Vendor import of OpenBSM 1.0 alpha 9, with the following change history

notes since the last import:

OpenBSM 1.0 alpha 9

- Rename many OpenBSM-specific constants and API elements containing the
  strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true
  for almost all existing constants and APIs.
- Instead of passing a per-instance cookie directly into all audit filter
  APIs, pass in the audit filter daemon state pointer, which is then used by
  the module using an audit_filter_{get,set}cookie() API.  This will allow
  future service APIs provided by the filter daemon to maintain their own
  state -- for example, per-module preselection state.

OpenBSM 1.0 alpha 8

- Correct typo in definition of AUR_INT.
- Adopt OpenSolaris constant values for AUDIT_* configuration flags.
- Arguments to au_to_exec_args() and au_to_exec_env() no longer const.
- Add kernel versions of au_to_exec_args() and au_to_exec_env().
- Fix exec argument type that is printed for env strings from 'arg' to 'env'.
- New OpenBSM token version number assigned, constants added for other
  commonly seen version numbers.
- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future
  collisions with Solaris.  Darwin events renamed to AUE_DARWIN_foo, as they
  are now deprecated numberings.
- autoconf now detects clock_gettime(), which is not available on Darwin.
- praudit output fixes relating to arg32 and arg64 tokens.
- Maximum record size updated to 64k-1 to match Solaris record size limit.
- Various style and comment cleanups in include files.

This is an MFC candidate to RELENG_6.

Obtained from:	TrustedBSD Project

4 files changed, 57 insertions, 21 deletions

diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c
index edfe6c0..3996081 100644
--- a/contrib/openbsm/bin/auditd/auditd.c
+++ b/contrib/openbsm/bin/auditd/auditd.c
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#17 $
  */
 
 #include <sys/types.h>
@@ -88,7 +88,7 @@ fail_exit(void)
  * Free our local list of directory names.
  */
 static void
-free_dir_q()
+free_dir_q(void)
 {
 	struct dir_ent *dirent;
 
diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd.c b/contrib/openbsm/bin/auditfilterd/auditfilterd.c
index 5128af0..2723a97 100644
--- a/contrib/openbsm/bin/auditfilterd/auditfilterd.c
+++ b/contrib/openbsm/bin/auditfilterd/auditfilterd.c
@@ -25,7 +25,16 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#6 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#9 $
+ */
+
+/*
+ * Main file for the audit filter daemon, which presents audit records to a
+ * set of run-time registered loadable modules.  This is the main event loop
+ * of the daemon, which handles starting up, waiting for records, and
+ * presenting records to configured modules.  auditfilterd_conf.c handles the
+ * reading and management of the configuration, module list and module state,
+ * etc.
  */
 
 #include <sys/types.h>
@@ -106,13 +115,13 @@ signal_handler(int signum)
  * Present raw BSM to a set of registered and interested filters.
  */
 static void
-present_bsmrecord(struct timespec *ts, u_char *data, u_int len)
+present_rawrecord(struct timespec *ts, u_char *data, u_int len)
 {
 	struct auditfilter_module *am;
 
 	TAILQ_FOREACH(am, &filter_list, am_list) {
-		if (am->am_bsmrecord != NULL)
-			(am->am_bsmrecord)(am->am_instance, ts, data, len);
+		if (am->am_rawrecord != NULL)
+			(am->am_rawrecord)(am, ts, data, len);
 	}
 }
 
@@ -140,8 +149,7 @@ present_tokens(struct timespec *ts, u_char *data, u_int len)
 
 	TAILQ_FOREACH(am, &filter_list, am_list) {
 		if (am->am_record != NULL)
-			(am->am_record)(am->am_instance, ts, tokencount,
-			    tokens);
+			(am->am_record)(am, ts, tokencount, tokens);
 	}
 }
 
@@ -191,7 +199,7 @@ mainloop_file(const char *conffile, const char *trailfile, FILE *trail_fp)
 			continue;
 		if (clock_gettime(CLOCK_REALTIME, &ts) < 0)
 			err(-1, "clock_gettime");
-		present_bsmrecord(&ts, buf, reclen);
+		present_rawrecord(&ts, buf, reclen);
 		present_tokens(&ts, buf, reclen);
 		free(buf);
 	}
@@ -241,7 +249,7 @@ mainloop_pipe(const char *conffile, const char *pipefile, int pipe_fd)
 			continue;
 		if (clock_gettime(CLOCK_REALTIME, &ts) < 0)
 			err(-1, "clock_gettime");
-		present_bsmrecord(&ts, record, reclen);
+		present_rawrecord(&ts, record, reclen);
 		present_tokens(&ts, record, reclen);
 	}
 }
diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd.h b/contrib/openbsm/bin/auditfilterd/auditfilterd.h
index 189c21f..d55aeee 100644
--- a/contrib/openbsm/bin/auditfilterd/auditfilterd.h
+++ b/contrib/openbsm/bin/auditfilterd/auditfilterd.h
@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.h#3 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.h#5 $
  */
 
 #define	AUDITFILTERD_CONFFILE	"/etc/security/audit_filter"
@@ -53,11 +53,11 @@ struct auditfilter_module {
 	/*
 	 * Fields provided by or extracted from the module.
 	 */
-	void						*am_instance;
+	void						*am_cookie;
 	audit_filter_attach_t				 am_attach;
 	audit_filter_reinit_t				 am_reinit;
 	audit_filter_record_t				 am_record;
-	audit_filter_bsmrecord_t			 am_bsmrecord;
+	audit_filter_rawrecord_t			 am_rawrecord;
 	audit_filter_detach_t				 am_detach;
 
 	/*
diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c b/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c
index 4e1759d..b0642fa 100644
--- a/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c
+++ b/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c
@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd_conf.c#5 $
  */
 
 /*
@@ -38,6 +38,12 @@
  * Modules are in one of two states: attached, or detached.  If attach fails,
  * detach is not called because it was not attached.  If a module is attached
  * and a call to its reinit method fails, we will detach it.
+ *
+ * Modules are passed a (void *) reference to their configuration state so
+ * that they may pass this into any common APIs we provide which may rely on
+ * that state.  Currently, the only such API is the cookie API, which allows
+ * per-instance state to be maintained by a module.  In the future, this will
+ * also be used to support per-instance preselection state.
  */
 
 #include <sys/types.h>
@@ -105,8 +111,8 @@ auditfilter_module_detach(struct auditfilter_module *am)
 {
 
 	if (am->am_detach != NULL)
-		am->am_detach(am->am_instance);
-	am->am_instance = NULL;
+		am->am_detach(am);
+	am->am_cookie = NULL;
 	(void)dlclose(am->am_dlhandle);
 	am->am_dlhandle = NULL;
 }
@@ -149,21 +155,22 @@ auditfilter_module_attach(struct auditfilter_module *am)
 	am->am_attach = dlsym(am->am_dlhandle, AUDIT_FILTER_ATTACH_STRING);
 	am->am_reinit = dlsym(am->am_dlhandle, AUDIT_FILTER_REINIT_STRING);
 	am->am_record = dlsym(am->am_dlhandle, AUDIT_FILTER_RECORD_STRING);
-	am->am_bsmrecord = dlsym(am->am_dlhandle,
-	    AUDIT_FILTER_BSMRECORD_STRING);
+	am->am_rawrecord = dlsym(am->am_dlhandle,
+	    AUDIT_FILTER_RAWRECORD_STRING);
 	am->am_detach = dlsym(am->am_dlhandle, AUDIT_FILTER_DETACH_STRING);
 
 	if (am->am_attach != NULL) {
-		if (am->am_attach(&am->am_instance, am->am_argc, am->am_argv)
+		if (am->am_attach(am, am->am_argc, am->am_argv)
 		    != AUDIT_FILTER_SUCCESS) {
 			warnx("auditfilter_module_attach: %s: failed",
 			    am->am_modulename);
 			dlclose(am->am_dlhandle);
 			am->am_dlhandle = NULL;
+			am->am_cookie = NULL;
 			am->am_attach = NULL;
 			am->am_reinit = NULL;
 			am->am_record = NULL;
-			am->am_bsmrecord = NULL;
+			am->am_rawrecord = NULL;
 			am->am_detach = NULL;
 			return (-1);
 		}
@@ -184,7 +191,7 @@ auditfilter_module_reinit(struct auditfilter_module *am)
 	if (am->am_reinit == NULL)
 		return (0);
 
-	if (am->am_reinit(&am->am_instance, am->am_argc, am->am_argv) !=
+	if (am->am_reinit(am, am->am_argc, am->am_argv) !=
 	    AUDIT_FILTER_SUCCESS) {
 		warnx("auditfilter_module_reinit: %s: failed",
 		    am->am_modulename);
@@ -483,3 +490,24 @@ auditfilterd_conf_shutdown(void)
 	auditfilter_module_list_detach(&filter_list);
 	auditfilter_module_list_free(&filter_list);
 }
+
+/*
+ * APIs to allow modules to query and set their per-instance cookie.
+ */
+void
+audit_filter_getcookie(void *instance, void **cookie)
+{
+	struct auditfilter_module *am;
+
+	am = (struct auditfilter_module *)instance;
+	*cookie = am->am_cookie;
+}
+
+void
+audit_filter_setcookie(void *instance, void *cookie)
+{
+	struct auditfilter_module *am;
+
+	am = (struct auditfilter_module *)instance;
+	am->am_cookie = cookie;
+}