Date: Wed, 25 Feb 2009 03:42:34 GMT From: Stacey Son <sson@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 158240 for review Message-ID: <200902250342.n1P3gYcu083541@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=158240 Change 158240 by sson@sson_amd64 on 2009/02/25 03:42:19 Change auditon(2) parameters and data structures to be 32/64-bit architecture independent. Add more information to man page about auditon(2) parameters. Affected files ... .. //depot/projects/trustedbsd/openbsm/NEWS#33 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#44 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#4 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#3 edit .. //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#8 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#16 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#29 edit .. //depot/projects/trustedbsd/openbsm/man/auditon.2#16 edit .. //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#6 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/NEWS#33 (text+ko) ==== @@ -1,5 +1,10 @@ OpenBSM Version History +OpenBSM 1.1 beta 2 + +- Change auditon(2) parameters and data structures to be 32/64-bit architecture + independent. Add more information to man page about auditon(2) parameters. + OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for @@ -431,4 +436,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/NEWS#32 $ +$P4: //depot/projects/trustedbsd/openbsm/NEWS#33 $ ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#44 (text+ko) ==== @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#43 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#44 $ */ #include <sys/types.h> @@ -347,7 +347,7 @@ int err_ret = 0; char TS[TIMESTAMP_LEN]; int err; - long cond; + int cond; time_t tt; err = auditd_gen_record(AUE_audit_shutdown, NULL); ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#4 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004-2008 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#3 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#4 $ */ #include <sys/types.h> @@ -178,9 +178,9 @@ static void init_audit_state(void) { - long au_cond; + int au_cond; - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { if (errno != ENOSYS) { auditd_log_err("Audit status check failed (%s)", strerror(errno)); ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#3 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004-2008 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#2 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#3 $ */ #include <sys/types.h> @@ -133,9 +133,9 @@ static void init_audit_state(void) { - long au_cond; + int au_cond; - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { if (errno != ENOSYS) { auditd_log_err("Audit status check failed (%s)", strerror(errno)); ==== //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#8 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#7 $ + * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#8 $ */ #include <sys/param.h> @@ -687,8 +687,7 @@ while ((evp = getauevent_r(evp)) != NULL) { evc_map.ec_number = evp->ae_number; evc_map.ec_class = evp->ae_class; - if (auditon(A_SETCLASS, &evc_map, sizeof(au_evclass_map_t)) - == 0) + if (auditon(A_SETCLASS, &evc_map, sizeof(evc_map)) == 0) ctr++; } endauevent(); @@ -714,7 +713,7 @@ (getauditflagsbin(naeventstr, &aumask) != 0)) return (ADE_PARSE); - if (auditon(A_SETKMASK, &aumask, sizeof(au_mask_t))) + if (auditon(A_SETKMASK, &aumask, sizeof(aumask))) return (ADE_AUDITON); return (ADE_NOERR); @@ -732,7 +731,7 @@ int auditd_set_policy(void) { - long policy; + int policy; char polstr[POL_STR_SIZE]; if ((getacpol(polstr, POL_STR_SIZE) != 0) || @@ -1124,7 +1123,7 @@ audit_quick_stop(void) { int len; - long cond; + int cond; char *ptr; time_t tt; char oldname[MAXPATHLEN]; ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#16 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#15 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#16 $ */ /* @@ -60,7 +60,7 @@ static int token = 0; #endif /* AUDIT_NOTIFICATION_ENABLED */ -static long au_cond = AUC_UNSET; /* <bsm/audit.h> */ +static int au_cond = AUC_UNSET; /* <bsm/audit.h> */ uint32_t au_notify_initialize(void) @@ -77,7 +77,7 @@ return (status); #endif - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { syslog(LOG_ERR, "Initial audit status check failed (%s)", strerror(errno)); if (errno == ENOSYS) /* auditon() unimplemented. */ @@ -137,7 +137,7 @@ return (au_cond); #endif - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { /* XXX Reset au_cond to AUC_UNSET? */ syslog(LOG_ERR, "Audit status check failed (%s)", strerror(errno)); @@ -165,16 +165,16 @@ #ifdef __APPLE__ return (!(au_get_state() == AUC_AUDITING)); #else - long au_cond; + int cond; - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (auditon(A_GETCOND, &cond, sizeof(cond)) < 0) { if (errno != ENOSYS) { syslog(LOG_ERR, "Audit status check failed (%s)", strerror(errno)); } return (1); } - if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED) + if (cond == AUC_NOAUDIT || cond == AUC_DISABLED) return (1); return (0); #endif /* !__APPLE__ */ ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#29 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#28 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#29 $ */ #ifdef __APPLE__ @@ -63,7 +63,7 @@ { char text[MAX_AUDITSTRING_LEN]; token_t *token; - long acond; + int acond; va_list ap; pid_t pid; int error, afd, subj_ex; ==== //depot/projects/trustedbsd/openbsm/man/auditon.2#16 (text+ko) ==== @@ -26,9 +26,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#15 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#16 $ .\" -.Dd July 10, 2008 +.Dd January 29, 2009 .Dt AUDITON 2 .Os .Sh NAME @@ -63,7 +63,7 @@ .Fa data argument must point to a -.Vt long +.Vt int value set to one or more the following audit policy control values bitwise OR'ed together: .Dv AUDIT_CNT , @@ -93,9 +93,16 @@ system call will be audited. The default policy is none of the audit policy control flags set. .It Dv A_SETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) +Set the host information. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure containing the host IP address information. +After setting, audit records +that are created as a result of kernel events will contain +this information. .It Dv A_SETKMASK Set the kernel preselection masks (success and failure). The @@ -156,6 +163,15 @@ minimum amount, the kernel informs the audit daemon about low disk space. The value is to be specified in percent of free file system blocks. A value of 0 results in a disabling of the check. +The default and maximum values (default/maximum) for the +audit queue control parameters are: +.Pp +.Bl -column aq_hiwater -offset indent -compact +.It aq_hiwater Ta 100/10000 (audit records) +.It aq_lowater Ta 10/aq_hiwater (audit records) +.It aq_bufsz Ta 32767/1048576 (bytes) +.It aq_delay Ta (Not currently used.) +.El .It Dv A_SETSTAT Return .Er ENOSYS . @@ -174,7 +190,7 @@ .Fa data argument must point to a -.Vt long +.Vt int value containing the new audit condition, one of .Dv AUC_AUDITING , @@ -235,10 +251,6 @@ field set to the maximum audit log file size. A value of 0 indicates no limit to the size. -.It Dv A_SETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) .It Dv A_GETCLASS Return the event to class mapping for the designated audit event. The @@ -250,9 +262,13 @@ .Dv A_SETCLASS section above for more information. .It Dv A_GETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) +Get the current host information. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure. .It Dv A_GETPINFO Return the audit settings for a process. The @@ -302,6 +318,22 @@ above and .Xr getaudit 2 for more information. +.It Dv A_GETSINFO_ADDR +Return the extended audit settings for a session. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure. +The audit session ID of the target session is passed +into the kernel using the +.Fa ai_asid +field. See +.Xr getaudit_addr 2 +for more information about the +.Vt auditinfo_addr_t +structure. .It Dv A_GETKMASK Return the current kernel preselection masks. The @@ -317,7 +349,7 @@ .Fa data argument must point to a -.Vt long +.Vt int value which will be set to one of the current audit policy flags. The audit policy flags are @@ -377,7 +409,7 @@ .Fa data argument must point to a -.Vt long +.Vt int value which will be set to the current audit condition, one of .Dv AUC_AUDITING , @@ -393,7 +425,7 @@ .Fa data argument must point to a -.Vt long +.Vt int value set to one of the acceptable trigger values: .Dv AUDIT_TRIGGER_LOW_SPACE ==== //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#6 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Apple Inc. + * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,21 +26,12 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#6 $ */ -#ifndef _BSM_AUDIT_H +#ifndef _BSM_AUDIT_H #define _BSM_AUDIT_H -#ifdef __APPLE__ -/* Temporary until rdar://problem/6133383 is resolved. */ -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/cdefs.h> -#include <sys/queue.h> -#endif /* __APPLE__ */ - #define AUDIT_RECORD_MAGIC 0x828a0f1b #define MAX_AUDIT_RECORDS 20 #define MAXAUDITDATA (0x8000 - 1) @@ -100,20 +91,20 @@ /* * auditon(2) commands. */ -#define A_GETPOLICY 2 -#define A_SETPOLICY 3 +#define A_OLDGETPOLICY 2 +#define A_OLDSETPOLICY 3 #define A_GETKMASK 4 #define A_SETKMASK 5 -#define A_GETQCTRL 6 -#define A_SETQCTRL 7 +#define A_OLDGETQCTRL 6 +#define A_OLDSETQCTRL 7 #define A_GETCWD 8 #define A_GETCAR 9 #define A_GETSTAT 12 #define A_SETSTAT 13 #define A_SETUMASK 14 #define A_SETSMASK 15 -#define A_GETCOND 20 -#define A_SETCOND 21 +#define A_OLDGETCOND 20 +#define A_OLDSETCOND 21 #define A_GETCLASS 22 #define A_SETCLASS 23 #define A_GETPINFO 24 @@ -125,6 +116,12 @@ #define A_SETKAUDIT 30 #define A_SENDTRIGGER 31 #define A_GETSINFO_ADDR 32 +#define A_GETPOLICY 33 +#define A_SETPOLICY 34 +#define A_GETQCTRL 35 +#define A_SETQCTRL 36 +#define A_GETCOND 37 +#define A_SETCOND 38 /* * Audit policy controls. @@ -244,13 +241,22 @@ typedef struct au_token token_t; /* - * Kernel audit queue control parameters. + * Kernel audit queue control parameters: + * Default: Maximum: + * aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000) + * aq_lowater: AQ_LOWATER (10) <aq_hiwater + * aq_bufsz: AQ_BUFSZ (32767) AQ_MAXBUFSZ (1048576) + * aq_delay: 20 20000 (not used) */ struct au_qctrl { - size_t aq_hiwater; - size_t aq_lowater; - size_t aq_bufsz; - clock_t aq_delay; + int aq_hiwater; /* Max # of audit recs in queue when */ + /* threads with new ARs get blocked. */ + + int aq_lowater; /* # of audit recs in queue when */ + /* blocked threads get unblocked. */ + + int aq_bufsz; /* Max size of audit record for audit(2). */ + int aq_delay; /* Queue delay (not used). */ int aq_minfree; /* Minimum filesystem percent free space. */ }; typedef struct au_qctrl au_qctrl_t;help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902250342.n1P3gYcu083541>