-projects@FreeBSD.ORG  Mon Nov 26 22:59:14 2012
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id 54370FB3; Mon, 26 Nov 2012 22:59:14 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 10EE9FB1
 for <perforce@freebsd.org>; Mon, 26 Nov 2012 22:59:14 +0000 (UTC)
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org
 [IPv6:2001:4f8:fff6::2d])
 by mx1.freebsd.org (Postfix) with ESMTP id E85938FC13
 for <perforce@freebsd.org>; Mon, 26 Nov 2012 22:59:13 +0000 (UTC)
Received: from skunkworks.freebsd.org (localhost [127.0.0.1])
 by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAQMxDK6083214
 for <perforce@freebsd.org>; Mon, 26 Nov 2012 22:59:13 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAQMxDpF083210
 for perforce@freebsd.org; Mon, 26 Nov 2012 22:59:13 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Mon, 26 Nov 2012 22:59:13 GMT
Message-Id: <201211262259.qAQMxDpF083210@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 219849 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2012 22:59:14 -0000

http://p4web.freebsd.org/@@219849?ac=10

Change 219849 by rwatson@rwatson_cinnamon on 2012/11/26 22:58:43

	Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to sys/bsm
	and sys/security/audit.  Mostly cosmetic, one set of additions for
	privilege tokens not yet used by the kernel.

Affected files ...

.. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit.h#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_domain.h#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_errno.h#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_fcntl.h#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_internal.h#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_kevents.h#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_record.h#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_socket_type.h#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm.c#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_domain.c#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_errno.c#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_fcntl.c#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_socket_type.c#2 integrate
.. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_token.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit.h#2 (text) ====

@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#10
+ * $P4$
  * $FreeBSD: head/sys/bsm/audit.h 195740 2009-07-17 14:02:20Z rwatson $
  */
 

==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_domain.h#2 (text) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_domain.h#2
+ * $P4$
  * $FreeBSD: head/sys/bsm/audit_domain.h 191273 2009-04-19 16:17:13Z rwatson $
  */
 

==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_errno.h#2 (text) ====


==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_fcntl.h#2 (text) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_fcntl.h#2
+ * $P4$
  * $FreeBSD: head/sys/bsm/audit_fcntl.h 191147 2009-04-16 20:17:32Z rwatson $
  */
 

==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_internal.h#2 (text) ====

@@ -15,7 +15,7 @@
  * 2.  Redistributions in binary form must reproduce the above copyright
  *     notice, this list of conditions and the following disclaimer in the
  *     documentation and/or other materials provided with the distribution.
- * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
  *     its contributors may be used to endorse or promote products derived
  *     from this software without specific prior written permission.
  *
@@ -30,7 +30,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5
+ * $P4$
  * $FreeBSD: head/sys/bsm/audit_internal.h 187214 2009-01-14 10:44:16Z rwatson $
  */
 

==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_kevents.h#2 (text) ====


==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_record.h#2 (text) ====

@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#10
+ * $P4$
  * $FreeBSD: head/sys/bsm/audit_record.h 191270 2009-04-19 14:53:17Z rwatson $
  */
 

==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_socket_type.h#2 (text) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_socket_type.h#1
+ * $P4$
  * $FreeBSD: head/sys/bsm/audit_socket_type.h 187214 2009-01-14 10:44:16Z rwatson $
  */
 

==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm.c#2 (text) ====

@@ -25,6 +25,8 @@
  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $P4$
  */
 
 #include <sys/cdefs.h>

==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_domain.c#2 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#3
+ * $P4: //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_domain.c#2 $
  */
 
 #include <sys/cdefs.h>

==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_errno.c#2 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18
+ * $P4: //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_errno.c#2 $
  */
 
 #include <sys/cdefs.h>
@@ -666,7 +666,7 @@
 #endif
 	ES("Required key not available") },
 	{ BSM_ERRNO_EKEYEXPIRED,
-#ifdef EKEEXPIRED
+#ifdef EKEYEXPIRED
 	EKEYEXPIRED,
 #else
 	ERRNO_NO_LOCAL_MAPPING,
@@ -680,7 +680,7 @@
 #endif
 	ES("Key has been revoked") },
 	{ BSM_ERRNO_EKEYREJECTED,
-#ifdef EKEREJECTED
+#ifdef EKEYREJECTED
 	EKEYREJECTED,
 #else
 	ERRNO_NO_LOCAL_MAPPING,

==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_fcntl.c#2 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_fcntl.c#2
+ * $P4: //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_fcntl.c#2 $
  */
 
 #include <sys/cdefs.h>

==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_socket_type.c#2 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_socket_type.c#1
+ * $P4: //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_socket_type.c#2 $
  */
 
 #include <sys/cdefs.h>

==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_token.c#2 (text) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93
+ * $P4$
  */
 
 #include <sys/cdefs.h>
@@ -68,6 +68,57 @@
 
 /*
  * token ID                1 byte
+ * success/failure         1 byte
+ * privstrlen              2 bytes
+ * privstr                 N bytes + 1 (\0 byte)
+ */
+token_t *
+au_to_upriv(char sorf, char *priv)
+{
+	u_int16_t textlen;
+	u_char *dptr;
+	token_t *t;
+
+	textlen = strlen(priv) + 1;
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) +
+	    sizeof(u_int16_t) + textlen);
+
+	ADD_U_CHAR(dptr, AUT_UPRIV);
+	ADD_U_CHAR(dptr, sorf);
+	ADD_U_INT16(dptr, textlen);
+	ADD_STRING(dptr, priv, textlen);
+	return (t);
+}
+
+/*
+ * token ID		1 byte
+ * privtstrlen		2 bytes
+ * privtstr		N bytes + 1
+ * privstrlen		2 bytes
+ * privstr		N bytes + 1
+ */
+token_t *
+au_to_privset(char *privtypestr, char *privstr)
+{
+	u_int16_t	 type_len, priv_len;
+	u_char		*dptr;
+	token_t		*t;
+
+	type_len = strlen(privtypestr) + 1;
+	priv_len = strlen(privstr) + 1;
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
+	    sizeof(u_int16_t) + type_len + priv_len);
+
+	ADD_U_CHAR(dptr, AUT_PRIV);
+	ADD_U_INT16(dptr, type_len);
+	ADD_STRING(dptr, privtypestr, type_len);
+	ADD_U_INT16(dptr, priv_len);
+	ADD_STRING(dptr, privstr, priv_len);
+	return (t);
+}
+
+/*
+ * token ID                1 byte
  * argument #              1 byte
  * argument value          4 bytes/8 bytes (32-bit/64-bit value)
  * text length             2 bytes
@@ -1204,9 +1255,9 @@
 				auinfo.ai_asid, &auinfo.ai_termid));
 		} else {
 			/* getaudit_addr(2) failed for some other reason. */
-			return (NULL); 
+			return (NULL);
 		}
-	} 
+	}
 
 	return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
 		getgid(), getpid(), aia.ai_asid, &aia.ai_termid));
@@ -1438,7 +1489,7 @@
 	ADD_U_INT32(dptr, tm.tv_sec);
 	ADD_U_INT32(dptr, timems);      /* We need time in ms. */
 
-	return (t);   
+	return (t);
 }
 
 token_t *