Date: Sat, 4 Mar 2006 22:54:25 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 92749 for review Message-ID: <200603042254.k24MsPFi091573@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=92749 Change 92749 by rwatson@rwatson_zoo on 2006/03/04 22:54:15 Integrate TrustedBSD base branch from FreeBSD CVS: - OpenBSM 1.0 alpha 5 loop back. - dwmalone's structural improvements to mac_bsdextended. Affected files ... .. //depot/projects/trustedbsd/base/contrib/openbsm/CHANGELOG#3 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/FREEBSD-upgrade#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/HISTORY#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/Makefile#2 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/Makefile.am#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/Makefile.in#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/README#3 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/TODO#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/aclocal.m4#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/autogen.sh#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/Makefile#2 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/Makefile.am#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/Makefile.in#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/audit/Makefile#2 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/audit/Makefile.am#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/audit/Makefile.in#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/audit/audit.c#3 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/auditd/Makefile#2 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/auditd/Makefile.am#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/auditd/Makefile.in#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/auditd/audit_warn.c#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/auditd/auditd.c#3 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/auditreduce/Makefile#2 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/auditreduce/Makefile.am#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/auditreduce/Makefile.in#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/praudit/Makefile#2 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/praudit/Makefile.am#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bin/praudit/Makefile.in#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bsm/Makefile#2 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/bsm/Makefile.am#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bsm/Makefile.in#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/bsm/audit.h#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/bsm/audit_internal.h#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/bsm/libbsm.h#3 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/compat/endian.h#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/compat/queue.h#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/config/config.guess#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/config/config.h#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/config/config.h.in#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/config/config.sub#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/config/depcomp#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/config/install-sh#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/config/ltmain.sh#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/config/missing#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/configure#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/configure.ac#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/Makefile#2 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/Makefile.am#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/Makefile.in#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_audit.c#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_io.c#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_mask.c#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_notify.c#3 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_token.c#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_user.c#2 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_wrappers.c#3 integrate .. //depot/projects/trustedbsd/base/contrib/openbsm/man/Makefile#3 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/man/Makefile.am#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/man/Makefile.in#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/tools/Makefile#2 delete .. //depot/projects/trustedbsd/base/contrib/openbsm/tools/Makefile.am#1 branch .. //depot/projects/trustedbsd/base/contrib/openbsm/tools/Makefile.in#1 branch .. //depot/projects/trustedbsd/base/lib/libutil/pidfile.3#4 integrate .. //depot/projects/trustedbsd/base/sys/bsm/audit.h#3 integrate .. //depot/projects/trustedbsd/base/sys/bsm/audit_internal.h#2 integrate .. //depot/projects/trustedbsd/base/sys/dev/mpt/mpt.c#13 integrate .. //depot/projects/trustedbsd/base/sys/geom/label/g_label_ufs.c#7 integrate .. //depot/projects/trustedbsd/base/sys/opencrypto/crypto.c#13 integrate .. //depot/projects/trustedbsd/base/sys/security/audit/audit.c#4 integrate .. //depot/projects/trustedbsd/base/sys/security/audit/audit_bsm_token.c#2 integrate .. //depot/projects/trustedbsd/base/sys/security/audit/audit_pipe.c#3 integrate .. //depot/projects/trustedbsd/base/sys/security/audit/audit_private.h#3 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_bsdextended/mac_bsdextended.c#21 integrate .. //depot/projects/trustedbsd/base/usr.bin/finger/sprint.c#8 integrate Differences ... ==== //depot/projects/trustedbsd/base/contrib/openbsm/FREEBSD-upgrade#2 (text) ==== @@ -1,7 +1,33 @@ Upgrade Instructions for OpenBSM -------------------------------- -Currently this is very straight forward: +OpenBSM integrates into the FreeBSD source tree in several places: + +src/contrib/openbsm The OpenBSM distribution itself +src/sys/bsm Modified versions of some bsm/ include files +src/sys/security/audit Kernel audit framework, some OpenBSM-based files +src/usr.sbin/*audit* Makefiles for various OpenBSM tools +src/etc/Makefile Installation of /etc OpenBSM files +src/lib/libbsm/* Build for OpenBSM library + +OpenBSM is normally built using an integrated autoconf/automake build +system. For the purposes of tight integration with FreeBSD, we use an +adapted BSD make (bmake) build system loosely based on the autmake +setup. We also rely on a static config.h generated when OpenBSM is +imported, rather than re-configuring every build. This leads to a +more reproduceable build environment, and avoids dependence on things +not in the base tree (i.e., autoconf, automake, GNU make, etc). An +upgrade of OpenBSM generally involves the following steps: + +- Vendor import of OpenBSM into src/contrib. +- Run configure, commit src/contrib/openbsm/config/config.h. +- Replication of src/contrib/openbsm/bsm changes into src/sys/bsm. +- Possible updates to src/sys/security/audit, especially relating to + bsm_token.c. +- Update any library, tool, or etc BSD Makefiles to add new files, + defines, or other generally useful or necessary things. + +Normally, the CVS vendor import goes along the following lines: cd ~/p4/projects/trustedbsd/openbsm cvs -d rwatson@repoman.FreeBSD.org:/home/ncvs -q import src/contrib/openbsm \ @@ -10,10 +36,9 @@ Replacing the version string as required. Use the "-n" argument to CVS to do a test run. -Right now, no local FreeBSD modification or configuration is required. In -future OpenBSM versions, this is likely to change. +Propagation of changes to src/sys/{bsm,security/audit} is something that +requires careful coordination and attention to detail. These files are +not on CVS vendor branches, but do have the same local vs. vendor merge +issues. -After importing OpenBSM, make sure to propagate any changes to files that -appear in both contrib/openbsm/bsm and sys/bsm. - -$FreeBSD: src/contrib/openbsm/FREEBSD-upgrade,v 1.2 2006/02/06 00:03:39 rwatson Exp $ +$FreeBSD: src/contrib/openbsm/FREEBSD-upgrade,v 1.3 2006/03/04 16:50:04 rwatson Exp $ ==== //depot/projects/trustedbsd/base/contrib/openbsm/README#3 (text) ==== @@ -25,26 +25,34 @@ Building -OpenBSM is currently built using a series of BSD make files which should -work on both FreeBSD and Darwin. One known issue is that versions of -Darwin prior to 10.3.8 have a nested include of "sys/audit.h" from -"sys/proc.h", which can result in type definition conflicts. If running -with include files from an earlier version of Darwin, the nested include -must be manually removed in order that libbsm can be built, due to -potentially conflicting types resulting from an include of "sys/sysctl.h" -by that file. On Darwin, the use of BSD make must be specified explicitly -by using "bsdmake" rather than "make", which on Darwin refers to GNU make. -Typical invocations from the OpenBSM tree root: +OpenBSM is currently built using autoconf and automake, which should allow +for building on a range of operating systems, including FreeBSD, Mac OS X, +and Linux. Depending on the availability of audit facailities in the +underlying operating system, some components that depend on kernel audit +support are built conditionally. Typically, build will be performed using + + ./configure + make + +To install, use: -FreeBSD + make install - % make - # make install +You may wish to specify that the OpenBSM components not be installed in the +base system, rather in a specific directory. This may be done using the +--prefix argument to configure. If installing to a specific directory, +remember to update your library path so that running tools from that +directory the correct libbsm is used: -Darwin + ./configure --prefix=/home/rwatson/openbsm + make + make install + LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH - % bsdmake - # bsdmake install +You will need to manually propagate openbsm/etc/* into /etc on your system; +this is not done automatically so as to avoid disrupting the current +configuration. Currently, the locations of these files is not +configurable. Credits @@ -65,6 +73,7 @@ Christian Brueffer Olivier Houchard Christian Peron + Martin Fong In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel Software's FlexeLint tool were used to identify a number of bugs in the @@ -86,4 +95,4 @@ http://www.TrustedBSD.org/ -$P4: //depot/projects/trustedbsd/openbsm/README#14 $ +$P4: //depot/projects/trustedbsd/openbsm/README#16 $ ==== //depot/projects/trustedbsd/base/contrib/openbsm/TODO#2 (text) ==== @@ -8,5 +8,10 @@ - Document contents of libbsm "public" data structures in libbsm man pages. - The audit.log.5 man page is incomplete, as it does not describe all token types. +- With the move to autoconf/automake, man page symlinks are no longer + installed. This needs to be fixed. +- It might be desirable to be able to provide EOPNOTSUPP system call stubs + on systems that don't have the necessary audit system calls; that would + allow the full libbsm and tool set to build, just not run. -$P4: //depot/projects/trustedbsd/openbsm/TODO#4 $ +$P4: //depot/projects/trustedbsd/openbsm/TODO#5 $ ==== //depot/projects/trustedbsd/base/contrib/openbsm/bin/audit/audit.c#3 (text) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#6 $ */ /* * Program to trigger the audit daemon with a message that is either: @@ -44,7 +44,7 @@ #include <sys/queue.h> #include <sys/uio.h> -#include <bsm/audit.h> +#include <bsm/libbsm.h> #include <fcntl.h> #include <stdio.h> ==== //depot/projects/trustedbsd/base/contrib/openbsm/bin/auditd/audit_warn.c#2 (text) ==== @@ -30,12 +30,14 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#6 $ */ #include <sys/types.h> + +#include <stdio.h> +#include <stdlib.h> #include <unistd.h> -#include <stdio.h> #include "auditd.h" ==== //depot/projects/trustedbsd/base/contrib/openbsm/bin/auditd/auditd.c#3 (text) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#12 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#13 $ */ #include <sys/types.h> @@ -795,7 +795,11 @@ } } +#ifdef LOG_SECURITY openlog("auditd", LOG_CONS | LOG_PID, LOG_SECURITY); +#else + openlog("auditd", LOG_CONS | LOG_PID, LOG_AUTH); +#endif syslog(LOG_INFO, "starting...\n"); if (debug == 0 && daemon(0, 0) == -1) { ==== //depot/projects/trustedbsd/base/contrib/openbsm/bsm/audit.h#2 (text) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#14 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#15 $ */ #ifndef _BSM_AUDIT_H @@ -240,25 +240,11 @@ }; typedef struct auditpinfo_addr auditpinfo_addr_t; -/* Token and record structures. */ - -struct au_token { - u_char *t_data; - size_t len; - TAILQ_ENTRY(au_token) tokens; -}; +/* + * Contents of token_t are opaque outside of libbsm. + */ typedef struct au_token token_t; -struct au_record { - char used; /* Record currently in use? */ - int desc; /* Descriptor for record. */ - TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ - u_char *data; - size_t len; - LIST_ENTRY(au_record) au_rec_q; -}; -typedef struct au_record au_record_t; - /* * Kernel audit queue control parameters. */ @@ -310,6 +296,9 @@ }; typedef struct au_evclass_map au_evclass_map_t; +/* + * Audit system calls. + */ #if !defined(_KERNEL) && !defined(KERNEL) int audit(const void *, int); int auditon(int, void *, int); ==== //depot/projects/trustedbsd/base/contrib/openbsm/bsm/audit_internal.h#2 (text) ==== @@ -34,11 +34,15 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#7 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#13 $ */ -#ifndef _LIBBSM_INTERNAL_H -#define _LIBBSM_INTERNAL_H +#ifndef _AUDIT_INTERNAL_H +#define _AUDIT_INTERNAL_H + +#if defined(__linux__) && !defined(__unused) +#define __unused +#endif /* * audit_internal.h contains private interfaces that are shared by user space @@ -47,7 +51,23 @@ * broken with future releases of OpenBSM, which may delete, modify, or * otherwise break these interfaces or the assumptions they rely on. */ +struct au_token { + u_char *t_data; + size_t len; + TAILQ_ENTRY(au_token) tokens; +}; + +struct au_record { + char used; /* Record currently in use? */ + int desc; /* Descriptor for record. */ + TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ + u_char *data; + size_t len; + LIST_ENTRY(au_record) au_rec_q; +}; +typedef struct au_record au_record_t; + /* We could determined the header and trailer sizes by * defining appropriate structures. We hold off that approach * till we have a consistant way of using structures for all tokens. @@ -96,4 +116,4 @@ #define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size) -#endif /* !_LIBBSM_INTERNAL_H_ */ +#endif /* !_AUDIT_INTERNAL_H_ */ ==== //depot/projects/trustedbsd/base/contrib/openbsm/bsm/libbsm.h#3 (text) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#16 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#18 $ */ #ifndef _LIBBSM_H_ @@ -42,9 +42,9 @@ #include <sys/types.h> #include <sys/cdefs.h> -#include <sys/queue.h> #include <stdint.h> /* Required for audit.h. */ +#include <time.h> /* Required for clock_t on Linux. */ #include <bsm/audit.h> #include <bsm/audit_record.h> ==== //depot/projects/trustedbsd/base/contrib/openbsm/compat/endian.h#2 (text) ==== @@ -25,18 +25,13 @@ * SUCH DAMAGE. * * Derived from FreeBSD src/sys/sys/endian.h:1.6. - * $P4: //depot/projects/trustedbsd/openbsm/compat/endian.h#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/compat/endian.h#7 $ */ #ifndef _COMPAT_ENDIAN_H_ #define _COMPAT_ENDIAN_H_ /* - * Pick up value of BYTE_ORDER/_BYTE_ORDER if not yet included. - */ -#include <machine/endian.h> - -/* * Some systems will have the uint/int types defined here already, others * will need stdint.h. */ ==== //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_audit.c#2 (text) ==== @@ -30,11 +30,17 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#18 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#22 $ */ #include <sys/types.h> + +#include <config/config.h> +#ifdef HAVE_FULL_QUEUE_H #include <sys/queue.h> +#else +#include <compat/queue.h> +#endif #include <bsm/audit_internal.h> #include <bsm/libbsm.h> @@ -256,11 +262,13 @@ pthread_mutex_unlock(&mutex); } +#ifdef HAVE_AUDIT_SYSCALLS /* * Add the header token, identify any missing tokens. Write out the tokens to * the record memory and finally, call audit. */ -int au_close(int d, int keep, short event) +int +au_close(int d, int keep, short event) { au_record_t *rec; size_t tot_rec_size; @@ -308,6 +316,7 @@ au_teardown(rec); return (retval); } +#endif /* HAVE_AUDIT_SYSCALLS */ /* * au_close(), except onto an in-memory buffer. Buffer size as an argument, ==== //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_io.c#2 (text) ==== @@ -31,15 +31,32 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#29 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#34 $ */ #include <sys/types.h> -#ifdef __APPLE__ + +#include <config/config.h> +#ifdef HAVE_SYS_ENDIAN_H +#include <sys/endian.h> +#else /* !HAVE_SYS_ENDIAN_H */ +#ifdef HAVE_MACHINE_ENDIAN_H +#include <machine/endian.h> +#else /* !HAVE_MACHINE_ENDIAN_H */ +#ifdef HAVE_ENDIAN_H +#include <endian.h> +#else /* !HAVE_ENDIAN_H */ +#error "No supported endian.h" +#endif /* !HAVE_ENDIAN_H */ +#endif /* !HAVE_MACHINE_ENDIAN_H */ #include <compat/endian.h> -#else /* !__APPLE__ */ -#include <sys/endian.h> -#endif /* __APPLE__*/ +#endif /* !HAVE_SYS_ENDIAN_H */ +#ifdef HAVE_FULL_QUEUE_H +#include <sys/queue.h> +#else /* !HAVE_FULL_QUEUE_H */ +#include <compat/queue.h> +#endif /* !HAVE_FULL_QUEUE_H */ + #include <sys/stat.h> #include <sys/socket.h> @@ -381,10 +398,7 @@ break; case AU_IPv6: - ipv6.__u6_addr.__u6_addr32[0] = ipaddr[0]; - ipv6.__u6_addr.__u6_addr32[1] = ipaddr[1]; - ipv6.__u6_addr.__u6_addr32[2] = ipaddr[2]; - ipv6.__u6_addr.__u6_addr32[3] = ipaddr[3]; + bcopy(ipaddr, &ipv6, sizeof(ipv6)); fprintf(fp, "%s", inet_ntop(AF_INET6, &ipv6, dst, INET6_ADDRSTRLEN)); break; ==== //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_mask.c#2 (text) ==== @@ -27,11 +27,17 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_mask.c#11 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_mask.c#13 $ */ #include <sys/types.h> + +#include <config/config.h> +#ifdef HAVE_FULL_QUEUE_H #include <sys/queue.h> +#else /* !HAVE_FULL_QUEUE_H */ +#include <compat/queue.h> +#endif /* !HAVE_FULL_QUEUE_H */ #include <bsm/libbsm.h> ==== //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_notify.c#3 (text) ==== @@ -26,18 +26,30 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#9 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#11 $ */ /* * Based on sample code from Marc Majka. */ -#include <string.h> /* strerror() */ -#include <sys/errno.h> /* errno */ +#include <sys/types.h> + +#include <config/config.h> +#ifdef HAVE_FULL_QUEUE_H +#include <sys/queue.h> +#else /* !HAVE_FULL_QUEUE_H */ +#include <compat/queue.h> +#endif /* !HAVE_FULL_QUEUE_H */ + +#include <bsm/audit_internal.h> #include <bsm/libbsm.h> -#include <stdint.h> /* uint32_t */ -#include <syslog.h> /* syslog() */ -#include <stdarg.h> /* syslog() */ + +#include <errno.h> +#include <stdint.h> +#include <stdarg.h> +#include <string.h> +#include <syslog.h> + #ifdef __APPLE__ #include <notify.h> ==== //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_token.c#2 (text) ==== @@ -30,15 +30,32 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#34 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#43 $ */ #include <sys/types.h> -#ifdef __APPLE__ + +#include <config/config.h> +#ifdef HAVE_SYS_ENDIAN_H +#include <sys/endian.h> +#else /* !HAVE_SYS_ENDIAN_H */ +#ifdef HAVE_MACHINE_ENDIAN_H +#include <machine/endian.h> +#else /* !HAVE_MACHINE_ENDIAN_H */ +#ifdef HAVE_ENDIAN_H +#include <endian.h> +#else /* !HAVE_ENDIAN_H */ +#error "No supported endian.h" +#endif /* !HAVE_ENDIAN_H */ +#endif /* !HAVE_MACHINE_ENDIAN_H */ #include <compat/endian.h> -#else /* !__APPLE__ */ -#include <sys/endian.h> -#endif /* __APPLE__*/ +#endif /* !HAVE_SYS_ENDIAN_H */ +#ifdef HAVE_FULL_QUEUE_H +#include <sys/queue.h> +#else /* !HAVE_FULL_QUEUE_H */ +#include <compat/queue.h> +#endif /* !HAVE_FULL_QUEUE_H */ + #include <sys/socket.h> #include <sys/time.h> #include <sys/un.h> @@ -352,10 +369,7 @@ ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); ADD_U_INT32(dptr, type); - ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[0]); - ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[1]); - ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[2]); - ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[3]); + ADD_MEM(dptr, internet_addr, sizeof(*internet_addr)); return (t); } @@ -448,9 +462,18 @@ ADD_U_INT16(dptr, perm->mode); ADD_U_INT16(dptr, pad0); + +#ifdef HAVE_IPC_PERM___SEQ + ADD_U_INT16(dptr, perm->__seq); +#else ADD_U_INT16(dptr, perm->seq); +#endif +#ifdef HAVE_IPC_PERM___KEY + ADD_U_INT32(dptr, perm->__key); +#else ADD_U_INT32(dptr, perm->key); +#endif return (t); } @@ -781,50 +804,6 @@ /* * token ID 1 byte - * socket type 2 bytes - * local port 2 bytes - * local Internet address 4 bytes - * remote port 2 bytes - * remote Internet address 4 bytes - */ -token_t * -au_to_socket(struct socket *so) -{ - - errno = ENOTSUP; - return (NULL); -} - -/* - * token ID 1 byte - * socket type 2 bytes - * local port 2 bytes - * address type/length 4 bytes - * local Internet address 4 bytes/16 bytes (IPv4/IPv6 address) - * remote port 4 bytes - * address type/length 4 bytes - * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address) - */ -token_t * -au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, struct sockaddr *la, - struct sockaddr *ra) -{ - - errno = ENOTSUP; - return (NULL); -} - -token_t * -au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, struct sockaddr *la, - struct sockaddr *ra) -{ - - errno = ENOTSUP; - return (NULL); -} - -/* - * token ID 1 byte * socket family 2 bytes * path 104 bytes */ @@ -898,10 +877,7 @@ ADD_U_CHAR(dptr, so->sin6_family); ADD_U_INT16(dptr, so->sin6_port); - ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[0]); - ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[1]); - ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[2]); - ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[3]); + ADD_MEM(dptr, &so->sin6_addr, sizeof(so->sin6_addr)); return (t); @@ -1031,7 +1007,7 @@ tid)); } -#if !defined(_KERNEL) && !defined(KERNEL) +#if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) /* * Collects audit information for the current process * and creates a subject token from it ==== //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_user.c#2 (text) ==== @@ -27,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#14 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#15 $ */ #include <bsm/libbsm.h> ==== //depot/projects/trustedbsd/base/contrib/openbsm/libbsm/bsm_wrappers.c#3 (text) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#16 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#18 $ */ #ifdef __APPLE__ @@ -35,6 +35,11 @@ #include <sys/param.h> #include <sys/stat.h> + +#ifdef __APPLE__ +#include <sys/queue.h> /* Our bsm/audit.h doesn't include queue.h. */ +#endif + #include <sys/sysctl.h> #include <bsm/libbsm.h> @@ -56,7 +61,11 @@ if (p == NULL) return (kAUBadParamErr); +#ifdef NODEV *p = NODEV; +#else + *p = -1; +#endif /* for /usr/bin/login, try fstat() first */ if (fstat(STDIN_FILENO, &st) != 0) { @@ -78,6 +87,8 @@ int audit_set_terminal_host(uint32_t *m) { + +#ifdef KERN_HOSTID int name[2] = { CTL_KERN, KERN_HOSTID }; size_t len; @@ -90,6 +101,10 @@ return (kAUSysctlErr); } return (kAUNoErr); +#else + *m = -1; + return (kAUNoErr); +#endif } int ==== //depot/projects/trustedbsd/base/lib/libutil/pidfile.3#4 (text+ko) ==== @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libutil/pidfile.3,v 1.4 2006/01/28 14:13:15 pjd Exp $ +.\" $FreeBSD: src/lib/libutil/pidfile.3,v 1.5 2006/03/04 15:20:28 keramida Exp $ .\" .Dd August 22, 2005 .Dt PIDFILE 3 @@ -120,8 +120,8 @@ pfh = pidfile_open("/var/run/daemon.pid", 0600, &otherpid); if (pfh == NULL) { if (errno == EEXIST) { - errx(EXIT_FAILURE, "Daemon already running, pid: %d.", - (int)otherpid); + errx(EXIT_FAILURE, "Daemon already running, pid: %jd.", + (intmax_t)otherpid); } /* If we cannot create pidfile from other reasons, only warn. */ warn("Cannot open or create pidfile"); @@ -147,7 +147,7 @@ /* Do child work. */ break; default: - syslog(LOG_INFO, "Child %d started.", (int)childpid); + syslog(LOG_INFO, "Child %jd started.", (intmax_t)childpid); break; } } ==== //depot/projects/trustedbsd/base/sys/bsm/audit.h#3 (text+ko) ==== @@ -30,8 +30,8 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/base/sys/bsm/audit.h#2 $ - * $FreeBSD: src/sys/bsm/audit.h,v 1.2 2006/02/01 19:54:22 rwatson Exp $ + * $P4: //depot/projects/trustedbsd/base/sys/bsm/audit.h#3 $ + * $FreeBSD: src/sys/bsm/audit.h,v 1.3 2006/03/04 16:54:21 rwatson Exp $ */ #ifndef _BSM_AUDIT_H @@ -258,25 +258,11 @@ }; typedef struct auditpinfo_addr auditpinfo_addr_t; -/* Token and record structures. */ - -struct au_token { - u_char *t_data; - size_t len; - TAILQ_ENTRY(au_token) tokens; -}; +/* + * Contents of token_t are opaque outside of libbsm. + */ typedef struct au_token token_t; -struct au_record { - char used; /* Record currently in use? */ - int desc; /* Descriptor for record. */ - TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ - u_char *data; - size_t len; - LIST_ENTRY(au_record) au_rec_q; -}; -typedef struct au_record au_record_t; - /* * Kernel audit queue control parameters. */ @@ -328,6 +314,9 @@ }; typedef struct au_evclass_map au_evclass_map_t; +/* + * Audit system calls. + */ #if !defined(_KERNEL) && !defined(KERNEL) int audit(const void *, int); int auditon(int, void *, int); ==== //depot/projects/trustedbsd/base/sys/bsm/audit_internal.h#2 (text) ==== @@ -34,12 +34,16 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#5 $ - * $FreeBSD: src/sys/bsm/audit_internal.h,v 1.1 2006/02/01 19:54:22 rwatson Exp $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#7 $ + * $FreeBSD: src/sys/bsm/audit_internal.h,v 1.2 2006/03/04 16:54:21 rwatson Exp $ */ -#ifndef _LIBBSM_INTERNAL_H -#define _LIBBSM_INTERNAL_H +#ifndef _AUDIT_INTERNAL_H +#define _AUDIT_INTERNAL_H + +#if defined(__linux__) && !defined(__unused) +#define __unused +#endif /* * audit_internal.h contains private interfaces that are shared by user space @@ -48,7 +52,23 @@ * broken with future releases of OpenBSM, which may delete, modify, or * otherwise break these interfaces or the assumptions they rely on. */ +struct au_token { + u_char *t_data; + size_t len; + TAILQ_ENTRY(au_token) tokens; +}; +struct au_record { + char used; /* Record currently in use? */ + int desc; /* Descriptor for record. */ + TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ + u_char *data; + size_t len; + LIST_ENTRY(au_record) au_rec_q; +}; +typedef struct au_record au_record_t; + + /* We could determined the header and trailer sizes by * defining appropriate structures. We hold off that approach * till we have a consistant way of using structures for all tokens. @@ -97,4 +117,4 @@ #define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size) -#endif /* !_LIBBSM_INTERNAL_H_ */ +#endif /* !_AUDIT_INTERNAL_H_ */ ==== //depot/projects/trustedbsd/base/sys/dev/mpt/mpt.c#13 (text+ko) ==== @@ -92,7 +92,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/dev/mpt/mpt.c,v 1.18 2006/02/28 07:44:50 mjacob Exp $"); +__FBSDID("$FreeBSD: src/sys/dev/mpt/mpt.c,v 1.19 2006/03/04 21:46:34 mjacob Exp $"); #include <dev/mpt/mpt.h> #include <dev/mpt/mpt_cam.h> /* XXX For static handler registration */ @@ -502,12 +502,12 @@ handled += pers->event(mpt, req, msg); if (handled == 0 && mpt->mpt_pers_mask == 0) { - mpt_lprt(mpt, MPT_PRT_WARN, + mpt_lprt(mpt, MPT_PRT_INFO, "No Handlers For Any Event Notify Frames. " "Event %#x (ACK %sequired).\n", msg->Event, msg->AckRequired? "r" : "not r"); } else if (handled == 0) { - mpt_prt(mpt, + mpt_lprt(mpt, MPT_PRT_WARN, "Unhandled Event Notify Frame. Event %#x " "(ACK %sequired).\n", msg->Event, msg->AckRequired? "r" : "not r"); ==== //depot/projects/trustedbsd/base/sys/geom/label/g_label_ufs.c#7 (text+ko) ==== @@ -26,7 +26,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/geom/label/g_label_ufs.c,v 1.9 2006/02/18 10:59:47 pjd Exp $"); +__FBSDID("$FreeBSD: src/sys/geom/label/g_label_ufs.c,v 1.10 2006/03/04 19:41:54 pjd Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -78,8 +78,13 @@ if (fs == NULL) continue; /* Check for magic and make sure things are the right size */ - if (fs->fs_magic != FS_UFS1_MAGIC && - fs->fs_magic != FS_UFS2_MAGIC) { + if (fs->fs_magic == FS_UFS1_MAGIC && + fs->fs_old_size * fs->fs_fsize == (int32_t)pp->mediasize) { + /* Valid UFS1. */ + } else if (fs->fs_magic == FS_UFS2_MAGIC && fs->fs_fsize > 0 && + pp->mediasize / fs->fs_fsize == fs->fs_size) { + /* Valid UFS2. */ + } else { g_free(fs); >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603042254.k24MsPFi091573>