Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both

contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). OpenBSM history for imported revision below for reference. MFC after: 1 month Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens.
author: rwatson <rwatson@FreeBSD.org> 2009-03-02 13:29:18 +0000
committer: rwatson <rwatson@FreeBSD.org> 2009-03-02 13:29:18 +0000
commit: ee5318d5431890ccd7baeb15560b4bebe982525b (patch)
tree: e1a5bcd2b0eca50f696afbc416858fa574e50e8d /contrib/openbsm/libbsm/bsm_control.c
parent: 5cacf7357664a8a200d2ba7bd7b8e820b681cd06 (diff)
download: FreeBSD-src-ee5318d5431890ccd7baeb15560b4bebe982525b.zip
FreeBSD-src-ee5318d5431890ccd7baeb15560b4bebe982525b.tar.gz
1 files changed, 258 insertions, 162 deletions
diff --git a/contrib/openbsm/libbsm/bsm_control.c b/contrib/openbsm/libbsm/bsm_control.c
index 4fed3ff..4b8a1d1 100644
--- a/contrib/openbsm/libbsm/bsm_control.c
+++ b/contrib/openbsm/libbsm/bsm_control.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2004 Apple Inc.
+ * Copyright (c) 2004,2009 Apple Inc.
  * Copyright (c) 2006 Robert N. M. Watson
  * All rights reserved.
  *
@@ -27,13 +27,14 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#24 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#28 $
  */
 
 #include <config/config.h>
 
 #include <bsm/libbsm.h>
 
+#include <ctype.h>
 #include <errno.h>
 #include <string.h>
 #ifdef HAVE_PTHREAD_MUTEX_LOCK
@@ -65,6 +66,32 @@ static pthread_mutex_t	mutex = PTHREAD_MUTEX_INITIALIZER;
 #endif
 
 /*
+ * Audit policy string token table for au_poltostr() and au_strtopol().
+ */
+struct audit_polstr {
+	long 		 ap_policy;
+	const char 	*ap_str;	
+};
+
+static struct audit_polstr au_polstr[] = {
+	{ AUDIT_CNT,		"cnt"		},
+	{ AUDIT_AHLT,		"ahlt"		},
+	{ AUDIT_ARGV,		"argv"		},
+	{ AUDIT_ARGE,		"arge"		},
+	{ AUDIT_SEQ,		"seq"		},
+	{ AUDIT_WINDATA,	"windata"	},
+	{ AUDIT_USER,		"user"		},
+	{ AUDIT_GROUP,		"group"		},
+	{ AUDIT_TRAIL,		"trail"		},
+	{ AUDIT_PATH,		"path"		},
+	{ AUDIT_SCNT,		"scnt"		},
+	{ AUDIT_PUBLIC,		"public"	},
+	{ AUDIT_ZONENAME,	"zonename"	},
+	{ AUDIT_PERZONE,	"perzone"	},
+	{ -1,			NULL		}
+};
+
+/*
  * Returns the string value corresponding to the given label from the
  * configuration file.
  *
@@ -112,6 +139,82 @@ getstrfromtype_locked(char *name, char **str)
 }
 
 /*
+ * Convert a given time value with a multiplier (seconds, hours, days, years) to
+ * seconds.  Return 0 on success.
+ */
+static int
+au_timetosec(time_t *seconds, u_long value, char mult)
+{
+	if (NULL == seconds)
+		return (-1);
+
+	switch(mult) {
+	case 's':
+		/* seconds */
+		*seconds = (time_t)value;
+		break;
+
+	case 'h':
+		/* hours */
+		*seconds = (time_t)value * 60 * 60;
+		break;
+
+	case 'd':
+		/* days */
+		*seconds = (time_t)value * 60 * 60 * 24;
+		break;
+
+	case 'y':
+		/* years.  Add a day for each 4th (leap) year. */
+		*seconds = (time_t)value * 60 * 60 * 24 * 364 +
+		    ((time_t)value / 4) * 60 * 60 * 24;
+		break;
+
+	default:
+		return (-1);
+	}
+	return (0);
+}
+
+/*
+ * Convert a given disk space value with a multiplier (bytes, kilobytes, 
+ * megabytes, gigabytes) to bytes.  Return 0 on success.
+ */
+static int
+au_spacetobytes(size_t *bytes, u_long value, char mult)
+{
+	if (NULL == bytes)
+		return (-1);
+
+	switch(mult) {
+	case 'B':
+	case ' ':
+		/* Bytes */
+		*bytes = (size_t)value;
+		break;
+
+	case 'K':
+		/* Kilobytes */
+		*bytes = (size_t)value * 1024;
+		break;
+
+	case 'M':
+		/* Megabytes */
+		*bytes = (size_t)value * 1024 * 1024;
+		break;
+
+	case 'G':
+		/* Gigabytes */
+		*bytes = (size_t)value * 1024 * 1024 * 1024;
+		break;
+
+	default:
+		return (-1);
+	}
+	return (0);
+}
+
+/*
  * Convert a policy to a string.  Return -1 on failure, or >= 0 representing
  * the actual size of the string placed in the buffer (excluding terminating
  * nul).
@@ -119,135 +222,24 @@ getstrfromtype_locked(char *name, char **str)
 ssize_t
 au_poltostr(long policy, size_t maxsize, char *buf)
 {
-	int first;
+	int first = 1;
+	int i = 0;
 
 	if (maxsize < 1)
 		return (-1);
-	first = 1;
 	buf[0] = '\0';
 
-	if (policy & AUDIT_CNT) {
-		if (strlcat(buf, "cnt", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_AHLT) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
+	do {
+		if (policy & au_polstr[i].ap_policy) {
+			if (!first && strlcat(buf, ",", maxsize) >= maxsize)
 				return (-1);
-		}
-		if (strlcat(buf, "ahlt", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_ARGV) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "argv", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_ARGE) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "arge", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_SEQ) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
+			if (strlcat(buf, au_polstr[i].ap_str, maxsize) >=
+			    maxsize)
 				return (-1);
+			first = 0;
 		}
-		if (strlcat(buf, "seq", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_WINDATA) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "windata", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_USER) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "user", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_GROUP) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "group", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_TRAIL) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "trail", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_PATH) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "path", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_SCNT) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "scnt", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_PUBLIC) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "public", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_ZONENAME) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "zonename", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
-	if (policy & AUDIT_PERZONE) {
-		if (!first) {
-			if (strlcat(buf, ",", maxsize) >= maxsize)
-				return (-1);
-		}
-		if (strlcat(buf, "perzone", maxsize) >= maxsize)
-			return (-1);
-		first = 0;
-	}
+	} while (NULL != au_polstr[++i].ap_str);
+
 	return (strlen(buf));
 }
 
@@ -260,6 +252,7 @@ au_strtopol(const char *polstr, long *policy)
 {
 	char *bufp, *string;
 	char *buffer;
+	int i, matched;
 
 	*policy = 0;
 	buffer = strdup(polstr);
@@ -268,35 +261,17 @@ au_strtopol(const char *polstr, long *policy)
 
 	bufp = buffer;
 	while ((string = strsep(&bufp, ",")) != NULL) {
-		if (strcmp(string, "cnt") == 0)
-			*policy |= AUDIT_CNT;
-		else if (strcmp(string, "ahlt") == 0)
-			*policy |= AUDIT_AHLT;
-		else if (strcmp(string, "argv") == 0)
-			*policy |= AUDIT_ARGV;
-		else if (strcmp(string, "arge") == 0)
-			*policy |= AUDIT_ARGE;
-		else if (strcmp(string, "seq") == 0)
-			*policy |= AUDIT_SEQ;
-		else if (strcmp(string, "winau_fstat") == 0)
-			*policy |= AUDIT_WINDATA;
-		else if (strcmp(string, "user") == 0)
-			*policy |= AUDIT_USER;
-		else if (strcmp(string, "group") == 0)
-			*policy |= AUDIT_GROUP;
-		else if (strcmp(string, "trail") == 0)
-			*policy |= AUDIT_TRAIL;
-		else if (strcmp(string, "path") == 0)
-			*policy |= AUDIT_PATH;
-		else if (strcmp(string, "scnt") == 0)
-			*policy |= AUDIT_SCNT;
-		else if (strcmp(string, "public") == 0)
-			*policy |= AUDIT_PUBLIC;
-		else if (strcmp(string, "zonename") == 0)
-			*policy |= AUDIT_ZONENAME;
-		else if (strcmp(string, "perzone") == 0)
-			*policy |= AUDIT_PERZONE;
-		else {
+		matched = i = 0;
+
+		do {
+			if (strcmp(string, au_polstr[i].ap_str) == 0) {
+				*policy |= au_polstr[i].ap_policy;
+				matched = 1;
+				break;
+			}
+		} while (NULL != au_polstr[++i].ap_str);
+
+		if (!matched) {
 			free(buffer);
 			errno = EINVAL;
 			return (-1);
@@ -435,46 +410,65 @@ getacmin(int *min_val)
 int
 getacfilesz(size_t *filesz_val)
 {
-	char *filesz, *dummy;
-	long long ll;
+	char *str;
+	size_t val;
+	char mult;
+	int nparsed;
 
 #ifdef HAVE_PTHREAD_MUTEX_LOCK
 	pthread_mutex_lock(&mutex);
 #endif
 	setac_locked();
-	if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &filesz) < 0) {
+	if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &str) < 0) {
 #ifdef HAVE_PTHREAD_MUTEX_LOCK
 		pthread_mutex_unlock(&mutex);
 #endif
 		return (-2);
 	}
-	if (filesz == NULL) {
+	if (str == NULL) {
 #ifdef HAVE_PTHREAD_MUTEX_LOCK
 		pthread_mutex_unlock(&mutex);
 #endif
 		errno = EINVAL;
 		return (1);
 	}
-	ll = strtoll(filesz, &dummy, 10);
-	if (*dummy != '\0') {
+
+	/* Trim off any leading white space. */
+	while (*str == ' ' || *str == '\t')
+		str++;
+
+	nparsed = sscanf(str, "%ju%c", (uintmax_t *)&val, &mult);
+
+	switch (nparsed) {
+	case 1:
+		/* If no multiplier then assume 'B' (bytes). */
+		mult = 'B';
+		/* fall through */
+	case 2:
+		if (au_spacetobytes(filesz_val, val, mult) == 0)
+			break;
+		/* fall through */
+	default:
+		errno = EINVAL;
 #ifdef HAVE_PTHREAD_MUTEX_LOCK
 		pthread_mutex_unlock(&mutex);
 #endif
-		errno = EINVAL;
 		return (-1);
 	}
+
 	/*
 	 * The file size must either be 0 or >= MIN_AUDIT_FILE_SIZE.  0
 	 * indicates no rotation size.
 	 */
-	if (ll < 0 || (ll > 0 && ll < MIN_AUDIT_FILE_SIZE)) {
+	if (*filesz_val < 0 || (*filesz_val > 0 &&
+		*filesz_val < MIN_AUDIT_FILE_SIZE)) {
 #ifdef HAVE_PTHREAD_MUTEX_LOCK
 		pthread_mutex_unlock(&mutex);
 #endif
+		filesz_val = 0L;
 		errno = EINVAL;
 		return (-1);
 	}
-	*filesz_val = ll;
 #ifdef HAVE_PTHREAD_MUTEX_LOCK
 	pthread_mutex_unlock(&mutex);
 #endif
@@ -619,7 +613,109 @@ getachost(char *auditstr, size_t len)
 #endif
 		return (-3);
 	}
-	strcpy(auditstr, str);
+	strlcpy(auditstr, str, len);
+#ifdef HAVE_PTHREAD_MUTEX_LOCK
+	pthread_mutex_unlock(&mutex);
+#endif
+	return (0);
+}
+
+/*
+ * Set expiration conditions.
+ */
+static int
+setexpirecond(time_t *age, size_t *size, u_long value, char mult)
+{
+
+	if (isupper(mult) || ' ' == mult)
+		return (au_spacetobytes(size, value, mult));
+	else
+		return (au_timetosec(age, value, mult));
+}
+
+/*
+ * Return the expire-after field from the audit control file.
+ */
+int
+getacexpire(int *andflg, time_t *age, size_t *size)
+{
+	char *str;
+	int nparsed;
+	u_long val1, val2;
+	char mult1, mult2;
+	char andor[AU_LINE_MAX];
+
+	*age = 0L;
+	*size = 0LL;
+	*andflg = 0;
+
+#ifdef HAVE_PTHREAD_MUTEX_LOCK
+	pthread_mutex_lock(&mutex);
+#endif
+	setac_locked();
+	if (getstrfromtype_locked(EXPIRE_AFTER_CONTROL_ENTRY, &str) < 0) {
+#ifdef HAVE_PTHREAD_MUTEX_LOCK
+		pthread_mutex_unlock(&mutex);
+#endif
+		return (-2);
+	}
+	if (str == NULL) {
+#ifdef HAVE_PTHREAD_MUTEX_LOCK
+		pthread_mutex_unlock(&mutex);
+#endif
+		return (1);
+	}
+
+	/* First, trim off any leading white space. */
+	while (*str == ' ' || *str == '\t')
+		str++;				 
+
+	nparsed = sscanf(str, "%lu%c%[ \tadnorADNOR]%lu%c", &val1, &mult1,
+	    andor, &val2, &mult2);
+
+	switch (nparsed) {
+	case 1:
+		/* If no multiplier then assume 'B' (Bytes). */
+		mult1 = 'B';
+		/* fall through */
+	case 2:
+		/* One expiration condition. */
+		if (setexpirecond(age, size, val1, mult1) != 0) {
+#ifdef HAVE_PTHREAD_MUTEX_LOCK
+			pthread_mutex_unlock(&mutex);
+#endif
+			return (-1);
+		}
+		break;
+
+	case 5:
+		/* Two expiration conditions. */
+		if (setexpirecond(age, size, val1, mult1) != 0 || 
+		    setexpirecond(age, size, val2, mult2) != 0) {
+#ifdef HAVE_PTHREAD_MUTEX_LOCK
+			pthread_mutex_unlock(&mutex);
+#endif
+			return (-1);
+		}
+		if (strcasestr(andor, "and") != NULL)
+			*andflg = 1;
+		else if (strcasestr(andor, "or") != NULL)
+			*andflg = 0;
+		else {
+#ifdef HAVE_PTHREAD_MUTEX_LOCK
+			pthread_mutex_unlock(&mutex);
+#endif
+			return (-1);
+		}
+		break;
+
+	default:
+#ifdef HAVE_PTHREAD_MUTEX_LOCK
+		pthread_mutex_unlock(&mutex);
+#endif
+		return (-1);
+	}
+
 #ifdef HAVE_PTHREAD_MUTEX_LOCK
 	pthread_mutex_unlock(&mutex);
 #endif
author	rwatson <rwatson@FreeBSD.org>	2009-03-02 13:29:18 +0000
committer	rwatson <rwatson@FreeBSD.org>	2009-03-02 13:29:18 +0000
commit	ee5318d5431890ccd7baeb15560b4bebe982525b (patch)
tree	e1a5bcd2b0eca50f696afbc416858fa574e50e8d /contrib/openbsm/libbsm/bsm_control.c
parent	5cacf7357664a8a200d2ba7bd7b8e820b681cd06 (diff)
download	FreeBSD-src-ee5318d5431890ccd7baeb15560b4bebe982525b.zip FreeBSD-src-ee5318d5431890ccd7baeb15560b4bebe982525b.tar.gz