diff options
| author | rwatson <rwatson@FreeBSD.org> | 2008-11-13 00:04:15 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2008-11-13 00:04:15 +0000 |
| commit | 208cf4160e79a64866887cc5f89f964cc899f97e (patch) | |
| tree | df6eec05070bdfdd7ef98d7164381dfbe7d070c5 | |
| parent | c42299a67e6a8c7c12b9c9099038d720deaf90cf (diff) | |
| download | FreeBSD-src-208cf4160e79a64866887cc5f89f964cc899f97e.zip FreeBSD-src-208cf4160e79a64866887cc5f89f964cc899f97e.tar.gz | |
Vendor import of OpenBSM 1.1 alpha2, which incorporates the following
changes since the last imported OpenBSM release:
OpenBSM 1.1 alpha 2
- Include files in OpenBSM are now broken out into two parts: library builds
required solely for user space, and system includes, which may also be
required for use in the kernels of systems integrating OpenBSM. Submitted
by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
include for system includes, rather than the versions bundled with OpenBSM.
This is intended specifically for platforms that ship OpenBSM, have adapted
versions of the system includes in a kernel source tree, and will use the
OpenBSM build infrastructure with an unmodified OpenBSM distribution,
allowing the customized system includes to be used with the OpenBSM build.
Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
or asprintf(). Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
on the host generating the record.
- Add support for setting extended host information in the kernel, which is
used for setting host information in extended header tokens. The
audit_control file now supports a "host" parameter which can be used by
auditd to set the information; if not present, the kernel parameters won't
be set and auditd uses unextended headers for records that it generates.
OpenBSM 1.1 alpha 1
- Add option to auditreduce(1) which allows users to invert sense of
matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
event there is an error writing the subject token. This was submitted
by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not beingguments so that const strings can be passed
as arguments to tokens. This patch was submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.
Obtained from: TrustedBSD Project
Sponsored by: Apple Inc.
107 files changed, 3293 insertions, 1046 deletions
diff --git a/CHANGELOG b/CHANGELOG deleted file mode 100644 index 9856109..0000000 --- a/CHANGELOG +++ /dev/null @@ -1,97 +0,0 @@ -OpenBSM 1.0 alpha 4 - -- Remove "audit" user example from audit_user, as it's not present on most - systems. -- Add cannot_audit() function non-Darwin systems that wraps auditon(); - required by OpenSSH BSM support. Convert Darwin cannot_audit() into a - function rather than a macro. -- Library build fixed on Darwin following include file tweaks. The native - Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so - for now we force bsm_wrappers.c to not perform a nested include of - sys/audit.h. - -OpenBSM 1.0 alpha 3 - -- Man page formatting, cross reference, mlinks, and accuracy improvements. -- auditd and tools now compile and run on FreeBSD/arm. -- auditd will now fchown() the trail file to the audit review group, if - defined at compile-time. -- Added AUE_SYSARCH for FreeBSD. -- Definition of AUE_SETFSGID fixed for Linux. - -OpenBSM 1.0 alpha 2 - -- Man page formatting improvements. -- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b - events. -- Remove 'tfm' class, unused in OpenBSM. - -OpenBSM 1.0 alpha 1 - -- Import of Darwin74 BSM drop -- Use 'syslog' for audit log warnings, rather than echoing to a file in - audit_warn. -- Compile using BSD make infrastructure. -- Integrate bsm/ include files from Darwin74 XNU drop into OpenBSM. -- Narrow set of symbols and defines that are exposed in user space: don't - compile in code relying on kernel-only types such as 'struct socket'. -- Add README, including basic build documentation. -- Compilation of Apple-specific notify and Machroutines now #ifdef __APPLE__. -- Staticize libbsm global variables to avoid leakage into application. -- Add free_au_user_ent() so that au_user_ent's don't have to be leaked. -- Clean up bogus nul-termination checks in libbsm. -- Add libbsm API man pages: au_class.3 au_control.3 au_event.3 - au_free_token.3 au_io.3 au_mask.3 au_token.3 au_user.3 libbsm.3. -- Add man pages for BSM system calls: audit.2 auditctl.2 auditon.2 getaudit.2 - getauid.2 setaudit.2 setauid.2 -- Modify various libbsm interfaces to more consistently return 'errno' values - on failure. -- Break out au_close() into constituent parts, allowing records to be written - to memory as well as files. -- Prefix various defines with 'BSM_' to reduce name space pollution. -- Added audit_internal.h, which can be used by a kernel audit implementation - wanting to rely on libbsm components. -- Build with warnings, and eliminate warnings. -- Make libbsm endian-independent, storing and reading BSM are big endian - (network byte order) rather than native byte order. More consistently - print IP addresses using the IP address print routine. These changes - make use of sys/endian.h from *BSD; since this isn't present on Darwin, - add it to OpenBSM as compat/endian.h, which is used only on Darwin. -- Import of Darwin80 BSM drop, including 64-bit file IDs, better - documentation of private APIs, and bug fixes. -- White space cleanup. -- Add audit.log.5, a first cut at a man page documenting the BSM file format. -- Teach au_read_rec() to recognize stand-alone file tokens, which are present - at the beginning and end of Solaris audit trails. Technically, these - appear to violate the high level BSM spec, which suggests that all tokens - are present in records, but need to be supported. -- Implement HEADER64, ATTR64, SUBJECT64 token types, which make it possible - to run praudit(1) on basic Solaris BSM streams. -- Switched to Solaris spelling of token names; Darwin spellings are now - deprecated and will be removed in a future version of OpenBSM. -- Adopt Solaris model for representing IPv4 and IPv6 addresses. -- Prefer C99 types. -- Attempt to universally adopt the BSD style(9) coding style for - consistency. -- auditreduce(1) now has a usage message. -- Update support for auditctl(2) system call to support FreeBSD. -- Add support for /dev/audit as the trigger source on FreeBSD. -- Add additional event types for Darwin, FreeBSD, and Solaris. Annotate - conflicts (there are a few, unfortunately). Correct spellings, comment, - sort, etc. These include {get,set}res[ug]id(), sendfile(), lchflags(), - eaccess(), kqueue(), kevent(), poll(), lchmod(). -- Relicensed under a BSD license, many thanks to Apple, Inc! -- Many bug fixes, cleanups, thread safety in the class, control, event, - and user system audit databases. Annotate some persisting atomicity - bugs associated with the API and implementation. -- Add audump test tool. -- Adopt OpenSolaris BSM API memory semantics: caller allocates memory, - or static memory is returned for non-_r() versions of API calls. - _free() calls dropped as a result, and source code compatibility with - OpenSolaris improved significantly. -- Annotate BSM events with origin OS and compatibility information. -- auditd(8), audit(8) added to the OpenBSM distribution. auditd extended - to support reloading of kernel event table. -- Allow comments in /etc/security configuration files. - -$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#12 $ @@ -0,0 +1,33 @@ +OpenBSM Credits + +The following organizations and individuals have contributed substantially to +the development of OpenBSM: + + Apple Inc. + McAfee Research, McAfee, Inc. + SPARTA, Inc. + Robert Watson + Wayne Salamon + Suresh Krishnaswamy + Kevin Van Vechten + Tom Rhodes + Wojciech Koszek + Chunyang Yuan + Poul-Henning Kamp + Christian Brueffer + Olivier Houchard + Christian Peron + Martin Fong + Pawel Worach + Martin Englund + Ruslan Ermilov + Martin Voros + Diego Giagio + Alex Samorukov + Eric Hall + Xin LI + Stacey Son + +In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel +Software's FlexeLint tool were used to identify a number of bugs in the +OpenBSM implementation. @@ -0,0 +1,29 @@ +OpenBSM Build and Installation Instructions + +OpenBSM is currently built using autoconf and automake, which should allow +for building on a range of operating systems, including FreeBSD, Mac OS X, +and Linux. Depending on the availability of audit facilities in the +underlying operating system, some components that depend on kernel audit +support are built conditionally. Typically, build will be performed using: + + ./configure + make + +To install, use: + + make install + +You may wish to specify that the OpenBSM components not be installed in the +base system, rather in a specific directory. This may be done using the +--prefix argument to configure. If installing to a specific directory, +remember to update your library path so that running tools from that +directory the correct libbsm is used: + + ./configure --prefix=/home/rwatson/openbsm + make + make install + LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH + +You will need to manually propagate openbsm/etc/* into /etc/security on your +system; this is not done automatically so as to avoid disrupting the current +configuration. Currently, the locations of these files is not configurable. @@ -1,3 +1,5 @@ +OpenBSM Copyrights and Licensing + OpenBSM is covered by a number of copyrights, with licenses being either two or three clause BSD licenses. Individual file headers should be consulted for specific copyrights on specific components. The TrustedBSD Project would @@ -30,4 +32,4 @@ substantially similar licenses: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. -$P4: //depot/projects/trustedbsd/openbsm/LICENSE#4 $ +$P4: //depot/projects/trustedbsd/openbsm/LICENSE#5 $ diff --git a/Makefile b/Makefile deleted file mode 100644 index b480723..0000000 --- a/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/Makefile#2 $ -# - -SUBDIR= bsm \ - libbsm \ - bin - -.include <bsd.subdir.mk> diff --git a/Makefile.am b/Makefile.am index d3ca327..60fbea9 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/Makefile.am#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/Makefile.am#3 $ # SUBDIRS = \ @@ -7,7 +7,8 @@ SUBDIRS = \ libbsm \ bin \ man \ - modules + modules \ + sys EXTRA_DIST = \ CHANGELOG \ diff --git a/Makefile.in b/Makefile.in index 37db68b..9068b4c 100644 --- a/Makefile.in +++ b/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/Makefile.in#5 $ +# $P4: //depot/projects/trustedbsd/openbsm/Makefile.in#8 $ # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ @@ -38,7 +38,7 @@ host_triplet = @host@ subdir = . DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/config/config.h.in \ - $(top_srcdir)/configure TODO config/config.guess \ + $(top_srcdir)/configure INSTALL NEWS TODO config/config.guess \ config/config.sub config/depcomp config/install-sh \ config/ltmain.sh config/missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -116,6 +116,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -187,7 +188,8 @@ SUBDIRS = \ libbsm \ bin \ man \ - modules + modules \ + sys EXTRA_DIST = \ CHANGELOG \ @@ -1,8 +1,54 @@ +OpenBSM Version History + +OpenBSM 1.1 alpha 2 + +- Include files in OpenBSM are now broken out into two parts: library builds + required solely for user space, and system includes, which may also be + required for use in the kernels of systems integrating OpenBSM. Submitted + by Stacey Son. +- Configure option --with-native-includes allows forcing the use of native + include for system includes, rather than the versions bundled with OpenBSM. + This is intended specifically for platforms that ship OpenBSM, have adapted + versions of the system includes in a kernel source tree, and will use the + OpenBSM build infrastructure with an unmodified OpenBSM distribution, + allowing the customized system includes to be used with the OpenBSM build. + Submitted by Stacey Son. +- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s + or asprintf(). Added compat/strlcpy.h for Linux. +- Remove compatibility defines for old Darwin token constant names; now only + BSM token names are provided and used. +- Add support for extended header tokens, which contain space for information + on the host generating the record. +- Add support for setting extended host information in the kernel, which is + used for setting host information in extended header tokens. The + audit_control file now supports a "host" parameter which can be used by + auditd to set the information; if not present, the kernel parameters won't + be set and auditd uses unextended headers for records that it generates. + +OpenBSM 1.1 alpha 1 + +- Add option to auditreduce(1) which allows users to invert sense of + matching, such that BSM records that do not match, are selected. +- Fix bug in audit_write() where we commit an incomplete record in the + event there is an error writing the subject token. This was submitted + by Diego Giagio. +- Build support for Mac OS X 10.5.1 submitted by Eric Hall. +- Fix a bug which resulted in host XML attributes not being printed + while processing extended header tokens. This patch was submitted by + Martin Voros. +- Constification of function arguments so that const strings can be passed + as arguments to tokens. This patch was submitted by Xin LI. +- Modify the -m option so users can select more then one audit event. +- For Mac OS X, added Mach IPC support for audit trigger messages. +- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X. +- Added LOG_PERROR flag to openlog when -d option is used with auditd. +- AUE events added for Mac OS X Leopard system calls. + OpenBSM 1.0 -- Fix bug in auditreduce(8) which resulted in a memory fault/crash when +- Fix bug in auditreduce(1) which resulted in a memory fault/crash when the user specified an event name with -m. -- Remove AU_.* hard-coded audit class constants, as udit classes are now +- Remove AU_.* hard-coded audit class constants, as audit classes are now entirely dynamically configured using /etc/security/audit_class. OpenBSM 1.0 alpha 15 @@ -13,7 +59,7 @@ OpenBSM 1.0 alpha 15 - Synchronized audit event list to Solaris, picking up the *at(2) system call definitions, now required for FreeBSD and Linux. Added additional events for *at(2) system calls not present in Solaris. -- Bugs in auditreduce(8) fixed allowing partial date strings to be used in +- Bugs in auditreduce(1) fixed allowing partial date strings to be used in filtering events. OpenBSM 1.0 alpha 14 @@ -94,7 +140,7 @@ OpenBSM 1.0 alpha 11 OpenBSM 1.0 alpha 10 - auditd now generates complete audit records for its events, as required for - application-submitted audit records in the the FreeBSD kernel audit + application-submitted audit records in the FreeBSD kernel audit implementation. OpenBSM 1.0 alpha 9 @@ -132,7 +178,7 @@ OpenBSM 1.0 alpha 7 address storage. - Prefer inttypes.h to stdint.h; enhance queue.h detection to test for TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not - older ones. OpenBSM now builds on some FreeBSD 4.x version. + older ones. OpenBSM now builds on some FreeBSD 4.x versions. - New event types for extended attributes, ACLs, and scheduling. OpenBSM 1.0 alpha 6 @@ -245,7 +291,7 @@ OpenBSM 1.0 alpha 1 compile in code relying on kernel-only types such as 'struct socket'. - Add README, including basic build documentation. - Compilation of Apple-specific notify and Machroutines now #ifdef __APPLE__. -- Staticize libbsm global variables to avoid leakage into application. +- Staticize libbsm global variables to avoid leakage into applications. - Add free_au_user_ent() so that au_user_ent's don't have to be leaked. - Clean up bogus nul-termination checks in libbsm. - Add libbsm API man pages: au_class.3 au_control.3 au_event.3 @@ -302,4 +348,4 @@ OpenBSM 1.0 alpha 1 to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/HISTORY#57 $ +$P4: //depot/projects/trustedbsd/openbsm/NEWS#9 $ @@ -1,4 +1,4 @@ -OpenBSM 1.0 +OpenBSM 1.1 alpha 1 Introduction @@ -16,12 +16,13 @@ may be found in the FreeBSD and Mac OS X kernels. OpenBSM consists of several directories: bin/ Audit-related command line tools - bsm/ System include files for BSM + bsm/ Library include files for BSM compat/ Compatibility code to build on various OS's etc/ Sample /etc/security configuration files libbsm/ Implementation of BSM library interfaces and man pages man/ System call and configuration file man pages modules/ Directory for auditfilterd module source + sys/ System include files for BSM test/ Test token sets and geneneration program tools/ Tool directory, including audump to dump databases @@ -34,66 +35,9 @@ The following programs are included with OpenBSM: audump Debugging tool to parse and print audit databases praudit Tool to print audit trails - Building - -OpenBSM is currently built using autoconf and automake, which should allow -for building on a range of operating systems, including FreeBSD, Mac OS X, -and Linux. Depending on the availability of audit facilities in the -underlying operating system, some components that depend on kernel audit -support are built conditionally. Typically, build will be performed using: - - ./configure - make - -To install, use: - - make install - -You may wish to specify that the OpenBSM components not be installed in the -base system, rather in a specific directory. This may be done using the ---prefix argument to configure. If installing to a specific directory, -remember to update your library path so that running tools from that -directory the correct libbsm is used: - - ./configure --prefix=/home/rwatson/openbsm - make - make install - LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH - -You will need to manually propagate openbsm/etc/* into /etc on your system; -this is not done automatically so as to avoid disrupting the current -configuration. Currently, the locations of these files is not configurable. - - Credits - -The following organizations and individuals have contributed substantially to -the development of OpenBSM: - - Apple Computer, Inc. - McAfee Research, McAfee, Inc. - SPARTA, Inc. - Robert Watson - Wayne Salamon - Suresh Krishnaswamy - Kevin Van Vechten - Tom Rhodes - Wojciech Koszek - Chunyang Yuan - Poul-Henning Kamp - Christian Brueffer - Olivier Houchard - Christian Peron - Martin Fong - Pawel Worach - Martin Englund - Ruslan Ermilov - Martin Voros - Diego Giagio - Alex Samorukov - -In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel -Software's FlexeLint tool were used to identify a number of bugs in the -OpenBSM implementation. + Build and Installation + +Please see the file INSTALL for build and installation instructions. Contributions @@ -111,4 +55,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page: http://www.TrustedBSD.org/ -$P4: //depot/projects/trustedbsd/openbsm/README#24 $ +$P4: //depot/projects/trustedbsd/openbsm/README#32 $ @@ -1,5 +1,5 @@ -- Teach libbsm about any additional 64-bit token types that are present - in more recent Solaris versions. +OpenBSM TODO + - Build a regression test suite for libbsm that generates each token type and then compares the results with known good data. Make sure to test that things work properly with respect to endianness of the local @@ -18,5 +18,7 @@ trailer context. - Put hostname in trail file name. - Document audit_warn event arguments. +- Allow the path /etc/security to be configured at configure-time so that + alternative locations can be used. -$P4: //depot/projects/trustedbsd/openbsm/TODO#9 $ +$P4: //depot/projects/trustedbsd/openbsm/TODO#11 $ @@ -1 +1 @@ -OPENBSM_1_0 +OPENBSM_1_1_ALPHA_2 diff --git a/bin/Makefile b/bin/Makefile deleted file mode 100644 index 3bc4a6c..0000000 --- a/bin/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile#4 $ -# - -SUBDIR= audit \ - auditd \ - auditreduce \ - praudit - -.include <bsd.subdir.mk> diff --git a/bin/Makefile.in b/bin/Makefile.in index 8124228..ddace58 100644 --- a/bin/Makefile.in +++ b/bin/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.in#5 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.in#8 $ # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ @@ -104,6 +104,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ diff --git a/bin/audit/Makefile b/bin/audit/Makefile deleted file mode 100644 index cec37ea..0000000 --- a/bin/audit/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile#2 $ -# - -CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. -PROG= audit -MAN= audit.8 -DPADD= /usr/lib/libbsm.a -LDADD= -lbsm -BINDIR= /usr/sbin - -.include <bsd.prog.mk> diff --git a/bin/audit/Makefile.am b/bin/audit/Makefile.am index 83094bb..ed62929 100644 --- a/bin/audit/Makefile.am +++ b/bin/audit/Makefile.am @@ -1,10 +1,23 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#4 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif sbin_PROGRAMS = audit -audit_SOURCES = audit.c audit_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = audit.8 + +if USE_MACH_IPC +audit_SOURCES = auditd_control_user.c audit.c +CLEANFILES = auditd_control_user.c auditd_control_user.h + +auditd_control_user.c: $(top_srcdir)/bin/auditd/auditd_control.defs + $(MIG) -user auditd_control_user.c -header auditd_control_user.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs +else +audit_SOURCES = audit.c +endif diff --git a/bin/audit/Makefile.in b/bin/audit/Makefile.in index 9f5e7bd..edaf018 100644 --- a/bin/audit/Makefile.in +++ b/bin/audit/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#4 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#9 $ # VPATH = @srcdir@ @@ -49,7 +49,10 @@ CONFIG_CLEAN_FILES = am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(sbin_PROGRAMS) -am_audit_OBJECTS = audit.$(OBJEXT) +am__audit_SOURCES_DIST = audit.c auditd_control_user.c +@USE_MACH_IPC_FALSE@am_audit_OBJECTS = audit.$(OBJEXT) +@USE_MACH_IPC_TRUE@am_audit_OBJECTS = auditd_control_user.$(OBJEXT) \ +@USE_MACH_IPC_TRUE@ audit.$(OBJEXT) audit_OBJECTS = $(am_audit_OBJECTS) audit_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@ @@ -65,7 +68,7 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(audit_SOURCES) -DIST_SOURCES = $(audit_SOURCES) +DIST_SOURCES = $(am__audit_SOURCES_DIST) man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man8_MANS) @@ -113,6 +116,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -179,10 +183,13 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) -audit_SOURCES = audit.c +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) audit_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = audit.8 +@USE_MACH_IPC_FALSE@audit_SOURCES = audit.c +@USE_MACH_IPC_TRUE@audit_SOURCES = auditd_control_user.c audit.c +@USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_user.c auditd_control_user.h all: all-am .SUFFIXES: @@ -255,6 +262,7 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_control_user.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -426,6 +434,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -511,6 +520,9 @@ uninstall-man: uninstall-man8 tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-sbinPROGRAMS + +@USE_MACH_IPC_TRUE@auditd_control_user.c: $(top_srcdir)/bin/auditd/auditd_control.defs +@USE_MACH_IPC_TRUE@ $(MIG) -user auditd_control_user.c -header auditd_control_user.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/bin/audit/audit.8 b/bin/audit/audit.8 index b735981..4aaa494 100644 --- a/bin/audit/audit.8 +++ b/bin/audit/audit.8 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#10 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#11 $ .\" .Dd October 2, 2006 .Dt AUDIT 8 diff --git a/bin/audit/audit.c b/bin/audit/audit.c index 3540464..b1415a6 100644 --- a/bin/audit/audit.c +++ b/bin/audit/audit.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. +/*- + * Copyright (c) 2005-2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#8 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#11 $ */ /* * Program to trigger the audit daemon with a message that is either: @@ -37,7 +37,12 @@ */ #include <sys/types.h> +#include <config/config.h> +#ifdef HAVE_FULL_QUEUE_H #include <sys/queue.h> +#else /* !HAVE_FULL_QUEUE_H */ +#include <compat/queue.h> +#endif /* !HAVE_FULL_QUEUE_H */ #include <sys/uio.h> #include <bsm/libbsm.h> @@ -47,6 +52,58 @@ #include <stdlib.h> #include <unistd.h> + +static int send_trigger(unsigned int); + +#ifdef USE_MACH_IPC +#include <mach/mach.h> +#include <servers/netname.h> +#include <mach/message.h> +#include <mach/port.h> +#include <mach/mach_error.h> +#include <mach/host_special_ports.h> +#include <servers/bootstrap.h> + +#include "auditd_control_user.h" + +static int +send_trigger(unsigned int trigger) +{ + mach_port_t serverPort; + kern_return_t error; + + error = host_get_audit_control_port(mach_host_self(), &serverPort); + if (error != KERN_SUCCESS) { + mach_error("Cannot get auditd_control Mach port: ", error); + return (-1); + } + + error = auditd_control(serverPort, trigger); + if (error != KERN_SUCCESS) { + mach_error("Error sending trigger: ", error); + return (-1); + } + + return (0); +} + +#else /* ! USE_MACH_IPC */ + +static int +send_trigger(unsigned int trigger) +{ + int error; + + error = auditon(A_SENDTRIGGER, &trigger, sizeof(trigger)); + if (error != 0) { + perror("Error sending trigger"); + return (-1); + } + + return (0); +} +#endif /* ! USE_MACH_IPC */ + static void usage(void) { @@ -88,11 +145,9 @@ main(int argc, char **argv) break; } } - if (auditon(A_SENDTRIGGER, &trigger, sizeof(trigger)) < 0) { - perror("Error sending trigger"); + if (send_trigger(trigger) < 0) exit(-1); - } else { - printf("Trigger sent.\n"); - exit (0); - } + + printf("Trigger sent.\n"); + exit (0); } diff --git a/bin/auditd/Makefile b/bin/auditd/Makefile deleted file mode 100644 index fbbdc47..0000000 --- a/bin/auditd/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile#2 $ -# - -CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. -PROG= auditd -SRCS= audit_warn.c auditd.c -MAN= auditd.8 -DPADD= /usr/lib/libbsm.a -LDADD= -lbsm -BINDIR= /usr/sbin - -.include <bsd.prog.mk> diff --git a/bin/auditd/Makefile.am b/bin/auditd/Makefile.am index eecfa55..f65b155 100644 --- a/bin/auditd/Makefile.am +++ b/bin/auditd/Makefile.am @@ -1,10 +1,26 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#4 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif sbin_PROGRAMS = auditd -auditd_SOURCES = audit_warn.c auditd.c auditd_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = auditd.8 + +if USE_MACH_IPC +auditd_SOURCES = auditd_control_server.c audit_triggers_server.c audit_warn.c auditd.c +CLEANFILES = auditd_control_server.c auditd_control_server.h audit_triggers_server.c audit_triggers_server.h + +auditd_control_server.c: auditd_control.defs + $(MIG) -user /dev/null -header /dev/null -server auditd_control_server.c -sheader auditd_control_server.h $(top_srcdir)/bin/auditd/auditd_control.defs + +audit_triggers_server.c: audit_triggers.defs + $(MIG) -user /dev/null -header /dev/null -server audit_triggers_server.c -sheader audit_triggers_server.h $(top_srcdir)/bin/auditd/audit_triggers.defs +else +auditd_SOURCES = audit_warn.c auditd.c +endif diff --git a/bin/auditd/Makefile.in b/bin/auditd/Makefile.in index 9ff9451..731607c 100644 --- a/bin/auditd/Makefile.in +++ b/bin/auditd/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#4 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#9 $ # VPATH = @srcdir@ @@ -49,7 +49,14 @@ CONFIG_CLEAN_FILES = am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(sbin_PROGRAMS) -am_auditd_OBJECTS = audit_warn.$(OBJEXT) auditd.$(OBJEXT) +am__auditd_SOURCES_DIST = audit_warn.c auditd.c \ + auditd_control_server.c audit_triggers_server.c +@USE_MACH_IPC_FALSE@am_auditd_OBJECTS = audit_warn.$(OBJEXT) \ +@USE_MACH_IPC_FALSE@ auditd.$(OBJEXT) +@USE_MACH_IPC_TRUE@am_auditd_OBJECTS = \ +@USE_MACH_IPC_TRUE@ auditd_control_server.$(OBJEXT) \ +@USE_MACH_IPC_TRUE@ audit_triggers_server.$(OBJEXT) \ +@USE_MACH_IPC_TRUE@ audit_warn.$(OBJEXT) auditd.$(OBJEXT) auditd_OBJECTS = $(am_auditd_OBJECTS) auditd_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@ @@ -65,7 +72,7 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(auditd_SOURCES) -DIST_SOURCES = $(auditd_SOURCES) +DIST_SOURCES = $(am__auditd_SOURCES_DIST) man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man8_MANS) @@ -113,6 +120,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -179,10 +187,13 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) -auditd_SOURCES = audit_warn.c auditd.c +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) auditd_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = auditd.8 +@USE_MACH_IPC_FALSE@auditd_SOURCES = audit_warn.c auditd.c +@USE_MACH_IPC_TRUE@auditd_SOURCES = auditd_control_server.c audit_triggers_server.c audit_warn.c auditd.c +@USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_server.c auditd_control_server.h audit_triggers_server.c audit_triggers_server.h all: all-am .SUFFIXES: @@ -254,8 +265,10 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit_triggers_server.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit_warn.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_control_server.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -427,6 +440,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -512,6 +526,12 @@ uninstall-man: uninstall-man8 tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-sbinPROGRAMS + +@USE_MACH_IPC_TRUE@auditd_control_server.c: auditd_control.defs +@USE_MACH_IPC_TRUE@ $(MIG) -user /dev/null -header /dev/null -server auditd_control_server.c -sheader auditd_control_server.h $(top_srcdir)/bin/auditd/auditd_control.defs + +@USE_MACH_IPC_TRUE@audit_triggers_server.c: audit_triggers.defs +@USE_MACH_IPC_TRUE@ $(MIG) -user /dev/null -header /dev/null -server audit_triggers_server.c -sheader audit_triggers_server.h $(top_srcdir)/bin/auditd/audit_triggers.defs # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/bin/auditd/audit_triggers.defs b/bin/auditd/audit_triggers.defs new file mode 100644 index 0000000..f5b394d --- /dev/null +++ b/bin/auditd/audit_triggers.defs @@ -0,0 +1,5 @@ +/* + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_triggers.defs#1 $ + */ + +#include <mach/audit_triggers.defs> diff --git a/bin/auditd/audit_warn.c b/bin/auditd/audit_warn.c index ef3de52..7bc7a14 100644 --- a/bin/auditd/audit_warn.c +++ b/bin/auditd/audit_warn.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. +/*- + * Copyright (c) 2005 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#8 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#9 $ */ #include <sys/types.h> diff --git a/bin/auditd/auditd.8 b/bin/auditd/auditd.8 index ec6b99a..199b9cc 100644 --- a/bin/auditd/auditd.8 +++ b/bin/auditd/auditd.8 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#13 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#14 $ .\" .Dd October 2, 2006 .Dt AUDITD 8 diff --git a/bin/auditd/auditd.c b/bin/auditd/auditd.c index fb6fbd5..e0c03d0 100644 --- a/bin/auditd/auditd.c +++ b/bin/auditd/auditd.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004-2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,13 +26,21 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#26 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#39 $ */ -#include <sys/types.h> +#include <sys/param.h> + +#include <config/config.h> + #include <sys/dirent.h> #include <sys/mman.h> +#include <sys/socket.h> +#ifdef HAVE_FULL_QUEUE_H #include <sys/queue.h> +#else /* !HAVE_FULL_QUEUE_H */ +#include <compat/queue.h> +#endif /* !HAVE_FULL_QUEUE_H */ #include <sys/stat.h> #include <sys/wait.h> @@ -40,6 +48,8 @@ #include <bsm/audit_uevents.h> #include <bsm/libbsm.h> +#include <netinet/in.h> + #include <err.h> #include <errno.h> #include <fcntl.h> @@ -51,19 +61,46 @@ #include <signal.h> #include <string.h> #include <syslog.h> +#include <netdb.h> #include "auditd.h" +#ifdef USE_MACH_IPC +#include <notify.h> +#include <mach/port.h> +#include <mach/mach_error.h> +#include <mach/mach_traps.h> +#include <mach/mach.h> +#include <mach/host_special_ports.h> + +#include "auditd_control_server.h" +#include "audit_triggers_server.h" +#endif /* USE_MACH_IPC */ + +#ifndef HAVE_STRLCPY +#include <compat/strlcpy.h> +#endif #define NA_EVENT_STR_SIZE 25 #define POL_STR_SIZE 128 - static int ret, minval; static char *lastfile = NULL; static int allhardcount = 0; -static int triggerfd = 0; static int sigchlds, sigchlds_handled; static int sighups, sighups_handled; +#ifndef USE_MACH_IPC static int sigterms, sigterms_handled; +static int triggerfd = 0; + +#else /* USE_MACH_IPC */ + +static mach_port_t control_port = MACH_PORT_NULL; +static mach_port_t signal_port = MACH_PORT_NULL; +static mach_port_t port_set = MACH_PORT_NULL; + +#ifndef __BSM_INTERNAL_NOTIFY_KEY +#define __BSM_INTERNAL_NOTIFY_KEY "com.apple.audit.change" +#endif /* __BSM_INTERNAL_NOTIFY_KEY */ +#endif /* USE_MACH_IPC */ static TAILQ_HEAD(, dir_ent) dir_q; @@ -120,19 +157,17 @@ getTSstr(char *buf, int len) static char * affixdir(char *name, struct dir_ent *dirent) { - char *fn; - char *curdir; - const char *sep = "/"; + char *fn = NULL; - curdir = dirent->dirname; syslog(LOG_DEBUG, "dir = %s", dirent->dirname); - - fn = malloc(strlen(curdir) + strlen(sep) + (2 * POSTFIX_LEN) + 1); - if (fn == NULL) + /* + * Sanity check on file name. + */ + if (strlen(name) != (FILENAME_LEN - 1)) { + syslog(LOG_ERR, "Invalid file name: %s", name); return (NULL); - strcpy(fn, curdir); - strcat(fn, sep); - strcat(fn, name); + } + asprintf(&fn, "%s/%s", dirent->dirname, name); return (fn); } @@ -144,17 +179,18 @@ close_lastfile(char *TS) { char *ptr; char *oldname; + size_t len; if (lastfile != NULL) { - oldname = (char *)malloc(strlen(lastfile) + 1); + len = strlen(lastfile) + 1; + oldname = (char *)malloc(len); if (oldname == NULL) return (-1); - strcpy(oldname, lastfile); + strlcpy(oldname, lastfile, len); /* Rename the last file -- append timestamp. */ if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) { - *ptr = '.'; - strcpy(ptr+1, TS); + strlcpy(ptr, TS, TIMESTAMP_LEN); if (rename(oldname, lastfile) != 0) syslog(LOG_ERR, "Could not rename %s to %s: %m", oldname, @@ -164,7 +200,9 @@ close_lastfile(char *TS) oldname, lastfile); audit_warn_closefile(lastfile); } - } + } else + syslog(LOG_ERR, "Could not rename %s to %s", oldname, + lastfile); free(lastfile); free(oldname); lastfile = NULL; @@ -206,9 +244,9 @@ open_trail(const char *fname) static int swap_audit_file(void) { - char timestr[2 * POSTFIX_LEN]; + char timestr[FILENAME_LEN]; char *fn; - char TS[POSTFIX_LEN]; + char TS[TIMESTAMP_LEN]; struct dir_ent *dirent; #ifdef AUDIT_REVIEW_GROUP struct group *grp; @@ -217,11 +255,10 @@ swap_audit_file(void) #endif int error, fd; - if (getTSstr(TS, POSTFIX_LEN) != 0) + if (getTSstr(TS, TIMESTAMP_LEN) != 0) return (-1); - strcpy(timestr, TS); - strcat(timestr, NOT_TERMINATED); + snprintf(timestr, FILENAME_LEN, "%s.%s", TS, NOT_TERMINATED); #ifdef AUDIT_REVIEW_GROUP /* @@ -268,6 +305,14 @@ swap_audit_file(void) close(fd); } else { /* Success. */ +#ifdef USE_MACH_IPC + /* + * auditctl() potentially changes the audit + * state so post that the audit config (may + * have) changed. + */ + notify_post(__BSM_INTERNAL_NOTIFY_KEY); +#endif close_lastfile(TS); lastfile = fn; close(fd); @@ -321,7 +366,7 @@ read_control_file(void) free(dirent); return (-1); } - strcpy(dirent->dirname, cur_dir); + strlcpy(dirent->dirname, cur_dir, MAXNAMLEN); TAILQ_INSERT_TAIL(&dir_q, dirent, dirs); } @@ -367,7 +412,7 @@ close_all(void) { struct auditinfo ai; int err_ret = 0; - char TS[POSTFIX_LEN]; + char TS[TIMESTAMP_LEN]; int aufd; token_t *tok; long cond; @@ -402,7 +447,13 @@ close_all(void) strerror(errno)); err_ret = 1; } - if (getTSstr(TS, POSTFIX_LEN) == 0) +#ifdef USE_MACH_IPC + /* + * Post a notification that the audit config changed. + */ + notify_post(__BSM_INTERNAL_NOTIFY_KEY); +#endif + if (getTSstr(TS, TIMESTAMP_LEN) == 0) close_lastfile(TS); if (lastfile != NULL) free(lastfile); @@ -415,8 +466,10 @@ close_all(void) } endac(); +#ifndef USE_MACH_IPC if (close(triggerfd) != 0) syslog(LOG_ERR, "Error closing control file"); +#endif syslog(LOG_INFO, "Finished"); return (0); } @@ -427,6 +480,22 @@ close_all(void) * main servicing loop to do proper handling from a non-signal-handler * context. */ +#ifdef USE_MACH_IPC +static void +relay_signal(int signal) +{ + mach_msg_empty_send_t msg; + + msg.header.msgh_id = signal; + msg.header.msgh_remote_port = signal_port; + msg.header.msgh_local_port = MACH_PORT_NULL; + msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_MAKE_SEND, 0); + mach_msg(&(msg.header), MACH_SEND_MSG|MACH_SEND_TIMEOUT, sizeof(msg), + 0, MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL); +} + +#else /* ! USE_MACH_IPC */ + static void relay_signal(int signal) { @@ -438,6 +507,7 @@ relay_signal(int signal) if (signal == SIGCHLD) sigchlds++; } +#endif /* ! USE_MACH_IPC */ /* * Registering the daemon. @@ -492,6 +562,48 @@ register_daemon(void) return (0); } +#ifdef USE_MACH_IPC +/* + * Implementation of the auditd_control() MIG simpleroutine. + * + * React to input from the audit(1) tool. + */ + +/* ARGSUSED */ +kern_return_t +auditd_control(mach_port_t __unused auditd_port, int trigger) +{ + int err_ret = 0; + + switch (trigger) { + + case AUDIT_TRIGGER_ROTATE_USER: + /* + * Create a new file and swap with the one + * being used in kernel. + */ + if (swap_audit_file() == -1) + syslog(LOG_ERR, "Error swapping audit file"); + break; + + case AUDIT_TRIGGER_READ_FILE: + if (read_control_file() == -1) + syslog(LOG_ERR, "Error in audit control file"); + break; + + case AUDIT_TRIGGER_CLOSE_AND_DIE: + err_ret = close_all(); + exit (err_ret); + break; + + default: + break; + } + + return (KERN_SUCCESS); +} +#endif /* USE_MACH_IPC */ + /* * Handle the audit trigger event. * @@ -503,8 +615,18 @@ register_daemon(void) * not be retransmitted, and the log file will grow in an unbounded fashion. */ #define DUPLICATE_INTERVAL 30 -static void +#ifdef USE_MACH_IPC +#define AT_SUCCESS KERN_SUCCESS + +/* ARGSUSED */ +kern_return_t +audit_triggers(mach_port_t __unused audit_port, int trigger) +#else +#define AT_SUCCESS 0 + +static int handle_audit_trigger(int trigger) +#endif { static int last_trigger, last_warning; static time_t last_time; @@ -533,7 +655,7 @@ handle_audit_trigger(int trigger) syslog(LOG_INFO, "Suppressing duplicate trigger %d", trigger); - return; + return (AT_SUCCESS); } last_warning = tt; break; @@ -634,8 +756,12 @@ handle_audit_trigger(int trigger) syslog(LOG_ERR, "Got unknown trigger %d", trigger); break; } + + return (AT_SUCCESS); } +#undef AT_SUCCESS + static void handle_sighup(void) { @@ -644,6 +770,69 @@ handle_sighup(void) config_audit_controls(); } +static int +config_audit_host(void) +{ + char hoststr[MAXHOSTNAMELEN]; + struct sockaddr_in6 *sin6; + struct sockaddr_in *sin; + struct addrinfo *res; + struct auditinfo_addr aia; + int error; + + if (getachost(hoststr, MAXHOSTNAMELEN) != 0) { + syslog(LOG_WARNING, + "warning: failed to read 'host' param in control file"); + /* + * To maintain reverse compatability with older audit_control + * files, simply drop a warning if the host parameter has not + * been set. However, we will explicitly disable the + * generation of extended audit header by passing in a zeroed + * termid structure. + */ + bzero(&aia, sizeof(aia)); + aia.ai_termid.at_type = AU_IPv4; + error = auditon(A_SETKAUDIT, &aia, sizeof(aia)); + if (error < 0 && errno == ENOSYS) + return (0); + else if (error < 0) { + syslog(LOG_ERR, + "Failed to set audit host info"); + return (-1); + } + return (0); + } + error = getaddrinfo(hoststr, NULL, NULL, &res); + if (error) { + syslog(LOG_ERR, "Failed to lookup hostname: %s", hoststr); + return (-1); + } + switch (res->ai_family) { + case PF_INET6: + sin6 = (struct sockaddr_in6 *) res->ai_addr; + bcopy(&sin6->sin6_addr.s6_addr, + &aia.ai_termid.at_addr[0], sizeof(struct in6_addr)); + aia.ai_termid.at_type = AU_IPv6; + break; + case PF_INET: + sin = (struct sockaddr_in *) res->ai_addr; + bcopy(&sin->sin_addr.s_addr, + &aia.ai_termid.at_addr[0], sizeof(struct in_addr)); + aia.ai_termid.at_type = AU_IPv4; + break; + default: + syslog(LOG_ERR, + "Un-supported address family in host parameter"); + return (-1); + } + if (auditon(A_SETKAUDIT, &aia, sizeof(aia)) < 0) { + syslog(LOG_ERR, + "auditon: failed to set audit host information"); + return (-1); + } + return (0); +} + /* * Reap our children. */ @@ -675,6 +864,61 @@ handle_sigchld(void) /* * Read the control file for triggers/signals and handle appropriately. */ +#ifdef USE_MACH_IPC +#define MAX_MSG_SIZE 4096 + +static boolean_t +auditd_combined_server(mach_msg_header_t *InHeadP, + mach_msg_header_t *OutHeadP) +{ + mach_port_t local_port = InHeadP->msgh_local_port; + + if (local_port == signal_port) { + int signo = InHeadP->msgh_id; + int ret; + + switch(signo) { + case SIGTERM: + ret = close_all(); + exit(ret); + + case SIGCHLD: + handle_sigchld(); + return (TRUE); + + case SIGHUP: + handle_sighup(); + return (TRUE); + + default: + syslog(LOG_INFO, "Received signal %d", signo); + return (TRUE); + } + } else if (local_port == control_port) { + boolean_t result; + + result = audit_triggers_server(InHeadP, OutHeadP); + if (!result) + result = auditd_control_server(InHeadP, OutHeadP); + return (result); + } + syslog(LOG_INFO, "Recevied msg on bad port 0x%x.", local_port); + return (FALSE); +} + +static int +wait_for_events(void) +{ + kern_return_t result; + + result = mach_msg_server(auditd_combined_server, MAX_MSG_SIZE, + port_set, MACH_MSG_OPTION_NONE); + syslog(LOG_ERR, "abnormal exit\n"); + return (close_all()); +} + +#else /* ! USE_MACH_IPC */ + static int wait_for_events(void) { @@ -706,10 +950,11 @@ wait_for_events(void) if (trigger == AUDIT_TRIGGER_CLOSE_AND_DIE) break; else - handle_audit_trigger(trigger); + (void)handle_audit_trigger(trigger); } return (close_all()); } +#endif /* ! USE_MACH_IPC */ /* * Configure the audit controls in the kernel: the event to class mapping, @@ -817,9 +1062,62 @@ config_audit_controls(void) } else syslog(LOG_ERR, "Failed to obtain filesz: %m"); - return (0); + return (config_audit_host()); } +#ifdef USE_MACH_IPC +static void +mach_setup(void) +{ + mach_msg_type_name_t poly; + + /* + * Allocate a port set + */ + if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_PORT_SET, + &port_set) != KERN_SUCCESS) { + syslog(LOG_ERR, "Allocation of port set failed"); + fail_exit(); + } + + /* + * Allocate a signal reflection port + */ + if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, + &signal_port) != KERN_SUCCESS || + mach_port_move_member(mach_task_self(), signal_port, port_set) != + KERN_SUCCESS) { + syslog(LOG_ERR, "Allocation of signal port failed"); + fail_exit(); + } + + /* + * Allocate a trigger port + */ + if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, + &control_port) != KERN_SUCCESS || + mach_port_move_member(mach_task_self(), control_port, port_set) + != KERN_SUCCESS) + syslog(LOG_ERR, "Allocation of trigger port failed"); + + /* + * Create a send right on our trigger port. + */ + mach_port_extract_right(mach_task_self(), control_port, + MACH_MSG_TYPE_MAKE_SEND, &control_port, &poly); + + /* + * Register the trigger port with the kernel. + */ + if (host_set_audit_control_port(mach_host_self(), control_port) != + KERN_SUCCESS) { + syslog(LOG_ERR, "Cannot set Mach control port"); + fail_exit(); + } else + syslog(LOG_DEBUG, "Mach control port registered"); +} +#endif /* USE_MACH_IPC */ + static void setup(void) { @@ -828,13 +1126,17 @@ setup(void) int aufd; token_t *tok; +#ifdef USE_MACH_IPC + mach_setup(); +#else if ((triggerfd = open(AUDIT_TRIGGER_FILE, O_RDONLY, 0)) < 0) { syslog(LOG_ERR, "Error opening trigger file"); fail_exit(); } +#endif /* - * To provide event feedback cycles and avoid auditd becoming + * To prevent event feedback cycles and avoid auditd becoming * stalled if auditing is suspended, auditd and its children run * without their events being audited. We allow the uid, tid, and * mask fields to be implicitly set to zero, but do set the pid. We @@ -890,7 +1192,7 @@ main(int argc, char **argv) { int ch; int debug = 0; - int rc; + int rc, logopts; while ((ch = getopt(argc, argv, "d")) != -1) { switch(ch) { @@ -907,10 +1209,14 @@ main(int argc, char **argv) } } + logopts = LOG_CONS | LOG_PID; + if (debug != 0) + logopts |= LOG_PERROR; + #ifdef LOG_SECURITY - openlog("auditd", LOG_CONS | LOG_PID, LOG_SECURITY); + openlog("auditd", logopts, LOG_SECURITY); #else - openlog("auditd", LOG_CONS | LOG_PID, LOG_AUTH); + openlog("auditd", logopts, LOG_AUTH); #endif syslog(LOG_INFO, "starting..."); diff --git a/bin/auditd/auditd.h b/bin/auditd/auditd.h index 8b2416a..688aea3 100644 --- a/bin/auditd/auditd.h +++ b/bin/auditd/auditd.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. +/*- + * Copyright (c) 2005 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#8 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#11 $ */ #ifndef _AUDITD_H_ @@ -46,8 +46,10 @@ */ #define AUDIT_REVIEW_GROUP "audit" -#define POSTFIX_LEN 16 -#define NOT_TERMINATED ".not_terminated" +#define NOT_TERMINATED "not_terminated" +#define POSTFIX_LEN (sizeof("YYYYMMDDhhmmss") - 1) +#define FILENAME_LEN ((2 * POSTFIX_LEN) + 2) +#define TIMESTAMP_LEN (POSTFIX_LEN + 1) struct dir_ent { char *dirname; diff --git a/bin/auditd/auditd_control.defs b/bin/auditd/auditd_control.defs new file mode 100644 index 0000000..f06fe01 --- /dev/null +++ b/bin/auditd/auditd_control.defs @@ -0,0 +1,49 @@ +/*- + * Copyright (c) 1999-2007 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_control.defs#2 $ + */ + +/* + * Exported client calls to the auditd facility. + */ + +Subsystem + KernelUser + auditd_control 456; + +#ifndef __MigTypeCheck +#define __MigTypeCheck 1 +#endif + +#include <mach/std_types.defs> +#include <mach/mach_types.defs> + +simpleroutine auditd_control( + auditd_port : mach_port_t; + in trigger : int); diff --git a/bin/auditfilterd/Makefile.am b/bin/auditfilterd/Makefile.am index b8d96a4..83399f1 100644 --- a/bin/auditfilterd/Makefile.am +++ b/bin/auditfilterd/Makefile.am @@ -1,8 +1,12 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.am#3 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif sbin_PROGRAMS = auditfilterd auditfilterd_SOURCES = auditfilterd_conf.c auditfilterd.c diff --git a/bin/auditfilterd/Makefile.in b/bin/auditfilterd/Makefile.in index 11741f3..874e106 100644 --- a/bin/auditfilterd/Makefile.in +++ b/bin/auditfilterd/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.in#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.in#6 $ # VPATH = @srcdir@ @@ -114,6 +114,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -180,7 +181,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) auditfilterd_SOURCES = auditfilterd_conf.c auditfilterd.c auditfilterd_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = auditfilterd.8 diff --git a/bin/auditfilterd/auditfilterd.c b/bin/auditfilterd/auditfilterd.c index 110b7cf..ba42834 100644 --- a/bin/auditfilterd/auditfilterd.c +++ b/bin/auditfilterd/auditfilterd.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#11 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#13 $ */ /* @@ -54,6 +54,7 @@ #include <bsm/libbsm.h> #include <bsm/audit_filter.h> +#include <bsm/audit_internal.h> #include <err.h> #include <fcntl.h> @@ -216,7 +217,7 @@ mainloop_file(const char *conffile, const char *trailfile, FILE *trail_fp) * from a file stream. */ static void -mainloop_pipe(const char *conffile, const char *pipefile, int pipe_fd) +mainloop_pipe(const char *conffile, const char *pipefile __unused, int pipe_fd) { u_char record[MAX_AUDIT_RECORD_SIZE]; struct timespec ts; diff --git a/bin/auditreduce/Makefile b/bin/auditreduce/Makefile deleted file mode 100644 index f4c292a..0000000 --- a/bin/auditreduce/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile#4 $ -# - -CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. -PROG= auditreduce -MAN= auditreduce.1 -DPADD= /usr/lib/libbsm.a -LDADD= -lbsm -BINDIR= /usr/sbin - -.include <bsd.prog.mk> diff --git a/bin/auditreduce/Makefile.am b/bin/auditreduce/Makefile.am index cce29a6..8cd4b62 100644 --- a/bin/auditreduce/Makefile.am +++ b/bin/auditreduce/Makefile.am @@ -1,8 +1,12 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.am#3 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif sbin_PROGRAMS = auditreduce auditreduce_SOURCES = auditreduce.c diff --git a/bin/auditreduce/Makefile.in b/bin/auditreduce/Makefile.in index 7dae162..b18513f 100644 --- a/bin/auditreduce/Makefile.in +++ b/bin/auditreduce/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.in#4 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.in#8 $ # VPATH = @srcdir@ @@ -113,6 +113,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -179,7 +180,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) auditreduce_SOURCES = auditreduce.c auditreduce_LDADD = $(top_builddir)/libbsm/libbsm.la man1_MANS = auditreduce.1 diff --git a/bin/auditreduce/auditreduce.1 b/bin/auditreduce/auditreduce.1 index 1f900f9..6151f6e 100644 --- a/bin/auditreduce/auditreduce.1 +++ b/bin/auditreduce/auditreduce.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -9,7 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#14 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#17 $ .\" .Dd January 24, 2004 .Dt AUDITREDUCE 1 @@ -48,6 +48,7 @@ .Op Fl o Ar object Ns = Ns Ar value .Op Fl r Ar ruid .Op Fl u Ar auid +.Op Fl v .Op Ar .Sh DESCRIPTION The @@ -93,7 +94,8 @@ Select records with the given real group ID or name. .It Fl j Ar id Select records having a subject token with matching ID. .It Fl m Ar event -Select records with the given event name or number. +Select records with the given event name or number. This option can +be used more then once to select records of multiple event types. See .Xr audit_event 5 for a description of audit event names and numbers. @@ -127,6 +129,8 @@ Select records containing the given shared memory ID. Select records with the given real user ID or name. .It Fl u Ar auid Select records with the given audit ID. +.It Fl v +Invert sense of matching, to select records that do not match. .El .Sh EXAMPLES To select all records associated with effective user ID root from the audit diff --git a/bin/auditreduce/auditreduce.c b/bin/auditreduce/auditreduce.c index c647bc9..f22f454 100644 --- a/bin/auditreduce/auditreduce.c +++ b/bin/auditreduce/auditreduce.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004-2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#20 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#28 $ */ /* @@ -61,6 +61,10 @@ #include <regex.h> #include <errno.h> +#ifndef HAVE_STRLCPY +#include <compat/strlcpy.h> +#endif + #include "auditreduce.h" static TAILQ_HEAD(tailhead, re_entry) re_head = @@ -72,7 +76,6 @@ extern int optind, optopt, opterr,optreset; static au_mask_t maskp; /* Class. */ static time_t p_atime; /* Created after this time. */ static time_t p_btime; /* Created before this time. */ -static uint16_t p_evtype; /* Event that we are searching for. */ static int p_auid; /* Audit id. */ static int p_euid; /* Effective user id. */ static int p_egid; /* Effective group id. */ @@ -81,6 +84,13 @@ static int p_ruid; /* Real user id. */ static int p_subid; /* Subject id. */ /* + * Maintain a dynamically sized array of events for -m + */ +static uint16_t *p_evec; /* Event type list */ +static int p_evec_used; /* Number of events used */ +static int p_evec_alloc; /* Number of events allocated */ + +/* * Following are the objects (-o option) that we can select upon. */ static char *p_fileobj = NULL; @@ -105,7 +115,7 @@ parse_regexp(char *re_string) for (nstrs = 0, i = 0; i < len; i++) { if (copy[i] == ',' && i > 0) { if (copy[i - 1] == '\\') - strcpy(©[i - 1], ©[i]); + strlcpy(©[i - 1], ©[i], len); else { nstrs++; copy[i] = '\0'; @@ -163,6 +173,7 @@ usage(const char *msg) fprintf(stderr, "\t\t shmid=<ID>\n"); fprintf(stderr, "\t-r <uid|name> : real user\n"); fprintf(stderr, "\t-u <uid|name> : audit user\n"); + fprintf(stderr, "\t-v : select non-matching records\n"); exit(EX_USAGE); } @@ -265,7 +276,7 @@ select_pidobj(uint32_t pid) { if (ISOPTSET(opttochk, OPT_op)) { - if (pid != strtol(p_pidobj, (char **)NULL, 10)) + if (pid != (uint32_t)strtol(p_pidobj, (char **)NULL, 10)) return (0); } return (1); @@ -282,21 +293,22 @@ select_ipcobj(u_char type, uint32_t id, uint32_t *optchkd) if (type == AT_IPC_MSG) { SETOPT((*optchkd), OPT_om); if (ISOPTSET(opttochk, OPT_om)) { - if (id != strtol(p_msgqobj, (char **)NULL, 10)) + if (id != (uint32_t)strtol(p_msgqobj, (char **)NULL, + 10)) return (0); } return (1); } else if (type == AT_IPC_SEM) { SETOPT((*optchkd), OPT_ose); if (ISOPTSET(opttochk, OPT_ose)) { - if (id != strtol(p_semobj, (char **)NULL, 10)) + if (id != (uint32_t)strtol(p_semobj, (char **)NULL, 10)) return (0); } return (1); } else if (type == AT_IPC_SHM) { SETOPT((*optchkd), OPT_osh); if (ISOPTSET(opttochk, OPT_osh)) { - if (id != strtol(p_shmobj, (char **)NULL, 10)) + if (id != (uint32_t)strtol(p_shmobj, (char **)NULL, 10)) return (0); } return (1); @@ -345,8 +357,10 @@ select_filepath(char *path, uint32_t *optchkd) static int select_hdr32(tokenstr_t tok, uint32_t *optchkd) { + uint16_t *ev; + int match; - SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m)); + SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m | OPT_v)); /* The A option overrides a, b and d. */ if (!ISOPTSET(opttochk, OPT_A)) { @@ -377,7 +391,11 @@ select_hdr32(tokenstr_t tok, uint32_t *optchkd) /* Check if event matches. */ if (ISOPTSET(opttochk, OPT_m)) { - if (tok.tt.hdr32.e_type != p_evtype) + match = 0; + for (ev = p_evec; ev < &p_evec[p_evec_used]; ev++) + if (tok.tt.hdr32.e_type == *ev) + match = 1; + if (match == 0) return (0); } @@ -476,6 +494,7 @@ select_records(FILE *fp) int bytesread; int selected; uint32_t optchkd; + int print; int err = 0; while ((reclen = au_read_rec(fp, &buf)) != -1) { @@ -495,75 +514,50 @@ select_records(FILE *fp) * selection criteria. */ switch(tok.id) { - case AU_HEADER_32_TOKEN: + case AUT_HEADER32: selected = select_hdr32(tok, &optchkd); bcopy(&tok, &tok_hdr32_copy, sizeof(tok)); break; - case AU_PROCESS_32_TOKEN: + case AUT_PROCESS32: selected = select_proc32(tok, &optchkd); break; - case AU_SUBJECT_32_TOKEN: + case AUT_SUBJECT32: selected = select_subj32(tok, &optchkd); break; - case AU_IPC_TOKEN: + case AUT_IPC: selected = select_ipcobj( tok.tt.ipc.type, tok.tt.ipc.id, &optchkd); break; - case AU_FILE_TOKEN: - selected = select_filepath( - tok.tt.file.name, &optchkd); - break; - - case AU_PATH_TOKEN: + case AUT_PATH: selected = select_filepath( tok.tt.path.path, &optchkd); break; - case AU_RETURN_32_TOKEN: + case AUT_RETURN32: selected = select_return32(tok, tok_hdr32_copy, &optchkd); break; - /* - * The following tokens dont have any relevant - * attributes that we can select upon. - */ - case AU_TRAILER_TOKEN: - case AU_ARG32_TOKEN: - case AU_ATTR32_TOKEN: - case AU_EXIT_TOKEN: - case AU_NEWGROUPS_TOKEN: - case AU_IN_ADDR_TOKEN: - case AU_IP_TOKEN: - case AU_IPCPERM_TOKEN: - case AU_IPORT_TOKEN: - case AU_OPAQUE_TOKEN: - case AU_SEQ_TOKEN: - case AU_TEXT_TOKEN: - case AU_ARB_TOKEN: - case AU_SOCK_TOKEN: default: break; } bytesread += tok.len; } - if ((selected == 1) && (!err)) { - /* Check if all the options were matched. */ - if (!(opttochk & ~optchkd)) { - /* XXX Write this record to the output file. */ - /* default to stdout */ - fwrite(buf, 1, reclen, stdout); - } - } + /* Check if all the options were matched. */ + print = ((selected == 1) && (!err) && (!(opttochk & ~optchkd))); + if (ISOPTSET(opttochk, OPT_v)) + print = !print; + if (print) + (void) fwrite(buf, 1, reclen, stdout); free(buf); } return (0); @@ -615,10 +609,11 @@ main(int argc, char **argv) int ch; char timestr[128]; char *fname; + uint16_t *etp; converr = NULL; - while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:")) != -1) { + while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:v")) != -1) { switch(ch) { case 'A': SETOPT(opttochk, OPT_A); @@ -715,13 +710,26 @@ main(int argc, char **argv) break; case 'm': - p_evtype = strtol(optarg, (char **)NULL, 10); - if (p_evtype == 0) { + if (p_evec == NULL) { + p_evec_alloc = 32; + p_evec = malloc(sizeof(*etp) * p_evec_alloc); + if (p_evec == NULL) + err(1, "malloc"); + } else if (p_evec_alloc == p_evec_used) { + p_evec_alloc <<= 1; + p_evec = realloc(p_evec, + sizeof(*p_evec) * p_evec_alloc); + if (p_evec == NULL) + err(1, "realloc"); + } + etp = &p_evec[p_evec_used++]; + *etp = strtol(optarg, (char **)NULL, 10); + if (*etp == 0) { /* Could be the string representation. */ n = getauevnonam(optarg); if (n == NULL) usage("Incorrect event name"); - p_evtype = *n; + *etp = *n; } SETOPT(opttochk, OPT_m); break; @@ -755,6 +763,10 @@ main(int argc, char **argv) SETOPT(opttochk, OPT_u); break; + case 'v': + SETOPT(opttochk, OPT_v); + break; + case '?': default: usage("Unknown option"); diff --git a/bin/auditreduce/auditreduce.h b/bin/auditreduce/auditreduce.h index f69dc16..5f54893 100644 --- a/bin/auditreduce/auditreduce.h +++ b/bin/auditreduce/auditreduce.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#7 $ */ #ifndef _AUDITREDUCE_H_ @@ -58,6 +58,7 @@ struct re_entry { #define OPT_r 0x00008000 #define OPT_u 0x00010000 #define OPT_A 0x00020000 +#define OPT_v 0x00040000 #define FILEOBJ "file" #define MSGQIDOBJ "msgqid" diff --git a/bin/praudit/Makefile b/bin/praudit/Makefile deleted file mode 100644 index 34e136b..0000000 --- a/bin/praudit/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile#4 $ -# - -CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I. -PROG= praudit -MAN= praudit.1 -DPADD= /usr/lib/libbsm.a -LDADD= -lbsm -BINDIR= /usr/sbin - -.include <bsd.prog.mk> diff --git a/bin/praudit/Makefile.am b/bin/praudit/Makefile.am index 317567f..a362cea 100644 --- a/bin/praudit/Makefile.am +++ b/bin/praudit/Makefile.am @@ -1,8 +1,12 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.am#3 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif sbin_PROGRAMS = praudit praudit_SOURCES = praudit.c diff --git a/bin/praudit/Makefile.in b/bin/praudit/Makefile.in index b2c01b3..4472757 100644 --- a/bin/praudit/Makefile.in +++ b/bin/praudit/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.in#4 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.in#8 $ # VPATH = @srcdir@ @@ -113,6 +113,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -179,7 +180,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) praudit_SOURCES = praudit.c praudit_LDADD = $(top_builddir)/libbsm/libbsm.la man1_MANS = praudit.1 diff --git a/bin/praudit/praudit.1 b/bin/praudit/praudit.1 index c32c37c..6a4fef0 100644 --- a/bin/praudit/praudit.1 +++ b/bin/praudit/praudit.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -9,7 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#12 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#13 $ .\" .Dd November 5, 2006 .Dt PRAUDIT 1 diff --git a/bin/praudit/praudit.c b/bin/praudit/praudit.c index 42f7383..a1dbf9d 100644 --- a/bin/praudit/praudit.c +++ b/bin/praudit/praudit.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004-2008 Apple Inc. * Copyright (c) 2006 Martin Voros * All rights reserved. * @@ -27,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#12 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#14 $ */ /* @@ -80,7 +80,7 @@ print_tokens(FILE *fp) /* Record must begin with a header token. */ do { type = fgetc(fp); - } while(type != AU_HEADER_32_TOKEN); + } while(type != AUT_HEADER32); ungetc(type, fp); } diff --git a/bsm/Makefile b/bsm/Makefile deleted file mode 100644 index ba63701..0000000 --- a/bsm/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile#7 $ -# - -INCS= audit.h \ - audit_internal.h \ - audit_kevents.h \ - audit_record.h \ - audit_uevents.h \ - libbsm.h - -TARGET= ${DESTDIR}/usr/include/bsm - -all: -default: -depend: -clean: - -install: - mkdir -p -m 0755 ${TARGET} - install -o root -g wheel -m 0644 ${INCS} ${TARGET} - diff --git a/bsm/Makefile.am b/bsm/Makefile.am index 8287789..cad4115 100644 --- a/bsm/Makefile.am +++ b/bsm/Makefile.am @@ -1,15 +1,11 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#3 $ # openbsmdir = $(includedir)/bsm openbsm_HEADERS = \ - audit.h \ audit_filter.h \ - audit_internal.h \ - audit_kevents.h \ - audit_record.h \ audit_uevents.h \ libbsm.h diff --git a/bsm/Makefile.in b/bsm/Makefile.in index a5ae086..ed82a3b 100644 --- a/bsm/Makefile.in +++ b/bsm/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.in#5 $ +# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.in#8 $ # VPATH = @srcdir@ @@ -101,6 +101,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -169,11 +170,7 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ openbsmdir = $(includedir)/bsm openbsm_HEADERS = \ - audit.h \ audit_filter.h \ - audit_internal.h \ - audit_kevents.h \ - audit_record.h \ audit_uevents.h \ libbsm.h diff --git a/bsm/audit_uevents.h b/bsm/audit_uevents.h index 0493e31..03d0f9b 100644 --- a/bsm/audit_uevents.h +++ b/bsm/audit_uevents.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#7 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#8 $ */ #ifndef _BSM_AUDIT_UEVENTS_H_ diff --git a/bsm/libbsm.h b/bsm/libbsm.h index b1a9731..97b9530 100644 --- a/bsm/libbsm.h +++ b/bsm/libbsm.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#33 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#35 $ */ #ifndef _LIBBSM_H_ @@ -82,6 +82,7 @@ #define FLAGS_CONTROL_ENTRY "flags" #define NA_CONTROL_ENTRY "naflags" #define POLICY_CONTROL_ENTRY "policy" +#define AUDIT_HOST_CONTROL_ENTRY "host" #define AU_CLASS_NAME_MAX 8 #define AU_CLASS_DESC_MAX 72 @@ -764,6 +765,7 @@ int getacfilesz(size_t *size_val); int getacflg(char *auditstr, int len); int getacna(char *auditstr, int len); int getacpol(char *auditstr, size_t len); +int getachost(char *auditstr, size_t len); int getauditflagsbin(char *auditstr, au_mask_t *masks); int getauditflagschar(char *auditstr, au_mask_t *masks, int verbose); diff --git a/compat/clock_gettime.h b/compat/clock_gettime.h index fe6a806..ad9315f 100644 --- a/compat/clock_gettime.h +++ b/compat/clock_gettime.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/compat/clock_gettime.h#2 $ + * $P4: //depot/projects/trustedbsd/openbsm/compat/clock_gettime.h#3 $ */ /* diff --git a/compat/strlcat.h b/compat/strlcat.h index ba836f8..f10109b 100644 --- a/compat/strlcat.h +++ b/compat/strlcat.h @@ -1,4 +1,4 @@ -/* +/*- * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> * All rights reserved. * @@ -25,6 +25,7 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * dollar OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp dollar + * $P4: //depot/projects/trustedbsd/openbsm/compat/strlcat.h#3 $ */ /* diff --git a/compat/strlcpy.h b/compat/strlcpy.h new file mode 100644 index 0000000..2f6455d --- /dev/null +++ b/compat/strlcpy.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * dollar OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp dollar + * $P4: //depot/projects/trustedbsd/openbsm/compat/strlcpy.h#1 $ + */ + +/* + * Copy src to string dst of size siz. At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +static size_t +strlcpy(dst, src, siz) + char *dst; + const char *src; + size_t siz; +{ + char *d = dst; + const char *s = src; + size_t n = siz; + + /* Copy as many bytes as will fit */ + if (n != 0 && --n != 0) { + do { + if ((*d++ = *s++) == 0) + break; + } while (--n != 0); + } + + /* Not enough room in dst, add NUL and traverse rest of src */ + if (n == 0) { + if (siz != 0) + *d = '\0'; /* NUL-terminate dst */ + while (*s++) + ; + } + + return(s - src - 1); /* count does not include NUL */ +} diff --git a/config/config.h.in b/config/config.h.in index 46fe85b..5ac71ab 100644 --- a/config/config.h.in +++ b/config/config.h.in @@ -39,6 +39,12 @@ /* Define to 1 if you have the <inttypes.h> header file. */ #undef HAVE_INTTYPES_H +/* Define if ipc_perm._key instead of key */ +#undef HAVE_IPC_PERM__KEY + +/* Define if ipc_perm._seq instead of seq */ +#undef HAVE_IPC_PERM__SEQ + /* Define if ipc_perm.__key instead of key */ #undef HAVE_IPC_PERM___KEY @@ -89,6 +95,9 @@ /* Define to 1 if you have the `strlcat' function. */ #undef HAVE_STRLCAT +/* Define to 1 if you have the `strlcpy' function. */ +#undef HAVE_STRLCPY + /* Define to 1 if you have the `strrchr' function. */ #undef HAVE_STRRCHR @@ -168,6 +177,12 @@ /* Define to 1 if your <sys/time.h> declares `struct tm'. */ #undef TM_IN_SYS_TIME +/* Define if uses Mach IPC for Triggers messages */ +#undef USE_MACH_IPC + +/* Define to use native include files */ +#undef USE_NATIVE_INCLUDES + /* Version number of package */ #undef VERSION @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#35 . +# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#41 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for OpenBSM 1.0. +# Generated by GNU Autoconf 2.61 for OpenBSM 1.1alpha2. # # Report bugs to <trustedbsd-audit@TrustesdBSD.org>. # @@ -729,8 +729,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='OpenBSM' PACKAGE_TARNAME='openbsm' -PACKAGE_VERSION='1.0' -PACKAGE_STRING='OpenBSM 1.0' +PACKAGE_VERSION='1.1alpha2' +PACKAGE_STRING='OpenBSM 1.1alpha2' PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org' ac_unique_file="bin/auditreduce/auditreduce.c" @@ -812,6 +812,9 @@ target_alias MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT +USE_NATIVE_INCLUDES_TRUE +USE_NATIVE_INCLUDES_FALSE +MIG CC CFLAGS LDFLAGS @@ -880,6 +883,8 @@ am__fastdepCXX_FALSE LIBOBJS HAVE_AUDIT_SYSCALLS_TRUE HAVE_AUDIT_SYSCALLS_FALSE +USE_MACH_IPC_TRUE +USE_MACH_IPC_FALSE LTLIBOBJS' ac_subst_files='' ac_precious_vars='build_alias @@ -1399,7 +1404,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenBSM 1.0 to adapt to many kinds of systems. +\`configure' configures OpenBSM 1.1alpha2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1469,7 +1474,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenBSM 1.0:";; + short | recursive ) echo "Configuration of OpenBSM 1.1alpha2:";; esac cat <<\_ACEOF @@ -1489,6 +1494,8 @@ Optional Features: Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-native-includes Use the system native include files instead of those + included with openbsm. --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-pic try to use only PIC/non-PIC objects [default=use both] @@ -1573,7 +1580,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -OpenBSM configure 1.0 +OpenBSM configure 1.1alpha2 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1587,7 +1594,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenBSM $as_me 1.0, which was +It was created by OpenBSM $as_me 1.1alpha2, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2001,6 +2008,77 @@ fi +# --with-native-includes forces the use of the system bsm headers. + +# Check whether --with-native-includes was given. +if test "${with_native_includes+set}" = set; then + withval=$with_native_includes; + +cat >>confdefs.h <<\_ACEOF +#define USE_NATIVE_INCLUDES +_ACEOF + +use_native_includes=true + +else + use_native_includes=false +fi + + if $use_native_includes; then + USE_NATIVE_INCLUDES_TRUE= + USE_NATIVE_INCLUDES_FALSE='#' +else + USE_NATIVE_INCLUDES_TRUE='#' + USE_NATIVE_INCLUDES_FALSE= +fi + + +for ac_prog in mig +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_path_MIG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $MIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_MIG="$MIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_MIG="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + + ;; +esac +fi +MIG=$ac_cv_path_MIG +if test -n "$MIG"; then + { echo "$as_me:$LINENO: result: $MIG" >&5 +echo "${ECHO_T}$MIG" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$MIG" && break +done + + # Checks for programs. ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -3809,7 +3887,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 3812 "configure"' > conftest.$ac_ext + echo '#line 3890 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -6443,11 +6521,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6446: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6524: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6450: \$? = $ac_status" >&5 + echo "$as_me:6528: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6733,11 +6811,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6736: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6814: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:6740: \$? = $ac_status" >&5 + echo "$as_me:6818: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -6837,11 +6915,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:6840: $lt_compile\"" >&5) + (eval echo "\"\$as_me:6918: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:6844: \$? = $ac_status" >&5 + echo "$as_me:6922: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9186,7 +9264,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9189 "configure" +#line 9267 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -9286,7 +9364,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9289 "configure" +#line 9367 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11706,11 +11784,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11709: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11787: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:11713: \$? = $ac_status" >&5 + echo "$as_me:11791: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -11810,11 +11888,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:11813: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11891: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:11817: \$? = $ac_status" >&5 + echo "$as_me:11895: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -13372,11 +13450,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13375: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13453: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13379: \$? = $ac_status" >&5 + echo "$as_me:13457: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13476,11 +13554,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13479: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13557: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13483: \$? = $ac_status" >&5 + echo "$as_me:13561: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -15663,11 +15741,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15666: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15744: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15670: \$? = $ac_status" >&5 + echo "$as_me:15748: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15953,11 +16031,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15956: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16034: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15960: \$? = $ac_status" >&5 + echo "$as_me:16038: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16057,11 +16135,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16060: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16138: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16064: \$? = $ac_status" >&5 + echo "$as_me:16142: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -18998,7 +19076,7 @@ fi # Define the identity of the package. PACKAGE=OpenBSM - VERSION=1.0 + VERSION=1.1alpha2 cat >>confdefs.h <<_ACEOF @@ -20403,6 +20481,116 @@ _ACEOF fi +{ echo "$as_me:$LINENO: checking for struct ipc_perm._key" >&5 +echo $ECHO_N "checking for struct ipc_perm._key... $ECHO_C" >&6; } +if test "${ac_cv_member_struct_ipc_perm__key+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#include <sys/types.h> +#include <sys/ipc.h> + + +int +main () +{ +static struct ipc_perm ac_aggr; +if (ac_aggr._key) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_member_struct_ipc_perm__key=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#include <sys/types.h> +#include <sys/ipc.h> + + +int +main () +{ +static struct ipc_perm ac_aggr; +if (sizeof ac_aggr._key) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_member_struct_ipc_perm__key=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_member_struct_ipc_perm__key=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_ipc_perm__key" >&5 +echo "${ECHO_T}$ac_cv_member_struct_ipc_perm__key" >&6; } +if test $ac_cv_member_struct_ipc_perm__key = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_IPC_PERM__KEY +_ACEOF + +fi + + { echo "$as_me:$LINENO: checking for struct ipc_perm.__seq" >&5 echo $ECHO_N "checking for struct ipc_perm.__seq... $ECHO_C" >&6; } if test "${ac_cv_member_struct_ipc_perm___seq+set}" = set; then @@ -20513,6 +20701,116 @@ _ACEOF fi +{ echo "$as_me:$LINENO: checking for struct ipc_perm._seq" >&5 +echo $ECHO_N "checking for struct ipc_perm._seq... $ECHO_C" >&6; } +if test "${ac_cv_member_struct_ipc_perm__seq+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#include <sys/types.h> +#include <sys/ipc.h> + + +int +main () +{ +static struct ipc_perm ac_aggr; +if (ac_aggr._seq) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_member_struct_ipc_perm__seq=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#include <sys/types.h> +#include <sys/ipc.h> + + +int +main () +{ +static struct ipc_perm ac_aggr; +if (sizeof ac_aggr._seq) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_member_struct_ipc_perm__seq=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_member_struct_ipc_perm__seq=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_ipc_perm__seq" >&5 +echo "${ECHO_T}$ac_cv_member_struct_ipc_perm__seq" >&6; } +if test $ac_cv_member_struct_ipc_perm__seq = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_IPC_PERM__SEQ +_ACEOF + +fi + + { echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5 echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6; } if test "${ac_cv_header_time+set}" = set; then @@ -22503,7 +22801,8 @@ done -for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strrchr strstr strtol strtoul + +for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strlcpy strrchr strstr strtol strtoul do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 @@ -22732,7 +23031,50 @@ else fi -ac_config_files="$ac_config_files Makefile bin/Makefile bin/audit/Makefile bin/auditd/Makefile bin/auditfilterd/Makefile bin/auditreduce/Makefile bin/praudit/Makefile bsm/Makefile libbsm/Makefile modules/Makefile modules/auditfilter_noop/Makefile man/Makefile test/Makefile test/bsm/Makefile tools/Makefile" +# Check to see if Mach IPC is used for trigger messages. If so, use Mach IPC +# instead of the default for sending trigger messages to the audit components. +{ echo "$as_me:$LINENO: checking for /usr/include/mach/audit_triggers.defs" >&5 +echo $ECHO_N "checking for /usr/include/mach/audit_triggers.defs... $ECHO_C" >&6; } +if test "${ac_cv_file__usr_include_mach_audit_triggers_defs+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + test "$cross_compiling" = yes && + { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5 +echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} + { (exit 1); exit 1; }; } +if test -r "/usr/include/mach/audit_triggers.defs"; then + ac_cv_file__usr_include_mach_audit_triggers_defs=yes +else + ac_cv_file__usr_include_mach_audit_triggers_defs=no +fi +fi +{ echo "$as_me:$LINENO: result: $ac_cv_file__usr_include_mach_audit_triggers_defs" >&5 +echo "${ECHO_T}$ac_cv_file__usr_include_mach_audit_triggers_defs" >&6; } +if test $ac_cv_file__usr_include_mach_audit_triggers_defs = yes; then + + +cat >>confdefs.h <<\_ACEOF +#define USE_MACH_IPC +_ACEOF + +use_mach_ipc=true + +else + +use_mach_ipc=false + +fi + + if $use_mach_ipc; then + USE_MACH_IPC_TRUE= + USE_MACH_IPC_FALSE='#' +else + USE_MACH_IPC_TRUE='#' + USE_MACH_IPC_FALSE= +fi + + +ac_config_files="$ac_config_files Makefile bin/Makefile bin/audit/Makefile bin/auditd/Makefile bin/auditfilterd/Makefile bin/auditreduce/Makefile bin/praudit/Makefile bsm/Makefile libbsm/Makefile modules/Makefile modules/auditfilter_noop/Makefile man/Makefile sys/Makefile sys/bsm/Makefile test/Makefile test/bsm/Makefile tools/Makefile" cat >confcache <<\_ACEOF @@ -22838,6 +23180,13 @@ echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${USE_NATIVE_INCLUDES_TRUE}" && test -z "${USE_NATIVE_INCLUDES_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"USE_NATIVE_INCLUDES\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"USE_NATIVE_INCLUDES\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." >&5 @@ -22866,6 +23215,13 @@ echo "$as_me: error: conditional \"HAVE_AUDIT_SYSCALLS\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${USE_MACH_IPC_TRUE}" && test -z "${USE_MACH_IPC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"USE_MACH_IPC\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"USE_MACH_IPC\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi : ${CONFIG_STATUS=./config.status} ac_clean_files_save=$ac_clean_files @@ -23166,7 +23522,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by OpenBSM $as_me 1.0, which was +This file was extended by OpenBSM $as_me 1.1alpha2, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23219,7 +23575,7 @@ Report bugs to <bug-autoconf@gnu.org>." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -OpenBSM config.status 1.0 +OpenBSM config.status 1.1alpha2 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" @@ -23347,6 +23703,8 @@ do "modules/Makefile") CONFIG_FILES="$CONFIG_FILES modules/Makefile" ;; "modules/auditfilter_noop/Makefile") CONFIG_FILES="$CONFIG_FILES modules/auditfilter_noop/Makefile" ;; "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; + "sys/Makefile") CONFIG_FILES="$CONFIG_FILES sys/Makefile" ;; + "sys/bsm/Makefile") CONFIG_FILES="$CONFIG_FILES sys/bsm/Makefile" ;; "test/Makefile") CONFIG_FILES="$CONFIG_FILES test/Makefile" ;; "test/bsm/Makefile") CONFIG_FILES="$CONFIG_FILES test/bsm/Makefile" ;; "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;; @@ -23452,6 +23810,9 @@ target_alias!$target_alias$ac_delim MAINTAINER_MODE_TRUE!$MAINTAINER_MODE_TRUE$ac_delim MAINTAINER_MODE_FALSE!$MAINTAINER_MODE_FALSE$ac_delim MAINT!$MAINT$ac_delim +USE_NATIVE_INCLUDES_TRUE!$USE_NATIVE_INCLUDES_TRUE$ac_delim +USE_NATIVE_INCLUDES_FALSE!$USE_NATIVE_INCLUDES_FALSE$ac_delim +MIG!$MIG$ac_delim CC!$CC$ac_delim CFLAGS!$CFLAGS$ac_delim LDFLAGS!$LDFLAGS$ac_delim @@ -23506,9 +23867,6 @@ AMTAR!$AMTAR$ac_delim am__tar!$am__tar$ac_delim am__untar!$am__untar$ac_delim DEPDIR!$DEPDIR$ac_delim -am__include!$am__include$ac_delim -am__quote!$am__quote$ac_delim -AMDEP_TRUE!$AMDEP_TRUE$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then @@ -23550,6 +23908,9 @@ _ACEOF ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF +am__include!$am__include$ac_delim +am__quote!$am__quote$ac_delim +AMDEP_TRUE!$AMDEP_TRUE$ac_delim AMDEP_FALSE!$AMDEP_FALSE$ac_delim AMDEPBACKSLASH!$AMDEPBACKSLASH$ac_delim CCDEPMODE!$CCDEPMODE$ac_delim @@ -23561,10 +23922,12 @@ am__fastdepCXX_FALSE!$am__fastdepCXX_FALSE$ac_delim LIBOBJS!$LIBOBJS$ac_delim HAVE_AUDIT_SYSCALLS_TRUE!$HAVE_AUDIT_SYSCALLS_TRUE$ac_delim HAVE_AUDIT_SYSCALLS_FALSE!$HAVE_AUDIT_SYSCALLS_FALSE$ac_delim +USE_MACH_IPC_TRUE!$USE_MACH_IPC_TRUE$ac_delim +USE_MACH_IPC_FALSE!$USE_MACH_IPC_FALSE$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 12; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 17; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff --git a/configure.ac b/configure.ac index 83d692b7..1da42cd 100644 --- a/configure.ac +++ b/configure.ac @@ -2,13 +2,26 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([OpenBSM], [1.0], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) -AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#36 $]) +AC_INIT([OpenBSM], [1.1alpha2], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) +AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#42 $]) AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_HEADER([config/config.h]) AM_MAINTAINER_MODE +# --with-native-includes forces the use of the system bsm headers. +AC_ARG_WITH([native-includes], +[AS_HELP_STRING([--with-native-includes], +[Use the system native include files instead of those included with openbsm.])], +[ +AC_DEFINE(USE_NATIVE_INCLUDES,, Define to use native include files) +use_native_includes=true +], +[use_native_includes=false]) +AM_CONDITIONAL(USE_NATIVE_INCLUDES, $use_native_includes) + +AC_PATH_PROGS(MIG, mig) + # Checks for programs. AC_PROG_CC AC_PROG_INSTALL @@ -38,6 +51,13 @@ AC_CHECK_MEMBER([struct ipc_perm.__key], #include <sys/ipc.h> ]) +AC_CHECK_MEMBER([struct ipc_perm._key], +[AC_DEFINE(HAVE_IPC_PERM__KEY,, Define if ipc_perm._key instead of key)], +[],[ +#include <sys/types.h> +#include <sys/ipc.h> +]) + AC_CHECK_MEMBER([struct ipc_perm.__seq], [AC_DEFINE(HAVE_IPC_PERM___SEQ,, Define if ipc_perm.__seq instead of seq)], [],[ @@ -45,6 +65,13 @@ AC_CHECK_MEMBER([struct ipc_perm.__seq], #include <sys/ipc.h> ]) +AC_CHECK_MEMBER([struct ipc_perm._seq], +[AC_DEFINE(HAVE_IPC_PERM__SEQ,, Define if ipc_perm._seq instead of seq)], +[],[ +#include <sys/types.h> +#include <sys/ipc.h> +]) + AC_HEADER_TIME AC_STRUCT_TM @@ -56,7 +83,7 @@ AC_FUNC_MKTIME AC_TYPE_SIGNAL AC_FUNC_STAT AC_FUNC_STRFTIME -AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strrchr strstr strtol strtoul]) +AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strlcpy strrchr strstr strtol strtoul]) # sys/queue.h exists on most systems, but its capabilities vary a great deal. # test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in @@ -94,6 +121,16 @@ have_audit_syscalls=false ]) AM_CONDITIONAL(HAVE_AUDIT_SYSCALLS, $have_audit_syscalls) +# Check to see if Mach IPC is used for trigger messages. If so, use Mach IPC +# instead of the default for sending trigger messages to the audit components. +AC_CHECK_FILE([/usr/include/mach/audit_triggers.defs], [ +AC_DEFINE(USE_MACH_IPC,, Define if uses Mach IPC for Triggers messages) +use_mach_ipc=true +], [ +use_mach_ipc=false +]) +AM_CONDITIONAL(USE_MACH_IPC, $use_mach_ipc) + AC_CONFIG_FILES([Makefile bin/Makefile bin/audit/Makefile @@ -106,6 +143,8 @@ AC_CONFIG_FILES([Makefile modules/Makefile modules/auditfilter_noop/Makefile man/Makefile + sys/Makefile + sys/bsm/Makefile test/Makefile test/bsm/Makefile tools/Makefile]) diff --git a/etc/audit_event b/etc/audit_event index 6bd949f..9b528f1 100644 --- a/etc/audit_event +++ b/etc/audit_event @@ -1,7 +1,7 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#26 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#30 $ # -# The mapping between event identifiers and values is also hard-codedd in +# The mapping between event identifiers and values is also hard-coded in # audit_kevents.h and audit_uevents.h, so changes must occur in both places, # and programs, such as the kernel, may need to be recompiled to recognize # those changes. It is advisable not to change the numbering or naming of @@ -276,9 +276,10 @@ 298:AUE_PF_POLICY_FLIP:Flip IPsec policy:ad 299:AUE_PF_POLICY_FLUSH:Flush IPsec policy rules:ad 300:AUE_PF_POLICY_ALGS:Update IPsec algorithms:ad +301:AUE_PORTFS:portfs:fa # -# What follows are deprecated Darwin event numbers that may soon conflict -# with Solaris events. +# What follows are deprecated Darwin event numbers that may soon^H^H^H^Hnow +# conflict with Solaris events. # 301:AUE_DARWIN_GETFSSTAT:getfsstat(2):fa 302:AUE_DARWIN_PTRACE:ptrace(2):pc @@ -496,6 +497,43 @@ 43150:AUE_MKNODAT:mknodat(2):fc 43151:AUE_READLINKAT:readlinkat(2):fr 43152:AUE_SYMLINKAT:symlinkat(2):fc +43153:AUE_MAC_GETFSSTAT:mac_getfsstat(2):fa +43154:AUE_MAC_GET_MOUNT:mac_get_mount(2):fa +43155:AUE_MAC_GET_LCID:mac_get_lcid(2):pc +43156:AUE_MAC_GET_LCTX:mac_get_lctx(2):pc +43157:AUE_MAC_SET_LCTX:mac_set_lctx(2):pc +43158:AUE_MAC_MOUNT:mac_mount(2):ad +43159:AUE_GETLCID:getlcid(2):pc +43160:AUE_SETLCID:setlcid(2):pc +43161:AUE_TASKNAMEFORPID:taskname_for_pid():pc +43162:AUE_ACCESS_EXTENDED:access_extended(2):fa +43163:AUE_CHMOD_EXTENDED:chmod_extended(2):fm +43164:AUE_FCHMOD_EXTENDED:fchmod_extended(2):fm +43165:AUE_FSTAT_EXTENDED:fstat_extended(2):fa +43166:AUE_LSTAT_EXTENDED:lstat_extended(2):fa +43167:AUE_MKDIR_EXTENDED:mkdir_extended(2):fc +43168:AUE_MKFIFO_EXTENDED:mkfifo_extended(2):fc +43169:AUE_OPEN_EXTENDED:open_extended(2) - attr only:fa +43170:AUE_OPEN_EXTENDED_R:open_extended(2) - read:fr +43171:AUE_OPEN_EXTENDED_RC:open_extended(2) - read,creat:fc,fr,fa,fm +43172:AUE_OPEN_EXTENDED_RT:open_extended(2) - read,trunc:fd,fr,fa,fm +43173:AUE_OPEN_EXTENDED_RTC:open_extended(2) - read,creat,trunc:fc,fd,fr,fa,fm +43174:AUE_OPEN_EXTENDED_W:open_extended(2) - write:fw +43175:AUE_OPEN_EXTENDED_WC:open_extended(2) - write,creat:fc,fw,fa,fm +43176:AUE_OPEN_EXTENDED_WT:open_extended(2) - write,trunc:fd,fw,fa,fm +43177:AUE_OPEN_EXTENDED_WTC:open_extended(2) - write,creat,trunc:fc,fd,fw,fa,fm +43178:AUE_OPEN_EXTENDED_RW:open_extended(2) - read,write:fr,fw +43179:AUE_OPEN_EXTENDED_RWC:open_extended(2) - read,write,creat:fc,fw,fr,fa,fm +43180:AUE_OPEN_EXTENDED_RWT:open_extended(2) - read,write,trunc:fd,fr,fw,fa,fm +43181:AUE_OPEN_EXTENDED_RWTC:open_extended(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm +43182:AUE_STAT_EXTENDED:stat_extended(2):fa +43183:AUE_UMASK_EXTENDED:umask_extended(2):pc +43184:AUE_OPENAT:openat(2) - attr only:fa +43185:AUE_POSIX_OPENPT:posix_openpt(2):ip +43186:AUE_CAP_NEW:cap_new(2):fm +43187:AUE_CAP_GETRIGHTS:cap_getrights(2):fm +43188:AUE_CAP_ENTER:cap_enter(2):pc +43189:AUE_CAP_GETMODE:cap_getmode(2):pc # # User space system events. # diff --git a/libbsm/Makefile b/libbsm/Makefile deleted file mode 100644 index 00534aa..0000000 --- a/libbsm/Makefile +++ /dev/null @@ -1,125 +0,0 @@ -# -# OpenBSM libbsm -# -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile#13 $ -# - -LIB= bsm -SHLIB_MAJOR= 1 - -CFLAGS+=-I- \ - -I .. \ - -Wall - -SRCS= bsm_audit.c \ - bsm_class.c \ - bsm_control.c \ - bsm_event.c \ - bsm_flags.c \ - bsm_io.c \ - bsm_mask.c \ - bsm_notify.c \ - bsm_token.c \ - bsm_user.c \ - bsm_wrappers.c - -MAN= libbsm.3 \ - au_class.3 \ - au_control.3 \ - au_event.3 \ - au_free_token.3 \ - au_io.3 \ - au_mask.3 \ - au_token.3 \ - au_user.3 - -MLINKS= libbsm.3 bsm.3 \ - au_class.3 getauclassent.3 \ - au_class.3 getauclassent_r.3 \ - au_class.3 getauclassnam.3 \ - au_class.3 getauclassnam_r.3 \ - au_class.3 setauclass.3 \ - au_class.3 endauclass.3 \ - au_control.3 setac.3 \ - au_control.3 endac.3 \ - au_control.3 getacdir.3 \ - au_control.3 getacmin.3 \ - au_control.3 getacflg.3 \ - au_control.3 getacna.3 \ - au_event.3 setauevent.3 \ - au_event.3 endauevent.3 \ - au_event.3 getauevent.3 \ - au_event.3 getauevent_r.3 \ - au_event.3 getauevnam.3 \ - au_event.3 getauevnam_r.3 \ - au_event.3 getauevnum.3 \ - au_event.3 getauevnum_r.3 \ - au_event.3 getauevnonam.3 \ - au_event.3 getauevnonam_r.3 \ - au_io.3 au_fetch_tok.3 \ - au_io.3 au_print_tok.3 \ - au_io.3 au_read_rec.3 \ - au_mask.3 au_preselect.3 \ - au_mask.3 getauditflagsbin.3 \ - au_mask.3 getauditflagschar.3 \ - au_user.3 setauuser.3 \ - au_user.3 endauuser.3 \ - au_user.3 getauuserent.3 \ - au_user.3 getauusernam.3 \ - au_user.3 au_user_mask.3 \ - au_user.3 getfauditflags.3 \ - au_token.3 au_to_arg32.3 \ - au_token.3 au_to_arg64.3 \ - au_token.3 au_to_arg.3 \ - au_token.3 au_to_attr64.3 \ - au_token.3 au_to_data.3 \ - au_token.3 au_to_exit.3 \ - au_token.3 au_to_groups.3 \ - au_token.3 au_to_newgroups.3 \ - au_token.3 au_to_in_addr.3 \ - au_token.3 au_to_in_addr_ex.3 \ - au_token.3 au_to_ip.3 \ - au_token.3 au_to_ipc.3 \ - au_token.3 au_to_ipc_perm.3 \ - au_token.3 au_to_iport.3 \ - au_token.3 au_to_opaque.3 \ - au_token.3 au_to_file.3 \ - au_token.3 au_to_text.3 \ - au_token.3 au_to_path.3 \ - au_token.3 au_to_process32.3 \ - au_token.3 au_to_process64.3 \ - au_token.3 au_to_process.3 \ - au_token.3 au_to_process32_ex.3 \ - au_token.3 au_to_process64_ex.3 \ - au_token.3 au_to_process_ex.3 \ - au_token.3 au_to_return32.3 \ - au_token.3 au_to_return64.3 \ - au_token.3 au_to_return.3 \ - au_token.3 au_to_seq.3 \ - au_token.3 au_to_socket.3 \ - au_token.3 au_to_socket_ex_32.3 \ - au_token.3 au_to_socket_ex_128.3 \ - au_token.3 au_to_sock_inet32.3 \ - au_token.3 au_to_sock_inet128.3 \ - au_token.3 au_to_sock_inet.3 \ - au_token.3 au_to_subject32.3 \ - au_token.3 au_to_subject64.3 \ - au_token.3 au_to_subject.3 \ - au_token.3 au_to_subject32_ex.3 \ - au_token.3 au_to_subject64_ex.3 \ - au_token.3 au_to_subject_ex.3 \ - au_token.3 au_to_me.3 \ - au_token.3 au_to_exec_args.3 \ - au_token.3 au_to_exec_env.3 \ - au_token.3 au_to_header.3 \ - au_token.3 au_to_header32.3 \ - au_token.3 au_to_header64.3 \ - au_token.3 au_to_trailer.3 - -beforeinstall: - if test -d ${INCSDIR}; then \ - else \ - mkdir ${INCSDIR}; \ - fi; - -.include <bsd.lib.mk> diff --git a/libbsm/Makefile.am b/libbsm/Makefile.am index 5e4a317..d4e31fe 100644 --- a/libbsm/Makefile.am +++ b/libbsm/Makefile.am @@ -1,8 +1,12 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#3 $ +# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#5 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif lib_LTLIBRARIES = libbsm.la diff --git a/libbsm/Makefile.in b/libbsm/Makefile.in index d9da623..dd09ce0 100644 --- a/libbsm/Makefile.in +++ b/libbsm/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#5 $ +# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#9 $ # VPATH = @srcdir@ @@ -129,6 +129,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -195,7 +196,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) lib_LTLIBRARIES = libbsm.la libbsm_la_SOURCES = bsm_audit.c bsm_class.c bsm_control.c bsm_event.c \ bsm_flags.c bsm_io.c bsm_mask.c bsm_token.c bsm_user.c \ diff --git a/libbsm/au_class.3 b/libbsm/au_class.3 index d270b52..a3f200f 100644 --- a/libbsm/au_class.3 +++ b/libbsm/au_class.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_class.3#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_class.3#7 $ .\" .Dd April 19, 2005 .Dt AU_CLASS 3 diff --git a/libbsm/au_free_token.3 b/libbsm/au_free_token.3 index 7ce109a..223d50a 100644 --- a/libbsm/au_free_token.3 +++ b/libbsm/au_free_token.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" Copyright (c) 2005 Robert N. M. Watson .\" All rights reserved. .\" @@ -11,7 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -27,7 +27,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#7 $ .\" .Dd April 19, 2005 .Dt AU_FREE_TOKEN 3 diff --git a/libbsm/au_token.3 b/libbsm/au_token.3 index e4ea65f..cb8ef70 100644 --- a/libbsm/au_token.3 +++ b/libbsm/au_token.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#13 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#15 $ .\" .Dd April 19, 2005 .Dt AU_TOKEN 3 @@ -72,6 +72,8 @@ .Nm au_to_header , .Nm au_to_header32 , .Nm au_to_header64 , +.Nm au_to_header_ex , +.Nm au_to_header32_ex , .Nm au_to_trailer , .Nm au_to_zonename .Nd "routines for generating BSM audit tokens" @@ -80,11 +82,11 @@ .Sh SYNOPSIS .In bsm/libbsm.h .Ft "token_t *" -.Fn au_to_arg32 "char n" "char *text" "u_int32_t v" +.Fn au_to_arg32 "char n" "const char *text" "u_int32_t v" .Ft "token_t *" -.Fn au_to_arg64 "char n" "char *text" "u_int64_t v" +.Fn au_to_arg64 "char n" "const char *text" "u_int64_t v" .Ft "token_t *" -.Fn au_to_arg "char n" "char *text" "u_int32_t v" +.Fn au_to_arg "char n" "const char *text" "u_int32_t v" .Ft "token_t *" .Fn au_to_attr32 "struct vattr *attr" .Ft "token_t *" @@ -92,7 +94,7 @@ .Ft "token_t *" .Fn au_to_attr "struct vattr *attr" .Ft "token_t *" -.Fn au_to_data "char unit_print" "char unit_type" "char unit_count" "char *p" +.Fn au_to_data "char unit_print" "char unit_type" "char unit_count" "const char *p" .Ft "token_t *" .Fn au_to_exit "int retval" "int err" .Ft "token_t *" @@ -112,13 +114,13 @@ .Ft "token_t *" .Fn au_to_iport "u_int16_t iport" .Ft "token_t *" -.Fn au_to_opaque "char *data" "u_int16_t bytes" +.Fn au_to_opaque "const char *data" "u_int16_t bytes" .Ft "token_t *" -.Fn au_to_file "char *file" "struct timeval tm" +.Fn au_to_file "const char *file" "struct timeval tm" .Ft "token_t *" -.Fn au_to_text "char *text" +.Fn au_to_text "const char *text" .Ft "token_t *" -.Fn au_to_path "char *text" +.Fn au_to_path "const char *text" .Ft "token_t *" .Fo au_to_process32 .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" @@ -196,9 +198,13 @@ .Ft "token_t *" .Fn au_to_header64 "int rec_size" "au_event_t e_type" "au_emod_t e_mod" .Ft "token_t *" +.Fn au_to_header_ex "int rec_size" "au_event_t e_type" "au_emod_t e_mod" +.Ft "token_t *" +.Fn au_to_header32_ex "int rec_size" "au_event_t e_type" "au_emod_t e_mod" +.Ft "token_t *" .Fn au_to_trailer "int rec_size" .Ft "token_t *" -.Fn au_to_zonename "char *zonename" +.Fn au_to_zonename "const char *zonename" .Sh DESCRIPTION These interfaces support the allocation of BSM audit tokens, represented by .Vt token_t , diff --git a/libbsm/audit_submit.3 b/libbsm/audit_submit.3 index 609468c..6a61d99 100644 --- a/libbsm/audit_submit.3 +++ b/libbsm/audit_submit.3 @@ -27,9 +27,9 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#12 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#14 $ .\" -.Dd May 29, 2006 +.Dd January 18, 2008 .Dt audit_submit 3 .Os .Sh NAME @@ -53,7 +53,7 @@ return token, and a trailer. The header will contain the event class specified by .Fa au_event . The subject token will be generated based on -.Fa au_ctx . +.Fa auid . The return token is dependent on the .Fa status and diff --git a/libbsm/bsm_audit.c b/libbsm/bsm_audit.c index 2f6df41..2fd9466 100644 --- a/libbsm/bsm_audit.c +++ b/libbsm/bsm_audit.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#28 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#31 $ */ #include <sys/types.h> @@ -45,6 +45,8 @@ #include <bsm/audit_internal.h> #include <bsm/libbsm.h> +#include <netinet/in.h> + #include <errno.h> #include <pthread.h> #include <stdlib.h> @@ -204,12 +206,55 @@ static int au_assemble(au_record_t *rec, short event) { token_t *header, *tok, *trailer; - size_t tot_rec_size; + size_t tot_rec_size, hdrsize; u_char *dptr; + struct in6_addr *aptr; int error; + struct auditinfo_addr aia; + struct timeval tm; - tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; - header = au_to_header32(tot_rec_size, event, 0); +#ifdef HAVE_AUDIT_SYSCALLS + /* + * Grab the size of the address family stored in the kernel's audit + * state. + */ + aia.ai_termid.at_type = AU_IPv4; + aia.ai_termid.at_addr[0] = INADDR_ANY; + if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) { + if (errno != ENOSYS) + return (-1); +#endif /* HAVE_AUDIT_SYSCALLS */ + tot_rec_size = rec->len + AUDIT_HEADER_SIZE + + AUDIT_TRAILER_SIZE; + header = au_to_header(tot_rec_size, event, 0); +#ifdef HAVE_AUDIT_SYSCALLS + } else { + if (gettimeofday(&tm, NULL) < 0) + return (-1); + switch (aia.ai_termid.at_type) { + case AU_IPv4: + hdrsize = (aia.ai_termid.at_addr[0] == INADDR_ANY) ? + AUDIT_HEADER_SIZE : AUDIT_HEADER_EX_SIZE(&aia); + break; + case AU_IPv6: + aptr = (struct in6_addr *)&aia.ai_termid.at_addr[0]; + hdrsize = + (IN6_IS_ADDR_UNSPECIFIED(aptr)) ? + AUDIT_HEADER_SIZE : AUDIT_HEADER_EX_SIZE(&aia); + break; + } + tot_rec_size = rec->len + hdrsize + AUDIT_TRAILER_SIZE; + /* + * A header size greater then AUDIT_HEADER_SIZE means + * that we are using an extended header. + */ + if (hdrsize > AUDIT_HEADER_SIZE) + header = au_to_header32_ex_tm(tot_rec_size, event, + 0, tm, &aia); + else + header = au_to_header(tot_rec_size, event, 0); + } +#endif /* HAVE_AUDIT_SYSCALLS */ if (header == NULL) return (-1); @@ -285,7 +330,7 @@ au_close(int d, int keep, short event) goto cleanup; } - tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; + tot_rec_size = rec->len + MAX_AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; if (tot_rec_size > MAX_AUDIT_RECORD_SIZE) { /* @@ -335,7 +380,7 @@ au_close_buffer(int d, short event, u_char *buffer, size_t *buflen) } retval = 0; - tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; + tot_rec_size = rec->len + MAX_AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; if ((tot_rec_size > MAX_AUDIT_RECORD_SIZE) || (tot_rec_size > *buflen)) { /* diff --git a/libbsm/bsm_class.c b/libbsm/bsm_class.c index 5982d7e..0acfed4 100644 --- a/libbsm/bsm_class.c +++ b/libbsm/bsm_class.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * @@ -27,9 +27,11 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_class.c#11 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_class.c#14 $ */ +#include <config/config.h> + #include <bsm/libbsm.h> #include <string.h> @@ -37,6 +39,10 @@ #include <stdio.h> #include <stdlib.h> +#ifndef HAVE_STRLCPY +#include <compat/strlcpy.h> +#endif + /* * Parse the contents of the audit_class file to return struct au_class_ent * entries. @@ -70,15 +76,14 @@ classfromstr(char *str, struct au_class_ent *c) */ if (strlen(classname) >= AU_CLASS_NAME_MAX) return (NULL); - - strcpy(c->ac_name, classname); + strlcpy(c->ac_name, classname, AU_CLASS_NAME_MAX); /* * Check for very large class description. */ if (strlen(classdesc) >= AU_CLASS_DESC_MAX) return (NULL); - strcpy(c->ac_desc, classdesc); + strlcpy(c->ac_desc, classdesc, AU_CLASS_DESC_MAX); c->ac_class = strtoul(classflag, (char **) NULL, 0); return (c); diff --git a/libbsm/bsm_control.c b/libbsm/bsm_control.c index dd901b7..96cbc23 100644 --- a/libbsm/bsm_control.c +++ b/libbsm/bsm_control.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -27,9 +27,11 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#16 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#23 $ */ +#include <config/config.h> + #include <bsm/libbsm.h> #include <errno.h> @@ -38,10 +40,12 @@ #include <stdio.h> #include <stdlib.h> -#include <config/config.h> #ifndef HAVE_STRLCAT #include <compat/strlcat.h> #endif +#ifndef HAVE_STRLCPY +#include <compat/strlcpy.h> +#endif /* * Parse the contents of the audit_control file to return the audit control @@ -363,11 +367,11 @@ getacdir(char *name, int len) pthread_mutex_unlock(&mutex); return (-1); } - if (strlen(dir) >= len) { + if (strlen(dir) >= (size_t)len) { pthread_mutex_unlock(&mutex); return (-3); } - strcpy(name, dir); + strlcpy(name, dir, len); pthread_mutex_unlock(&mutex); return (ret); } @@ -453,11 +457,11 @@ getacflg(char *auditstr, int len) pthread_mutex_unlock(&mutex); return (1); } - if (strlen(str) >= len) { + if (strlen(str) >= (size_t)len) { pthread_mutex_unlock(&mutex); return (-3); } - strcpy(auditstr, str); + strlcpy(auditstr, str, len); pthread_mutex_unlock(&mutex); return (0); } @@ -480,11 +484,12 @@ getacna(char *auditstr, int len) pthread_mutex_unlock(&mutex); return (1); } - if (strlen(str) >= len) { + if (strlen(str) >= (size_t)len) { pthread_mutex_unlock(&mutex); return (-3); } - strcpy(auditstr, str); + strlcpy(auditstr, str, len); + pthread_mutex_unlock(&mutex); return (0); } @@ -510,6 +515,30 @@ getacpol(char *auditstr, size_t len) pthread_mutex_unlock(&mutex); return (-3); } + strlcpy(auditstr, str, len); + pthread_mutex_unlock(&mutex); + return (0); +} + +int +getachost(char *auditstr, size_t len) +{ + char *str; + + pthread_mutex_lock(&mutex); + setac_locked(); + if (getstrfromtype_locked(AUDIT_HOST_CONTROL_ENTRY, &str) < 0) { + pthread_mutex_unlock(&mutex); + return (-2); + } + if (str == NULL) { + pthread_mutex_unlock(&mutex); + return (1); + } + if (strlen(str) >= len) { + pthread_mutex_unlock(&mutex); + return (-3); + } strcpy(auditstr, str); pthread_mutex_unlock(&mutex); return (0); diff --git a/libbsm/bsm_event.c b/libbsm/bsm_event.c index 092d176..695e617c 100644 --- a/libbsm/bsm_event.c +++ b/libbsm/bsm_event.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -27,9 +27,11 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_event.c#13 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_event.c#16 $ */ +#include <config/config.h> + #include <bsm/libbsm.h> #include <string.h> @@ -37,6 +39,11 @@ #include <stdio.h> #include <stdlib.h> +#ifndef HAVE_STRLCPY +#include <compat/strlcpy.h> +#endif + + /* * Parse the contents of the audit_event file to return * au_event_ent entries @@ -68,13 +75,13 @@ eventfromstr(char *str, struct au_event_ent *e) if (strlen(evname) >= AU_EVENT_NAME_MAX) return (NULL); - strcpy(e->ae_name, evname); + strlcpy(e->ae_name, evname, AU_EVENT_NAME_MAX); if (evdesc != NULL) { if (strlen(evdesc) >= AU_EVENT_DESC_MAX) return (NULL); - strcpy(e->ae_desc, evdesc); + strlcpy(e->ae_desc, evdesc, AU_EVENT_DESC_MAX); } else - strcpy(e->ae_desc, ""); + strlcpy(e->ae_desc, "", AU_EVENT_DESC_MAX); e->ae_number = atoi(evno); diff --git a/libbsm/bsm_flags.c b/libbsm/bsm_flags.c index e514c86..c87ae84 100644 --- a/libbsm/bsm_flags.c +++ b/libbsm/bsm_flags.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -27,15 +27,21 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_flags.c#13 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_flags.c#16 $ */ +#include <config/config.h> + #include <bsm/libbsm.h> #include <errno.h> #include <stdio.h> #include <string.h> +#ifndef HAVE_STRLCPY +#include <compat/strlcpy.h> +#endif + static const char *flagdelim = ","; /* @@ -157,10 +163,10 @@ getauditflagschar(char *auditstr, au_mask_t *masks, int verbose) if (sel != 0) { if (verbose) { - strcpy(strptr, c.ac_desc); + strlcpy(strptr, c.ac_desc, AU_CLASS_DESC_MAX); strptr += strlen(c.ac_desc); } else { - strcpy(strptr, c.ac_name); + strlcpy(strptr, c.ac_name, AU_CLASS_NAME_MAX); strptr += strlen(c.ac_name); } *strptr = ','; /* delimiter */ diff --git a/libbsm/bsm_io.c b/libbsm/bsm_io.c index 29fdc87..989fd8b 100644 --- a/libbsm/bsm_io.c +++ b/libbsm/bsm_io.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * Copyright (c) 2006 Robert N. M. Watson * Copyright (c) 2006 Martin Voros @@ -32,7 +32,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#50 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#55 $ */ #include <sys/types.h> @@ -77,48 +77,48 @@ #include <bsm/audit_internal.h> #define READ_TOKEN_BYTES(buf, len, dest, size, bytesread, err) do { \ - if (bytesread + size > len) { \ - err = 1; \ + if ((bytesread) + (size) > (u_int32_t)(len)) { \ + (err) = 1; \ } else { \ - memcpy(dest, buf + bytesread, size); \ + memcpy((dest), (buf) + (bytesread), (size)); \ bytesread += size; \ } \ } while (0) #define READ_TOKEN_U_CHAR(buf, len, dest, bytesread, err) do { \ - if (bytesread + sizeof(u_char) <= len) { \ - dest = buf[bytesread]; \ - bytesread += sizeof(u_char); \ + if ((bytesread) + sizeof(u_char) <= (u_int32_t)(len)) { \ + (dest) = buf[(bytesread)]; \ + (bytesread) += sizeof(u_char); \ } else \ - err = 1; \ + (err) = 1; \ } while (0) #define READ_TOKEN_U_INT16(buf, len, dest, bytesread, err) do { \ - if (bytesread + sizeof(u_int16_t) <= len) { \ - dest = be16dec(buf + bytesread); \ - bytesread += sizeof(u_int16_t); \ + if ((bytesread) + sizeof(u_int16_t) <= (u_int32_t)(len)) { \ + (dest) = be16dec((buf) + (bytesread)); \ + (bytesread) += sizeof(u_int16_t); \ } else \ - err = 1; \ + (err) = 1; \ } while (0) #define READ_TOKEN_U_INT32(buf, len, dest, bytesread, err) do { \ - if (bytesread + sizeof(u_int32_t) <= len) { \ - dest = be32dec(buf + bytesread); \ - bytesread += sizeof(u_int32_t); \ + if ((bytesread) + sizeof(u_int32_t) <= (u_int32_t)(len)) { \ + (dest) = be32dec((buf) + (bytesread)); \ + (bytesread) += sizeof(u_int32_t); \ } else \ - err = 1; \ + (err) = 1; \ } while (0) #define READ_TOKEN_U_INT64(buf, len, dest, bytesread, err) do { \ - if (bytesread + sizeof(u_int64_t) <= len) { \ - dest = be64dec(buf + bytesread); \ - bytesread += sizeof(u_int64_t); \ + if ((bytesread) + sizeof(u_int64_t) <= (u_int32_t)(len)) { \ + dest = be64dec((buf) + (bytesread)); \ + (bytesread) += sizeof(u_int64_t); \ } else \ - err = 1; \ + (err) = 1; \ } while (0) #define SET_PTR(buf, len, ptr, size, bytesread, err) do { \ - if ((bytesread) + (size) > (len)) \ + if ((bytesread) + (size) > (u_int32_t)(len)) \ (err) = 1; \ else { \ (ptr) = (buf) + (bytesread); \ @@ -188,7 +188,7 @@ print_8_bytes(FILE *fp, u_int64_t val, const char *format) static void print_mem(FILE *fp, u_char *data, size_t len) { - int i; + u_int32_t i; if (len > 0) { fprintf(fp, "0x"); @@ -203,7 +203,7 @@ print_mem(FILE *fp, u_char *data, size_t len) static void print_string(FILE *fp, const char *str, size_t len) { - int i; + u_int32_t i; if (len > 0) { for (i = 0; i < len; i++) { @@ -996,12 +996,10 @@ print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, open_attr(fp, "modifier"); print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw); close_attr(fp); - /* - * No attribute for additional types. - * + open_attr(fp, "host"); print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, tok->tt.hdr32_ex.addr); - */ + close_attr(fp); open_attr(fp, "time"); print_sec32(fp, tok->tt.hdr32_ex.s, raw); close_attr(fp); @@ -1188,12 +1186,10 @@ print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, open_attr(fp, "modifier"); print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw); close_attr(fp); - /* - * No attribute for additional types. - * + open_attr(fp, "host"); print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, tok->tt.hdr64_ex.addr); - */ + close_attr(fp); open_attr(fp, "time"); print_sec64(fp, tok->tt.hdr64_ex.s, raw); close_attr(fp); @@ -1478,7 +1474,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, size = AUR_BYTE_SIZE; if (xml) { open_attr(fp, "type"); - fprintf(fp, "%u", size); + fprintf(fp, "%zu", size); close_attr(fp); open_attr(fp, "count"); print_1_byte(fp, tok->tt.arb.uc, "%u"); @@ -1504,7 +1500,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, size = AUR_SHORT_SIZE; if (xml) { open_attr(fp, "type"); - fprintf(fp, "%u", size); + fprintf(fp, "%zu", size); close_attr(fp); open_attr(fp, "count"); print_1_byte(fp, tok->tt.arb.uc, "%u"); @@ -1533,7 +1529,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, size = AUR_INT32_SIZE; if (xml) { open_attr(fp, "type"); - fprintf(fp, "%u", size); + fprintf(fp, "%zu", size); close_attr(fp); open_attr(fp, "count"); print_1_byte(fp, tok->tt.arb.uc, "%u"); @@ -1561,7 +1557,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, size = AUR_INT64_SIZE; if (xml) { open_attr(fp, "type"); - fprintf(fp, "%u", size); + fprintf(fp, "%zu", size); close_attr(fp); open_attr(fp, "count"); print_1_byte(fp, tok->tt.arb.uc, "%u"); @@ -1803,7 +1799,7 @@ static int fetch_execarg_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; - int i; + u_int32_t i; u_char *bptr; READ_TOKEN_U_INT32(buf, len, tok->tt.execarg.count, tok->len, err); @@ -1817,7 +1813,7 @@ fetch_execarg_tok(tokenstr_t *tok, u_char *buf, int len) /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { - if (++tok->len >=len) + if (++tok->len >= (u_int32_t)len) return (-1); bptr = buf + tok->len; } @@ -1835,7 +1831,7 @@ static void print_execarg_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, __unused char sfrm, int xml) { - int i; + u_int32_t i; print_tok_type(fp, tok->id, "exec arg", raw, xml); for (i = 0; i < tok->tt.execarg.count; i++) { @@ -1862,7 +1858,7 @@ static int fetch_execenv_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; - int i; + u_int32_t i; u_char *bptr; READ_TOKEN_U_INT32(buf, len, tok->tt.execenv.count, tok->len, err); @@ -1876,7 +1872,7 @@ fetch_execenv_tok(tokenstr_t *tok, u_char *buf, int len) /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { - if (++tok->len >=len) + if (++tok->len >= (u_int32_t)len) return (-1); bptr = buf + tok->len; } @@ -1894,7 +1890,7 @@ static void print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, __unused char sfrm, int xml) { - int i; + u_int32_t i; print_tok_type(fp, tok->id, "exec env", raw, xml); for (i = 0; i< tok->tt.execenv.count; i++) { @@ -3817,7 +3813,7 @@ print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_ip_address(fp, tok->tt.socket_ex32.r_addr); close_attr(fp); open_attr(fp, "fport"); - print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x"); + print_2_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x"); close_attr(fp); close_tag(fp, tok->id); } else { diff --git a/libbsm/bsm_mask.c b/libbsm/bsm_mask.c index 4914dd3..07d3da3 100644 --- a/libbsm/bsm_mask.c +++ b/libbsm/bsm_mask.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * Copyright (c) 2005 Robert N. M. Watson * All rights reserved. * @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -27,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_mask.c#13 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_mask.c#14 $ */ #include <sys/types.h> diff --git a/libbsm/bsm_notify.c b/libbsm/bsm_notify.c index e7d3ea2..72458aa 100644 --- a/libbsm/bsm_notify.c +++ b/libbsm/bsm_notify.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#13 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#15 $ */ /* @@ -165,7 +165,7 @@ cannot_audit(int val __unused) #ifdef __APPLE__ return (!(au_get_state() == AUC_AUDITING)); #else - unsigned long au_cond; + long au_cond; if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { if (errno != ENOSYS) { diff --git a/libbsm/bsm_token.c b/libbsm/bsm_token.c index c660895..f9692d1 100644 --- a/libbsm/bsm_token.c +++ b/libbsm/bsm_token.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004-2008 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * @@ -14,7 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#63 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#72 $ */ #include <sys/types.h> @@ -87,7 +87,7 @@ memset((dptr), 0, (length)); \ } else \ (dptr) = NULL; \ - assert(t == NULL || dptr != NULL); \ + assert((t) == NULL || (dptr) != NULL); \ } while (0) /* @@ -98,7 +98,7 @@ * text N bytes + 1 terminating NULL byte */ token_t * -au_to_arg32(char n, char *text, u_int32_t v) +au_to_arg32(char n, const char *text, u_int32_t v) { token_t *t; u_char *dptr = NULL; @@ -119,11 +119,10 @@ au_to_arg32(char n, char *text, u_int32_t v) ADD_STRING(dptr, text, textlen); return (t); - } token_t * -au_to_arg64(char n, char *text, u_int64_t v) +au_to_arg64(char n, const char *text, u_int64_t v) { token_t *t; u_char *dptr = NULL; @@ -144,11 +143,10 @@ au_to_arg64(char n, char *text, u_int64_t v) ADD_STRING(dptr, text, textlen); return (t); - } token_t * -au_to_arg(char n, char *text, u_int32_t v) +au_to_arg(char n, const char *text, u_int32_t v) { return (au_to_arg32(n, text, v)); @@ -180,8 +178,8 @@ au_to_attr32(struct vnode_au_info *vni) ADD_U_CHAR(dptr, AUT_ATTR32); /* - * Darwin defines the size for the file mode - * as 2 bytes; BSM defines 4 so pad with 0 + * Darwin defines the size for the file mode as 2 bytes; BSM defines + * 4 so pad with 0. */ ADD_U_INT16(dptr, pad0_16); ADD_U_INT16(dptr, vni->vn_mode); @@ -191,7 +189,7 @@ au_to_attr32(struct vnode_au_info *vni) ADD_U_INT32(dptr, vni->vn_fsid); /* - * Some systems use 32-bit file ID's, other's use 64-bit file IDs. + * Some systems use 32-bit file ID's, others use 64-bit file IDs. * Attempt to handle both, and let the compiler sort it out. If we * could pick this out at compile-time, it would be better, so as to * avoid the else case below. @@ -225,8 +223,8 @@ au_to_attr64(struct vnode_au_info *vni) ADD_U_CHAR(dptr, AUT_ATTR64); /* - * Darwin defines the size for the file mode - * as 2 bytes; BSM defines 4 so pad with 0 + * Darwin defines the size for the file mode as 2 bytes; BSM defines + * 4 so pad with 0. */ ADD_U_INT16(dptr, pad0_16); ADD_U_INT16(dptr, vni->vn_mode); @@ -270,7 +268,7 @@ au_to_attr(struct vnode_au_info *vni) * data items (depends on basic unit) */ token_t * -au_to_data(char unit_print, char unit_type, char unit_count, char *p) +au_to_data(char unit_print, char unit_type, char unit_count, const char *p) { token_t *t; u_char *dptr = NULL; @@ -298,7 +296,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p) default: errno = EINVAL; - return (NULL); + return (NULL); } totdata = datasize * unit_count; @@ -345,7 +343,7 @@ token_t * au_to_groups(int *groups) { - return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t*)groups)); + return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t *)groups)); } /* @@ -396,7 +394,7 @@ au_to_in_addr(struct in_addr *internet_addr) /* * token ID 1 byte * address type/length 4 bytes - * Address 16 bytes + * address 16 bytes */ token_t * au_to_in_addr_ex(struct in6_addr *internet_addr) @@ -484,8 +482,8 @@ au_to_ipc_perm(struct ipc_perm *perm) ADD_U_CHAR(dptr, AUT_IPC_PERM); /* - * Darwin defines the sizes for ipc_perm members - * as 2 bytes; BSM defines 4 so pad with 0 + * Darwin defines the sizes for ipc_perm members as 2 bytes; BSM + * defines 4 so pad with 0. */ ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->uid); @@ -506,15 +504,23 @@ au_to_ipc_perm(struct ipc_perm *perm) #ifdef HAVE_IPC_PERM___SEQ ADD_U_INT16(dptr, perm->__seq); -#else +#else /* HAVE_IPC_PERM___SEQ */ +#ifdef HAVE_IPC_PERM__SEQ + ADD_U_INT16(dptr, perm->_seq); +#else /* HAVE_IPC_PERM__SEQ */ ADD_U_INT16(dptr, perm->seq); -#endif +#endif /* HAVE_IPC_PERM__SEQ */ +#endif /* HAVE_IPC_PERM___SEQ */ #ifdef HAVE_IPC_PERM___KEY ADD_U_INT32(dptr, perm->__key); -#else +#else /* HAVE_IPC_PERM___KEY */ +#ifdef HAVE_IPC_PERM__KEY + ADD_U_INT32(dptr, perm->_key); +#else /* HAVE_IPC_PERM__KEY */ ADD_U_INT32(dptr, perm->key); -#endif +#endif /* HAVE_IPC_PERM__KEY */ +#endif /* HAVE_IPC_PERM___KEY */ return (t); } @@ -545,7 +551,7 @@ au_to_iport(u_int16_t iport) * data size bytes */ token_t * -au_to_opaque(char *data, u_int16_t bytes) +au_to_opaque(const char *data, u_int16_t bytes) { token_t *t; u_char *dptr = NULL; @@ -569,7 +575,7 @@ au_to_opaque(char *data, u_int16_t bytes) * file pathname N bytes + 1 terminating NULL byte */ token_t * -au_to_file(char *file, struct timeval tm) +au_to_file(const char *file, struct timeval tm) { token_t *t; u_char *dptr = NULL; @@ -601,7 +607,7 @@ au_to_file(char *file, struct timeval tm) * text N bytes + 1 terminating NULL byte */ token_t * -au_to_text(char *text) +au_to_text(const char *text) { token_t *t; u_char *dptr = NULL; @@ -627,7 +633,7 @@ au_to_text(char *text) * path N bytes + 1 terminating NULL byte */ token_t * -au_to_path(char *text) +au_to_path(const char *text) { token_t *t; u_char *dptr = NULL; @@ -906,7 +912,7 @@ au_to_sock_unix(struct sockaddr_un *so) if (t == NULL) return (NULL); - ADD_U_CHAR(dptr, AU_SOCK_UNIX_TOKEN); + ADD_U_CHAR(dptr, AUT_SOCKUNIX); /* BSM token has two bytes for family */ ADD_U_CHAR(dptr, 0); ADD_U_CHAR(dptr, so->sun_family); @@ -943,14 +949,13 @@ au_to_sock_inet32(struct sockaddr_in *so) * * XXXRW: Should a name space conversion be taking place on the value * of sin_family? - */ + */ family = so->sin_family; ADD_U_INT16(dptr, family); ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); return (t); - } token_t * @@ -967,8 +972,8 @@ au_to_sock_inet128(struct sockaddr_in6 *so) ADD_U_CHAR(dptr, AUT_SOCKINET128); /* * In Darwin, sin6_family is one octet, but BSM defines the token - * to store two. So we copy in a 0 first. - */ + * to store two. So we copy in a 0 first. + */ ADD_U_CHAR(dptr, 0); ADD_U_CHAR(dptr, so->sin6_family); @@ -976,7 +981,6 @@ au_to_sock_inet128(struct sockaddr_in6 *so) ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); return (t); - } token_t * @@ -1162,8 +1166,8 @@ au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, #if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) /* - * Collects audit information for the current process - * and creates a subject token from it + * Collects audit information for the current process and creates a subject + * token from it. */ token_t * au_to_me(void) @@ -1225,7 +1229,7 @@ au_to_exec_args(char **argv) * zonename N bytes + 1 terminating NULL byte */ token_t * -au_to_zonename(char *zonename) +au_to_zonename(const char *zonename) { u_char *dptr = NULL; u_int16_t textlen; @@ -1317,6 +1321,53 @@ au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, return (t); } +/* + * token ID 1 byte + * record byte count 4 bytes + * version # 1 byte [2] + * event type 2 bytes + * event modifier 2 bytes + * address type/length 4 bytes + * machine address 4 bytes/16 bytes (IPv4/IPv6 address) + * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) + * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) + */ +token_t * +au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm, struct auditinfo_addr *aia) +{ + token_t *t; + u_char *dptr = NULL; + u_int32_t timems, hostid; + au_tid_addr_t *tid = &aia->ai_termid; + + if (tid->at_type != AU_IPv4 && tid->at_type != AU_IPv6) + return (NULL); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + + sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * + sizeof(u_int32_t) + tid->at_type); + if (t == NULL) + return (NULL); + + ADD_U_CHAR(dptr, AUT_HEADER32_EX); + ADD_U_INT32(dptr, rec_size); + ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); + ADD_U_INT16(dptr, e_type); + ADD_U_INT16(dptr, e_mod); + + ADD_U_INT32(dptr, tid->at_type); + if (tid->at_type == AU_IPv6) + ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); + else + ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); + timems = tm.tv_usec/1000; + /* Add the timestamp */ + ADD_U_INT32(dptr, tm.tv_sec); + ADD_U_INT32(dptr, timems); /* We need time in ms. */ + + return (t); +} + token_t * au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm) @@ -1345,6 +1396,24 @@ au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, } #if !defined(KERNEL) && !defined(_KERNEL) +#ifdef HAVE_AUDIT_SYSCALLS +token_t * +au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) +{ + struct timeval tm; + struct auditinfo_addr aia; + + if (gettimeofday(&tm, NULL) == -1) + return (NULL); + if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) { + if (errno != ENOSYS) + return (NULL); + return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); + } + return (au_to_header32_ex_tm(rec_size, e_type, e_mod, tm, &aia)); +} +#endif /* HAVE_AUDIT_SYSCALLS */ + token_t * au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) { @@ -1372,7 +1441,16 @@ au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) return (au_to_header32(rec_size, e_type, e_mod)); } -#endif + +#ifdef HAVE_AUDIT_SYSCALLS +token_t * +au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) +{ + + return (au_to_header32_ex(rec_size, e_type, e_mod)); +} +#endif /* HAVE_AUDIT_SYSCALLS */ +#endif /* !defined(KERNEL) && !defined(_KERNEL) */ /* * token ID 1 byte diff --git a/libbsm/bsm_user.c b/libbsm/bsm_user.c index c00d139..5266fdf 100644 --- a/libbsm/bsm_user.c +++ b/libbsm/bsm_user.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -27,9 +27,11 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#15 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#18 $ */ +#include <config/config.h> + #include <bsm/libbsm.h> #include <string.h> @@ -37,6 +39,10 @@ #include <stdio.h> #include <stdlib.h> +#ifndef HAVE_STRLCPY +#include <compat/strlcpy.h> +#endif + /* * Parse the contents of the audit_user file into au_user_ent structures. */ @@ -66,7 +72,7 @@ userfromstr(char *str, struct au_user_ent *u) if (strlen(username) >= AU_USER_NAME_MAX) return (NULL); - strcpy(u->au_name, username); + strlcpy(u->au_name, username, AU_USER_NAME_MAX); if (getauditflagsbin(always, &(u->au_always)) == -1) return (NULL); diff --git a/libbsm/bsm_wrappers.c b/libbsm/bsm_wrappers.c index f001e5f..f818f1d 100644 --- a/libbsm/bsm_wrappers.c +++ b/libbsm/bsm_wrappers.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#24 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#26 $ */ #ifdef __APPLE__ @@ -285,7 +285,7 @@ audit_write(short event_code, token_t *subject, token_t *misctok, char retval, if (subject && au_write(aufd, subject) == -1) { au_free_token(subject); au_free_token(misctok); - (void)au_close(aufd, AU_TO_WRITE, event_code); + (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: write of subject failed", func); return (kAUWriteSubjectTokErr); } diff --git a/man/Makefile b/man/Makefile deleted file mode 100644 index 1fbbc31..0000000 --- a/man/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile#7 $ -# - -MAN= audit.2 \ - auditctl.2 \ - auditon.2 \ - getaudit.2 \ - getauid.2 \ - setaudit.2 \ - setauid.2 \ - audit.log.5 \ - audit_class.5 \ - audit_control.5 \ - audit_event.5 \ - audit_user.5 \ - audit_warn.5 - -MLINKS= getaudit.2 getaudit_addr.2 \ - setaudit.2 setaudit_addr.2 - -.include <bsd.prog.mk> diff --git a/man/Makefile.in b/man/Makefile.in index 13a0d76..a24804a 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile.in#4 $ +# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile.in#7 $ # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ @@ -93,6 +93,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ diff --git a/man/audit.2 b/man/audit.2 index a9cd143..1ee61b9 100644 --- a/man/audit.2 +++ b/man/audit.2 @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.2#8 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.2#9 $ .\" .Dd April 19, 2005 .Dt AUDIT 2 diff --git a/man/audit.log.5 b/man/audit.log.5 index d0f85ff..dac0067 100644 --- a/man/audit.log.5 +++ b/man/audit.log.5 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#16 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#19 $ .\" .Dd November 5, 2006 .Dt AUDIT.LOG 5 @@ -176,29 +176,27 @@ token can be created using .Ss in_addr Token The .Dq in_addr -token holds a network byte order IPv4 or IPv6 address. +token holds a network byte order IPv4 address. An .Dq in_addr token can be created using .Xr au_to_in_addr 3 -for an IPv4 address, or -.Xr au_to_in_addr_ex 3 -for an IPv6 address. -.Pp -See the -.Sx BUGS -section for information on the storage of this token. +for an IPv4 address. .Pp .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" -.It "IP Address Type 1 byte Type of address" -.It "IP Address 4/16 bytes IPv4 or IPv6 address" +.It "IP Address 4 bytes IPv4 address" .El .Ss Expanded in_addr Token The -.Dq expanded in_addr -token ... +.Dq in_addr_ex +token holds a network byte order IPv4 or IPv6 address. +An +.Dq in_addr_ex +token can be created using +.Xr au_to_in_addr_ex 3 +for an IPv6 address. .Pp See the .Sx BUGS @@ -206,7 +204,8 @@ section for information on the storage of this token. .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" -.It XXXX +.It "IP Address Type 1 byte Type of address" +.It "IP Address 4/16 bytes IPv4 or IPv6 address" .El .Ss ip Token The @@ -230,15 +229,6 @@ token can be created using .It "Source Address 4 bytes IPv4 source address" .It "Destination Address 4 bytes IPv4 destination address" .El -.Ss Expanded ip Token -The -.Dq expanded ip -token ... -.Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" -.It Sy "Field Bytes Description" -.It "Token ID 1 byte Token ID" -.It XXXX -.El .Ss iport Token The .Dq iport @@ -556,13 +546,14 @@ token can be created using .Ss Socket Token The .Dq socket -token contains informations about UNIX domain and Internet sockets. +token contains information about UNIX domain and Internet sockets. Each token has four or eight fields. -Depend on type of socket a socket token may be created using +Depending on the type of socket, a socket token may be created using .Xr au_to_sock_unix 3 , -.Xr au_to_sock_inet32 3 or +.Xr au_to_sock_inet32 3 +or .Xr au_to_sock_inet128 3 . -.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" +.Bl -column -offset 3n ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" .It Sy "Field" Ta Sy Bytes Ta Sy Description .It Li "Token ID" Ta "1 byte" Ta "Token ID" .It Li "Socket family" Ta "2 bytes" Ta "Socket family" @@ -572,18 +563,18 @@ Depend on type of socket a socket token may be created using .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" -+.It Li "Socket domain" Ta "4 bytes" Ta "Socket domain" -+.It Li "Socket family" Ta "2 bytes" Ta "Socket family" -+.It Li "Address type" Ta "1 byte" Ta "Address type (IPv4/IPv6)" -+.It Li "Local port" Ta "2 bytes" Ta "Local port" -+.It Li "Local IP address" Ta "4/16 bytes" Ta "Local IP address" -+.It Li "Remote port" Ta "2 bytes" Ta "Remote port" -+.It Li "Remote IP address" Ta "4/16 bytes" Ta "Remote IP address" +.It Li "Socket domain" Ta "4 bytes" Ta "Socket domain" +.It Li "Socket family" Ta "2 bytes" Ta "Socket family" +.It Li "Address type" Ta "1 byte" Ta "Address type (IPv4/IPv6)" +.It Li "Local port" Ta "2 bytes" Ta "Local port" +.It Li "Local IP address" Ta "4/16 bytes" Ta "Local IP address" +.It Li "Remote port" Ta "2 bytes" Ta "Remote port" +.It Li "Remote IP address" Ta "4/16 bytes" Ta "Remote IP address" .El .Ss Expanded Socket Token The .Dq expanded socket -token ... +token contains information about IPv4 and IPv6 sockets. .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" @@ -639,11 +630,18 @@ token ... .Ss Zonename Token The .Dq zonename -token ... +token holds a NUL-terminated string with the name of the zone or jail from +which the record originated. +A +.Dz zonename +token can be created using +.Xr au_to_zonename 3 . +.Pp .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" -.It XXXXX +.It "Zonename length 2 bytes Length of zonename string including NUL" +.It "Zonename N bytes + 1 NUL Zonename string including NUL" .El .Sh SEE ALSO .Xr auditreduce 1 , @@ -676,7 +674,5 @@ and .Dq in_addr_ex token layout documented here appears to be in conflict with the .Xr libbsm 3 -implementations of -.Xr au_to_in_addr 3 -and +implementation of .Xr au_to_in_addr_ex 3 . diff --git a/man/audit_class.5 b/man/audit_class.5 index cc5b122f..c92f57f 100644 --- a/man/audit_class.5 +++ b/man/audit_class.5 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -9,7 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#10 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#11 $ .\" .Dd January 24, 2004 .Dt AUDIT_CLASS 5 diff --git a/man/audit_control.5 b/man/audit_control.5 index a91f504..be89a12 100644 --- a/man/audit_control.5 +++ b/man/audit_control.5 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" Copyright (c) 2006 Robert N. M. Watson .\" All rights reserved. .\" @@ -10,7 +10,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -26,7 +26,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#17 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#20 $ .\" .Dd January 4, 2006 .Dt AUDIT_CONTROL 5 @@ -57,13 +57,26 @@ Specifies which audit event classes are audited for all users. .Xr audit_user 5 describes how to audit events for individual users. See the information below for the format of the audit flags. +.It Va host +Specify the hostname or IP address to be used when setting the local +systems's audit host information. +This hostname will be converted into an IP or IPv6 address and will +be included in the header of each audit record. +Due to the possibility of transient errors coupled with the +security issues in the DNS protocol itself, the use of DNS +should be avoided. +Instead, it is strongly recommended that the hostname be +specified in the /etc/hosts file. +For more information see +.Xr hosts 5 . .It Va naflags Contains the audit flags that define what classes of events are audited when an action cannot be attributed to a specific user. .It Va minfree The minimum free space required on the file system audit logs are being written to. When the free space falls below this limit a warning will be issued. -Not currently used as the value of 20 percent is chosen by the kernel. +If no value for the minimum free space is set, the default of 20 percent is +applied by the kernel. .It Va policy A list of global audit policy flags specifying various behaviors, such as fail stop, auditing of paths and arguments, etc. @@ -185,6 +198,7 @@ file size. .It Pa /etc/security/audit_control .El .Sh SEE ALSO +.Xr auditon 2 , .Xr audit 4 , .Xr audit_class 5 , .Xr audit_event 5 , diff --git a/man/audit_event.5 b/man/audit_event.5 index 75e67aa..184a82d 100644 --- a/man/audit_event.5 +++ b/man/audit_event.5 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -9,7 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#11 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#12 $ .\" .Dd January 24, 2004 .Dt AUDIT_EVENT 5 diff --git a/man/audit_user.5 b/man/audit_user.5 index 1779941..947f5c8 100644 --- a/man/audit_user.5 +++ b/man/audit_user.5 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -9,7 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#12 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#13 $ .\" .Dd February 5, 2006 .Dt AUDIT_USER 5 diff --git a/man/audit_warn.5 b/man/audit_warn.5 index d7b20b6..c53f163 100644 --- a/man/audit_warn.5 +++ b/man/audit_warn.5 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -9,7 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_warn.5#9 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_warn.5#10 $ .\" .Dd March 17, 2004 .Dt AUDIT_WARN 5 diff --git a/man/auditctl.2 b/man/auditctl.2 index ac3c41a..a5346fb 100644 --- a/man/auditctl.2 +++ b/man/auditctl.2 @@ -1,5 +1,6 @@ .\"- .\" Copyright (c) 2005-2006 Robert N. M. Watson +.\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditctl.2#7 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditctl.2#9 $ .\" .Dd April 19, 2005 .Dt AUDITCTL 2 @@ -40,20 +41,25 @@ The .Fn auditctl system call directs the kernel to open a new audit trail log file. It requires an appropriate privilege. -In the -.Fx -implementation, +The .Fn auditctl +system call opens new files, but .Xr auditon 2 is used to disable the audit log. -In the Mac OS X implementation, passing -.Dv NULL -to -.Fn auditctl -will disable the audit log. .Sh RETURN VALUES .Rv -std +.Sh ERRORS +The +.Fn auditctl +system call will fail if: +.Bl -tag -width Er +.It Bq Er EINVAL +The path is invalid. +.It Bq Er EPERM +The process does not have sufficient permission to complete the +operation. +.El .Sh SEE ALSO .Xr auditon 2 , .Xr libbsm 3 , diff --git a/man/auditon.2 b/man/auditon.2 index 953484c..e47bbb8 100644 --- a/man/auditon.2 +++ b/man/auditon.2 @@ -25,9 +25,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#11 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#14 $ .\" -.Dd April 19, 2005 +.Dd July 10, 2008 .Dt AUDITON 2 .Os .Sh NAME @@ -63,27 +63,38 @@ The argument must point to a .Vt long -value set to one of the audit -policy control values defined in -.In bsm/audit.h . -Currently, only -.Dv AUDIT_CNT +value set to one or more the following audit +policy control values bitwise OR'ed together: +.Dv AUDIT_CNT , +.Dv AUDIT_AHLT , +.Dv AUDIT_ARGV , and -.Dv AUDIT_AHLT -are implemented. -In the -.Dv AUDIT_CNT -case, the action will continue regardless if -an event will not be audited. -In the -.Dv AUDIT_AHLT -case, a +.Dv AUDIT_ARGE . +If +.Dv AUDIT_CNT is set, the system will continue even if it becomes low +on space and discontinue logging events until the low space condition is +remedied. +If it is not set, audited events will block until the low space +condition is remedied. +Unaudited events, however, are unaffected. +If +.Dv AUDIT_AHLT is set, a .Xr panic 9 -will result if an event will not be written to the -audit log file. +if it cannot write an event to the global audit log file. +If +.Dv AUDIT_ARGV +is set, then the argument list passed to the +.Xr execve 2 +system call will be audited. If +.Dv AUDIT_ARGE +is set, then the environment variables passed to the +.Xr execve 2 +system call will be audited. The default policy is none of the audit policy +control flags set. .It Dv A_SETKAUDIT Return .Er ENOSYS . +(Not implemented.) .It Dv A_SETKMASK Set the kernel preselection masks (success and failure). The @@ -91,8 +102,19 @@ The argument must point to a .Vt au_mask_t -structure containing the mask values. -These masks are used for non-attributable audit event preselection. +structure containing the mask values as defined in +.In bsm/audit.h . +These masks are used for non-attributable audit event preselection. +The field +.Fa am_success +specifies which classes of successful audit events are to be logged to the +audit trail. The field +.Fa am_failure +specifies which classes of failed audit events are to be logged. The value of +both fields is the bitwise OR'ing of the audit event classes specified in +.Fa bsm/audit.h . +The various audit classes are described more fully in +.Xr audit_class 5 . .It Dv A_SETQCTRL Set kernel audit queue parameters. The @@ -100,24 +122,51 @@ The argument must point to a .Vt au_qctrl_t -structure containing the -kernel audit queue control settings: -.Dq "high water" , -.Dq "low water" , -.Dq "output buffer size" , -.Dq "percent min free disk space" , +structure (defined in +.In bsm/audit.h ) +containing the kernel audit queue control settings: +.Fa aq_hiwater , +.Fa aq_lowater , +.Fa aq_bufsz , +.Fa aq_delay , and -.Dq delay -(not currently used). +.Fa aq_minfree . +The field +.Fa aq_hiwater +defines the maximum number of audit record entries in the queue used to store +the audit records ready for delivery to disk. +New records are inserted at the tail of the queue and removed from the head. +For new records which would exceed the +high water mark, the calling thread is inserted into the wait queue, waiting +for the audit queue to have enough space available as defined with the field +.Fa aq_lowater . +The field +.Fa aq_bufsz +defines the maximum length of the audit record that can be supplied with +.Xr audit 2 . +The field +.Fa aq_delay +is unused. +The field +.Fa aq_minfree +specifies the minimum amount of free blocks on the disk device used to store +audit records. +If the value of free blocks falls below the configured +minimum amount, the kernel informs the audit daemon about low disk space. +The value is to be specified in percent of free file system blocks. +A value of 0 results in a disabling of the check. .It Dv A_SETSTAT Return .Er ENOSYS . +(Not implemented.) .It Dv A_SETUMASK Return .Er ENOSYS . +(Not implemented.) .It Dv A_SETSMASK Return .Er ENOSYS . +(Not implemented.) .It Dv A_SETCOND Set the current auditing condition. The @@ -131,6 +180,14 @@ audit condition, one of .Dv AUC_NOAUDIT , or .Dv AUC_DISABLED . +If +.Dv AUC_NOAUDIT +is set, then auditing is temporarily suspended. If +.Dv AUC_AUDITING +is set, auditing is resumed. If +.Dv AUC_DISABLED +is set, the auditing system will +shutdown, draining all audit records and closing out the audit trail file. .It Dv A_SETCLASS Set the event class preselection mask for an audit event. The @@ -139,6 +196,13 @@ argument must point to a .Vt au_evclass_map_t structure containing the audit event and mask. +The field +.Fa ec_number +is the audit event and +.Fa ec_class +is the audit class mask. See +.Xr audit_event 5 +for more information on audit event to class mapping. .It Dv A_SETPMASK Set the preselection masks for a process. The @@ -148,6 +212,16 @@ must point to a .Vt auditpinfo_t structure that contains the given process's audit preselection masks for both success and failure. +The field +.Fa ap_pid +is the process id of the target process. +The field +.Fa ap_mask +must point to a +.Fa au_mask_t +structure which holds the preselection masks as described in the +.Da A_SETKMASK +section above. .It Dv A_SETFSIZE Set the maximum size of the audit log file. The @@ -163,6 +237,7 @@ indicates no limit to the size. .It Dv A_SETKAUDIT Return .Er ENOSYS . +(Not implemented.) .It Dv A_GETCLASS Return the event to class mapping for the designated audit event. The @@ -170,10 +245,13 @@ The argument must point to a .Vt au_evclass_map_t -structure. +structure. See the +.Dv A_SETCLASS +section above for more information. .It Dv A_GETKAUDIT Return .Er ENOSYS . +(Not implemented.) .It Dv A_GETPINFO Return the audit settings for a process. The @@ -182,11 +260,47 @@ argument must point to a .Vt auditpinfo_t structure which will be set to contain -the audit ID, preselection mask, terminal ID, and audit session -ID of the given process. +.Fa ap_auid +(the audit ID), +.Fa ap_mask +(the preselection mask), +.Fa ap_termid +(the terminal ID), and +.Fa ap_asid +(the audit session ID) +of the given target process. +The process ID of the target process is passed +into the kernel using the +.Fa ap_pid +field. +See the section +.Dv A_SETPMASK +above and +.Xr getaudit 2 +for more information. .It Dv A_GETPINFO_ADDR -Return -.Er ENOSYS . +Return the extended audit settings for a process. +The +.Fa data +argument +must point to a +.Vt auditpinfo_addr_t +structure which is similar to the +.Vt auditpinfo_addr_t +structure described above. +The exception is the +.Fa ap_termid +(the terminal ID) field which points to a +.Vt au_tid_addr_t +structure can hold much a larger terminal address and an address type. +The process ID of the target process is passed into the kernel using the +.Fa ap_pid +field. +See the section +.Dv A_SETPMASK +above and +.Xr getaudit 2 +for more information. .It Dv A_GETKMASK Return the current kernel preselection masks. The @@ -205,11 +319,10 @@ must point to a .Vt long value which will be set to one of the current audit policy flags. -Currently, only -.Dv AUDIT_CNT -and -.Dv AUDIT_AHLT -are implemented. +The audit policy flags are +described in the +.Dv A_SETPOLICY +section above. .It Dv A_GETQCTRL Return the current kernel audit queue control parameters. The @@ -219,6 +332,9 @@ must point to a .Vt au_qctrl_t structure which will be set to the current kernel audit queue control parameters. +See the +.Dv A_SETQCTL +section above for more information. .It Dv A_GETFSIZE Returns the maximum size of the audit log file. The @@ -240,17 +356,20 @@ will be set to the current audit log file size. .\" Return the current working directory as stored in the audit subsystem. Return .Er ENOSYS . +(Not implemented.) .It Dv A_GETCAR .\" [COMMENTED OUT]: Valid description, not yet implemented. .\"Stores and returns the current active root as stored in the audit .\"subsystem. Return .Er ENOSYS . +(Not implemented.) .It Dv A_GETSTAT .\" [COMMENTED OUT]: Valid description, not yet implemented. .\"Return the statistics stored in the audit system. Return .Er ENOSYS . +(Not implemented.) .It Dv A_GETCOND Return the current auditing condition. The @@ -259,10 +378,14 @@ argument must point to a .Vt long value which will be set to -the current audit condition, either -.Dv AUC_AUDITING +the current audit condition, one of +.Dv AUC_AUDITING , +.Dv AUC_NOAUDIT or -.Dv AUC_NOAUDIT . +.Dv AUC_DISABLED . +See the +.Dv A_SETCOND +section above for more information. .It Dv A_SENDTRIGGER Send a trigger to the audit daemon. The diff --git a/man/getaudit.2 b/man/getaudit.2 index 0592721..77a0f8e 100644 --- a/man/getaudit.2 +++ b/man/getaudit.2 @@ -1,5 +1,6 @@ .\"- .\" Copyright (c) 2005 Robert N. M. Watson +.\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,9 +24,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#7 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#10 $ .\" -.Dd April 19, 2005 +.Dd October 19, 2008 .Dt GETAUDIT 2 .Os .Sh NAME @@ -54,9 +55,111 @@ retrieves extended state via and .Fa length . .Pp +The +.Fa auditinfo_t +data structure is defined as follows: +.Bd -literal -offset indent +struct auditinfo { + au_id_t ai_auid; /* Audit user ID */ + au_mask_t ai_mask; /* Audit masks */ + au_tid_t ai_termid; /* Terminal ID */ + au_asid_t ai_asid; /* Audit session ID */ +}; +typedef struct auditinfo auditinfo_t; +.Ed +.Pp +The +.Fa ai_auid +variable contains the audit identifier which is recorded in the audit log for +each event the process caused. +.Pp +The +.Fa au_mask_t +data structure defines the bit mask for auditing successful and failed events +out of the predefined list of event classes. +It is defined as follows: +.Bd -literal -offset indent +struct au_mask { + unsigned int am_success; /* success bits */ + unsigned int am_failure; /* failure bits */ +}; +typedef struct au_mask au_mask_t; +.Ed +.Pp +The +.Fa au_termid_t +data structure defines the Terminal ID recorded with every event caused by the +process. +It is defined as follows: +.Bd -literal -offset indent +struct au_tid { + dev_t port; + u_int32_t machine; +}; +typedef struct au_tid au_tid_t; +.Ed +.Pp +The +.Fa ai_asid +variable contains the audit session ID which is recorded with every event +caused by the process. +.Pp +The +.Fn getaudit_addr +system call +uses the expanded +.Fa auditinfo_addr_t +data structure and supports Terminal IDs with larger addresses +such as those used in IP version 6. +It is defined as follows: +.Bd -literal -offset indent +struct auditinfo_addr { + au_id_t ai_auid; /* Audit user ID. */ + au_mask_t ai_mask; /* Audit masks. */ + au_tid_addr_t ai_termid; /* Terminal ID. */ + au_asid_t ai_asid; /* Audit session ID. */ +}; +typedef struct auditinfo_addr auditinfo_addr_t; +.Ed +.Pp +The +.Fa au_tid_addr_t +data structure which includes a larger address storage field and an additional +field with the type of address stored: +.Bd -literal -offset indent +struct au_tid_addr { + dev_t at_port; + u_int32_t at_type; + u_int32_t at_addr[4]; +}; +typedef struct au_tid_addr au_tid_addr_t; +.Ed +.Pp These system calls require an appropriate privilege to complete. .Sh RETURN VALUES .Rv -std getaudit getaudit_addr +.Sh ERRORS +The +.Fn getaudit +function will fail if: +.Bl -tag -width Er +.It Bq Er EFAULT +A failure occurred while data transferred to or from +the kernel failed. +.It Bq Er EINVAL +Illegal argument was passed by a system call. +.It Bq Er EPERM +The process does not have sufficient permission to complete +the operation. +.It Bq Er EOVERFLOW +The +.Fa length +argument indicates an overflow condition will occur. +.It Bq Er E2BIG +The address is too big and, therefore, +.Fn getaudit_addr +should be used instead. +.El .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , diff --git a/man/getauid.2 b/man/getauid.2 index 2624f1e..dc6ae0a 100644 --- a/man/getauid.2 +++ b/man/getauid.2 @@ -1,5 +1,6 @@ .\"- .\" Copyright (c) 2005 Robert N. M. Watson +.\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#7 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#9 $ .\" .Dd April 19, 2005 .Dt GETAUID 2 @@ -47,6 +48,18 @@ pointed to by This system call requires an appropriate privilege to complete. .Sh RETURN VALUES .Rv -std +.Sh ERRORS +The +.Fn getauid +function will fail if: +.Bl -tag -width Er +.It Bq Er EFAULT +A failure occurred while data transferred from +the kernel failed. +.It Bq Er EPERM +The process does not have sufficient permission to complete +the operation. +.El .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , diff --git a/man/setaudit.2 b/man/setaudit.2 index 22e2192..5426c87 100644 --- a/man/setaudit.2 +++ b/man/setaudit.2 @@ -1,5 +1,6 @@ .\"- .\" Copyright (c) 2005 Robert N. M. Watson +.\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#7 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#10 $ .\" .Dd April 19, 2005 .Dt SETAUDIT 2 @@ -54,9 +55,115 @@ sets extended state via and .Fa length . .Pp +The +.Fa auditinfo_t +data structure is defined as follows: +.nf +.in +4n + +struct auditinfo { + au_id_t ai_auid; /* Audit user ID */ + au_mask_t ai_mask; /* Audit masks */ + au_tid_t ai_termid; /* Terminal ID */ + au_asid_t ai_asid; /* Audit session ID */ +}; +typedef struct auditinfo auditinfo_t; +.in +.fi +.Pp +The +.Fa ai_auid +variable contains the audit identifier which is recorded in the audit log for +each event the process caused. +.PP + +The +.Fa au_mask_t +data structure defines the bit mask for auditing successful and failed events +out of the predefined list of event classes. It is defined as follows: +.nf +.in +4n + +struct au_mask { + unsigned int am_success; /* success bits */ + unsigned int am_failure; /* failure bits */ +}; +typedef struct au_mask au_mask_t; +.in +.fi +.PP + +The +.Fa au_termid_t +data structure defines the Terminal ID recorded with every event caused by the +process. It is defined as follows: +.nf +.in +4n + +struct au_tid { + dev_t port; + u_int32_t machine; +}; +typedef struct au_tid au_tid_t; + +.in +.fi +.PP +The +.Fa ai_asid +variable contains the audit session ID which is recorded with every event +caused by the process. +.Pp +The +.Fn setaudit_addr +system call +uses the expanded +.Fa auditinfo_addr_t +data structure supports Terminal IDs with larger addresses such as those used +in IP version 6. It is defined as follows: +.nf +.in +4n + +struct auditinfo_addr { + au_id_t ai_auid; /* Audit user ID. */ + au_mask_t ai_mask; /* Audit masks. */ + au_tid_addr_t ai_termid; /* Terminal ID. */ + au_asid_t ai_asid; /* Audit session ID. */ +}; +typedef struct auditinfo_addr auditinfo_addr_t; +.in +.fi +.Pp +The +.Fa au_tid_addr_t +data structure which includes a larger address storage field and an additional +field with the type of address stored: +.nf +.in +4n + +struct au_tid_addr { + dev_t at_port; + u_int32_t at_type; + u_int32_t at_addr[4]; +}; +typedef struct au_tid_addr au_tid_addr_t; +.in +.fi +.Pp These system calls require an appropriate privilege to complete. .Sh RETURN VALUES .Rv -std setaudit setaudit_addr +.Sh ERRORS +.Bl -tag -width Er +.It Bq Er EFAULT +A failure occurred while data transferred to or from +the kernel failed. +.It Bq Er EINVAL +Illegal argument was passed by a system call. +.It Bq Er EPERM +The process does not have sufficient permission to complete +the operation. +.El .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , diff --git a/man/setauid.2 b/man/setauid.2 index a736a34..770c32b 100644 --- a/man/setauid.2 +++ b/man/setauid.2 @@ -1,5 +1,6 @@ .\"- .\" Copyright (c) 2005 Robert N. M. Watson +.\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#7 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#9 $ .\" .Dd April 19, 2005 .Dt SETAUID 2 @@ -47,6 +48,18 @@ pointed to by This system call requires an appropriate privilege to complete. .Sh RETURN VALUES .Rv -std +.Sh ERRORS +The +.Fn setauid +function will fail if: +.Bl -tag -width Er +.It Bq Er EFAULT +A failure occurred while data transferred to +the kernel failed. +.It Bq Er EPERM +The process does not have sufficient permission to complete +the operation. +.El .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , diff --git a/modules/Makefile.in b/modules/Makefile.in index 3a3af9f..39b942a 100644 --- a/modules/Makefile.in +++ b/modules/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/modules/Makefile.in#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/modules/Makefile.in#5 $ # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ @@ -100,6 +100,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ diff --git a/modules/auditfilter_noop/Makefile.am b/modules/auditfilter_noop/Makefile.am index e4b7a5a..1d0775b 100644 --- a/modules/auditfilter_noop/Makefile.am +++ b/modules/auditfilter_noop/Makefile.am @@ -1,8 +1,12 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/Makefile.am#3 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif lib_LTLIBRARIES = auditfilter_noop.la diff --git a/modules/auditfilter_noop/Makefile.in b/modules/auditfilter_noop/Makefile.in index d654236..6d39c48 100644 --- a/modules/auditfilter_noop/Makefile.in +++ b/modules/auditfilter_noop/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/Makefile.in#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/Makefile.in#6 $ # VPATH = @srcdir@ @@ -118,6 +118,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -184,7 +185,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) lib_LTLIBRARIES = auditfilter_noop.la auditfilter_noop_la_SOURCE = auditfilter_noop.c auditfilter_noop_la_LDFLAGS = -module diff --git a/modules/auditfilter_noop/auditfilter_noop.c b/modules/auditfilter_noop/auditfilter_noop.c index 1db9856..79834d4 100644 --- a/modules/auditfilter_noop/auditfilter_noop.c +++ b/modules/auditfilter_noop/auditfilter_noop.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/auditfilter_noop.c#4 $ + * $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/auditfilter_noop.c#6 $ */ /* @@ -38,36 +38,42 @@ #include <bsm/libbsm.h> #include <bsm/audit_filter.h> +#ifndef __unused +#define __unused +#endif + int -AUDIT_FILTER_ATTACH(void *instance, int argc, char *argv[]) +AUDIT_FILTER_ATTACH(void *instance __unused, int argc __unused, + char *argv[] __unused) { return (0); } int -AUDIT_FILTER_REINIT(void *instance, int argc, char *argv[]) +AUDIT_FILTER_REINIT(void *instance __unused, int argc __unused, + char *argv[] __unused) { return (0); } void -AUDIT_FILTER_RECORD(void *instance, struct timespec *ts, int token_count, - const tokenstr_t *tok[]) +AUDIT_FILTER_RECORD(void *instance __unused, struct timespec *ts __unused, + int token_count __unused, const tokenstr_t *tok[] __unused) { } void -AUDIT_FILTER_RAWRECORD(void *instance, struct timespec *ts, u_char *data, - u_int len) +AUDIT_FILTER_RAWRECORD(void *instance __unused, struct timespec *ts __unused, + u_char *data __unused, u_int len __unused) { } void -AUDIT_FILTER_DETACH(void *instance) +AUDIT_FILTER_DETACH(void *instance __unused) { } diff --git a/sys/Makefile.am b/sys/Makefile.am new file mode 100644 index 0000000..ed94c4e --- /dev/null +++ b/sys/Makefile.am @@ -0,0 +1,7 @@ +# +# $P4: //depot/projects/trustedbsd/openbsm/sys/Makefile.am#1 $ +# + +SUBDIRS = \ + bsm + diff --git a/sys/Makefile.in b/sys/Makefile.in new file mode 100644 index 0000000..7c090bd --- /dev/null +++ b/sys/Makefile.in @@ -0,0 +1,488 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# +# $P4: //depot/projects/trustedbsd/openbsm/sys/Makefile.in#2 $ +# +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = sys +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config/config.h +CONFIG_CLEAN_FILES = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MIG = @MIG@ +MKDIR_P = @MKDIR_P@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = \ + bsm + +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign sys/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign sys/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + distdir=`$(am__cd) $(distdir) && pwd`; \ + top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ + (cd $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$top_distdir" \ + distdir="$$distdir/$$subdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-exec-am: + +install-html: install-html-recursive + +install-info: install-info-recursive + +install-man: + +install-pdf: install-pdf-recursive + +install-ps: install-ps-recursive + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ + install-strip + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am check check-am clean clean-generic clean-libtool \ + ctags ctags-recursive distclean distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/sys/bsm/Makefile.am b/sys/bsm/Makefile.am new file mode 100644 index 0000000..b3c7805 --- /dev/null +++ b/sys/bsm/Makefile.am @@ -0,0 +1,14 @@ +# +# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#1 $ +# + + +if ! USE_NATIVE_INCLUDES +openbsmdir = $(includedir)/bsm + +openbsm_HEADERS = \ + audit.h \ + audit_internal.h \ + audit_kevents.h \ + audit_record.h +endif diff --git a/sys/bsm/Makefile.in b/sys/bsm/Makefile.in new file mode 100644 index 0000000..34cb9e6 --- /dev/null +++ b/sys/bsm/Makefile.in @@ -0,0 +1,412 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# +# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#2 $ +# + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = sys/bsm +DIST_COMMON = $(am__openbsm_HEADERS_DIST) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config/config.h +CONFIG_CLEAN_FILES = +SOURCES = +DIST_SOURCES = +am__openbsm_HEADERS_DIST = audit.h audit_internal.h audit_kevents.h \ + audit_record.h +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(openbsmdir)" +openbsmHEADERS_INSTALL = $(INSTALL_HEADER) +HEADERS = $(openbsm_HEADERS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MIG = @MIG@ +MKDIR_P = @MKDIR_P@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +@USE_NATIVE_INCLUDES_FALSE@openbsmdir = $(includedir)/bsm +@USE_NATIVE_INCLUDES_FALSE@openbsm_HEADERS = \ +@USE_NATIVE_INCLUDES_FALSE@ audit.h \ +@USE_NATIVE_INCLUDES_FALSE@ audit_internal.h \ +@USE_NATIVE_INCLUDES_FALSE@ audit_kevents.h \ +@USE_NATIVE_INCLUDES_FALSE@ audit_record.h + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign sys/bsm/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign sys/bsm/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-openbsmHEADERS: $(openbsm_HEADERS) + @$(NORMAL_INSTALL) + test -z "$(openbsmdir)" || $(MKDIR_P) "$(DESTDIR)$(openbsmdir)" + @list='$(openbsm_HEADERS)'; for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + f=$(am__strip_dir) \ + echo " $(openbsmHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(openbsmdir)/$$f'"; \ + $(openbsmHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(openbsmdir)/$$f"; \ + done + +uninstall-openbsmHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(openbsm_HEADERS)'; for p in $$list; do \ + f=$(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(openbsmdir)/$$f'"; \ + rm -f "$(DESTDIR)$(openbsmdir)/$$f"; \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(openbsmdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-openbsmHEADERS + +install-dvi: install-dvi-am + +install-exec-am: + +install-html: install-html-am + +install-info: install-info-am + +install-man: + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-openbsmHEADERS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool ctags distclean distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-openbsmHEADERS install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-openbsmHEADERS + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/bsm/audit.h b/sys/bsm/audit.h index 83372cd..ebb84da 100644 --- a/bsm/audit.h +++ b/sys/bsm/audit.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. +/*- + * Copyright (c) 2005 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#23 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#1 $ */ #ifndef _BSM_AUDIT_H diff --git a/bsm/audit_internal.h b/sys/bsm/audit_internal.h index 5a52a54..d3482b3 100644 --- a/bsm/audit_internal.h +++ b/sys/bsm/audit_internal.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. +/*- + * Copyright (c) 2005 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * @@ -30,7 +30,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#16 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#2 $ */ #ifndef _AUDIT_INTERNAL_H @@ -71,7 +71,9 @@ typedef struct au_record au_record_t; * token structures may contain pointers of whose contents we do not know the * size (e.g text tokens). */ +#define AUDIT_HEADER_EX_SIZE(a) ((a)->ai_termid.at_type+18+sizeof(u_int32_t)) #define AUDIT_HEADER_SIZE 18 +#define MAX_AUDIT_HEADER_SIZE (5*sizeof(u_int32_t)+18) #define AUDIT_TRAILER_SIZE 7 /* diff --git a/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h index 8191a99..34cf545 100644 --- a/bsm/audit_kevents.h +++ b/sys/bsm/audit_kevents.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. +/*- + * Copyright (c) 2005 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#52 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#3 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ @@ -307,6 +307,7 @@ #define AUE_PF_POLICY_FLIP 298 /* Solaris-specific. */ #define AUE_PF_POLICY_FLUSH 299 /* Solaris-specific. */ #define AUE_PF_POLICY_ALGS 300 /* Solaris-specific. */ +#define AUE_PORTFS 301 /* Solaris-specific. */ /* * Events added for Apple Darwin that potentially collide with future Solaris @@ -515,17 +516,17 @@ #define AUE_READDIR 43118 /* Linux. */ #define AUE_IOPL 43119 /* Linux. */ #define AUE_VM86 43120 /* Linux. */ -#define AUE_MAC_GET_PROC 43121 /* FreeBSD. */ -#define AUE_MAC_SET_PROC 43122 /* FreeBSD. */ -#define AUE_MAC_GET_FD 43123 /* FreeBSD. */ -#define AUE_MAC_GET_FILE 43124 /* FreeBSD. */ -#define AUE_MAC_SET_FD 43125 /* FreeBSD. */ -#define AUE_MAC_SET_FILE 43126 /* FreeBSD. */ +#define AUE_MAC_GET_PROC 43121 /* FreeBSD/Darwin. */ +#define AUE_MAC_SET_PROC 43122 /* FreeBSD/Darwin. */ +#define AUE_MAC_GET_FD 43123 /* FreeBSD/Darwin. */ +#define AUE_MAC_GET_FILE 43124 /* FreeBSD/Darwin. */ +#define AUE_MAC_SET_FD 43125 /* FreeBSD/Darwin. */ +#define AUE_MAC_SET_FILE 43126 /* FreeBSD/Darwin. */ #define AUE_MAC_SYSCALL 43127 /* FreeBSD. */ -#define AUE_MAC_GET_PID 43128 /* FreeBSD. */ -#define AUE_MAC_GET_LINK 43129 /* FreeBSD. */ -#define AUE_MAC_SET_LINK 43130 /* FreeBSD. */ -#define AUE_MAC_EXECVE 43131 /* FreeBSD. */ +#define AUE_MAC_GET_PID 43128 /* FreeBSD/Darwin. */ +#define AUE_MAC_GET_LINK 43129 /* FreeBSD/Darwin. */ +#define AUE_MAC_SET_LINK 43130 /* FreeBSD/Darwin. */ +#define AUE_MAC_EXECVE 43131 /* FreeBSD/Darwin. */ #define AUE_GETPATH_FROMFD 43132 /* FreeBSD. */ #define AUE_GETPATH_FROMADDR 43133 /* FreeBSD. */ #define AUE_MQ_OPEN 43134 /* FreeBSD. */ @@ -547,6 +548,43 @@ #define AUE_MKNODAT 43150 /* FreeBSD. */ #define AUE_READLINKAT 43151 /* FreeBSD. */ #define AUE_SYMLINKAT 43152 /* FreeBSD. */ +#define AUE_MAC_GETFSSTAT 43153 /* Darwin. */ +#define AUE_MAC_GET_MOUNT 43154 /* Darwin. */ +#define AUE_MAC_GET_LCID 43155 /* Darwin. */ +#define AUE_MAC_GET_LCTX 43156 /* Darwin. */ +#define AUE_MAC_SET_LCTX 43157 /* Darwin. */ +#define AUE_MAC_MOUNT 43158 /* Darwin. */ +#define AUE_GETLCID 43159 /* Darwin. */ +#define AUE_SETLCID 43160 /* Darwin. */ +#define AUE_TASKNAMEFORPID 43161 /* Darwin. */ +#define AUE_ACCESS_EXTENDED 43162 /* Darwin. */ +#define AUE_CHMOD_EXTENDED 43163 /* Darwin. */ +#define AUE_FCHMOD_EXTENDED 43164 /* Darwin. */ +#define AUE_FSTAT_EXTENDED 43165 /* Dariwn. */ +#define AUE_LSTAT_EXTENDED 43166 /* Darwin. */ +#define AUE_MKDIR_EXTENDED 43167 /* Darwin. */ +#define AUE_MKFIFO_EXTENDED 43168 /* Darwin. */ +#define AUE_OPEN_EXTENDED 43169 /* Darwin. */ +#define AUE_OPEN_EXTENDED_R 43170 /* Darwin. */ +#define AUE_OPEN_EXTENDED_RC 43171 /* Darwin. */ +#define AUE_OPEN_EXTENDED_RT 43172 /* Darwin. */ +#define AUE_OPEN_EXTENDED_RTC 43173 /* Darwin. */ +#define AUE_OPEN_EXTENDED_W 43174 /* Darwin. */ +#define AUE_OPEN_EXTENDED_WC 43175 /* Darwin. */ +#define AUE_OPEN_EXTENDED_WT 43176 /* Darwin. */ +#define AUE_OPEN_EXTENDED_WTC 43177 /* Darwin. */ +#define AUE_OPEN_EXTENDED_RW 43178 /* Darwin. */ +#define AUE_OPEN_EXTENDED_RWC 43179 /* Darwin. */ +#define AUE_OPEN_EXTENDED_RWT 43180 /* Darwin. */ +#define AUE_OPEN_EXTENDED_RWTC 43181 /* Darwin. */ +#define AUE_STAT_EXTENDED 43182 /* Darwin. */ +#define AUE_UMASK_EXTENDED 43183 /* Darwin. */ +#define AUE_OPENAT 43184 /* FreeBSD. */ +#define AUE_POSIX_OPENPT 43185 /* FreeBSD. */ +#define AUE_CAP_NEW 43186 /* TrustedBSD. */ +#define AUE_CAP_GETRIGHTS 43187 /* TrustedBSD. */ +#define AUE_CAP_ENTER 43188 /* TrustedBSD. */ +#define AUE_CAP_GETMODE 43189 /* TrustedBSD. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the diff --git a/bsm/audit_record.h b/sys/bsm/audit_record.h index f9bf10c..ccca15b 100644 --- a/bsm/audit_record.h +++ b/sys/bsm/audit_record.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. +/*- + * Copyright (c) 2005-2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#26 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#3 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -47,7 +47,7 @@ #define AUT_IPC 0x22 #define AUT_PATH 0x23 #define AUT_SUBJECT32 0x24 -#define AUT_SERVER32 0x25 +#define AUT_XATPATH 0x25 #define AUT_PROCESS32 0x26 #define AUT_RETURN32 0x27 #define AUT_TEXT 0x28 @@ -63,9 +63,7 @@ #define AUT_IPC_PERM 0x32 #define AUT_LABEL 0x33 #define AUT_GROUPS 0x34 -#define AUT_ILABEL 0x35 -#define AUT_SLABEL 0x36 -#define AUT_CLEAR 0x37 +#define AUT_ACE 0x35 #define AUT_PRIV 0x38 #define AUT_UPRIV 0x39 #define AUT_LIAISON 0x3a @@ -73,22 +71,28 @@ #define AUT_EXEC_ARGS 0x3c #define AUT_EXEC_ENV 0x3d #define AUT_ATTR32 0x3e -/* #define AUT_???? 0x3f */ +#define AUT_UNAUTH 0x3f #define AUT_XATOM 0x40 #define AUT_XOBJ 0x41 #define AUT_XPROTO 0x42 #define AUT_XSELECT 0x43 -/* XXXRW: Additional X11 tokens not defined? */ +#define AUT_XCOLORMAP 0x44 +#define AUT_XCURSOR 0x45 +#define AUT_XFONT 0x46 +#define AUT_XGC 0x47 +#define AUT_XPIXMAP 0x48 +#define AUT_XPROPERTY 0x49 +#define AUT_XWINDOW 0x4a +#define AUT_XCLIENT 0x4b #define AUT_CMD 0x51 #define AUT_EXIT 0x52 #define AUT_ZONENAME 0x60 -/* XXXRW: OpenBSM AUT_HOST 0x70? */ +#define AUT_HOST 0x70 #define AUT_ARG64 0x71 #define AUT_RETURN64 0x72 #define AUT_ATTR64 0x73 #define AUT_HEADER64 0x74 #define AUT_SUBJECT64 0x75 -#define AUT_SERVER64 0x76 #define AUT_PROCESS64 0x77 #define AUT_OTHER_FILE64 0x78 #define AUT_HEADER64_EX 0x79 @@ -107,55 +111,10 @@ #define AUT_ARG AUT_ARG32 #define AUT_RETURN AUT_RETURN32 #define AUT_SUBJECT AUT_SUBJECT32 -#define AUT_SERVER AUT_SERVER32 #define AUT_PROCESS AUT_PROCESS32 #define AUT_OTHER_FILE AUT_OTHER_FILE32 /* - * Darwin's bsm distribution uses the following non-BSM token name defines. - * We provide them for a single OpenBSM release for compatibility reasons. - */ -#define AU_FILE_TOKEN AUT_OTHER_FILE32 -#define AU_TRAILER_TOKEN AUT_TRAILER -#define AU_HEADER_32_TOKEN AUT_HEADER32 -#define AU_DATA_TOKEN AUT_DATA -#define AU_ARB_TOKEN AUT_DATA -#define AU_IPC_TOKEN AUT_IPC -#define AU_PATH_TOKEN AUT_PATH -#define AU_SUBJECT_32_TOKEN AUT_SUBJECT32 -#define AU_PROCESS_32_TOKEN AUT_PROCESS32 -#define AU_RETURN_32_TOKEN AUT_RETURN32 -#define AU_TEXT_TOKEN AUT_TEXT -#define AU_OPAQUE_TOKEN AUT_OPAQUE -#define AU_IN_ADDR_TOKEN AUT_IN_ADDR -#define AU_IP_TOKEN AUT_IP -#define AU_IPORT_TOKEN AUT_IPORT -#define AU_ARG32_TOKEN AUT_ARG32 -#define AU_SOCK_TOKEN AUT_SOCKET -#define AU_SEQ_TOKEN AUT_SEQ -#define AU_ATTR_TOKEN AUT_ATTR -#define AU_IPCPERM_TOKEN AUT_IPC_PERM -#define AU_NEWGROUPS_TOKEN AUT_NEWGROUPS -#define AU_EXEC_ARG_TOKEN AUT_EXEC_ARGS -#define AU_EXEC_ENV_TOKEN AUT_EXEC_ENV -#define AU_ATTR32_TOKEN AUT_ATTR32 -#define AU_CMD_TOKEN AUT_CMD -#define AU_EXIT_TOKEN AUT_EXIT -#define AU_ARG64_TOKEN AUT_ARG64 -#define AU_RETURN_64_TOKEN AUT_RETURN64 -#define AU_ATTR64_TOKEN AUT_ATTR64 -#define AU_HEADER_64_TOKEN AUT_HEADER64 -#define AU_SUBJECT_64_TOKEN AUT_SUBJECT64 -#define AU_PROCESS_64_TOKEN AUT_PROCESS64 -#define AU_HEADER_64_EX_TOKEN AUT_HEADER64_EX -#define AU_SUBJECT_32_EX_TOKEN AUT_SUBJECT32_EX -#define AU_PROCESS_32_EX_TOKEN AUT_PROCESS32_EX -#define AU_SUBJECT_64_EX_TOKEN AUT_SUBJECT64_EX -#define AU_PROCESS_64_EX_TOKEN AUT_PROCESS64_EX -#define AU_IN_ADDR_EX_TOKEN AUT_IN_ADDR_EX -#define AU_SOCK_32_EX_TOKEN AUT_SOCKET_EX - -/* * The values for the following token ids are not defined by BSM. * * XXXRW: Not sure how to handle these in OpenBSM yet, but I'll give them @@ -165,9 +124,6 @@ #define AUT_SOCKINET32 0x80 /* XXX */ #define AUT_SOCKINET128 0x81 /* XXX */ #define AUT_SOCKUNIX 0x82 /* XXX */ -#define AU_SOCK_INET_32_TOKEN AUT_SOCKINET32 -#define AU_SOCK_INET_128_TOKEN AUT_SOCKINET128 -#define AU_SOCK_UNIX_TOKEN AUT_SOCKUNIX /* print values for the arbitrary token */ #define AUP_BINARY 0 @@ -239,22 +195,25 @@ int au_close(int d, int keep, short event); int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen); int au_close_token(token_t *tok, u_char *buffer, size_t *buflen); -token_t *au_to_file(char *file, struct timeval tm); +token_t *au_to_file(const char *file, struct timeval tm); token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm); +token_t *au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm, struct auditinfo_addr *aia); token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm); #if !defined(KERNEL) && !defined(_KERNEL) token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); +token_t *au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); #endif token_t *au_to_me(void); -token_t *au_to_arg(char n, char *text, uint32_t v); -token_t *au_to_arg32(char n, char *text, uint32_t v); -token_t *au_to_arg64(char n, char *text, uint64_t v); +token_t *au_to_arg(char n, const char *text, uint32_t v); +token_t *au_to_arg32(char n, const char *text, uint32_t v); +token_t *au_to_arg64(char n, const char *text, uint64_t v); #if defined(_KERNEL) || defined(KERNEL) token_t *au_to_attr(struct vnode_au_info *vni); @@ -263,7 +222,7 @@ token_t *au_to_attr64(struct vnode_au_info *vni); #endif token_t *au_to_data(char unit_print, char unit_type, char unit_count, - char *p); + const char *p); token_t *au_to_exit(int retval, int err); token_t *au_to_groups(int *groups); token_t *au_to_newgroups(uint16_t n, gid_t *groups); @@ -273,8 +232,8 @@ token_t *au_to_ip(struct ip *ip); token_t *au_to_ipc(char type, int id); token_t *au_to_ipc_perm(struct ipc_perm *perm); token_t *au_to_iport(uint16_t iport); -token_t *au_to_opaque(char *data, uint16_t bytes); -token_t *au_to_path(char *path); +token_t *au_to_opaque(const char *data, uint16_t bytes); +token_t *au_to_path(const char *path); token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, @@ -318,16 +277,16 @@ token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); #if defined(_KERNEL) || defined(KERNEL) -token_t *au_to_exec_args(char *args, int argc); -token_t *au_to_exec_env(char *envs, int envc); +token_t *au_to_exec_args(const char *args, int argc); +token_t *au_to_exec_env(const char *envs, int envc); #else token_t *au_to_exec_args(char **argv); token_t *au_to_exec_env(char **envp); #endif -token_t *au_to_text(char *text); +token_t *au_to_text(const char *text); token_t *au_to_kevent(struct kevent *kev); token_t *au_to_trailer(int rec_size); -token_t *au_to_zonename(char *zonename); +token_t *au_to_zonename(const char *zonename); __END_DECLS diff --git a/test/Makefile.am b/test/Makefile.am index e52150c..8f20eb5 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.am#2 $ # SUBDIRS = \ diff --git a/test/Makefile.in b/test/Makefile.in index f2bfda4..9eb97fa 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.in#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.in#6 $ # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ @@ -100,6 +100,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ diff --git a/test/bsm/Makefile.am b/test/bsm/Makefile.am index 8aa7934..a4f58b5 100644 --- a/test/bsm/Makefile.am +++ b/test/bsm/Makefile.am @@ -1,8 +1,12 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.am#3 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif bin_PROGRAMS = generate generate_SOURCES = generate.c diff --git a/test/bsm/Makefile.in b/test/bsm/Makefile.in index a77196e..128b03d 100644 --- a/test/bsm/Makefile.in +++ b/test/bsm/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.in#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.in#6 $ # VPATH = @srcdir@ @@ -110,6 +110,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -176,7 +177,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) generate_SOURCES = generate.c generate_LDADD = $(top_builddir)/libbsm/libbsm.la all: all-am diff --git a/test/reference/process32ex_record b/test/reference/process32ex_record Binary files differdeleted file mode 100644 index aa2cb56..0000000 --- a/test/reference/process32ex_record +++ /dev/null diff --git a/test/reference/process32ex_token b/test/reference/process32ex_token Binary files differdeleted file mode 100644 index ba84a2a..0000000 --- a/test/reference/process32ex_token +++ /dev/null diff --git a/tools/Makefile b/tools/Makefile deleted file mode 100644 index 79e582d..0000000 --- a/tools/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile#3 $ -# - -CFLAGS+= -I- -I .. -I ../libbsm -L ../libbsm -I. -PROG= audump -NO_MAN= -DPADD= /usr/lib/libbsm.a -LDADD= -lbsm -BINDIR= /usr/sbin -WARNS= 3 - -.include <bsd.prog.mk> diff --git a/tools/Makefile.am b/tools/Makefile.am index 53aa1d5..60acbea 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -1,8 +1,12 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.am#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.am#4 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif bin_PROGRAMS = audump audump_SOURCES = audump.c diff --git a/tools/Makefile.in b/tools/Makefile.in index b8cff23..d689761 100644 --- a/tools/Makefile.in +++ b/tools/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.in#5 $ +# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.in#9 $ # VPATH = @srcdir@ @@ -110,6 +110,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -176,7 +177,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) audump_SOURCES = audump.c audump_LDADD = $(top_builddir)/libbsm/libbsm.la all: all-am |
