From owner-p4-projects@FreeBSD.ORG  Tue Apr 18 04:44:24 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id BBBC916A404; Tue, 18 Apr 2006 04:44:24 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 97D9116A401
	for <perforce@freebsd.org>; Tue, 18 Apr 2006 04:44:24 +0000 (UTC)
	(envelope-from csjp@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5934843D45
	for <perforce@freebsd.org>; Tue, 18 Apr 2006 04:44:24 +0000 (GMT)
	(envelope-from csjp@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k3I4iOtJ029687
	for <perforce@freebsd.org>; Tue, 18 Apr 2006 04:44:24 GMT
	(envelope-from csjp@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k3I4iNNS029684
	for perforce@freebsd.org; Tue, 18 Apr 2006 04:44:23 GMT
	(envelope-from csjp@freebsd.org)
Date: Tue, 18 Apr 2006 04:44:23 GMT
Message-Id: <200604180444.k3I4iNNS029684@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	csjp@freebsd.org using -f
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 95476 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2006 04:44:25 -0000

http://perforce.freebsd.org/chv.cgi?CH=95476

Change 95476 by csjp@csjp_xor on 2006/04/18 04:43:39

	- Add to the openbsm programming API and introduce the audit_submit(3)
	  in raw form. This is the first stab at things, so it's possible that
	  things might change from here.
	
	- A sample implementation might be as follows:
	
	 int
	 audit_bad_su(char *from_login, char *to_login)
	 {
		 int error;
	
		 error = audit_submit(AUE_su, getuid(), 1, EPERM,
		     "bad su from %s to %s", from_login, to_login);
		 return (error);
	 }
	
	 Will generate the followng audit record:
	
	 header,94,1,su(1),0,Mon Apr 17 23:23:59 2006, + 271 msec
	 subject,root,root,wheel,root,wheel,652,652,0,0.0.0.0
	 text,bad su from from csjp to root
	 return,failure : Operation not permitted,1
	 trailer,94
	
	This function will be very useful for the on-going userspace
	integration of the audit code, and hopefully this little helper
	function can be used to prevent a lot of code replication.
	
	Discussed with:	rwatson, wsalamon

Affected files ...

.. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#19 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#1 add
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#21 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#19 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#18 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#19 $
  */
 
 #ifndef _LIBBSM_H_
@@ -695,6 +695,9 @@
 
 typedef struct tokenstr tokenstr_t;
 
+int			 audit_submit(short au_event, au_id_t au_ctx,
+			    char status, int reterr, const char *fmt, ...);
+
 /*
  * Functions relating to querying audit class information.
  */

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#21 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#20 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#21 $
  */
 
 #ifdef __APPLE__
@@ -46,6 +46,7 @@
 
 #include <unistd.h>
 #include <syslog.h>
+#include <stdarg.h>
 #include <string.h>
 #include <errno.h>
 
@@ -53,6 +54,110 @@
 int audit_set_terminal_port(dev_t *p);
 int audit_set_terminal_host(uint32_t *m);
 
+/*
+ * General purpose audit submission mechanism for userspace.
+ */
+int
+audit_submit(short au_event, au_id_t au_ctx, char status,
+    int reterr, const char *fmt, ...)
+{
+	char text[MAX_AUDITSTRING_LEN];
+	au_tid_t termid;
+	token_t *token;
+	long acond;
+	va_list ap;
+	pid_t pid;
+	int error, afd;
+
+	if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) {
+		/*
+		 * If auditon(2) returns ENOSYS, then audit has not been
+		 * compiled into the kernel, so just return.
+		 */
+		if (errno == ENOSYS)
+			return (0);
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s",
+		    strerror(errno));
+		errno = error;
+		return (-1);
+	}
+	if (acond == AUC_NOAUDIT)
+		return (0);
+	afd = au_open();
+	if (afd < 0) {
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s",
+		    strerror(errno));
+		errno = error;
+		return (-1);
+	}
+	/* XXX what should we do for termid? */
+	bzero(&termid, sizeof(termid));
+	pid = getpid();
+	token = au_to_subject32(au_ctx, geteuid(), getegid(),
+	    getuid(), getgid(), pid, pid, &termid);
+	if (token == NULL) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "audit: unable to build subject token");
+		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+		errno = EPERM;
+		return (-1);
+	}
+	if (au_write(afd, token) < 0) {
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR,
+		    "audit: au_write failed: %s", strerror(errno));
+		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+		errno = error;
+		return (-1);
+	}
+	if (fmt != NULL) {
+		va_start(ap, fmt);
+		(void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap);
+		va_end(ap);
+		token = au_to_text(text);
+		if (token == NULL) {
+			syslog(LOG_AUTH | LOG_ERR,
+			    "audit: failed to generate text token");
+			(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+			errno = EPERM;
+			return (-1);
+		}
+		if (au_write(afd, token) < 0) {
+			error = errno;
+			syslog(LOG_AUTH | LOG_ERR,
+			    "audit: au_write failed: %s", strerror(errno));
+			(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+			errno = error;
+			return (-1);
+		}
+	}
+	token = au_to_return32(status, reterr);
+	if (token == NULL) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "audit: enable to build return token");
+		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+		errno = EPERM;
+		return (-1);
+	}
+	if (au_write(afd, token) < 0) {
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR,
+		    "audit: au_write failed: %s", strerror(errno));
+		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+		errno = error;
+		return (-1);
+	}
+	if (au_close(afd, AU_TO_WRITE, au_event) < 0) {
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR, "audit: record not committed");
+		errno = error;
+		return (-1);
+	}
+	return (0);
+}
+
 int
 audit_set_terminal_port(dev_t *p)
 {