PERFORCE change 158240 for review
Stacey Son
sson at FreeBSD.org
Tue Feb 24 19:42:35 PST 2009
http://perforce.freebsd.org/chv.cgi?CH=158240
Change 158240 by sson at sson_amd64 on 2009/02/25 03:42:19
Change auditon(2) parameters and data structures to be 32/64-bit
architecture independent. Add more information to man page about
auditon(2) parameters.
Affected files ...
.. //depot/projects/trustedbsd/openbsm/NEWS#33 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#44 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#4 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#3 edit
.. //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#8 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#16 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#29 edit
.. //depot/projects/trustedbsd/openbsm/man/auditon.2#16 edit
.. //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#6 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/NEWS#33 (text+ko) ====
@@ -1,5 +1,10 @@
OpenBSM Version History
+OpenBSM 1.1 beta 2
+
+- Change auditon(2) parameters and data structures to be 32/64-bit architecture
+ independent. Add more information to man page about auditon(2) parameters.
+
OpenBSM 1.1 beta 1
- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
@@ -431,4 +436,4 @@
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
-$P4: //depot/projects/trustedbsd/openbsm/NEWS#32 $
+$P4: //depot/projects/trustedbsd/openbsm/NEWS#33 $
==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#44 (text+ko) ====
@@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#43 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#44 $
*/
#include <sys/types.h>
@@ -347,7 +347,7 @@
int err_ret = 0;
char TS[TIMESTAMP_LEN];
int err;
- long cond;
+ int cond;
time_t tt;
err = auditd_gen_record(AUE_audit_shutdown, NULL);
==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#4 (text+ko) ====
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2004-2008 Apple Inc.
+ * Copyright (c) 2004-2009 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#3 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#4 $
*/
#include <sys/types.h>
@@ -178,9 +178,9 @@
static void
init_audit_state(void)
{
- long au_cond;
+ int au_cond;
- if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+ if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {
if (errno != ENOSYS) {
auditd_log_err("Audit status check failed (%s)",
strerror(errno));
==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#3 (text+ko) ====
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2004-2008 Apple Inc.
+ * Copyright (c) 2004-2009 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#2 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#3 $
*/
#include <sys/types.h>
@@ -133,9 +133,9 @@
static void
init_audit_state(void)
{
- long au_cond;
+ int au_cond;
- if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+ if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {
if (errno != ENOSYS) {
auditd_log_err("Audit status check failed (%s)",
strerror(errno));
==== //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#8 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#7 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#8 $
*/
#include <sys/param.h>
@@ -687,8 +687,7 @@
while ((evp = getauevent_r(evp)) != NULL) {
evc_map.ec_number = evp->ae_number;
evc_map.ec_class = evp->ae_class;
- if (auditon(A_SETCLASS, &evc_map, sizeof(au_evclass_map_t))
- == 0)
+ if (auditon(A_SETCLASS, &evc_map, sizeof(evc_map)) == 0)
ctr++;
}
endauevent();
@@ -714,7 +713,7 @@
(getauditflagsbin(naeventstr, &aumask) != 0))
return (ADE_PARSE);
- if (auditon(A_SETKMASK, &aumask, sizeof(au_mask_t)))
+ if (auditon(A_SETKMASK, &aumask, sizeof(aumask)))
return (ADE_AUDITON);
return (ADE_NOERR);
@@ -732,7 +731,7 @@
int
auditd_set_policy(void)
{
- long policy;
+ int policy;
char polstr[POL_STR_SIZE];
if ((getacpol(polstr, POL_STR_SIZE) != 0) ||
@@ -1124,7 +1123,7 @@
audit_quick_stop(void)
{
int len;
- long cond;
+ int cond;
char *ptr;
time_t tt;
char oldname[MAXPATHLEN];
==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#16 (text+ko) ====
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2004 Apple Inc.
+ * Copyright (c) 2004-2009 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#15 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#16 $
*/
/*
@@ -60,7 +60,7 @@
static int token = 0;
#endif /* AUDIT_NOTIFICATION_ENABLED */
-static long au_cond = AUC_UNSET; /* <bsm/audit.h> */
+static int au_cond = AUC_UNSET; /* <bsm/audit.h> */
uint32_t
au_notify_initialize(void)
@@ -77,7 +77,7 @@
return (status);
#endif
- if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+ if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {
syslog(LOG_ERR, "Initial audit status check failed (%s)",
strerror(errno));
if (errno == ENOSYS) /* auditon() unimplemented. */
@@ -137,7 +137,7 @@
return (au_cond);
#endif
- if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+ if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {
/* XXX Reset au_cond to AUC_UNSET? */
syslog(LOG_ERR, "Audit status check failed (%s)",
strerror(errno));
@@ -165,16 +165,16 @@
#ifdef __APPLE__
return (!(au_get_state() == AUC_AUDITING));
#else
- long au_cond;
+ int cond;
- if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+ if (auditon(A_GETCOND, &cond, sizeof(cond)) < 0) {
if (errno != ENOSYS) {
syslog(LOG_ERR, "Audit status check failed (%s)",
strerror(errno));
}
return (1);
}
- if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED)
+ if (cond == AUC_NOAUDIT || cond == AUC_DISABLED)
return (1);
return (0);
#endif /* !__APPLE__ */
==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#29 (text+ko) ====
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2004 Apple Inc.
+ * Copyright (c) 2004-2009 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#28 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#29 $
*/
#ifdef __APPLE__
@@ -63,7 +63,7 @@
{
char text[MAX_AUDITSTRING_LEN];
token_t *token;
- long acond;
+ int acond;
va_list ap;
pid_t pid;
int error, afd, subj_ex;
==== //depot/projects/trustedbsd/openbsm/man/auditon.2#16 (text+ko) ====
@@ -26,9 +26,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#15 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#16 $
.\"
-.Dd July 10, 2008
+.Dd January 29, 2009
.Dt AUDITON 2
.Os
.Sh NAME
@@ -63,7 +63,7 @@
.Fa data
argument
must point to a
-.Vt long
+.Vt int
value set to one or more the following audit
policy control values bitwise OR'ed together:
.Dv AUDIT_CNT ,
@@ -93,9 +93,16 @@
system call will be audited. The default policy is none of the audit policy
control flags set.
.It Dv A_SETKAUDIT
-Return
-.Er ENOSYS .
-(Not implemented.)
+Set the host information.
+The
+.Fa data
+argument
+must point to a
+.Vt auditinfo_addr_t
+structure containing the host IP address information.
+After setting, audit records
+that are created as a result of kernel events will contain
+this information.
.It Dv A_SETKMASK
Set the kernel preselection masks (success and failure).
The
@@ -156,6 +163,15 @@
minimum amount, the kernel informs the audit daemon about low disk space.
The value is to be specified in percent of free file system blocks.
A value of 0 results in a disabling of the check.
+The default and maximum values (default/maximum) for the
+audit queue control parameters are:
+.Pp
+.Bl -column aq_hiwater -offset indent -compact
+.It aq_hiwater Ta 100/10000 (audit records)
+.It aq_lowater Ta 10/aq_hiwater (audit records)
+.It aq_bufsz Ta 32767/1048576 (bytes)
+.It aq_delay Ta (Not currently used.)
+.El
.It Dv A_SETSTAT
Return
.Er ENOSYS .
@@ -174,7 +190,7 @@
.Fa data
argument
must point to a
-.Vt long
+.Vt int
value containing the new
audit condition, one of
.Dv AUC_AUDITING ,
@@ -235,10 +251,6 @@
field set to the maximum audit log file size.
A value of 0
indicates no limit to the size.
-.It Dv A_SETKAUDIT
-Return
-.Er ENOSYS .
-(Not implemented.)
.It Dv A_GETCLASS
Return the event to class mapping for the designated audit event.
The
@@ -250,9 +262,13 @@
.Dv A_SETCLASS
section above for more information.
.It Dv A_GETKAUDIT
-Return
-.Er ENOSYS .
-(Not implemented.)
+Get the current host information.
+The
+.Fa data
+argument
+must point to a
+.Vt auditinfo_addr_t
+structure.
.It Dv A_GETPINFO
Return the audit settings for a process.
The
@@ -302,6 +318,22 @@
above and
.Xr getaudit 2
for more information.
+.It Dv A_GETSINFO_ADDR
+Return the extended audit settings for a session.
+The
+.Fa data
+argument
+must point to a
+.Vt auditinfo_addr_t
+structure.
+The audit session ID of the target session is passed
+into the kernel using the
+.Fa ai_asid
+field. See
+.Xr getaudit_addr 2
+for more information about the
+.Vt auditinfo_addr_t
+structure.
.It Dv A_GETKMASK
Return the current kernel preselection masks.
The
@@ -317,7 +349,7 @@
.Fa data
argument
must point to a
-.Vt long
+.Vt int
value which will be set to
one of the current audit policy flags.
The audit policy flags are
@@ -377,7 +409,7 @@
.Fa data
argument
must point to a
-.Vt long
+.Vt int
value which will be set to
the current audit condition, one of
.Dv AUC_AUDITING ,
@@ -393,7 +425,7 @@
.Fa data
argument
must point to a
-.Vt long
+.Vt int
value set to one of the acceptable
trigger values:
.Dv AUDIT_TRIGGER_LOW_SPACE
==== //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#6 (text+ko) ====
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2005 Apple Inc.
+ * Copyright (c) 2005-2009 Apple Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -26,21 +26,12 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#5 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#6 $
*/
-#ifndef _BSM_AUDIT_H
+#ifndef _BSM_AUDIT_H
#define _BSM_AUDIT_H
-#ifdef __APPLE__
-/* Temporary until rdar://problem/6133383 is resolved. */
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/cdefs.h>
-#include <sys/queue.h>
-#endif /* __APPLE__ */
-
#define AUDIT_RECORD_MAGIC 0x828a0f1b
#define MAX_AUDIT_RECORDS 20
#define MAXAUDITDATA (0x8000 - 1)
@@ -100,20 +91,20 @@
/*
* auditon(2) commands.
*/
-#define A_GETPOLICY 2
-#define A_SETPOLICY 3
+#define A_OLDGETPOLICY 2
+#define A_OLDSETPOLICY 3
#define A_GETKMASK 4
#define A_SETKMASK 5
-#define A_GETQCTRL 6
-#define A_SETQCTRL 7
+#define A_OLDGETQCTRL 6
+#define A_OLDSETQCTRL 7
#define A_GETCWD 8
#define A_GETCAR 9
#define A_GETSTAT 12
#define A_SETSTAT 13
#define A_SETUMASK 14
#define A_SETSMASK 15
-#define A_GETCOND 20
-#define A_SETCOND 21
+#define A_OLDGETCOND 20
+#define A_OLDSETCOND 21
#define A_GETCLASS 22
#define A_SETCLASS 23
#define A_GETPINFO 24
@@ -125,6 +116,12 @@
#define A_SETKAUDIT 30
#define A_SENDTRIGGER 31
#define A_GETSINFO_ADDR 32
+#define A_GETPOLICY 33
+#define A_SETPOLICY 34
+#define A_GETQCTRL 35
+#define A_SETQCTRL 36
+#define A_GETCOND 37
+#define A_SETCOND 38
/*
* Audit policy controls.
@@ -244,13 +241,22 @@
typedef struct au_token token_t;
/*
- * Kernel audit queue control parameters.
+ * Kernel audit queue control parameters:
+ * Default: Maximum:
+ * aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000)
+ * aq_lowater: AQ_LOWATER (10) <aq_hiwater
+ * aq_bufsz: AQ_BUFSZ (32767) AQ_MAXBUFSZ (1048576)
+ * aq_delay: 20 20000 (not used)
*/
struct au_qctrl {
- size_t aq_hiwater;
- size_t aq_lowater;
- size_t aq_bufsz;
- clock_t aq_delay;
+ int aq_hiwater; /* Max # of audit recs in queue when */
+ /* threads with new ARs get blocked. */
+
+ int aq_lowater; /* # of audit recs in queue when */
+ /* blocked threads get unblocked. */
+
+ int aq_bufsz; /* Max size of audit record for audit(2). */
+ int aq_delay; /* Queue delay (not used). */
int aq_minfree; /* Minimum filesystem percent free space. */
};
typedef struct au_qctrl au_qctrl_t;
More information about the p4-projects
mailing list