From owner-p4-projects@FreeBSD.ORG Wed Feb 25 03:42:34 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 7F26610656CF; Wed, 25 Feb 2009 03:42:34 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 332B210656CC for ; Wed, 25 Feb 2009 03:42:34 +0000 (UTC) (envelope-from sson@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 1FDDA8FC1B for ; Wed, 25 Feb 2009 03:42:34 +0000 (UTC) (envelope-from sson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n1P3gY7d083543 for ; Wed, 25 Feb 2009 03:42:34 GMT (envelope-from sson@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n1P3gYcu083541 for perforce@freebsd.org; Wed, 25 Feb 2009 03:42:34 GMT (envelope-from sson@FreeBSD.org) Date: Wed, 25 Feb 2009 03:42:34 GMT Message-Id: <200902250342.n1P3gYcu083541@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to sson@FreeBSD.org using -f From: Stacey Son To: Perforce Change Reviews Cc: Subject: PERFORCE change 158240 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2009 03:42:35 -0000 http://perforce.freebsd.org/chv.cgi?CH=158240 Change 158240 by sson@sson_amd64 on 2009/02/25 03:42:19 Change auditon(2) parameters and data structures to be 32/64-bit architecture independent. Add more information to man page about auditon(2) parameters. Affected files ... .. //depot/projects/trustedbsd/openbsm/NEWS#33 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#44 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#4 edit .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#3 edit .. //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#8 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#16 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#29 edit .. //depot/projects/trustedbsd/openbsm/man/auditon.2#16 edit .. //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#6 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/NEWS#33 (text+ko) ==== @@ -1,5 +1,10 @@ OpenBSM Version History +OpenBSM 1.1 beta 2 + +- Change auditon(2) parameters and data structures to be 32/64-bit architecture + independent. Add more information to man page about auditon(2) parameters. + OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for @@ -431,4 +436,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/NEWS#32 $ +$P4: //depot/projects/trustedbsd/openbsm/NEWS#33 $ ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#44 (text+ko) ==== @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#43 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#44 $ */ #include @@ -347,7 +347,7 @@ int err_ret = 0; char TS[TIMESTAMP_LEN]; int err; - long cond; + int cond; time_t tt; err = auditd_gen_record(AUE_audit_shutdown, NULL); ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#4 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004-2008 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#3 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#4 $ */ #include @@ -178,9 +178,9 @@ static void init_audit_state(void) { - long au_cond; + int au_cond; - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { if (errno != ENOSYS) { auditd_log_err("Audit status check failed (%s)", strerror(errno)); ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#3 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004-2008 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#2 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#3 $ */ #include @@ -133,9 +133,9 @@ static void init_audit_state(void) { - long au_cond; + int au_cond; - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { if (errno != ENOSYS) { auditd_log_err("Audit status check failed (%s)", strerror(errno)); ==== //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#8 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#7 $ + * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#8 $ */ #include @@ -687,8 +687,7 @@ while ((evp = getauevent_r(evp)) != NULL) { evc_map.ec_number = evp->ae_number; evc_map.ec_class = evp->ae_class; - if (auditon(A_SETCLASS, &evc_map, sizeof(au_evclass_map_t)) - == 0) + if (auditon(A_SETCLASS, &evc_map, sizeof(evc_map)) == 0) ctr++; } endauevent(); @@ -714,7 +713,7 @@ (getauditflagsbin(naeventstr, &aumask) != 0)) return (ADE_PARSE); - if (auditon(A_SETKMASK, &aumask, sizeof(au_mask_t))) + if (auditon(A_SETKMASK, &aumask, sizeof(aumask))) return (ADE_AUDITON); return (ADE_NOERR); @@ -732,7 +731,7 @@ int auditd_set_policy(void) { - long policy; + int policy; char polstr[POL_STR_SIZE]; if ((getacpol(polstr, POL_STR_SIZE) != 0) || @@ -1124,7 +1123,7 @@ audit_quick_stop(void) { int len; - long cond; + int cond; char *ptr; time_t tt; char oldname[MAXPATHLEN]; ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#16 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#15 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#16 $ */ /* @@ -60,7 +60,7 @@ static int token = 0; #endif /* AUDIT_NOTIFICATION_ENABLED */ -static long au_cond = AUC_UNSET; /* */ +static int au_cond = AUC_UNSET; /* */ uint32_t au_notify_initialize(void) @@ -77,7 +77,7 @@ return (status); #endif - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { syslog(LOG_ERR, "Initial audit status check failed (%s)", strerror(errno)); if (errno == ENOSYS) /* auditon() unimplemented. */ @@ -137,7 +137,7 @@ return (au_cond); #endif - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { /* XXX Reset au_cond to AUC_UNSET? */ syslog(LOG_ERR, "Audit status check failed (%s)", strerror(errno)); @@ -165,16 +165,16 @@ #ifdef __APPLE__ return (!(au_get_state() == AUC_AUDITING)); #else - long au_cond; + int cond; - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (auditon(A_GETCOND, &cond, sizeof(cond)) < 0) { if (errno != ENOSYS) { syslog(LOG_ERR, "Audit status check failed (%s)", strerror(errno)); } return (1); } - if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED) + if (cond == AUC_NOAUDIT || cond == AUC_DISABLED) return (1); return (0); #endif /* !__APPLE__ */ ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#29 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#28 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#29 $ */ #ifdef __APPLE__ @@ -63,7 +63,7 @@ { char text[MAX_AUDITSTRING_LEN]; token_t *token; - long acond; + int acond; va_list ap; pid_t pid; int error, afd, subj_ex; ==== //depot/projects/trustedbsd/openbsm/man/auditon.2#16 (text+ko) ==== @@ -26,9 +26,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#15 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#16 $ .\" -.Dd July 10, 2008 +.Dd January 29, 2009 .Dt AUDITON 2 .Os .Sh NAME @@ -63,7 +63,7 @@ .Fa data argument must point to a -.Vt long +.Vt int value set to one or more the following audit policy control values bitwise OR'ed together: .Dv AUDIT_CNT , @@ -93,9 +93,16 @@ system call will be audited. The default policy is none of the audit policy control flags set. .It Dv A_SETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) +Set the host information. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure containing the host IP address information. +After setting, audit records +that are created as a result of kernel events will contain +this information. .It Dv A_SETKMASK Set the kernel preselection masks (success and failure). The @@ -156,6 +163,15 @@ minimum amount, the kernel informs the audit daemon about low disk space. The value is to be specified in percent of free file system blocks. A value of 0 results in a disabling of the check. +The default and maximum values (default/maximum) for the +audit queue control parameters are: +.Pp +.Bl -column aq_hiwater -offset indent -compact +.It aq_hiwater Ta 100/10000 (audit records) +.It aq_lowater Ta 10/aq_hiwater (audit records) +.It aq_bufsz Ta 32767/1048576 (bytes) +.It aq_delay Ta (Not currently used.) +.El .It Dv A_SETSTAT Return .Er ENOSYS . @@ -174,7 +190,7 @@ .Fa data argument must point to a -.Vt long +.Vt int value containing the new audit condition, one of .Dv AUC_AUDITING , @@ -235,10 +251,6 @@ field set to the maximum audit log file size. A value of 0 indicates no limit to the size. -.It Dv A_SETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) .It Dv A_GETCLASS Return the event to class mapping for the designated audit event. The @@ -250,9 +262,13 @@ .Dv A_SETCLASS section above for more information. .It Dv A_GETKAUDIT -Return -.Er ENOSYS . -(Not implemented.) +Get the current host information. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure. .It Dv A_GETPINFO Return the audit settings for a process. The @@ -302,6 +318,22 @@ above and .Xr getaudit 2 for more information. +.It Dv A_GETSINFO_ADDR +Return the extended audit settings for a session. +The +.Fa data +argument +must point to a +.Vt auditinfo_addr_t +structure. +The audit session ID of the target session is passed +into the kernel using the +.Fa ai_asid +field. See +.Xr getaudit_addr 2 +for more information about the +.Vt auditinfo_addr_t +structure. .It Dv A_GETKMASK Return the current kernel preselection masks. The @@ -317,7 +349,7 @@ .Fa data argument must point to a -.Vt long +.Vt int value which will be set to one of the current audit policy flags. The audit policy flags are @@ -377,7 +409,7 @@ .Fa data argument must point to a -.Vt long +.Vt int value which will be set to the current audit condition, one of .Dv AUC_AUDITING , @@ -393,7 +425,7 @@ .Fa data argument must point to a -.Vt long +.Vt int value set to one of the acceptable trigger values: .Dv AUDIT_TRIGGER_LOW_SPACE ==== //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#6 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Apple Inc. + * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,21 +26,12 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#6 $ */ -#ifndef _BSM_AUDIT_H +#ifndef _BSM_AUDIT_H #define _BSM_AUDIT_H -#ifdef __APPLE__ -/* Temporary until rdar://problem/6133383 is resolved. */ -#include -#include -#include -#include -#include -#endif /* __APPLE__ */ - #define AUDIT_RECORD_MAGIC 0x828a0f1b #define MAX_AUDIT_RECORDS 20 #define MAXAUDITDATA (0x8000 - 1) @@ -100,20 +91,20 @@ /* * auditon(2) commands. */ -#define A_GETPOLICY 2 -#define A_SETPOLICY 3 +#define A_OLDGETPOLICY 2 +#define A_OLDSETPOLICY 3 #define A_GETKMASK 4 #define A_SETKMASK 5 -#define A_GETQCTRL 6 -#define A_SETQCTRL 7 +#define A_OLDGETQCTRL 6 +#define A_OLDSETQCTRL 7 #define A_GETCWD 8 #define A_GETCAR 9 #define A_GETSTAT 12 #define A_SETSTAT 13 #define A_SETUMASK 14 #define A_SETSMASK 15 -#define A_GETCOND 20 -#define A_SETCOND 21 +#define A_OLDGETCOND 20 +#define A_OLDSETCOND 21 #define A_GETCLASS 22 #define A_SETCLASS 23 #define A_GETPINFO 24 @@ -125,6 +116,12 @@ #define A_SETKAUDIT 30 #define A_SENDTRIGGER 31 #define A_GETSINFO_ADDR 32 +#define A_GETPOLICY 33 +#define A_SETPOLICY 34 +#define A_GETQCTRL 35 +#define A_SETQCTRL 36 +#define A_GETCOND 37 +#define A_SETCOND 38 /* * Audit policy controls. @@ -244,13 +241,22 @@ typedef struct au_token token_t; /* - * Kernel audit queue control parameters. + * Kernel audit queue control parameters: + * Default: Maximum: + * aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000) + * aq_lowater: AQ_LOWATER (10)