diff options
| author | rwatson <rwatson@FreeBSD.org> | 2008-12-02 23:26:43 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2008-12-02 23:26:43 +0000 |
| commit | 0ac6f8ebdfebed8ad6c6fa1334d227524df2c013 (patch) | |
| tree | 909e4490f5c6d4141d466ad2fdf963beeb90afca /contrib/openbsm/bin | |
| parent | 1383cec09e16a1fb5117c67951f100e7931363e7 (diff) | |
| parent | 208cf4160e79a64866887cc5f89f964cc899f97e (diff) | |
| download | FreeBSD-src-0ac6f8ebdfebed8ad6c6fa1334d227524df2c013.zip FreeBSD-src-0ac6f8ebdfebed8ad6c6fa1334d227524df2c013.tar.gz | |
Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).
- Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
- Merge support for new tokens, fixes to existing token generation to
audit_bsm_token.c.
- Synchronize bsm includes and definitions.
OpenBSM history for imported revisions below for reference.
MFC after: 1 month
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
--
OpenBSM 1.1 alpha 2
- Include files in OpenBSM are now broken out into two parts: library builds
required solely for user space, and system includes, which may also be
required for use in the kernels of systems integrating OpenBSM. Submitted
by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
include for system includes, rather than the versions bundled with OpenBSM.
This is intended specifically for platforms that ship OpenBSM, have adapted
versions of the system includes in a kernel source tree, and will use the
OpenBSM build infrastructure with an unmodified OpenBSM distribution,
allowing the customized system includes to be used with the OpenBSM build.
Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
or asprintf(). Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
on the host generating the record.
- Add support for setting extended host information in the kernel, which is
used for setting host information in extended header tokens. The
audit_control file now supports a "host" parameter which can be used by
auditd to set the information; if not present, the kernel parameters won't
be set and auditd uses unextended headers for records that it generates.
OpenBSM 1.1 alpha 1
- Add option to auditreduce(1) which allows users to invert sense of
matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
event there is an error writing the subject token. This was submitted
by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not being arguments so
that const strings can be passed as arguments to tokens. This patch was
submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.
Diffstat (limited to 'contrib/openbsm/bin')
25 files changed, 678 insertions, 163 deletions
diff --git a/contrib/openbsm/bin/Makefile.in b/contrib/openbsm/bin/Makefile.in index 8124228..ddace58 100644 --- a/contrib/openbsm/bin/Makefile.in +++ b/contrib/openbsm/bin/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.in#5 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.in#8 $ # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ @@ -104,6 +104,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ diff --git a/contrib/openbsm/bin/audit/Makefile.am b/contrib/openbsm/bin/audit/Makefile.am index 83094bb..ed62929 100644 --- a/contrib/openbsm/bin/audit/Makefile.am +++ b/contrib/openbsm/bin/audit/Makefile.am @@ -1,10 +1,23 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#4 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif sbin_PROGRAMS = audit -audit_SOURCES = audit.c audit_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = audit.8 + +if USE_MACH_IPC +audit_SOURCES = auditd_control_user.c audit.c +CLEANFILES = auditd_control_user.c auditd_control_user.h + +auditd_control_user.c: $(top_srcdir)/bin/auditd/auditd_control.defs + $(MIG) -user auditd_control_user.c -header auditd_control_user.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs +else +audit_SOURCES = audit.c +endif diff --git a/contrib/openbsm/bin/audit/Makefile.in b/contrib/openbsm/bin/audit/Makefile.in index 9f5e7bd..edaf018 100644 --- a/contrib/openbsm/bin/audit/Makefile.in +++ b/contrib/openbsm/bin/audit/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#4 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#9 $ # VPATH = @srcdir@ @@ -49,7 +49,10 @@ CONFIG_CLEAN_FILES = am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(sbin_PROGRAMS) -am_audit_OBJECTS = audit.$(OBJEXT) +am__audit_SOURCES_DIST = audit.c auditd_control_user.c +@USE_MACH_IPC_FALSE@am_audit_OBJECTS = audit.$(OBJEXT) +@USE_MACH_IPC_TRUE@am_audit_OBJECTS = auditd_control_user.$(OBJEXT) \ +@USE_MACH_IPC_TRUE@ audit.$(OBJEXT) audit_OBJECTS = $(am_audit_OBJECTS) audit_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@ @@ -65,7 +68,7 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(audit_SOURCES) -DIST_SOURCES = $(audit_SOURCES) +DIST_SOURCES = $(am__audit_SOURCES_DIST) man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man8_MANS) @@ -113,6 +116,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -179,10 +183,13 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) -audit_SOURCES = audit.c +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) audit_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = audit.8 +@USE_MACH_IPC_FALSE@audit_SOURCES = audit.c +@USE_MACH_IPC_TRUE@audit_SOURCES = auditd_control_user.c audit.c +@USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_user.c auditd_control_user.h all: all-am .SUFFIXES: @@ -255,6 +262,7 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_control_user.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -426,6 +434,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -511,6 +520,9 @@ uninstall-man: uninstall-man8 tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-sbinPROGRAMS + +@USE_MACH_IPC_TRUE@auditd_control_user.c: $(top_srcdir)/bin/auditd/auditd_control.defs +@USE_MACH_IPC_TRUE@ $(MIG) -user auditd_control_user.c -header auditd_control_user.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/contrib/openbsm/bin/audit/audit.8 b/contrib/openbsm/bin/audit/audit.8 index b735981..4aaa494 100644 --- a/contrib/openbsm/bin/audit/audit.8 +++ b/contrib/openbsm/bin/audit/audit.8 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#10 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#11 $ .\" .Dd October 2, 2006 .Dt AUDIT 8 diff --git a/contrib/openbsm/bin/audit/audit.c b/contrib/openbsm/bin/audit/audit.c index 3540464..b1415a6 100644 --- a/contrib/openbsm/bin/audit/audit.c +++ b/contrib/openbsm/bin/audit/audit.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. +/*- + * Copyright (c) 2005-2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#8 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#11 $ */ /* * Program to trigger the audit daemon with a message that is either: @@ -37,7 +37,12 @@ */ #include <sys/types.h> +#include <config/config.h> +#ifdef HAVE_FULL_QUEUE_H #include <sys/queue.h> +#else /* !HAVE_FULL_QUEUE_H */ +#include <compat/queue.h> +#endif /* !HAVE_FULL_QUEUE_H */ #include <sys/uio.h> #include <bsm/libbsm.h> @@ -47,6 +52,58 @@ #include <stdlib.h> #include <unistd.h> + +static int send_trigger(unsigned int); + +#ifdef USE_MACH_IPC +#include <mach/mach.h> +#include <servers/netname.h> +#include <mach/message.h> +#include <mach/port.h> +#include <mach/mach_error.h> +#include <mach/host_special_ports.h> +#include <servers/bootstrap.h> + +#include "auditd_control_user.h" + +static int +send_trigger(unsigned int trigger) +{ + mach_port_t serverPort; + kern_return_t error; + + error = host_get_audit_control_port(mach_host_self(), &serverPort); + if (error != KERN_SUCCESS) { + mach_error("Cannot get auditd_control Mach port: ", error); + return (-1); + } + + error = auditd_control(serverPort, trigger); + if (error != KERN_SUCCESS) { + mach_error("Error sending trigger: ", error); + return (-1); + } + + return (0); +} + +#else /* ! USE_MACH_IPC */ + +static int +send_trigger(unsigned int trigger) +{ + int error; + + error = auditon(A_SENDTRIGGER, &trigger, sizeof(trigger)); + if (error != 0) { + perror("Error sending trigger"); + return (-1); + } + + return (0); +} +#endif /* ! USE_MACH_IPC */ + static void usage(void) { @@ -88,11 +145,9 @@ main(int argc, char **argv) break; } } - if (auditon(A_SENDTRIGGER, &trigger, sizeof(trigger)) < 0) { - perror("Error sending trigger"); + if (send_trigger(trigger) < 0) exit(-1); - } else { - printf("Trigger sent.\n"); - exit (0); - } + + printf("Trigger sent.\n"); + exit (0); } diff --git a/contrib/openbsm/bin/auditd/Makefile.am b/contrib/openbsm/bin/auditd/Makefile.am index eecfa55..f65b155 100644 --- a/contrib/openbsm/bin/auditd/Makefile.am +++ b/contrib/openbsm/bin/auditd/Makefile.am @@ -1,10 +1,26 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#4 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif sbin_PROGRAMS = auditd -auditd_SOURCES = audit_warn.c auditd.c auditd_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = auditd.8 + +if USE_MACH_IPC +auditd_SOURCES = auditd_control_server.c audit_triggers_server.c audit_warn.c auditd.c +CLEANFILES = auditd_control_server.c auditd_control_server.h audit_triggers_server.c audit_triggers_server.h + +auditd_control_server.c: auditd_control.defs + $(MIG) -user /dev/null -header /dev/null -server auditd_control_server.c -sheader auditd_control_server.h $(top_srcdir)/bin/auditd/auditd_control.defs + +audit_triggers_server.c: audit_triggers.defs + $(MIG) -user /dev/null -header /dev/null -server audit_triggers_server.c -sheader audit_triggers_server.h $(top_srcdir)/bin/auditd/audit_triggers.defs +else +auditd_SOURCES = audit_warn.c auditd.c +endif diff --git a/contrib/openbsm/bin/auditd/Makefile.in b/contrib/openbsm/bin/auditd/Makefile.in index 9ff9451..731607c 100644 --- a/contrib/openbsm/bin/auditd/Makefile.in +++ b/contrib/openbsm/bin/auditd/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#4 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#9 $ # VPATH = @srcdir@ @@ -49,7 +49,14 @@ CONFIG_CLEAN_FILES = am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(sbin_PROGRAMS) -am_auditd_OBJECTS = audit_warn.$(OBJEXT) auditd.$(OBJEXT) +am__auditd_SOURCES_DIST = audit_warn.c auditd.c \ + auditd_control_server.c audit_triggers_server.c +@USE_MACH_IPC_FALSE@am_auditd_OBJECTS = audit_warn.$(OBJEXT) \ +@USE_MACH_IPC_FALSE@ auditd.$(OBJEXT) +@USE_MACH_IPC_TRUE@am_auditd_OBJECTS = \ +@USE_MACH_IPC_TRUE@ auditd_control_server.$(OBJEXT) \ +@USE_MACH_IPC_TRUE@ audit_triggers_server.$(OBJEXT) \ +@USE_MACH_IPC_TRUE@ audit_warn.$(OBJEXT) auditd.$(OBJEXT) auditd_OBJECTS = $(am_auditd_OBJECTS) auditd_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@ @@ -65,7 +72,7 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(auditd_SOURCES) -DIST_SOURCES = $(auditd_SOURCES) +DIST_SOURCES = $(am__auditd_SOURCES_DIST) man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man8_MANS) @@ -113,6 +120,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -179,10 +187,13 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) -auditd_SOURCES = audit_warn.c auditd.c +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) auditd_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = auditd.8 +@USE_MACH_IPC_FALSE@auditd_SOURCES = audit_warn.c auditd.c +@USE_MACH_IPC_TRUE@auditd_SOURCES = auditd_control_server.c audit_triggers_server.c audit_warn.c auditd.c +@USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_server.c auditd_control_server.h audit_triggers_server.c audit_triggers_server.h all: all-am .SUFFIXES: @@ -254,8 +265,10 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit_triggers_server.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit_warn.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_control_server.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -427,6 +440,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -512,6 +526,12 @@ uninstall-man: uninstall-man8 tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-sbinPROGRAMS + +@USE_MACH_IPC_TRUE@auditd_control_server.c: auditd_control.defs +@USE_MACH_IPC_TRUE@ $(MIG) -user /dev/null -header /dev/null -server auditd_control_server.c -sheader auditd_control_server.h $(top_srcdir)/bin/auditd/auditd_control.defs + +@USE_MACH_IPC_TRUE@audit_triggers_server.c: audit_triggers.defs +@USE_MACH_IPC_TRUE@ $(MIG) -user /dev/null -header /dev/null -server audit_triggers_server.c -sheader audit_triggers_server.h $(top_srcdir)/bin/auditd/audit_triggers.defs # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/contrib/openbsm/bin/auditd/audit_triggers.defs b/contrib/openbsm/bin/auditd/audit_triggers.defs new file mode 100644 index 0000000..f5b394d --- /dev/null +++ b/contrib/openbsm/bin/auditd/audit_triggers.defs @@ -0,0 +1,5 @@ +/* + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_triggers.defs#1 $ + */ + +#include <mach/audit_triggers.defs> diff --git a/contrib/openbsm/bin/auditd/audit_warn.c b/contrib/openbsm/bin/auditd/audit_warn.c index ef3de52..7bc7a14 100644 --- a/contrib/openbsm/bin/auditd/audit_warn.c +++ b/contrib/openbsm/bin/auditd/audit_warn.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. +/*- + * Copyright (c) 2005 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#8 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#9 $ */ #include <sys/types.h> diff --git a/contrib/openbsm/bin/auditd/auditd.8 b/contrib/openbsm/bin/auditd/auditd.8 index ec6b99a..199b9cc 100644 --- a/contrib/openbsm/bin/auditd/auditd.8 +++ b/contrib/openbsm/bin/auditd/auditd.8 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#13 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#14 $ .\" .Dd October 2, 2006 .Dt AUDITD 8 diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c index fb6fbd5..e0c03d0 100644 --- a/contrib/openbsm/bin/auditd/auditd.c +++ b/contrib/openbsm/bin/auditd/auditd.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004-2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,13 +26,21 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#26 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#39 $ */ -#include <sys/types.h> +#include <sys/param.h> + +#include <config/config.h> + #include <sys/dirent.h> #include <sys/mman.h> +#include <sys/socket.h> +#ifdef HAVE_FULL_QUEUE_H #include <sys/queue.h> +#else /* !HAVE_FULL_QUEUE_H */ +#include <compat/queue.h> +#endif /* !HAVE_FULL_QUEUE_H */ #include <sys/stat.h> #include <sys/wait.h> @@ -40,6 +48,8 @@ #include <bsm/audit_uevents.h> #include <bsm/libbsm.h> +#include <netinet/in.h> + #include <err.h> #include <errno.h> #include <fcntl.h> @@ -51,19 +61,46 @@ #include <signal.h> #include <string.h> #include <syslog.h> +#include <netdb.h> #include "auditd.h" +#ifdef USE_MACH_IPC +#include <notify.h> +#include <mach/port.h> +#include <mach/mach_error.h> +#include <mach/mach_traps.h> +#include <mach/mach.h> +#include <mach/host_special_ports.h> + +#include "auditd_control_server.h" +#include "audit_triggers_server.h" +#endif /* USE_MACH_IPC */ + +#ifndef HAVE_STRLCPY +#include <compat/strlcpy.h> +#endif #define NA_EVENT_STR_SIZE 25 #define POL_STR_SIZE 128 - static int ret, minval; static char *lastfile = NULL; static int allhardcount = 0; -static int triggerfd = 0; static int sigchlds, sigchlds_handled; static int sighups, sighups_handled; +#ifndef USE_MACH_IPC static int sigterms, sigterms_handled; +static int triggerfd = 0; + +#else /* USE_MACH_IPC */ + +static mach_port_t control_port = MACH_PORT_NULL; +static mach_port_t signal_port = MACH_PORT_NULL; +static mach_port_t port_set = MACH_PORT_NULL; + +#ifndef __BSM_INTERNAL_NOTIFY_KEY +#define __BSM_INTERNAL_NOTIFY_KEY "com.apple.audit.change" +#endif /* __BSM_INTERNAL_NOTIFY_KEY */ +#endif /* USE_MACH_IPC */ static TAILQ_HEAD(, dir_ent) dir_q; @@ -120,19 +157,17 @@ getTSstr(char *buf, int len) static char * affixdir(char *name, struct dir_ent *dirent) { - char *fn; - char *curdir; - const char *sep = "/"; + char *fn = NULL; - curdir = dirent->dirname; syslog(LOG_DEBUG, "dir = %s", dirent->dirname); - - fn = malloc(strlen(curdir) + strlen(sep) + (2 * POSTFIX_LEN) + 1); - if (fn == NULL) + /* + * Sanity check on file name. + */ + if (strlen(name) != (FILENAME_LEN - 1)) { + syslog(LOG_ERR, "Invalid file name: %s", name); return (NULL); - strcpy(fn, curdir); - strcat(fn, sep); - strcat(fn, name); + } + asprintf(&fn, "%s/%s", dirent->dirname, name); return (fn); } @@ -144,17 +179,18 @@ close_lastfile(char *TS) { char *ptr; char *oldname; + size_t len; if (lastfile != NULL) { - oldname = (char *)malloc(strlen(lastfile) + 1); + len = strlen(lastfile) + 1; + oldname = (char *)malloc(len); if (oldname == NULL) return (-1); - strcpy(oldname, lastfile); + strlcpy(oldname, lastfile, len); /* Rename the last file -- append timestamp. */ if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) { - *ptr = '.'; - strcpy(ptr+1, TS); + strlcpy(ptr, TS, TIMESTAMP_LEN); if (rename(oldname, lastfile) != 0) syslog(LOG_ERR, "Could not rename %s to %s: %m", oldname, @@ -164,7 +200,9 @@ close_lastfile(char *TS) oldname, lastfile); audit_warn_closefile(lastfile); } - } + } else + syslog(LOG_ERR, "Could not rename %s to %s", oldname, + lastfile); free(lastfile); free(oldname); lastfile = NULL; @@ -206,9 +244,9 @@ open_trail(const char *fname) static int swap_audit_file(void) { - char timestr[2 * POSTFIX_LEN]; + char timestr[FILENAME_LEN]; char *fn; - char TS[POSTFIX_LEN]; + char TS[TIMESTAMP_LEN]; struct dir_ent *dirent; #ifdef AUDIT_REVIEW_GROUP struct group *grp; @@ -217,11 +255,10 @@ swap_audit_file(void) #endif int error, fd; - if (getTSstr(TS, POSTFIX_LEN) != 0) + if (getTSstr(TS, TIMESTAMP_LEN) != 0) return (-1); - strcpy(timestr, TS); - strcat(timestr, NOT_TERMINATED); + snprintf(timestr, FILENAME_LEN, "%s.%s", TS, NOT_TERMINATED); #ifdef AUDIT_REVIEW_GROUP /* @@ -268,6 +305,14 @@ swap_audit_file(void) close(fd); } else { /* Success. */ +#ifdef USE_MACH_IPC + /* + * auditctl() potentially changes the audit + * state so post that the audit config (may + * have) changed. + */ + notify_post(__BSM_INTERNAL_NOTIFY_KEY); +#endif close_lastfile(TS); lastfile = fn; close(fd); @@ -321,7 +366,7 @@ read_control_file(void) free(dirent); return (-1); } - strcpy(dirent->dirname, cur_dir); + strlcpy(dirent->dirname, cur_dir, MAXNAMLEN); TAILQ_INSERT_TAIL(&dir_q, dirent, dirs); } @@ -367,7 +412,7 @@ close_all(void) { struct auditinfo ai; int err_ret = 0; - char TS[POSTFIX_LEN]; + char TS[TIMESTAMP_LEN]; int aufd; token_t *tok; long cond; @@ -402,7 +447,13 @@ close_all(void) strerror(errno)); err_ret = 1; } - if (getTSstr(TS, POSTFIX_LEN) == 0) +#ifdef USE_MACH_IPC + /* + * Post a notification that the audit config changed. + */ + notify_post(__BSM_INTERNAL_NOTIFY_KEY); +#endif + if (getTSstr(TS, TIMESTAMP_LEN) == 0) close_lastfile(TS); if (lastfile != NULL) free(lastfile); @@ -415,8 +466,10 @@ close_all(void) } endac(); +#ifndef USE_MACH_IPC if (close(triggerfd) != 0) syslog(LOG_ERR, "Error closing control file"); +#endif syslog(LOG_INFO, "Finished"); return (0); } @@ -427,6 +480,22 @@ close_all(void) * main servicing loop to do proper handling from a non-signal-handler * context. */ +#ifdef USE_MACH_IPC +static void +relay_signal(int signal) +{ + mach_msg_empty_send_t msg; + + msg.header.msgh_id = signal; + msg.header.msgh_remote_port = signal_port; + msg.header.msgh_local_port = MACH_PORT_NULL; + msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_MAKE_SEND, 0); + mach_msg(&(msg.header), MACH_SEND_MSG|MACH_SEND_TIMEOUT, sizeof(msg), + 0, MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL); +} + +#else /* ! USE_MACH_IPC */ + static void relay_signal(int signal) { @@ -438,6 +507,7 @@ relay_signal(int signal) if (signal == SIGCHLD) sigchlds++; } +#endif /* ! USE_MACH_IPC */ /* * Registering the daemon. @@ -492,6 +562,48 @@ register_daemon(void) return (0); } +#ifdef USE_MACH_IPC +/* + * Implementation of the auditd_control() MIG simpleroutine. + * + * React to input from the audit(1) tool. + */ + +/* ARGSUSED */ +kern_return_t +auditd_control(mach_port_t __unused auditd_port, int trigger) +{ + int err_ret = 0; + + switch (trigger) { + + case AUDIT_TRIGGER_ROTATE_USER: + /* + * Create a new file and swap with the one + * being used in kernel. + */ + if (swap_audit_file() == -1) + syslog(LOG_ERR, "Error swapping audit file"); + break; + + case AUDIT_TRIGGER_READ_FILE: + if (read_control_file() == -1) + syslog(LOG_ERR, "Error in audit control file"); + break; + + case AUDIT_TRIGGER_CLOSE_AND_DIE: + err_ret = close_all(); + exit (err_ret); + break; + + default: + break; + } + + return (KERN_SUCCESS); +} +#endif /* USE_MACH_IPC */ + /* * Handle the audit trigger event. * @@ -503,8 +615,18 @@ register_daemon(void) * not be retransmitted, and the log file will grow in an unbounded fashion. */ #define DUPLICATE_INTERVAL 30 -static void +#ifdef USE_MACH_IPC +#define AT_SUCCESS KERN_SUCCESS + +/* ARGSUSED */ +kern_return_t +audit_triggers(mach_port_t __unused audit_port, int trigger) +#else +#define AT_SUCCESS 0 + +static int handle_audit_trigger(int trigger) +#endif { static int last_trigger, last_warning; static time_t last_time; @@ -533,7 +655,7 @@ handle_audit_trigger(int trigger) syslog(LOG_INFO, "Suppressing duplicate trigger %d", trigger); - return; + return (AT_SUCCESS); } last_warning = tt; break; @@ -634,8 +756,12 @@ handle_audit_trigger(int trigger) syslog(LOG_ERR, "Got unknown trigger %d", trigger); break; } + + return (AT_SUCCESS); } +#undef AT_SUCCESS + static void handle_sighup(void) { @@ -644,6 +770,69 @@ handle_sighup(void) config_audit_controls(); } +static int +config_audit_host(void) +{ + char hoststr[MAXHOSTNAMELEN]; + struct sockaddr_in6 *sin6; + struct sockaddr_in *sin; + struct addrinfo *res; + struct auditinfo_addr aia; + int error; + + if (getachost(hoststr, MAXHOSTNAMELEN) != 0) { + syslog(LOG_WARNING, + "warning: failed to read 'host' param in control file"); + /* + * To maintain reverse compatability with older audit_control + * files, simply drop a warning if the host parameter has not + * been set. However, we will explicitly disable the + * generation of extended audit header by passing in a zeroed + * termid structure. + */ + bzero(&aia, sizeof(aia)); + aia.ai_termid.at_type = AU_IPv4; + error = auditon(A_SETKAUDIT, &aia, sizeof(aia)); + if (error < 0 && errno == ENOSYS) + return (0); + else if (error < 0) { + syslog(LOG_ERR, + "Failed to set audit host info"); + return (-1); + } + return (0); + } + error = getaddrinfo(hoststr, NULL, NULL, &res); + if (error) { + syslog(LOG_ERR, "Failed to lookup hostname: %s", hoststr); + return (-1); + } + switch (res->ai_family) { + case PF_INET6: + sin6 = (struct sockaddr_in6 *) res->ai_addr; + bcopy(&sin6->sin6_addr.s6_addr, + &aia.ai_termid.at_addr[0], sizeof(struct in6_addr)); + aia.ai_termid.at_type = AU_IPv6; + break; + case PF_INET: + sin = (struct sockaddr_in *) res->ai_addr; + bcopy(&sin->sin_addr.s_addr, + &aia.ai_termid.at_addr[0], sizeof(struct in_addr)); + aia.ai_termid.at_type = AU_IPv4; + break; + default: + syslog(LOG_ERR, + "Un-supported address family in host parameter"); + return (-1); + } + if (auditon(A_SETKAUDIT, &aia, sizeof(aia)) < 0) { + syslog(LOG_ERR, + "auditon: failed to set audit host information"); + return (-1); + } + return (0); +} + /* * Reap our children. */ @@ -675,6 +864,61 @@ handle_sigchld(void) /* * Read the control file for triggers/signals and handle appropriately. */ +#ifdef USE_MACH_IPC +#define MAX_MSG_SIZE 4096 + +static boolean_t +auditd_combined_server(mach_msg_header_t *InHeadP, + mach_msg_header_t *OutHeadP) +{ + mach_port_t local_port = InHeadP->msgh_local_port; + + if (local_port == signal_port) { + int signo = InHeadP->msgh_id; + int ret; + + switch(signo) { + case SIGTERM: + ret = close_all(); + exit(ret); + + case SIGCHLD: + handle_sigchld(); + return (TRUE); + + case SIGHUP: + handle_sighup(); + return (TRUE); + + default: + syslog(LOG_INFO, "Received signal %d", signo); + return (TRUE); + } + } else if (local_port == control_port) { + boolean_t result; + + result = audit_triggers_server(InHeadP, OutHeadP); + if (!result) + result = auditd_control_server(InHeadP, OutHeadP); + return (result); + } + syslog(LOG_INFO, "Recevied msg on bad port 0x%x.", local_port); + return (FALSE); +} + +static int +wait_for_events(void) +{ + kern_return_t result; + + result = mach_msg_server(auditd_combined_server, MAX_MSG_SIZE, + port_set, MACH_MSG_OPTION_NONE); + syslog(LOG_ERR, "abnormal exit\n"); + return (close_all()); +} + +#else /* ! USE_MACH_IPC */ + static int wait_for_events(void) { @@ -706,10 +950,11 @@ wait_for_events(void) if (trigger == AUDIT_TRIGGER_CLOSE_AND_DIE) break; else - handle_audit_trigger(trigger); + (void)handle_audit_trigger(trigger); } return (close_all()); } +#endif /* ! USE_MACH_IPC */ /* * Configure the audit controls in the kernel: the event to class mapping, @@ -817,9 +1062,62 @@ config_audit_controls(void) } else syslog(LOG_ERR, "Failed to obtain filesz: %m"); - return (0); + return (config_audit_host()); } +#ifdef USE_MACH_IPC +static void +mach_setup(void) +{ + mach_msg_type_name_t poly; + + /* + * Allocate a port set + */ + if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_PORT_SET, + &port_set) != KERN_SUCCESS) { + syslog(LOG_ERR, "Allocation of port set failed"); + fail_exit(); + } + + /* + * Allocate a signal reflection port + */ + if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, + &signal_port) != KERN_SUCCESS || + mach_port_move_member(mach_task_self(), signal_port, port_set) != + KERN_SUCCESS) { + syslog(LOG_ERR, "Allocation of signal port failed"); + fail_exit(); + } + + /* + * Allocate a trigger port + */ + if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, + &control_port) != KERN_SUCCESS || + mach_port_move_member(mach_task_self(), control_port, port_set) + != KERN_SUCCESS) + syslog(LOG_ERR, "Allocation of trigger port failed"); + + /* + * Create a send right on our trigger port. + */ + mach_port_extract_right(mach_task_self(), control_port, + MACH_MSG_TYPE_MAKE_SEND, &control_port, &poly); + + /* + * Register the trigger port with the kernel. + */ + if (host_set_audit_control_port(mach_host_self(), control_port) != + KERN_SUCCESS) { + syslog(LOG_ERR, "Cannot set Mach control port"); + fail_exit(); + } else + syslog(LOG_DEBUG, "Mach control port registered"); +} +#endif /* USE_MACH_IPC */ + static void setup(void) { @@ -828,13 +1126,17 @@ setup(void) int aufd; token_t *tok; +#ifdef USE_MACH_IPC + mach_setup(); +#else if ((triggerfd = open(AUDIT_TRIGGER_FILE, O_RDONLY, 0)) < 0) { syslog(LOG_ERR, "Error opening trigger file"); fail_exit(); } +#endif /* - * To provide event feedback cycles and avoid auditd becoming + * To prevent event feedback cycles and avoid auditd becoming * stalled if auditing is suspended, auditd and its children run * without their events being audited. We allow the uid, tid, and * mask fields to be implicitly set to zero, but do set the pid. We @@ -890,7 +1192,7 @@ main(int argc, char **argv) { int ch; int debug = 0; - int rc; + int rc, logopts; while ((ch = getopt(argc, argv, "d")) != -1) { switch(ch) { @@ -907,10 +1209,14 @@ main(int argc, char **argv) } } + logopts = LOG_CONS | LOG_PID; + if (debug != 0) + logopts |= LOG_PERROR; + #ifdef LOG_SECURITY - openlog("auditd", LOG_CONS | LOG_PID, LOG_SECURITY); + openlog("auditd", logopts, LOG_SECURITY); #else - openlog("auditd", LOG_CONS | LOG_PID, LOG_AUTH); + openlog("auditd", logopts, LOG_AUTH); #endif syslog(LOG_INFO, "starting..."); diff --git a/contrib/openbsm/bin/auditd/auditd.h b/contrib/openbsm/bin/auditd/auditd.h index 8b2416a..688aea3 100644 --- a/contrib/openbsm/bin/auditd/auditd.h +++ b/contrib/openbsm/bin/auditd/auditd.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. +/*- + * Copyright (c) 2005 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -11,7 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#8 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#11 $ */ #ifndef _AUDITD_H_ @@ -46,8 +46,10 @@ */ #define AUDIT_REVIEW_GROUP "audit" -#define POSTFIX_LEN 16 -#define NOT_TERMINATED ".not_terminated" +#define NOT_TERMINATED "not_terminated" +#define POSTFIX_LEN (sizeof("YYYYMMDDhhmmss") - 1) +#define FILENAME_LEN ((2 * POSTFIX_LEN) + 2) +#define TIMESTAMP_LEN (POSTFIX_LEN + 1) struct dir_ent { char *dirname; diff --git a/contrib/openbsm/bin/auditd/auditd_control.defs b/contrib/openbsm/bin/auditd/auditd_control.defs new file mode 100644 index 0000000..f06fe01 --- /dev/null +++ b/contrib/openbsm/bin/auditd/auditd_control.defs @@ -0,0 +1,49 @@ +/*- + * Copyright (c) 1999-2007 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_control.defs#2 $ + */ + +/* + * Exported client calls to the auditd facility. + */ + +Subsystem + KernelUser + auditd_control 456; + +#ifndef __MigTypeCheck +#define __MigTypeCheck 1 +#endif + +#include <mach/std_types.defs> +#include <mach/mach_types.defs> + +simpleroutine auditd_control( + auditd_port : mach_port_t; + in trigger : int); diff --git a/contrib/openbsm/bin/auditfilterd/Makefile.am b/contrib/openbsm/bin/auditfilterd/Makefile.am index b8d96a4..83399f1 100644 --- a/contrib/openbsm/bin/auditfilterd/Makefile.am +++ b/contrib/openbsm/bin/auditfilterd/Makefile.am @@ -1,8 +1,12 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.am#3 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif sbin_PROGRAMS = auditfilterd auditfilterd_SOURCES = auditfilterd_conf.c auditfilterd.c diff --git a/contrib/openbsm/bin/auditfilterd/Makefile.in b/contrib/openbsm/bin/auditfilterd/Makefile.in index 11741f3..874e106 100644 --- a/contrib/openbsm/bin/auditfilterd/Makefile.in +++ b/contrib/openbsm/bin/auditfilterd/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.in#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.in#6 $ # VPATH = @srcdir@ @@ -114,6 +114,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -180,7 +181,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) auditfilterd_SOURCES = auditfilterd_conf.c auditfilterd.c auditfilterd_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = auditfilterd.8 diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd.c b/contrib/openbsm/bin/auditfilterd/auditfilterd.c index 110b7cf..ba42834 100644 --- a/contrib/openbsm/bin/auditfilterd/auditfilterd.c +++ b/contrib/openbsm/bin/auditfilterd/auditfilterd.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#11 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#13 $ */ /* @@ -54,6 +54,7 @@ #include <bsm/libbsm.h> #include <bsm/audit_filter.h> +#include <bsm/audit_internal.h> #include <err.h> #include <fcntl.h> @@ -216,7 +217,7 @@ mainloop_file(const char *conffile, const char *trailfile, FILE *trail_fp) * from a file stream. */ static void -mainloop_pipe(const char *conffile, const char *pipefile, int pipe_fd) +mainloop_pipe(const char *conffile, const char *pipefile __unused, int pipe_fd) { u_char record[MAX_AUDIT_RECORD_SIZE]; struct timespec ts; diff --git a/contrib/openbsm/bin/auditreduce/Makefile.am b/contrib/openbsm/bin/auditreduce/Makefile.am index cce29a6..8cd4b62 100644 --- a/contrib/openbsm/bin/auditreduce/Makefile.am +++ b/contrib/openbsm/bin/auditreduce/Makefile.am @@ -1,8 +1,12 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.am#3 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif sbin_PROGRAMS = auditreduce auditreduce_SOURCES = auditreduce.c diff --git a/contrib/openbsm/bin/auditreduce/Makefile.in b/contrib/openbsm/bin/auditreduce/Makefile.in index 7dae162..b18513f 100644 --- a/contrib/openbsm/bin/auditreduce/Makefile.in +++ b/contrib/openbsm/bin/auditreduce/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.in#4 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.in#8 $ # VPATH = @srcdir@ @@ -113,6 +113,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -179,7 +180,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) auditreduce_SOURCES = auditreduce.c auditreduce_LDADD = $(top_builddir)/libbsm/libbsm.la man1_MANS = auditreduce.1 diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.1 b/contrib/openbsm/bin/auditreduce/auditreduce.1 index 1f900f9..6151f6e 100644 --- a/contrib/openbsm/bin/auditreduce/auditreduce.1 +++ b/contrib/openbsm/bin/auditreduce/auditreduce.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -9,7 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#14 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#17 $ .\" .Dd January 24, 2004 .Dt AUDITREDUCE 1 @@ -48,6 +48,7 @@ .Op Fl o Ar object Ns = Ns Ar value .Op Fl r Ar ruid .Op Fl u Ar auid +.Op Fl v .Op Ar .Sh DESCRIPTION The @@ -93,7 +94,8 @@ Select records with the given real group ID or name. .It Fl j Ar id Select records having a subject token with matching ID. .It Fl m Ar event -Select records with the given event name or number. +Select records with the given event name or number. This option can +be used more then once to select records of multiple event types. See .Xr audit_event 5 for a description of audit event names and numbers. @@ -127,6 +129,8 @@ Select records containing the given shared memory ID. Select records with the given real user ID or name. .It Fl u Ar auid Select records with the given audit ID. +.It Fl v +Invert sense of matching, to select records that do not match. .El .Sh EXAMPLES To select all records associated with effective user ID root from the audit diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.c b/contrib/openbsm/bin/auditreduce/auditreduce.c index c647bc9..f22f454 100644 --- a/contrib/openbsm/bin/auditreduce/auditreduce.c +++ b/contrib/openbsm/bin/auditreduce/auditreduce.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004-2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#20 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#28 $ */ /* @@ -61,6 +61,10 @@ #include <regex.h> #include <errno.h> +#ifndef HAVE_STRLCPY +#include <compat/strlcpy.h> +#endif + #include "auditreduce.h" static TAILQ_HEAD(tailhead, re_entry) re_head = @@ -72,7 +76,6 @@ extern int optind, optopt, opterr,optreset; static au_mask_t maskp; /* Class. */ static time_t p_atime; /* Created after this time. */ static time_t p_btime; /* Created before this time. */ -static uint16_t p_evtype; /* Event that we are searching for. */ static int p_auid; /* Audit id. */ static int p_euid; /* Effective user id. */ static int p_egid; /* Effective group id. */ @@ -81,6 +84,13 @@ static int p_ruid; /* Real user id. */ static int p_subid; /* Subject id. */ /* + * Maintain a dynamically sized array of events for -m + */ +static uint16_t *p_evec; /* Event type list */ +static int p_evec_used; /* Number of events used */ +static int p_evec_alloc; /* Number of events allocated */ + +/* * Following are the objects (-o option) that we can select upon. */ static char *p_fileobj = NULL; @@ -105,7 +115,7 @@ parse_regexp(char *re_string) for (nstrs = 0, i = 0; i < len; i++) { if (copy[i] == ',' && i > 0) { if (copy[i - 1] == '\\') - strcpy(©[i - 1], ©[i]); + strlcpy(©[i - 1], ©[i], len); else { nstrs++; copy[i] = '\0'; @@ -163,6 +173,7 @@ usage(const char *msg) fprintf(stderr, "\t\t shmid=<ID>\n"); fprintf(stderr, "\t-r <uid|name> : real user\n"); fprintf(stderr, "\t-u <uid|name> : audit user\n"); + fprintf(stderr, "\t-v : select non-matching records\n"); exit(EX_USAGE); } @@ -265,7 +276,7 @@ select_pidobj(uint32_t pid) { if (ISOPTSET(opttochk, OPT_op)) { - if (pid != strtol(p_pidobj, (char **)NULL, 10)) + if (pid != (uint32_t)strtol(p_pidobj, (char **)NULL, 10)) return (0); } return (1); @@ -282,21 +293,22 @@ select_ipcobj(u_char type, uint32_t id, uint32_t *optchkd) if (type == AT_IPC_MSG) { SETOPT((*optchkd), OPT_om); if (ISOPTSET(opttochk, OPT_om)) { - if (id != strtol(p_msgqobj, (char **)NULL, 10)) + if (id != (uint32_t)strtol(p_msgqobj, (char **)NULL, + 10)) return (0); } return (1); } else if (type == AT_IPC_SEM) { SETOPT((*optchkd), OPT_ose); if (ISOPTSET(opttochk, OPT_ose)) { - if (id != strtol(p_semobj, (char **)NULL, 10)) + if (id != (uint32_t)strtol(p_semobj, (char **)NULL, 10)) return (0); } return (1); } else if (type == AT_IPC_SHM) { SETOPT((*optchkd), OPT_osh); if (ISOPTSET(opttochk, OPT_osh)) { - if (id != strtol(p_shmobj, (char **)NULL, 10)) + if (id != (uint32_t)strtol(p_shmobj, (char **)NULL, 10)) return (0); } return (1); @@ -345,8 +357,10 @@ select_filepath(char *path, uint32_t *optchkd) static int select_hdr32(tokenstr_t tok, uint32_t *optchkd) { + uint16_t *ev; + int match; - SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m)); + SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m | OPT_v)); /* The A option overrides a, b and d. */ if (!ISOPTSET(opttochk, OPT_A)) { @@ -377,7 +391,11 @@ select_hdr32(tokenstr_t tok, uint32_t *optchkd) /* Check if event matches. */ if (ISOPTSET(opttochk, OPT_m)) { - if (tok.tt.hdr32.e_type != p_evtype) + match = 0; + for (ev = p_evec; ev < &p_evec[p_evec_used]; ev++) + if (tok.tt.hdr32.e_type == *ev) + match = 1; + if (match == 0) return (0); } @@ -476,6 +494,7 @@ select_records(FILE *fp) int bytesread; int selected; uint32_t optchkd; + int print; int err = 0; while ((reclen = au_read_rec(fp, &buf)) != -1) { @@ -495,75 +514,50 @@ select_records(FILE *fp) * selection criteria. */ switch(tok.id) { - case AU_HEADER_32_TOKEN: + case AUT_HEADER32: selected = select_hdr32(tok, &optchkd); bcopy(&tok, &tok_hdr32_copy, sizeof(tok)); break; - case AU_PROCESS_32_TOKEN: + case AUT_PROCESS32: selected = select_proc32(tok, &optchkd); break; - case AU_SUBJECT_32_TOKEN: + case AUT_SUBJECT32: selected = select_subj32(tok, &optchkd); break; - case AU_IPC_TOKEN: + case AUT_IPC: selected = select_ipcobj( tok.tt.ipc.type, tok.tt.ipc.id, &optchkd); break; - case AU_FILE_TOKEN: - selected = select_filepath( - tok.tt.file.name, &optchkd); - break; - - case AU_PATH_TOKEN: + case AUT_PATH: selected = select_filepath( tok.tt.path.path, &optchkd); break; - case AU_RETURN_32_TOKEN: + case AUT_RETURN32: selected = select_return32(tok, tok_hdr32_copy, &optchkd); break; - /* - * The following tokens dont have any relevant - * attributes that we can select upon. - */ - case AU_TRAILER_TOKEN: - case AU_ARG32_TOKEN: - case AU_ATTR32_TOKEN: - case AU_EXIT_TOKEN: - case AU_NEWGROUPS_TOKEN: - case AU_IN_ADDR_TOKEN: - case AU_IP_TOKEN: - case AU_IPCPERM_TOKEN: - case AU_IPORT_TOKEN: - case AU_OPAQUE_TOKEN: - case AU_SEQ_TOKEN: - case AU_TEXT_TOKEN: - case AU_ARB_TOKEN: - case AU_SOCK_TOKEN: default: break; } bytesread += tok.len; } - if ((selected == 1) && (!err)) { - /* Check if all the options were matched. */ - if (!(opttochk & ~optchkd)) { - /* XXX Write this record to the output file. */ - /* default to stdout */ - fwrite(buf, 1, reclen, stdout); - } - } + /* Check if all the options were matched. */ + print = ((selected == 1) && (!err) && (!(opttochk & ~optchkd))); + if (ISOPTSET(opttochk, OPT_v)) + print = !print; + if (print) + (void) fwrite(buf, 1, reclen, stdout); free(buf); } return (0); @@ -615,10 +609,11 @@ main(int argc, char **argv) int ch; char timestr[128]; char *fname; + uint16_t *etp; converr = NULL; - while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:")) != -1) { + while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:v")) != -1) { switch(ch) { case 'A': SETOPT(opttochk, OPT_A); @@ -715,13 +710,26 @@ main(int argc, char **argv) break; case 'm': - p_evtype = strtol(optarg, (char **)NULL, 10); - if (p_evtype == 0) { + if (p_evec == NULL) { + p_evec_alloc = 32; + p_evec = malloc(sizeof(*etp) * p_evec_alloc); + if (p_evec == NULL) + err(1, "malloc"); + } else if (p_evec_alloc == p_evec_used) { + p_evec_alloc <<= 1; + p_evec = realloc(p_evec, + sizeof(*p_evec) * p_evec_alloc); + if (p_evec == NULL) + err(1, "realloc"); + } + etp = &p_evec[p_evec_used++]; + *etp = strtol(optarg, (char **)NULL, 10); + if (*etp == 0) { /* Could be the string representation. */ n = getauevnonam(optarg); if (n == NULL) usage("Incorrect event name"); - p_evtype = *n; + *etp = *n; } SETOPT(opttochk, OPT_m); break; @@ -755,6 +763,10 @@ main(int argc, char **argv) SETOPT(opttochk, OPT_u); break; + case 'v': + SETOPT(opttochk, OPT_v); + break; + case '?': default: usage("Unknown option"); diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.h b/contrib/openbsm/bin/auditreduce/auditreduce.h index f69dc16..5f54893 100644 --- a/contrib/openbsm/bin/auditreduce/auditreduce.h +++ b/contrib/openbsm/bin/auditreduce/auditreduce.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#5 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#7 $ */ #ifndef _AUDITREDUCE_H_ @@ -58,6 +58,7 @@ struct re_entry { #define OPT_r 0x00008000 #define OPT_u 0x00010000 #define OPT_A 0x00020000 +#define OPT_v 0x00040000 #define FILEOBJ "file" #define MSGQIDOBJ "msgqid" diff --git a/contrib/openbsm/bin/praudit/Makefile.am b/contrib/openbsm/bin/praudit/Makefile.am index 317567f..a362cea 100644 --- a/contrib/openbsm/bin/praudit/Makefile.am +++ b/contrib/openbsm/bin/praudit/Makefile.am @@ -1,8 +1,12 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.am#3 $ # -INCLUDES = -I$(top_srcdir) +if USE_NATIVE_INCLUDES +INCLUDES = -I$(top_builddir) -I$(top_srcdir) +else +INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +endif sbin_PROGRAMS = praudit praudit_SOURCES = praudit.c diff --git a/contrib/openbsm/bin/praudit/Makefile.in b/contrib/openbsm/bin/praudit/Makefile.in index b2c01b3..4472757 100644 --- a/contrib/openbsm/bin/praudit/Makefile.in +++ b/contrib/openbsm/bin/praudit/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.in#4 $ +# $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.in#8 $ # VPATH = @srcdir@ @@ -113,6 +113,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -179,7 +180,8 @@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -INCLUDES = -I$(top_srcdir) +@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys +@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) praudit_SOURCES = praudit.c praudit_LDADD = $(top_builddir)/libbsm/libbsm.la man1_MANS = praudit.1 diff --git a/contrib/openbsm/bin/praudit/praudit.1 b/contrib/openbsm/bin/praudit/praudit.1 index c32c37c..6a4fef0 100644 --- a/contrib/openbsm/bin/praudit/praudit.1 +++ b/contrib/openbsm/bin/praudit/praudit.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. +.\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -9,7 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" @@ -25,7 +25,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#12 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#13 $ .\" .Dd November 5, 2006 .Dt PRAUDIT 1 diff --git a/contrib/openbsm/bin/praudit/praudit.c b/contrib/openbsm/bin/praudit/praudit.c index 42f7383..a1dbf9d 100644 --- a/contrib/openbsm/bin/praudit/praudit.c +++ b/contrib/openbsm/bin/praudit/praudit.c @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004-2008 Apple Inc. * Copyright (c) 2006 Martin Voros * All rights reserved. * @@ -27,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#12 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#14 $ */ /* @@ -80,7 +80,7 @@ print_tokens(FILE *fp) /* Record must begin with a header token. */ do { type = fgetc(fp); - } while(type != AU_HEADER_32_TOKEN); + } while(type != AUT_HEADER32); ungetc(type, fp); } |
