PERFORCE change 118221 for review
Robert Watson
rwatson at FreeBSD.org
Mon Apr 16 09:42:05 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=118221
Change 118221 by rwatson at rwatson_cinnamon on 2007/04/16 09:41:52
Integrate new OpenBSM parts from contrib/openbsm to sys; adapt some
new token construction functions for the kernel environment.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#32 integrate
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#24 integrate
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#31 integrate
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#32 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#31 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#32 $
* $FreeBSD: src/sys/bsm/audit_kevents.h,v 1.9 2006/09/25 12:22:07 rwatson Exp $
*/
@@ -475,6 +475,28 @@
#define AUE_READDIR 43118 /* Linux. */
#define AUE_IOPL 43119 /* Linux. */
#define AUE_VM86 43120 /* Linux. */
+#define AUE_MAC_GET_PROC 43121 /* FreeBSD. */
+#define AUE_MAC_SET_PROC 43122 /* FreeBSD. */
+#define AUE_MAC_GET_FD 43123 /* FreeBSD. */
+#define AUE_MAC_GET_FILE 43124 /* FreeBSD. */
+#define AUE_MAC_SET_FD 43125 /* FreeBSD. */
+#define AUE_MAC_SET_FILE 43126 /* FreeBSD. */
+#define AUE_MAC_SYSCALL 43127 /* FreeBSD. */
+#define AUE_MAC_GET_PID 43128 /* FreeBSD. */
+#define AUE_MAC_GET_LINK 43129 /* FreeBSD. */
+#define AUE_MAC_SET_LINK 43130 /* FreeBSD. */
+#define AUE_MAC_EXECVE 43131 /* FreeBSD. */
+#define AUE_GETPATH_FROMFD 43132 /* FreeBSD. */
+#define AUE_GETPATH_FROMADDR 43133 /* FreeBSD. */
+#define AUE_MQ_OPEN 43134 /* FreeBSD. */
+#define AUE_MQ_SETATTR 43135 /* FreeBSD. */
+#define AUE_MQ_TIMEDRECEIVE 43136 /* FreeBSD. */
+#define AUE_MQ_TIMEDSEND 43137 /* FreeBSD. */
+#define AUE_MQ_NOTIFY 43138 /* FreeBSD. */
+#define AUE_MQ_UNLINK 43139 /* FreeBSD. */
+#define AUE_LISTEN 43140 /* FreeBSD/Darwin/Linux. */
+#define AUE_MLOCKALL 43141 /* FreeBSD. */
+#define AUE_MUNLOCKALL 43142 /* FreeBSD. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -572,16 +594,13 @@
#define AUE_GETSOCKOPT AUE_NULL
#define AUE_GTSOCKOPT AUE_GETSOCKOPT /* XXX: Typo in Darwin. */
#define AUE_ISSETUGID AUE_NULL
-#define AUE_LISTEN AUE_NULL
#define AUE_LSTATV AUE_NULL
#define AUE_MADVISE AUE_NULL
#define AUE_MINCORE AUE_NULL
#define AUE_MKCOMPLEX AUE_NULL
-#define AUE_MLOCKALL AUE_NULL
#define AUE_MODWATCH AUE_NULL
#define AUE_MSGCL AUE_NULL
#define AUE_MSYNC AUE_NULL
-#define AUE_MUNLOCKALL AUE_NULL
#define AUE_PREAD AUE_NULL
#define AUE_PWRITE AUE_NULL
#define AUE_PREADV AUE_NULL
==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#24 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#23 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#24 $
* $FreeBSD: src/sys/bsm/audit_record.h,v 1.6 2006/09/21 07:27:02 rwatson Exp $
*/
@@ -86,6 +86,7 @@
/* XXXRW: Additional X11 tokens not defined? */
#define AUT_CMD 0x51
#define AUT_EXIT 0x52
+#define AUT_ZONENAME 0x60
/* XXXRW: OpenBSM AUT_HOST 0x70? */
#define AUT_ARG64 0x71
#define AUT_RETURN64 0x72
@@ -247,6 +248,8 @@
token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
struct timeval tm);
+token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+ struct timeval tm);
#if !defined(KERNEL) && !defined(_KERNEL)
token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
@@ -329,6 +332,7 @@
token_t *au_to_text(char *text);
token_t *au_to_kevent(struct kevent *kev);
token_t *au_to_trailer(int rec_size);
+token_t *au_to_zonename(char *zonename);
__END_DECLS
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#31 (text+ko) ====
@@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#30 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#31 $
* $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.9 2006/12/28 22:18:43 rwatson Exp $
*/
@@ -179,8 +179,44 @@
token_t *
au_to_attr64(struct vnode_au_info *vni)
{
+ token_t *t;
+ u_char *dptr = NULL;
+ u_int16_t pad0_16 = 0;
+ u_int16_t pad0_32 = 0;
+
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) +
+ 3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2);
+
+ ADD_U_CHAR(dptr, AUT_ATTR64);
+
+ /*
+ * Darwin defines the size for the file mode
+ * as 2 bytes; BSM defines 4 so pad with 0
+ */
+ ADD_U_INT16(dptr, pad0_16);
+ ADD_U_INT16(dptr, vni->vn_mode);
+
+ ADD_U_INT32(dptr, vni->vn_uid);
+ ADD_U_INT32(dptr, vni->vn_gid);
+ ADD_U_INT32(dptr, vni->vn_fsid);
+
+ /*
+ * Some systems use 32-bit file ID's, other's use 64-bit file IDs.
+ * Attempt to handle both, and let the compiler sort it out. If we
+ * could pick this out at compile-time, it would be better, so as to
+ * avoid the else case below.
+ */
+ if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) {
+ ADD_U_INT32(dptr, pad0_32);
+ ADD_U_INT32(dptr, vni->vn_fileid);
+ } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t))
+ ADD_U_INT64(dptr, vni->vn_fileid);
+ else
+ ADD_U_INT64(dptr, 0LL);
+
+ ADD_U_INT64(dptr, vni->vn_dev);
- return (NULL);
+ return (t);
}
token_t *
@@ -269,7 +305,7 @@
au_to_groups(int *groups)
{
- return (au_to_newgroups(AUDIT_MAX_GROUPS, groups));
+ return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t*)groups));
}
/*
@@ -577,18 +613,32 @@
}
token_t *
-au_to_process64(__unused au_id_t auid, __unused uid_t euid,
- __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid,
- __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid)
+au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
+ pid_t pid, au_asid_t sid, au_tid_t *tid)
{
+ token_t *t;
+ u_char *dptr = NULL;
+
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) +
+ sizeof(u_int64_t));
+
+ ADD_U_CHAR(dptr, AUT_PROCESS64);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->port);
+ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
- return (NULL);
+ return (t);
}
token_t *
-au_to_process(__unused au_id_t auid, __unused uid_t euid,
- __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid,
- __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid)
+au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
+ pid_t pid, au_asid_t sid, au_tid_t *tid)
{
return (au_to_process32(auid, euid, egid, ruid, rgid, pid, sid,
@@ -635,10 +685,13 @@
ADD_U_INT32(dptr, sid);
ADD_U_INT32(dptr, tid->at_port);
ADD_U_INT32(dptr, tid->at_type);
- if (tid->at_type == AU_IPv6)
- ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t));
- else
- ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t));
+ ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t));
+ if (tid->at_type == AU_IPv6) {
+ ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t));
+ ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t));
+ ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t));
+ }
+
return (t);
}
@@ -646,8 +699,40 @@
au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
{
+ token_t *t;
+ u_char *dptr = NULL;
+
+ if (tid->at_type == AU_IPv4)
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+ 7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+ 2 * sizeof(u_int32_t));
+ else if (tid->at_type == AU_IPv6)
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+ 7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+ 5 * sizeof(u_int32_t));
+ else {
+ errno = EINVAL;
+ return (NULL);
+ }
+
+ ADD_U_CHAR(dptr, AUT_PROCESS64_EX);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->at_port);
+ ADD_U_INT32(dptr, tid->at_type);
+ ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t));
+ if (tid->at_type == AU_IPv6) {
+ ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t));
+ ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t));
+ ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t));
+ }
- return (NULL);
+ return (t);
}
token_t *
@@ -917,8 +1002,24 @@
au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
pid_t pid, au_asid_t sid, au_tid_t *tid)
{
+ token_t *t;
+ u_char *dptr = NULL;
- return (NULL);
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) +
+ sizeof(u_int64_t) + sizeof(u_int32_t));
+
+ ADD_U_CHAR(dptr, AUT_SUBJECT64);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->port);
+ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
+
+ return (t);
}
token_t *
@@ -970,10 +1071,11 @@
ADD_U_INT32(dptr, sid);
ADD_U_INT32(dptr, tid->at_port);
ADD_U_INT32(dptr, tid->at_type);
- if (tid->at_type == AU_IPv6)
+ if (tid->at_type == AU_IPv6)
ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t));
- else
+ else
ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t));
+
return (t);
}
@@ -981,8 +1083,38 @@
au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
{
+ token_t *t;
+ u_char *dptr = NULL;
+
+ if (tid->at_type == AU_IPv4)
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+ 7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+ 2 * sizeof(u_int32_t));
+ else if (tid->at_type == AU_IPv6)
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+ 7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+ 5 * sizeof(u_int32_t));
+ else {
+ errno = EINVAL;
+ return (NULL);
+ }
+
+ ADD_U_CHAR(dptr, AUT_SUBJECT64_EX);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->at_port);
+ ADD_U_INT32(dptr, tid->at_type);
+ if (tid->at_type == AU_IPv6)
+ ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t));
+ else
+ ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t));
- return (NULL);
+ return (t);
}
token_t *
@@ -1101,6 +1233,27 @@
}
/*
+ * token ID 1 byte
+ * zonename length 2 bytes
+ * zonename N bytes + 1 terminating NULL byte
+ */
+token_t *
+au_to_zonename(char *zonename)
+{
+ u_char *dptr = NULL;
+ u_int16_t textlen;
+ token_t *t;
+
+ textlen = strlen(zonename);
+ textlen += 1;
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
+ ADD_U_CHAR(dptr, AUT_ZONENAME);
+ ADD_U_INT16(dptr, textlen);
+ ADD_STRING(dptr, zonename, textlen);
+ return (t);
+}
+
+/*
* token ID 1 byte
* count 4 bytes
* text count null-terminated strings
@@ -1174,6 +1327,31 @@
return (t);
}
+token_t *
+au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+ struct timeval tm)
+{
+ token_t *t;
+ u_char *dptr = NULL;
+ u_int32_t timems;
+
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
+ sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t));
+
+ ADD_U_CHAR(dptr, AUT_HEADER64);
+ ADD_U_INT32(dptr, rec_size);
+ ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM);
+ ADD_U_INT16(dptr, e_type);
+ ADD_U_INT16(dptr, e_mod);
+
+ timems = tm.tv_usec/1000;
+ /* Add the timestamp */
+ ADD_U_INT64(dptr, tm.tv_sec);
+ ADD_U_INT64(dptr, timems); /* We need time in ms. */
+
+ return (t);
+}
+
/*
* token ID 1 byte
* trailer magic number 2 bytes
More information about the p4-projects
mailing list