diff options
author | rwatson <rwatson@FreeBSD.org> | 2009-07-17 14:02:20 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2009-07-17 14:02:20 +0000 |
commit | d77b22ca313fa4061782d2b1677a768149593534 (patch) | |
tree | fc91db2745125763dc9c10e7aaf733fcd80c2d95 /sys/security | |
parent | 88f8de4d4001c74946458579ca0710df70161c90 (diff) | |
download | FreeBSD-src-d77b22ca313fa4061782d2b1677a768149593534.zip FreeBSD-src-d77b22ca313fa4061782d2b1677a768149593534.tar.gz |
Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:
- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
error number space.
MFC after: 3 weeks
Obtained from: TrustedBSD Project
Sponsored by: Apple, Inc.
Approved by: re (kib)
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/audit/audit_bsm_errno.c | 100 | ||||
-rw-r--r-- | sys/security/audit/audit_bsm_token.c | 29 |
2 files changed, 121 insertions, 8 deletions
diff --git a/sys/security/audit/audit_bsm_errno.c b/sys/security/audit/audit_bsm_errno.c index ccca41e..efbc866 100644 --- a/sys/security/audit/audit_bsm_errno.c +++ b/sys/security/audit/audit_bsm_errno.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#17 + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18 */ #include <sys/cdefs.h> @@ -455,6 +455,104 @@ static const struct bsm_errno bsm_errnos[] = { { BSM_ERRNO_EINPROGRESS, EINPROGRESS, ES("Operation now in progress") }, { BSM_ERRNO_ESTALE, ESTALE, ES("Stale NFS file handle") }, + { BSM_ERRNO_EPROCLIM, +#ifdef EPROCLIM + EPROCLIM, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Too many processes") }, + { BSM_ERRNO_EBADRPC, +#ifdef EBADRPC + EBADRPC, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("RPC struct is bad") }, + { BSM_ERRNO_ERPCMISMATCH, +#ifdef ERPCMISMATCH + ERPCMISMATCH, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("RPC version wrong") }, + { BSM_ERRNO_EPROGUNAVAIL, +#ifdef EPROGUNAVAIL + EPROGUNAVAIL, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("RPC prog. not avail") }, + { BSM_ERRNO_EPROGMISMATCH, +#ifdef EPROGMISMATCH + EPROGMISMATCH, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("RPC version wrong") }, + { BSM_ERRNO_EPROCUNAVAIL, +#ifdef EPROCUNAVAIL + EPROCUNAVAIL, +#else + ERRNO_NO_LOCAL_MAPPING +#endif + ES("Bad procedure for program") }, + { BSM_ERRNO_EFTYPE, +#ifdef EFTYPE + EFTYPE, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Inappropriate file type or format") }, + { BSM_ERRNO_EAUTH, +#ifdef EAUTH + EAUTH, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Authenticateion error") }, + { BSM_ERRNO_ENEEDAUTH, +#ifdef ENEEDAUTH + ENEEDAUTH, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Need authenticator") }, + { BSM_ERRNO_ENOATTR, +#ifdef ENOATTR + ENOATTR, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Attribute not found") }, + { BSM_ERRNO_EDOOFUS, +#ifdef EDOOFUS + EDOOFUS, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Programming error") }, + { BSM_ERRNO_EJUSTRETURN, +#ifdef EJUSTRETURN + EJUSTRETURN, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Just return") }, + { BSM_ERRNO_ENOIOCTL, +#ifdef ENOIOCTL + ENOIOCTL, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("ioctl not handled by this layer") }, + { BSM_ERRNO_EDIRIOCTL, +#ifdef EDIRIOCTL + EDIRIOCTL, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("do direct ioctl in GEOM") }, { BSM_ERRNO_EPWROFF, #ifdef EPWROFF EPWROFF, diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c index 131abf5..5523ea4 100644 --- a/sys/security/audit/audit_bsm_token.c +++ b/sys/security/audit/audit_bsm_token.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#91 + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 */ #include <sys/cdefs.h> @@ -930,7 +930,7 @@ kau_to_socket(struct socket_au_info *soi) /* * token ID 1 byte * socket family 2 bytes - * path 104 bytes + * path (up to) 104 bytes + NULL (NULL terminated string) */ token_t * au_to_sock_unix(struct sockaddr_un *so) @@ -1188,12 +1188,27 @@ token_t * au_to_me(void) { auditinfo_t auinfo; + auditinfo_addr_t aia; - if (getaudit(&auinfo) != 0) - return (NULL); - - return (au_to_subject32(auinfo.ai_auid, geteuid(), getegid(), - getuid(), getgid(), getpid(), auinfo.ai_asid, &auinfo.ai_termid)); + /* + * Try to use getaudit_addr(2) first. If this kernel does not support + * it, then fall back on to getaudit(2). + */ + if (getaudit_addr(&aia, sizeof(aia)) != 0) { + if (errno == ENOSYS) { + if (getaudit(&auinfo) != 0) + return (NULL); + return (au_to_subject32(auinfo.ai_auid, geteuid(), + getegid(), getuid(), getgid(), getpid(), + auinfo.ai_asid, &auinfo.ai_termid)); + } else { + /* getaudit_addr(2) failed for some other reason. */ + return (NULL); + } + } + + return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), + getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); } #endif |