summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/bsm/audit_errno.h2
-rw-r--r--sys/bsm/audit_internal.h4
-rw-r--r--sys/bsm/audit_record.h2
-rw-r--r--sys/security/audit/audit_bsm_errno.c8
-rw-r--r--sys/security/audit/audit_bsm_token.c59
5 files changed, 64 insertions, 11 deletions
diff --git a/sys/bsm/audit_errno.h b/sys/bsm/audit_errno.h
index 8b78199..d5a375f 100644
--- a/sys/bsm/audit_errno.h
+++ b/sys/bsm/audit_errno.h
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#7
* $FreeBSD$
*/
diff --git a/sys/bsm/audit_internal.h b/sys/bsm/audit_internal.h
index b25c47f..8ba611f 100644
--- a/sys/bsm/audit_internal.h
+++ b/sys/bsm/audit_internal.h
@@ -15,7 +15,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ * 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
@@ -30,7 +30,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#6
* $FreeBSD$
*/
diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h
index 9d6be04..706c6f3 100644
--- a/sys/bsm/audit_record.h
+++ b/sys/bsm/audit_record.h
@@ -234,6 +234,7 @@ token_t *au_to_ipc_perm(struct ipc_perm *perm);
token_t *au_to_iport(uint16_t iport);
token_t *au_to_opaque(const char *data, uint16_t bytes);
token_t *au_to_path(const char *path);
+token_t *au_to_privset(char *privtypestr, char *privstr);
token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
@@ -279,6 +280,7 @@ token_t *au_to_exec_env(char **envp);
token_t *au_to_text(const char *text);
token_t *au_to_kevent(struct kevent *kev);
token_t *au_to_trailer(int rec_size);
+token_t *au_to_upriv(char sorf, char *priv);
token_t *au_to_zonename(const char *zonename);
/*
diff --git a/sys/security/audit/audit_bsm_errno.c b/sys/security/audit/audit_bsm_errno.c
index c7aa9af..e2e1961 100644
--- a/sys/security/audit/audit_bsm_errno.c
+++ b/sys/security/audit/audit_bsm_errno.c
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#22
*/
#include <sys/cdefs.h>
@@ -494,7 +494,7 @@ static const struct bsm_errno bsm_errnos[] = {
#ifdef EPROCUNAVAIL
EPROCUNAVAIL,
#else
- ERRNO_NO_LOCAL_MAPPING
+ ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Bad procedure for program") },
{ BSM_ERRNO_EFTYPE,
@@ -666,7 +666,7 @@ static const struct bsm_errno bsm_errnos[] = {
#endif
ES("Required key not available") },
{ BSM_ERRNO_EKEYEXPIRED,
-#ifdef EKEEXPIRED
+#ifdef EKEYEXPIRED
EKEYEXPIRED,
#else
ERRNO_NO_LOCAL_MAPPING,
@@ -680,7 +680,7 @@ static const struct bsm_errno bsm_errnos[] = {
#endif
ES("Key has been revoked") },
{ BSM_ERRNO_EKEYREJECTED,
-#ifdef EKEREJECTED
+#ifdef EKEYREJECTED
EKEYREJECTED,
#else
ERRNO_NO_LOCAL_MAPPING,
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c
index a050df1..6d0d67f 100644
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99
*/
#include <sys/cdefs.h>
@@ -68,6 +68,57 @@ __FBSDID("$FreeBSD$");
/*
* token ID 1 byte
+ * success/failure 1 byte
+ * privstrlen 2 bytes
+ * privstr N bytes + 1 (\0 byte)
+ */
+token_t *
+au_to_upriv(char sorf, char *priv)
+{
+ u_int16_t textlen;
+ u_char *dptr;
+ token_t *t;
+
+ textlen = strlen(priv) + 1;
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) +
+ sizeof(u_int16_t) + textlen);
+
+ ADD_U_CHAR(dptr, AUT_UPRIV);
+ ADD_U_CHAR(dptr, sorf);
+ ADD_U_INT16(dptr, textlen);
+ ADD_STRING(dptr, priv, textlen);
+ return (t);
+}
+
+/*
+ * token ID 1 byte
+ * privtstrlen 2 bytes
+ * privtstr N bytes + 1
+ * privstrlen 2 bytes
+ * privstr N bytes + 1
+ */
+token_t *
+au_to_privset(char *privtypestr, char *privstr)
+{
+ u_int16_t type_len, priv_len;
+ u_char *dptr;
+ token_t *t;
+
+ type_len = strlen(privtypestr) + 1;
+ priv_len = strlen(privstr) + 1;
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
+ sizeof(u_int16_t) + type_len + priv_len);
+
+ ADD_U_CHAR(dptr, AUT_PRIV);
+ ADD_U_INT16(dptr, type_len);
+ ADD_STRING(dptr, privtypestr, type_len);
+ ADD_U_INT16(dptr, priv_len);
+ ADD_STRING(dptr, privstr, priv_len);
+ return (t);
+}
+
+/*
+ * token ID 1 byte
* argument # 1 byte
* argument value 4 bytes/8 bytes (32-bit/64-bit value)
* text length 2 bytes
@@ -1204,9 +1255,9 @@ au_to_me(void)
auinfo.ai_asid, &auinfo.ai_termid));
} else {
/* getaudit_addr(2) failed for some other reason. */
- return (NULL);
+ return (NULL);
}
- }
+ }
return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
getgid(), getpid(), aia.ai_asid, &aia.ai_termid));
@@ -1438,7 +1489,7 @@ au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
ADD_U_INT32(dptr, tm.tv_sec);
ADD_U_INT32(dptr, timems); /* We need time in ms. */
- return (t);
+ return (t);
}
token_t *
OpenPOWER on IntegriCloud