diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-09-21 07:07:33 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-09-21 07:07:33 +0000 |
commit | 6ade62ef2afbea80c3328785843dad2f6eccb547 (patch) | |
tree | d8cbcd817f462ac2e8bb8567321d9c82cf4cc2a8 /contrib/openbsm/libbsm | |
parent | 6de9769427311b73613a18cd83ce430bbb31b43d (diff) | |
parent | 3fc61fcaeb6c4f73a668795461e276064f449f38 (diff) | |
download | FreeBSD-src-6ade62ef2afbea80c3328785843dad2f6eccb547.zip FreeBSD-src-6ade62ef2afbea80c3328785843dad2f6eccb547.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r162503,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'contrib/openbsm/libbsm')
-rw-r--r-- | contrib/openbsm/libbsm/au_control.3 | 42 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/au_open.3 | 10 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_control.c | 341 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_io.c | 14 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/bsm_token.c | 3 | ||||
-rw-r--r-- | contrib/openbsm/libbsm/libbsm.3 | 15 |
6 files changed, 338 insertions, 87 deletions
diff --git a/contrib/openbsm/libbsm/au_control.3 b/contrib/openbsm/libbsm/au_control.3 index 0cd66f1..00a551e 100644 --- a/contrib/openbsm/libbsm/au_control.3 +++ b/contrib/openbsm/libbsm/au_control.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#3 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $ .\" .Dd April 19, 2005 .Dt AU_CONTROL 3 @@ -34,7 +34,10 @@ .Nm getacdir , .Nm getacmin , .Nm getacflg , -.Nm getacna +.Nm getacna , +.Nm getacpol , +.Nm au_poltostr +.Nm au_strtopol .Nd "Look up information from the audit_control database" .Sh LIBRARY .Lb libbsm @@ -52,6 +55,12 @@ .Fn getacflg "char *auditstr" "int len" .Ft int .Fn getacna "char *auditstr" "int len" +.Ft int +.Fn getacpol "char *auditstr" "size_t len" +.Ft ssize_t +.Fn au_poltostr "long policy" "size_t maxsize" "char *buf" +.Ft int +.Fn au_strtopol "const char *polstr" "long *policy" .Sh DESCRIPTION These interfaces may be used to look up information from the .Xr audit_control 5 @@ -90,15 +99,42 @@ returns the non-attributable flags via the passed character buffer .Va auditstr of length .Va len . +.Pp +.Fn getacpol +returns the audit policy flags via the passed character buffer +.Va auditstr +of length +.Va len . +.Pp +.Fn au_poltostr +converts a numeric audit policy mask, +.Va policy , +value to a string in the passed character buffer +.Va buf +of lenth +.Va maxsize . +.Pp +.Fn au_strtopol +converts an audit policy flags string, +.Va polstr , +to a numeric audit policy mask returned via +.Va policy . .Sh RETURN VALULES .Fn getacdir , .Fn getacmin , .Fn getacflg , +.Fn getacna , +.Fn getacpol , and -.Fn getacna +.Fn au_strtopol return 0 on success, or a negative value on failure, along with error information in .Va errno . +.Pp +.Fn au_poltostr +returns a string length of 0 or more on success, or a negative value on +if there is a failure. +.Pp Functions that return a string value will return a failure if there is insufficient room in the passed character buffer for the full string. .Sh SEE ALSO diff --git a/contrib/openbsm/libbsm/au_open.3 b/contrib/openbsm/libbsm/au_open.3 index 569940e..db9e9b3 100644 --- a/contrib/openbsm/libbsm/au_open.3 +++ b/contrib/openbsm/libbsm/au_open.3 @@ -23,16 +23,17 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#5 $ .\" .Dd March 4, 2006 .Dt AU_OPEN 3 .Os .Sh NAME -.Nm au_open , -.Nm au_write , .Nm au_close , -.Nm au_close_buffer +.Nm au_close_buffer , +.Nm au_close_token , +.Nm au_open , +.Nm au_write .Nd "Create and commit audit records" .Sh LIBRARY .Lb libbsm @@ -120,6 +121,7 @@ return 0 on success, or a negative value on failure, along with error information in .Va errno . .Sh SEE ALSO +.Xr audit_submit 3 , .Xr libbsm 3 .Sh AUTHORS This software was created by Robert Watson, Wayne Salamon, and Suresh diff --git a/contrib/openbsm/libbsm/bsm_control.c b/contrib/openbsm/libbsm/bsm_control.c index 438082b..ba643b2 100644 --- a/contrib/openbsm/libbsm/bsm_control.c +++ b/contrib/openbsm/libbsm/bsm_control.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2004 Apple Computer, Inc. + * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#13 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#15 $ */ #include <bsm/libbsm.h> @@ -37,9 +38,14 @@ #include <stdio.h> #include <stdlib.h> +#include <config/config.h> +#ifndef HAVE_STRLCAT +#include <compat/strlcat.h> +#endif + /* * Parse the contents of the audit_control file to return the audit control - * parameters. + * parameters. These static fields are protected by 'mutex'. */ static FILE *fp = NULL; static char linestr[AU_LINE_MAX]; @@ -98,21 +104,223 @@ getstrfromtype_locked(char *name, char **str) } /* + * Convert a policy to a string. Return -1 on failure, or >= 0 representing + * the actual size of the string placed in the buffer (excluding terminating + * nul). + */ +ssize_t +au_poltostr(long policy, size_t maxsize, char *buf) +{ + int first; + + if (maxsize < 1) + return (-1); + first = 1; + buf[0] = '\0'; + + if (policy & AUDIT_CNT) { + if (strlcat(buf, "cnt", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_AHLT) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "ahlt", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_ARGV) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "argv", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_ARGE) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "arge", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_SEQ) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "seq", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_WINDATA) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "windata", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_USER) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "user", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_GROUP) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "group", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_TRAIL) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "trail", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_PATH) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "path", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_SCNT) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "scnt", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_PUBLIC) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "public", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_ZONENAME) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "zonename", maxsize) >= maxsize) + return (-1); + first = 0; + } + if (policy & AUDIT_PERZONE) { + if (!first) { + if (strlcat(buf, ",", maxsize) >= maxsize) + return (-1); + } + if (strlcat(buf, "perzone", maxsize) >= maxsize) + return (-1); + first = 0; + } + return (strlen(buf)); +} + +/* + * Convert a string to a policy. Return -1 on failure (with errno EINVAL, + * ENOMEM) or 0 on success. + */ +int +au_strtopol(const char *polstr, long *policy) +{ + char *bufp, *string; + char *buffer; + + *policy = 0; + buffer = strdup(polstr); + if (buffer == NULL) + return (-1); + + bufp = buffer; + while ((string = strsep(&bufp, ",")) != NULL) { + if (strcmp(string, "cnt") == 0) + *policy |= AUDIT_CNT; + else if (strcmp(string, "ahlt") == 0) + *policy |= AUDIT_AHLT; + else if (strcmp(string, "argv") == 0) + *policy |= AUDIT_ARGV; + else if (strcmp(string, "arge") == 0) + *policy |= AUDIT_ARGE; + else if (strcmp(string, "seq") == 0) + *policy |= AUDIT_SEQ; + else if (strcmp(string, "winau_fstat") == 0) + *policy |= AUDIT_WINDATA; + else if (strcmp(string, "user") == 0) + *policy |= AUDIT_USER; + else if (strcmp(string, "group") == 0) + *policy |= AUDIT_GROUP; + else if (strcmp(string, "trail") == 0) + *policy |= AUDIT_TRAIL; + else if (strcmp(string, "path") == 0) + *policy |= AUDIT_PATH; + else if (strcmp(string, "scnt") == 0) + *policy |= AUDIT_SCNT; + else if (strcmp(string, "public") == 0) + *policy |= AUDIT_PUBLIC; + else if (strcmp(string, "zonename") == 0) + *policy |= AUDIT_ZONENAME; + else if (strcmp(string, "perzone") == 0) + *policy |= AUDIT_PERZONE; + else { + free(buffer); + errno = EINVAL; + return (-1); + } + } + free(buffer); + return (0); +} + +/* * Rewind the file pointer to beginning. */ -void -setac(void) +static void +setac_locked(void) { - pthread_mutex_lock(&mutex); ptrmoved = 1; if (fp != NULL) fseek(fp, 0, SEEK_SET); +} + +void +setac(void) +{ + + pthread_mutex_lock(&mutex); + setac_locked(); pthread_mutex_unlock(&mutex); } /* - * Close the audit_control file + * Close the audit_control file. */ void endac(void) @@ -136,72 +344,54 @@ getacdir(char *name, int len) char *dir; int ret = 0; - if (name == NULL) { - errno = EINVAL; - return (-2); - } - - pthread_mutex_lock(&mutex); - /* - * Check if another function was called between - * successive calls to getacdir + * Check if another function was called between successive calls to + * getacdir. */ + pthread_mutex_lock(&mutex); if (inacdir && ptrmoved) { ptrmoved = 0; if (fp != NULL) fseek(fp, 0, SEEK_SET); ret = 2; } - - if (getstrfromtype_locked(DIR_CONTROL_ENTRY, &dir) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - - pthread_mutex_unlock(&mutex); - - if (dir == NULL) + if (dir == NULL) { + pthread_mutex_unlock(&mutex); return (-1); - - if (strlen(dir) >= len) + } + if (strlen(dir) >= len) { + pthread_mutex_unlock(&mutex); return (-3); - + } strcpy(name, dir); - + pthread_mutex_unlock(&mutex); return (ret); } /* - * Return the minimum free diskspace value from the audit control file + * Return the minimum free diskspace value from the audit control file. */ int getacmin(int *min_val) { char *min; - setac(); - - if (min_val == NULL) { - errno = EINVAL; - return (-2); - } - pthread_mutex_lock(&mutex); - + setac_locked(); if (getstrfromtype_locked(MINFREE_CONTROL_ENTRY, &min) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - - pthread_mutex_unlock(&mutex); - - if (min == NULL) + if (min == NULL) { + pthread_mutex_unlock(&mutex); return (1); - + } *min_val = atoi(min); - + pthread_mutex_unlock(&mutex); return (0); } @@ -213,30 +403,22 @@ getacflg(char *auditstr, int len) { char *str; - setac(); - - if (auditstr == NULL) { - errno = EINVAL; - return (-2); - } - pthread_mutex_lock(&mutex); - + setac_locked(); if (getstrfromtype_locked(FLAGS_CONTROL_ENTRY, &str) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - - pthread_mutex_unlock(&mutex); - - if (str == NULL) + if (str == NULL) { + pthread_mutex_unlock(&mutex); return (1); - - if (strlen(str) >= len) + } + if (strlen(str) >= len) { + pthread_mutex_unlock(&mutex); return (-3); - + } strcpy(auditstr, str); - + pthread_mutex_unlock(&mutex); return (0); } @@ -248,28 +430,47 @@ getacna(char *auditstr, int len) { char *str; - setac(); - - if (auditstr == NULL) { - errno = EINVAL; - return (-2); - } - pthread_mutex_lock(&mutex); - + setac_locked(); if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) { pthread_mutex_unlock(&mutex); return (-2); } - pthread_mutex_unlock(&mutex); - - if (str == NULL) + if (str == NULL) { + pthread_mutex_unlock(&mutex); return (1); - - if (strlen(str) >= len) + } + if (strlen(str) >= len) { + pthread_mutex_unlock(&mutex); return (-3); - + } strcpy(auditstr, str); + return (0); +} + +/* + * Return the policy field from the audit control file. + */ +int +getacpol(char *auditstr, size_t len) +{ + char *str; + pthread_mutex_lock(&mutex); + setac_locked(); + if (getstrfromtype_locked(POLICY_CONTROL_ENTRY, &str) < 0) { + pthread_mutex_unlock(&mutex); + return (-2); + } + if (str == NULL) { + pthread_mutex_unlock(&mutex); + return (-1); + } + if (strlen(str) >= len) { + pthread_mutex_unlock(&mutex); + return (-3); + } + strcpy(auditstr, str); + pthread_mutex_unlock(&mutex); return (0); } diff --git a/contrib/openbsm/libbsm/bsm_io.c b/contrib/openbsm/libbsm/bsm_io.c index 30639e6..2587735 100644 --- a/contrib/openbsm/libbsm/bsm_io.c +++ b/contrib/openbsm/libbsm/bsm_io.c @@ -31,7 +31,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#40 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#41 $ */ #include <sys/types.h> @@ -1190,7 +1190,8 @@ fetch_execarg_tok(tokenstr_t *tok, char *buf, int len) for (i = 0; i < tok->tt.execarg.count; i++) { bptr = buf + tok->len; - tok->tt.execarg.text[i] = bptr; + if (i < AUDIT_MAX_ARGS) + tok->tt.execarg.text[i] = bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { @@ -1202,6 +1203,8 @@ fetch_execarg_tok(tokenstr_t *tok, char *buf, int len) return (-1); tok->len++; /* \0 character */ } + if (tok->tt.execarg.count > AUDIT_MAX_ARGS) + tok->tt.execarg.count = AUDIT_MAX_ARGS; return (0); } @@ -1235,9 +1238,10 @@ fetch_execenv_tok(tokenstr_t *tok, char *buf, int len) if (err) return (-1); - for (i = 0; i< tok->tt.execenv.count; i++) { + for (i = 0; i < tok->tt.execenv.count; i++) { bptr = buf + tok->len; - tok->tt.execenv.text[i] = bptr; + if (i < AUDIT_MAX_ENV) + tok->tt.execenv.text[i] = bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { @@ -1249,6 +1253,8 @@ fetch_execenv_tok(tokenstr_t *tok, char *buf, int len) return (-1); tok->len++; /* \0 character */ } + if (tok->tt.execenv.count > AUDIT_MAX_ENV) + tok->tt.execenv.count = AUDIT_MAX_ENV; return (0); } diff --git a/contrib/openbsm/libbsm/bsm_token.c b/contrib/openbsm/libbsm/bsm_token.c index f90cbc9..fecbeb8 100644 --- a/contrib/openbsm/libbsm/bsm_token.c +++ b/contrib/openbsm/libbsm/bsm_token.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#51 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#52 $ */ #include <sys/types.h> @@ -71,7 +71,6 @@ #include <string.h> #include <stdlib.h> #include <unistd.h> -#include <sys/socketvar.h> #include <bsm/audit_internal.h> #include <bsm/libbsm.h> diff --git a/contrib/openbsm/libbsm/libbsm.3 b/contrib/openbsm/libbsm/libbsm.3 index df0c3c1..3d9aadd 100644 --- a/contrib/openbsm/libbsm/libbsm.3 +++ b/contrib/openbsm/libbsm/libbsm.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#5 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#7 $ .\" .Dd April 19, 2005 .Dt LIBBSM 3 @@ -55,15 +55,18 @@ These are described respectively in the .Xr au_notify 3 , .Xr au_stream 3 , .Xr au_token 3 , +and .Xr au_user 3 -man pages. +manual pages. .Ss Audit Event Stream Interfaces Audit event stream interfaces support interaction with file-backed audit event streams: -.Xr au_close 3 . +.Xr au_close 3 , +.Xr au_close_buffer 3 , .Xr au_free_token 3 , .Xr au_open 3 , .Xr au_write 3 , +.Xr audit_submit 3 . .Ss Audit Class Interfaces Audit class interfaces support the look up of information from the .Xr audit_class 5 @@ -83,7 +86,10 @@ database: .Xr getacdir 3 , .Xr getacflg 3 , .Xr getacmin 3 , -.Xr getacna 3 . +.Xr getacna 3 , +.Xr getacpol 3 , +.Xr au_poltostr 3 , +.Xr au_strtopol 3 . .Ss Audit Event Interfaces Audit event interfaces support the look up of information from the .Xr audit_event 5 @@ -188,6 +194,7 @@ database: .Xr au_stream 3 , .Xr au_token 3 , .Xr au_user 3 , +.Xr audit_submit 3 , .Xr audit_class 5 , .Xr audit_control 5 .Sh AUTHORS |