PERFORCE change 138411 for review
Aaron Meihm
alm at FreeBSD.org
Mon Mar 24 05:15:04 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=138411
Change 138411 by alm at alm_praetorian on 2008/03/24 05:14:11
Submit modified netauditd code in preparation for new worker thread
model.
Affected files ...
.. //depot/projects/trustedbsd/netauditd/Makefile#5 edit
.. //depot/projects/trustedbsd/netauditd/README#3 edit
.. //depot/projects/trustedbsd/netauditd/component.c#7 delete
.. //depot/projects/trustedbsd/netauditd/conf.c#7 edit
.. //depot/projects/trustedbsd/netauditd/conf.h#1 add
.. //depot/projects/trustedbsd/netauditd/crypto.c#6 delete
.. //depot/projects/trustedbsd/netauditd/crypto.h#2 delete
.. //depot/projects/trustedbsd/netauditd/grammar.y#1 add
.. //depot/projects/trustedbsd/netauditd/netauditd.c#16 edit
.. //depot/projects/trustedbsd/netauditd/netauditd.conf#5 edit
.. //depot/projects/trustedbsd/netauditd/netauditd.h#11 edit
.. //depot/projects/trustedbsd/netauditd/token.l#1 add
Differences ...
==== //depot/projects/trustedbsd/netauditd/Makefile#5 (text+ko) ====
@@ -1,10 +1,23 @@
-PROG= netauditd
-SRCS= netauditd.c component.c conf.c crypto.c
-NO_MAN=
+CC = gcc
+CFLAGS = -Wall -g
+TARGETS = netauditd
+OBJ = conf.o lex.yy.o netauditd.o y.tab.o
+
+all: $(TARGETS)
+
+.c.o:
+ $(CC) $(CFLAGS) -c $<
+
+clean:
+ rm -f $(TARGETS) *.o *.core ktrace.out lex.yy.c y.tab.* y.output
-DPADD= ${LIBSSL}
-LDADD= -lssl
+lex.yy.o: y.tab.o token.l
+ lex token.l
+ $(CC) $(CFLAGS) -c lex.yy.c
-CFLAGS+= -Wall -ggdb
+netauditd: $(OBJ)
+ $(CC) $(CFLAGS) -o $@ $(OBJ)
-.include <bsd.prog.mk>
+y.tab.o: grammar.y
+ yacc -vd grammar.y
+ $(CC) $(CFLAGS) -c y.tab.c
==== //depot/projects/trustedbsd/netauditd/README#3 (text+ko) ====
@@ -1,21 +1,0 @@
-Netauditd v1.0.0a
-
- Introduction
-
-Netauditd is a daemon which given one or more audit inputs, will write the
-records to one or more outputs. Currently, inputs may include audit pipes
-or network sockets. Outputs may include a file or audit trail, or a remote
-host running netauditd.
-
- Sample Configuration
-
-A basic configuration example may be as follows:
-
-src src0 pipe /dev/auditpipe
-dst dst0 trail /tmp/src0/trail src0
-dst dst1 net 127.0.0.1 9999 src0
-
-This defines an audit input source "src0" which references an audit pipe.
-Two output sources have been defined for "src0", a trail and a remote
-host. It should be noted that a single "dst" can reference multiple
-sources.
==== //depot/projects/trustedbsd/netauditd/conf.c#7 (text+ko) ====
@@ -23,242 +23,98 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-#include <sys/types.h>
#include <sys/queue.h>
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-
-#include <openssl/ssl.h>
#include <stdio.h>
#include <stdlib.h>
+#include <stdarg.h>
#include <string.h>
#include <unistd.h>
-#include <stdarg.h>
#include <err.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <netdb.h>
-#include <signal.h>
-#include <bsm/libbsm.h>
-
-#include "crypto.h"
+#include "conf.h"
#include "netauditd.h"
-#define SYNTAX_ERROR(x, y) { (void) fprintf(stderr, \
- "netauditd: Syntax error: %s:%d\n", \
- x, y); \
- exit(1); }
+char *conf_path;
+int lineno = 1;
-static const struct conf_ent {
- char *c_cmd;
- char *c_arg1;
- char *c_arg2;
- int c_min_args;
- int (*c_func)(args_t *);
-} conftab[] = {
- { "src", NULL, "pipe", 4, conf_parse_src_pipe },
- { "src", NULL, "net", 5, conf_parse_net },
- { "dst", NULL, "trail", 5, conf_parse_dst_trail },
- { "dst", NULL, "net", 6, conf_parse_net },
- { "crypto", "keyfile", NULL, 3, conf_parse_keyfile },
- { "crypto", "dsaparam", NULL, 3, conf_parse_keyfile },
- { "crypto", "cacert", NULL, 3, conf_parse_keyfile },
- { NULL, NULL, NULL, 0, NULL }
-};
+extern char *yytext;
+extern FILE *yyin;
+extern int yyparse(void);
-int
-conf_parse_keyfile(args_t *a)
+void
+conf_error(char *fmt, ...)
{
+ char buf[1024];
+ va_list ap;
- if (strcmp(a->args[1], "keyfile") == 0)
- crypto_keyfile = a->args[2];
- if (strcmp(a->args[1], "dsaparam") == 0)
- crypto_dsaparam = a->args[2];
- if (strcmp(a->args[1], "cacert") == 0)
- crypto_cacert = a->args[2];
- crypto_enabled = 1;
- return (0);
+ va_start(ap, fmt);
+ (void) vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+ (void) fprintf(stderr, "netauditd: %s:%d: %s\n", conf_path, lineno,
+ buf);
+ exit(2);
}
-int
-conf_parse_net(args_t *a)
+struct au_cmpnt *
+conf_get_src(char *name)
{
- struct addrinfo hints;
- struct au_cmpnt *new;
- char *host, *svc;
- int is_src = 0;
+ struct au_cmpnt *ret;
- if (strcmp(a->args[0], "src") == 0)
- is_src = 1;
- else if (strcmp(a->args[0], "dst") != 0)
- return (-1);
- host = a->args[3];
- svc = a->args[4];
- if ((new = component_init(is_src, a->args[2], a->args[1])) == NULL)
- exit(2);
- (void) memset(&hints, 0, sizeof(hints));
- hints.ai_family = PF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
- if (is_src) {
- hints.ai_flags = AI_PASSIVE;
- new->ac_type = NETAUDIT_SRC_NET;
+ TAILQ_FOREACH(ret, &ac_list_src, ac_glue) {
+ if (strcmp(ret->ac_name, name) == 0)
+ return (ret);
}
- else
- new->ac_type = NETAUDIT_DST_NET;
- if (getaddrinfo(host, svc, &hints, &new->ac_ainfo) != 0) {
- component_destroy(new);
- return (-1);
- }
- if (is_src)
- TAILQ_INSERT_TAIL(&au_srclist, new, ac_glue);
- else {
- if (conf_link_consumers(new, a, 5) == -1) {
- component_destroy(new);
- return (-1);
- }
- TAILQ_INSERT_TAIL(&au_dstlist, new, ac_glue);
- }
- return (0);
+ return (NULL);
}
-int
-conf_link_consumers(struct au_cmpnt *ac, args_t *a, int start)
+struct au_cmpnt *
+conf_get_dst(char *name)
{
- struct au_cmpnt *ptr;
- int i;
+ struct au_cmpnt *ret;
- for (i = start; i < a->args_n; i++) {
- if ((ptr = component_get_src(a->args[i])) == NULL)
- return (-1);
- dprintf("%s <- %s\n", ac->ac_name, ptr->ac_name);
- if (ptr->ac_consumers == NULL) {
- ptr->ac_consumers = malloc(sizeof(struct au_cmpnt *));
- ptr->ac_nconsumers = 1;
- }
- else {
- ptr->ac_nconsumers++;
- ptr->ac_consumers = realloc(ptr->ac_consumers,
- sizeof(struct au_cmpnt *) * ptr->ac_nconsumers);
- }
- ptr->ac_consumers[ptr->ac_nconsumers - 1] = ac;
+ TAILQ_FOREACH(ret, &ac_list_dst, ac_glue) {
+ if (strcmp(ret->ac_name, name) == 0)
+ return (ret);
}
- return (0);
+ return (NULL);
}
-int
-conf_parse_src_pipe(args_t *a)
+void
+conf_link(struct au_cmpnt *src, struct au_cmpnt *dst)
{
- struct au_cmpnt *new;
-
- if ((new = component_init(1, a->args[2], a->args[1])) == NULL)
- exit(2);
- if ((new->ac_path = strdup(a->args[3])) == NULL)
- exit(2);
- TAILQ_INSERT_TAIL(&au_srclist, new, ac_glue);
- return (0);
-}
-
-int
-conf_parse_dst_trail(args_t *a)
-{
- struct au_cmpnt *new;
-
- if ((new = component_init(0, a->args[2], a->args[1])) == NULL)
- exit(2);
- if ((new->ac_path = strdup(a->args[3])) == NULL)
- exit(2);
- if (conf_link_consumers(new, a, 4) == -1) {
- component_destroy(new);
- return (-1);
- }
- TAILQ_INSERT_TAIL(&au_dstlist, new, ac_glue);
- return (0);
-}
-
-args_t *
-conf_parse_args(char *buf)
-{
- args_t *ret;
- char *s0, *ptr;
-
- ret = malloc(sizeof(args_t));
- if (ret == NULL)
- exit(2);
- (void) memset(ret, 0, sizeof(args_t));
- for (s0 = buf; (ptr = strsep(&s0, " ")) != NULL;) {
- ret->args[ret->args_n] = strdup(ptr);
- if (ret->args[ret->args_n] == NULL)
- exit(2);
- ret->args_n++;
- if (ret->args_n == MAX_ARGUMENTS)
- break;
- }
- return (ret);
+ if ((src == NULL) || (dst == NULL))
+ conf_error("A component specified does not exist");
+ src->ac_ndsts++;
+ if (src->ac_dsts == NULL)
+ src->ac_dsts = malloc(sizeof(struct au_cmpnt *));
+ else
+ src->ac_dsts = realloc(src->ac_dsts,
+ sizeof(struct au_cmpnt *) * src->ac_ndsts);
+ src->ac_dsts[src->ac_ndsts - 1] = dst;
}
void
-conf_free_args(args_t *a)
+conf_load(char *path)
{
- int i;
+ FILE *f;
- for (i = 0; i < a->args_n; i++)
- free(a->args[i]);
- free(a);
+ f = fopen(conf_path, "r");
+ if (f == NULL)
+ err(2, "%s", conf_path);
+ yyin = f;
+ (void) yyparse();
+ (void) fclose(f);
}
void
-conf_parse(char *buf, int lc)
+yyerror(const char *str)
{
- const struct conf_ent *cptr;
- args_t *a;
- int i;
-
- if (buf == NULL)
- return;
- for (i = 0; i < strlen(buf); i++)
- if (buf[i] == '\n') {
- buf[i] = '\0';
- break;
- }
- if ((buf[0] == '#') || (buf[0] == '\0'))
- return;
- dprintf("%d: \"%s\"\n", lc, buf);
- a = conf_parse_args(buf);
- /* The minimum number of arguments for a command is 3. */
- if (a->args_n < 3)
- SYNTAX_ERROR(conf_path, lc)
- for (cptr = conftab; cptr->c_cmd != NULL; cptr++) {
- if ((strcmp(cptr->c_cmd, a->args[0]) == 0) &&
- (cptr->c_arg1 ? (strcmp(cptr->c_arg1, a->args[1]) == 0)
- : 1) &&
- (cptr->c_arg2 ? (strcmp(cptr->c_arg2, a->args[2]) == 0)
- : 1)) {
- if (a->args_n < cptr->c_min_args)
- SYNTAX_ERROR(conf_path, lc)
- if (cptr->c_func(a) == -1)
- SYNTAX_ERROR(conf_path, lc)
- break;
- }
- }
- if (cptr->c_cmd == NULL)
- SYNTAX_ERROR(conf_path, lc)
- conf_free_args(a);
+ conf_error("Syntax error near '%s'", yytext);
}
-void
-conf_load(char *path)
+int
+yywrap()
{
- char confbuf[1024];
- FILE *fp;
- int lc = 0;
-
- if ((fp = fopen(path, "r")) == NULL)
- err(1, "%s", path);
- while (fgets(confbuf, sizeof(confbuf), fp) != NULL)
- conf_parse(confbuf, ++lc);
- (void) fclose(fp);
+ return (1);
}
==== //depot/projects/trustedbsd/netauditd/netauditd.c#16 (text+ko) ====
@@ -24,527 +24,49 @@
* SUCH DAMAGE.
*/
#include <sys/types.h>
+#include <sys/socket.h>
#include <sys/queue.h>
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/ioctl.h>
-#include <sys/endian.h>
-
-#include <bsm/audit.h>
-#include <bsm/libbsm.h>
-#include <security/audit/audit_ioctl.h>
-#include <openssl/ssl.h>
-#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-#include <stdarg.h>
-#include <err.h>
-#include <errno.h>
-#include <fcntl.h>
#include <netdb.h>
-#include <signal.h>
-#include "crypto.h"
+#include "conf.h"
#include "netauditd.h"
-#define FLAG_DEBUG 1
-#define FLAG_FOREGROUND (1 << 1)
+ac_head_t ac_list_src;
+ac_head_t ac_list_dst;
-char *conf_path = "/usr/local/etc/netauditd.conf";
-int netaudit_flags;
+extern char *conf_path;
-void
-dprintf(char *fmt, ...)
-{
- char buf[2048];
- va_list ap;
-
- if (!(netaudit_flags & FLAG_DEBUG))
- return;
- va_start(ap, fmt);
- (void) vsnprintf(buf, sizeof(buf), fmt, ap);
- va_end(ap);
- (void) fprintf(stderr, "debug: %s", buf);
-}
-
int
main(int argc, char *argv[])
{
char ch;
- while ((ch = getopt(argc, argv, "Ddf:h")) != -1) {
+ conf_path = DEFAULT_CONF_PATH;
+ while ((ch = getopt(argc, argv, "f:h")) != -1) {
switch (ch) {
- case 'D':
- netaudit_flags |= FLAG_FOREGROUND;
- break;
- case 'd':
- netaudit_flags |= FLAG_DEBUG;
- break;
case 'f':
conf_path = optarg;
break;
+ default:
case 'h':
- default:
usage();
- /* NOT REACHED */
+ /* Not reached */
}
}
- dprintf("debugging enabled\n");
- TAILQ_INIT(&au_srclist);
- TAILQ_INIT(&au_dstlist);
+ TAILQ_INIT(&ac_list_src);
+ TAILQ_INIT(&ac_list_dst);
conf_load(conf_path);
- (void) signal(SIGPIPE, SIG_IGN);
- netaudit_run();
return (0);
}
void
-netaudit_build_rfds(fd_set *rfds)
+usage()
{
- struct au_srcbuffer *asb;
- struct au_cmpnt *au;
-
- TAILQ_FOREACH(au, &au_srclist, ac_glue) {
- if (au->ac_type == NETAUDIT_SRC_NET) {
- TAILQ_FOREACH(asb, &au->ac_sbufq, sb_glue)
- FD_SET(asb->sb_fd, rfds);
- }
- FD_SET(au->ac_fd, rfds);
- }
-}
-
-void
-netaudit_record_handler(fd_set *rfds)
-{
- struct au_srcbuffer *asb, *tmp;
- struct au_cmpnt *au;
-
- TAILQ_FOREACH(au, &au_srclist, ac_glue) {
- if (FD_ISSET(au->ac_fd, rfds)) {
- switch(au->ac_type) {
- case NETAUDIT_SRC_PIPE:
- netaudit_pipe_read(au);
- break;
- case NETAUDIT_SRC_NET:
- netaudit_socket_accept(au);
- break;
- default:
- exit(2);
- }
- }
- }
- TAILQ_FOREACH(au, &au_srclist, ac_glue) {
- if (au->ac_type != NETAUDIT_SRC_NET)
- continue;
- TAILQ_FOREACH_SAFE(asb, &au->ac_sbufq, sb_glue, tmp)
- if (FD_ISSET(asb->sb_fd, rfds))
- if (netaudit_socket_read(asb) == -1) {
- /* A read error occurred while reading
- * a record from a connected client.
- * We remove the client and continue.
- * This may occur after an sb_recbuf
- * object has been allocated. */
- (void) close(asb->sb_fd);
- TAILQ_REMOVE(&au->ac_sbufq, asb,
- sb_glue);
- free(asb->sb_sockaddr);
- if (asb->sb_recbuf != NULL) {
- free(asb->sb_recbuf->ar_rec);
- free(asb->sb_recbuf);
- }
- free(asb);
- }
- }
-}
-
-void
-netaudit_run(void)
-{
- fd_set rfds;
- struct timeval tv;
- struct au_cmpnt *au;
- int ret, fd;
-#ifdef AUDITPIPE_SET_BUFMODE
- int opt;
-#endif
-
- TAILQ_FOREACH(au, &au_srclist, ac_glue) {
- switch (au->ac_type) {
- case NETAUDIT_SRC_PIPE:
- au->ac_fd = open(au->ac_path, O_RDONLY);
- if (au->ac_fd == -1)
- err(1, "%s", au->ac_path);
-#ifdef AUDITPIPE_SET_BUFMODE
- opt = AUDITPIPE_BUFMODE_BUFFERED;
- if (ioctl(au->ac_fd, AUDITPIPE_SET_BUFMODE, &opt) < 0)
- err(1, "AUDITPIPE_SET_BUFMODE");
- /*
- * We should add support for low watermarks here.
- */
-#endif
- break;
- case NETAUDIT_SRC_NET:
- netaudit_socket_listen(au);
- break;
- default:
- exit(2);
- }
- }
- if (!(netaudit_flags & FLAG_FOREGROUND)) {
- ret = fork();
- if (ret == -1)
- err(1, "fork");
- if (ret != 0)
- exit(0);
- fd = open("/dev/null", O_RDWR);
- if (fd == -1)
- err(1, "/dev/null");
- (void) dup2(fd, STDIN_FILENO);
- (void) dup2(fd, STDOUT_FILENO);
- (void) dup2(fd, STDERR_FILENO);
- if (fd > 2)
- (void) close(fd);
- if (setsid() == -1)
- err(1, "setsid");
- }
- (void) memset(&tv, 0, sizeof(tv));
- tv.tv_sec = 1;
- for (;;) {
- FD_ZERO(&rfds);
- netaudit_build_rfds(&rfds);
- ret = select(FD_SETSIZE, &rfds, NULL, NULL, &tv);
- if (ret == -1) {
- if (errno != EINTR)
- exit(2);
- else
- continue;
- }
- else if (ret != 0)
- netaudit_record_handler(&rfds);
- netaudit_establish();
- netaudit_oq();
- }
-}
-
-int
-netaudit_connect(struct au_cmpnt *au)
-{
- int error;
-
- error = connect(au->ac_fd, au->ac_ainfo->ai_addr,
- au->ac_ainfo->ai_addrlen);
- if (error < 0)
- return (-1);
- if (crypto_enabled == 0)
- return (error);
- assert(au->ac_crypto_init == 0);
- (void) crypto_init_context(&au->ac_cct, CRTYPO_CTX_CLIENT);
- au->ac_ssl = SSL_new(au->ac_cct.c_ctx);
- au->ac_sbio = BIO_new_socket(au->ac_fd, BIO_NOCLOSE);
- SSL_set_bio(au->ac_ssl, au->ac_sbio, au->ac_sbio);
- error = SSL_connect(au->ac_ssl);
- /* XXX need to do better error checking here */
- au->ac_crypto_init = 1;
- return (error == 1 ? 0 : -1);
-}
-
-void
-netaudit_establish(void)
-{
- struct au_cmpnt *au;
-
- TAILQ_FOREACH(au, &au_dstlist, ac_glue) {
- if (au->ac_established)
- continue;
- dprintf("establish: %s\n", au->ac_name);
- switch (au->ac_type) {
- case NETAUDIT_DST_TRAIL:
- au->ac_fd = open(au->ac_path, O_WRONLY | O_APPEND | \
- O_CREAT, S_IRUSR | S_IWUSR);
- if (au->ac_fd == -1) {
- warn("%s", au->ac_path);
- continue;
- }
- au->ac_established = 1;
- break;
- case NETAUDIT_DST_NET:
- au->ac_fd = socket(au->ac_ainfo->ai_family,
- au->ac_ainfo->ai_socktype,
- au->ac_ainfo->ai_protocol);
- if (au->ac_fd == -1)
- continue;
- if (netaudit_connect(au) == -1) {
- warn("connect");
- close(au->ac_fd);
- continue;
- }
- au->ac_established = 1;
- break;
- default:
- exit(2);
- }
- }
-}
-
-int
-netaudit_write(struct au_cmpnt *au, u_char *buf, int len)
-{
- int error;
-
- if (crypto_enabled == 0)
- return (write(au->ac_fd, buf, len));
- assert(au->ac_ssl != NULL);
- error = SSL_write(au->ac_ssl, buf, len);
- /* XXX error checking */
- return (error);
-}
-
-void
-netaudit_oq(void)
-{
- struct au_cmpnt *au;
- struct au_queue_ent *q, *tmpr;
- struct au_recbuf *r;
- int ret, s;
-
- TAILQ_FOREACH(au, &au_dstlist, ac_glue) {
- if (!au->ac_established) {
- dprintf("consumer %s not established, skipping\n",
- au->ac_name);
- continue;
- }
- TAILQ_FOREACH_SAFE(q, &au->ac_oq, aq_glue, tmpr) {
- dprintf("consumer %s running output queue\n",
- au->ac_name);
- r = q->aq_ptr;
- s = r->ar_reclen - q->aq_remain;
- ret = netaudit_write(au, r->ar_rec + s, q->aq_remain);
- if (ret == -1) {
- if (errno == EAGAIN)
- break;
- else {
- /* Check if we submitted a partial
- * record. If so we reset aq_remain
- * and retransmit when the consumer
- * is reestablished. */
- if (q->aq_remain != r->ar_reclen)
- q->aq_remain = r->ar_reclen;
- (void) close(au->ac_fd);
- au->ac_established = 0;
- break;
- }
- }
- else if (ret == q->aq_remain) {
- dprintf("record %p submitted\n", r);
- TAILQ_REMOVE(&au->ac_oq, q, aq_glue);
- free(q);
- r->ar_refcount--;
- if (r->ar_refcount == 0) {
- free(r->ar_rec);
- free(r);
- }
- }
- else
- q->aq_remain -= ret;
- }
- }
-}
-
-void
-netaudit_queue_record(struct au_cmpnt *au, struct au_recbuf *rec)
-{
- struct au_queue_ent *new;
- int i;
-
- rec->ar_refcount = au->ac_nconsumers;
- for (i = 0; i < au->ac_nconsumers; i++) {
- new = malloc(sizeof(struct au_queue_ent));
- if (new == NULL)
- exit(2);
- (void) memset(new, 0, sizeof(struct au_queue_ent));
- new->aq_ptr = rec;
- new->aq_remain = rec->ar_reclen;
- TAILQ_INSERT_TAIL(&au->ac_consumers[i]->ac_oq, new, aq_glue);
- dprintf("queued %p: %s\n", rec, au->ac_consumers[i]->ac_name);
- }
-}
-
-void
-netaudit_pipe_read(struct au_cmpnt *au)
-{
- struct au_recbuf *new;
-
- if ((new = malloc(sizeof(struct au_recbuf))) == NULL)
- return;
- if ((new->ar_rec = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL) {
- free(new);
- return;
- }
- /*
- * XXXCSJP: It is possible that the audit record will be greater then
- * NETAUDIT_PIPE_BUFSIZE, in which case the pipe will truncate it.
- */
- new->ar_reclen = read(au->ac_fd, new->ar_rec, NETAUDIT_PIPE_BUFSIZE);
- if (new->ar_reclen == -1) {
- if ((errno != EAGAIN) && (errno != EINTR))
- exit(2);
- else
- return;
- }
- dprintf("au_cmpnt %p: read record %u bytes\n", au, new->ar_reclen);
- netaudit_queue_record(au, new);
-}
-
-void
-netaudit_socket_accept(struct au_cmpnt *au)
-{
- struct au_srcbuffer *new;
- int error;
-
- new = malloc(sizeof(struct au_srcbuffer));
- if (new == NULL)
- exit(2);
- (void) memset(new, 0, sizeof(struct au_srcbuffer));
- new->sb_socklen = au->ac_ainfo->ai_addrlen;
- if ((new->sb_sockaddr = malloc(new->sb_socklen)) == NULL)
- exit(2);
- new->sb_fd = accept(au->ac_fd, new->sb_sockaddr, &new->sb_socklen);
- if (new->sb_fd == -1) {
- if (errno == EWOULDBLOCK || errno == ECONNABORTED) {
- free(new->sb_sockaddr);
- free(new);
- return;
- }
- else
- exit(2);
- }
- new->sb_parent = au;
- if (crypto_enabled == 0) {
- TAILQ_INSERT_TAIL(&au->ac_sbufq, new, sb_glue);
- return;
- }
- if (au->ac_crypto_init == 0)
- (void) crypto_init_context(&au->ac_cct, CRYPTO_CTX_SERVER);
- au->ac_crypto_init = 1;
- new->sb_sbio = BIO_new_socket(new->sb_fd, BIO_NOCLOSE);
- new->sb_ssl = SSL_new(au->ac_cct.c_ctx);
- SSL_set_bio(new->sb_ssl, new->sb_sbio, new->sb_sbio);
- error = SSL_accept(new->sb_ssl);
- TAILQ_INSERT_TAIL(&au->ac_sbufq, new, sb_glue);
-}
-
-void
-netaudit_socket_listen(struct au_cmpnt *au)
-{
- struct addrinfo *addrptr;
- int flags;
-
- addrptr = au->ac_ainfo;
- au->ac_fd = socket(addrptr->ai_family, addrptr->ai_socktype,
- addrptr->ai_protocol);
- if (au->ac_fd == -1)
- err(1, "socket");
- if (bind(au->ac_fd, addrptr->ai_addr, addrptr->ai_addrlen) == -1)
- err(1, "bind");
- if (listen(au->ac_fd, 16) == -1)
- err(1, "listen");
- if ((flags = fcntl(au->ac_fd, F_GETFL)) == -1)
- err(1, "fcntl");
- flags |= O_NONBLOCK;
- if (fcntl(au->ac_fd, F_SETFL, flags) == -1)
- err(1, "fcntl");
-}
-
-int
-netaudit_socket_read(struct au_srcbuffer *asb)
-{
- u_char *bufptr, *recbufptr;
- int ret, left;
- u_int32_t hdr_remain, val, need;
-
- if (crypto_enabled == 0) {
- ret = read(asb->sb_fd, asb->sb_buf, sizeof(asb->sb_buf));
- if (ret == -1) {
- if (errno != EINTR)
- return (-1);
- else
- return (0);
- } else if (ret == 0)
- return (-1);
- } else {
- assert(asb->sb_ssl != NULL);
- ret = SSL_read(asb->sb_ssl, asb->sb_buf,
- sizeof(asb->sb_buf));
- if (ret < 0)
- return (-1);
- /* XXX handle I/O errors */
- }
- left = ret;
- bufptr = asb->sb_buf;
- while (left > 0) {
- if (asb->sb_recbuf == NULL) {
- hdr_remain = sizeof(asb->sb_header) -
- asb->sb_read;
- if (left >= hdr_remain) {
- (void) memcpy(asb->sb_header + asb->sb_read,
- bufptr, hdr_remain);
- asb->sb_read += hdr_remain;
- left -= hdr_remain;
- bufptr += hdr_remain;
- (void) memcpy(&val, asb->sb_header + 1,
- sizeof(val));
- asb->sb_recbuf =
- malloc(sizeof(struct au_recbuf));
- if (asb->sb_recbuf == NULL)
- exit(2);
- asb->sb_recbuf->ar_reclen = be32toh(val);
- dprintf("audit header: rec %u bytes\n",
- asb->sb_recbuf->ar_reclen);
- asb->sb_recbuf->ar_rec = \
- malloc(asb->sb_recbuf->ar_reclen);
- if (asb->sb_recbuf->ar_rec == NULL)
- exit(2);
- (void) memcpy(asb->sb_recbuf->ar_rec,
- asb->sb_header, sizeof(asb->sb_header));
- continue;
- }
- else {
- dprintf("read partial header\n");
- (void) memcpy(asb->sb_header + asb->sb_read,
- bufptr, left);
- asb->sb_read += left;
- return (0);
- }
- }
- need = asb->sb_recbuf->ar_reclen - asb->sb_read;
- recbufptr = asb->sb_recbuf->ar_rec + asb->sb_read;
- dprintf("still need %u bytes\n", need);
- if (left < need) {
- (void) memcpy(recbufptr, bufptr, left);
- asb->sb_read += left;
- return (0);
- }
- else {
- (void) memcpy(recbufptr, bufptr, need);
- left -= need;
- bufptr += need;
- netaudit_queue_record(asb->sb_parent, asb->sb_recbuf);
- asb->sb_recbuf = NULL;
- asb->sb_read = 0;
- }
- }
- return (0);
-}
-
-void
-usage(void)
-{
-
- (void) fputs("usage: netauditd [-Ddh] [-f path]\n", stderr);
+ (void) fputs("usage: netauditd [-h] [-f path]\n", stderr);
exit(1);
}
==== //depot/projects/trustedbsd/netauditd/netauditd.conf#5 (text+ko) ====
@@ -1,14 +1,7 @@
-# netauditd configuration file
+src: p source_pipe /dev/auditpipe
+src: n source_net 0.0.0.0 6655
+dst: n dst_net 127.0.0.1 6655
+dst: t dst_trail /tmp/trail
-#
-# For the use of SSL un-comment and define the following variables:
-#
-# crypto keyfile server.pem
-# crypto cacert cacert.pem
-# crypto dsaparam dsaparam.pem
-
-src src0 pipe /dev/auditpipe
-src src1 net 0.0.0.0 9999
-
-dst dst0 trail /tmp/src0/trail src1
-dst dst1 net 127.0.0.1 9999 src0
+map: source_pipe dst_net
+map: source_net dst_trail
==== //depot/projects/trustedbsd/netauditd/netauditd.h#11 (text+ko) ====
@@ -24,112 +24,27 @@
* SUCH DAMAGE.
*/
-#define MAX_ARGUMENTS 256
+#define DEFAULT_CONF_PATH "/usr/local/etc/netauditd.conf"
-#define NETAUDIT_PIPE_BUFSIZE 1024
-
-#define NETAUDIT_SRC_PIPE 1
-#define NETAUDIT_SRC_NET 2
-#define NETAUDIT_DST_TRAIL 1
-#define NETAUDIT_DST_NET 2
-
-struct au_recbuf {
- void *ar_rec;
- u_int32_t ar_reclen;
- int ar_refcount;
-};
-
-struct au_queue_ent {
- struct au_recbuf *aq_ptr;
- u_int32_t aq_remain;
- TAILQ_ENTRY(au_queue_ent) aq_glue;
+enum {
+ COMPONENT_PIPE,
+ COMPONENT_NET,
+ COMPONENT_TRAIL
};
-/*
- * This object exists for accepted connections. For each new file descriptor
- * returned by accept(2), a au_srcbuffer will be allocated and initialized to
- * track I/O for each connected remote peer.
- */
-struct au_srcbuffer {
- struct au_cmpnt *sb_parent;
- struct sockaddr *sb_sockaddr;
- socklen_t sb_socklen;
- int sb_fd;
- struct au_recbuf *sb_recbuf;
- u_int32_t sb_read;
- u_char sb_buf[2048];
- u_char sb_header[5];
- TAILQ_ENTRY(au_srcbuffer) sb_glue;
- BIO *sb_sbio;
- SSL *sb_ssl;
-};
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list