Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Nov 2006 17:08:22 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 110202 for review
Message-ID:  <200611211708.kALH8MEl064668@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=110202

Change 110202 by rwatson@rwatson_fledge on 2006/11/18 09:42:17

	Add encoding and decoding routines for process64_ex, process32_ex,
	subject64_ex token types.
	
	Submitted by:	Diego Giagio <dgiagio at gmail dot com>

Affected files ...

.. //depot/projects/trustedbsd/openbsm/HISTORY#45 edit
.. //depot/projects/trustedbsd/openbsm/README#22 edit
.. //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#24 edit
.. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#32 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#43 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#53 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/HISTORY#45 (text+ko) ====

@@ -5,6 +5,8 @@
 - Countless man page fixes.
 - praudit XML support via "praudit -x".
 - audit.log.5 expanded to include additional BSM token types.
+- Added encoding and decoding routines for process64_ex, process32_ex, and
+  subject32_ex tokens.
 
 OpenBSM 1.0 alpha 12
 
@@ -272,4 +274,4 @@
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#44 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#45 $

==== //depot/projects/trustedbsd/openbsm/README#22 (text+ko) ====

@@ -78,6 +78,7 @@
     Martin Englund
     Ruslan Ermilov
     Martin Voros
+    Diego Giagio
 
 In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
 Software's FlexeLint tool were used to identify a number of bugs in the
@@ -99,4 +100,4 @@
 
     http://www.TrustedBSD.org/
 
-$P4: //depot/projects/trustedbsd/openbsm/README#21 $
+$P4: //depot/projects/trustedbsd/openbsm/README#22 $

==== //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#24 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#23 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#24 $
  */
 
 #ifndef _BSM_AUDIT_RECORD_H_
@@ -246,6 +246,8 @@
 
 token_t	*au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
 	    struct timeval tm);
+token_t	*au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+	    struct timeval tm);
 #if !defined(KERNEL) && !defined(_KERNEL)
 token_t	*au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
 token_t	*au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);

==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#32 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#31 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#32 $
  */
 
 #ifndef _LIBBSM_H_
@@ -164,6 +164,12 @@
 	u_int32_t	addr[4];
 } au_tidaddr32_t;
 
+typedef struct au_tidaddr64 {
+	u_int64_t	port;
+	u_int32_t	type;
+	u_int32_t	addr[4];
+} au_tidaddr64_t;
+
 /*
  * argument #              1 byte
  * argument value          4 bytes/8 bytes (32-bit/64-bit value)
@@ -483,6 +489,17 @@
 	au_tidaddr32_t	tid;
 } au_proc32ex_t;
 
+typedef struct {
+	u_int32_t	auid;
+	u_int32_t	euid;
+	u_int32_t	egid;
+	u_int32_t	ruid;
+	u_int32_t	rgid;
+	u_int32_t	pid;
+	u_int32_t	sid;
+	au_tidaddr64_t	tid;
+} au_proc64ex_t;
+
 /*
  * error status            1 byte
  * return value            4 bytes/8 bytes (32-bit/64-bit value)
@@ -616,6 +633,17 @@
 	au_tidaddr32_t	tid;
 } au_subject32ex_t;
 
+typedef struct {
+	u_int32_t	auid;
+	u_int32_t	euid;
+	u_int32_t	egid;
+	u_int32_t	ruid;
+	u_int32_t	rgid;
+	u_int32_t	pid;
+	u_int32_t	sid;
+	au_tidaddr64_t	tid;
+} au_subject64ex_t;
+
 /*
  * text length             2 bytes
  * text                    N bytes + 1 terminating NULL byte
@@ -675,8 +703,9 @@
 		au_opaque_t		opaque;
 		au_path_t		path;
 		au_proc32_t		proc32;
+		au_proc32ex_t		proc32_ex;
 		au_proc64_t		proc64;
-		au_proc32ex_t		proc32_ex;
+		au_proc64ex_t		proc64_ex;
 		au_ret32_t		ret32;
 		au_ret64_t		ret64;
 		au_seq_t		seq;
@@ -685,8 +714,9 @@
 		au_socketinet32_t	sockinet32;
 		au_socketunix_t		sockunix;
 		au_subject32_t		subj32;
+		au_subject32ex_t	subj32_ex;
 		au_subject64_t		subj64;
-		au_subject32ex_t	subj32_ex;
+		au_subject64ex_t	subj64_ex;
 		au_text_t		text;
 		au_kevent_t		kevent;
 		au_invalid_t		invalid;

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#43 (text+ko) ====

@@ -32,7 +32,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#42 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#43 $
  */
 
 #include <sys/types.h>
@@ -333,6 +333,14 @@
 		fprintf(fp, "/>");
 		break;
 
+	case AUT_PROCESS64:
+		fprintf(fp, "/>");
+		break;
+
+	case AUT_PROCESS64_EX:
+		fprintf(fp, "/>");
+		break;
+
 	case AUT_RETURN32:
 		fprintf(fp, "/>");
 		break;
@@ -369,6 +377,10 @@
 		fprintf(fp, "/>");
 		break;
 
+	case AUT_SUBJECT64_EX:
+		fprintf(fp, "/>");
+		break;
+
 	case AUT_TEXT:
 		fprintf(fp, "</text>");
 		break;
@@ -488,6 +500,14 @@
 			fprintf(fp, "<process ");
 			break;
 
+		case AUT_PROCESS64:
+			fprintf(fp, "<process ");
+			break;
+
+		case AUT_PROCESS64_EX:
+			fprintf(fp, "<process ");
+			break;
+
 		case AUT_RETURN32:
 			fprintf(fp, "<return ");
 			break;
@@ -524,6 +544,10 @@
 			fprintf(fp, "<subject ");
 			break;
 
+		case AUT_SUBJECT64_EX:
+			fprintf(fp, "<subject ");
+			break;
+
 		case AUT_TEXT:
 			fprintf(fp, "<text>");
 			break;
@@ -2530,7 +2554,133 @@
 	}
 }
 
+/*
+ * token ID                     1 byte
+ * audit ID                     4 bytes
+ * euid                         4 bytes
+ * egid                         4 bytes
+ * ruid                         4 bytes
+ * rgid                         4 bytes
+ * pid                          4 bytes
+ * sessid                       4 bytes
+ * terminal ID
+ *   portid             8 bytes
+ *   machine id         4 bytes
+ */
 static int
+fetch_process64_tok(tokenstr_t *tok, char *buf, int len)
+{
+	int err = 0;
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.auid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.euid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.egid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.ruid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.rgid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.pid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.sid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT64(buf, len, tok->tt.proc64.tid.port, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_BYTES(buf, len, &tok->tt.proc64.tid.addr,
+	    sizeof(tok->tt.proc64.tid.addr), tok->len, err);
+	if (err)
+		return (-1);
+
+	return (0);
+}
+
+static void
+print_process64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
+    __unused char sfrm, int xml)
+{
+	print_tok_type(fp, tok->id, "process", raw, xml);
+	if (xml) {
+		open_attr(fp, "audit-uid");
+		print_user(fp, tok->tt.proc64.auid, raw);
+		close_attr(fp);
+		open_attr(fp, "uid");
+		print_user(fp, tok->tt.proc64.euid, raw);
+		close_attr(fp);
+		open_attr(fp, "gid");
+		print_group(fp, tok->tt.proc64.egid, raw);
+		close_attr(fp);
+		open_attr(fp, "ruid");
+		print_user(fp, tok->tt.proc64.ruid, raw);
+		close_attr(fp);
+		open_attr(fp, "rgid");
+		print_group(fp, tok->tt.proc64.rgid, raw);
+		close_attr(fp);
+		open_attr(fp, "pid");
+		print_4_bytes(fp, tok->tt.proc64.pid, "%u");
+		close_attr(fp);
+		open_attr(fp, "sid");
+		print_4_bytes(fp, tok->tt.proc64.sid, "%u");
+		close_attr(fp);
+		open_attr(fp, "tid");
+		print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu");
+		print_ip_address(fp, tok->tt.proc64.tid.addr);
+		close_attr(fp);
+		close_tag(fp, tok->id);
+	} else {
+		print_delim(fp, del);
+		print_user(fp, tok->tt.proc64.auid, raw);
+		print_delim(fp, del);
+		print_user(fp, tok->tt.proc64.euid, raw);
+		print_delim(fp, del);
+		print_group(fp, tok->tt.proc64.egid, raw);
+		print_delim(fp, del);
+		print_user(fp, tok->tt.proc64.ruid, raw);
+		print_delim(fp, del);
+		print_group(fp, tok->tt.proc64.rgid, raw);
+		print_delim(fp, del);
+		print_4_bytes(fp, tok->tt.proc64.pid, "%u");
+		print_delim(fp, del);
+		print_4_bytes(fp, tok->tt.proc64.sid, "%u");
+		print_delim(fp, del);
+		print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu");
+		print_delim(fp, del);
+		print_ip_address(fp, tok->tt.proc64.tid.addr);
+	}
+}
+
+/*                                                     
+ * token ID                1 byte                      
+ * audit ID                4 bytes                     
+ * effective user ID       4 bytes                     
+ * effective group ID      4 bytes                     
+ * real user ID            4 bytes                     
+ * real group ID           4 bytes                     
+ * process ID              4 bytes                     
+ * session ID              4 bytes                     
+ * terminal ID                                         
+ *   port ID               4 bytes
+ *   address type-len      4 bytes                     
+ *   machine address      16 bytes                     
+ */
+static int
 fetch_process32ex_tok(tokenstr_t *tok, char *buf, int len)
 {
 	int err = 0;
@@ -2646,6 +2796,135 @@
 	}
 }
 
+/*                                                     
+ * token ID                1 byte                      
+ * audit ID                4 bytes                     
+ * effective user ID       4 bytes                     
+ * effective group ID      4 bytes                     
+ * real user ID            4 bytes                     
+ * real group ID           4 bytes                     
+ * process ID              4 bytes                     
+ * session ID              4 bytes                     
+ * terminal ID                                         
+ *   port ID               8 bytes
+ *   address type-len      4 bytes                     
+ *   machine address      16 bytes                     
+ */
+static int
+fetch_process64ex_tok(tokenstr_t *tok, char *buf, int len)
+{
+	int err = 0;
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.auid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.euid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.egid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.ruid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.rgid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.pid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.sid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT64(buf, len, tok->tt.proc64_ex.tid.port, tok->len,
+	    err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.tid.type, tok->len,
+	    err);
+	if (err)
+		return (-1);
+
+	if (tok->tt.proc64_ex.tid.type == AU_IPv4) {
+		READ_TOKEN_BYTES(buf, len, &tok->tt.proc64_ex.tid.addr[0],
+		    sizeof(tok->tt.proc64_ex.tid.addr[0]), tok->len, err);
+		if (err)
+			return (-1);
+	} else if (tok->tt.proc64_ex.tid.type == AU_IPv6) {
+		READ_TOKEN_BYTES(buf, len, tok->tt.proc64_ex.tid.addr,
+		    sizeof(tok->tt.proc64_ex.tid.addr), tok->len, err);
+		if (err)
+			return (-1);
+	} else
+		return (-1);
+
+	return (0);
+}
+
+static void
+print_process64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
+    __unused char sfrm, int xml)
+{
+	print_tok_type(fp, tok->id, "process_ex", raw, xml);
+	if (xml) {
+		open_attr(fp, "audit-uid");
+		print_user(fp, tok->tt.proc64_ex.auid, raw);
+		close_attr(fp);
+		open_attr(fp, "uid");
+		print_user(fp, tok->tt.proc64_ex.euid, raw);
+		close_attr(fp);
+		open_attr(fp, "gid");
+		print_group(fp, tok->tt.proc64_ex.egid, raw);
+		close_attr(fp);
+		open_attr(fp, "ruid");
+		print_user(fp, tok->tt.proc64_ex.ruid, raw);
+		close_attr(fp);
+		open_attr(fp, "rgid");
+		print_group(fp, tok->tt.proc64_ex.rgid, raw);
+		close_attr(fp);
+		open_attr(fp, "pid");
+		print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u");
+		close_attr(fp);
+		open_attr(fp, "sid");
+		print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u");
+		close_attr(fp);
+		open_attr(fp, "tid");
+		print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu");
+		print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type,
+		    tok->tt.proc64_ex.tid.addr);
+		close_attr(fp);
+		close_tag(fp, tok->id);
+	} else {
+		print_delim(fp, del);
+		print_user(fp, tok->tt.proc64_ex.auid, raw);
+		print_delim(fp, del);
+		print_user(fp, tok->tt.proc64_ex.euid, raw);
+		print_delim(fp, del);
+		print_group(fp, tok->tt.proc64_ex.egid, raw);
+		print_delim(fp, del);
+		print_user(fp, tok->tt.proc64_ex.ruid, raw);
+		print_delim(fp, del);
+		print_group(fp, tok->tt.proc64_ex.rgid, raw);
+		print_delim(fp, del);
+		print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u");
+		print_delim(fp, del);
+		print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u");
+		print_delim(fp, del);
+		print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu");
+		print_delim(fp, del);
+		print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type,
+		    tok->tt.proc64_ex.tid.addr);
+	}
+}
+
 /*
  * errno                        1 byte
  * return value         4 bytes
@@ -3290,6 +3569,134 @@
 }
 
 /*
+ * audit ID                     4 bytes
+ * euid                         4 bytes
+ * egid                         4 bytes
+ * ruid                         4 bytes
+ * rgid                         4 bytes
+ * pid                          4 bytes
+ * sessid                       4 bytes
+ * terminal ID
+ *   portid             8 bytes
+ *   type               4 bytes
+ *   machine id         16 bytes
+ */
+static int
+fetch_subject64ex_tok(tokenstr_t *tok, char *buf, int len)
+{
+	int err = 0;
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.auid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.euid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.egid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.ruid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.rgid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.pid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.sid, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT64(buf, len, tok->tt.subj64_ex.tid.port, tok->len,
+	    err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.tid.type, tok->len,
+	    err);
+	if (err)
+		return (-1);
+
+	if (tok->tt.subj64_ex.tid.type == AU_IPv4) {
+		READ_TOKEN_BYTES(buf, len, &tok->tt.subj64_ex.tid.addr[0],
+		    sizeof(tok->tt.subj64_ex.tid.addr[0]), tok->len, err);
+		if (err)
+			return (-1);
+	} else if (tok->tt.subj64_ex.tid.type == AU_IPv6) {
+		READ_TOKEN_BYTES(buf, len, tok->tt.subj64_ex.tid.addr,
+		    sizeof(tok->tt.subj64_ex.tid.addr), tok->len, err);
+		if (err)
+			return (-1);
+	} else
+		return (-1);
+
+	return (0);
+}
+
+static void
+print_subject64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
+    __unused char sfrm, int xml)
+{
+	print_tok_type(fp, tok->id, "subject_ex", raw, xml);
+	if (xml) {
+		open_attr(fp, "audit-uid");
+		print_user(fp, tok->tt.subj64_ex.auid, raw);
+		close_attr(fp);
+		open_attr(fp, "uid");
+		print_user(fp, tok->tt.subj64_ex.euid, raw);
+		close_attr(fp);
+		open_attr(fp, "gid");
+		print_group(fp, tok->tt.subj64_ex.egid, raw);
+		close_attr(fp);
+		open_attr(fp, "ruid");
+		print_user(fp, tok->tt.subj64_ex.ruid, raw);
+		close_attr(fp);
+		open_attr(fp, "rgid");
+		print_group(fp, tok->tt.subj64_ex.rgid, raw);
+		close_attr(fp);
+		open_attr(fp, "pid");
+		print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");
+		close_attr(fp);
+		open_attr(fp, "sid");
+		print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u");
+		close_attr(fp);
+		open_attr(fp, "tid");
+		print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu");
+		print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type,
+		    tok->tt.subj64_ex.tid.addr);
+		close_attr(fp);
+		close_tag(fp, tok->id);
+	} else {
+		print_delim(fp, del);
+		print_user(fp, tok->tt.subj64_ex.auid, raw);
+		print_delim(fp, del);
+		print_user(fp, tok->tt.subj64_ex.euid, raw);
+		print_delim(fp, del);
+		print_group(fp, tok->tt.subj64_ex.egid, raw);
+		print_delim(fp, del);
+		print_user(fp, tok->tt.subj64_ex.ruid, raw);
+		print_delim(fp, del);
+		print_group(fp, tok->tt.subj64_ex.rgid, raw);
+		print_delim(fp, del);
+		print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");
+		print_delim(fp, del);
+		print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u");
+		print_delim(fp, del);
+		print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu");
+		print_delim(fp, del);
+		print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type,
+		    tok->tt.subj64_ex.tid.addr);
+	}
+}
+
+/*
  * size                         2 bytes
  * data                         size bytes
  */
@@ -3533,6 +3940,12 @@
 	case AUT_PROCESS32_EX:
 		return (fetch_process32ex_tok(tok, buf, len));
 
+	case AUT_PROCESS64:
+		return (fetch_process64_tok(tok, buf, len));
+
+	case AUT_PROCESS64_EX:
+		return (fetch_process64ex_tok(tok, buf, len));
+
 	case AUT_RETURN32:
 		return (fetch_return32_tok(tok, buf, len));
 
@@ -3554,11 +3967,14 @@
 	case AUT_SUBJECT32:
 		return (fetch_subject32_tok(tok, buf, len));
 
+	case AUT_SUBJECT32_EX:
+		return (fetch_subject32ex_tok(tok, buf, len));
+
 	case AUT_SUBJECT64:
 		return (fetch_subject64_tok(tok, buf, len));
 
-	case AUT_SUBJECT32_EX:
-		return (fetch_subject32ex_tok(tok, buf, len));
+	case AUT_SUBJECT64_EX:
+		return (fetch_subject64ex_tok(tok, buf, len));
 
 	case AUT_TEXT:
 		return (fetch_text_tok(tok, buf, len));
@@ -3682,6 +4098,14 @@
 		print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
 		return;
 
+	case AUT_PROCESS64:
+		print_process64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
+		return;
+
+	case AUT_PROCESS64_EX:
+		print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
+		return;
+
 	case AUT_RETURN32:
 		print_return32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
 		return;
@@ -3718,6 +4142,10 @@
 		print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
 		return;
 
+	case AUT_SUBJECT64_EX:
+		print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
+		return;
+
 	case AUT_TEXT:
 		print_text_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
 		return;
@@ -3840,6 +4268,14 @@
 		print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_XML);
 		return;
 
+	case AUT_PROCESS64:
+		print_process64_tok(outfp, tok, del, raw, sfrm, AU_XML);
+		return;
+
+	case AUT_PROCESS64_EX:
+		print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_XML);
+		return;
+
 	case AUT_RETURN32:
 		print_return32_tok(outfp, tok, del, raw, sfrm, AU_XML);
 		return;
@@ -3876,6 +4312,10 @@
 		print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_XML);
 		return;
 
+	case AUT_SUBJECT64_EX:
+		print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_XML);
+		return;
+
 	case AUT_TEXT:
 		print_text_tok(outfp, tok, del, raw, sfrm, AU_XML);
 		return;

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#53 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#52 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#53 $
  */
 
 #include <sys/types.h>
@@ -212,9 +212,46 @@
 token_t *
 au_to_attr64(struct vnode_au_info *vni)
 {
+	token_t *t;
+	u_char *dptr = NULL;
+	u_int16_t pad0_16 = 0;
+	u_int16_t pad0_32 = 0;
+
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) +
+	    3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2);
+	if (t == NULL)
+		return (NULL);
+
+	ADD_U_CHAR(dptr, AUT_ATTR64);
+
+	/*
+	 * Darwin defines the size for the file mode
+	 * as 2 bytes; BSM defines 4 so pad with 0
+	 */
+	ADD_U_INT16(dptr, pad0_16);
+	ADD_U_INT16(dptr, vni->vn_mode);
+
+	ADD_U_INT32(dptr, vni->vn_uid);
+	ADD_U_INT32(dptr, vni->vn_gid);
+	ADD_U_INT32(dptr, vni->vn_fsid);
 
-	errno = ENOTSUP;
-	return (NULL);
+	/*
+	 * Some systems use 32-bit file ID's, other's use 64-bit file IDs.
+	 * Attempt to handle both, and let the compiler sort it out.  If we
+	 * could pick this out at compile-time, it would be better, so as to
+	 * avoid the else case below.
+	 */
+	if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) {
+		ADD_U_INT32(dptr, pad0_32);
+		ADD_U_INT32(dptr, vni->vn_fileid);
+	} else if (sizeof(vni->vn_fileid) == sizeof(uint64_t))
+		ADD_U_INT64(dptr, vni->vn_fileid);
+	else
+		ADD_U_INT64(dptr, 0LL);
+
+	ADD_U_INT64(dptr, vni->vn_dev);
+
+	return (t);
 }
 
 token_t *
@@ -654,9 +691,26 @@
     __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid,
     __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid)
 {
+	token_t *t;
+	u_char *dptr = NULL;
+
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) +
+	    sizeof(u_int64_t));
+	if (t == NULL)
+		return (NULL);
+
+	ADD_U_CHAR(dptr, AUT_PROCESS64);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->port);
+	ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
 
-	errno = ENOTSUP;
-	return (NULL);
+	return (t);
 }
 
 token_t *
@@ -727,9 +781,42 @@
 au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
     gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
 {
+	token_t *t;
+	u_char *dptr = NULL;
+
+	if (tid->at_type == AU_IPv4)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 
+		    7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+		    2 * sizeof(u_int32_t));
+	else if (tid->at_type == AU_IPv6)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+		    5 * sizeof(u_int32_t));
+	else {
+		errno = EINVAL;
+		return (NULL);
+	}
+	if (t == NULL)
+		return (NULL);
+
+	ADD_U_CHAR(dptr, AUT_PROCESS64_EX);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->at_port);
+	ADD_U_INT32(dptr, tid->at_type);
+	ADD_U_INT32(dptr, tid->at_addr[0]);
+	if (tid->at_type == AU_IPv6) {
+		ADD_U_INT32(dptr, tid->at_addr[1]);
+		ADD_U_INT32(dptr, tid->at_addr[2]);
+		ADD_U_INT32(dptr, tid->at_addr[3]);
+	}
 
-	errno = ENOTSUP;
-	return (NULL);
+	return (t);
 }
 
 token_t *
@@ -944,9 +1031,26 @@
 au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
     pid_t pid, au_asid_t sid, au_tid_t *tid)
 {
+	token_t *t;
+	u_char *dptr = NULL;
+
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) +
+	    sizeof(u_int64_t) + sizeof(u_int32_t));
+	if (t == NULL)
+		return (NULL);
 
-	errno = ENOTSUP;
-	return (NULL);
+	ADD_U_CHAR(dptr, AUT_SUBJECT64);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->port);
+	ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
+
+	return (t);
 }
 
 token_t *
@@ -1016,9 +1120,42 @@
 au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
     gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
 {
+	token_t *t;
+	u_char *dptr = NULL;
+
+	if (tid->at_type == AU_IPv4)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+		    2 * sizeof(u_int32_t));
+	else if (tid->at_type == AU_IPv6)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+		    5 * sizeof(u_int32_t));
+	else {
+		errno = EINVAL;
+		return (NULL);
+	}
+	if (t == NULL)
+		return (NULL);
+
+	ADD_U_CHAR(dptr, AUT_SUBJECT64_EX);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->at_port);
+	ADD_U_INT32(dptr, tid->at_type);
+	ADD_U_INT32(dptr, tid->at_addr[0]);
+	if (tid->at_type == AU_IPv6) {
+		ADD_U_INT32(dptr, tid->at_addr[1]);
+		ADD_U_INT32(dptr, tid->at_addr[2]);
+		ADD_U_INT32(dptr, tid->at_addr[3]);
+	}
 
-	errno = ENOTSUP;
-	return (NULL);
+	return (t);
 }
 
 token_t *
@@ -1166,6 +1303,33 @@
 	return (t);
 }
 
+token_t *
+au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+    struct timeval tm)
+{
+	token_t *t;
+	u_char *dptr = NULL;
+	u_int32_t timems;
+
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
+	    sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t));
+	if (t == NULL)
+		return (NULL);
+
+	ADD_U_CHAR(dptr, AUT_HEADER64);
+	ADD_U_INT32(dptr, rec_size);
+	ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM);
+	ADD_U_INT16(dptr, e_type);
+	ADD_U_INT16(dptr, e_mod);
+
+	timems = tm.tv_usec/1000;
+	/* Add the timestamp */
+	ADD_U_INT64(dptr, tm.tv_sec);
+	ADD_U_INT64(dptr, timems);	/* We need time in ms. */
+
+	return (t);
+}
+
 #if !defined(KERNEL) && !defined(_KERNEL)
 token_t *
 au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
@@ -1181,9 +1345,11 @@
 au_to_header64(__unused int rec_size, __unused au_event_t e_type,
     __unused au_emod_t e_mod)
 {
+	struct timeval tm;
 
-	errno = ENOTSUP;
-	return (NULL);
+	if (gettimeofday(&tm, NULL) == -1)
+		return (NULL);
+	return (au_to_header64_tm(rec_size, e_type, e_mod, tm));
 }
 
 token_t *



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611211708.kALH8MEl064668>