diff options
author | rwatson <rwatson@FreeBSD.org> | 2009-04-19 16:17:13 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2009-04-19 16:17:13 +0000 |
commit | 0776eb3d4e2d6b0ae1235e374c6b259d959701c2 (patch) | |
tree | 23231275c989b2a559134953a8963fe87175a61e /contrib/openbsm/libbsm | |
parent | 7e3aff1dc199846d15b3c479bff793353b8cfe8f (diff) | |
parent | 54523de9b2bce64154b5be9c25e07f3c840f1144 (diff) | |
download | FreeBSD-src-0776eb3d4e2d6b0ae1235e374c6b259d959701c2.zip FreeBSD-src-0776eb3d4e2d6b0ae1235e374c6b259d959701c2.tar.gz |
Merge OpenBSM 1.1 from OpenBSM vendor branch to head.
OpenBSM history for imported revision below for reference.
MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.
Diffstat (limited to 'contrib/openbsm/libbsm')
-rw-r--r-- | contrib/openbsm/libbsm/Makefile.am | 4 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/Makefile.in | 49 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/au_control.3 | 6 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/au_fcntl_cmd.3 | 97 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/audit_submit.3 | 29 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_audit.c | 4 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_control.c | 29 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_domain.c | 9 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_fcntl.c | 289 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_io.c | 95 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_notify.c | 16 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_token.c | 4 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_wrappers.c | 343 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/libbsm.3 | 8 |
14 files changed, 906 insertions, 76 deletions
diff --git a/contrib/openbsm/libbsm/Makefile.am b/contrib/openbsm/libbsm/Makefile.am index d7e0652..2400a59 100644 --- a/contrib/openbsm/libbsm/Makefile.am +++ b/contrib/openbsm/libbsm/Makefile.am @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#8 $ +# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#9 $ # if USE_NATIVE_INCLUDES @@ -17,6 +17,7 @@ libbsm_la_SOURCES = \ bsm_domain.c \ bsm_errno.c \ bsm_event.c \ + bsm_fcntl.c \ bsm_flags.c \ bsm_io.c \ bsm_mask.c \ @@ -36,6 +37,7 @@ man3_MANS = \ au_domain.3 \ au_errno.3 \ au_event.3 \ + au_fcntl_cmd.3 \ au_free_token.3 \ au_io.3 \ au_mask.3 \ diff --git a/contrib/openbsm/libbsm/Makefile.in b/contrib/openbsm/libbsm/Makefile.in index 4d6c847..e395f0f 100644 --- a/contrib/openbsm/libbsm/Makefile.in +++ b/contrib/openbsm/libbsm/Makefile.in @@ -1,8 +1,8 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#13 $ +# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#15 $ # VPATH = @srcdir@ @@ -60,17 +60,17 @@ libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) libbsm_la_LIBADD = am__libbsm_la_SOURCES_DIST = bsm_audit.c bsm_class.c bsm_control.c \ - bsm_domain.c bsm_errno.c bsm_event.c bsm_flags.c bsm_io.c \ - bsm_mask.c bsm_socket_type.c bsm_token.c bsm_user.c \ + bsm_domain.c bsm_errno.c bsm_event.c bsm_fcntl.c bsm_flags.c \ + bsm_io.c bsm_mask.c bsm_socket_type.c bsm_token.c bsm_user.c \ bsm_notify.c bsm_wrappers.c @HAVE_AUDIT_SYSCALLS_TRUE@am__objects_1 = bsm_notify.lo \ @HAVE_AUDIT_SYSCALLS_TRUE@ bsm_wrappers.lo am_libbsm_la_OBJECTS = bsm_audit.lo bsm_class.lo bsm_control.lo \ - bsm_domain.lo bsm_errno.lo bsm_event.lo bsm_flags.lo bsm_io.lo \ - bsm_mask.lo bsm_socket_type.lo bsm_token.lo bsm_user.lo \ - $(am__objects_1) + bsm_domain.lo bsm_errno.lo bsm_event.lo bsm_fcntl.lo \ + bsm_flags.lo bsm_io.lo bsm_mask.lo bsm_socket_type.lo \ + bsm_token.lo bsm_user.lo $(am__objects_1) libbsm_la_OBJECTS = $(am_libbsm_la_OBJECTS) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/config depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ @@ -109,6 +109,7 @@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ @@ -133,6 +134,7 @@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MIG = @MIG@ MKDIR_P = @MKDIR_P@ +NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ @@ -196,20 +198,23 @@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys @USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) lib_LTLIBRARIES = libbsm.la libbsm_la_SOURCES = bsm_audit.c bsm_class.c bsm_control.c bsm_domain.c \ - bsm_errno.c bsm_event.c bsm_flags.c bsm_io.c bsm_mask.c \ - bsm_socket_type.c bsm_token.c bsm_user.c $(am__append_1) + bsm_errno.c bsm_event.c bsm_fcntl.c bsm_flags.c bsm_io.c \ + bsm_mask.c bsm_socket_type.c bsm_token.c bsm_user.c \ + $(am__append_1) man3_MANS = \ au_class.3 \ au_control.3 \ au_domain.3 \ au_errno.3 \ au_event.3 \ + au_fcntl_cmd.3 \ au_free_token.3 \ au_io.3 \ au_mask.3 \ @@ -258,8 +263,8 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ else :; fi; \ done @@ -267,8 +272,8 @@ uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ done clean-libLTLIBRARIES: @@ -294,6 +299,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_domain.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_errno.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_event.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_fcntl.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_flags.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_io.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_mask.Plo@am__quote@ @@ -380,8 +386,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS @@ -393,8 +399,8 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ @@ -404,13 +410,12 @@ ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique diff --git a/contrib/openbsm/libbsm/au_control.3 b/contrib/openbsm/libbsm/au_control.3 index 8cad121..b3576ef 100644 --- a/contrib/openbsm/libbsm/au_control.3 +++ b/contrib/openbsm/libbsm/au_control.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#10 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#11 $ .\" .Dd April 19, 2005 .Dt AU_CONTROL 3 @@ -64,9 +64,9 @@ .Ft int .Fn getacpol "char *auditstr" "size_t len" .Ft ssize_t -.Fn au_poltostr "long policy" "size_t maxsize" "char *buf" +.Fn au_poltostr "int policy" "size_t maxsize" "char *buf" .Ft int -.Fn au_strtopol "const char *polstr" "long *policy" +.Fn au_strtopol "const char *polstr" "int *policy" .Sh DESCRIPTION These interfaces may be used to look up information from the .Xr audit_control 5 diff --git a/contrib/openbsm/libbsm/au_fcntl_cmd.3 b/contrib/openbsm/libbsm/au_fcntl_cmd.3 new file mode 100644 index 0000000..7f03666 --- /dev/null +++ b/contrib/openbsm/libbsm/au_fcntl_cmd.3 @@ -0,0 +1,97 @@ +.\"- +.\" Copyright (c) 2009 Apple Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of +.\" its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR +.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_fcntl_cmd.3#1 $ +.\" +.Dd March 5, 2009 +.Dt AU_BSM_TO_FCNTL_CMD 3 +.Os +.Sh NAME +.Nm au_bsm_to_fcntl_cmd , +.Nm au_fcntl_cmd_to_bsm +.Nd "convert between BSM and local fcntl(2) command values" +.Sh LIBRARY +.Lb libbsm +.Sh SYNOPSIS +.In bsm/libbsm.h +.Ft int +.Fn au_bsm_to_fcntl_cmd "u_short bsm_fcntl_cmd" "int *local_fcntl_cmdp" +.Ft u_short +.Fn au_fcntl_cmd_to_bsm "int local_fcntl_cmd" +.Sh DESCRIPTION +These interfaces may be used to convert between the local and BSM +.Xr fcntl 2 +command values. +The +.Fn au_bsm_to_fcntl_cmd +function accepts a BSM command value, +.Fa bsm_fcntl_cmd , +and converts it to a local command value passed to +.Xr fcntl 2 , +that will be stored in the integer pointed to by +.Fa local_fcntl_cmdp +if successful. +This call will fail if the BSM command value cannot be mapped into a local +.Xr fcntl 2 +command value which may occur if the command token was generated on another +operating system. +.Pp +The +.Fn au_fcntl_cmd_to_bsm +function accepts a local +.Xr fcntl 2 +command value, and returns the BSM +.Xr fcntl 2 +command value for it. This call cannot fail, and instead returns a BSM +command value indicating to a later decoder that the command value could +not be encoded. +.Sh RETURN VALULES +On success, +.Fn au_bsm_to_fcntl_cmd +returns 0 and a converted command value; on failure, it returns -1 but does +not set +.Xr errno 2 . +.Sh SEE ALSO +.Xr fcntl 2 , +.Xr au_bsm_to_domain 3 , +.Xr au_domain_to_bsm 3 , +.Xr au_bsm_to_socket_type 3 , +.Xr au_socket_type_to_bsm 3 , +.Xr libbsm 3 +.Sh HISTORY +.Fn au_bsm_to_domain +and +.Fn au_domain_to_bsm +were introduced in OpenBSM 1.1. +.Sh AUTHORS +These functions were implemented by +.An Stacey Son +under contract to Apple Inc. +.Pp +The Basic Security Module (BSM) interface to audit records and audit event +stream format were defined by Sun Microsystems. diff --git a/contrib/openbsm/libbsm/audit_submit.3 b/contrib/openbsm/libbsm/audit_submit.3 index 80a2578..b6c28a7 100644 --- a/contrib/openbsm/libbsm/audit_submit.3 +++ b/contrib/openbsm/libbsm/audit_submit.3 @@ -27,7 +27,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#15 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#17 $ .\" .Dd January 18, 2008 .Dt audit_submit 3 @@ -98,14 +98,28 @@ or #include <stdarg.h> #include <errno.h> -int +void audit_bad_su(char *from_login, char *to_login) { + struct auditinfo_addr aia; + struct auditinfo ai; + au_id_t aid; int error; - error = audit_submit(AUE_su, getuid(), 1, EPERM, + error = getaudit_addr(&aia, sizeof(aia)); + if (error < 0 && errno == ENOSYS) { + error = getaudit(&ai); + if (error < 0) + err(1, "getaudit"); + aid = ai.ai_auid; + } else if (error < 0) + err(1, "getaudit_addr"); + else + aid = aia.ai_auid; + error = audit_submit(AUE_su, aid, EPERM, 1, "bad su from %s to %s", from_login, to_login); - return (error); + if (error != 0) + err(1, "audit_submit"); } .Ed .Pp @@ -117,6 +131,13 @@ text,bad su from from csjp to root return,failure : Operation not permitted,1 trailer,94 .Ed +.Sh RETURN VALUES +If successful, +.Nm +will return zero. +Otherwise a -1 is returned and the global variable +.Va errno +is set to indicate the error. .Sh SEE ALSO .Xr auditon 2 , .Xr getaudit 2 , diff --git a/contrib/openbsm/libbsm/bsm_audit.c b/contrib/openbsm/libbsm/bsm_audit.c index 6537b37..9930bc3 100644 --- a/contrib/openbsm/libbsm/bsm_audit.c +++ b/contrib/openbsm/libbsm/bsm_audit.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#35 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#36 $ */ #include <sys/types.h> @@ -237,7 +237,7 @@ au_assemble(au_record_t *rec, short event) */ aia.ai_termid.at_type = AU_IPv4; aia.ai_termid.at_addr[0] = INADDR_ANY; - if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) { + if (audit_get_kaudit(&aia, sizeof(aia)) != 0) { if (errno != ENOSYS && errno != EPERM) return (-1); #endif /* HAVE_AUDIT_SYSCALLS */ diff --git a/contrib/openbsm/libbsm/bsm_control.c b/contrib/openbsm/libbsm/bsm_control.c index 4b8a1d1..a58db0e 100644 --- a/contrib/openbsm/libbsm/bsm_control.c +++ b/contrib/openbsm/libbsm/bsm_control.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004,2009 Apple Inc. + * Copyright (c) 2004, 2009 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * @@ -27,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#28 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#33 $ */ #include <config/config.h> @@ -50,6 +50,8 @@ #include <compat/strlcpy.h> #endif +#include <sys/stat.h> + /* * Parse the contents of the audit_control file to return the audit control * parameters. These static fields are protected by 'mutex'. @@ -220,7 +222,7 @@ au_spacetobytes(size_t *bytes, u_long value, char mult) * nul). */ ssize_t -au_poltostr(long policy, size_t maxsize, char *buf) +au_poltostr(int policy, size_t maxsize, char *buf) { int first = 1; int i = 0; @@ -248,7 +250,7 @@ au_poltostr(long policy, size_t maxsize, char *buf) * ENOMEM) or 0 on success. */ int -au_strtopol(const char *polstr, long *policy) +au_strtopol(const char *polstr, int *policy) { char *bufp, *string; char *buffer; @@ -287,10 +289,27 @@ au_strtopol(const char *polstr, long *policy) static void setac_locked(void) { + static time_t lastctime = 0; + struct stat sbuf; ptrmoved = 1; - if (fp != NULL) + if (fp != NULL) { + /* + * Check to see if the file on disk has changed. If so, + * force a re-read of the file by closing it. + */ + if (fstat(fileno(fp), &sbuf) < 0) + goto closefp; + if (lastctime != sbuf.st_ctime) { + lastctime = sbuf.st_ctime; +closefp: + fclose(fp); + fp = NULL; + return; + } + fseek(fp, 0, SEEK_SET); + } } void diff --git a/contrib/openbsm/libbsm/bsm_domain.c b/contrib/openbsm/libbsm/bsm_domain.c index 496235f..2b011f5 100644 --- a/contrib/openbsm/libbsm/bsm_domain.c +++ b/contrib/openbsm/libbsm/bsm_domain.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#2 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#3 $ */ #include <sys/types.h> @@ -321,13 +321,6 @@ static const struct bsm_domain bsm_domains[] = { PF_NO_LOCAL_MAPPING #endif }, - { BSM_PF_IEEE80211, -#ifdef PF_IEEE80211 - PF_IEEE80211 -#else - PF_NO_LOCAL_MAPPING -#endif - }, { BSM_PF_AX25, #ifdef PF_AX25 PF_AX25 diff --git a/contrib/openbsm/libbsm/bsm_fcntl.c b/contrib/openbsm/libbsm/bsm_fcntl.c new file mode 100644 index 0000000..41b6d0d --- /dev/null +++ b/contrib/openbsm/libbsm/bsm_fcntl.c @@ -0,0 +1,289 @@ +/*- + * Copyright (c) 2008-2009 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_fcntl.c#2 $ + */ + +#include <sys/param.h> +#include <sys/fcntl.h> + +#include <config/config.h> + +#include <bsm/audit_fcntl.h> +#include <bsm/libbsm.h> + +struct bsm_fcntl_cmd { + u_short bfc_bsm_fcntl_cmd; + int bfc_local_fcntl_cmd; +}; +typedef struct bsm_fcntl_cmd bsm_fcntl_cmd_t; + +static const bsm_fcntl_cmd_t bsm_fcntl_cmdtab[] = { + { BSM_F_DUPFD, F_DUPFD }, + { BSM_F_GETFD, F_GETFD }, + { BSM_F_SETFD, F_SETFD }, + { BSM_F_GETFL, F_GETFL }, + { BSM_F_SETFL, F_SETFL }, +#ifdef F_O_GETLK + { BSM_F_O_GETLK, F_O_GETLK }, +#endif + { BSM_F_SETLK, F_SETLK }, + { BSM_F_SETLKW, F_SETLK }, +#ifdef F_CHFL + { BSM_F_CHKFL, F_CHKFL }, +#endif +#ifdef F_DUP2FD + { BSM_F_DUP2FD, F_DUP2FD }, +#endif +#ifdef F_ALLOCSP + { BSM_F_ALLOCSP, F_ALLOCSP }, +#endif +#ifdef F_FREESP + { BSM_F_FREESP, F_FREESP }, +#endif +#ifdef F_ISSTREAM + { BSM_F_ISSTREAM, F_ISSTREAM}, +#endif + { BSM_F_GETLK, F_GETLK }, +#ifdef F_PRIV + { BSM_F_PRIV, F_PRIV }, +#endif +#ifdef F_NPRIV + { BSM_F_NPRIV, F_NPRIV }, +#endif +#ifdef F_QUOTACTL + { BSM_F_QUOTACTL, F_QUOTACTL }, +#endif +#ifdef F_BLOCKS + { BSM_F_BLOCKS, F_BLOCKS }, +#endif +#ifdef F_BLKSIZE + { BSM_F_BLKSIZE, F_BLKSIZE }, +#endif + { BSM_F_GETOWN, F_GETOWN }, + { BSM_F_SETOWN, F_SETOWN }, +#ifdef F_REVOKE + { BSM_F_REVOKE, F_REVOKE }, +#endif +#ifdef F_HASREMOTEBLOCKS + { BSM_F_HASREMOTEBLOCKS, + F_HASREMOTEBLOCKS }, +#endif +#ifdef F_FREESP + { BSM_F_FREESP, F_FREESP }, +#endif +#ifdef F_ALLOCSP + { BSM_F_ALLOCSP, F_ALLOCSP }, +#endif +#ifdef F_FREESP64 + { BSM_F_FREESP64, F_FREESP64 }, +#endif +#ifdef F_ALLOCSP64 + { BSM_F_ALLOCSP64, F_ALLOCSP64 }, +#endif +#ifdef F_GETLK64 + { BSM_F_GETLK64, F_GETLK64 }, +#endif +#ifdef F_SETLK64 + { BSM_F_SETLK64, F_SETLK64 }, +#endif +#ifdef F_SETLKW64 + { BSM_F_SETLKW64, F_SETLKW64 }, +#endif +#ifdef F_SHARE + { BSM_F_SHARE, F_SHARE }, +#endif +#ifdef F_UNSHARE + { BSM_F_UNSHARE, F_UNSHARE }, +#endif +#ifdef F_SETLK_NBMAND + { BSM_F_SETLK_NBMAND, F_SETLK_NBMAND }, +#endif +#ifdef F_SHARE_NBMAND + { BSM_F_SHARE_NBMAND, F_SHARE_NBMAND }, +#endif +#ifdef F_SETLK64_NBMAND + { BSM_F_SETLK64_NBMAND, F_SETLK64_NBMAND }, +#endif +#ifdef F_GETXFL + { BSM_F_GETXFL, F_GETXFL }, +#endif +#ifdef F_BADFD + { BSM_F_BADFD, F_BADFD }, +#endif +#ifdef F_OGETLK + { BSM_F_OGETLK, F_OGETLK }, +#endif +#ifdef F_OSETLK + { BSM_F_OSETLK, F_OSETLK }, +#endif +#ifdef F_OSETLKW + { BSM_F_OSETLKW, F_OSETLKW }, +#endif +#ifdef F_SETLK_REMOTE + { BSM_F_SETLK_REMOTE, F_SETLK_REMOTE }, +#endif + +#ifdef F_SETSIG + { BSM_F_SETSIG, F_SETSIG }, +#endif +#ifdef F_GETSIG + { BSM_F_GETSIG, F_GETSIG }, +#endif + +#ifdef F_CHKCLEAN + { BSM_F_CHKCLEAN, F_CHKCLEAN }, +#endif +#ifdef F_PREALLOCATE + { BSM_F_PREALLOCATE, F_PREALLOCATE }, +#endif +#ifdef F_SETSIZE + { BSM_F_SETSIZE, F_SETSIZE }, +#endif +#ifdef F_RDADVISE + { BSM_F_RDADVISE, F_RDADVISE }, +#endif +#ifdef F_RDAHEAD + { BSM_F_RDAHEAD, F_RDAHEAD }, +#endif +#ifdef F_READBOOTSTRAP + { BSM_F_READBOOTSTRAP, F_READBOOTSTRAP }, +#endif +#ifdef F_WRITEBOOTSTRAP + { BSM_F_WRITEBOOTSTRAP, F_WRITEBOOTSTRAP }, +#endif +#ifdef F_NOCACHE + { BSM_F_NOCACHE, F_NOCACHE }, +#endif +#ifdef F_LOG2PHYS + { BSM_F_LOG2PHYS, F_LOG2PHYS }, +#endif +#ifdef F_GETPATH + { BSM_F_GETPATH, F_GETPATH }, +#endif +#ifdef F_FULLFSYNC + { BSM_F_FULLFSYNC, F_FULLFSYNC }, +#endif +#ifdef F_PATHPKG_CHECK + { BSM_F_PATHPKG_CHECK, F_PATHPKG_CHECK }, +#endif +#ifdef F_FREEZE_FS + { BSM_F_FREEZE_FS, F_FREEZE_FS }, +#endif +#ifdef F_THAW_FS + { BSM_F_THAW_FS, F_THAW_FS }, +#endif +#ifdef F_GLOBAL_NOCACHE + { BSM_F_GLOBAL_NOCACHE, F_GLOBAL_NOCACHE }, +#endif +#ifdef F_OPENFROM + { BSM_F_OPENFROM, F_OPENFROM }, +#endif +#ifdef F_UNLINKFROM + { BSM_F_UNLINKFROM, F_UNLINKFROM }, +#endif +#ifdef F_CHECK_OPENEVT + { BSM_F_CHECK_OPENEVT, F_CHECK_OPENEVT }, +#endif +#ifdef F_ADDSIGS + { BSM_F_ADDSIGS, F_ADDSIGS }, +#endif +#ifdef F_MARKDEPENDENCY + { BSM_F_MARKDEPENDENCY, F_MARKDEPENDENCY }, +#endif + +#ifdef FCNTL_FS_SPECIFIC_BASE + { BSM_F_FS_SPECIFIC_0, FCNTL_FS_SPECIFIC_BASE}, + { BSM_F_FS_SPECIFIC_1, FCNTL_FS_SPECIFIC_BASE + 1}, + { BSM_F_FS_SPECIFIC_2, FCNTL_FS_SPECIFIC_BASE + 2}, + { BSM_F_FS_SPECIFIC_3, FCNTL_FS_SPECIFIC_BASE + 3}, + { BSM_F_FS_SPECIFIC_4, FCNTL_FS_SPECIFIC_BASE + 4}, + { BSM_F_FS_SPECIFIC_5, FCNTL_FS_SPECIFIC_BASE + 5}, + { BSM_F_FS_SPECIFIC_6, FCNTL_FS_SPECIFIC_BASE + 6}, + { BSM_F_FS_SPECIFIC_7, FCNTL_FS_SPECIFIC_BASE + 7}, + { BSM_F_FS_SPECIFIC_8, FCNTL_FS_SPECIFIC_BASE + 8}, + { BSM_F_FS_SPECIFIC_9, FCNTL_FS_SPECIFIC_BASE + 9}, + { BSM_F_FS_SPECIFIC_10, FCNTL_FS_SPECIFIC_BASE + 10}, + { BSM_F_FS_SPECIFIC_11, FCNTL_FS_SPECIFIC_BASE + 11}, + { BSM_F_FS_SPECIFIC_12, FCNTL_FS_SPECIFIC_BASE + 12}, + { BSM_F_FS_SPECIFIC_13, FCNTL_FS_SPECIFIC_BASE + 13}, + { BSM_F_FS_SPECIFIC_14, FCNTL_FS_SPECIFIC_BASE + 14}, + { BSM_F_FS_SPECIFIC_15, FCNTL_FS_SPECIFIC_BASE + 15}, +#endif /* FCNTL_FS_SPECIFIC_BASE */ +}; +static const int bsm_fcntl_cmd_count = sizeof(bsm_fcntl_cmdtab) / + sizeof(bsm_fcntl_cmdtab[0]); + +static const bsm_fcntl_cmd_t * +bsm_lookup_local_fcntl_cmd(int local_fcntl_cmd) +{ + int i; + + for (i = 0; i < bsm_fcntl_cmd_count; i++) { + if (bsm_fcntl_cmdtab[i].bfc_local_fcntl_cmd == + local_fcntl_cmd) + return (&bsm_fcntl_cmdtab[i]); + } + return (NULL); +} + +u_short +au_fcntl_cmd_to_bsm(int local_fcntl_cmd) +{ + const bsm_fcntl_cmd_t *bfcp; + + bfcp = bsm_lookup_local_fcntl_cmd(local_fcntl_cmd); + if (bfcp == NULL) + return (BSM_F_UNKNOWN); + return (bfcp->bfc_bsm_fcntl_cmd); +} + +static const bsm_fcntl_cmd_t * +bsm_lookup_bsm_fcntl_cmd(u_short bsm_fcntl_cmd) +{ + int i; + + for (i = 0; i < bsm_fcntl_cmd_count; i++) { + if (bsm_fcntl_cmdtab[i].bfc_bsm_fcntl_cmd == + bsm_fcntl_cmd) + return (&bsm_fcntl_cmdtab[i]); + } + return (NULL); +} + +int +au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp) +{ + const bsm_fcntl_cmd_t *bfcp; + + bfcp = bsm_lookup_bsm_fcntl_cmd(bsm_fcntl_cmd); + if (bfcp == NULL || bfcp->bfc_local_fcntl_cmd) + return (-1); + *local_fcntl_cmdp = bfcp->bfc_local_fcntl_cmd; + return (0); +} diff --git a/contrib/openbsm/libbsm/bsm_io.c b/contrib/openbsm/libbsm/bsm_io.c index ce07a66..103a95e 100644 --- a/contrib/openbsm/libbsm/bsm_io.c +++ b/contrib/openbsm/libbsm/bsm_io.c @@ -32,7 +32,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#61 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#62 $ */ #include <sys/types.h> @@ -365,6 +365,10 @@ close_tag(FILE *fp, u_char type) fprintf(fp, "/>"); break; + case AUT_SOCKINET128: + fprintf(fp, "/>"); + break; + case AUT_SUBJECT32: fprintf(fp, "/>"); break; @@ -529,13 +533,16 @@ print_tok_type(FILE *fp, u_char type, const char *tokname, char raw, int xml) break; case AUT_SOCKINET32: - fprintf(fp, "<old_socket"); + fprintf(fp, "<socket-inet "); break; case AUT_SOCKUNIX: - fprintf(fp, "<old_socket"); + fprintf(fp, "<socket-unix "); break; + case AUT_SOCKINET128: + fprintf(fp, "<socket-inet6 "); + case AUT_SUBJECT32: fprintf(fp, "<subject "); break; @@ -3067,18 +3074,18 @@ fetch_sock_inet32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; - READ_TOKEN_U_INT16(buf, len, tok->tt.sockinet32.family, tok->len, + READ_TOKEN_U_INT16(buf, len, tok->tt.sockinet_ex32.family, tok->len, err); if (err) return (-1); - READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet32.port, + READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet_ex32.port, sizeof(uint16_t), tok->len, err); if (err) return (-1); - READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet32.addr, - sizeof(tok->tt.sockinet32.addr), tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet_ex32.addr, + sizeof(tok->tt.sockinet_ex32.addr[0]), tok->len, err); if (err) return (-1); @@ -3093,22 +3100,77 @@ print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_tok_type(fp, tok->id, "socket-inet", raw, xml); if (xml) { open_attr(fp, "type"); - print_2_bytes(fp, tok->tt.sockinet32.family, "%u"); + print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u"); + close_attr(fp); + open_attr(fp, "port"); + print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u"); + close_attr(fp); + open_attr(fp, "addr"); + print_ip_address(fp, tok->tt.sockinet_ex32.addr[0]); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u"); + print_delim(fp, del); + print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u"); + print_delim(fp, del); + print_ip_address(fp, tok->tt.sockinet_ex32.addr[0]); + } +} + +/* + * socket family 2 bytes + * local port 2 bytes + * socket address 16 bytes + */ +static int +fetch_sock_inet128_tok(tokenstr_t *tok, u_char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT16(buf, len, tok->tt.sockinet_ex32.family, tok->len, + err); + if (err) + return (-1); + + READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet_ex32.port, + sizeof(uint16_t), tok->len, err); + if (err) + return (-1); + + READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet_ex32.addr, + sizeof(tok->tt.sockinet_ex32.addr), tok->len, err); + if (err) + return (-1); + + return (0); +} + +static void +print_sock_inet128_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + + print_tok_type(fp, tok->id, "socket-inet6", raw, xml); + if (xml) { + open_attr(fp, "type"); + print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u"); close_attr(fp); open_attr(fp, "port"); - print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u"); + print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u"); close_attr(fp); open_attr(fp, "addr"); - print_ip_address(fp, tok->tt.sockinet32.addr); + print_ip_ex_address(fp, AU_IPv6, tok->tt.sockinet_ex32.addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); - print_2_bytes(fp, tok->tt.sockinet32.family, "%u"); + print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u"); print_delim(fp, del); - print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u"); + print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u"); print_delim(fp, del); - print_ip_address(fp, tok->tt.sockinet32.addr); + print_ip_ex_address(fp, AU_IPv6, tok->tt.sockinet_ex32.addr); } } @@ -4057,6 +4119,9 @@ au_fetch_tok(tokenstr_t *tok, u_char *buf, int len) case AUT_SOCKUNIX: return (fetch_sock_unix_tok(tok, buf, len)); + case AUT_SOCKINET128: + return (fetch_sock_inet128_tok(tok, buf, len)); + case AUT_SUBJECT32: return (fetch_subject32_tok(tok, buf, len)); @@ -4226,6 +4291,10 @@ au_print_tok(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm) print_sock_unix_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; + case AUT_SOCKINET128: + print_sock_inet128_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + case AUT_SUBJECT32: print_subject32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; diff --git a/contrib/openbsm/libbsm/bsm_notify.c b/contrib/openbsm/libbsm/bsm_notify.c index 72458aa..df972aa 100644 --- a/contrib/openbsm/libbsm/bsm_notify.c +++ b/contrib/openbsm/libbsm/bsm_notify.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#15 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#17 $ */ /* @@ -60,7 +60,7 @@ static int token = 0; #endif /* AUDIT_NOTIFICATION_ENABLED */ -static long au_cond = AUC_UNSET; /* <bsm/audit.h> */ +static int au_cond = AUC_UNSET; /* <bsm/audit.h> */ uint32_t au_notify_initialize(void) @@ -77,7 +77,7 @@ au_notify_initialize(void) return (status); #endif - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (audit_get_cond(&au_cond) != 0) { syslog(LOG_ERR, "Initial audit status check failed (%s)", strerror(errno)); if (errno == ENOSYS) /* auditon() unimplemented. */ @@ -137,7 +137,7 @@ au_get_state(void) return (au_cond); #endif - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (audit_get_cond(&au_cond) != 0) { /* XXX Reset au_cond to AUC_UNSET? */ syslog(LOG_ERR, "Audit status check failed (%s)", strerror(errno)); @@ -165,16 +165,16 @@ cannot_audit(int val __unused) #ifdef __APPLE__ return (!(au_get_state() == AUC_AUDITING)); #else - long au_cond; + int cond; - if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (audit_get_cond(&cond) != 0) { if (errno != ENOSYS) { syslog(LOG_ERR, "Audit status check failed (%s)", strerror(errno)); } return (1); } - if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED) + if (cond == AUC_NOAUDIT || cond == AUC_DISABLED) return (1); return (0); #endif /* !__APPLE__ */ diff --git a/contrib/openbsm/libbsm/bsm_token.c b/contrib/openbsm/libbsm/bsm_token.c index b33d8d7..bceab6c 100644 --- a/contrib/openbsm/libbsm/bsm_token.c +++ b/contrib/openbsm/libbsm/bsm_token.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#90 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#91 $ */ #include <sys/types.h> @@ -1503,7 +1503,7 @@ au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) if (gettimeofday(&tm, NULL) == -1) return (NULL); - if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) { + if (audit_get_kaudit(&aia, sizeof(aia)) != 0) { if (errno != ENOSYS) return (NULL); return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); diff --git a/contrib/openbsm/libbsm/bsm_wrappers.c b/contrib/openbsm/libbsm/bsm_wrappers.c index 5bcf57c..ab6dc17 100644 --- a/contrib/openbsm/libbsm/bsm_wrappers.c +++ b/contrib/openbsm/libbsm/bsm_wrappers.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#28 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#31 $ */ #ifdef __APPLE__ @@ -63,7 +63,7 @@ audit_submit(short au_event, au_id_t auid, char status, { char text[MAX_AUDITSTRING_LEN]; token_t *token; - long acond; + int acond; va_list ap; pid_t pid; int error, afd, subj_ex; @@ -71,7 +71,7 @@ audit_submit(short au_event, au_id_t auid, char status, struct auditinfo_addr aia; au_tid_t atid; - if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) { + if (audit_get_cond(&acond) != 0) { /* * If auditon(2) returns ENOSYS, then audit has not been * compiled into the kernel, so just return. @@ -178,7 +178,7 @@ audit_submit(short au_event, au_id_t auid, char status, return (-1); } } - token = au_to_return32(status, au_errno_to_bsm(reterr)); + token = au_to_return32(au_errno_to_bsm(status), reterr); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: enable to build return token"); @@ -488,3 +488,336 @@ audit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp, } } #endif /* !__APPLE__ */ + +int +audit_get_cond(int *cond) +{ + int ret; + + ret = auditon(A_GETCOND, cond, sizeof(*cond)); +#ifdef A_OLDGETCOND + if ((0 != ret) && EINVAL == errno) { + long lcond = *cond; + + ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond)); + *cond = (int)lcond; + } +#endif + return (ret); +} + +int +audit_set_cond(int *cond) +{ + int ret; + + ret = auditon(A_SETCOND, cond, sizeof(*cond)); +#ifdef A_OLDSETCOND + if ((0 != ret) && (EINVAL == errno)) { + long lcond = (long)*cond; + + ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond)); + *cond = (int)lcond; + } +#endif + return (ret); +} + +int +audit_get_policy(int *policy) +{ + int ret; + + ret = auditon(A_GETPOLICY, policy, sizeof(*policy)); +#ifdef A_OLDGETPOLICY + if ((0 != ret) && (EINVAL == errno)){ + long lpolicy = (long)*policy; + + ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy)); + *policy = (int)lpolicy; + } +#endif + return (ret); +} + +int +audit_set_policy(int *policy) +{ + int ret; + + ret = auditon(A_SETPOLICY, policy, sizeof(*policy)); +#ifdef A_OLDSETPOLICY + if ((0 != ret) && (EINVAL == errno)){ + long lpolicy = (long)*policy; + + ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy)); + *policy = (int)lpolicy; + } +#endif + return (ret); +} + +int +audit_get_qctrl(au_qctrl_t *qctrl, size_t sz) +{ + int ret; + + if (sizeof(*qctrl) != sz) { + errno = EINVAL; + return (-1); + } + + ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl)); +#ifdef A_OLDGETQCTRL + if ((0 != ret) && (EINVAL == errno)){ + struct old_qctrl { + size_t oq_hiwater; + size_t oq_lowater; + size_t oq_bufsz; + clock_t oq_delay; + int oq_minfree; + } oq; + + oq.oq_hiwater = (size_t)qctrl->aq_hiwater; + oq.oq_lowater = (size_t)qctrl->aq_lowater; + oq.oq_bufsz = (size_t)qctrl->aq_bufsz; + oq.oq_delay = (clock_t)qctrl->aq_delay; + oq.oq_minfree = qctrl->aq_minfree; + + ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq)); + + qctrl->aq_hiwater = (int)oq.oq_hiwater; + qctrl->aq_lowater = (int)oq.oq_lowater; + qctrl->aq_bufsz = (int)oq.oq_bufsz; + qctrl->aq_delay = (int)oq.oq_delay; + qctrl->aq_minfree = oq.oq_minfree; + } +#endif /* A_OLDGETQCTRL */ + return (ret); +} + +int +audit_set_qctrl(au_qctrl_t *qctrl, size_t sz) +{ + int ret; + + if (sizeof(*qctrl) != sz) { + errno = EINVAL; + return (-1); + } + + ret = auditon(A_SETQCTRL, qctrl, sz); +#ifdef A_OLDSETQCTRL + if ((0 != ret) && (EINVAL == errno)) { + struct old_qctrl { + size_t oq_hiwater; + size_t oq_lowater; + size_t oq_bufsz; + clock_t oq_delay; + int oq_minfree; + } oq; + + oq.oq_hiwater = (size_t)qctrl->aq_hiwater; + oq.oq_lowater = (size_t)qctrl->aq_lowater; + oq.oq_bufsz = (size_t)qctrl->aq_bufsz; + oq.oq_delay = (clock_t)qctrl->aq_delay; + oq.oq_minfree = qctrl->aq_minfree; + + ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq)); + + qctrl->aq_hiwater = (int)oq.oq_hiwater; + qctrl->aq_lowater = (int)oq.oq_lowater; + qctrl->aq_bufsz = (int)oq.oq_bufsz; + qctrl->aq_delay = (int)oq.oq_delay; + qctrl->aq_minfree = oq.oq_minfree; + } +#endif /* A_OLDSETQCTRL */ + return (ret); +} + +int +audit_send_trigger(int *trigger) +{ + + return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger))); +} + +int +audit_get_kaudit(auditinfo_addr_t *aia, size_t sz) +{ + + if (sizeof(*aia) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_GETKAUDIT, aia, sz)); +} + +int +audit_set_kaudit(auditinfo_addr_t *aia, size_t sz) +{ + + if (sizeof(*aia) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_SETKAUDIT, aia, sz)); +} + +int +audit_get_class(au_evclass_map_t *evc_map, size_t sz) +{ + + if (sizeof(*evc_map) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_GETCLASS, evc_map, sz)); +} + +int +audit_set_class(au_evclass_map_t *evc_map, size_t sz) +{ + + if (sizeof(*evc_map) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_SETCLASS, evc_map, sz)); +} + +int +audit_get_kmask(au_mask_t *kmask, size_t sz) +{ + if (sizeof(*kmask) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_GETKMASK, kmask, sz)); +} + +int +audit_set_kmask(au_mask_t *kmask, size_t sz) +{ + if (sizeof(*kmask) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_SETKMASK, kmask, sz)); +} + +int +audit_get_fsize(au_fstat_t *fstat, size_t sz) +{ + + if (sizeof(*fstat) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_GETFSIZE, fstat, sz)); +} + +int +audit_set_fsize(au_fstat_t *fstat, size_t sz) +{ + + if (sizeof(*fstat) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_SETFSIZE, fstat, sz)); +} + +int +audit_set_pmask(auditpinfo_t *api, size_t sz) +{ + + if (sizeof(*api) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_SETPMASK, api, sz)); +} + +int +audit_get_pinfo(auditpinfo_t *api, size_t sz) +{ + + if (sizeof(*api) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_GETPINFO, api, sz)); +} + +int +audit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz) +{ + + if (sizeof(*apia) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_GETPINFO_ADDR, apia, sz)); +} + +int +audit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz) +{ + + if (sizeof(*aia) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_GETSINFO_ADDR, aia, sz)); +} + +int +audit_get_stat(au_stat_t *stats, size_t sz) +{ + + if (sizeof(*stats) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_GETSTAT, stats, sz)); +} + +int +audit_set_stat(au_stat_t *stats, size_t sz) +{ + + if (sizeof(*stats) != sz) { + errno = EINVAL; + return (-1); + } + + return (auditon(A_GETSTAT, stats, sz)); +} + +int +audit_get_cwd(char *path, size_t sz) +{ + + return (auditon(A_GETCWD, path, sz)); +} + +int +audit_get_car(char *path, size_t sz) +{ + + return (auditon(A_GETCAR, path, sz)); +} diff --git a/contrib/openbsm/libbsm/libbsm.3 b/contrib/openbsm/libbsm/libbsm.3 index f059e28..151e048 100644 --- a/contrib/openbsm/libbsm/libbsm.3 +++ b/contrib/openbsm/libbsm/libbsm.3 @@ -1,6 +1,6 @@ .\"- .\" Copyright (c) 2005-2007 Robert N. M. Watson -.\" Copyright (c) 2008 Apple Inc. +.\" Copyright (c) 2008-2009 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -24,9 +24,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#16 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#17 $ .\" -.Dd November 12, 2008 +.Dd March 5, 2009 .Dt LIBBSM 3 .Os .Sh NAME @@ -200,9 +200,11 @@ number, socket type, and protocol famil spaces, and must be used to generate and interpret BSM return and extended socket tokens: .Xr au_bsm_to_domain 3 , .Xr au_bsm_to_errno 3 , +.Xr au_bsm_to_fcntl_cmd 3 , .Xr au_bsm_to_socket_type 3 , .Xr au_domain_to_bsm 3 , .Xr au_errno_to_bsm 3 , +.Xr au_fcntl_cmd_to_bsm 3 , .Xr au_socket_type_to_bsm 3 . .Sh SEE ALSO .Xr au_class 3 , |