Date: Mon, 24 Mar 2008 05:15:03 GMT From: Aaron Meihm <alm@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 138411 for review Message-ID: <200803240515.m2O5F3eV090395@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=138411 Change 138411 by alm@alm_praetorian on 2008/03/24 05:14:11 Submit modified netauditd code in preparation for new worker thread model. Affected files ... .. //depot/projects/trustedbsd/netauditd/Makefile#5 edit .. //depot/projects/trustedbsd/netauditd/README#3 edit .. //depot/projects/trustedbsd/netauditd/component.c#7 delete .. //depot/projects/trustedbsd/netauditd/conf.c#7 edit .. //depot/projects/trustedbsd/netauditd/conf.h#1 add .. //depot/projects/trustedbsd/netauditd/crypto.c#6 delete .. //depot/projects/trustedbsd/netauditd/crypto.h#2 delete .. //depot/projects/trustedbsd/netauditd/grammar.y#1 add .. //depot/projects/trustedbsd/netauditd/netauditd.c#16 edit .. //depot/projects/trustedbsd/netauditd/netauditd.conf#5 edit .. //depot/projects/trustedbsd/netauditd/netauditd.h#11 edit .. //depot/projects/trustedbsd/netauditd/token.l#1 add Differences ... ==== //depot/projects/trustedbsd/netauditd/Makefile#5 (text+ko) ==== @@ -1,10 +1,23 @@ -PROG= netauditd -SRCS= netauditd.c component.c conf.c crypto.c -NO_MAN= +CC = gcc +CFLAGS = -Wall -g +TARGETS = netauditd +OBJ = conf.o lex.yy.o netauditd.o y.tab.o + +all: $(TARGETS) + +.c.o: + $(CC) $(CFLAGS) -c $< + +clean: + rm -f $(TARGETS) *.o *.core ktrace.out lex.yy.c y.tab.* y.output -DPADD= ${LIBSSL} -LDADD= -lssl +lex.yy.o: y.tab.o token.l + lex token.l + $(CC) $(CFLAGS) -c lex.yy.c -CFLAGS+= -Wall -ggdb +netauditd: $(OBJ) + $(CC) $(CFLAGS) -o $@ $(OBJ) -.include <bsd.prog.mk> +y.tab.o: grammar.y + yacc -vd grammar.y + $(CC) $(CFLAGS) -c y.tab.c ==== //depot/projects/trustedbsd/netauditd/README#3 (text+ko) ==== @@ -1,21 +1,0 @@ -Netauditd v1.0.0a - - Introduction - -Netauditd is a daemon which given one or more audit inputs, will write the -records to one or more outputs. Currently, inputs may include audit pipes -or network sockets. Outputs may include a file or audit trail, or a remote -host running netauditd. - - Sample Configuration - -A basic configuration example may be as follows: - -src src0 pipe /dev/auditpipe -dst dst0 trail /tmp/src0/trail src0 -dst dst1 net 127.0.0.1 9999 src0 - -This defines an audit input source "src0" which references an audit pipe. -Two output sources have been defined for "src0", a trail and a remote -host. It should be noted that a single "dst" can reference multiple -sources. ==== //depot/projects/trustedbsd/netauditd/conf.c#7 (text+ko) ==== @@ -23,242 +23,98 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -#include <sys/types.h> #include <sys/queue.h> -#include <sys/select.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/time.h> - -#include <openssl/ssl.h> #include <stdio.h> #include <stdlib.h> +#include <stdarg.h> #include <string.h> #include <unistd.h> -#include <stdarg.h> #include <err.h> -#include <errno.h> -#include <fcntl.h> -#include <netdb.h> -#include <signal.h> -#include <bsm/libbsm.h> - -#include "crypto.h" +#include "conf.h" #include "netauditd.h" -#define SYNTAX_ERROR(x, y) { (void) fprintf(stderr, \ - "netauditd: Syntax error: %s:%d\n", \ - x, y); \ - exit(1); } +char *conf_path; +int lineno = 1; -static const struct conf_ent { - char *c_cmd; - char *c_arg1; - char *c_arg2; - int c_min_args; - int (*c_func)(args_t *); -} conftab[] = { - { "src", NULL, "pipe", 4, conf_parse_src_pipe }, - { "src", NULL, "net", 5, conf_parse_net }, - { "dst", NULL, "trail", 5, conf_parse_dst_trail }, - { "dst", NULL, "net", 6, conf_parse_net }, - { "crypto", "keyfile", NULL, 3, conf_parse_keyfile }, - { "crypto", "dsaparam", NULL, 3, conf_parse_keyfile }, - { "crypto", "cacert", NULL, 3, conf_parse_keyfile }, - { NULL, NULL, NULL, 0, NULL } -}; +extern char *yytext; +extern FILE *yyin; +extern int yyparse(void); -int -conf_parse_keyfile(args_t *a) +void +conf_error(char *fmt, ...) { + char buf[1024]; + va_list ap; - if (strcmp(a->args[1], "keyfile") == 0) - crypto_keyfile = a->args[2]; - if (strcmp(a->args[1], "dsaparam") == 0) - crypto_dsaparam = a->args[2]; - if (strcmp(a->args[1], "cacert") == 0) - crypto_cacert = a->args[2]; - crypto_enabled = 1; - return (0); + va_start(ap, fmt); + (void) vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); + (void) fprintf(stderr, "netauditd: %s:%d: %s\n", conf_path, lineno, + buf); + exit(2); } -int -conf_parse_net(args_t *a) +struct au_cmpnt * +conf_get_src(char *name) { - struct addrinfo hints; - struct au_cmpnt *new; - char *host, *svc; - int is_src = 0; + struct au_cmpnt *ret; - if (strcmp(a->args[0], "src") == 0) - is_src = 1; - else if (strcmp(a->args[0], "dst") != 0) - return (-1); - host = a->args[3]; - svc = a->args[4]; - if ((new = component_init(is_src, a->args[2], a->args[1])) == NULL) - exit(2); - (void) memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - if (is_src) { - hints.ai_flags = AI_PASSIVE; - new->ac_type = NETAUDIT_SRC_NET; + TAILQ_FOREACH(ret, &ac_list_src, ac_glue) { + if (strcmp(ret->ac_name, name) == 0) + return (ret); } - else - new->ac_type = NETAUDIT_DST_NET; - if (getaddrinfo(host, svc, &hints, &new->ac_ainfo) != 0) { - component_destroy(new); - return (-1); - } - if (is_src) - TAILQ_INSERT_TAIL(&au_srclist, new, ac_glue); - else { - if (conf_link_consumers(new, a, 5) == -1) { - component_destroy(new); - return (-1); - } - TAILQ_INSERT_TAIL(&au_dstlist, new, ac_glue); - } - return (0); + return (NULL); } -int -conf_link_consumers(struct au_cmpnt *ac, args_t *a, int start) +struct au_cmpnt * +conf_get_dst(char *name) { - struct au_cmpnt *ptr; - int i; + struct au_cmpnt *ret; - for (i = start; i < a->args_n; i++) { - if ((ptr = component_get_src(a->args[i])) == NULL) - return (-1); - dprintf("%s <- %s\n", ac->ac_name, ptr->ac_name); - if (ptr->ac_consumers == NULL) { - ptr->ac_consumers = malloc(sizeof(struct au_cmpnt *)); - ptr->ac_nconsumers = 1; - } - else { - ptr->ac_nconsumers++; - ptr->ac_consumers = realloc(ptr->ac_consumers, - sizeof(struct au_cmpnt *) * ptr->ac_nconsumers); - } - ptr->ac_consumers[ptr->ac_nconsumers - 1] = ac; + TAILQ_FOREACH(ret, &ac_list_dst, ac_glue) { + if (strcmp(ret->ac_name, name) == 0) + return (ret); } - return (0); + return (NULL); } -int -conf_parse_src_pipe(args_t *a) +void +conf_link(struct au_cmpnt *src, struct au_cmpnt *dst) { - struct au_cmpnt *new; - - if ((new = component_init(1, a->args[2], a->args[1])) == NULL) - exit(2); - if ((new->ac_path = strdup(a->args[3])) == NULL) - exit(2); - TAILQ_INSERT_TAIL(&au_srclist, new, ac_glue); - return (0); -} - -int -conf_parse_dst_trail(args_t *a) -{ - struct au_cmpnt *new; - - if ((new = component_init(0, a->args[2], a->args[1])) == NULL) - exit(2); - if ((new->ac_path = strdup(a->args[3])) == NULL) - exit(2); - if (conf_link_consumers(new, a, 4) == -1) { - component_destroy(new); - return (-1); - } - TAILQ_INSERT_TAIL(&au_dstlist, new, ac_glue); - return (0); -} - -args_t * -conf_parse_args(char *buf) -{ - args_t *ret; - char *s0, *ptr; - - ret = malloc(sizeof(args_t)); - if (ret == NULL) - exit(2); - (void) memset(ret, 0, sizeof(args_t)); - for (s0 = buf; (ptr = strsep(&s0, " ")) != NULL;) { - ret->args[ret->args_n] = strdup(ptr); - if (ret->args[ret->args_n] == NULL) - exit(2); - ret->args_n++; - if (ret->args_n == MAX_ARGUMENTS) - break; - } - return (ret); + if ((src == NULL) || (dst == NULL)) + conf_error("A component specified does not exist"); + src->ac_ndsts++; + if (src->ac_dsts == NULL) + src->ac_dsts = malloc(sizeof(struct au_cmpnt *)); + else + src->ac_dsts = realloc(src->ac_dsts, + sizeof(struct au_cmpnt *) * src->ac_ndsts); + src->ac_dsts[src->ac_ndsts - 1] = dst; } void -conf_free_args(args_t *a) +conf_load(char *path) { - int i; + FILE *f; - for (i = 0; i < a->args_n; i++) - free(a->args[i]); - free(a); + f = fopen(conf_path, "r"); + if (f == NULL) + err(2, "%s", conf_path); + yyin = f; + (void) yyparse(); + (void) fclose(f); } void -conf_parse(char *buf, int lc) +yyerror(const char *str) { - const struct conf_ent *cptr; - args_t *a; - int i; - - if (buf == NULL) - return; - for (i = 0; i < strlen(buf); i++) - if (buf[i] == '\n') { - buf[i] = '\0'; - break; - } - if ((buf[0] == '#') || (buf[0] == '\0')) - return; - dprintf("%d: \"%s\"\n", lc, buf); - a = conf_parse_args(buf); - /* The minimum number of arguments for a command is 3. */ - if (a->args_n < 3) - SYNTAX_ERROR(conf_path, lc) - for (cptr = conftab; cptr->c_cmd != NULL; cptr++) { - if ((strcmp(cptr->c_cmd, a->args[0]) == 0) && - (cptr->c_arg1 ? (strcmp(cptr->c_arg1, a->args[1]) == 0) - : 1) && - (cptr->c_arg2 ? (strcmp(cptr->c_arg2, a->args[2]) == 0) - : 1)) { - if (a->args_n < cptr->c_min_args) - SYNTAX_ERROR(conf_path, lc) - if (cptr->c_func(a) == -1) - SYNTAX_ERROR(conf_path, lc) - break; - } - } - if (cptr->c_cmd == NULL) - SYNTAX_ERROR(conf_path, lc) - conf_free_args(a); + conf_error("Syntax error near '%s'", yytext); } -void -conf_load(char *path) +int +yywrap() { - char confbuf[1024]; - FILE *fp; - int lc = 0; - - if ((fp = fopen(path, "r")) == NULL) - err(1, "%s", path); - while (fgets(confbuf, sizeof(confbuf), fp) != NULL) - conf_parse(confbuf, ++lc); - (void) fclose(fp); + return (1); } ==== //depot/projects/trustedbsd/netauditd/netauditd.c#16 (text+ko) ==== @@ -24,527 +24,49 @@ * SUCH DAMAGE. */ #include <sys/types.h> +#include <sys/socket.h> #include <sys/queue.h> -#include <sys/select.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/time.h> -#include <sys/ioctl.h> -#include <sys/endian.h> - -#include <bsm/audit.h> -#include <bsm/libbsm.h> -#include <security/audit/audit_ioctl.h> -#include <openssl/ssl.h> -#include <assert.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> -#include <stdarg.h> -#include <err.h> -#include <errno.h> -#include <fcntl.h> #include <netdb.h> -#include <signal.h> -#include "crypto.h" +#include "conf.h" #include "netauditd.h" -#define FLAG_DEBUG 1 -#define FLAG_FOREGROUND (1 << 1) +ac_head_t ac_list_src; +ac_head_t ac_list_dst; -char *conf_path = "/usr/local/etc/netauditd.conf"; -int netaudit_flags; +extern char *conf_path; -void -dprintf(char *fmt, ...) -{ - char buf[2048]; - va_list ap; - - if (!(netaudit_flags & FLAG_DEBUG)) - return; - va_start(ap, fmt); - (void) vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - (void) fprintf(stderr, "debug: %s", buf); -} - int main(int argc, char *argv[]) { char ch; - while ((ch = getopt(argc, argv, "Ddf:h")) != -1) { + conf_path = DEFAULT_CONF_PATH; + while ((ch = getopt(argc, argv, "f:h")) != -1) { switch (ch) { - case 'D': - netaudit_flags |= FLAG_FOREGROUND; - break; - case 'd': - netaudit_flags |= FLAG_DEBUG; - break; case 'f': conf_path = optarg; break; + default: case 'h': - default: usage(); - /* NOT REACHED */ + /* Not reached */ } } - dprintf("debugging enabled\n"); - TAILQ_INIT(&au_srclist); - TAILQ_INIT(&au_dstlist); + TAILQ_INIT(&ac_list_src); + TAILQ_INIT(&ac_list_dst); conf_load(conf_path); - (void) signal(SIGPIPE, SIG_IGN); - netaudit_run(); return (0); } void -netaudit_build_rfds(fd_set *rfds) +usage() { - struct au_srcbuffer *asb; - struct au_cmpnt *au; - - TAILQ_FOREACH(au, &au_srclist, ac_glue) { - if (au->ac_type == NETAUDIT_SRC_NET) { - TAILQ_FOREACH(asb, &au->ac_sbufq, sb_glue) - FD_SET(asb->sb_fd, rfds); - } - FD_SET(au->ac_fd, rfds); - } -} - -void -netaudit_record_handler(fd_set *rfds) -{ - struct au_srcbuffer *asb, *tmp; - struct au_cmpnt *au; - - TAILQ_FOREACH(au, &au_srclist, ac_glue) { - if (FD_ISSET(au->ac_fd, rfds)) { - switch(au->ac_type) { - case NETAUDIT_SRC_PIPE: - netaudit_pipe_read(au); - break; - case NETAUDIT_SRC_NET: - netaudit_socket_accept(au); - break; - default: - exit(2); - } - } - } - TAILQ_FOREACH(au, &au_srclist, ac_glue) { - if (au->ac_type != NETAUDIT_SRC_NET) - continue; - TAILQ_FOREACH_SAFE(asb, &au->ac_sbufq, sb_glue, tmp) - if (FD_ISSET(asb->sb_fd, rfds)) - if (netaudit_socket_read(asb) == -1) { - /* A read error occurred while reading - * a record from a connected client. - * We remove the client and continue. - * This may occur after an sb_recbuf - * object has been allocated. */ - (void) close(asb->sb_fd); - TAILQ_REMOVE(&au->ac_sbufq, asb, - sb_glue); - free(asb->sb_sockaddr); - if (asb->sb_recbuf != NULL) { - free(asb->sb_recbuf->ar_rec); - free(asb->sb_recbuf); - } - free(asb); - } - } -} - -void -netaudit_run(void) -{ - fd_set rfds; - struct timeval tv; - struct au_cmpnt *au; - int ret, fd; -#ifdef AUDITPIPE_SET_BUFMODE - int opt; -#endif - - TAILQ_FOREACH(au, &au_srclist, ac_glue) { - switch (au->ac_type) { - case NETAUDIT_SRC_PIPE: - au->ac_fd = open(au->ac_path, O_RDONLY); - if (au->ac_fd == -1) - err(1, "%s", au->ac_path); -#ifdef AUDITPIPE_SET_BUFMODE - opt = AUDITPIPE_BUFMODE_BUFFERED; - if (ioctl(au->ac_fd, AUDITPIPE_SET_BUFMODE, &opt) < 0) - err(1, "AUDITPIPE_SET_BUFMODE"); - /* - * We should add support for low watermarks here. - */ -#endif - break; - case NETAUDIT_SRC_NET: - netaudit_socket_listen(au); - break; - default: - exit(2); - } - } - if (!(netaudit_flags & FLAG_FOREGROUND)) { - ret = fork(); - if (ret == -1) - err(1, "fork"); - if (ret != 0) - exit(0); - fd = open("/dev/null", O_RDWR); - if (fd == -1) - err(1, "/dev/null"); - (void) dup2(fd, STDIN_FILENO); - (void) dup2(fd, STDOUT_FILENO); - (void) dup2(fd, STDERR_FILENO); - if (fd > 2) - (void) close(fd); - if (setsid() == -1) - err(1, "setsid"); - } - (void) memset(&tv, 0, sizeof(tv)); - tv.tv_sec = 1; - for (;;) { - FD_ZERO(&rfds); - netaudit_build_rfds(&rfds); - ret = select(FD_SETSIZE, &rfds, NULL, NULL, &tv); - if (ret == -1) { - if (errno != EINTR) - exit(2); - else - continue; - } - else if (ret != 0) - netaudit_record_handler(&rfds); - netaudit_establish(); - netaudit_oq(); - } -} - -int -netaudit_connect(struct au_cmpnt *au) -{ - int error; - - error = connect(au->ac_fd, au->ac_ainfo->ai_addr, - au->ac_ainfo->ai_addrlen); - if (error < 0) - return (-1); - if (crypto_enabled == 0) - return (error); - assert(au->ac_crypto_init == 0); - (void) crypto_init_context(&au->ac_cct, CRTYPO_CTX_CLIENT); - au->ac_ssl = SSL_new(au->ac_cct.c_ctx); - au->ac_sbio = BIO_new_socket(au->ac_fd, BIO_NOCLOSE); - SSL_set_bio(au->ac_ssl, au->ac_sbio, au->ac_sbio); - error = SSL_connect(au->ac_ssl); - /* XXX need to do better error checking here */ - au->ac_crypto_init = 1; - return (error == 1 ? 0 : -1); -} - -void -netaudit_establish(void) -{ - struct au_cmpnt *au; - - TAILQ_FOREACH(au, &au_dstlist, ac_glue) { - if (au->ac_established) - continue; - dprintf("establish: %s\n", au->ac_name); - switch (au->ac_type) { - case NETAUDIT_DST_TRAIL: - au->ac_fd = open(au->ac_path, O_WRONLY | O_APPEND | \ - O_CREAT, S_IRUSR | S_IWUSR); - if (au->ac_fd == -1) { - warn("%s", au->ac_path); - continue; - } - au->ac_established = 1; - break; - case NETAUDIT_DST_NET: - au->ac_fd = socket(au->ac_ainfo->ai_family, - au->ac_ainfo->ai_socktype, - au->ac_ainfo->ai_protocol); - if (au->ac_fd == -1) - continue; - if (netaudit_connect(au) == -1) { - warn("connect"); - close(au->ac_fd); - continue; - } - au->ac_established = 1; - break; - default: - exit(2); - } - } -} - -int -netaudit_write(struct au_cmpnt *au, u_char *buf, int len) -{ - int error; - - if (crypto_enabled == 0) - return (write(au->ac_fd, buf, len)); - assert(au->ac_ssl != NULL); - error = SSL_write(au->ac_ssl, buf, len); - /* XXX error checking */ - return (error); -} - -void -netaudit_oq(void) -{ - struct au_cmpnt *au; - struct au_queue_ent *q, *tmpr; - struct au_recbuf *r; - int ret, s; - - TAILQ_FOREACH(au, &au_dstlist, ac_glue) { - if (!au->ac_established) { - dprintf("consumer %s not established, skipping\n", - au->ac_name); - continue; - } - TAILQ_FOREACH_SAFE(q, &au->ac_oq, aq_glue, tmpr) { - dprintf("consumer %s running output queue\n", - au->ac_name); - r = q->aq_ptr; - s = r->ar_reclen - q->aq_remain; - ret = netaudit_write(au, r->ar_rec + s, q->aq_remain); - if (ret == -1) { - if (errno == EAGAIN) - break; - else { - /* Check if we submitted a partial - * record. If so we reset aq_remain - * and retransmit when the consumer - * is reestablished. */ - if (q->aq_remain != r->ar_reclen) - q->aq_remain = r->ar_reclen; - (void) close(au->ac_fd); - au->ac_established = 0; - break; - } - } - else if (ret == q->aq_remain) { - dprintf("record %p submitted\n", r); - TAILQ_REMOVE(&au->ac_oq, q, aq_glue); - free(q); - r->ar_refcount--; - if (r->ar_refcount == 0) { - free(r->ar_rec); - free(r); - } - } - else - q->aq_remain -= ret; - } - } -} - -void -netaudit_queue_record(struct au_cmpnt *au, struct au_recbuf *rec) -{ - struct au_queue_ent *new; - int i; - - rec->ar_refcount = au->ac_nconsumers; - for (i = 0; i < au->ac_nconsumers; i++) { - new = malloc(sizeof(struct au_queue_ent)); - if (new == NULL) - exit(2); - (void) memset(new, 0, sizeof(struct au_queue_ent)); - new->aq_ptr = rec; - new->aq_remain = rec->ar_reclen; - TAILQ_INSERT_TAIL(&au->ac_consumers[i]->ac_oq, new, aq_glue); - dprintf("queued %p: %s\n", rec, au->ac_consumers[i]->ac_name); - } -} - -void -netaudit_pipe_read(struct au_cmpnt *au) -{ - struct au_recbuf *new; - - if ((new = malloc(sizeof(struct au_recbuf))) == NULL) - return; - if ((new->ar_rec = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL) { - free(new); - return; - } - /* - * XXXCSJP: It is possible that the audit record will be greater then - * NETAUDIT_PIPE_BUFSIZE, in which case the pipe will truncate it. - */ - new->ar_reclen = read(au->ac_fd, new->ar_rec, NETAUDIT_PIPE_BUFSIZE); - if (new->ar_reclen == -1) { - if ((errno != EAGAIN) && (errno != EINTR)) - exit(2); - else - return; - } - dprintf("au_cmpnt %p: read record %u bytes\n", au, new->ar_reclen); - netaudit_queue_record(au, new); -} - -void -netaudit_socket_accept(struct au_cmpnt *au) -{ - struct au_srcbuffer *new; - int error; - - new = malloc(sizeof(struct au_srcbuffer)); - if (new == NULL) - exit(2); - (void) memset(new, 0, sizeof(struct au_srcbuffer)); - new->sb_socklen = au->ac_ainfo->ai_addrlen; - if ((new->sb_sockaddr = malloc(new->sb_socklen)) == NULL) - exit(2); - new->sb_fd = accept(au->ac_fd, new->sb_sockaddr, &new->sb_socklen); - if (new->sb_fd == -1) { - if (errno == EWOULDBLOCK || errno == ECONNABORTED) { - free(new->sb_sockaddr); - free(new); - return; - } - else - exit(2); - } - new->sb_parent = au; - if (crypto_enabled == 0) { - TAILQ_INSERT_TAIL(&au->ac_sbufq, new, sb_glue); - return; - } - if (au->ac_crypto_init == 0) - (void) crypto_init_context(&au->ac_cct, CRYPTO_CTX_SERVER); - au->ac_crypto_init = 1; - new->sb_sbio = BIO_new_socket(new->sb_fd, BIO_NOCLOSE); - new->sb_ssl = SSL_new(au->ac_cct.c_ctx); - SSL_set_bio(new->sb_ssl, new->sb_sbio, new->sb_sbio); - error = SSL_accept(new->sb_ssl); - TAILQ_INSERT_TAIL(&au->ac_sbufq, new, sb_glue); -} - -void -netaudit_socket_listen(struct au_cmpnt *au) -{ - struct addrinfo *addrptr; - int flags; - - addrptr = au->ac_ainfo; - au->ac_fd = socket(addrptr->ai_family, addrptr->ai_socktype, - addrptr->ai_protocol); - if (au->ac_fd == -1) - err(1, "socket"); - if (bind(au->ac_fd, addrptr->ai_addr, addrptr->ai_addrlen) == -1) - err(1, "bind"); - if (listen(au->ac_fd, 16) == -1) - err(1, "listen"); - if ((flags = fcntl(au->ac_fd, F_GETFL)) == -1) - err(1, "fcntl"); - flags |= O_NONBLOCK; - if (fcntl(au->ac_fd, F_SETFL, flags) == -1) - err(1, "fcntl"); -} - -int -netaudit_socket_read(struct au_srcbuffer *asb) -{ - u_char *bufptr, *recbufptr; - int ret, left; - u_int32_t hdr_remain, val, need; - - if (crypto_enabled == 0) { - ret = read(asb->sb_fd, asb->sb_buf, sizeof(asb->sb_buf)); - if (ret == -1) { - if (errno != EINTR) - return (-1); - else - return (0); - } else if (ret == 0) - return (-1); - } else { - assert(asb->sb_ssl != NULL); - ret = SSL_read(asb->sb_ssl, asb->sb_buf, - sizeof(asb->sb_buf)); - if (ret < 0) - return (-1); - /* XXX handle I/O errors */ - } - left = ret; - bufptr = asb->sb_buf; - while (left > 0) { - if (asb->sb_recbuf == NULL) { - hdr_remain = sizeof(asb->sb_header) - - asb->sb_read; - if (left >= hdr_remain) { - (void) memcpy(asb->sb_header + asb->sb_read, - bufptr, hdr_remain); - asb->sb_read += hdr_remain; - left -= hdr_remain; - bufptr += hdr_remain; - (void) memcpy(&val, asb->sb_header + 1, - sizeof(val)); - asb->sb_recbuf = - malloc(sizeof(struct au_recbuf)); - if (asb->sb_recbuf == NULL) - exit(2); - asb->sb_recbuf->ar_reclen = be32toh(val); - dprintf("audit header: rec %u bytes\n", - asb->sb_recbuf->ar_reclen); - asb->sb_recbuf->ar_rec = \ - malloc(asb->sb_recbuf->ar_reclen); - if (asb->sb_recbuf->ar_rec == NULL) - exit(2); - (void) memcpy(asb->sb_recbuf->ar_rec, - asb->sb_header, sizeof(asb->sb_header)); - continue; - } - else { - dprintf("read partial header\n"); - (void) memcpy(asb->sb_header + asb->sb_read, - bufptr, left); - asb->sb_read += left; - return (0); - } - } - need = asb->sb_recbuf->ar_reclen - asb->sb_read; - recbufptr = asb->sb_recbuf->ar_rec + asb->sb_read; - dprintf("still need %u bytes\n", need); - if (left < need) { - (void) memcpy(recbufptr, bufptr, left); - asb->sb_read += left; - return (0); - } - else { - (void) memcpy(recbufptr, bufptr, need); - left -= need; - bufptr += need; - netaudit_queue_record(asb->sb_parent, asb->sb_recbuf); - asb->sb_recbuf = NULL; - asb->sb_read = 0; - } - } - return (0); -} - -void -usage(void) -{ - - (void) fputs("usage: netauditd [-Ddh] [-f path]\n", stderr); + (void) fputs("usage: netauditd [-h] [-f path]\n", stderr); exit(1); } ==== //depot/projects/trustedbsd/netauditd/netauditd.conf#5 (text+ko) ==== @@ -1,14 +1,7 @@ -# netauditd configuration file +src: p source_pipe /dev/auditpipe +src: n source_net 0.0.0.0 6655 +dst: n dst_net 127.0.0.1 6655 +dst: t dst_trail /tmp/trail -# -# For the use of SSL un-comment and define the following variables: -# -# crypto keyfile server.pem -# crypto cacert cacert.pem -# crypto dsaparam dsaparam.pem - -src src0 pipe /dev/auditpipe -src src1 net 0.0.0.0 9999 - -dst dst0 trail /tmp/src0/trail src1 -dst dst1 net 127.0.0.1 9999 src0 +map: source_pipe dst_net +map: source_net dst_trail ==== //depot/projects/trustedbsd/netauditd/netauditd.h#11 (text+ko) ==== @@ -24,112 +24,27 @@ * SUCH DAMAGE. */ -#define MAX_ARGUMENTS 256 +#define DEFAULT_CONF_PATH "/usr/local/etc/netauditd.conf" -#define NETAUDIT_PIPE_BUFSIZE 1024 - -#define NETAUDIT_SRC_PIPE 1 -#define NETAUDIT_SRC_NET 2 -#define NETAUDIT_DST_TRAIL 1 -#define NETAUDIT_DST_NET 2 - -struct au_recbuf { - void *ar_rec; - u_int32_t ar_reclen; - int ar_refcount; -}; - -struct au_queue_ent { - struct au_recbuf *aq_ptr; - u_int32_t aq_remain; - TAILQ_ENTRY(au_queue_ent) aq_glue; +enum { + COMPONENT_PIPE, + COMPONENT_NET, + COMPONENT_TRAIL }; -/* - * This object exists for accepted connections. For each new file descriptor - * returned by accept(2), a au_srcbuffer will be allocated and initialized to - * track I/O for each connected remote peer. - */ -struct au_srcbuffer { - struct au_cmpnt *sb_parent; - struct sockaddr *sb_sockaddr; - socklen_t sb_socklen; - int sb_fd; - struct au_recbuf *sb_recbuf; - u_int32_t sb_read; - u_char sb_buf[2048]; - u_char sb_header[5]; - TAILQ_ENTRY(au_srcbuffer) sb_glue; - BIO *sb_sbio; - SSL *sb_ssl; -}; >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803240515.m2O5F3eV090395>