This commit was generated by cvs2svn to compensate for changes in r159248,

which included commits to RCS files with non-trunk default branches.
author: rwatson <rwatson@FreeBSD.org> 2006-06-05 10:52:12 +0000
committer: rwatson <rwatson@FreeBSD.org> 2006-06-05 10:52:12 +0000
commit: 4c355f6b7d92ffbb9cd7fcc7eca2b6364c3bace7 (patch)
tree: 32e83e301da59f20a423c5b1cac506030cade870 /contrib/openbsm/bsm
parent: 571f2f563f5e4a509d7a05efe83598055c520854 (diff)
parent: f7669e641742373606ef85a4855b7028f5b564a5 (diff)
download: FreeBSD-src-4c355f6b7d92ffbb9cd7fcc7eca2b6364c3bace7.zip
FreeBSD-src-4c355f6b7d92ffbb9cd7fcc7eca2b6364c3bace7.tar.gz
6 files changed, 102 insertions, 28 deletions
diff --git a/contrib/openbsm/bsm/Makefile.am b/contrib/openbsm/bsm/Makefile.am
index 68c5d32..8287789 100644
--- a/contrib/openbsm/bsm/Makefile.am
+++ b/contrib/openbsm/bsm/Makefile.am
@@ -1,11 +1,12 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#1 $
+# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#2 $
 #
 
 openbsmdir = $(includedir)/bsm
 
 openbsm_HEADERS =		\
 	audit.h			\
+	audit_filter.h		\
 	audit_internal.h	\
 	audit_kevents.h		\
 	audit_record.h		\
diff --git a/contrib/openbsm/bsm/Makefile.in b/contrib/openbsm/bsm/Makefile.in
index ae913bd..c860974 100644
--- a/contrib/openbsm/bsm/Makefile.in
+++ b/contrib/openbsm/bsm/Makefile.in
@@ -15,7 +15,7 @@
 @SET_MAKE@
 
 #
-# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.in#3 $
+# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.in#4 $
 #
 
 srcdir = @srcdir@
@@ -168,6 +168,7 @@ target_alias = @target_alias@
 openbsmdir = $(includedir)/bsm
 openbsm_HEADERS = \
 	audit.h			\
+	audit_filter.h		\
 	audit_internal.h	\
 	audit_kevents.h		\
 	audit_record.h		\
diff --git a/contrib/openbsm/bsm/audit.h b/contrib/openbsm/bsm/audit.h
index 8739b2a..1d05625 100644
--- a/contrib/openbsm/bsm/audit.h
+++ b/contrib/openbsm/bsm/audit.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#15 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#16 $
  */
 
 #ifndef _BSM_AUDIT_H
@@ -264,11 +264,11 @@ struct audit_stat {
 	unsigned int	as_version;
 	unsigned int	as_numevent;
 	int		as_generated;
-	int		as_nonattring;
+	int		as_nonattrib;
 	int		as_kernel;
 	int		as_audit;
 	int		as_auditctl;
-	int		as_enqueu;
+	int		as_enqueue;
 	int		as_written;
 	int		as_wblocked;
 	int		as_rblocked;
diff --git a/contrib/openbsm/bsm/audit_filter.h b/contrib/openbsm/bsm/audit_filter.h
new file mode 100644
index 0000000..5b7dd4f
--- /dev/null
+++ b/contrib/openbsm/bsm/audit_filter.h
@@ -0,0 +1,77 @@
+/*-
+ * Copyright (c) 2006 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_filter.h#2 $
+ */
+
+#ifndef _BSM_AUDIT_FILTER_H_
+#define	_BSM_AUDIT_FILTER_H_
+
+/*
+ * Module interface for audit filter modules.
+ *
+ * audit_filter_attach_t - filter module is being attached with arguments
+ * audit_filter_reinit_t - arguments to module have changed
+ * audit_filter_record_t - present parsed record to filter module, with
+ *                         receipt time
+ * audit_filter_bsmrecord_t - present bsm format record to filter module,
+ *                            with receipt time
+ * audit_filter_destach_t - filter module is being detached
+ *
+ * There may be many instances of the same filter, identified by the instance
+ * void pointer maintained by the filter instance.
+ */
+typedef int (*audit_filter_attach_t)(void **instance, int argc, char *argv[]);
+typedef int (*audit_filter_reinit_t)(void *instance, int argc, char *argv[]);
+typedef void (*audit_filter_record_t)(void *instance, struct timespec *ts,
+	    int token_count, const tokenstr_t tok[]);
+typedef void (*audit_filter_bsmrecord_t)(void *instance, struct timespec *ts,
+	    void *data, u_int len);
+typedef void (*audit_filter_detach_t)(void *instance);
+
+/*
+ * Values to be returned by audit_filter_init_t.
+ */
+#define	AUDIT_FILTER_SUCCESS	(0)
+#define	AUDIT_FILTER_FAILURE	(-1)
+
+/*
+ * Standard name for filter module initialization functions, which will be
+ * found using dlsym().
+ */
+#define	AUDIT_FILTER_ATTACH	audit_filter_attach
+#define	AUDIT_FILTER_REINIT	audit_filter_reinit
+#define	AUDIT_FILTER_RECORD	audit_filter_record
+#define	AUDIT_FILTER_BSMRECORD	audit_filter_bsmrecord
+#define	AUDIT_FILTER_DETACH	audit_filter_detach
+#define	AUDIT_FILTER_ATTACH_STRING	"audit_filter_attach"
+#define	AUDIT_FILTER_REINIT_STRING	"audit_filter_reinit"
+#define	AUDIT_FILTER_RECORD_STRING	"audit_filter_record"
+#define	AUDIT_FILTER_BSMRECORD_STRING	"audit_filter_bsmrecord"
+#define	AUDIT_FILTER_DETACH_STRING	"audit_filter_detach"
+
+#endif /* !_BSM_AUDIT_FILTER_H_ */
diff --git a/contrib/openbsm/bsm/audit_record.h b/contrib/openbsm/bsm/audit_record.h
index af9ba4d..9816112 100644
--- a/contrib/openbsm/bsm/audit_record.h
+++ b/contrib/openbsm/bsm/audit_record.h
@@ -30,23 +30,15 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#14 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#17 $
  */
 
 #ifndef _BSM_AUDIT_RECORD_H_
 #define _BSM_AUDIT_RECORD_H_
 
-/* Various token id types */
-
 /*
- * Values inside the comments are not documented in the BSM pages and
- * have been picked up from the header files
+ * Token type identifiers.
  */
-
-/*
- * Values marked as XXX do not have a value defined in the BSM header files
- */
-
 #define	AUT_INVALID		0x00
 #define	AUT_OTHER_FILE32	0x11
 #define	AUT_OHEADER		0x12
@@ -187,13 +179,19 @@
 
 /* data-types for the arbitrary token */
 #define AUR_BYTE        0
+#define AUR_CHAR        AUR_BYTE
 #define AUR_SHORT       1
-#define AUR_LONG        2
+#define AUR_INT32       2
+#define AUR_INT         AUR_INT
+#define AUR_INT64       3
 
 /* ... and their sizes */
 #define AUR_BYTE_SIZE       sizeof(u_char)
+#define AUR_CHAR_SIZE       AUR_BYTE_SIZE
 #define AUR_SHORT_SIZE      sizeof(uint16_t)
-#define AUR_LONG_SIZE       sizeof(uint32_t)
+#define AUR_INT32_SIZE      sizeof(uint32_t)
+#define AUR_INT_SIZE        AUR_INT32_SIZE
+#define AUR_INT64_SIZE      sizeof(uint64_t)
 
 /* Modifiers for the header token */
 #define PAD_NOTATTR  0x4000   /* nonattributable event */
@@ -230,24 +228,18 @@ int	 au_open(void);
 int	 au_write(int d, token_t *m);
 int	 au_close(int d, int keep, short event);
 int	 au_close_buffer(int d, short event, u_char *buffer, size_t *buflen);
+int	 au_close_token(token_t *tok, u_char *buffer, size_t *buflen);
 
-#if defined(KERNEL) || defined(_KERNEL)
 token_t	*au_to_file(char *file, struct timeval tm);
-#else
-token_t	*au_to_file(char *file);
-#endif
 
-#if defined(KERNEL) || defined(_KERNEL)
-token_t	*au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod,
-	    struct timeval tm);
-token_t	*au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod,
+token_t	*au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
 	    struct timeval tm);
-#else
+#if !defined(KERNEL) && !defined(_KERNEL)
 token_t	*au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
 token_t	*au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t	*au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
 #endif
 
-token_t	*au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
 token_t	*au_to_me(void);
 token_t	*au_to_arg(char n, char *text, uint32_t v);
 token_t	*au_to_arg32(char n, char *text, uint32_t v);
diff --git a/contrib/openbsm/bsm/libbsm.h b/contrib/openbsm/bsm/libbsm.h
index a687111..45af631 100644
--- a/contrib/openbsm/bsm/libbsm.h
+++ b/contrib/openbsm/bsm/libbsm.h
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#18 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#20 $
  */
 
 #ifndef _LIBBSM_H_
@@ -695,6 +695,9 @@ struct tokenstr {
 
 typedef struct tokenstr tokenstr_t;
 
+int			 audit_submit(short au_event, au_id_t auid,
+			    char status, int reterr, const char *fmt, ...);
+
 /*
  * Functions relating to querying audit class information.
  */
author	rwatson <rwatson@FreeBSD.org>	2006-06-05 10:52:12 +0000
committer	rwatson <rwatson@FreeBSD.org>	2006-06-05 10:52:12 +0000
commit	4c355f6b7d92ffbb9cd7fcc7eca2b6364c3bace7 (patch)
tree	32e83e301da59f20a423c5b1cac506030cade870 /contrib/openbsm/bsm
parent	571f2f563f5e4a509d7a05efe83598055c520854 (diff)
parent	f7669e641742373606ef85a4855b7028f5b564a5 (diff)
download	FreeBSD-src-4c355f6b7d92ffbb9cd7fcc7eca2b6364c3bace7.zip FreeBSD-src-4c355f6b7d92ffbb9cd7fcc7eca2b6364c3bace7.tar.gz