Date: Mon, 5 Jun 2006 13:27:12 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 98552 for review Message-ID: <200606051327.k55DRCi0087576@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=98552 Change 98552 by rwatson@rwatson_zoo on 2006/06/05 13:26:20 Integrate TrustedBSD base branch from FreeBSD CVS to loop back various audit-related changes: - Merge OpenBSM 1.0 alpha 6 changes into src/sys/bsm, src/sys/security/audit. - Audit accounting setup. Affected files ... .. //depot/projects/trustedbsd/base/sys/bsm/audit.h#4 integrate .. //depot/projects/trustedbsd/base/sys/bsm/audit_record.h#2 integrate .. //depot/projects/trustedbsd/base/sys/dev/acpi_support/acpi_panasonic.c#5 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_acct.c#29 integrate .. //depot/projects/trustedbsd/base/sys/pc98/pc98/machdep.c#11 integrate .. //depot/projects/trustedbsd/base/sys/security/audit/audit_bsm.c#4 integrate .. //depot/projects/trustedbsd/base/sys/security/audit/audit_bsm_token.c#3 integrate Differences ... ==== //depot/projects/trustedbsd/base/sys/bsm/audit.h#4 (text+ko) ==== @@ -30,8 +30,8 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/base/sys/bsm/audit.h#3 $ - * $FreeBSD: src/sys/bsm/audit.h,v 1.3 2006/03/04 16:54:21 rwatson Exp $ + * $P4: //depot/projects/trustedbsd/base/sys/bsm/audit.h#4 $ + * $FreeBSD: src/sys/bsm/audit.h,v 1.4 2006/06/05 12:55:45 rwatson Exp $ */ #ifndef _BSM_AUDIT_H @@ -282,11 +282,11 @@ unsigned int as_version; unsigned int as_numevent; int as_generated; - int as_nonattring; + int as_nonattrib; int as_kernel; int as_audit; int as_auditctl; - int as_enqueu; + int as_enqueue; int as_written; int as_wblocked; int as_rblocked; ==== //depot/projects/trustedbsd/base/sys/bsm/audit_record.h#2 (text) ==== @@ -30,24 +30,16 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#8 $ - * $FreeBSD: src/sys/bsm/audit_record.h,v 1.1 2006/02/01 19:54:22 rwatson Exp $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#13 $ + * $FreeBSD: src/sys/bsm/audit_record.h,v 1.2 2006/06/05 13:00:52 rwatson Exp $ */ #ifndef _BSM_AUDIT_RECORD_H_ #define _BSM_AUDIT_RECORD_H_ -/* Various token id types */ - /* - * Values inside the comments are not documented in the BSM pages and - * have been picked up from the header files + * Token type identifiers. */ - -/* - * Values marked as XXX do not have a value defined in the BSM header files - */ - #define AUT_INVALID 0x00 #define AUT_OTHER_FILE32 0x11 #define AUT_OHEADER 0x12 @@ -188,13 +180,19 @@ /* data-types for the arbitrary token */ #define AUR_BYTE 0 +#define AUR_CHAR AUR_BYTE #define AUR_SHORT 1 -#define AUR_LONG 2 +#define AUR_INT32 2 +#define AUR_INT AUR_INT +#define AUR_INT64 3 /* ... and their sizes */ #define AUR_BYTE_SIZE sizeof(u_char) +#define AUR_CHAR_SIZE AUR_BYTE_SIZE #define AUR_SHORT_SIZE sizeof(uint16_t) -#define AUR_LONG_SIZE sizeof(uint32_t) +#define AUR_INT32_SIZE sizeof(uint32_t) +#define AUR_INT_SIZE AUR_INT32_SIZE +#define AUR_INT64_SIZE sizeof(uint64_t) /* Modifiers for the header token */ #define PAD_NOTATTR 0x4000 /* nonattributable event */ @@ -231,24 +229,18 @@ int au_write(int d, token_t *m); int au_close(int d, int keep, short event); int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen); +int au_close_token(token_t *tok, u_char *buffer, size_t *buflen); -#if defined(KERNEL) || defined(_KERNEL) token_t *au_to_file(char *file, struct timeval tm); -#else -token_t *au_to_file(char *file); -#endif -#if defined(KERNEL) || defined(_KERNEL) -token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod, +token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm); -token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod, - struct timeval tm); -#else +#if !defined(KERNEL) && !defined(_KERNEL) token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); +token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); #endif -token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_me(void); token_t *au_to_arg(char n, char *text, uint32_t v); token_t *au_to_arg32(char n, char *text, uint32_t v); ==== //depot/projects/trustedbsd/base/sys/dev/acpi_support/acpi_panasonic.c#5 (text+ko) ==== @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/dev/acpi_support/acpi_panasonic.c,v 1.9 2005/09/11 18:39:00 obrien Exp $"); +__FBSDID("$FreeBSD: src/sys/dev/acpi_support/acpi_panasonic.c,v 1.10 2006/06/05 11:55:20 nyan Exp $"); #include "opt_acpi.h" #include <sys/param.h> @@ -413,8 +413,11 @@ acpi_panasonic_hkey_action(struct acpi_panasonic_softc *sc, ACPI_HANDLE h, UINT32 key) { + struct acpi_softc *acpi_sc; int arg, max, min; + acpi_sc = acpi_device_get_parent_softc(sc->dev); + ACPI_SERIAL_ASSERT(panasonic); switch (key) { case 1: @@ -450,6 +453,10 @@ arg = 1; hkey_sound_mute(h, HKEY_SET, &arg); break; + case 7: + /* Suspend. */ + acpi_SetSleepState(acpi_sc, ACPI_STATE_S3); + break; } } ==== //depot/projects/trustedbsd/base/sys/kern/kern_acct.c#29 (text+ko) ==== @@ -42,7 +42,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/kern_acct.c,v 1.81 2006/03/28 21:26:59 jhb Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/kern_acct.c,v 1.82 2006/06/05 13:02:34 rwatson Exp $"); #include "opt_mac.h" @@ -171,8 +171,8 @@ * appending and make sure it's a 'normal'. */ if (uap->path != NULL) { - NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE, UIO_USERSPACE, - uap->path, td); + NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, + UIO_USERSPACE, uap->path, td); flags = FWRITE | O_APPEND; error = vn_open(&nd, &flags, 0, -1); if (error) ==== //depot/projects/trustedbsd/base/sys/pc98/pc98/machdep.c#11 (text+ko) ==== @@ -38,7 +38,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/pc98/pc98/machdep.c,v 1.375 2006/05/11 17:29:23 phk Exp $"); +__FBSDID("$FreeBSD: src/sys/pc98/pc98/machdep.c,v 1.376 2006/06/05 11:53:36 nyan Exp $"); #include "opt_atalk.h" #include "opt_compat.h" @@ -2540,6 +2540,10 @@ bcopy(&mcp->mc_fpstate, addr, sizeof(mcp->mc_fpstate)); } #ifdef DEV_NPX +#ifdef CPU_ENABLE_SSE + if (cpu_fxsr) + addr->sv_xmm.sv_env.en_mxcsr &= cpu_mxcsr_mask; +#endif /* * XXX we violate the dubious requirement that npxsetregs() * be called with interrupts disabled. ==== //depot/projects/trustedbsd/base/sys/security/audit/audit_bsm.c#4 (text) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/security/audit/audit_bsm.c,v 1.4 2006/03/19 17:34:00 rwatson Exp $ + * $FreeBSD: src/sys/security/audit/audit_bsm.c,v 1.5 2006/06/05 13:13:02 rwatson Exp $ */ #include <sys/param.h> @@ -122,7 +122,7 @@ /* Create the header token */ tm.tv_usec = ctime->tv_nsec / 1000; tm.tv_sec = ctime->tv_sec; - hdr = au_to_header32(tot_rec_size, event, 0, tm); + hdr = au_to_header32_tm(tot_rec_size, event, 0, tm); TAILQ_INSERT_HEAD(&rec->token_q, hdr, tokens); trail = au_to_trailer(tot_rec_size); ==== //depot/projects/trustedbsd/base/sys/security/audit/audit_bsm_token.c#3 (text) ==== @@ -30,12 +30,13 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#9 $ - * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.2 2006/03/04 17:00:55 rwatson Exp $ + * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#15 $ + * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.3 2006/06/05 13:13:02 rwatson Exp $ */ #include <sys/types.h> #include <sys/endian.h> +#include <sys/queue.h> #include <sys/socket.h> #include <sys/time.h> @@ -208,6 +209,7 @@ /* Determine the size of the basic unit. */ switch (unit_type) { case AUR_BYTE: + /* case AUR_CHAR: */ datasize = AUR_BYTE_SIZE; break; @@ -215,8 +217,13 @@ datasize = AUR_SHORT_SIZE; break; - case AUR_LONG: - datasize = AUR_LONG_SIZE; + case AUR_INT32: + /* case AUR_INT: */ + datasize = AUR_INT32_SIZE; + break; + + case AUR_INT64: + datasize = AUR_INT64_SIZE; break; default: @@ -225,7 +232,7 @@ totdata = datasize * unit_count; - GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char)); + GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); ADD_U_CHAR(dptr, AUT_DATA); ADD_U_CHAR(dptr, unit_print); @@ -299,10 +306,10 @@ token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_IN_ADDR); - ADD_U_INT32(dptr, internet_addr->s_addr); + ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); return (t); } @@ -319,11 +326,11 @@ u_char *dptr = NULL; u_int32_t type = AF_INET6; - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); ADD_U_INT32(dptr, type); - ADD_MEM(dptr, internet_addr, sizeof(*internet_addr)); + ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t)); return (t); } @@ -463,25 +470,13 @@ * file pathname N bytes + 1 terminating NULL byte */ token_t * -#if defined(KERNEL) || defined(_KERNEL) au_to_file(char *file, struct timeval tm) -#else -au_to_file(char *file) -#endif { token_t *t; u_char *dptr = NULL; u_int16_t filelen; u_int32_t timems; -#if !defined(KERNEL) && !defined(_KERNEL) - struct timeval tm; - struct timezone tzp; - if (gettimeofday(&tm, &tzp) == -1) - return (NULL); -#endif - /* XXXRW: else ...? */ - filelen = strlen(file); filelen += 1; @@ -578,7 +573,7 @@ ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); - ADD_U_INT32(dptr, tid->machine); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } @@ -822,19 +817,26 @@ { token_t *t; u_char *dptr = NULL; + uint16_t family; - GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + - sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + + sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_SOCKINET32); /* - * In Darwin, sin_family is one octet, but BSM defines the token - * to store two. So we copy in a 0 first. + * BSM defines the family field as 16 bits, but many operating + * systems have an 8-bit sin_family field. Extend to 16 bits before + * writing into the token. Assume that both the port and the address + * in the sockaddr_in are already in network byte order, but family + * is in local byte order. + * + * XXXRW: Should a name space conversion be taking place on the value + * of sin_family? */ - ADD_U_CHAR(dptr, 0); - ADD_U_CHAR(dptr, so->sin_family); - ADD_U_INT16(dptr, so->sin_port); - ADD_U_INT32(dptr, so->sin_addr.s_addr); + family = so->sin_family; + ADD_U_INT16(dptr, family); + ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); + ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); return (t); @@ -858,7 +860,7 @@ ADD_U_CHAR(dptr, so->sin6_family); ADD_U_INT16(dptr, so->sin6_port); - ADD_MEM(dptr, &so->sin6_addr, sizeof(so->sin6_addr)); + ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); return (t); @@ -902,7 +904,7 @@ ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); - ADD_U_INT32(dptr, tid->machine); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } @@ -1088,24 +1090,12 @@ * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * -#if defined(KERNEL) || defined(_KERNEL) -au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod, +au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm) -#else -au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) -#endif { token_t *t; u_char *dptr = NULL; u_int32_t timems; -#if !defined(KERNEL) && !defined(_KERNEL) - struct timeval tm; - struct timezone tzp; - - if (gettimeofday(&tm, &tzp) == -1) - return (NULL); -#endif - /* XXXRW: else ...? */ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); @@ -1124,30 +1114,6 @@ return (t); } -token_t * -au_to_header64(__unused int rec_size, __unused au_event_t e_type, - __unused au_emod_t e_mod) -{ - - return (NULL); -} - -token_t * -#if defined(KERNEL) || defined(_KERNEL) -au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod, - struct timeval tm) -{ - - return (au_to_header32(rec_size, e_type, e_mod, tm)); -} -#else -au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) -{ - - return (au_to_header32(rec_size, e_type, e_mod)); -} -#endif - /* * token ID 1 byte * trailer magic number 2 bytes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606051327.k55DRCi0087576>