PERFORCE change 165358 for review

Ilias Marinos marinosi at FreeBSD.org
Sun Jun 28 20:57:42 UTC 2009 

http://perforce.freebsd.org/chv.cgi?CH=165358

Change 165358 by marinosi at marinosi_redrum on 2009/06/28 20:56:55

	Start mapping of bsm record's elements(e.g header, token), to be used 
	for record validating.

Affected files ...

.. //depot/projects/soc2009/marinosi_appaudit/src/sys/bsm/audit_internal.h#2 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#7 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#3 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#5 edit

Differences ...

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/bsm/audit_internal.h#2 (text) ====

@@ -115,4 +115,38 @@
 
 #define	ADD_STRING(loc, data, size)	ADD_MEM(loc, data, size)
 
+/*
+ * BSM record - token mapping.
+ * Based on Sun description.
+ * XXX: Test them both on i386/amd64 architectures.
+ */
+/*
+ * token ID                1 byte
+ * record byte count       4 bytes
+ * version #               1 byte    [2]
+ * event type              2 bytes
+ * event modifier          2 bytes
+ * seconds of time         4 bytes/8 bytes (32-bit/64-bit value)
+ * milliseconds of time    4 bytes/8 bytes (32-bit/64-bit value)
+ */
+struct bsm_record_header {
+	u_char			token_id;
+	u_int32_t		rec_byte_count;
+	u_char			version;
+	u_int16_t		e_type;
+	u_int16_t		e_mod;
+	struct timespec		tm;
+};
+
+/*
+ * token ID                1 byte
+ * trailer magic number    2 bytes
+ * record byte count       4 bytes
+ */
+struct bsm_record_trailer {
+	u_char			token_id;
+	u_int16_t		trailer_num;
+	u_int32_t		rec_byte_count;
+};
+
 #endif /* !_AUDIT_INTERNAL_H_ */

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#7 (text) ====


==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.c#3 (text+ko) ====

@@ -157,6 +157,9 @@
 	/* Actual work here */
 	int c, error = 0;
 	void *audit_slice_dev_buf;
+	struct audit_slice *as;
+
+	as = dev->si_drv1;
 
 	/* Safe malloc the pagesz of the system.*/
 	audit_slice_dev_buf = (void *)malloc(PAGE_SIZE, M_TEMP, M_WAITOK);

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#5 (text+ko) ====

More information about the p4-projects mailing list