diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-06-05 10:52:12 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-06-05 10:52:12 +0000 |
commit | 4c355f6b7d92ffbb9cd7fcc7eca2b6364c3bace7 (patch) | |
tree | 32e83e301da59f20a423c5b1cac506030cade870 /contrib/openbsm/libbsm | |
parent | 571f2f563f5e4a509d7a05efe83598055c520854 (diff) | |
parent | f7669e641742373606ef85a4855b7028f5b564a5 (diff) | |
download | FreeBSD-src-4c355f6b7d92ffbb9cd7fcc7eca2b6364c3bace7.zip FreeBSD-src-4c355f6b7d92ffbb9cd7fcc7eca2b6364c3bace7.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r159248,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'contrib/openbsm/libbsm')
-rw-r--r-- | contrib/openbsm/libbsm/Makefile.am | 3 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/Makefile.in | 3 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/au_open.3 | 149 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/au_token.3 | 15 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/audit_submit.3 | 126 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_audit.c | 26 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_io.c | 98 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_token.c | 87 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_wrappers.c | 127 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/libbsm.3 | 5 |
10 files changed, 533 insertions, 106 deletions
diff --git a/contrib/openbsm/libbsm/Makefile.am b/contrib/openbsm/libbsm/Makefile.am index 09f4ae4..5e4a317 100644 --- a/contrib/openbsm/libbsm/Makefile.am +++ b/contrib/openbsm/libbsm/Makefile.am @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#3 $ # INCLUDES = -I$(top_srcdir) @@ -30,6 +30,7 @@ man3_MANS = \ au_free_token.3 \ au_io.3 \ au_mask.3 \ + au_open.3 \ au_token.3 \ au_user.3 \ libbsm.3 diff --git a/contrib/openbsm/libbsm/Makefile.in b/contrib/openbsm/libbsm/Makefile.in index de9530c..fb9ef39 100644 --- a/contrib/openbsm/libbsm/Makefile.in +++ b/contrib/openbsm/libbsm/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#3 $ +# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#4 $ # srcdir = @srcdir@ @@ -204,6 +204,7 @@ man3_MANS = \ au_free_token.3 \ au_io.3 \ au_mask.3 \ + au_open.3 \ au_token.3 \ au_user.3 \ libbsm.3 diff --git a/contrib/openbsm/libbsm/au_open.3 b/contrib/openbsm/libbsm/au_open.3 new file mode 100644 index 0000000..569940e --- /dev/null +++ b/contrib/openbsm/libbsm/au_open.3 @@ -0,0 +1,149 @@ +.\"- +.\" Copyright (c) 2006 Robert N. M. Watson +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 $ +.\" +.Dd March 4, 2006 +.Dt AU_OPEN 3 +.Os +.Sh NAME +.Nm au_open , +.Nm au_write , +.Nm au_close , +.Nm au_close_buffer +.Nd "Create and commit audit records" +.Sh LIBRARY +.Lb libbsm +.Sh SYNOPSIS +.In libbsm.h +.Ft int +.Fn au_open "void" +.Ft int +.Fn au_write "int d" "token_t *tok" +.Ft int +.Fn au_close "int d" "int keep" "short event" +.Ft int +.Fn au_close_buffer "int d" "short event" "u_char *buffer" "size_t *buflen" +.Ft int +.Fn au_close_token "token_t *tok" "u_char *buffer" "size_t *buflen" +.Sh DESCRIPTION +These interfaces allow applications to allocate audit records, construct a +record using a series of tokens, and commit the audit record to the system +event log. +An extension API is also provided to commit the record to an in-memory +buffer rather than the system audit log. +.Pp +The +.Fn au_open +interface allocates a new audit record descriptor. +.Pp +The +.Fn au_write +interface adds a token to an allocated audit descriptor. +When a token has been successfully added to a record, the caller no longer +owns the token memory, and does not need to free it directly via a call to +.Xr au_free_token 3 . +.Pp +The +.Fn au_close +function is used to commit an audit record to the system audit log, or +abandon the record. +In either cases, all resources associated with the record will be released. +The +.Va keep +argument determines the behavior: a value of +.Dv AU_TO_WRITE +causes the record to be committed; a value of +.Dv AU_TO_NO_WRITE +causes it to be abandoned. +When the audit record is committed, a BSM header will be inserted before +tokens added to the record, using the event identifier passed via +.Va event , +and a trailer added to the end. +Committing a record to the system audit log requires privilege. +.Pp +The +.Fn au_close_buffer +function writes the resulting record to an in-memory buffer of size +.Va *buflen ; +it will write back the filled buffer length into the same variable. +The argument +.Va short +is the event identifier to use in the record header. +.Pp +The +.Fn au_close_token +function generates the BSM stream output for a single token, +.Va tok , +in the passed buffer +.Va buffer . +The initial buffer size and resulting data size are passed via +.Va *buflen . +.Fn au_close_token +will free the token before returning. +.Sh RETURN VALUES +The function +.Fn au_open +returns a non-negative audit record descriptor number on success, or a +negative value on failure, along with error information in +.Va errno . +.Pp +The functions +.Fn au_write , +.Fn au_close , +.Fn au_close_buffer , +and +.Fn au_close_token +return 0 on success, or a negative value on failure, along with error +information in +.Va errno . +.Sh SEE ALSO +.Xr libbsm 3 +.Sh AUTHORS +This software was created by Robert Watson, Wayne Salamon, and Suresh +Krishnaswamy for McAfee Research, the security research division of McAfee, +Inc., under contract to Apple Computer, Inc. +.Pp +The Basic Security Module (BSM) interface to audit records and audit event +stream format were defined by Sun Microsystems. +.Sh HISTORY +The OpenBSM implementation was created by McAfee Research, the security +division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. +It was subsequently adopted by the TrustedBSD Project as the foundation for +the OpenBSM distribution. +.Sh BUGS +Currently, +.Fn au_open +does not reserve kernel resources necessary to commit the record to the +trail; on systems supporting +.Fn au_close , +the call will block until resources are available to commit the record. +However, this leads to the possibility of an action being permitted without +the record being guaranteed to go to disk. +Ideally, +.Fn au_open +would reserve resources necessary to commit any submitted record, releasing +them on +.Fn au_close . diff --git a/contrib/openbsm/libbsm/au_token.3 b/contrib/openbsm/libbsm/au_token.3 index cdf871b..5b2ad30 100644 --- a/contrib/openbsm/libbsm/au_token.3 +++ b/contrib/openbsm/libbsm/au_token.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#5 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#7 $ .\" .Dd April 19, 2005 .Dt AU_TOKEN 3 @@ -57,9 +57,6 @@ .Nm au_to_return64 , .Nm au_to_return , .Nm au_to_seq , -.Nm au_to_socket , -.Nm au_to_socket_ex_32 , -.Nm au_to_socket_ex_128 , .Nm au_to_sock_inet32 , .Nm au_to_sock_inet128 , .Nm au_to_sock_inet , @@ -116,9 +113,7 @@ .Ft token_t * .Fn au_to_opaque "char *data" "u_int64_t bytes" .Ft token_t * -.Fn au_to_file "char *file" -.Ft token_t * -.Fn au_to_file "char *file" +.Fn au_to_file "char *file" "struct timeval tm" .Ft token_t * .Fn au_to_text "char *text" .Ft token_t * @@ -140,12 +135,6 @@ .Ft token_t * .Fn au_to_seq "long audit_count" .Ft token_t * -.Fn au_to_socket "struct socket *so" -.Ft token_t * -.Fn au_to_socket_ex_32 "struct socket *so" -.Ft token_t * -.Fn au_to_socket_ex_128 "struct socket *so" -.Ft token_t * .Fn au_to_sock_inet32 "struct sockaddr_in *so" .Ft token_t * .Fn au_to_sock_inet128 "struct sockaddr_in6 *so" diff --git a/contrib/openbsm/libbsm/audit_submit.3 b/contrib/openbsm/libbsm/audit_submit.3 new file mode 100644 index 0000000..9e4d230 --- /dev/null +++ b/contrib/openbsm/libbsm/audit_submit.3 @@ -0,0 +1,126 @@ +.\" +.\" Copyright (c) 2006 Christian S.J. Peron +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of +.\" its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR +.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#8 $ +.\" +.Dd May 29, 2006 +.Dt audit_submit 3 +.Os +.Sh NAME +.Nm audit_submit +.Nd general purpose audit record submission +.Sh LIBRARY +.Lb libbsm +.Sh SYNOPSIS +.In stdio.h +.Ft int +.Fn audit_submit "short au_event" "au_id_t auid" "char status" "int reterr" "const char * restrict format" ... +.Sh DESCRIPTION +The +.Nm +function provides a generic programming interface for audit record submission. +This audit record will contain a header, subject token, an optional text token, +return token, and a trailer. +The header will contain the event class specified by +.Fa au_event . +The subject token will be generated based on +.Fa au_ctx . +The return token is dependant on the +.Fa status +and +.Fa reterr +arguments. +Optionally, a text token will be created as a part of this record. +.Pp +Text token output is under the control of a +.Fa format +string that specifies how subsequent arguments (or arguments accessed via the +variable-length argument facilities of +.Xr stdarg 3 ) +are converted for output. +If +.Fa format +is NULL, then no text token is created in the audit record. +.Pp +It should be noted that +.Nm +assumes that +.Xr setaudit 2 , +or +.Xr setaudit_addr 2 +has already been called. +As a direct result, the terminal ID for the +subject will be retrieved from the kernel via +.Xr getaudit 2 , +or +.Xr getaudit_addr 2 . +.Sh EXAMPLES +.Bd -literal -offset indent +#include <bsm/audit.h> +#include <bsm/libbsm.h> +#include <bsm/audit_uevents.h> + +#include <stdio.h> +#include <stdarg.h> +#include <errno.h> + +int +audit_bad_su(char *from_login, char *to_login) +{ + int error; + + error = audit_submit(AUE_su, getuid(), 1, EPERM, + "bad su from %s to %s", from_login, to_login); + return (error); +} +.Ed +.Pp +Will generate the following audit record: +.Bd -literal -offset indent +header,94,1,su(1),0,Mon Apr 17 23:23:59 2006, + 271 msec +subject,root,root,wheel,root,wheel,652,652,0,0.0.0.0 +text,bad su from from csjp to root +return,failure : Operation not permitted,1 +trailer,94 +.Ed +.Sh SEE ALSO +.Xr auditon 2 , +.Xr getaudit 2 , +.Xr libbsm 3 , +.Xr stdarg 3 +.Sh HISTORY +The +.Nm +function first appeared in OpenBSM version 1.0. +OpenBSM 1.0 was introduced in FreeBSD 7.0. +.Sh AUTHORS +The +.Nm +function was written by +.An Christian S.J. Peron Aq csjp@FreeBSD.org . diff --git a/contrib/openbsm/libbsm/bsm_audit.c b/contrib/openbsm/libbsm/bsm_audit.c index 2e07fd8..d959a30 100644 --- a/contrib/openbsm/libbsm/bsm_audit.c +++ b/contrib/openbsm/libbsm/bsm_audit.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#22 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#26 $ */ #include <sys/types.h> @@ -280,12 +280,11 @@ au_close(int d, int keep, short event) return (-1); /* Invalid descriptor */ } - if (!keep) { + if (keep == AU_TO_NO_WRITE) { retval = 0; goto cleanup; } - tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE; if (tot_rec_size > MAX_AUDIT_RECORD_SIZE) { @@ -361,3 +360,24 @@ cleanup: au_teardown(rec); return (retval); } + +/* + * au_close_token() returns the byte format of a token_t. This won't + * generally be used by applications, but is quite useful for writing test + * tools. Will free the token on either success or failure. + */ +int +au_close_token(token_t *tok, u_char *buffer, size_t *buflen) +{ + + if (tok->len > *buflen) { + au_free_token(tok); + errno = ENOMEM; + return (EINVAL); + } + + memcpy(buffer, tok->t_data, tok->len); + *buflen = tok->len; + au_free_token(tok); + return (0); +} diff --git a/contrib/openbsm/libbsm/bsm_io.c b/contrib/openbsm/libbsm/bsm_io.c index 364532e..5f678fb 100644 --- a/contrib/openbsm/libbsm/bsm_io.c +++ b/contrib/openbsm/libbsm/bsm_io.c @@ -31,7 +31,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#34 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#37 $ */ #include <sys/types.h> @@ -893,6 +893,7 @@ fetch_arb_tok(tokenstr_t *tok, char *buf, int len) */ switch(tok->tt.arb.bu) { case AUR_BYTE: + /* case AUR_CHAR: */ datasize = AUR_BYTE_SIZE; break; @@ -900,8 +901,13 @@ fetch_arb_tok(tokenstr_t *tok, char *buf, int len) datasize = AUR_SHORT_SIZE; break; - case AUR_LONG: - datasize = AUR_LONG_SIZE; + case AUR_INT32: + /* case AUR_INT: */ + datasize = AUR_INT32_SIZE; + break; + + case AUR_INT64: + datasize = AUR_INT64_SIZE; break; default: @@ -962,6 +968,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_delim(fp, del); switch(tok->tt.arb.bu) { case AUR_BYTE: + /* case AUR_CHAR: */ str = "byte"; size = AUR_BYTE_SIZE; print_string(fp, str, strlen(str)); @@ -979,23 +986,36 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_delim(fp, del); print_1_byte(fp, tok->tt.arb.uc, "%u"); print_delim(fp, del); - for (i = 0; i<tok->tt.arb.uc; i++) + for (i = 0; i < tok->tt.arb.uc; i++) fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data + (size * i)))); break; - case AUR_LONG: + case AUR_INT32: + /* case AUR_INT: */ str = "int"; - size = AUR_LONG_SIZE; + size = AUR_INT32_SIZE; print_string(fp, str, strlen(str)); print_delim(fp, del); print_1_byte(fp, tok->tt.arb.uc, "%u"); print_delim(fp, del); - for (i = 0; i<tok->tt.arb.uc; i++) + for (i = 0; i < tok->tt.arb.uc; i++) fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data + (size * i)))); break; + case AUR_INT64: + str = "int64"; + size = AUR_INT64_SIZE; + print_string(fp, str, strlen(str)); + print_delim(fp, del); + print_1_byte(fp, tok->tt.arb.uc, "%u"); + print_delim(fp, del); + for (i = 0; i < tok->tt.arb.uc; i++) + fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data + + (size * i)))); + break; + default: return; } @@ -1336,7 +1356,8 @@ fetch_inaddr_tok(tokenstr_t *tok, char *buf, int len) { int err = 0; - READ_TOKEN_U_INT32(buf, len, tok->tt.inaddr.addr, tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr.addr, sizeof(uint32_t), + tok->len, err); if (err) return (-1); @@ -1410,15 +1431,18 @@ fetch_ip_tok(tokenstr_t *tok, char *buf, int len) if (err) return (-1); - READ_TOKEN_U_INT16(buf, len, tok->tt.ip.len, tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.ip.len, sizeof(uint16_t), + tok->len, err); if (err) return (-1); - READ_TOKEN_U_INT16(buf, len, tok->tt.ip.id, tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.ip.id, sizeof(uint16_t), + tok->len, err); if (err) return (-1); - READ_TOKEN_U_INT16(buf, len, tok->tt.ip.offset, tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.ip.offset, sizeof(uint16_t), + tok->len, err); if (err) return (-1); @@ -1430,7 +1454,8 @@ fetch_ip_tok(tokenstr_t *tok, char *buf, int len) if (err) return (-1); - READ_TOKEN_U_INT16(buf, len, tok->tt.ip.chksm, tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.ip.chksm, sizeof(uint16_t), + tok->len, err); if (err) return (-1); @@ -1458,17 +1483,17 @@ print_ip_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_delim(fp, del); print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char)); print_delim(fp, del); - print_2_bytes(fp, tok->tt.ip.len, "%u"); + print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u"); print_delim(fp, del); - print_2_bytes(fp, tok->tt.ip.id, "%u"); + print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u"); print_delim(fp, del); - print_2_bytes(fp, tok->tt.ip.offset, "%u"); + print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u"); print_delim(fp, del); print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char)); print_delim(fp, del); print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char)); print_delim(fp, del); - print_2_bytes(fp, tok->tt.ip.chksm, "%u"); + print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u"); print_delim(fp, del); print_ip_address(fp, tok->tt.ip.src); print_delim(fp, del); @@ -1582,7 +1607,8 @@ fetch_iport_tok(tokenstr_t *tok, char *buf, int len) { int err = 0; - READ_TOKEN_U_INT16(buf, len, tok->tt.iport.port, tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.iport.port, sizeof(uint16_t), + tok->len, err); if (err) return (-1); @@ -1596,7 +1622,7 @@ print_iport_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_tok_type(fp, tok->id, "ip port", raw); print_delim(fp, del); - print_2_bytes(fp, tok->tt.iport.port, "%#x"); + print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x"); } /* @@ -1712,7 +1738,8 @@ fetch_process32_tok(tokenstr_t *tok, char *buf, int len) if (err) return (-1); - READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.tid.addr, tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.proc32.tid.addr, + sizeof(tok->tt.proc32.tid.addr), tok->len, err); if (err) return (-1); @@ -1931,7 +1958,8 @@ fetch_sock_inet32_tok(tokenstr_t *tok, char *buf, int len) if (err) return (-1); - READ_TOKEN_U_INT16(buf, len, tok->tt.sockinet32.port, tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet32.port, + sizeof(uint16_t), tok->len, err); if (err) return (-1); @@ -1952,7 +1980,7 @@ print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_delim(fp, del); print_2_bytes(fp, tok->tt.sockinet32.family, "%u"); print_delim(fp, del); - print_2_bytes(fp, tok->tt.sockinet32.port, "%u"); + print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u"); print_delim(fp, del); print_ip_address(fp, tok->tt.sockinet32.addr); } @@ -1961,7 +1989,8 @@ print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, * socket family 2 bytes * path 104 bytes */ -static int fetch_sock_unix_tok(tokenstr_t *tok, char *buf, int len) +static int +fetch_sock_unix_tok(tokenstr_t *tok, char *buf, int len) { int err = 0; @@ -1997,7 +2026,8 @@ print_sock_unix_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, * remote port 2 bytes * remote address 4 bytes */ -static int fetch_socket_tok(tokenstr_t *tok, char *buf, int len) +static int +fetch_socket_tok(tokenstr_t *tok, char *buf, int len) { int err = 0; @@ -2005,7 +2035,8 @@ static int fetch_socket_tok(tokenstr_t *tok, char *buf, int len) if (err) return (-1); - READ_TOKEN_U_INT16(buf, len, tok->tt.socket.l_port, tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.socket.l_port, sizeof(uint16_t), + tok->len, err); if (err) return (-1); @@ -2014,7 +2045,8 @@ static int fetch_socket_tok(tokenstr_t *tok, char *buf, int len) if (err) return (-1); - READ_TOKEN_U_INT16(buf, len, tok->tt.socket.r_port, tok->len, err); + READ_TOKEN_BYTES(buf, len, &tok->tt.socket.r_port, sizeof(uint16_t), + tok->len, err); if (err) return (-1); @@ -2035,11 +2067,11 @@ print_socket_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_delim(fp, del); print_2_bytes(fp, tok->tt.socket.type, "%u"); print_delim(fp, del); - print_2_bytes(fp, tok->tt.socket.l_port, "%u"); + print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u"); print_delim(fp, del); print_ip_address(fp, tok->tt.socket.l_addr); print_delim(fp, del); - print_2_bytes(fp, tok->tt.socket.r_port, "%u"); + print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u"); print_delim(fp, del); print_ip_address(fp, tok->tt.socket.r_addr); } @@ -2359,8 +2391,8 @@ fetch_socketex32_tok(tokenstr_t *tok, char *buf, int len) if (err) return (-1); - READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.l_port, tok->len, - err); + READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.l_port, + sizeof(uint16_t), tok->len, err); if (err) return (-1); @@ -2374,8 +2406,8 @@ fetch_socketex32_tok(tokenstr_t *tok, char *buf, int len) if (err) return (-1); - READ_TOKEN_U_INT32(buf, len, tok->tt.socket_ex32.r_port, tok->len, - err); + READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.r_port, + sizeof(uint16_t), tok->len, err); if (err) return (-1); @@ -2401,11 +2433,11 @@ print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_delim(fp, del); print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x"); print_delim(fp, del); - print_2_bytes(fp, tok->tt.socket_ex32.l_port, "%#x"); + print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x"); print_delim(fp, del); print_ip_address(fp, tok->tt.socket_ex32.l_addr); print_delim(fp, del); - print_4_bytes(fp, tok->tt.socket_ex32.r_port, "%#x"); + print_4_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x"); print_delim(fp, del); print_ip_address(fp, tok->tt.socket_ex32.r_addr); } diff --git a/contrib/openbsm/libbsm/bsm_token.c b/contrib/openbsm/libbsm/bsm_token.c index 880c700..98991ad 100644 --- a/contrib/openbsm/libbsm/bsm_token.c +++ b/contrib/openbsm/libbsm/bsm_token.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#43 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#47 $ */ #include <sys/types.h> @@ -243,6 +243,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p) /* Determine the size of the basic unit. */ switch (unit_type) { case AUR_BYTE: + /* case AUR_CHAR: */ datasize = AUR_BYTE_SIZE; break; @@ -250,8 +251,13 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p) datasize = AUR_SHORT_SIZE; break; - case AUR_LONG: - datasize = AUR_LONG_SIZE; + case AUR_INT32: + /* case AUR_INT: */ + datasize = AUR_INT32_SIZE; + break; + + case AUR_INT64: + datasize = AUR_INT64_SIZE; break; default: @@ -261,7 +267,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p) totdata = datasize * unit_count; - GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char)); + GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); if (t == NULL) return (NULL); @@ -341,12 +347,12 @@ au_to_in_addr(struct in_addr *internet_addr) token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_IN_ADDR); - ADD_U_INT32(dptr, internet_addr->s_addr); + ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); return (t); } @@ -363,13 +369,13 @@ au_to_in_addr_ex(struct in6_addr *internet_addr) u_char *dptr = NULL; u_int32_t type = AF_INET6; - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); ADD_U_INT32(dptr, type); - ADD_MEM(dptr, internet_addr, sizeof(*internet_addr)); + ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t)); return (t); } @@ -528,23 +534,12 @@ au_to_opaque(char *data, u_int16_t bytes) * file pathname N bytes + 1 terminating NULL byte */ token_t * -#if defined(KERNEL) || defined(_KERNEL) au_to_file(char *file, struct timeval tm) -#else -au_to_file(char *file) -#endif { token_t *t; u_char *dptr = NULL; u_int16_t filelen; u_int32_t timems; -#if !defined(KERNEL) && !defined(_KERNEL) - struct timeval tm; - struct timezone tzp; - - if (gettimeofday(&tm, &tzp) == -1) - return (NULL); -#endif filelen = strlen(file); filelen += 1; @@ -650,7 +645,7 @@ au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); - ADD_U_INT32(dptr, tid->machine); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } @@ -837,21 +832,28 @@ au_to_sock_inet32(struct sockaddr_in *so) { token_t *t; u_char *dptr = NULL; + uint16_t family; - GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + - sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + + sizeof(uint32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_SOCKINET32); /* - * In Darwin, sin_family is one octet, but BSM defines the token - * to store two. So we copy in a 0 first. + * BSM defines the family field as 16 bits, but many operating + * systems have an 8-bit sin_family field. Extend to 16 bits before + * writing into the token. Assume that both the port and the address + * in the sockaddr_in are already in network byte order, but family + * is in local byte order. + * + * XXXRW: Should a name space conversion be taking place on the value + * of sin_family? */ - ADD_U_CHAR(dptr, 0); - ADD_U_CHAR(dptr, so->sin_family); - ADD_U_INT16(dptr, so->sin_port); - ADD_U_INT32(dptr, so->sin_addr.s_addr); + family = so->sin_family; + ADD_U_INT16(dptr, family); + ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); + ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); return (t); @@ -877,7 +879,7 @@ au_to_sock_inet128(struct sockaddr_in6 *so) ADD_U_CHAR(dptr, so->sin6_family); ADD_U_INT16(dptr, so->sin6_port); - ADD_MEM(dptr, &so->sin6_addr, sizeof(so->sin6_addr)); + ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); return (t); @@ -923,7 +925,7 @@ au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); - ADD_U_INT32(dptr, tid->machine); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } @@ -1117,23 +1119,12 @@ au_to_exec_env(const char **env) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * -#if defined(KERNEL) || defined(_KERNEL) -au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod, +au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm) -#else -au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) -#endif { token_t *t; u_char *dptr = NULL; u_int32_t timems; -#if !defined(KERNEL) && !defined(_KERNEL) - struct timeval tm; - struct timezone tzp; - - if (gettimeofday(&tm, &tzp) == -1) - return (NULL); -#endif GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); @@ -1154,6 +1145,17 @@ au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) return (t); } +#if !defined(KERNEL) && !defined(_KERNEL) +token_t * +au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) +{ + struct timeval tm; + + if (gettimeofday(&tm, NULL) == -1) + return (NULL); + return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); +} + token_t * au_to_header64(__unused int rec_size, __unused au_event_t e_type, __unused au_emod_t e_mod) @@ -1169,6 +1171,7 @@ au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) return (au_to_header32(rec_size, e_type, e_mod)); } +#endif /* * token ID 1 byte diff --git a/contrib/openbsm/libbsm/bsm_wrappers.c b/contrib/openbsm/libbsm/bsm_wrappers.c index 72020ce..98f286c 100644 --- a/contrib/openbsm/libbsm/bsm_wrappers.c +++ b/contrib/openbsm/libbsm/bsm_wrappers.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#18 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#23 $ */ #ifdef __APPLE__ @@ -46,6 +46,7 @@ #include <unistd.h> #include <syslog.h> +#include <stdarg.h> #include <string.h> #include <errno.h> @@ -53,6 +54,115 @@ int audit_set_terminal_port(dev_t *p); int audit_set_terminal_host(uint32_t *m); +/* + * General purpose audit submission mechanism for userspace. + */ +int +audit_submit(short au_event, au_id_t auid, char status, + int reterr, const char *fmt, ...) +{ + char text[MAX_AUDITSTRING_LEN]; + token_t *token; + long acond; + va_list ap; + pid_t pid; + int error, afd; + struct auditinfo ai; + + if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) { + /* + * If auditon(2) returns ENOSYS, then audit has not been + * compiled into the kernel, so just return. + */ + if (errno == ENOSYS) + return (0); + error = errno; + syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", + strerror(errno)); + errno = error; + return (-1); + } + if (acond == AUC_NOAUDIT) + return (0); + afd = au_open(); + if (afd < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", + strerror(errno)); + errno = error; + return (-1); + } + if (getaudit(&ai) < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", + strerror(errno)); + errno = error; + return (-1); + } + pid = getpid(); + token = au_to_subject32(auid, geteuid(), getegid(), + getuid(), getgid(), pid, pid, &ai.ai_termid); + if (token == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "audit: unable to build subject token"); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = EPERM; + return (-1); + } + if (au_write(afd, token) < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = error; + return (-1); + } + if (fmt != NULL) { + va_start(ap, fmt); + (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); + va_end(ap); + token = au_to_text(text); + if (token == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "audit: failed to generate text token"); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = EPERM; + return (-1); + } + if (au_write(afd, token) < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = error; + return (-1); + } + } + token = au_to_return32(status, reterr); + if (token == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "audit: enable to build return token"); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = EPERM; + return (-1); + } + if (au_write(afd, token) < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = error; + return (-1); + } + if (au_close(afd, AU_TO_WRITE, au_event) < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); + errno = error; + return (-1); + } + return (0); +} + int audit_set_terminal_port(dev_t *p) { @@ -130,7 +240,7 @@ audit_set_terminal_id(au_tid_t *tid) * tok = au_to_random_token_2(...); * au_write(aufd, tok); * ... - * au_close(aufd, 1, AUE_your_event_type); + * au_close(aufd, AU_TO_WRITE, AUE_your_event_type); * * Assumes, like all wrapper calls, that the caller has previously checked * that auditing is enabled via the audit_get_state() call. @@ -156,7 +266,7 @@ audit_write(short event_code, token_t *subject, token_t *misctok, char retval, if (subject && au_write(aufd, subject) == -1) { au_free_token(subject); au_free_token(misctok); - (void)au_close(aufd, 0, event_code); + (void)au_close(aufd, AU_TO_WRITE, event_code); syslog(LOG_ERR, "%s: write of subject failed", func); return (kAUWriteSubjectTokErr); } @@ -164,31 +274,30 @@ audit_write(short event_code, token_t *subject, token_t *misctok, char retval, /* Save the event-specific token. */ if (misctok && au_write(aufd, misctok) == -1) { au_free_token(misctok); - (void)au_close(aufd, 0, event_code); + (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: write of caller token failed", func); return (kAUWriteCallerTokErr); } /* Tokenize and save the return value. */ if ((rettok = au_to_return32(retval, errcode)) == NULL) { - (void)au_close(aufd, 0, event_code); + (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: au_to_return32() failed", func); return (kAUMakeReturnTokErr); } if (au_write(aufd, rettok) == -1) { au_free_token(rettok); - (void)au_close(aufd, 0, event_code); + (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: write of return code failed", func); return (kAUWriteReturnTokErr); } /* - * au_close()'s second argument is "keep": if keep == 0, the record is - * discarded. We assume the caller wouldn't have bothered with this + * We assume the caller wouldn't have bothered with this * function if it hadn't already decided to keep the record. */ - if (au_close(aufd, 1, event_code) < 0) { + if (au_close(aufd, AU_TO_WRITE, event_code) < 0) { syslog(LOG_ERR, "%s: au_close() failed", func); return (kAUCloseErr); } diff --git a/contrib/openbsm/libbsm/libbsm.3 b/contrib/openbsm/libbsm/libbsm.3 index c2ea877..df0c3c1 100644 --- a/contrib/openbsm/libbsm/libbsm.3 +++ b/contrib/openbsm/libbsm/libbsm.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#4 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#5 $ .\" .Dd April 19, 2005 .Dt LIBBSM 3 @@ -158,9 +158,6 @@ representation. .Xr au_to_return32 3 , .Xr au_to_return64 3 , .Xr au_to_seq 3 , -.Xr au_to_socket 3 , -.Xr au_to_socket_ex_32 3 , -.Xr au_to_socket_ex_128 3 , .Xr au_to_sock_inet 3 , .Xr au_to_sock_inet32 3 , .Xr au_to_sock_inet128 3 , |