diff options
106 files changed, 2881 insertions, 904 deletions
diff --git a/contrib/openbsm/INSTALL b/contrib/openbsm/INSTALL index 7afd1f9..c2eac44 100644 --- a/contrib/openbsm/INSTALL +++ b/contrib/openbsm/INSTALL @@ -9,6 +9,12 @@ support are built conditionally. Typically, build will be performed using: ./configure make +If doing development work on OpenBSM with gcc, the following invocation of +configure may be preferred in order to generate full compiler warnings and +force the compile to fail if a warning is found: + + CFLAGS="-Wall -Werror" ./configure + To install, use: make install diff --git a/contrib/openbsm/NEWS b/contrib/openbsm/NEWS index fb799c2..aeafc8c 100644 --- a/contrib/openbsm/NEWS +++ b/contrib/openbsm/NEWS @@ -1,5 +1,24 @@ OpenBSM Version History +OpenBSM 1.1 alpha 5 + +- Stub libauditd(3) man page added. +- All BSM error number constants with BSM_ERRNO_. +- Interfaces to convert between local and BSM socket types and protocol + families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3), + au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions + of constants in audit_domain.h and audit_socket_type.h. This improves + interoperability by converting local constant spaces, which vary by OS, to + and from Solaris constants (where available) or OpenBSM constants for + protocol domains not present in Solaris (a fair number). These routines + should be used when generating and interpreting extended socket tokens. +- Fix build warnings with full gcc warnings enabled on most supported + platforms. +- Don't compile error strings into bsm_errno.c when building it in the kernel + environment. +- When started by launchd, use the label com.apple.auditd rather than + org.trustedbsd.auditd. + OpenBSM 1.1 alpha 4 - With the addition of BSM error number mapping, we also need to map the @@ -393,4 +412,4 @@ OpenBSM 1.0 alpha 1 to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/NEWS#21 $ +$P4: //depot/projects/trustedbsd/openbsm/NEWS#27 $ diff --git a/contrib/openbsm/VERSION b/contrib/openbsm/VERSION index 4889c15..eb86d90 100644 --- a/contrib/openbsm/VERSION +++ b/contrib/openbsm/VERSION @@ -1 +1 @@ -OPENBSM_1_1_ALPHA_4 +OPENBSM_1_1_ALPHA_5 diff --git a/contrib/openbsm/bin/auditd/auditd.8 b/contrib/openbsm/bin/auditd/auditd.8 index 49cf9ea..d680edd 100644 --- a/contrib/openbsm/bin/auditd/auditd.8 +++ b/contrib/openbsm/bin/auditd/auditd.8 @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#16 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#17 $ .\" .Dd December 11, 2008 .Dt AUDITD 8 @@ -115,6 +115,7 @@ and are no longer available as arguments to .Nm . .Sh SEE ALSO .Xr asl 3 , +.Xr libauditd 3 , .Xr audit 4 , .Xr audit_class 5 , .Xr audit_control 5 , diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c index 316402a..20300c1 100644 --- a/contrib/openbsm/bin/auditd/auditd.c +++ b/contrib/openbsm/bin/auditd/auditd.c @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#40 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#41 $ */ #include <sys/types.h> @@ -252,7 +252,7 @@ do_trail_file(void) */ err = auditd_read_dirs(audit_warn_soft, audit_warn_hard); if (err) { - auditd_log_err("auditd_read_dirs() %s: %m", + auditd_log_err("auditd_read_dirs(): %s", auditd_strerror(err)); if (err == ADE_HARDLIM) audit_warn_allhard(); diff --git a/contrib/openbsm/bin/auditd/auditd_darwin.c b/contrib/openbsm/bin/auditd/auditd_darwin.c index 55d79f4..fbf99d8 100644 --- a/contrib/openbsm/bin/auditd/auditd_darwin.c +++ b/contrib/openbsm/bin/auditd/auditd_darwin.c @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#2 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#3 $ */ #include <sys/types.h> @@ -83,7 +83,7 @@ static int max_idletime = 0; #endif /* __BSM_INTERNAL_NOTIFY_KEY */ #ifndef __AUDIT_LAUNCHD_LABEL -#define __AUDIT_LAUNCHD_LABEL "org.trustedbsd.auditd" +#define __AUDIT_LAUNCHD_LABEL "com.apple.auditd" #endif /* __AUDIT_LAUNCHD_LABEL */ #define MAX_MSG_SIZE 4096 @@ -100,7 +100,7 @@ auditd_openlog(int debug, gid_t gid) if (debug) opt = ASL_OPT_STDERR; - au_aslclient = asl_open("auditd", "org.trustedbsd.auditd", opt); + au_aslclient = asl_open("auditd", "com.apple.auditd", opt); au_aslmsg = asl_new(ASL_TYPE_MSG); #ifdef ASL_KEY_READ_UID diff --git a/contrib/openbsm/bin/auditd/auditd_fbsd.c b/contrib/openbsm/bin/auditd/auditd_fbsd.c index 945e6d2..ea2a090 100644 --- a/contrib/openbsm/bin/auditd/auditd_fbsd.c +++ b/contrib/openbsm/bin/auditd/auditd_fbsd.c @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#1 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#2 $ */ #include <sys/types.h> @@ -35,9 +35,11 @@ #include <errno.h> #include <fcntl.h> +#include <stdarg.h> #include <signal.h> +#include <string.h> #include <syslog.h> -#include <stdarg.h> +#include <unistd.h> #include <bsm/audit.h> #include <bsm/audit_uevents.h> diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.c b/contrib/openbsm/bin/auditreduce/auditreduce.c index 2158525..0faadda 100644 --- a/contrib/openbsm/bin/auditreduce/auditreduce.c +++ b/contrib/openbsm/bin/auditreduce/auditreduce.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#29 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#31 $ */ /* @@ -41,6 +41,9 @@ */ #include <config/config.h> + +#define _GNU_SOURCE /* Required for strptime() on glibc2. */ + #ifdef HAVE_FULL_QUEUE_H #include <sys/queue.h> #else diff --git a/contrib/openbsm/bsm/auditd_lib.h b/contrib/openbsm/bsm/auditd_lib.h index 77acff7..7c6ab40 100644 --- a/contrib/openbsm/bsm/auditd_lib.h +++ b/contrib/openbsm/bsm/auditd_lib.h @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#2 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#3 $ */ #ifndef _BSM_AUDITD_LIB_H_ @@ -57,7 +57,7 @@ * Path of auditd plist file for launchd. */ #define AUDITD_PLIST_FILE \ - "/System/Library/LaunchDaemons/org.trustedbsd.auditd.plist" + "/System/Library/LaunchDaemons/com.apple.auditd.plist" /* * Error return codes for auditd_lib functions. diff --git a/contrib/openbsm/bsm/libbsm.h b/contrib/openbsm/bsm/libbsm.h index ba96e9d..4e74f57 100644 --- a/contrib/openbsm/bsm/libbsm.h +++ b/contrib/openbsm/bsm/libbsm.h @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#40 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#41 $ */ #ifndef _LIBBSM_H_ @@ -821,14 +821,22 @@ void au_print_tok_xml(FILE *outfp, tokenstr_t *tok, */ void au_print_xml_header(FILE *outfp); void au_print_xml_footer(FILE *outfp); -__END_DECLS /* - * Functions relating to BSM<->errno conversion. + * BSM library routines for converting between local and BSM constant spaces. + * (Note: some of these are replicated in audit_record.h for the benefit of + * the FreeBSD and Mac OS X kernels) */ -int au_bsm_to_errno(u_char bsm_error, int *errorp); -u_char au_errno_to_bsm(int error); -const char *au_strerror(u_char bsm_error); +int au_bsm_to_domain(u_short bsm_domain, int *local_domainp); +int au_bsm_to_errno(u_char bsm_error, int *errorp); +int au_bsm_to_socket_type(u_short bsm_socket_type, + int *local_socket_typep); +u_short au_domain_to_bsm(int local_domain); +u_char au_errno_to_bsm(int local_errno); +u_short au_socket_type_to_bsm(int local_socket_type); + +const char *au_strerror(u_char bsm_error); +__END_DECLS /* * The remaining APIs are associated with Apple's BSM implementation, in diff --git a/contrib/openbsm/configure b/contrib/openbsm/configure index 1a68735..073b507 100755 --- a/contrib/openbsm/configure +++ b/contrib/openbsm/configure @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#47 . +# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#49 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for OpenBSM 1.1alpha4. +# Generated by GNU Autoconf 2.61 for OpenBSM 1.1alpha5. # # Report bugs to <trustedbsd-audit@TrustesdBSD.org>. # @@ -729,8 +729,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='OpenBSM' PACKAGE_TARNAME='openbsm' -PACKAGE_VERSION='1.1alpha4' -PACKAGE_STRING='OpenBSM 1.1alpha4' +PACKAGE_VERSION='1.1alpha5' +PACKAGE_STRING='OpenBSM 1.1alpha5' PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org' ac_unique_file="bin/auditreduce/auditreduce.c" @@ -1404,7 +1404,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenBSM 1.1alpha4 to adapt to many kinds of systems. +\`configure' configures OpenBSM 1.1alpha5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1474,7 +1474,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenBSM 1.1alpha4:";; + short | recursive ) echo "Configuration of OpenBSM 1.1alpha5:";; esac cat <<\_ACEOF @@ -1580,7 +1580,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -OpenBSM configure 1.1alpha4 +OpenBSM configure 1.1alpha5 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1594,7 +1594,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenBSM $as_me 1.1alpha4, which was +It was created by OpenBSM $as_me 1.1alpha5, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -19076,7 +19076,7 @@ fi # Define the identity of the package. PACKAGE=OpenBSM - VERSION=1.1alpha4 + VERSION=1.1alpha5 cat >>confdefs.h <<_ACEOF @@ -23584,7 +23584,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by OpenBSM $as_me 1.1alpha4, which was +This file was extended by OpenBSM $as_me 1.1alpha5, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23637,7 +23637,7 @@ Report bugs to <bug-autoconf@gnu.org>." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -OpenBSM config.status 1.1alpha4 +OpenBSM config.status 1.1alpha5 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff --git a/contrib/openbsm/configure.ac b/contrib/openbsm/configure.ac index 9447684..8ec6558 100644 --- a/contrib/openbsm/configure.ac +++ b/contrib/openbsm/configure.ac @@ -2,8 +2,8 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([OpenBSM], [1.1alpha4], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) -AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#48 $]) +AC_INIT([OpenBSM], [1.1alpha5], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) +AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#49 $]) AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_HEADER([config/config.h]) diff --git a/contrib/openbsm/libauditd/Makefile.am b/contrib/openbsm/libauditd/Makefile.am index 6fab267..2459cdf 100644 --- a/contrib/openbsm/libauditd/Makefile.am +++ b/contrib/openbsm/libauditd/Makefile.am @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/libauditd/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/libauditd/Makefile.am#2 $ # if USE_NATIVE_INCLUDES @@ -13,5 +13,5 @@ lib_LTLIBRARIES = libauditd.la libauditd_la_SOURCES = \ auditd_lib.c -#man3_MANS = \ -# libauditd.3 +man3_MANS = \ + libauditd.3 diff --git a/contrib/openbsm/libauditd/Makefile.in b/contrib/openbsm/libauditd/Makefile.in index 561e78f..0881e22 100644 --- a/contrib/openbsm/libauditd/Makefile.in +++ b/contrib/openbsm/libauditd/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/libauditd/Makefile.in#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/libauditd/Makefile.in#2 $ # VPATH = @srcdir@ @@ -51,7 +51,7 @@ am__vpath_adj = case $$p in \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(libdir)" +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) libauditd_la_LIBADD = @@ -71,6 +71,9 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libauditd_la_SOURCES) DIST_SOURCES = $(libauditd_la_SOURCES) +man3dir = $(mandir)/man3 +NROFF = nroff +MANS = $(man3_MANS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -188,6 +191,9 @@ lib_LTLIBRARIES = libauditd.la libauditd_la_SOURCES = \ auditd_lib.c +man3_MANS = \ + libauditd.3 + all: all-am .SUFFIXES: @@ -285,6 +291,51 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +install-man3: $(man3_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" + @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.3*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 3*) ;; \ + *) ext='3' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ + done +uninstall-man3: + @$(NORMAL_UNINSTALL) + @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.3*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 3*) ;; \ + *) ext='3' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ + rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ + done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -362,9 +413,9 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am -all-am: Makefile $(LTLIBRARIES) +all-am: Makefile $(LTLIBRARIES) $(MANS) installdirs: - for dir in "$(DESTDIR)$(libdir)"; do \ + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -412,7 +463,7 @@ info: info-am info-am: -install-data-am: +install-data-am: install-man install-dvi: install-dvi-am @@ -422,7 +473,7 @@ install-html: install-html-am install-info: install-info-am -install-man: +install-man: install-man3 install-pdf: install-pdf-am @@ -448,7 +499,9 @@ ps: ps-am ps-am: -uninstall-am: uninstall-libLTLIBRARIES +uninstall-am: uninstall-libLTLIBRARIES uninstall-man + +uninstall-man: uninstall-man3 .MAKE: install-am install-strip @@ -459,16 +512,14 @@ uninstall-am: uninstall-libLTLIBRARIES install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am \ - install-libLTLIBRARIES install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ + install-libLTLIBRARIES install-man install-man3 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-libLTLIBRARIES - + tags uninstall uninstall-am uninstall-libLTLIBRARIES \ + uninstall-man uninstall-man3 -#man3_MANS = \ -# libauditd.3 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/contrib/openbsm/libauditd/auditd_lib.c b/contrib/openbsm/libauditd/auditd_lib.c index d3bee65..d19d174 100644 --- a/contrib/openbsm/libauditd/auditd_lib.c +++ b/contrib/openbsm/libauditd/auditd_lib.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#1 $ + * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#2 $ */ #include <sys/param.h> @@ -823,7 +823,7 @@ audit_quick_stop(void) */ if (auditon(A_GETCOND, &cond, sizeof(cond)) < 0) return (-1); - if (cond == AUC_DISABLED) + if (cond == AUC_NOAUDIT) return (0); /* diff --git a/contrib/openbsm/libauditd/libauditd.3 b/contrib/openbsm/libauditd/libauditd.3 new file mode 100644 index 0000000..0fece29 --- /dev/null +++ b/contrib/openbsm/libauditd/libauditd.3 @@ -0,0 +1,60 @@ +.\"- +.\" Copyright (c) 2008 Apple Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of +.\" its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR +.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/trustedbsd/openbsm/libauditd/libauditd.3#1 $ +.\" +.Dd December 27, 2008 +.Dt LIBAUDITD 3 +.Os +.Sh NAME +.Nm libauditd +.Nd "auditd support library" +.Sh LIBRARY +.Lb libauditd +.Sh DESCRIPTION +The +.Nm +library provides the internal implementation of +.Xr auditd 8 . +.Sh INTERFACES +There are no public interfaces in +.Nm . +.Sh SEE ALSO +.Xr auditd 8 . +.Sh HISTORY +The OpenBSM implementation was created by McAfee Research, the security +division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. +It was subsequently adopted by the TrustedBSD Project as the foundation for +the OpenBSM distribution. +.Sh AUTHORS +.An -nosplit +This software was created by +.An Stacey Son . +.Pp +The Basic Security Module (BSM) interface to audit records and audit event +stream format were defined by Sun Microsystems. diff --git a/contrib/openbsm/libbsm/Makefile.am b/contrib/openbsm/libbsm/Makefile.am index b2f1e5c..d7e0652 100644 --- a/contrib/openbsm/libbsm/Makefile.am +++ b/contrib/openbsm/libbsm/Makefile.am @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#7 $ +# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#8 $ # if USE_NATIVE_INCLUDES @@ -14,11 +14,13 @@ libbsm_la_SOURCES = \ bsm_audit.c \ bsm_class.c \ bsm_control.c \ + bsm_domain.c \ bsm_errno.c \ bsm_event.c \ bsm_flags.c \ bsm_io.c \ bsm_mask.c \ + bsm_socket_type.c \ bsm_token.c \ bsm_user.c @@ -31,12 +33,14 @@ endif man3_MANS = \ au_class.3 \ au_control.3 \ + au_domain.3 \ au_errno.3 \ au_event.3 \ au_free_token.3 \ au_io.3 \ au_mask.3 \ au_open.3 \ + au_socket_type.3 \ au_token.3 \ au_user.3 \ libbsm.3 diff --git a/contrib/openbsm/libbsm/Makefile.in b/contrib/openbsm/libbsm/Makefile.in index ffd354d..4d6c847 100644 --- a/contrib/openbsm/libbsm/Makefile.in +++ b/contrib/openbsm/libbsm/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#12 $ +# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#13 $ # VPATH = @srcdir@ @@ -60,13 +60,15 @@ libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) libbsm_la_LIBADD = am__libbsm_la_SOURCES_DIST = bsm_audit.c bsm_class.c bsm_control.c \ - bsm_errno.c bsm_event.c bsm_flags.c bsm_io.c bsm_mask.c \ - bsm_token.c bsm_user.c bsm_notify.c bsm_wrappers.c + bsm_domain.c bsm_errno.c bsm_event.c bsm_flags.c bsm_io.c \ + bsm_mask.c bsm_socket_type.c bsm_token.c bsm_user.c \ + bsm_notify.c bsm_wrappers.c @HAVE_AUDIT_SYSCALLS_TRUE@am__objects_1 = bsm_notify.lo \ @HAVE_AUDIT_SYSCALLS_TRUE@ bsm_wrappers.lo am_libbsm_la_OBJECTS = bsm_audit.lo bsm_class.lo bsm_control.lo \ - bsm_errno.lo bsm_event.lo bsm_flags.lo bsm_io.lo bsm_mask.lo \ - bsm_token.lo bsm_user.lo $(am__objects_1) + bsm_domain.lo bsm_errno.lo bsm_event.lo bsm_flags.lo bsm_io.lo \ + bsm_mask.lo bsm_socket_type.lo bsm_token.lo bsm_user.lo \ + $(am__objects_1) libbsm_la_OBJECTS = $(am_libbsm_la_OBJECTS) DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/config/depcomp @@ -199,18 +201,20 @@ top_srcdir = @top_srcdir@ @USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys @USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) lib_LTLIBRARIES = libbsm.la -libbsm_la_SOURCES = bsm_audit.c bsm_class.c bsm_control.c bsm_errno.c \ - bsm_event.c bsm_flags.c bsm_io.c bsm_mask.c bsm_token.c \ - bsm_user.c $(am__append_1) +libbsm_la_SOURCES = bsm_audit.c bsm_class.c bsm_control.c bsm_domain.c \ + bsm_errno.c bsm_event.c bsm_flags.c bsm_io.c bsm_mask.c \ + bsm_socket_type.c bsm_token.c bsm_user.c $(am__append_1) man3_MANS = \ au_class.3 \ au_control.3 \ + au_domain.3 \ au_errno.3 \ au_event.3 \ au_free_token.3 \ au_io.3 \ au_mask.3 \ au_open.3 \ + au_socket_type.3 \ au_token.3 \ au_user.3 \ libbsm.3 @@ -287,12 +291,14 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_audit.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_class.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_control.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_domain.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_errno.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_event.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_flags.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_io.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_mask.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_notify.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_socket_type.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_token.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_user.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_wrappers.Plo@am__quote@ diff --git a/contrib/openbsm/libbsm/au_domain.3 b/contrib/openbsm/libbsm/au_domain.3 new file mode 100644 index 0000000..14ac45a --- /dev/null +++ b/contrib/openbsm/libbsm/au_domain.3 @@ -0,0 +1,87 @@ +.\"- +.\" Copyright (c) 2008 Apple Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of +.\" its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR +.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_domain.3#1 $ +.\" +.Dd December 28, 2008 +.Dt AU_BSM_TO_DOMAIN 3 +.Os +.Sh NAME +.Nm au_bsm_to_domain , +.Nm au_domain_to_bsm +.Nd "convert between BSM and local protocol domains" +.Sh LIBRARY +.Lb libbsm +.Sh SYNOPSIS +.In bsm/libbsm.h +.Ft int +.Fn au_bsm_to_domain "u_short bsm_domain" "int *local_domainp" +.Ft u_short +.Fn au_domain_to_bsm "int local_domain" +.Sh DESCRIPTION +These interfaces may be used to convert between the local and BSM protocol +domains. +The +.Fn au_bsm_to_domain +function accepts a BSM domain, +.Fa bsm_domain , +and converts it to a local domain, such as those passed to +.Xr socket 2 , +that will be stored in the integer pointed to by +.Fa local_domainp +if successful. +This call will fail if the BSM domain cannot be mapped into a local domain, +which may occur if the socket token was generated on another operating +system. +.Pp +.Fn au_domain_to_bsm +function accepts a local domain, and returns the BSM domain for it. +This call cannot fail, and instead returns a BSM domain indicating to a later +decoder that the domain could not be encoded. +.Sh RETURN VALULES +On success, +.Fn au_bsm_to_domain +returns 0 and a converted domain; on failure, it returns -1 but does not set +.Xr errno 2 . +.Sh SEE ALSO +.Xr au_bsm_to_socket_type 3 , +.Xr au_socket_type_to_bsm 3 , +.Xr au_to_socket_ex 3 , +.Xr libbsm 3 +.Sh HISTORY +.Fn au_bsm_to_domain +and +.Fn au_domain_to_bsm +were introduced in OpenBSM 1.1. +.Sh AUTHORS +These functions were implemented by +.An Robert Watson +under contract to Apple Inc. +.Pp +The Basic Security Module (BSM) interface to audit records and audit event +stream format were defined by Sun Microsystems. diff --git a/contrib/openbsm/libbsm/au_socket_type.3 b/contrib/openbsm/libbsm/au_socket_type.3 new file mode 100644 index 0000000..174e5c7 --- /dev/null +++ b/contrib/openbsm/libbsm/au_socket_type.3 @@ -0,0 +1,93 @@ +.\"- +.\" Copyright (c) 2008 Apple Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of Apple Inc. ("Apple") nor the names of +.\" its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR +.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_socket_type.3#1 $ +.\" +.Dd December 28, 2008 +.Dt AU_BSM_TO_SOCKET_TYPE 3 +.Os +.Sh NAME +.Nm au_bsm_to_socket_type , +.Nm au_socket_type_to_bsm +.Nd "convert between BSM and local socket types" +.Sh LIBRARY +.Lb libbsm +.Sh SYNOPSIS +.In bsm/libbsm.h +.Ft int +.Fn au_bsm_to_socket_type "u_short bsm_socket_type" "int *local_socket_typep" +.Ft u_short +.Fn au_socket_type_to_bsm "int local_socket_type" +.Sh DESCRIPTION +These interfaces may be used to convert between the local and BSM socket +types. +The +.Fn au_bsm_to_socket_type +function accepts a BSM socket type, +.Fa bsm_socket_type , +and converts it to a local socket type, such as those passed to +.Xr socket 2 , +that will be stored in the integer pointed to by +.Fa local_socket_typep +if successful. +This call will fail if the BSM socket type cannot be mapped into a local +socket type, which may occur if the socket token was generated on another +operating system. +.Pp +.Fn au_socket_type_to_bsm +function accepts a local socket type, and returns the BSM socket type for it. +This call cannot fail, and instead returns a BSM socket type indicating to a +later decoder that the socket type could not be encoded. +.Sh RETURN VALULES +On success, +.Fn au_bsm_to_socket_type +returns 0 and a converted socket type; on failure, it returns -1 but does not +set +.Xr errno 2 . +.Pp +On success, +.Fn au_strerror +returns a pointer to an error string; on failure it will return +.Dv NULL . +.Sh SEE ALSO +.Xr au_bsm_to_domain 3 , +.Xr au_domain_to_bsm 3 , +.Xr au_to_socket_ex 3 , +.Xr libbsm 3 +.Sh HISTORY +.Fn au_bsm_to_socket_type +and +.Fn au_socket_type_to_bsm +were introduced in OpenBSM 1.1. +.Sh AUTHORS +These functions were implemented by +.An Robert Watson +under contract to Apple Inc. +.Pp +The Basic Security Module (BSM) interface to audit records and audit event +stream format were defined by Sun Microsystems. diff --git a/contrib/openbsm/libbsm/au_token.3 b/contrib/openbsm/libbsm/au_token.3 index 28d195e..2888729 100644 --- a/contrib/openbsm/libbsm/au_token.3 +++ b/contrib/openbsm/libbsm/au_token.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#16 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#17 $ .\" .Dd April 19, 2005 .Dt AU_TOKEN 3 @@ -60,6 +60,7 @@ .Nm au_to_sock_inet32 , .Nm au_to_sock_inet128 , .Nm au_to_sock_inet , +.Nm au_to_socket_ex , .Nm au_to_subject32 , .Nm au_to_subject64 , .Nm au_to_subject , @@ -156,6 +157,8 @@ .Ft "token_t *" .Fn au_to_sock_int "struct sockaddr_in *so" .Ft "token_t *" +.Fn au_to_socket_ex "u_short so_domain" "u_short so_type" "struct sockaddr *sa_local" "struct sockaddr *sa_remote" +.Ft "token_t *" .Fo au_to_subject32 .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" diff --git a/contrib/openbsm/libbsm/bsm_audit.c b/contrib/openbsm/libbsm/bsm_audit.c index 3510639..6537b37 100644 --- a/contrib/openbsm/libbsm/bsm_audit.c +++ b/contrib/openbsm/libbsm/bsm_audit.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#34 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#35 $ */ #include <sys/types.h> @@ -219,13 +219,16 @@ au_write(int d, token_t *tok) static int au_assemble(au_record_t *rec, short event) { - token_t *header, *tok, *trailer; - size_t tot_rec_size, hdrsize; - u_char *dptr; +#ifdef HAVE_AUDIT_SYSCALLS struct in6_addr *aptr; - int error; struct auditinfo_addr aia; struct timeval tm; + size_t hdrsize; +#endif /* HAVE_AUDIT_SYSCALLS */ + token_t *header, *tok, *trailer; + size_t tot_rec_size; + u_char *dptr; + int error; #ifdef HAVE_AUDIT_SYSCALLS /* diff --git a/contrib/openbsm/libbsm/bsm_domain.c b/contrib/openbsm/libbsm/bsm_domain.c new file mode 100644 index 0000000..496235f --- /dev/null +++ b/contrib/openbsm/libbsm/bsm_domain.c @@ -0,0 +1,499 @@ +/*- + * Copyright (c) 2008 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#2 $ + */ + +#include <sys/types.h> +#include <sys/socket.h> + +#include <config/config.h> + +#include <bsm/audit_domain.h> +#include <bsm/libbsm.h> + +struct bsm_domain { + u_short bd_bsm_domain; + int bd_local_domain; +}; + +#define PF_NO_LOCAL_MAPPING -600 + +static const struct bsm_domain bsm_domains[] = { + { BSM_PF_UNSPEC, PF_UNSPEC }, + { BSM_PF_LOCAL, PF_LOCAL }, + { BSM_PF_INET, PF_INET }, + { BSM_PF_IMPLINK, +#ifdef PF_IMPLINK + PF_IMPLINK +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_PUP, +#ifdef PF_PUP + PF_PUP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_CHAOS, +#ifdef PF_CHAOS + PF_CHAOS +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NS, +#ifdef PF_NS + PF_NS +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NBS, +#ifdef PF_NBS + PF_NBS +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ECMA, +#ifdef PF_ECMA + PF_ECMA +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_DATAKIT, +#ifdef PF_DATAKIT + PF_DATAKIT +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_CCITT, +#ifdef PF_CCITT + PF_CCITT +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_SNA, PF_SNA }, + { BSM_PF_DECnet, PF_DECnet }, + { BSM_PF_DLI, +#ifdef PF_DLI + PF_DLI +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_LAT, +#ifdef PF_LAT + PF_LAT +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_HYLINK, +#ifdef PF_HYLINK + PF_HYLINK +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_APPLETALK, PF_APPLETALK }, + { BSM_PF_NIT, +#ifdef PF_NIT + PF_NIT +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_802, +#ifdef PF_802 + PF_802 +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_OSI, +#ifdef PF_OSI + PF_OSI +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_X25, +#ifdef PF_X25 + PF_X25 +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_OSINET, +#ifdef PF_OSINET + PF_OSINET +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_GOSIP, +#ifdef PF_GOSIP + PF_GOSIP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_IPX, PF_IPX }, + { BSM_PF_ROUTE, PF_ROUTE }, + { BSM_PF_LINK, +#ifdef PF_LINK + PF_LINK +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_INET6, PF_INET6 }, + { BSM_PF_KEY, PF_KEY }, + { BSM_PF_NCA, +#ifdef PF_NCA + PF_NCA +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_POLICY, +#ifdef PF_POLICY + PF_POLICY +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_INET_OFFLOAD, +#ifdef PF_INET_OFFLOAD + PF_INET_OFFLOAD +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NETBIOS, +#ifdef PF_NETBIOS + PF_NETBIOS +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ISO, +#ifdef PF_ISO + PF_ISO +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_XTP, +#ifdef PF_XTP + PF_XTP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_COIP, +#ifdef PF_COIP + PF_COIP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_CNT, +#ifdef PF_CNT + PF_CNT +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_RTIP, +#ifdef PF_RTIP + PF_RTIP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_SIP, +#ifdef PF_SIP + PF_SIP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_PIP, +#ifdef PF_PIP + PF_PIP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ISDN, +#ifdef PF_ISDN + PF_ISDN +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_E164, +#ifdef PF_E164 + PF_E164 +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NATM, +#ifdef PF_NATM + PF_NATM +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ATM, +#ifdef PF_ATM + PF_ATM +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NETGRAPH, +#ifdef PF_NETGRAPH + PF_NETGRAPH +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_SLOW, +#ifdef PF_SLOW + PF_SLOW +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_SCLUSTER, +#ifdef PF_SCLUSTER + PF_SCLUSTER +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ARP, +#ifdef PF_ARP + PF_ARP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_BLUETOOTH, +#ifdef PF_BLUETOOTH + PF_BLUETOOTH +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_IEEE80211, +#ifdef PF_IEEE80211 + PF_IEEE80211 +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_AX25, +#ifdef PF_AX25 + PF_AX25 +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ROSE, +#ifdef PF_ROSE + PF_ROSE +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NETBEUI, +#ifdef PF_NETBEUI + PF_NETBEUI +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_SECURITY, +#ifdef PF_SECURITY + PF_SECURITY +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_PACKET, +#ifdef PF_PACKET + PF_PACKET +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ASH, +#ifdef PF_ASH + PF_ASH +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ECONET, +#ifdef PF_ECONET + PF_ECONET +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ATMSVC, +#ifdef PF_ATMSVC + PF_ATMSVC +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_IRDA, +#ifdef PF_IRDA + PF_IRDA +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_PPPOX, +#ifdef PF_PPPOX + PF_PPPOX +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_WANPIPE, +#ifdef PF_WANPIPE + PF_WANPIPE +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_LLC, +#ifdef PF_LLC + PF_LLC +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_CAN, +#ifdef PF_CAN + PF_CAN +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_TIPC, +#ifdef PF_TIPC + PF_TIPC +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_IUCV, +#ifdef PF_IUCV + PF_IUCV +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_RXRPC, +#ifdef PF_RXRPC + PF_RXRPC +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_PHONET, +#ifdef PF_PHONET + PF_PHONET +#else + PF_NO_LOCAL_MAPPING +#endif + }, +}; +static const int bsm_domains_count = sizeof(bsm_domains) / + sizeof(bsm_domains[0]); + +static const struct bsm_domain * +bsm_lookup_local_domain(int local_domain) +{ + int i; + + for (i = 0; i < bsm_domains_count; i++) { + if (bsm_domains[i].bd_local_domain == local_domain) + return (&bsm_domains[i]); + } + return (NULL); +} + +u_short +au_domain_to_bsm(int local_domain) +{ + const struct bsm_domain *bstp; + + bstp = bsm_lookup_local_domain(local_domain); + if (bstp == NULL) + return (BSM_PF_UNKNOWN); + return (bstp->bd_bsm_domain); +} + +static const struct bsm_domain * +bsm_lookup_bsm_domain(u_short bsm_domain) +{ + int i; + + for (i = 0; i < bsm_domains_count; i++) { + if (bsm_domains[i].bd_bsm_domain == bsm_domain) + return (&bsm_domains[i]); + } + return (NULL); +} + +int +au_bsm_to_domain(u_short bsm_domain, int *local_domainp) +{ + const struct bsm_domain *bstp; + + bstp = bsm_lookup_bsm_domain(bsm_domain); + if (bstp == NULL || bstp->bd_local_domain) + return (-1); + *local_domainp = bstp->bd_local_domain; + return (0); +} diff --git a/contrib/openbsm/libbsm/bsm_errno.c b/contrib/openbsm/libbsm/bsm_errno.c index e6f41d3..78aad97 100644 --- a/contrib/openbsm/libbsm/bsm_errno.c +++ b/contrib/openbsm/libbsm/bsm_errno.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#12 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#16 $ */ #include <sys/types.h> @@ -45,16 +45,25 @@ * operating system. These routines convert between BSM and local error * number spaces, subject to the above realities. BSM error numbers are * stored in a single 8-bit character, so don't have a byte order. + * + * Don't include string definitions when this code is compiled into a kernel. */ - -struct bsm_errors { - int be_bsm_error; - int be_os_error; +struct bsm_errno { + int be_bsm_errno; + int be_local_errno; +#if !defined(KERNEL) && !defined(_KERNEL) const char *be_strerror; +#endif }; #define ERRNO_NO_LOCAL_MAPPING -600 +#if !defined(KERNEL) && !defined(_KERNEL) +#define ES(x) x +#else +#define ES(x) +#endif + /* * Mapping table -- please maintain in numeric sorted order with respect to * the BSM constant. Today we do a linear lookup, but could switch to a @@ -70,523 +79,551 @@ struct bsm_errors { * support catalogues; these are only used if the OS doesn't have an error * string using strerror(3). */ -static const struct bsm_errors bsm_errors[] = { - { BSM_ESUCCESS, 0, "Success" }, - { BSM_EPERM, EPERM, "Operation not permitted" }, - { BSM_ENOENT, ENOENT, "No such file or directory" }, - { BSM_ESRCH, ESRCH, "No such process" }, - { BSM_EINTR, EINTR, "Interrupted system call" }, - { BSM_EIO, EIO, "Input/output error" }, - { BSM_ENXIO, ENXIO, "Device not configured" }, - { BSM_E2BIG, E2BIG, "Argument list too long" }, - { BSM_ENOEXEC, ENOEXEC, "Exec format error" }, - { BSM_EBADF, EBADF, "BAd file descriptor" }, - { BSM_ECHILD, ECHILD, "No child processes" }, - { BSM_EAGAIN, EAGAIN, "Resource temporarily unavailable" }, - { BSM_ENOMEM, ENOMEM, "Cannot allocate memory" }, - { BSM_EACCES, EACCES, "Permission denied" }, - { BSM_EFAULT, EFAULT, "Bad address" }, - { BSM_ENOTBLK, ENOTBLK, "Block device required" }, - { BSM_EBUSY, EBUSY, "Device busy" }, - { BSM_EEXIST, EEXIST, "File exists" }, - { BSM_EXDEV, EXDEV, "Cross-device link" }, - { BSM_ENODEV, ENODEV, "Operation not supported by device" }, - { BSM_ENOTDIR, ENOTDIR, "Not a directory" }, - { BSM_EISDIR, EISDIR, "Is a directory" }, - { BSM_EINVAL, EINVAL, "Invalid argument" }, - { BSM_ENFILE, ENFILE, "Too many open files in system" }, - { BSM_EMFILE, EMFILE, "Too many open files" }, - { BSM_ENOTTY, ENOTTY, "Inappropriate ioctl for device" }, - { BSM_ETXTBSY, ETXTBSY, "Text file busy" }, - { BSM_EFBIG, EFBIG, "File too large" }, - { BSM_ENOSPC, ENOSPC, "No space left on device" }, - { BSM_ESPIPE, ESPIPE, "Illegal seek" }, - { BSM_EROFS, EROFS, "Read-only file system" }, - { BSM_EMLINK, EMLINK, "Too many links" }, - { BSM_EPIPE, EPIPE, "Broken pipe" }, - { BSM_EDOM, EDOM, "Numerical argument out of domain" }, - { BSM_ERANGE, ERANGE, "Result too large" }, - { BSM_ENOMSG, ENOMSG, "No message of desired type" }, - { BSM_EIDRM, EIDRM, "Identifier removed" }, - { BSM_ECHRNG, +static const struct bsm_errno bsm_errnos[] = { + { BSM_ERRNO_ESUCCESS, 0, ES("Success") }, + { BSM_ERRNO_EPERM, EPERM, ES("Operation not permitted") }, + { BSM_ERRNO_ENOENT, ENOENT, ES("No such file or directory") }, + { BSM_ERRNO_ESRCH, ESRCH, ES("No such process") }, + { BSM_ERRNO_EINTR, EINTR, ES("Interrupted system call") }, + { BSM_ERRNO_EIO, EIO, ES("Input/output error") }, + { BSM_ERRNO_ENXIO, ENXIO, ES("Device not configured") }, + { BSM_ERRNO_E2BIG, E2BIG, ES("Argument list too long") }, + { BSM_ERRNO_ENOEXEC, ENOEXEC, ES("Exec format error") }, + { BSM_ERRNO_EBADF, EBADF, ES("Bad file descriptor") }, + { BSM_ERRNO_ECHILD, ECHILD, ES("No child processes") }, + { BSM_ERRNO_EAGAIN, EAGAIN, ES("Resource temporarily unavailable") }, + { BSM_ERRNO_ENOMEM, ENOMEM, ES("Cannot allocate memory") }, + { BSM_ERRNO_EACCES, EACCES, ES("Permission denied") }, + { BSM_ERRNO_EFAULT, EFAULT, ES("Bad address") }, + { BSM_ERRNO_ENOTBLK, ENOTBLK, ES("Block device required") }, + { BSM_ERRNO_EBUSY, EBUSY, ES("Device busy") }, + { BSM_ERRNO_EEXIST, EEXIST, ES("File exists") }, + { BSM_ERRNO_EXDEV, EXDEV, ES("Cross-device link") }, + { BSM_ERRNO_ENODEV, ENODEV, ES("Operation not supported by device") }, + { BSM_ERRNO_ENOTDIR, ENOTDIR, ES("Not a directory") }, + { BSM_ERRNO_EISDIR, EISDIR, ES("Is a directory") }, + { BSM_ERRNO_EINVAL, EINVAL, ES("Invalid argument") }, + { BSM_ERRNO_ENFILE, ENFILE, ES("Too many open files in system") }, + { BSM_ERRNO_EMFILE, EMFILE, ES("Too many open files") }, + { BSM_ERRNO_ENOTTY, ENOTTY, ES("Inappropriate ioctl for device") }, + { BSM_ERRNO_ETXTBSY, ETXTBSY, ES("Text file busy") }, + { BSM_ERRNO_EFBIG, EFBIG, ES("File too large") }, + { BSM_ERRNO_ENOSPC, ENOSPC, ES("No space left on device") }, + { BSM_ERRNO_ESPIPE, ESPIPE, ES("Illegal seek") }, + { BSM_ERRNO_EROFS, EROFS, ES("Read-only file system") }, + { BSM_ERRNO_EMLINK, EMLINK, ES("Too many links") }, + { BSM_ERRNO_EPIPE, EPIPE, ES("Broken pipe") }, + { BSM_ERRNO_EDOM, EDOM, ES("Numerical argument out of domain") }, + { BSM_ERRNO_ERANGE, ERANGE, ES("Result too large") }, + { BSM_ERRNO_ENOMSG, ENOMSG, ES("No message of desired type") }, + { BSM_ERRNO_EIDRM, EIDRM, ES("Identifier removed") }, + { BSM_ERRNO_ECHRNG, #ifdef ECHRNG ECHRNG, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Channel number out of range" }, - { BSM_EL2NSYNC, + ES("Channel number out of range") }, + { BSM_ERRNO_EL2NSYNC, #ifdef EL2NSYNC EL2NSYNC, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Level 2 not synchronized" }, - { BSM_EL3HLT, + ES("Level 2 not synchronized") }, + { BSM_ERRNO_EL3HLT, #ifdef EL3HLT EL3HLT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Level 3 halted" }, - { BSM_EL3RST, + ES("Level 3 halted") }, + { BSM_ERRNO_EL3RST, #ifdef EL3RST EL3RST, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Level 3 reset" }, - { BSM_ELNRNG, + ES("Level 3 reset") }, + { BSM_ERRNO_ELNRNG, #ifdef ELNRNG ELNRNG, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Link number out of range" }, - { BSM_EUNATCH, + ES("Link number out of range") }, + { BSM_ERRNO_EUNATCH, #ifdef EUNATCH EUNATCH, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Protocol driver not attached" }, - { BSM_ENOCSI, + ES("Protocol driver not attached") }, + { BSM_ERRNO_ENOCSI, #ifdef ENOCSI ENOCSI, #else ERRNO_NO_LOCAL_MAPPING, #endif - "No CSI structure available" }, - { BSM_EL2HLT, + ES("No CSI structure available") }, + { BSM_ERRNO_EL2HLT, #ifdef EL2HLT EL2HLT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Level 2 halted" }, - { BSM_EDEADLK, EDEADLK, "Resource deadlock avoided" }, - { BSM_ENOLCK, ENOLCK, "No locks available" }, - { BSM_ECANCELED, ECANCELED, "Operation canceled" }, - { BSM_ENOTSUP, ENOTSUP, "Operation not supported" }, - { BSM_EDQUOT, EDQUOT, "Disc quota exceeded" }, - { BSM_EBADE, + ES("Level 2 halted") }, + { BSM_ERRNO_EDEADLK, EDEADLK, ES("Resource deadlock avoided") }, + { BSM_ERRNO_ENOLCK, ENOLCK, ES("No locks available") }, + { BSM_ERRNO_ECANCELED, ECANCELED, ES("Operation canceled") }, + { BSM_ERRNO_ENOTSUP, ENOTSUP, ES("Operation not supported") }, + { BSM_ERRNO_EDQUOT, EDQUOT, ES("Disc quota exceeded") }, + { BSM_ERRNO_EBADE, #ifdef EBADE EBADE, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Invalid exchange" }, - { BSM_EBADR, + ES("Invalid exchange") }, + { BSM_ERRNO_EBADR, #ifdef EBADR EBADR, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Invalid request descriptor" }, - { BSM_EXFULL, + ES("Invalid request descriptor") }, + { BSM_ERRNO_EXFULL, #ifdef EXFULL EXFULL, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Exchange full" }, - { BSM_ENOANO, + ES("Exchange full") }, + { BSM_ERRNO_ENOANO, #ifdef ENOANO ENOANO, #else ERRNO_NO_LOCAL_MAPPING, #endif - "No anode" }, - { BSM_EBADRQC, + ES("No anode") }, + { BSM_ERRNO_EBADRQC, #ifdef EBADRQC EBADRQC, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Invalid request descriptor" }, - { BSM_EBADSLT, + ES("Invalid request descriptor") }, + { BSM_ERRNO_EBADSLT, #ifdef EBADSLT EBADSLT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Invalid slot" }, - { BSM_EDEADLOCK, + ES("Invalid slot") }, + { BSM_ERRNO_EDEADLOCK, #ifdef EDEADLOCK EDEADLOCK, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Resource deadlock avoided" }, - { BSM_EBFONT, + ES("Resource deadlock avoided") }, + { BSM_ERRNO_EBFONT, #ifdef EBFONT EBFONT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Bad font file format" }, - { BSM_EOWNERDEAD, + ES("Bad font file format") }, + { BSM_ERRNO_EOWNERDEAD, #ifdef EOWNERDEAD EOWNERDEAD, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Process died with the lock" }, - { BSM_ENOTRECOVERABLE, + ES("Process died with the lock") }, + { BSM_ERRNO_ENOTRECOVERABLE, #ifdef ENOTRECOVERABLE ENOTRECOVERABLE, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Lock is not recoverable" }, - { BSM_ENOSTR, + ES("Lock is not recoverable") }, + { BSM_ERRNO_ENOSTR, #ifdef ENOSTR ENOSTR, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Device not a stream" }, - { BSM_ENONET, + ES("Device not a stream") }, + { BSM_ERRNO_ENONET, #ifdef ENONET ENONET, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Machine is not on the network" }, - { BSM_ENOPKG, + ES("Machine is not on the network") }, + { BSM_ERRNO_ENOPKG, #ifdef ENOPKG ENOPKG, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Package not installed" }, - { BSM_EREMOTE, EREMOTE, "Too many levels of remote in path" }, - { BSM_ENOLINK, + ES("Package not installed") }, + { BSM_ERRNO_EREMOTE, EREMOTE, + ES("Too many levels of remote in path") }, + { BSM_ERRNO_ENOLINK, #ifdef ENOLINK ENOLINK, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Link has been severed" }, - { BSM_EADV, + ES("Link has been severed") }, + { BSM_ERRNO_EADV, #ifdef EADV EADV, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Advertise error" }, - { BSM_ESRMNT, + ES("Advertise error") }, + { BSM_ERRNO_ESRMNT, #ifdef ESRMNT ESRMNT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "srmount error" }, - { BSM_ECOMM, + ES("srmount error") }, + { BSM_ERRNO_ECOMM, #ifdef ECOMM ECOMM, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Communication error on send" }, - { BSM_EPROTO, + ES("Communication error on send") }, + { BSM_ERRNO_EPROTO, #ifdef EPROTO EPROTO, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Protocol error" }, - { BSM_ELOCKUNMAPPED, + ES("Protocol error") }, + { BSM_ERRNO_ELOCKUNMAPPED, #ifdef ELOCKUNMAPPED ELOCKUNMAPPED, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Locked lock was unmapped" }, - { BSM_ENOTACTIVE, + ES("Locked lock was unmapped") }, + { BSM_ERRNO_ENOTACTIVE, #ifdef ENOTACTIVE ENOTACTIVE, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Facility is not active" }, - { BSM_EMULTIHOP, + ES("Facility is not active") }, + { BSM_ERRNO_EMULTIHOP, #ifdef EMULTIHOP EMULTIHOP, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Multihop attempted" }, - { BSM_EBADMSG, + ES("Multihop attempted") }, + { BSM_ERRNO_EBADMSG, #ifdef EBADMSG EBADMSG, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Bad message" }, - { BSM_ENAMETOOLONG, ENAMETOOLONG, "File name too long" }, - { BSM_EOVERFLOW, EOVERFLOW, "Value too large to be stored in data type" }, - { BSM_ENOTUNIQ, + ES("Bad message") }, + { BSM_ERRNO_ENAMETOOLONG, ENAMETOOLONG, ES("File name too long") }, + { BSM_ERRNO_EOVERFLOW, EOVERFLOW, + ES("Value too large to be stored in data type") }, + { BSM_ERRNO_ENOTUNIQ, #ifdef ENOTUNIQ ENOTUNIQ, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Given log name not unique" }, - { BSM_EBADFD, + ES("Given log name not unique") }, + { BSM_ERRNO_EBADFD, #ifdef EBADFD EBADFD, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Given f.d. invalid for this operation" }, - { BSM_EREMCHG, + ES("Given f.d. invalid for this operation") }, + { BSM_ERRNO_EREMCHG, #ifdef EREMCHG EREMCHG, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Remote address changed" }, - { BSM_ELIBACC, + ES("Remote address changed") }, + { BSM_ERRNO_ELIBACC, #ifdef ELIBACC ELIBACC, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Can't access a needed shared lib" }, - { BSM_ELIBBAD, + ES("Can't access a needed shared lib") }, + { BSM_ERRNO_ELIBBAD, #ifdef ELIBBAD ELIBBAD, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Accessing a corrupted shared lib" }, - { BSM_ELIBSCN, + ES("Accessing a corrupted shared lib") }, + { BSM_ERRNO_ELIBSCN, #ifdef ELIBSCN ELIBSCN, #else ERRNO_NO_LOCAL_MAPPING, #endif - ".lib section in a.out corrupted" }, - { BSM_ELIBMAX, + ES(".lib section in a.out corrupted") }, + { BSM_ERRNO_ELIBMAX, #ifdef ELIBMAX ELIBMAX, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Attempting to link in too many libs" }, - { BSM_ELIBEXEC, + ES("Attempting to link in too many libs") }, + { BSM_ERRNO_ELIBEXEC, #ifdef ELIBEXEC ELIBEXEC, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Attempting to exec a shared library" }, - { BSM_EILSEQ, EILSEQ, "Illegal byte sequence" }, - { BSM_ENOSYS, ENOSYS, "Function not implemented" }, - { BSM_ELOOP, ELOOP, "Too many levels of symbolic links" }, - { BSM_ERESTART, + ES("Attempting to exec a shared library") }, + { BSM_ERRNO_EILSEQ, EILSEQ, ES("Illegal byte sequence") }, + { BSM_ERRNO_ENOSYS, ENOSYS, ES("Function not implemented") }, + { BSM_ERRNO_ELOOP, ELOOP, ES("Too many levels of symbolic links") }, + { BSM_ERRNO_ERESTART, #ifdef ERESTART ERESTART, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Restart syscall" }, - { BSM_ESTRPIPE, + ES("Restart syscall") }, + { BSM_ERRNO_ESTRPIPE, #ifdef ESTRPIPE ESTRPIPE, #else ERRNO_NO_LOCAL_MAPPING, #endif - "If pipe/FIFO, don't sleep in stream head" }, - { BSM_ENOTEMPTY, ENOTEMPTY, "Directory not empty" }, - { BSM_EUSERS, EUSERS, "Too many users" }, - { BSM_ENOTSOCK, ENOTSOCK, "Socket operation on non-socket" }, - { BSM_EDESTADDRREQ, EDESTADDRREQ, "Destination address required" }, - { BSM_EMSGSIZE, EMSGSIZE, "Message too long" }, - { BSM_EPROTOTYPE, EPROTOTYPE, "Protocol wrong type for socket" }, - { BSM_ENOPROTOOPT, ENOPROTOOPT, "Protocol not available" }, - { BSM_EPROTONOSUPPORT, EPROTONOSUPPORT, "Protocol not supported" }, - { BSM_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT, "Socket type not supported" }, - { BSM_EOPNOTSUPP, EOPNOTSUPP, "Operation not supported" }, - { BSM_EPFNOSUPPORT, EPFNOSUPPORT, "Protocol family not supported" }, - { BSM_EAFNOSUPPORT, EAFNOSUPPORT, "Address family not supported by protocol family" }, - { BSM_EADDRINUSE, EADDRINUSE, "Address already in use" }, - { BSM_EADDRNOTAVAIL, EADDRNOTAVAIL, "Can't assign requested address" }, - { BSM_ENETDOWN, ENETDOWN, "Network is down" }, - { BSM_ENETRESET, ENETRESET, "Network dropped connection on reset" }, - { BSM_ECONNABORTED, ECONNABORTED, "Software caused connection abort" }, - { BSM_ECONNRESET, ECONNRESET, "Connection reset by peer" }, - { BSM_ENOBUFS, ENOBUFS, "No buffer space available" }, - { BSM_EISCONN, EISCONN, "Socket is already connected" }, - { BSM_ENOTCONN, ENOTCONN, "Socket is not connected" }, - { BSM_ESHUTDOWN, ESHUTDOWN, "Can't send after socket shutdown" }, - { BSM_ETOOMANYREFS, ETOOMANYREFS, "Too many references: can't splice" }, - { BSM_ETIMEDOUT, ETIMEDOUT, "Operation timed out" }, - { BSM_ECONNREFUSED, ECONNREFUSED, "Connection refused" }, - { BSM_EHOSTDOWN, EHOSTDOWN, "Host is down" }, - { BSM_EHOSTUNREACH, EHOSTUNREACH, "No route to host" }, - { BSM_EALREADY, EALREADY, "Operation already in progress" }, - { BSM_EINPROGRESS, EINPROGRESS, "Operation now in progress" }, - { BSM_ESTALE, ESTALE, "Stale NFS file handle" }, - { BSM_EPWROFF, + ES("If pipe/FIFO, don't sleep in stream head") }, + { BSM_ERRNO_ENOTEMPTY, ENOTEMPTY, ES("Directory not empty") }, + { BSM_ERRNO_EUSERS, EUSERS, ES("Too many users") }, + { BSM_ERRNO_ENOTSOCK, ENOTSOCK, + ES("Socket operation on non-socket") }, + { BSM_ERRNO_EDESTADDRREQ, EDESTADDRREQ, + ES("Destination address required") }, + { BSM_ERRNO_EMSGSIZE, EMSGSIZE, ES("Message too long") }, + { BSM_ERRNO_EPROTOTYPE, EPROTOTYPE, + ES("Protocol wrong type for socket") }, + { BSM_ERRNO_ENOPROTOOPT, ENOPROTOOPT, ES("Protocol not available") }, + { BSM_ERRNO_EPROTONOSUPPORT, EPROTONOSUPPORT, + ES("Protocol not supported") }, + { BSM_ERRNO_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT, + ES("Socket type not supported") }, + { BSM_ERRNO_EOPNOTSUPP, EOPNOTSUPP, ES("Operation not supported") }, + { BSM_ERRNO_EPFNOSUPPORT, EPFNOSUPPORT, + ES("Protocol family not supported") }, + { BSM_ERRNO_EAFNOSUPPORT, EAFNOSUPPORT, + ES("Address family not supported by protocol family") }, + { BSM_ERRNO_EADDRINUSE, EADDRINUSE, ES("Address already in use") }, + { BSM_ERRNO_EADDRNOTAVAIL, EADDRNOTAVAIL, + ES("Can't assign requested address") }, + { BSM_ERRNO_ENETDOWN, ENETDOWN, ES("Network is down") }, + { BSM_ERRNO_ENETRESET, ENETRESET, + ES("Network dropped connection on reset") }, + { BSM_ERRNO_ECONNABORTED, ECONNABORTED, + ES("Software caused connection abort") }, + { BSM_ERRNO_ECONNRESET, ECONNRESET, ES("Connection reset by peer") }, + { BSM_ERRNO_ENOBUFS, ENOBUFS, ES("No buffer space available") }, + { BSM_ERRNO_EISCONN, EISCONN, ES("Socket is already connected") }, + { BSM_ERRNO_ENOTCONN, ENOTCONN, ES("Socket is not connected") }, + { BSM_ERRNO_ESHUTDOWN, ESHUTDOWN, + ES("Can't send after socket shutdown") }, + { BSM_ERRNO_ETOOMANYREFS, ETOOMANYREFS, + ES("Too many references: can't splice") }, + { BSM_ERRNO_ETIMEDOUT, ETIMEDOUT, ES("Operation timed out") }, + { BSM_ERRNO_ECONNREFUSED, ECONNREFUSED, ES("Connection refused") }, + { BSM_ERRNO_EHOSTDOWN, EHOSTDOWN, ES("Host is down") }, + { BSM_ERRNO_EHOSTUNREACH, EHOSTUNREACH, ES("No route to host") }, + { BSM_ERRNO_EALREADY, EALREADY, ES("Operation already in progress") }, + { BSM_ERRNO_EINPROGRESS, EINPROGRESS, + ES("Operation now in progress") }, + { BSM_ERRNO_ESTALE, ESTALE, ES("Stale NFS file handle") }, + { BSM_ERRNO_EPWROFF, #ifdef EPWROFF EPWROFF, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Device power is off" }, - { BSM_EDEVERR, + ES("Device power is off") }, + { BSM_ERRNO_EDEVERR, #ifdef EDEVERR EDEVERR, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Device error" }, - { BSM_EBADEXEC, + ES("Device error") }, + { BSM_ERRNO_EBADEXEC, #ifdef EBADEXEC EBADEXEC, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Bad executable" }, - { BSM_EBADARCH, + ES("Bad executable") }, + { BSM_ERRNO_EBADARCH, #ifdef EBADARCH EBADARCH, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Bad CPU type in executable" }, - { BSM_ESHLIBVERS, + ES("Bad CPU type in executable") }, + { BSM_ERRNO_ESHLIBVERS, #ifdef ESHLIBVERS ESHLIBVERS, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Shared library version mismatch" }, - { BSM_EBADMACHO, + ES("Shared library version mismatch") }, + { BSM_ERRNO_EBADMACHO, #ifdef EBADMACHO EBADMACHO, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Malfored Macho file" }, - { BSM_EPOLICY, + ES("Malfored Macho file") }, + { BSM_ERRNO_EPOLICY, #ifdef EPOLICY EPOLICY, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Operation failed by policy" }, - { BSM_EDOTDOT, + ES("Operation failed by policy") }, + { BSM_ERRNO_EDOTDOT, #ifdef EDOTDOT EDOTDOT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "RFS specific error" }, - { BSM_EUCLEAN, + ES("RFS specific error") }, + { BSM_ERRNO_EUCLEAN, #ifdef EUCLEAN EUCLEAN, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Structure needs cleaning" }, - { BSM_ENOTNAM, + ES("Structure needs cleaning") }, + { BSM_ERRNO_ENOTNAM, #ifdef ENOTNAM ENOTNAM, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Not a XENIX named type file" }, - { BSM_ENAVAIL, + ES("Not a XENIX named type file") }, + { BSM_ERRNO_ENAVAIL, #ifdef ENAVAIL ENAVAIL, #else ERRNO_NO_LOCAL_MAPPING, #endif - "No XENIX semaphores available" }, - { BSM_EISNAM, + ES("No XENIX semaphores available") }, + { BSM_ERRNO_EISNAM, #ifdef EISNAM EISNAM, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Is a named type file" }, - { BSM_EREMOTEIO, + ES("Is a named type file") }, + { BSM_ERRNO_EREMOTEIO, #ifdef EREMOTEIO EREMOTEIO, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Remote I/O error" }, - { BSM_ENOMEDIUM, + ES("Remote I/O error") }, + { BSM_ERRNO_ENOMEDIUM, #ifdef ENOMEDIUM ENOMEDIUM, #else ERRNO_NO_LOCAL_MAPPING, #endif - "No medium found" }, - { BSM_EMEDIUMTYPE, + ES("No medium found") }, + { BSM_ERRNO_EMEDIUMTYPE, #ifdef EMEDIUMTYPE EMEDIUMTYPE, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Wrong medium type" }, - { BSM_ENOKEY, + ES("Wrong medium type") }, + { BSM_ERRNO_ENOKEY, #ifdef ENOKEY ENOKEY, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Required key not available" }, - { BSM_EKEYEXPIRED, + ES("Required key not available") }, + { BSM_ERRNO_EKEYEXPIRED, #ifdef EKEEXPIRED EKEYEXPIRED, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Key has expired" }, - { BSM_EKEYREVOKED, + ES("Key has expired") }, + { BSM_ERRNO_EKEYREVOKED, #ifdef EKEYREVOKED EKEYREVOKED, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Key has been revoked" }, - { BSM_EKEYREJECTED, + ES("Key has been revoked") }, + { BSM_ERRNO_EKEYREJECTED, #ifdef EKEREJECTED EKEYREJECTED, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Key was rejected by service" }, + ES("Key was rejected by service") }, }; -static const int bsm_errors_count = sizeof(bsm_errors) / sizeof(bsm_errors[0]); +static const int bsm_errnos_count = sizeof(bsm_errnos) / sizeof(bsm_errnos[0]); -static const struct bsm_errors * -au_bsm_error_lookup_errno(int error) +static const struct bsm_errno * +bsm_lookup_errno_local(int local_errno) { int i; - if (error == ERRNO_NO_LOCAL_MAPPING) - return (NULL); - for (i = 0; i < bsm_errors_count; i++) { - if (bsm_errors[i].be_os_error == error) - return (&bsm_errors[i]); + for (i = 0; i < bsm_errnos_count; i++) { + if (bsm_errnos[i].be_local_errno == local_errno) + return (&bsm_errnos[i]); } return (NULL); } -static const struct bsm_errors * -au_bsm_error_lookup_bsm(u_char bsm_error) +/* + * Conversion to the BSM errno space isn't allowed to fail; we simply map to + * BSM_ERRNO_UNKNOWN and let the remote endpoint deal with it. + */ +u_char +au_errno_to_bsm(int local_errno) +{ + const struct bsm_errno *bsme; + + bsme = bsm_lookup_errno_local(local_errno); + if (bsme == NULL) + return (BSM_ERRNO_UNKNOWN); + return (bsme->be_bsm_errno); +} + +static const struct bsm_errno * +bsm_lookup_errno_bsm(u_char bsm_errno) { int i; - for (i = 0; i < bsm_errors_count; i++) { - if (bsm_errors[i].be_bsm_error == bsm_error) - return (&bsm_errors[i]); + for (i = 0; i < bsm_errnos_count; i++) { + if (bsm_errnos[i].be_bsm_errno == bsm_errno) + return (&bsm_errnos[i]); } return (NULL); } @@ -594,49 +631,31 @@ au_bsm_error_lookup_bsm(u_char bsm_error) /* * Converstion from a BSM error to a local error number may fail if either * OpenBSM doesn't recognize the error on the wire, or because there is no - * appropriate local mapping. However, we don't allow conversion to BSM to - * fail, we just convert to BSM_UKNOWNERR. + * appropriate local mapping. */ int -au_bsm_to_errno(u_char bsm_error, int *errorp) +au_bsm_to_errno(u_char bsm_errno, int *errorp) { - const struct bsm_errors *bsme; + const struct bsm_errno *bsme; - bsme = au_bsm_error_lookup_bsm(bsm_error); - if (bsme == NULL || bsme->be_os_error == ERRNO_NO_LOCAL_MAPPING) + bsme = bsm_lookup_errno_bsm(bsm_errno); + if (bsme == NULL || bsme->be_local_errno == ERRNO_NO_LOCAL_MAPPING) return (-1); - *errorp = bsme->be_os_error; + *errorp = bsme->be_local_errno; return (0); } -u_char -au_errno_to_bsm(int error) -{ - const struct bsm_errors *bsme; - - /* - * We should never be passed this libbsm-internal constant, and - * because it is ambiguous we just return an error. - */ - if (error == ERRNO_NO_LOCAL_MAPPING) - return (BSM_UNKNOWNERR); - bsme = au_bsm_error_lookup_errno(error); - if (bsme == NULL) - return (BSM_UNKNOWNERR); - return (bsme->be_bsm_error); -} - #if !defined(KERNEL) && !defined(_KERNEL) const char * -au_strerror(u_char bsm_error) +au_strerror(u_char bsm_errno) { - const struct bsm_errors *bsme; + const struct bsm_errno *bsme; - bsme = au_bsm_error_lookup_bsm(bsm_error); + bsme = bsm_lookup_errno_bsm(bsm_errno); if (bsme == NULL) return ("Unrecognized BSM error"); - if (bsme->be_os_error != ERRNO_NO_LOCAL_MAPPING) - return (strerror(bsme->be_os_error)); + if (bsme->be_local_errno != ERRNO_NO_LOCAL_MAPPING) + return (strerror(bsme->be_local_errno)); return (bsme->be_strerror); } #endif diff --git a/contrib/openbsm/libbsm/bsm_io.c b/contrib/openbsm/libbsm/bsm_io.c index e593745..eb56827 100644 --- a/contrib/openbsm/libbsm/bsm_io.c +++ b/contrib/openbsm/libbsm/bsm_io.c @@ -32,7 +32,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#59 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#60 $ */ #include <sys/types.h> @@ -3827,6 +3827,12 @@ print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, __unused char sfrm, int xml) { + /* + * This print routine prints BSM constant space domains and socket + * types rather than converting them. If we add string printers for + * these constants in the future, we may want to call conversion + * routines. + */ print_tok_type(fp, tok->id, "socket", raw, xml); if (xml) { open_attr(fp, "sock_dom"); diff --git a/contrib/openbsm/libbsm/bsm_socket_type.c b/contrib/openbsm/libbsm/bsm_socket_type.c new file mode 100644 index 0000000..a10b609 --- /dev/null +++ b/contrib/openbsm/libbsm/bsm_socket_type.c @@ -0,0 +1,104 @@ +/*- + * Copyright (c) 2008 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_socket_type.c#1 $ + */ + +#include <sys/types.h> +#include <sys/socket.h> + +#include <config/config.h> + +#include <bsm/audit_socket_type.h> +#include <bsm/libbsm.h> + +struct bsm_socket_type { + u_short bst_bsm_socket_type; + int bst_local_socket_type; +}; + +#define ST_NO_LOCAL_MAPPING -600 + +static const struct bsm_socket_type bsm_socket_types[] = { + { BSM_SOCK_DGRAM, SOCK_DGRAM }, + { BSM_SOCK_STREAM, SOCK_STREAM }, + { BSM_SOCK_RAW, SOCK_RAW }, + { BSM_SOCK_RDM, SOCK_RDM }, + { BSM_SOCK_SEQPACKET, SOCK_SEQPACKET }, +}; +static const int bsm_socket_types_count = sizeof(bsm_socket_types) / + sizeof(bsm_socket_types[0]); + +static const struct bsm_socket_type * +bsm_lookup_local_socket_type(int local_socket_type) +{ + int i; + + for (i = 0; i < bsm_socket_types_count; i++) { + if (bsm_socket_types[i].bst_local_socket_type == + local_socket_type) + return (&bsm_socket_types[i]); + } + return (NULL); +} + +u_short +au_socket_type_to_bsm(int local_socket_type) +{ + const struct bsm_socket_type *bstp; + + bstp = bsm_lookup_local_socket_type(local_socket_type); + if (bstp == NULL) + return (BSM_SOCK_UNKNOWN); + return (bstp->bst_bsm_socket_type); +} + +static const struct bsm_socket_type * +bsm_lookup_bsm_socket_type(u_short bsm_socket_type) +{ + int i; + + for (i = 0; i < bsm_socket_types_count; i++) { + if (bsm_socket_types[i].bst_bsm_socket_type == + bsm_socket_type) + return (&bsm_socket_types[i]); + } + return (NULL); +} + +int +au_bsm_to_socket_type(u_short bsm_socket_type, int *local_socket_typep) +{ + const struct bsm_socket_type *bstp; + + bstp = bsm_lookup_bsm_socket_type(bsm_socket_type); + if (bstp == NULL || bstp->bst_local_socket_type) + return (-1); + *local_socket_typep = bstp->bst_local_socket_type; + return (0); +} diff --git a/contrib/openbsm/libbsm/bsm_token.c b/contrib/openbsm/libbsm/bsm_token.c index c9aa1a9..430e09b 100644 --- a/contrib/openbsm/libbsm/bsm_token.c +++ b/contrib/openbsm/libbsm/bsm_token.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#85 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#86 $ */ #include <sys/types.h> @@ -944,6 +944,9 @@ au_to_seq(long audit_count) * local address 4 bytes/16 bytes (IPv4/IPv6 address) * remote port 2 bytes * remote address 4 bytes/16 bytes (IPv4/IPv6 address) + * + * Domain and type arguments to this routine are assumed to already have been + * converted to the BSM constant space, so we don't do that here. */ token_t * au_to_socket_ex(u_short so_domain, u_short so_type, diff --git a/contrib/openbsm/libbsm/libbsm.3 b/contrib/openbsm/libbsm/libbsm.3 index 9a8ebda..f059e28 100644 --- a/contrib/openbsm/libbsm/libbsm.3 +++ b/contrib/openbsm/libbsm/libbsm.3 @@ -1,5 +1,6 @@ .\"- .\" Copyright (c) 2005-2007 Robert N. M. Watson +.\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#14 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#16 $ .\" .Dd November 12, 2008 .Dt LIBBSM 3 @@ -170,6 +171,7 @@ representation: .Xr au_to_sock_inet 3 , .Xr au_to_sock_inet32 3 , .Xr au_to_sock_inet128 3 , +.Xr au_to_socket_ex 3 , .Xr au_to_subject 3 , .Xr au_to_subject32 3 , .Xr au_to_subject64 3 , @@ -191,22 +193,30 @@ database: .Xr getauusernam 3 , .Xr getauusernam_r 3 , .Xr getfauditflags 3 . +.Ss Audit Constant Conversion Interfaces +These functions convert between BSM and local constants, including the +.Xr errno 2 +number, socket type, and protocol famil spaces, and must be used to generate +and interpret BSM return and extended socket tokens: +.Xr au_bsm_to_domain 3 , +.Xr au_bsm_to_errno 3 , +.Xr au_bsm_to_socket_type 3 , +.Xr au_domain_to_bsm 3 , +.Xr au_errno_to_bsm 3 , +.Xr au_socket_type_to_bsm 3 . .Sh SEE ALSO .Xr au_class 3 , -.Xr audit_submit 3 , +.Xr au_domain 3 , +.Xr au_errno 3 , .Xr au_mask 3 , .Xr au_notify 3 , +.Xr au_socket_type 3 , .Xr au_stream 3 , .Xr au_token 3 , .Xr au_user 3 , +.Xr audit_submit 3 , .Xr audit_class 5 , .Xr audit_control 5 -.Ss Audit Error Interfaces -These functions convert between BSM and local -.Xr errno 2 -error numbers, and must be used to interpret and generate BSM return tokens: -.Xr au_bsm_to_errno 3 , -.Xr au_errno_to_bsm 3 . .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. diff --git a/contrib/openbsm/man/audit_user.5 b/contrib/openbsm/man/audit_user.5 index 947f5c8..5075f4a 100644 --- a/contrib/openbsm/man/audit_user.5 +++ b/contrib/openbsm/man/audit_user.5 @@ -25,9 +25,9 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#13 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#14 $ .\" -.Dd February 5, 2006 +.Dd January 4, 2008 .Dt AUDIT_USER 5 .Os .Sh NAME @@ -67,7 +67,7 @@ jdoe:-fc,ad:+fw .Ed .Pp These settings would cause login/logout and administrative events that -succeed on behalf of user +are performed on behalf of user .Dq Li root to be audited. No failure events are audited. diff --git a/contrib/openbsm/sys/bsm/Makefile.am b/contrib/openbsm/sys/bsm/Makefile.am index 2fd60bc..12ad8e9 100644 --- a/contrib/openbsm/sys/bsm/Makefile.am +++ b/contrib/openbsm/sys/bsm/Makefile.am @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#3 $ # @@ -8,8 +8,10 @@ openbsmdir = $(includedir)/bsm openbsm_HEADERS = \ audit.h \ + audit_domain.h \ audit_errno.h \ audit_internal.h \ audit_kevents.h \ - audit_record.h + audit_record.h \ + audit_socket_type.h endif diff --git a/contrib/openbsm/sys/bsm/Makefile.in b/contrib/openbsm/sys/bsm/Makefile.in index d0e5793..0b602df 100644 --- a/contrib/openbsm/sys/bsm/Makefile.in +++ b/contrib/openbsm/sys/bsm/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#4 $ +# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#5 $ # VPATH = @srcdir@ @@ -48,8 +48,9 @@ CONFIG_HEADER = $(top_builddir)/config/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = -am__openbsm_HEADERS_DIST = audit.h audit_errno.h audit_internal.h \ - audit_kevents.h audit_record.h +am__openbsm_HEADERS_DIST = audit.h audit_domain.h audit_errno.h \ + audit_internal.h audit_kevents.h audit_record.h \ + audit_socket_type.h am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -173,10 +174,12 @@ top_srcdir = @top_srcdir@ @USE_NATIVE_INCLUDES_FALSE@openbsmdir = $(includedir)/bsm @USE_NATIVE_INCLUDES_FALSE@openbsm_HEADERS = \ @USE_NATIVE_INCLUDES_FALSE@ audit.h \ +@USE_NATIVE_INCLUDES_FALSE@ audit_domain.h \ @USE_NATIVE_INCLUDES_FALSE@ audit_errno.h \ @USE_NATIVE_INCLUDES_FALSE@ audit_internal.h \ @USE_NATIVE_INCLUDES_FALSE@ audit_kevents.h \ -@USE_NATIVE_INCLUDES_FALSE@ audit_record.h +@USE_NATIVE_INCLUDES_FALSE@ audit_record.h \ +@USE_NATIVE_INCLUDES_FALSE@ audit_socket_type.h all: all-am diff --git a/contrib/openbsm/sys/bsm/audit.h b/contrib/openbsm/sys/bsm/audit.h index c730cac..3b22b03 100644 --- a/contrib/openbsm/sys/bsm/audit.h +++ b/contrib/openbsm/sys/bsm/audit.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#2 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#4 $ */ #ifndef _BSM_AUDIT_H @@ -279,8 +279,8 @@ typedef struct audit_stat au_stat_t; * Structure for the audit file statistics. */ struct audit_fstat { - u_quad_t af_filesz; - u_quad_t af_currsz; + u_int64_t af_filesz; + u_int64_t af_currsz; }; typedef struct audit_fstat au_fstat_t; diff --git a/contrib/openbsm/sys/bsm/audit_domain.h b/contrib/openbsm/sys/bsm/audit_domain.h new file mode 100644 index 0000000..9edcb4f --- /dev/null +++ b/contrib/openbsm/sys/bsm/audit_domain.h @@ -0,0 +1,114 @@ +/*- + * Copyright (c) 2008 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_domain.h#1 $ + */ + +#ifndef _BSM_AUDIT_DOMAIN_H_ +#define _BSM_AUDIT_DOMAIN_H_ + +/* + * BSM protocol domain constants - protocol domains defined in Solaris. + */ +#define BSM_PF_UNSPEC 0 +#define BSM_PF_LOCAL 1 +#define BSM_PF_INET 2 +#define BSM_PF_IMPLINK 3 +#define BSM_PF_PUP 4 +#define BSM_PF_CHAOS 5 +#define BSM_PF_NS 6 +#define BSM_PF_NBS 7 /* Solaris-specific. */ +#define BSM_PF_ECMA 8 +#define BSM_PF_DATAKIT 9 +#define BSM_PF_CCITT 10 +#define BSM_PF_SNA 11 +#define BSM_PF_DECnet 12 +#define BSM_PF_DLI 13 +#define BSM_PF_LAT 14 +#define BSM_PF_HYLINK 15 +#define BSM_PF_APPLETALK 16 +#define BSM_PF_NIT 17 /* Solaris-specific. */ +#define BSM_PF_802 18 /* Solaris-specific. */ +#define BSM_PF_OSI 19 +#define BSM_PF_X25 20 /* Solaris/Linux-specific. */ +#define BSM_PF_OSINET 21 /* Solaris-specific. */ +#define BSM_PF_GOSIP 22 /* Solaris-specific. */ +#define BSM_PF_IPX 23 +#define BSM_PF_ROUTE 24 +#define BSM_PF_LINK 25 +#define BSM_PF_INET6 26 +#define BSM_PF_KEY 27 +#define BSM_PF_NCA 28 /* Solaris-specific. */ +#define BSM_PF_POLICY 29 /* Solaris-specific. */ +#define BSM_PF_INET_OFFLOAD 30 /* Solaris-specific. */ + +/* + * BSM protocol domain constants - protocol domains not defined in Solaris. + */ +#define BSM_PF_NETBIOS 500 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_ISO 501 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_XTP 502 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_COIP 503 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_CNT 504 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_RTIP 505 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_SIP 506 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_PIP 507 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_ISDN 508 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_E164 509 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_NATM 510 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_ATM 511 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_NETGRAPH 512 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_SLOW 513 /* FreeBSD-specific. */ +#define BSM_PF_SCLUSTER 514 /* FreeBSD-specific. */ +#define BSM_PF_ARP 515 /* FreeBSD-specific. */ +#define BSM_PF_BLUETOOTH 516 /* FreeBSD-specific. */ +#define BSM_PF_IEEE80211 517 /* FreeBSD-specific. */ +#define BSM_PF_AX25 518 /* Linux-specific. */ +#define BSM_PF_ROSE 519 /* Linux-specific. */ +#define BSM_PF_NETBEUI 520 /* Linux-specific. */ +#define BSM_PF_SECURITY 521 /* Linux-specific. */ +#define BSM_PF_PACKET 522 /* Linux-specific. */ +#define BSM_PF_ASH 523 /* Linux-specific. */ +#define BSM_PF_ECONET 524 /* Linux-specific. */ +#define BSM_PF_ATMSVC 525 /* Linux-specific. */ +#define BSM_PF_IRDA 526 /* Linux-specific. */ +#define BSM_PF_PPPOX 527 /* Linux-specific. */ +#define BSM_PF_WANPIPE 528 /* Linux-specific. */ +#define BSM_PF_LLC 529 /* Linux-specific. */ +#define BSM_PF_CAN 530 /* Linux-specific. */ +#define BSM_PF_TIPC 531 /* Linux-specific. */ +#define BSM_PF_IUCV 532 /* Linux-specific. */ +#define BSM_PF_RXRPC 533 /* Linux-specific. */ +#define BSM_PF_PHONET 534 /* Linux-specific. */ + +/* + * Used when there is no mapping from a local to BSM protocol domain. + */ +#define BSM_PF_UNKNOWN 700 /* OpenBSM-specific. */ + +#endif /* !_BSM_AUDIT_DOMAIN_H_ */ diff --git a/contrib/openbsm/sys/bsm/audit_errno.h b/contrib/openbsm/sys/bsm/audit_errno.h index 667813c..f7dec8d 100644 --- a/contrib/openbsm/sys/bsm/audit_errno.h +++ b/contrib/openbsm/sys/bsm/audit_errno.h @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#4 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#5 $ */ #ifndef _BSM_AUDIT_ERRNO_H_ @@ -41,128 +41,128 @@ * * When adding constants here, also add them to bsm_errno.c. */ -#define BSM_ESUCCESS 0 -#define BSM_EPERM 1 -#define BSM_ENOENT 2 -#define BSM_ESRCH 3 -#define BSM_EINTR 4 -#define BSM_EIO 5 -#define BSM_ENXIO 6 -#define BSM_E2BIG 7 -#define BSM_ENOEXEC 8 -#define BSM_EBADF 9 -#define BSM_ECHILD 10 -#define BSM_EAGAIN 11 -#define BSM_ENOMEM 12 -#define BSM_EACCES 13 -#define BSM_EFAULT 14 -#define BSM_ENOTBLK 15 -#define BSM_EBUSY 16 -#define BSM_EEXIST 17 -#define BSM_EXDEV 18 -#define BSM_ENODEV 19 -#define BSM_ENOTDIR 20 -#define BSM_EISDIR 21 -#define BSM_EINVAL 22 -#define BSM_ENFILE 23 -#define BSM_EMFILE 24 -#define BSM_ENOTTY 25 -#define BSM_ETXTBSY 26 -#define BSM_EFBIG 27 -#define BSM_ENOSPC 28 -#define BSM_ESPIPE 29 -#define BSM_EROFS 30 -#define BSM_EMLINK 31 -#define BSM_EPIPE 32 -#define BSM_EDOM 33 -#define BSM_ERANGE 34 -#define BSM_ENOMSG 35 -#define BSM_EIDRM 36 -#define BSM_ECHRNG 37 /* Solaris/Linux-specific. */ -#define BSM_EL2NSYNC 38 /* Solaris/Linux-specific. */ -#define BSM_EL3HLT 39 /* Solaris/Linux-specific. */ -#define BSM_EL3RST 40 /* Solaris/Linux-specific. */ -#define BSM_ELNRNG 41 /* Solaris/Linux-specific. */ -#define BSM_EUNATCH 42 /* Solaris/Linux-specific. */ -#define BSM_ENOCSI 43 /* Solaris/Linux-specific. */ -#define BSM_EL2HLT 44 /* Solaris/Linux-specific. */ -#define BSM_EDEADLK 45 -#define BSM_ENOLCK 46 -#define BSM_ECANCELED 47 -#define BSM_ENOTSUP 48 -#define BSM_EDQUOT 49 -#define BSM_EBADE 50 /* Solaris/Linux-specific. */ -#define BSM_EBADR 51 /* Solaris/Linux-specific. */ -#define BSM_EXFULL 52 /* Solaris/Linux-specific. */ -#define BSM_ENOANO 53 /* Solaris/Linux-specific. */ -#define BSM_EBADRQC 54 /* Solaris/Linux-specific. */ -#define BSM_EBADSLT 55 /* Solaris/Linux-specific. */ -#define BSM_EDEADLOCK 56 /* Solaris-specific. */ -#define BSM_EBFONT 57 /* Solaris/Linux-specific. */ -#define BSM_EOWNERDEAD 58 /* Solaris/Linux-specific. */ -#define BSM_ENOTRECOVERABLE 59 /* Solaris/Linux-specific. */ -#define BSM_ENOSTR 60 /* Solaris/Darwin/Linux-specific. */ -#define BSM_ENODATA 61 /* Solaris/Darwin/Linux-specific. */ -#define BSM_ETIME 62 /* Solaris/Darwin/Linux-specific. */ -#define BSM_ENOSR 63 /* Solaris/Darwin/Linux-specific. */ -#define BSM_ENONET 64 /* Solaris/Linux-specific. */ -#define BSM_ENOPKG 65 /* Solaris/Linux-specific. */ -#define BSM_EREMOTE 66 -#define BSM_ENOLINK 67 -#define BSM_EADV 68 /* Solaris/Linux-specific. */ -#define BSM_ESRMNT 69 /* Solaris/Linux-specific. */ -#define BSM_ECOMM 70 /* Solaris/Linux-specific. */ -#define BSM_EPROTO 71 -#define BSM_ELOCKUNMAPPED 72 /* Solaris-specific. */ -#define BSM_ENOTACTIVE 73 /* Solaris-specific. */ -#define BSM_EMULTIHOP 74 -#define BSM_EBADMSG 77 -#define BSM_ENAMETOOLONG 78 -#define BSM_EOVERFLOW 79 -#define BSM_ENOTUNIQ 80 /* Solaris/Linux-specific. */ -#define BSM_EBADFD 81 /* Solaris/Linux-specific. */ -#define BSM_EREMCHG 82 /* Solaris/Linux-specific. */ -#define BSM_ELIBACC 83 /* Solaris/Linux-specific. */ -#define BSM_ELIBBAD 84 /* Solaris/Linux-specific. */ -#define BSM_ELIBSCN 85 /* Solaris/Linux-specific. */ -#define BSM_ELIBMAX 86 /* Solaris/Linux-specific. */ -#define BSM_ELIBEXEC 87 /* Solaris/Linux-specific. */ -#define BSM_EILSEQ 88 -#define BSM_ENOSYS 89 -#define BSM_ELOOP 90 -#define BSM_ERESTART 91 -#define BSM_ESTRPIPE 92 /* Solaris/Linux-specific. */ -#define BSM_ENOTEMPTY 93 -#define BSM_EUSERS 94 -#define BSM_ENOTSOCK 95 -#define BSM_EDESTADDRREQ 96 -#define BSM_EMSGSIZE 97 -#define BSM_EPROTOTYPE 98 -#define BSM_ENOPROTOOPT 99 -#define BSM_EPROTONOSUPPORT 120 -#define BSM_ESOCKTNOSUPPORT 121 -#define BSM_EOPNOTSUPP 122 -#define BSM_EPFNOSUPPORT 123 -#define BSM_EAFNOSUPPORT 124 -#define BSM_EADDRINUSE 125 -#define BSM_EADDRNOTAVAIL 126 -#define BSM_ENETDOWN 127 -#define BSM_ENETUNREACH 128 -#define BSM_ENETRESET 129 -#define BSM_ECONNABORTED 130 -#define BSM_ECONNRESET 131 -#define BSM_ENOBUFS 132 -#define BSM_EISCONN 133 -#define BSM_ENOTCONN 134 -#define BSM_ESHUTDOWN 143 -#define BSM_ETOOMANYREFS 144 -#define BSM_ETIMEDOUT 145 -#define BSM_ECONNREFUSED 146 -#define BSM_EHOSTDOWN 147 -#define BSM_EHOSTUNREACH 148 -#define BSM_EALREADY 149 -#define BSM_EINPROGRESS 150 -#define BSM_ESTALE 151 +#define BSM_ERRNO_ESUCCESS 0 +#define BSM_ERRNO_EPERM 1 +#define BSM_ERRNO_ENOENT 2 +#define BSM_ERRNO_ESRCH 3 +#define BSM_ERRNO_EINTR 4 +#define BSM_ERRNO_EIO 5 +#define BSM_ERRNO_ENXIO 6 +#define BSM_ERRNO_E2BIG 7 +#define BSM_ERRNO_ENOEXEC 8 +#define BSM_ERRNO_EBADF 9 +#define BSM_ERRNO_ECHILD 10 +#define BSM_ERRNO_EAGAIN 11 +#define BSM_ERRNO_ENOMEM 12 +#define BSM_ERRNO_EACCES 13 +#define BSM_ERRNO_EFAULT 14 +#define BSM_ERRNO_ENOTBLK 15 +#define BSM_ERRNO_EBUSY 16 +#define BSM_ERRNO_EEXIST 17 +#define BSM_ERRNO_EXDEV 18 +#define BSM_ERRNO_ENODEV 19 +#define BSM_ERRNO_ENOTDIR 20 +#define BSM_ERRNO_EISDIR 21 +#define BSM_ERRNO_EINVAL 22 +#define BSM_ERRNO_ENFILE 23 +#define BSM_ERRNO_EMFILE 24 +#define BSM_ERRNO_ENOTTY 25 +#define BSM_ERRNO_ETXTBSY 26 +#define BSM_ERRNO_EFBIG 27 +#define BSM_ERRNO_ENOSPC 28 +#define BSM_ERRNO_ESPIPE 29 +#define BSM_ERRNO_EROFS 30 +#define BSM_ERRNO_EMLINK 31 +#define BSM_ERRNO_EPIPE 32 +#define BSM_ERRNO_EDOM 33 +#define BSM_ERRNO_ERANGE 34 +#define BSM_ERRNO_ENOMSG 35 +#define BSM_ERRNO_EIDRM 36 +#define BSM_ERRNO_ECHRNG 37 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EL2NSYNC 38 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EL3HLT 39 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EL3RST 40 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELNRNG 41 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EUNATCH 42 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOCSI 43 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EL2HLT 44 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EDEADLK 45 +#define BSM_ERRNO_ENOLCK 46 +#define BSM_ERRNO_ECANCELED 47 +#define BSM_ERRNO_ENOTSUP 48 +#define BSM_ERRNO_EDQUOT 49 +#define BSM_ERRNO_EBADE 50 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EBADR 51 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EXFULL 52 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOANO 53 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EBADRQC 54 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EBADSLT 55 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EDEADLOCK 56 /* Solaris-specific. */ +#define BSM_ERRNO_EBFONT 57 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EOWNERDEAD 58 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOTRECOVERABLE 59 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOSTR 60 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ERRNO_ENODATA 61 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ERRNO_ETIME 62 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ERRNO_ENOSR 63 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ERRNO_ENONET 64 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOPKG 65 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EREMOTE 66 +#define BSM_ERRNO_ENOLINK 67 +#define BSM_ERRNO_EADV 68 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ESRMNT 69 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ECOMM 70 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EPROTO 71 +#define BSM_ERRNO_ELOCKUNMAPPED 72 /* Solaris-specific. */ +#define BSM_ERRNO_ENOTACTIVE 73 /* Solaris-specific. */ +#define BSM_ERRNO_EMULTIHOP 74 +#define BSM_ERRNO_EBADMSG 77 +#define BSM_ERRNO_ENAMETOOLONG 78 +#define BSM_ERRNO_EOVERFLOW 79 +#define BSM_ERRNO_ENOTUNIQ 80 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EBADFD 81 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EREMCHG 82 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELIBACC 83 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELIBBAD 84 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELIBSCN 85 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELIBMAX 86 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELIBEXEC 87 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EILSEQ 88 +#define BSM_ERRNO_ENOSYS 89 +#define BSM_ERRNO_ELOOP 90 +#define BSM_ERRNO_ERESTART 91 +#define BSM_ERRNO_ESTRPIPE 92 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOTEMPTY 93 +#define BSM_ERRNO_EUSERS 94 +#define BSM_ERRNO_ENOTSOCK 95 +#define BSM_ERRNO_EDESTADDRREQ 96 +#define BSM_ERRNO_EMSGSIZE 97 +#define BSM_ERRNO_EPROTOTYPE 98 +#define BSM_ERRNO_ENOPROTOOPT 99 +#define BSM_ERRNO_EPROTONOSUPPORT 120 +#define BSM_ERRNO_ESOCKTNOSUPPORT 121 +#define BSM_ERRNO_EOPNOTSUPP 122 +#define BSM_ERRNO_EPFNOSUPPORT 123 +#define BSM_ERRNO_EAFNOSUPPORT 124 +#define BSM_ERRNO_EADDRINUSE 125 +#define BSM_ERRNO_EADDRNOTAVAIL 126 +#define BSM_ERRNO_ENETDOWN 127 +#define BSM_ERRNO_ENETUNREACH 128 +#define BSM_ERRNO_ENETRESET 129 +#define BSM_ERRNO_ECONNABORTED 130 +#define BSM_ERRNO_ECONNRESET 131 +#define BSM_ERRNO_ENOBUFS 132 +#define BSM_ERRNO_EISCONN 133 +#define BSM_ERRNO_ENOTCONN 134 +#define BSM_ERRNO_ESHUTDOWN 143 +#define BSM_ERRNO_ETOOMANYREFS 144 +#define BSM_ERRNO_ETIMEDOUT 145 +#define BSM_ERRNO_ECONNREFUSED 146 +#define BSM_ERRNO_EHOSTDOWN 147 +#define BSM_ERRNO_EHOSTUNREACH 148 +#define BSM_ERRNO_EALREADY 149 +#define BSM_ERRNO_EINPROGRESS 150 +#define BSM_ERRNO_ESTALE 151 /* * OpenBSM constants for error numbers not defined in Solaris. In the event @@ -171,44 +171,44 @@ * * ELAST doesn't get a constant in the BSM space. */ -#define BSM_EPROCLIM 190 /* FreeBSD/Darwin-specific. */ -#define BSM_EBADRPC 191 /* FreeBSD/Darwin-specific. */ -#define BSM_ERPCMISMATCH 192 /* FreeBSD/Darwin-specific. */ -#define BSM_EPROGUNAVAIL 193 /* FreeBSD/Darwin-specific. */ -#define BSM_EPROGMISMATCH 194 /* FreeBSD/Darwin-specific. */ -#define BSM_EPROCUNAVAIL 195 /* FreeBSD/Darwin-specific. */ -#define BSM_EFTYPE 196 /* FreeBSD/Darwin-specific. */ -#define BSM_EAUTH 197 /* FreeBSD/Darwin-specific. */ -#define BSM_ENEEDAUTH 198 /* FreeBSD/Darwin-specific. */ -#define BSM_ENOATTR 199 /* FreeBSD/Darwin-specific. */ -#define BSM_EDOOFUS 200 /* FreeBSD-specific. */ -#define BSM_EJUSTRETURN 201 /* FreeBSD-specific. */ -#define BSM_ENOIOCTL 202 /* FreeBSD-specific. */ -#define BSM_EDIRIOCTL 203 /* FreeBSD-specific. */ -#define BSM_EPWROFF 204 /* Darwin-specific. */ -#define BSM_EDEVERR 205 /* Darwin-specific. */ -#define BSM_EBADEXEC 206 /* Darwin-specific. */ -#define BSM_EBADARCH 207 /* Darwin-specific. */ -#define BSM_ESHLIBVERS 208 /* Darwin-specific. */ -#define BSM_EBADMACHO 209 /* Darwin-specific. */ -#define BSM_EPOLICY 210 /* Darwin-specific. */ -#define BSM_EDOTDOT 211 /* Linux-specific. */ -#define BSM_EUCLEAN 212 /* Linux-specific. */ -#define BSM_ENOTNAM 213 /* Linux(Xenix?)-specific. */ -#define BSM_ENAVAIL 214 /* Linux(Xenix?)-specific. */ -#define BSM_EISNAM 215 /* Linux(Xenix?)-specific. */ -#define BSM_EREMOTEIO 216 /* Linux-specific. */ -#define BSM_ENOMEDIUM 217 /* Linux-specific. */ -#define BSM_EMEDIUMTYPE 218 /* Linux-specific. */ -#define BSM_ENOKEY 219 /* Linux-specific. */ -#define BSM_EKEYEXPIRED 220 /* Linux-specific. */ -#define BSM_EKEYREVOKED 221 /* Linux-specific. */ -#define BSM_EKEYREJECTED 222 /* Linux-specific. */ +#define BSM_ERRNO_EPROCLIM 190 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EBADRPC 191 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_ERPCMISMATCH 192 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EPROGUNAVAIL 193 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EPROGMISMATCH 194 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EPROCUNAVAIL 195 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EFTYPE 196 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EAUTH 197 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_ENEEDAUTH 198 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_ENOATTR 199 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EDOOFUS 200 /* FreeBSD-specific. */ +#define BSM_ERRNO_EJUSTRETURN 201 /* FreeBSD-specific. */ +#define BSM_ERRNO_ENOIOCTL 202 /* FreeBSD-specific. */ +#define BSM_ERRNO_EDIRIOCTL 203 /* FreeBSD-specific. */ +#define BSM_ERRNO_EPWROFF 204 /* Darwin-specific. */ +#define BSM_ERRNO_EDEVERR 205 /* Darwin-specific. */ +#define BSM_ERRNO_EBADEXEC 206 /* Darwin-specific. */ +#define BSM_ERRNO_EBADARCH 207 /* Darwin-specific. */ +#define BSM_ERRNO_ESHLIBVERS 208 /* Darwin-specific. */ +#define BSM_ERRNO_EBADMACHO 209 /* Darwin-specific. */ +#define BSM_ERRNO_EPOLICY 210 /* Darwin-specific. */ +#define BSM_ERRNO_EDOTDOT 211 /* Linux-specific. */ +#define BSM_ERRNO_EUCLEAN 212 /* Linux-specific. */ +#define BSM_ERRNO_ENOTNAM 213 /* Linux(Xenix?)-specific. */ +#define BSM_ERRNO_ENAVAIL 214 /* Linux(Xenix?)-specific. */ +#define BSM_ERRNO_EISNAM 215 /* Linux(Xenix?)-specific. */ +#define BSM_ERRNO_EREMOTEIO 216 /* Linux-specific. */ +#define BSM_ERRNO_ENOMEDIUM 217 /* Linux-specific. */ +#define BSM_ERRNO_EMEDIUMTYPE 218 /* Linux-specific. */ +#define BSM_ERRNO_ENOKEY 219 /* Linux-specific. */ +#define BSM_ERRNO_EKEYEXPIRED 220 /* Linux-specific. */ +#define BSM_ERRNO_EKEYREVOKED 221 /* Linux-specific. */ +#define BSM_ERRNO_EKEYREJECTED 222 /* Linux-specific. */ /* * In the event that OpenBSM doesn't have a file representation of a local * error number, use this. */ -#define BSM_UNKNOWNERR 250 /* OpenBSM-specific. */ +#define BSM_ERRNO_UNKNOWN 250 /* OpenBSM-specific. */ #endif /* !_BSM_AUDIT_ERRNO_H_ */ diff --git a/contrib/openbsm/sys/bsm/audit_record.h b/contrib/openbsm/sys/bsm/audit_record.h index 7295bc4..c8180323 100644 --- a/contrib/openbsm/sys/bsm/audit_record.h +++ b/contrib/openbsm/sys/bsm/audit_record.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#8 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#9 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -281,10 +281,15 @@ token_t *au_to_trailer(int rec_size); token_t *au_to_zonename(const char *zonename); /* - * BSM library routines for manipulating errno values. + * BSM library routines for converting between local and BSM constant spaces. */ +int au_bsm_to_domain(u_short bsm_domain, int *local_domainp); int au_bsm_to_errno(u_char bsm_error, int *errorp); -u_char au_errno_to_bsm(int error); +int au_bsm_to_socket_type(u_short bsm_socket_type, + int *local_socket_typep); +u_short au_domain_to_bsm(int local_domain); +u_char au_errno_to_bsm(int local_errno); +u_short au_socket_type_to_bsm(int local_socket_type); __END_DECLS diff --git a/contrib/openbsm/sys/bsm/audit_socket_type.h b/contrib/openbsm/sys/bsm/audit_socket_type.h new file mode 100644 index 0000000..85f6aef --- /dev/null +++ b/contrib/openbsm/sys/bsm/audit_socket_type.h @@ -0,0 +1,46 @@ +/*- + * Copyright (c) 2008 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_socket_type.h#1 $ + */ + +#ifndef _BSM_AUDIT_SOCKET_TYPE_H_ +#define _BSM_AUDIT_SOCKET_TYPE_H_ + +/* + * BSM socket type constants. + */ +#define BSM_SOCK_DGRAM 1 +#define BSM_SOCK_STREAM 2 +#define BSM_SOCK_RAW 4 +#define BSM_SOCK_RDM 5 +#define BSM_SOCK_SEQPACKET 6 + +#define BSM_SOCK_UNKNOWN 500 + +#endif /* !_BSM_AUDIT_SOCKET_TYPE_H_ */ diff --git a/contrib/openbsm/test/bsm/generate.c b/contrib/openbsm/test/bsm/generate.c index 249e885..bbc81bb 100644 --- a/contrib/openbsm/test/bsm/generate.c +++ b/contrib/openbsm/test/bsm/generate.c @@ -24,7 +24,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#12 $ + * $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#14 $ */ /* @@ -792,6 +792,7 @@ generate_seq_record(const char *directory, const char *record_filename) write_record(directory, record_filename, seq_token, AUE_NULL); } +#if 0 /* * AUT_ACL */ @@ -823,7 +824,9 @@ generate_ipc_perm_record(const char *directory, const char *record_filename) token_t *ipc_perm_token; } +#endif +#if 0 /* * AUT_LABEL */ @@ -841,6 +844,7 @@ generate_groups_record(const char *directory, const char *record_filename) token_t *groups_token; } +#endif /* * AUT_ILABEL @@ -878,6 +882,7 @@ generate_groups_record(const char *directory, const char *record_filename) * AUT_EXEC_ENV */ +#if 0 static void generate_attr32_token(const char *directory, const char *token_filename) { @@ -891,6 +896,7 @@ generate_attr32_record(const char *directory, const char *record_filename) token_t *attr32_token; } +#endif static char *zonename_sample = "testzone"; @@ -916,7 +922,7 @@ generate_zonename_record(const char *directory, const char *record_filename) write_record(directory, record_filename, zonename_token, AUE_NULL); } -static u_short socketex_domain = AF_INET; +static u_short socketex_domain = PF_INET; static u_short socketex_type = SOCK_STREAM; static struct sockaddr_in socketex_laddr, socketex_raddr; @@ -935,7 +941,8 @@ generate_socketex_token(const char *directory, const char *token_filename) socketex_raddr.sin_len = sizeof(socketex_raddr); socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - socketex_token = au_to_socket_ex(socketex_domain, socketex_type, + socketex_token = au_to_socket_ex(au_domain_to_bsm(socketex_domain), + au_socket_type_to_bsm(socketex_type), (struct sockaddr *)&socketex_laddr, (struct sockaddr *)&socketex_raddr); if (socketex_token == NULL) @@ -958,7 +965,8 @@ generate_socketex_record(const char *directory, const char *record_filename) socketex_raddr.sin_len = sizeof(socketex_raddr); socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - socketex_token = au_to_socket_ex(socketex_domain, socketex_type, + socketex_token = au_to_socket_ex(au_domain_to_bsm(socketex_domain), + au_socket_type_to_bsm(socketex_type), (struct sockaddr *)&socketex_laddr, (struct sockaddr *)&socketex_raddr); if (socketex_token == NULL) @@ -1096,10 +1104,12 @@ main(int argc, char *argv[]) generate_iport_token(directory, "iport_token"); generate_arg32_token(directory, "arg32_token"); generate_seq_token(directory, "seq_token"); +#if 0 generate_attr_token(directory, "attr_token"); generate_ipc_perm_token(directory, "ipc_perm_token"); generate_groups_token(directory, "groups_token"); generate_attr32_token(directory, "attr32_token"); +#endif generate_zonename_token(directory, "zonename_token"); generate_socketex_token(directory, "socketex_token"); } @@ -1132,10 +1142,12 @@ main(int argc, char *argv[]) generate_iport_record(directory, "iport_record"); generate_arg32_record(directory, "arg32_record"); generate_seq_record(directory, "seq_record"); +#if 0 generate_attr_record(directory, "attr_record"); generate_ipc_perm_record(directory, "ipc_perm_record"); generate_groups_record(directory, "groups_record"); generate_attr32_record(directory, "attr32_record"); +#endif generate_zonename_record(directory, "zonename_record"); generate_socketex_record(directory, "socketex_record"); do_error_records(directory); diff --git a/contrib/openbsm/test/reference/E2BIG_record b/contrib/openbsm/test/reference/E2BIG_record Binary files differindex d95b855..8665900 100644 --- a/contrib/openbsm/test/reference/E2BIG_record +++ b/contrib/openbsm/test/reference/E2BIG_record diff --git a/contrib/openbsm/test/reference/EACCES_record b/contrib/openbsm/test/reference/EACCES_record Binary files differindex 6eecd6e..7ab3181 100644 --- a/contrib/openbsm/test/reference/EACCES_record +++ b/contrib/openbsm/test/reference/EACCES_record diff --git a/contrib/openbsm/test/reference/EBADF_record b/contrib/openbsm/test/reference/EBADF_record Binary files differindex d169ad2..ed80d6a 100644 --- a/contrib/openbsm/test/reference/EBADF_record +++ b/contrib/openbsm/test/reference/EBADF_record diff --git a/contrib/openbsm/test/reference/EBUSY_record b/contrib/openbsm/test/reference/EBUSY_record Binary files differindex 6d3e896..1ceaf62 100644 --- a/contrib/openbsm/test/reference/EBUSY_record +++ b/contrib/openbsm/test/reference/EBUSY_record diff --git a/contrib/openbsm/test/reference/ECHILD_record b/contrib/openbsm/test/reference/ECHILD_record Binary files differindex 3beca2a..fc1e884 100644 --- a/contrib/openbsm/test/reference/ECHILD_record +++ b/contrib/openbsm/test/reference/ECHILD_record diff --git a/contrib/openbsm/test/reference/EDEADLK_record b/contrib/openbsm/test/reference/EDEADLK_record Binary files differindex 9d6a25b..ace3c46 100644 --- a/contrib/openbsm/test/reference/EDEADLK_record +++ b/contrib/openbsm/test/reference/EDEADLK_record diff --git a/contrib/openbsm/test/reference/EEXIST_record b/contrib/openbsm/test/reference/EEXIST_record Binary files differindex 04dbf35..f6eae9f 100644 --- a/contrib/openbsm/test/reference/EEXIST_record +++ b/contrib/openbsm/test/reference/EEXIST_record diff --git a/contrib/openbsm/test/reference/EFAULT_record b/contrib/openbsm/test/reference/EFAULT_record Binary files differindex 1ed5078..1b8ed09 100644 --- a/contrib/openbsm/test/reference/EFAULT_record +++ b/contrib/openbsm/test/reference/EFAULT_record diff --git a/contrib/openbsm/test/reference/EFBIG_record b/contrib/openbsm/test/reference/EFBIG_record Binary files differindex d0716ff..fc4a060 100644 --- a/contrib/openbsm/test/reference/EFBIG_record +++ b/contrib/openbsm/test/reference/EFBIG_record diff --git a/contrib/openbsm/test/reference/EINTR_record b/contrib/openbsm/test/reference/EINTR_record Binary files differindex ab9da8e..2c96d4a 100644 --- a/contrib/openbsm/test/reference/EINTR_record +++ b/contrib/openbsm/test/reference/EINTR_record diff --git a/contrib/openbsm/test/reference/EINVAL_record b/contrib/openbsm/test/reference/EINVAL_record Binary files differindex a658c62..0068cd1 100644 --- a/contrib/openbsm/test/reference/EINVAL_record +++ b/contrib/openbsm/test/reference/EINVAL_record diff --git a/contrib/openbsm/test/reference/EIO_record b/contrib/openbsm/test/reference/EIO_record Binary files differindex 6752b71..36682c3 100644 --- a/contrib/openbsm/test/reference/EIO_record +++ b/contrib/openbsm/test/reference/EIO_record diff --git a/contrib/openbsm/test/reference/EISDIR_record b/contrib/openbsm/test/reference/EISDIR_record Binary files differindex 8cec4e1..56ccdf3 100644 --- a/contrib/openbsm/test/reference/EISDIR_record +++ b/contrib/openbsm/test/reference/EISDIR_record diff --git a/contrib/openbsm/test/reference/EMFILE_record b/contrib/openbsm/test/reference/EMFILE_record Binary files differindex 8bc30d8..b15e0e5 100644 --- a/contrib/openbsm/test/reference/EMFILE_record +++ b/contrib/openbsm/test/reference/EMFILE_record diff --git a/contrib/openbsm/test/reference/EMLINK_record b/contrib/openbsm/test/reference/EMLINK_record Binary files differindex a84cf48..27c048c 100644 --- a/contrib/openbsm/test/reference/EMLINK_record +++ b/contrib/openbsm/test/reference/EMLINK_record diff --git a/contrib/openbsm/test/reference/ENFILE_record b/contrib/openbsm/test/reference/ENFILE_record Binary files differindex 5dc5f59..7dbbb3d 100644 --- a/contrib/openbsm/test/reference/ENFILE_record +++ b/contrib/openbsm/test/reference/ENFILE_record diff --git a/contrib/openbsm/test/reference/ENODEV_record b/contrib/openbsm/test/reference/ENODEV_record Binary files differindex c2e642b..1e745d8 100644 --- a/contrib/openbsm/test/reference/ENODEV_record +++ b/contrib/openbsm/test/reference/ENODEV_record diff --git a/contrib/openbsm/test/reference/ENOENT_record b/contrib/openbsm/test/reference/ENOENT_record Binary files differindex 10d855a..33395f8 100644 --- a/contrib/openbsm/test/reference/ENOENT_record +++ b/contrib/openbsm/test/reference/ENOENT_record diff --git a/contrib/openbsm/test/reference/ENOEXEC_record b/contrib/openbsm/test/reference/ENOEXEC_record Binary files differindex 180ee3a..a2e2593 100644 --- a/contrib/openbsm/test/reference/ENOEXEC_record +++ b/contrib/openbsm/test/reference/ENOEXEC_record diff --git a/contrib/openbsm/test/reference/ENOMEM_record b/contrib/openbsm/test/reference/ENOMEM_record Binary files differindex cc7f1c1..f7137e7 100644 --- a/contrib/openbsm/test/reference/ENOMEM_record +++ b/contrib/openbsm/test/reference/ENOMEM_record diff --git a/contrib/openbsm/test/reference/ENOSPC_record b/contrib/openbsm/test/reference/ENOSPC_record Binary files differindex a2795ce..863a9a7 100644 --- a/contrib/openbsm/test/reference/ENOSPC_record +++ b/contrib/openbsm/test/reference/ENOSPC_record diff --git a/contrib/openbsm/test/reference/ENOTBLK_record b/contrib/openbsm/test/reference/ENOTBLK_record Binary files differindex b202162..6b14cb1 100644 --- a/contrib/openbsm/test/reference/ENOTBLK_record +++ b/contrib/openbsm/test/reference/ENOTBLK_record diff --git a/contrib/openbsm/test/reference/ENOTDIR_record b/contrib/openbsm/test/reference/ENOTDIR_record Binary files differindex 33f7427..9b311c0 100644 --- a/contrib/openbsm/test/reference/ENOTDIR_record +++ b/contrib/openbsm/test/reference/ENOTDIR_record diff --git a/contrib/openbsm/test/reference/ENOTTY_record b/contrib/openbsm/test/reference/ENOTTY_record Binary files differindex c9c8f36..31e98ee 100644 --- a/contrib/openbsm/test/reference/ENOTTY_record +++ b/contrib/openbsm/test/reference/ENOTTY_record diff --git a/contrib/openbsm/test/reference/ENXIO_record b/contrib/openbsm/test/reference/ENXIO_record Binary files differindex 83894db..72bb902 100644 --- a/contrib/openbsm/test/reference/ENXIO_record +++ b/contrib/openbsm/test/reference/ENXIO_record diff --git a/contrib/openbsm/test/reference/EPERM_record b/contrib/openbsm/test/reference/EPERM_record Binary files differindex 41f20ba..b0822e6 100644 --- a/contrib/openbsm/test/reference/EPERM_record +++ b/contrib/openbsm/test/reference/EPERM_record diff --git a/contrib/openbsm/test/reference/EPIPE_record b/contrib/openbsm/test/reference/EPIPE_record Binary files differindex 795c9f7..c85fa40 100644 --- a/contrib/openbsm/test/reference/EPIPE_record +++ b/contrib/openbsm/test/reference/EPIPE_record diff --git a/contrib/openbsm/test/reference/EROFS_record b/contrib/openbsm/test/reference/EROFS_record Binary files differindex bd0a91b..79468ec 100644 --- a/contrib/openbsm/test/reference/EROFS_record +++ b/contrib/openbsm/test/reference/EROFS_record diff --git a/contrib/openbsm/test/reference/ESPIPE_record b/contrib/openbsm/test/reference/ESPIPE_record Binary files differindex 7c1bed3..196390f 100644 --- a/contrib/openbsm/test/reference/ESPIPE_record +++ b/contrib/openbsm/test/reference/ESPIPE_record diff --git a/contrib/openbsm/test/reference/ESRCH_record b/contrib/openbsm/test/reference/ESRCH_record Binary files differindex 43a04e1..1d55e17 100644 --- a/contrib/openbsm/test/reference/ESRCH_record +++ b/contrib/openbsm/test/reference/ESRCH_record diff --git a/contrib/openbsm/test/reference/ETXTBSY_record b/contrib/openbsm/test/reference/ETXTBSY_record Binary files differindex b69309f..2a8895d 100644 --- a/contrib/openbsm/test/reference/ETXTBSY_record +++ b/contrib/openbsm/test/reference/ETXTBSY_record diff --git a/contrib/openbsm/test/reference/EXDEV_record b/contrib/openbsm/test/reference/EXDEV_record Binary files differindex c60cc26..ca4a620 100644 --- a/contrib/openbsm/test/reference/EXDEV_record +++ b/contrib/openbsm/test/reference/EXDEV_record diff --git a/contrib/openbsm/test/reference/arg32_record b/contrib/openbsm/test/reference/arg32_record Binary files differindex cb2379aa..12a545d 100644 --- a/contrib/openbsm/test/reference/arg32_record +++ b/contrib/openbsm/test/reference/arg32_record diff --git a/contrib/openbsm/test/reference/data_record b/contrib/openbsm/test/reference/data_record Binary files differindex 7876b22..f237459 100644 --- a/contrib/openbsm/test/reference/data_record +++ b/contrib/openbsm/test/reference/data_record diff --git a/contrib/openbsm/test/reference/data_token b/contrib/openbsm/test/reference/data_token Binary files differindex e000b8a..83576767 100644 --- a/contrib/openbsm/test/reference/data_token +++ b/contrib/openbsm/test/reference/data_token diff --git a/contrib/openbsm/test/reference/file_record b/contrib/openbsm/test/reference/file_record Binary files differindex a80b8ed2..b5d1406 100644 --- a/contrib/openbsm/test/reference/file_record +++ b/contrib/openbsm/test/reference/file_record diff --git a/contrib/openbsm/test/reference/in_addr_record b/contrib/openbsm/test/reference/in_addr_record Binary files differindex 2b12d80..389b743 100644 --- a/contrib/openbsm/test/reference/in_addr_record +++ b/contrib/openbsm/test/reference/in_addr_record diff --git a/contrib/openbsm/test/reference/ip_record b/contrib/openbsm/test/reference/ip_record Binary files differindex ebe66d9..5d8b21d 100644 --- a/contrib/openbsm/test/reference/ip_record +++ b/contrib/openbsm/test/reference/ip_record diff --git a/contrib/openbsm/test/reference/ipc_record b/contrib/openbsm/test/reference/ipc_record Binary files differindex 9e7defc..5b51561 100644 --- a/contrib/openbsm/test/reference/ipc_record +++ b/contrib/openbsm/test/reference/ipc_record diff --git a/contrib/openbsm/test/reference/iport_record b/contrib/openbsm/test/reference/iport_record Binary files differindex 1f1addd..bef1c9f 100644 --- a/contrib/openbsm/test/reference/iport_record +++ b/contrib/openbsm/test/reference/iport_record diff --git a/contrib/openbsm/test/reference/opaque_record b/contrib/openbsm/test/reference/opaque_record Binary files differindex c34ac50..e13a36b 100644 --- a/contrib/openbsm/test/reference/opaque_record +++ b/contrib/openbsm/test/reference/opaque_record diff --git a/contrib/openbsm/test/reference/path_record b/contrib/openbsm/test/reference/path_record Binary files differindex b809d71..fab532c 100644 --- a/contrib/openbsm/test/reference/path_record +++ b/contrib/openbsm/test/reference/path_record diff --git a/contrib/openbsm/test/reference/process32_record b/contrib/openbsm/test/reference/process32_record Binary files differindex 0fc103f..4f19d37 100644 --- a/contrib/openbsm/test/reference/process32_record +++ b/contrib/openbsm/test/reference/process32_record diff --git a/contrib/openbsm/test/reference/process32ex_record-IPv4 b/contrib/openbsm/test/reference/process32ex_record-IPv4 Binary files differindex 7a1514c..4ff66c0 100644 --- a/contrib/openbsm/test/reference/process32ex_record-IPv4 +++ b/contrib/openbsm/test/reference/process32ex_record-IPv4 diff --git a/contrib/openbsm/test/reference/process32ex_record-IPv6 b/contrib/openbsm/test/reference/process32ex_record-IPv6 Binary files differindex 44183fc..944510d 100644 --- a/contrib/openbsm/test/reference/process32ex_record-IPv6 +++ b/contrib/openbsm/test/reference/process32ex_record-IPv6 diff --git a/contrib/openbsm/test/reference/process64_record b/contrib/openbsm/test/reference/process64_record Binary files differindex cf318bb..5f831bf 100644 --- a/contrib/openbsm/test/reference/process64_record +++ b/contrib/openbsm/test/reference/process64_record diff --git a/contrib/openbsm/test/reference/process64ex_record-IPv4 b/contrib/openbsm/test/reference/process64ex_record-IPv4 Binary files differindex 16969f8..1440ac7 100644 --- a/contrib/openbsm/test/reference/process64ex_record-IPv4 +++ b/contrib/openbsm/test/reference/process64ex_record-IPv4 diff --git a/contrib/openbsm/test/reference/process64ex_record-IPv6 b/contrib/openbsm/test/reference/process64ex_record-IPv6 Binary files differindex bf8fc14..da55f6a 100644 --- a/contrib/openbsm/test/reference/process64ex_record-IPv6 +++ b/contrib/openbsm/test/reference/process64ex_record-IPv6 diff --git a/contrib/openbsm/test/reference/return32_record b/contrib/openbsm/test/reference/return32_record Binary files differindex f0b8610..7919034 100644 --- a/contrib/openbsm/test/reference/return32_record +++ b/contrib/openbsm/test/reference/return32_record diff --git a/contrib/openbsm/test/reference/seq_record b/contrib/openbsm/test/reference/seq_record Binary files differindex 34674b8..26c6180 100644 --- a/contrib/openbsm/test/reference/seq_record +++ b/contrib/openbsm/test/reference/seq_record diff --git a/contrib/openbsm/test/reference/socketex_record b/contrib/openbsm/test/reference/socketex_record Binary files differindex b41c5f9..522fb51 100644 --- a/contrib/openbsm/test/reference/socketex_record +++ b/contrib/openbsm/test/reference/socketex_record diff --git a/contrib/openbsm/test/reference/socketex_token b/contrib/openbsm/test/reference/socketex_token Binary files differindex 47a9e19..d107290 100644 --- a/contrib/openbsm/test/reference/socketex_token +++ b/contrib/openbsm/test/reference/socketex_token diff --git a/contrib/openbsm/test/reference/subject32_record b/contrib/openbsm/test/reference/subject32_record Binary files differindex a806651..ed91cf0 100644 --- a/contrib/openbsm/test/reference/subject32_record +++ b/contrib/openbsm/test/reference/subject32_record diff --git a/contrib/openbsm/test/reference/subject32ex_record b/contrib/openbsm/test/reference/subject32ex_record Binary files differindex 1debf62..5b5575e 100644 --- a/contrib/openbsm/test/reference/subject32ex_record +++ b/contrib/openbsm/test/reference/subject32ex_record diff --git a/contrib/openbsm/test/reference/text_record b/contrib/openbsm/test/reference/text_record Binary files differindex b7d25db..694dc5c 100644 --- a/contrib/openbsm/test/reference/text_record +++ b/contrib/openbsm/test/reference/text_record diff --git a/contrib/openbsm/test/reference/zonename_record b/contrib/openbsm/test/reference/zonename_record Binary files differindex 6182859..1fa8d97 100644 --- a/contrib/openbsm/test/reference/zonename_record +++ b/contrib/openbsm/test/reference/zonename_record diff --git a/lib/libbsm/Makefile b/lib/libbsm/Makefile index eaf1e3f..e978b7f 100644 --- a/lib/libbsm/Makefile +++ b/lib/libbsm/Makefile @@ -15,12 +15,14 @@ SHLIB_MAJOR= 2 SRCS= bsm_audit.c \ bsm_class.c \ bsm_control.c \ + bsm_domain.c \ bsm_errno.c \ bsm_event.c \ bsm_flags.c \ bsm_io.c \ bsm_mask.c \ bsm_notify.c \ + bsm_socket_type.c \ bsm_token.c \ bsm_user.c \ bsm_wrappers.c @@ -36,12 +38,14 @@ INCSDIR= ${INCLUDEDIR}/bsm MAN= libbsm.3 \ au_class.3 \ au_control.3 \ + au_domain.3 \ au_errno.3 \ au_event.3 \ au_free_token.3 \ au_io.3 \ au_mask.3 \ au_open.3 \ + au_socket_type.3 \ au_token.3 \ au_user.3 \ audit_submit.3 @@ -81,6 +85,8 @@ MLINKS= libbsm.3 bsm.3 \ au_control.3 getacpol.3 \ au_control.3 au_poltostr.3 \ au_control.3 au_strtopol.3 \ + au_domain.3 au_bsm_to_domain.3 \ + au_domain.3 au_domain_to_bsm.3 \ au_errno.3 au_bsm_to_errno.3 \ au_errno.3 au_errno_to_bsm.3 \ au_errno.3 au_strerror.3 \ @@ -104,6 +110,8 @@ MLINKS= libbsm.3 bsm.3 \ au_open.3 au_close_buffer.3 \ au_open.3 au_close_token.3 \ au_open.3 au_write.3 \ + au_socket_type.3 au_bsm_to_socket_type.3 \ + au_socket_type.3 au_socket_type_to_bsm.3 \ au_token.3 au_to_arg32.3 \ au_token.3 au_to_arg64.3 \ au_token.3 au_to_arg.3 \ diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h index 284b0bd..53eeadb 100644 --- a/sys/bsm/audit.h +++ b/sys/bsm/audit.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#1 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#4 * $FreeBSD$ */ @@ -280,8 +280,8 @@ typedef struct audit_stat au_stat_t; * Structure for the audit file statistics. */ struct audit_fstat { - u_quad_t af_filesz; - u_quad_t af_currsz; + u_int64_t af_filesz; + u_int64_t af_currsz; }; typedef struct audit_fstat au_fstat_t; diff --git a/sys/bsm/audit_domain.h b/sys/bsm/audit_domain.h new file mode 100644 index 0000000..1c839dd --- /dev/null +++ b/sys/bsm/audit_domain.h @@ -0,0 +1,115 @@ +/*- + * Copyright (c) 2008 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_domain.h#1 + * $FreeBSD$ + */ + +#ifndef _BSM_AUDIT_DOMAIN_H_ +#define _BSM_AUDIT_DOMAIN_H_ + +/* + * BSM protocol domain constants - protocol domains defined in Solaris. + */ +#define BSM_PF_UNSPEC 0 +#define BSM_PF_LOCAL 1 +#define BSM_PF_INET 2 +#define BSM_PF_IMPLINK 3 +#define BSM_PF_PUP 4 +#define BSM_PF_CHAOS 5 +#define BSM_PF_NS 6 +#define BSM_PF_NBS 7 /* Solaris-specific. */ +#define BSM_PF_ECMA 8 +#define BSM_PF_DATAKIT 9 +#define BSM_PF_CCITT 10 +#define BSM_PF_SNA 11 +#define BSM_PF_DECnet 12 +#define BSM_PF_DLI 13 +#define BSM_PF_LAT 14 +#define BSM_PF_HYLINK 15 +#define BSM_PF_APPLETALK 16 +#define BSM_PF_NIT 17 /* Solaris-specific. */ +#define BSM_PF_802 18 /* Solaris-specific. */ +#define BSM_PF_OSI 19 +#define BSM_PF_X25 20 /* Solaris/Linux-specific. */ +#define BSM_PF_OSINET 21 /* Solaris-specific. */ +#define BSM_PF_GOSIP 22 /* Solaris-specific. */ +#define BSM_PF_IPX 23 +#define BSM_PF_ROUTE 24 +#define BSM_PF_LINK 25 +#define BSM_PF_INET6 26 +#define BSM_PF_KEY 27 +#define BSM_PF_NCA 28 /* Solaris-specific. */ +#define BSM_PF_POLICY 29 /* Solaris-specific. */ +#define BSM_PF_INET_OFFLOAD 30 /* Solaris-specific. */ + +/* + * BSM protocol domain constants - protocol domains not defined in Solaris. + */ +#define BSM_PF_NETBIOS 500 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_ISO 501 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_XTP 502 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_COIP 503 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_CNT 504 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_RTIP 505 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_SIP 506 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_PIP 507 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_ISDN 508 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_E164 509 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_NATM 510 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_ATM 511 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_NETGRAPH 512 /* FreeBSD/Darwin-specific. */ +#define BSM_PF_SLOW 513 /* FreeBSD-specific. */ +#define BSM_PF_SCLUSTER 514 /* FreeBSD-specific. */ +#define BSM_PF_ARP 515 /* FreeBSD-specific. */ +#define BSM_PF_BLUETOOTH 516 /* FreeBSD-specific. */ +#define BSM_PF_IEEE80211 517 /* FreeBSD-specific. */ +#define BSM_PF_AX25 518 /* Linux-specific. */ +#define BSM_PF_ROSE 519 /* Linux-specific. */ +#define BSM_PF_NETBEUI 520 /* Linux-specific. */ +#define BSM_PF_SECURITY 521 /* Linux-specific. */ +#define BSM_PF_PACKET 522 /* Linux-specific. */ +#define BSM_PF_ASH 523 /* Linux-specific. */ +#define BSM_PF_ECONET 524 /* Linux-specific. */ +#define BSM_PF_ATMSVC 525 /* Linux-specific. */ +#define BSM_PF_IRDA 526 /* Linux-specific. */ +#define BSM_PF_PPPOX 527 /* Linux-specific. */ +#define BSM_PF_WANPIPE 528 /* Linux-specific. */ +#define BSM_PF_LLC 529 /* Linux-specific. */ +#define BSM_PF_CAN 530 /* Linux-specific. */ +#define BSM_PF_TIPC 531 /* Linux-specific. */ +#define BSM_PF_IUCV 532 /* Linux-specific. */ +#define BSM_PF_RXRPC 533 /* Linux-specific. */ +#define BSM_PF_PHONET 534 /* Linux-specific. */ + +/* + * Used when there is no mapping from a local to BSM protocol domain. + */ +#define BSM_PF_UNKNOWN 700 /* OpenBSM-specific. */ + +#endif /* !_BSM_AUDIT_DOMAIN_H_ */ diff --git a/sys/bsm/audit_errno.h b/sys/bsm/audit_errno.h index 5fe2d3e..9a13bd9 100644 --- a/sys/bsm/audit_errno.h +++ b/sys/bsm/audit_errno.h @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#4 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#5 * $FreeBSD$ */ @@ -42,128 +42,128 @@ * * When adding constants here, also add them to bsm_errno.c. */ -#define BSM_ESUCCESS 0 -#define BSM_EPERM 1 -#define BSM_ENOENT 2 -#define BSM_ESRCH 3 -#define BSM_EINTR 4 -#define BSM_EIO 5 -#define BSM_ENXIO 6 -#define BSM_E2BIG 7 -#define BSM_ENOEXEC 8 -#define BSM_EBADF 9 -#define BSM_ECHILD 10 -#define BSM_EAGAIN 11 -#define BSM_ENOMEM 12 -#define BSM_EACCES 13 -#define BSM_EFAULT 14 -#define BSM_ENOTBLK 15 -#define BSM_EBUSY 16 -#define BSM_EEXIST 17 -#define BSM_EXDEV 18 -#define BSM_ENODEV 19 -#define BSM_ENOTDIR 20 -#define BSM_EISDIR 21 -#define BSM_EINVAL 22 -#define BSM_ENFILE 23 -#define BSM_EMFILE 24 -#define BSM_ENOTTY 25 -#define BSM_ETXTBSY 26 -#define BSM_EFBIG 27 -#define BSM_ENOSPC 28 -#define BSM_ESPIPE 29 -#define BSM_EROFS 30 -#define BSM_EMLINK 31 -#define BSM_EPIPE 32 -#define BSM_EDOM 33 -#define BSM_ERANGE 34 -#define BSM_ENOMSG 35 -#define BSM_EIDRM 36 -#define BSM_ECHRNG 37 /* Solaris/Linux-specific. */ -#define BSM_EL2NSYNC 38 /* Solaris/Linux-specific. */ -#define BSM_EL3HLT 39 /* Solaris/Linux-specific. */ -#define BSM_EL3RST 40 /* Solaris/Linux-specific. */ -#define BSM_ELNRNG 41 /* Solaris/Linux-specific. */ -#define BSM_EUNATCH 42 /* Solaris/Linux-specific. */ -#define BSM_ENOCSI 43 /* Solaris/Linux-specific. */ -#define BSM_EL2HLT 44 /* Solaris/Linux-specific. */ -#define BSM_EDEADLK 45 -#define BSM_ENOLCK 46 -#define BSM_ECANCELED 47 -#define BSM_ENOTSUP 48 -#define BSM_EDQUOT 49 -#define BSM_EBADE 50 /* Solaris/Linux-specific. */ -#define BSM_EBADR 51 /* Solaris/Linux-specific. */ -#define BSM_EXFULL 52 /* Solaris/Linux-specific. */ -#define BSM_ENOANO 53 /* Solaris/Linux-specific. */ -#define BSM_EBADRQC 54 /* Solaris/Linux-specific. */ -#define BSM_EBADSLT 55 /* Solaris/Linux-specific. */ -#define BSM_EDEADLOCK 56 /* Solaris-specific. */ -#define BSM_EBFONT 57 /* Solaris/Linux-specific. */ -#define BSM_EOWNERDEAD 58 /* Solaris/Linux-specific. */ -#define BSM_ENOTRECOVERABLE 59 /* Solaris/Linux-specific. */ -#define BSM_ENOSTR 60 /* Solaris/Darwin/Linux-specific. */ -#define BSM_ENODATA 61 /* Solaris/Darwin/Linux-specific. */ -#define BSM_ETIME 62 /* Solaris/Darwin/Linux-specific. */ -#define BSM_ENOSR 63 /* Solaris/Darwin/Linux-specific. */ -#define BSM_ENONET 64 /* Solaris/Linux-specific. */ -#define BSM_ENOPKG 65 /* Solaris/Linux-specific. */ -#define BSM_EREMOTE 66 -#define BSM_ENOLINK 67 -#define BSM_EADV 68 /* Solaris/Linux-specific. */ -#define BSM_ESRMNT 69 /* Solaris/Linux-specific. */ -#define BSM_ECOMM 70 /* Solaris/Linux-specific. */ -#define BSM_EPROTO 71 -#define BSM_ELOCKUNMAPPED 72 /* Solaris-specific. */ -#define BSM_ENOTACTIVE 73 /* Solaris-specific. */ -#define BSM_EMULTIHOP 74 -#define BSM_EBADMSG 77 -#define BSM_ENAMETOOLONG 78 -#define BSM_EOVERFLOW 79 -#define BSM_ENOTUNIQ 80 /* Solaris/Linux-specific. */ -#define BSM_EBADFD 81 /* Solaris/Linux-specific. */ -#define BSM_EREMCHG 82 /* Solaris/Linux-specific. */ -#define BSM_ELIBACC 83 /* Solaris/Linux-specific. */ -#define BSM_ELIBBAD 84 /* Solaris/Linux-specific. */ -#define BSM_ELIBSCN 85 /* Solaris/Linux-specific. */ -#define BSM_ELIBMAX 86 /* Solaris/Linux-specific. */ -#define BSM_ELIBEXEC 87 /* Solaris/Linux-specific. */ -#define BSM_EILSEQ 88 -#define BSM_ENOSYS 89 -#define BSM_ELOOP 90 -#define BSM_ERESTART 91 -#define BSM_ESTRPIPE 92 /* Solaris/Linux-specific. */ -#define BSM_ENOTEMPTY 93 -#define BSM_EUSERS 94 -#define BSM_ENOTSOCK 95 -#define BSM_EDESTADDRREQ 96 -#define BSM_EMSGSIZE 97 -#define BSM_EPROTOTYPE 98 -#define BSM_ENOPROTOOPT 99 -#define BSM_EPROTONOSUPPORT 120 -#define BSM_ESOCKTNOSUPPORT 121 -#define BSM_EOPNOTSUPP 122 -#define BSM_EPFNOSUPPORT 123 -#define BSM_EAFNOSUPPORT 124 -#define BSM_EADDRINUSE 125 -#define BSM_EADDRNOTAVAIL 126 -#define BSM_ENETDOWN 127 -#define BSM_ENETUNREACH 128 -#define BSM_ENETRESET 129 -#define BSM_ECONNABORTED 130 -#define BSM_ECONNRESET 131 -#define BSM_ENOBUFS 132 -#define BSM_EISCONN 133 -#define BSM_ENOTCONN 134 -#define BSM_ESHUTDOWN 143 -#define BSM_ETOOMANYREFS 144 -#define BSM_ETIMEDOUT 145 -#define BSM_ECONNREFUSED 146 -#define BSM_EHOSTDOWN 147 -#define BSM_EHOSTUNREACH 148 -#define BSM_EALREADY 149 -#define BSM_EINPROGRESS 150 -#define BSM_ESTALE 151 +#define BSM_ERRNO_ESUCCESS 0 +#define BSM_ERRNO_EPERM 1 +#define BSM_ERRNO_ENOENT 2 +#define BSM_ERRNO_ESRCH 3 +#define BSM_ERRNO_EINTR 4 +#define BSM_ERRNO_EIO 5 +#define BSM_ERRNO_ENXIO 6 +#define BSM_ERRNO_E2BIG 7 +#define BSM_ERRNO_ENOEXEC 8 +#define BSM_ERRNO_EBADF 9 +#define BSM_ERRNO_ECHILD 10 +#define BSM_ERRNO_EAGAIN 11 +#define BSM_ERRNO_ENOMEM 12 +#define BSM_ERRNO_EACCES 13 +#define BSM_ERRNO_EFAULT 14 +#define BSM_ERRNO_ENOTBLK 15 +#define BSM_ERRNO_EBUSY 16 +#define BSM_ERRNO_EEXIST 17 +#define BSM_ERRNO_EXDEV 18 +#define BSM_ERRNO_ENODEV 19 +#define BSM_ERRNO_ENOTDIR 20 +#define BSM_ERRNO_EISDIR 21 +#define BSM_ERRNO_EINVAL 22 +#define BSM_ERRNO_ENFILE 23 +#define BSM_ERRNO_EMFILE 24 +#define BSM_ERRNO_ENOTTY 25 +#define BSM_ERRNO_ETXTBSY 26 +#define BSM_ERRNO_EFBIG 27 +#define BSM_ERRNO_ENOSPC 28 +#define BSM_ERRNO_ESPIPE 29 +#define BSM_ERRNO_EROFS 30 +#define BSM_ERRNO_EMLINK 31 +#define BSM_ERRNO_EPIPE 32 +#define BSM_ERRNO_EDOM 33 +#define BSM_ERRNO_ERANGE 34 +#define BSM_ERRNO_ENOMSG 35 +#define BSM_ERRNO_EIDRM 36 +#define BSM_ERRNO_ECHRNG 37 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EL2NSYNC 38 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EL3HLT 39 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EL3RST 40 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELNRNG 41 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EUNATCH 42 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOCSI 43 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EL2HLT 44 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EDEADLK 45 +#define BSM_ERRNO_ENOLCK 46 +#define BSM_ERRNO_ECANCELED 47 +#define BSM_ERRNO_ENOTSUP 48 +#define BSM_ERRNO_EDQUOT 49 +#define BSM_ERRNO_EBADE 50 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EBADR 51 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EXFULL 52 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOANO 53 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EBADRQC 54 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EBADSLT 55 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EDEADLOCK 56 /* Solaris-specific. */ +#define BSM_ERRNO_EBFONT 57 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EOWNERDEAD 58 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOTRECOVERABLE 59 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOSTR 60 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ERRNO_ENODATA 61 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ERRNO_ETIME 62 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ERRNO_ENOSR 63 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ERRNO_ENONET 64 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOPKG 65 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EREMOTE 66 +#define BSM_ERRNO_ENOLINK 67 +#define BSM_ERRNO_EADV 68 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ESRMNT 69 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ECOMM 70 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EPROTO 71 +#define BSM_ERRNO_ELOCKUNMAPPED 72 /* Solaris-specific. */ +#define BSM_ERRNO_ENOTACTIVE 73 /* Solaris-specific. */ +#define BSM_ERRNO_EMULTIHOP 74 +#define BSM_ERRNO_EBADMSG 77 +#define BSM_ERRNO_ENAMETOOLONG 78 +#define BSM_ERRNO_EOVERFLOW 79 +#define BSM_ERRNO_ENOTUNIQ 80 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EBADFD 81 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EREMCHG 82 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELIBACC 83 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELIBBAD 84 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELIBSCN 85 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELIBMAX 86 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ELIBEXEC 87 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_EILSEQ 88 +#define BSM_ERRNO_ENOSYS 89 +#define BSM_ERRNO_ELOOP 90 +#define BSM_ERRNO_ERESTART 91 +#define BSM_ERRNO_ESTRPIPE 92 /* Solaris/Linux-specific. */ +#define BSM_ERRNO_ENOTEMPTY 93 +#define BSM_ERRNO_EUSERS 94 +#define BSM_ERRNO_ENOTSOCK 95 +#define BSM_ERRNO_EDESTADDRREQ 96 +#define BSM_ERRNO_EMSGSIZE 97 +#define BSM_ERRNO_EPROTOTYPE 98 +#define BSM_ERRNO_ENOPROTOOPT 99 +#define BSM_ERRNO_EPROTONOSUPPORT 120 +#define BSM_ERRNO_ESOCKTNOSUPPORT 121 +#define BSM_ERRNO_EOPNOTSUPP 122 +#define BSM_ERRNO_EPFNOSUPPORT 123 +#define BSM_ERRNO_EAFNOSUPPORT 124 +#define BSM_ERRNO_EADDRINUSE 125 +#define BSM_ERRNO_EADDRNOTAVAIL 126 +#define BSM_ERRNO_ENETDOWN 127 +#define BSM_ERRNO_ENETUNREACH 128 +#define BSM_ERRNO_ENETRESET 129 +#define BSM_ERRNO_ECONNABORTED 130 +#define BSM_ERRNO_ECONNRESET 131 +#define BSM_ERRNO_ENOBUFS 132 +#define BSM_ERRNO_EISCONN 133 +#define BSM_ERRNO_ENOTCONN 134 +#define BSM_ERRNO_ESHUTDOWN 143 +#define BSM_ERRNO_ETOOMANYREFS 144 +#define BSM_ERRNO_ETIMEDOUT 145 +#define BSM_ERRNO_ECONNREFUSED 146 +#define BSM_ERRNO_EHOSTDOWN 147 +#define BSM_ERRNO_EHOSTUNREACH 148 +#define BSM_ERRNO_EALREADY 149 +#define BSM_ERRNO_EINPROGRESS 150 +#define BSM_ERRNO_ESTALE 151 /* * OpenBSM constants for error numbers not defined in Solaris. In the event @@ -172,44 +172,44 @@ * * ELAST doesn't get a constant in the BSM space. */ -#define BSM_EPROCLIM 190 /* FreeBSD/Darwin-specific. */ -#define BSM_EBADRPC 191 /* FreeBSD/Darwin-specific. */ -#define BSM_ERPCMISMATCH 192 /* FreeBSD/Darwin-specific. */ -#define BSM_EPROGUNAVAIL 193 /* FreeBSD/Darwin-specific. */ -#define BSM_EPROGMISMATCH 194 /* FreeBSD/Darwin-specific. */ -#define BSM_EPROCUNAVAIL 195 /* FreeBSD/Darwin-specific. */ -#define BSM_EFTYPE 196 /* FreeBSD/Darwin-specific. */ -#define BSM_EAUTH 197 /* FreeBSD/Darwin-specific. */ -#define BSM_ENEEDAUTH 198 /* FreeBSD/Darwin-specific. */ -#define BSM_ENOATTR 199 /* FreeBSD/Darwin-specific. */ -#define BSM_EDOOFUS 200 /* FreeBSD-specific. */ -#define BSM_EJUSTRETURN 201 /* FreeBSD-specific. */ -#define BSM_ENOIOCTL 202 /* FreeBSD-specific. */ -#define BSM_EDIRIOCTL 203 /* FreeBSD-specific. */ -#define BSM_EPWROFF 204 /* Darwin-specific. */ -#define BSM_EDEVERR 205 /* Darwin-specific. */ -#define BSM_EBADEXEC 206 /* Darwin-specific. */ -#define BSM_EBADARCH 207 /* Darwin-specific. */ -#define BSM_ESHLIBVERS 208 /* Darwin-specific. */ -#define BSM_EBADMACHO 209 /* Darwin-specific. */ -#define BSM_EPOLICY 210 /* Darwin-specific. */ -#define BSM_EDOTDOT 211 /* Linux-specific. */ -#define BSM_EUCLEAN 212 /* Linux-specific. */ -#define BSM_ENOTNAM 213 /* Linux(Xenix?)-specific. */ -#define BSM_ENAVAIL 214 /* Linux(Xenix?)-specific. */ -#define BSM_EISNAM 215 /* Linux(Xenix?)-specific. */ -#define BSM_EREMOTEIO 216 /* Linux-specific. */ -#define BSM_ENOMEDIUM 217 /* Linux-specific. */ -#define BSM_EMEDIUMTYPE 218 /* Linux-specific. */ -#define BSM_ENOKEY 219 /* Linux-specific. */ -#define BSM_EKEYEXPIRED 220 /* Linux-specific. */ -#define BSM_EKEYREVOKED 221 /* Linux-specific. */ -#define BSM_EKEYREJECTED 222 /* Linux-specific. */ +#define BSM_ERRNO_EPROCLIM 190 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EBADRPC 191 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_ERPCMISMATCH 192 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EPROGUNAVAIL 193 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EPROGMISMATCH 194 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EPROCUNAVAIL 195 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EFTYPE 196 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EAUTH 197 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_ENEEDAUTH 198 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_ENOATTR 199 /* FreeBSD/Darwin-specific. */ +#define BSM_ERRNO_EDOOFUS 200 /* FreeBSD-specific. */ +#define BSM_ERRNO_EJUSTRETURN 201 /* FreeBSD-specific. */ +#define BSM_ERRNO_ENOIOCTL 202 /* FreeBSD-specific. */ +#define BSM_ERRNO_EDIRIOCTL 203 /* FreeBSD-specific. */ +#define BSM_ERRNO_EPWROFF 204 /* Darwin-specific. */ +#define BSM_ERRNO_EDEVERR 205 /* Darwin-specific. */ +#define BSM_ERRNO_EBADEXEC 206 /* Darwin-specific. */ +#define BSM_ERRNO_EBADARCH 207 /* Darwin-specific. */ +#define BSM_ERRNO_ESHLIBVERS 208 /* Darwin-specific. */ +#define BSM_ERRNO_EBADMACHO 209 /* Darwin-specific. */ +#define BSM_ERRNO_EPOLICY 210 /* Darwin-specific. */ +#define BSM_ERRNO_EDOTDOT 211 /* Linux-specific. */ +#define BSM_ERRNO_EUCLEAN 212 /* Linux-specific. */ +#define BSM_ERRNO_ENOTNAM 213 /* Linux(Xenix?)-specific. */ +#define BSM_ERRNO_ENAVAIL 214 /* Linux(Xenix?)-specific. */ +#define BSM_ERRNO_EISNAM 215 /* Linux(Xenix?)-specific. */ +#define BSM_ERRNO_EREMOTEIO 216 /* Linux-specific. */ +#define BSM_ERRNO_ENOMEDIUM 217 /* Linux-specific. */ +#define BSM_ERRNO_EMEDIUMTYPE 218 /* Linux-specific. */ +#define BSM_ERRNO_ENOKEY 219 /* Linux-specific. */ +#define BSM_ERRNO_EKEYEXPIRED 220 /* Linux-specific. */ +#define BSM_ERRNO_EKEYREVOKED 221 /* Linux-specific. */ +#define BSM_ERRNO_EKEYREJECTED 222 /* Linux-specific. */ /* * In the event that OpenBSM doesn't have a file representation of a local * error number, use this. */ -#define BSM_UNKNOWNERR 250 /* OpenBSM-specific. */ +#define BSM_ERRNO_UNKNOWN 250 /* OpenBSM-specific. */ #endif /* !_BSM_AUDIT_ERRNO_H_ */ diff --git a/sys/bsm/audit_internal.h b/sys/bsm/audit_internal.h index e4ad353..b25c47f 100644 --- a/sys/bsm/audit_internal.h +++ b/sys/bsm/audit_internal.h @@ -30,7 +30,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#2 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5 * $FreeBSD$ */ diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h index 950462a..3276cac 100644 --- a/sys/bsm/audit_kevents.h +++ b/sys/bsm/audit_kevents.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#3 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#4 * $FreeBSD$ */ diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h index 2bb78bc..5d9306a 100644 --- a/sys/bsm/audit_record.h +++ b/sys/bsm/audit_record.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#3 + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#9 * $FreeBSD$ */ @@ -282,10 +282,15 @@ token_t *au_to_trailer(int rec_size); token_t *au_to_zonename(const char *zonename); /* - * BSM library routines for manipulating errno values. + * BSM library routines for converting between local and BSM constant spaces. */ +int au_bsm_to_domain(u_short bsm_domain, int *local_domainp); int au_bsm_to_errno(u_char bsm_error, int *errorp); -u_char au_errno_to_bsm(int error); +int au_bsm_to_socket_type(u_short bsm_socket_type, + int *local_socket_typep); +u_short au_domain_to_bsm(int local_domain); +u_char au_errno_to_bsm(int local_errno); +u_short au_socket_type_to_bsm(int local_socket_type); __END_DECLS diff --git a/sys/bsm/audit_socket_type.h b/sys/bsm/audit_socket_type.h new file mode 100644 index 0000000..6b6bac1 --- /dev/null +++ b/sys/bsm/audit_socket_type.h @@ -0,0 +1,47 @@ +/*- + * Copyright (c) 2008 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_socket_type.h#1 + * $FreeBSD$ + */ + +#ifndef _BSM_AUDIT_SOCKET_TYPE_H_ +#define _BSM_AUDIT_SOCKET_TYPE_H_ + +/* + * BSM socket type constants. + */ +#define BSM_SOCK_DGRAM 1 +#define BSM_SOCK_STREAM 2 +#define BSM_SOCK_RAW 4 +#define BSM_SOCK_RDM 5 +#define BSM_SOCK_SEQPACKET 6 + +#define BSM_SOCK_UNKNOWN 500 + +#endif /* !_BSM_AUDIT_SOCKET_TYPE_H_ */ diff --git a/sys/conf/files b/sys/conf/files index 0e643a5..a5d9c58 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -2539,8 +2539,10 @@ rpc/rpcsec_gss/svc_rpcsec_gss.c optional krpc kgssapi | nfslockd kgssapi security/audit/audit.c optional audit security/audit/audit_arg.c optional audit security/audit/audit_bsm.c optional audit +security/audit/audit_bsm_domain.c optional audit security/audit/audit_bsm_errno.c optional audit security/audit/audit_bsm_klib.c optional audit +security/audit/audit_bsm_socket_type.c optional audit security/audit/audit_bsm_token.c optional audit security/audit/audit_pipe.c optional audit security/audit/audit_syscalls.c standard diff --git a/sys/security/audit/audit_bsm_domain.c b/sys/security/audit/audit_bsm_domain.c new file mode 100644 index 0000000..6f43a77 --- /dev/null +++ b/sys/security/audit/audit_bsm_domain.c @@ -0,0 +1,502 @@ +/*- + * Copyright (c) 2008 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#2 + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <sys/param.h> +#include <sys/socket.h> + +#include <security/audit/audit.h> + +#include <bsm/audit_domain.h> +#include <bsm/audit_record.h> + +struct bsm_domain { + u_short bd_bsm_domain; + int bd_local_domain; +}; + +#define PF_NO_LOCAL_MAPPING -600 + +static const struct bsm_domain bsm_domains[] = { + { BSM_PF_UNSPEC, PF_UNSPEC }, + { BSM_PF_LOCAL, PF_LOCAL }, + { BSM_PF_INET, PF_INET }, + { BSM_PF_IMPLINK, +#ifdef PF_IMPLINK + PF_IMPLINK +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_PUP, +#ifdef PF_PUP + PF_PUP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_CHAOS, +#ifdef PF_CHAOS + PF_CHAOS +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NS, +#ifdef PF_NS + PF_NS +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NBS, +#ifdef PF_NBS + PF_NBS +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ECMA, +#ifdef PF_ECMA + PF_ECMA +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_DATAKIT, +#ifdef PF_DATAKIT + PF_DATAKIT +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_CCITT, +#ifdef PF_CCITT + PF_CCITT +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_SNA, PF_SNA }, + { BSM_PF_DECnet, PF_DECnet }, + { BSM_PF_DLI, +#ifdef PF_DLI + PF_DLI +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_LAT, +#ifdef PF_LAT + PF_LAT +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_HYLINK, +#ifdef PF_HYLINK + PF_HYLINK +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_APPLETALK, PF_APPLETALK }, + { BSM_PF_NIT, +#ifdef PF_NIT + PF_NIT +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_802, +#ifdef PF_802 + PF_802 +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_OSI, +#ifdef PF_OSI + PF_OSI +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_X25, +#ifdef PF_X25 + PF_X25 +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_OSINET, +#ifdef PF_OSINET + PF_OSINET +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_GOSIP, +#ifdef PF_GOSIP + PF_GOSIP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_IPX, PF_IPX }, + { BSM_PF_ROUTE, PF_ROUTE }, + { BSM_PF_LINK, +#ifdef PF_LINK + PF_LINK +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_INET6, PF_INET6 }, + { BSM_PF_KEY, PF_KEY }, + { BSM_PF_NCA, +#ifdef PF_NCA + PF_NCA +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_POLICY, +#ifdef PF_POLICY + PF_POLICY +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_INET_OFFLOAD, +#ifdef PF_INET_OFFLOAD + PF_INET_OFFLOAD +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NETBIOS, +#ifdef PF_NETBIOS + PF_NETBIOS +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ISO, +#ifdef PF_ISO + PF_ISO +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_XTP, +#ifdef PF_XTP + PF_XTP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_COIP, +#ifdef PF_COIP + PF_COIP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_CNT, +#ifdef PF_CNT + PF_CNT +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_RTIP, +#ifdef PF_RTIP + PF_RTIP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_SIP, +#ifdef PF_SIP + PF_SIP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_PIP, +#ifdef PF_PIP + PF_PIP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ISDN, +#ifdef PF_ISDN + PF_ISDN +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_E164, +#ifdef PF_E164 + PF_E164 +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NATM, +#ifdef PF_NATM + PF_NATM +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ATM, +#ifdef PF_ATM + PF_ATM +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NETGRAPH, +#ifdef PF_NETGRAPH + PF_NETGRAPH +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_SLOW, +#ifdef PF_SLOW + PF_SLOW +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_SCLUSTER, +#ifdef PF_SCLUSTER + PF_SCLUSTER +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ARP, +#ifdef PF_ARP + PF_ARP +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_BLUETOOTH, +#ifdef PF_BLUETOOTH + PF_BLUETOOTH +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_IEEE80211, +#ifdef PF_IEEE80211 + PF_IEEE80211 +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_AX25, +#ifdef PF_AX25 + PF_AX25 +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ROSE, +#ifdef PF_ROSE + PF_ROSE +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_NETBEUI, +#ifdef PF_NETBEUI + PF_NETBEUI +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_SECURITY, +#ifdef PF_SECURITY + PF_SECURITY +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_PACKET, +#ifdef PF_PACKET + PF_PACKET +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ASH, +#ifdef PF_ASH + PF_ASH +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ECONET, +#ifdef PF_ECONET + PF_ECONET +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_ATMSVC, +#ifdef PF_ATMSVC + PF_ATMSVC +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_IRDA, +#ifdef PF_IRDA + PF_IRDA +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_PPPOX, +#ifdef PF_PPPOX + PF_PPPOX +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_WANPIPE, +#ifdef PF_WANPIPE + PF_WANPIPE +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_LLC, +#ifdef PF_LLC + PF_LLC +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_CAN, +#ifdef PF_CAN + PF_CAN +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_TIPC, +#ifdef PF_TIPC + PF_TIPC +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_IUCV, +#ifdef PF_IUCV + PF_IUCV +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_RXRPC, +#ifdef PF_RXRPC + PF_RXRPC +#else + PF_NO_LOCAL_MAPPING +#endif + }, + { BSM_PF_PHONET, +#ifdef PF_PHONET + PF_PHONET +#else + PF_NO_LOCAL_MAPPING +#endif + }, +}; +static const int bsm_domains_count = sizeof(bsm_domains) / + sizeof(bsm_domains[0]); + +static const struct bsm_domain * +bsm_lookup_local_domain(int local_domain) +{ + int i; + + for (i = 0; i < bsm_domains_count; i++) { + if (bsm_domains[i].bd_local_domain == local_domain) + return (&bsm_domains[i]); + } + return (NULL); +} + +u_short +au_domain_to_bsm(int local_domain) +{ + const struct bsm_domain *bstp; + + bstp = bsm_lookup_local_domain(local_domain); + if (bstp == NULL) + return (BSM_PF_UNKNOWN); + return (bstp->bd_bsm_domain); +} + +static const struct bsm_domain * +bsm_lookup_bsm_domain(u_short bsm_domain) +{ + int i; + + for (i = 0; i < bsm_domains_count; i++) { + if (bsm_domains[i].bd_bsm_domain == bsm_domain) + return (&bsm_domains[i]); + } + return (NULL); +} + +int +au_bsm_to_domain(u_short bsm_domain, int *local_domainp) +{ + const struct bsm_domain *bstp; + + bstp = bsm_lookup_bsm_domain(bsm_domain); + if (bstp == NULL || bstp->bd_local_domain) + return (-1); + *local_domainp = bstp->bd_local_domain; + return (0); +} diff --git a/sys/security/audit/audit_bsm_errno.c b/sys/security/audit/audit_bsm_errno.c index 7efe668..782ce62 100644 --- a/sys/security/audit/audit_bsm_errno.c +++ b/sys/security/audit/audit_bsm_errno.c @@ -47,16 +47,25 @@ __FBSDID("$FreeBSD$"); * operating system. These routines convert between BSM and local error * number spaces, subject to the above realities. BSM error numbers are * stored in a single 8-bit character, so don't have a byte order. + * + * Don't include string definitions when this code is compiled into a kernel. */ - -struct bsm_errors { - int be_bsm_error; - int be_os_error; +struct bsm_errno { + int be_bsm_errno; + int be_local_errno; +#if !defined(KERNEL) && !defined(_KERNEL) const char *be_strerror; +#endif }; #define ERRNO_NO_LOCAL_MAPPING -600 +#if !defined(KERNEL) && !defined(_KERNEL) +#define ES(x) x +#else +#define ES(x) +#endif + /* * Mapping table -- please maintain in numeric sorted order with respect to * the BSM constant. Today we do a linear lookup, but could switch to a @@ -72,523 +81,551 @@ struct bsm_errors { * support catalogues; these are only used if the OS doesn't have an error * string using strerror(3). */ -static const struct bsm_errors bsm_errors[] = { - { BSM_ESUCCESS, 0, "Success" }, - { BSM_EPERM, EPERM, "Operation not permitted" }, - { BSM_ENOENT, ENOENT, "No such file or directory" }, - { BSM_ESRCH, ESRCH, "No such process" }, - { BSM_EINTR, EINTR, "Interrupted system call" }, - { BSM_EIO, EIO, "Input/output error" }, - { BSM_ENXIO, ENXIO, "Device not configured" }, - { BSM_E2BIG, E2BIG, "Argument list too long" }, - { BSM_ENOEXEC, ENOEXEC, "Exec format error" }, - { BSM_EBADF, EBADF, "BAd file descriptor" }, - { BSM_ECHILD, ECHILD, "No child processes" }, - { BSM_EAGAIN, EAGAIN, "Resource temporarily unavailable" }, - { BSM_ENOMEM, ENOMEM, "Cannot allocate memory" }, - { BSM_EACCES, EACCES, "Permission denied" }, - { BSM_EFAULT, EFAULT, "Bad address" }, - { BSM_ENOTBLK, ENOTBLK, "Block device required" }, - { BSM_EBUSY, EBUSY, "Device busy" }, - { BSM_EEXIST, EEXIST, "File exists" }, - { BSM_EXDEV, EXDEV, "Cross-device link" }, - { BSM_ENODEV, ENODEV, "Operation not supported by device" }, - { BSM_ENOTDIR, ENOTDIR, "Not a directory" }, - { BSM_EISDIR, EISDIR, "Is a directory" }, - { BSM_EINVAL, EINVAL, "Invalid argument" }, - { BSM_ENFILE, ENFILE, "Too many open files in system" }, - { BSM_EMFILE, EMFILE, "Too many open files" }, - { BSM_ENOTTY, ENOTTY, "Inappropriate ioctl for device" }, - { BSM_ETXTBSY, ETXTBSY, "Text file busy" }, - { BSM_EFBIG, EFBIG, "File too large" }, - { BSM_ENOSPC, ENOSPC, "No space left on device" }, - { BSM_ESPIPE, ESPIPE, "Illegal seek" }, - { BSM_EROFS, EROFS, "Read-only file system" }, - { BSM_EMLINK, EMLINK, "Too many links" }, - { BSM_EPIPE, EPIPE, "Broken pipe" }, - { BSM_EDOM, EDOM, "Numerical argument out of domain" }, - { BSM_ERANGE, ERANGE, "Result too large" }, - { BSM_ENOMSG, ENOMSG, "No message of desired type" }, - { BSM_EIDRM, EIDRM, "Identifier removed" }, - { BSM_ECHRNG, +static const struct bsm_errno bsm_errnos[] = { + { BSM_ERRNO_ESUCCESS, 0, ES("Success") }, + { BSM_ERRNO_EPERM, EPERM, ES("Operation not permitted") }, + { BSM_ERRNO_ENOENT, ENOENT, ES("No such file or directory") }, + { BSM_ERRNO_ESRCH, ESRCH, ES("No such process") }, + { BSM_ERRNO_EINTR, EINTR, ES("Interrupted system call") }, + { BSM_ERRNO_EIO, EIO, ES("Input/output error") }, + { BSM_ERRNO_ENXIO, ENXIO, ES("Device not configured") }, + { BSM_ERRNO_E2BIG, E2BIG, ES("Argument list too long") }, + { BSM_ERRNO_ENOEXEC, ENOEXEC, ES("Exec format error") }, + { BSM_ERRNO_EBADF, EBADF, ES("Bad file descriptor") }, + { BSM_ERRNO_ECHILD, ECHILD, ES("No child processes") }, + { BSM_ERRNO_EAGAIN, EAGAIN, ES("Resource temporarily unavailable") }, + { BSM_ERRNO_ENOMEM, ENOMEM, ES("Cannot allocate memory") }, + { BSM_ERRNO_EACCES, EACCES, ES("Permission denied") }, + { BSM_ERRNO_EFAULT, EFAULT, ES("Bad address") }, + { BSM_ERRNO_ENOTBLK, ENOTBLK, ES("Block device required") }, + { BSM_ERRNO_EBUSY, EBUSY, ES("Device busy") }, + { BSM_ERRNO_EEXIST, EEXIST, ES("File exists") }, + { BSM_ERRNO_EXDEV, EXDEV, ES("Cross-device link") }, + { BSM_ERRNO_ENODEV, ENODEV, ES("Operation not supported by device") }, + { BSM_ERRNO_ENOTDIR, ENOTDIR, ES("Not a directory") }, + { BSM_ERRNO_EISDIR, EISDIR, ES("Is a directory") }, + { BSM_ERRNO_EINVAL, EINVAL, ES("Invalid argument") }, + { BSM_ERRNO_ENFILE, ENFILE, ES("Too many open files in system") }, + { BSM_ERRNO_EMFILE, EMFILE, ES("Too many open files") }, + { BSM_ERRNO_ENOTTY, ENOTTY, ES("Inappropriate ioctl for device") }, + { BSM_ERRNO_ETXTBSY, ETXTBSY, ES("Text file busy") }, + { BSM_ERRNO_EFBIG, EFBIG, ES("File too large") }, + { BSM_ERRNO_ENOSPC, ENOSPC, ES("No space left on device") }, + { BSM_ERRNO_ESPIPE, ESPIPE, ES("Illegal seek") }, + { BSM_ERRNO_EROFS, EROFS, ES("Read-only file system") }, + { BSM_ERRNO_EMLINK, EMLINK, ES("Too many links") }, + { BSM_ERRNO_EPIPE, EPIPE, ES("Broken pipe") }, + { BSM_ERRNO_EDOM, EDOM, ES("Numerical argument out of domain") }, + { BSM_ERRNO_ERANGE, ERANGE, ES("Result too large") }, + { BSM_ERRNO_ENOMSG, ENOMSG, ES("No message of desired type") }, + { BSM_ERRNO_EIDRM, EIDRM, ES("Identifier removed") }, + { BSM_ERRNO_ECHRNG, #ifdef ECHRNG ECHRNG, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Channel number out of range" }, - { BSM_EL2NSYNC, + ES("Channel number out of range") }, + { BSM_ERRNO_EL2NSYNC, #ifdef EL2NSYNC EL2NSYNC, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Level 2 not synchronized" }, - { BSM_EL3HLT, + ES("Level 2 not synchronized") }, + { BSM_ERRNO_EL3HLT, #ifdef EL3HLT EL3HLT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Level 3 halted" }, - { BSM_EL3RST, + ES("Level 3 halted") }, + { BSM_ERRNO_EL3RST, #ifdef EL3RST EL3RST, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Level 3 reset" }, - { BSM_ELNRNG, + ES("Level 3 reset") }, + { BSM_ERRNO_ELNRNG, #ifdef ELNRNG ELNRNG, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Link number out of range" }, - { BSM_EUNATCH, + ES("Link number out of range") }, + { BSM_ERRNO_EUNATCH, #ifdef EUNATCH EUNATCH, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Protocol driver not attached" }, - { BSM_ENOCSI, + ES("Protocol driver not attached") }, + { BSM_ERRNO_ENOCSI, #ifdef ENOCSI ENOCSI, #else ERRNO_NO_LOCAL_MAPPING, #endif - "No CSI structure available" }, - { BSM_EL2HLT, + ES("No CSI structure available") }, + { BSM_ERRNO_EL2HLT, #ifdef EL2HLT EL2HLT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Level 2 halted" }, - { BSM_EDEADLK, EDEADLK, "Resource deadlock avoided" }, - { BSM_ENOLCK, ENOLCK, "No locks available" }, - { BSM_ECANCELED, ECANCELED, "Operation canceled" }, - { BSM_ENOTSUP, ENOTSUP, "Operation not supported" }, - { BSM_EDQUOT, EDQUOT, "Disc quota exceeded" }, - { BSM_EBADE, + ES("Level 2 halted") }, + { BSM_ERRNO_EDEADLK, EDEADLK, ES("Resource deadlock avoided") }, + { BSM_ERRNO_ENOLCK, ENOLCK, ES("No locks available") }, + { BSM_ERRNO_ECANCELED, ECANCELED, ES("Operation canceled") }, + { BSM_ERRNO_ENOTSUP, ENOTSUP, ES("Operation not supported") }, + { BSM_ERRNO_EDQUOT, EDQUOT, ES("Disc quota exceeded") }, + { BSM_ERRNO_EBADE, #ifdef EBADE EBADE, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Invalid exchange" }, - { BSM_EBADR, + ES("Invalid exchange") }, + { BSM_ERRNO_EBADR, #ifdef EBADR EBADR, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Invalid request descriptor" }, - { BSM_EXFULL, + ES("Invalid request descriptor") }, + { BSM_ERRNO_EXFULL, #ifdef EXFULL EXFULL, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Exchange full" }, - { BSM_ENOANO, + ES("Exchange full") }, + { BSM_ERRNO_ENOANO, #ifdef ENOANO ENOANO, #else ERRNO_NO_LOCAL_MAPPING, #endif - "No anode" }, - { BSM_EBADRQC, + ES("No anode") }, + { BSM_ERRNO_EBADRQC, #ifdef EBADRQC EBADRQC, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Invalid request descriptor" }, - { BSM_EBADSLT, + ES("Invalid request descriptor") }, + { BSM_ERRNO_EBADSLT, #ifdef EBADSLT EBADSLT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Invalid slot" }, - { BSM_EDEADLOCK, + ES("Invalid slot") }, + { BSM_ERRNO_EDEADLOCK, #ifdef EDEADLOCK EDEADLOCK, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Resource deadlock avoided" }, - { BSM_EBFONT, + ES("Resource deadlock avoided") }, + { BSM_ERRNO_EBFONT, #ifdef EBFONT EBFONT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Bad font file format" }, - { BSM_EOWNERDEAD, + ES("Bad font file format") }, + { BSM_ERRNO_EOWNERDEAD, #ifdef EOWNERDEAD EOWNERDEAD, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Process died with the lock" }, - { BSM_ENOTRECOVERABLE, + ES("Process died with the lock") }, + { BSM_ERRNO_ENOTRECOVERABLE, #ifdef ENOTRECOVERABLE ENOTRECOVERABLE, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Lock is not recoverable" }, - { BSM_ENOSTR, + ES("Lock is not recoverable") }, + { BSM_ERRNO_ENOSTR, #ifdef ENOSTR ENOSTR, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Device not a stream" }, - { BSM_ENONET, + ES("Device not a stream") }, + { BSM_ERRNO_ENONET, #ifdef ENONET ENONET, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Machine is not on the network" }, - { BSM_ENOPKG, + ES("Machine is not on the network") }, + { BSM_ERRNO_ENOPKG, #ifdef ENOPKG ENOPKG, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Package not installed" }, - { BSM_EREMOTE, EREMOTE, "Too many levels of remote in path" }, - { BSM_ENOLINK, + ES("Package not installed") }, + { BSM_ERRNO_EREMOTE, EREMOTE, + ES("Too many levels of remote in path") }, + { BSM_ERRNO_ENOLINK, #ifdef ENOLINK ENOLINK, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Link has been severed" }, - { BSM_EADV, + ES("Link has been severed") }, + { BSM_ERRNO_EADV, #ifdef EADV EADV, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Advertise error" }, - { BSM_ESRMNT, + ES("Advertise error") }, + { BSM_ERRNO_ESRMNT, #ifdef ESRMNT ESRMNT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "srmount error" }, - { BSM_ECOMM, + ES("srmount error") }, + { BSM_ERRNO_ECOMM, #ifdef ECOMM ECOMM, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Communication error on send" }, - { BSM_EPROTO, + ES("Communication error on send") }, + { BSM_ERRNO_EPROTO, #ifdef EPROTO EPROTO, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Protocol error" }, - { BSM_ELOCKUNMAPPED, + ES("Protocol error") }, + { BSM_ERRNO_ELOCKUNMAPPED, #ifdef ELOCKUNMAPPED ELOCKUNMAPPED, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Locked lock was unmapped" }, - { BSM_ENOTACTIVE, + ES("Locked lock was unmapped") }, + { BSM_ERRNO_ENOTACTIVE, #ifdef ENOTACTIVE ENOTACTIVE, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Facility is not active" }, - { BSM_EMULTIHOP, + ES("Facility is not active") }, + { BSM_ERRNO_EMULTIHOP, #ifdef EMULTIHOP EMULTIHOP, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Multihop attempted" }, - { BSM_EBADMSG, + ES("Multihop attempted") }, + { BSM_ERRNO_EBADMSG, #ifdef EBADMSG EBADMSG, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Bad message" }, - { BSM_ENAMETOOLONG, ENAMETOOLONG, "File name too long" }, - { BSM_EOVERFLOW, EOVERFLOW, "Value too large to be stored in data type" }, - { BSM_ENOTUNIQ, + ES("Bad message") }, + { BSM_ERRNO_ENAMETOOLONG, ENAMETOOLONG, ES("File name too long") }, + { BSM_ERRNO_EOVERFLOW, EOVERFLOW, + ES("Value too large to be stored in data type") }, + { BSM_ERRNO_ENOTUNIQ, #ifdef ENOTUNIQ ENOTUNIQ, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Given log name not unique" }, - { BSM_EBADFD, + ES("Given log name not unique") }, + { BSM_ERRNO_EBADFD, #ifdef EBADFD EBADFD, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Given f.d. invalid for this operation" }, - { BSM_EREMCHG, + ES("Given f.d. invalid for this operation") }, + { BSM_ERRNO_EREMCHG, #ifdef EREMCHG EREMCHG, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Remote address changed" }, - { BSM_ELIBACC, + ES("Remote address changed") }, + { BSM_ERRNO_ELIBACC, #ifdef ELIBACC ELIBACC, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Can't access a needed shared lib" }, - { BSM_ELIBBAD, + ES("Can't access a needed shared lib") }, + { BSM_ERRNO_ELIBBAD, #ifdef ELIBBAD ELIBBAD, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Accessing a corrupted shared lib" }, - { BSM_ELIBSCN, + ES("Accessing a corrupted shared lib") }, + { BSM_ERRNO_ELIBSCN, #ifdef ELIBSCN ELIBSCN, #else ERRNO_NO_LOCAL_MAPPING, #endif - ".lib section in a.out corrupted" }, - { BSM_ELIBMAX, + ES(".lib section in a.out corrupted") }, + { BSM_ERRNO_ELIBMAX, #ifdef ELIBMAX ELIBMAX, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Attempting to link in too many libs" }, - { BSM_ELIBEXEC, + ES("Attempting to link in too many libs") }, + { BSM_ERRNO_ELIBEXEC, #ifdef ELIBEXEC ELIBEXEC, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Attempting to exec a shared library" }, - { BSM_EILSEQ, EILSEQ, "Illegal byte sequence" }, - { BSM_ENOSYS, ENOSYS, "Function not implemented" }, - { BSM_ELOOP, ELOOP, "Too many levels of symbolic links" }, - { BSM_ERESTART, + ES("Attempting to exec a shared library") }, + { BSM_ERRNO_EILSEQ, EILSEQ, ES("Illegal byte sequence") }, + { BSM_ERRNO_ENOSYS, ENOSYS, ES("Function not implemented") }, + { BSM_ERRNO_ELOOP, ELOOP, ES("Too many levels of symbolic links") }, + { BSM_ERRNO_ERESTART, #ifdef ERESTART ERESTART, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Restart syscall" }, - { BSM_ESTRPIPE, + ES("Restart syscall") }, + { BSM_ERRNO_ESTRPIPE, #ifdef ESTRPIPE ESTRPIPE, #else ERRNO_NO_LOCAL_MAPPING, #endif - "If pipe/FIFO, don't sleep in stream head" }, - { BSM_ENOTEMPTY, ENOTEMPTY, "Directory not empty" }, - { BSM_EUSERS, EUSERS, "Too many users" }, - { BSM_ENOTSOCK, ENOTSOCK, "Socket operation on non-socket" }, - { BSM_EDESTADDRREQ, EDESTADDRREQ, "Destination address required" }, - { BSM_EMSGSIZE, EMSGSIZE, "Message too long" }, - { BSM_EPROTOTYPE, EPROTOTYPE, "Protocol wrong type for socket" }, - { BSM_ENOPROTOOPT, ENOPROTOOPT, "Protocol not available" }, - { BSM_EPROTONOSUPPORT, EPROTONOSUPPORT, "Protocol not supported" }, - { BSM_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT, "Socket type not supported" }, - { BSM_EOPNOTSUPP, EOPNOTSUPP, "Operation not supported" }, - { BSM_EPFNOSUPPORT, EPFNOSUPPORT, "Protocol family not supported" }, - { BSM_EAFNOSUPPORT, EAFNOSUPPORT, "Address family not supported by protocol family" }, - { BSM_EADDRINUSE, EADDRINUSE, "Address already in use" }, - { BSM_EADDRNOTAVAIL, EADDRNOTAVAIL, "Can't assign requested address" }, - { BSM_ENETDOWN, ENETDOWN, "Network is down" }, - { BSM_ENETRESET, ENETRESET, "Network dropped connection on reset" }, - { BSM_ECONNABORTED, ECONNABORTED, "Software caused connection abort" }, - { BSM_ECONNRESET, ECONNRESET, "Connection reset by peer" }, - { BSM_ENOBUFS, ENOBUFS, "No buffer space available" }, - { BSM_EISCONN, EISCONN, "Socket is already connected" }, - { BSM_ENOTCONN, ENOTCONN, "Socket is not connected" }, - { BSM_ESHUTDOWN, ESHUTDOWN, "Can't send after socket shutdown" }, - { BSM_ETOOMANYREFS, ETOOMANYREFS, "Too many references: can't splice" }, - { BSM_ETIMEDOUT, ETIMEDOUT, "Operation timed out" }, - { BSM_ECONNREFUSED, ECONNREFUSED, "Connection refused" }, - { BSM_EHOSTDOWN, EHOSTDOWN, "Host is down" }, - { BSM_EHOSTUNREACH, EHOSTUNREACH, "No route to host" }, - { BSM_EALREADY, EALREADY, "Operation already in progress" }, - { BSM_EINPROGRESS, EINPROGRESS, "Operation now in progress" }, - { BSM_ESTALE, ESTALE, "Stale NFS file handle" }, - { BSM_EPWROFF, + ES("If pipe/FIFO, don't sleep in stream head") }, + { BSM_ERRNO_ENOTEMPTY, ENOTEMPTY, ES("Directory not empty") }, + { BSM_ERRNO_EUSERS, EUSERS, ES("Too many users") }, + { BSM_ERRNO_ENOTSOCK, ENOTSOCK, + ES("Socket operation on non-socket") }, + { BSM_ERRNO_EDESTADDRREQ, EDESTADDRREQ, + ES("Destination address required") }, + { BSM_ERRNO_EMSGSIZE, EMSGSIZE, ES("Message too long") }, + { BSM_ERRNO_EPROTOTYPE, EPROTOTYPE, + ES("Protocol wrong type for socket") }, + { BSM_ERRNO_ENOPROTOOPT, ENOPROTOOPT, ES("Protocol not available") }, + { BSM_ERRNO_EPROTONOSUPPORT, EPROTONOSUPPORT, + ES("Protocol not supported") }, + { BSM_ERRNO_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT, + ES("Socket type not supported") }, + { BSM_ERRNO_EOPNOTSUPP, EOPNOTSUPP, ES("Operation not supported") }, + { BSM_ERRNO_EPFNOSUPPORT, EPFNOSUPPORT, + ES("Protocol family not supported") }, + { BSM_ERRNO_EAFNOSUPPORT, EAFNOSUPPORT, + ES("Address family not supported by protocol family") }, + { BSM_ERRNO_EADDRINUSE, EADDRINUSE, ES("Address already in use") }, + { BSM_ERRNO_EADDRNOTAVAIL, EADDRNOTAVAIL, + ES("Can't assign requested address") }, + { BSM_ERRNO_ENETDOWN, ENETDOWN, ES("Network is down") }, + { BSM_ERRNO_ENETRESET, ENETRESET, + ES("Network dropped connection on reset") }, + { BSM_ERRNO_ECONNABORTED, ECONNABORTED, + ES("Software caused connection abort") }, + { BSM_ERRNO_ECONNRESET, ECONNRESET, ES("Connection reset by peer") }, + { BSM_ERRNO_ENOBUFS, ENOBUFS, ES("No buffer space available") }, + { BSM_ERRNO_EISCONN, EISCONN, ES("Socket is already connected") }, + { BSM_ERRNO_ENOTCONN, ENOTCONN, ES("Socket is not connected") }, + { BSM_ERRNO_ESHUTDOWN, ESHUTDOWN, + ES("Can't send after socket shutdown") }, + { BSM_ERRNO_ETOOMANYREFS, ETOOMANYREFS, + ES("Too many references: can't splice") }, + { BSM_ERRNO_ETIMEDOUT, ETIMEDOUT, ES("Operation timed out") }, + { BSM_ERRNO_ECONNREFUSED, ECONNREFUSED, ES("Connection refused") }, + { BSM_ERRNO_EHOSTDOWN, EHOSTDOWN, ES("Host is down") }, + { BSM_ERRNO_EHOSTUNREACH, EHOSTUNREACH, ES("No route to host") }, + { BSM_ERRNO_EALREADY, EALREADY, ES("Operation already in progress") }, + { BSM_ERRNO_EINPROGRESS, EINPROGRESS, + ES("Operation now in progress") }, + { BSM_ERRNO_ESTALE, ESTALE, ES("Stale NFS file handle") }, + { BSM_ERRNO_EPWROFF, #ifdef EPWROFF EPWROFF, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Device power is off" }, - { BSM_EDEVERR, + ES("Device power is off") }, + { BSM_ERRNO_EDEVERR, #ifdef EDEVERR EDEVERR, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Device error" }, - { BSM_EBADEXEC, + ES("Device error") }, + { BSM_ERRNO_EBADEXEC, #ifdef EBADEXEC EBADEXEC, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Bad executable" }, - { BSM_EBADARCH, + ES("Bad executable") }, + { BSM_ERRNO_EBADARCH, #ifdef EBADARCH EBADARCH, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Bad CPU type in executable" }, - { BSM_ESHLIBVERS, + ES("Bad CPU type in executable") }, + { BSM_ERRNO_ESHLIBVERS, #ifdef ESHLIBVERS ESHLIBVERS, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Shared library version mismatch" }, - { BSM_EBADMACHO, + ES("Shared library version mismatch") }, + { BSM_ERRNO_EBADMACHO, #ifdef EBADMACHO EBADMACHO, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Malfored Macho file" }, - { BSM_EPOLICY, + ES("Malfored Macho file") }, + { BSM_ERRNO_EPOLICY, #ifdef EPOLICY EPOLICY, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Operation failed by policy" }, - { BSM_EDOTDOT, + ES("Operation failed by policy") }, + { BSM_ERRNO_EDOTDOT, #ifdef EDOTDOT EDOTDOT, #else ERRNO_NO_LOCAL_MAPPING, #endif - "RFS specific error" }, - { BSM_EUCLEAN, + ES("RFS specific error") }, + { BSM_ERRNO_EUCLEAN, #ifdef EUCLEAN EUCLEAN, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Structure needs cleaning" }, - { BSM_ENOTNAM, + ES("Structure needs cleaning") }, + { BSM_ERRNO_ENOTNAM, #ifdef ENOTNAM ENOTNAM, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Not a XENIX named type file" }, - { BSM_ENAVAIL, + ES("Not a XENIX named type file") }, + { BSM_ERRNO_ENAVAIL, #ifdef ENAVAIL ENAVAIL, #else ERRNO_NO_LOCAL_MAPPING, #endif - "No XENIX semaphores available" }, - { BSM_EISNAM, + ES("No XENIX semaphores available") }, + { BSM_ERRNO_EISNAM, #ifdef EISNAM EISNAM, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Is a named type file" }, - { BSM_EREMOTEIO, + ES("Is a named type file") }, + { BSM_ERRNO_EREMOTEIO, #ifdef EREMOTEIO EREMOTEIO, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Remote I/O error" }, - { BSM_ENOMEDIUM, + ES("Remote I/O error") }, + { BSM_ERRNO_ENOMEDIUM, #ifdef ENOMEDIUM ENOMEDIUM, #else ERRNO_NO_LOCAL_MAPPING, #endif - "No medium found" }, - { BSM_EMEDIUMTYPE, + ES("No medium found") }, + { BSM_ERRNO_EMEDIUMTYPE, #ifdef EMEDIUMTYPE EMEDIUMTYPE, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Wrong medium type" }, - { BSM_ENOKEY, + ES("Wrong medium type") }, + { BSM_ERRNO_ENOKEY, #ifdef ENOKEY ENOKEY, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Required key not available" }, - { BSM_EKEYEXPIRED, + ES("Required key not available") }, + { BSM_ERRNO_EKEYEXPIRED, #ifdef EKEEXPIRED EKEYEXPIRED, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Key has expired" }, - { BSM_EKEYREVOKED, + ES("Key has expired") }, + { BSM_ERRNO_EKEYREVOKED, #ifdef EKEYREVOKED EKEYREVOKED, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Key has been revoked" }, - { BSM_EKEYREJECTED, + ES("Key has been revoked") }, + { BSM_ERRNO_EKEYREJECTED, #ifdef EKEREJECTED EKEYREJECTED, #else ERRNO_NO_LOCAL_MAPPING, #endif - "Key was rejected by service" }, + ES("Key was rejected by service") }, }; -static const int bsm_errors_count = sizeof(bsm_errors) / sizeof(bsm_errors[0]); +static const int bsm_errnos_count = sizeof(bsm_errnos) / sizeof(bsm_errnos[0]); -static const struct bsm_errors * -au_bsm_error_lookup_errno(int error) +static const struct bsm_errno * +bsm_lookup_errno_local(int local_errno) { int i; - if (error == ERRNO_NO_LOCAL_MAPPING) - return (NULL); - for (i = 0; i < bsm_errors_count; i++) { - if (bsm_errors[i].be_os_error == error) - return (&bsm_errors[i]); + for (i = 0; i < bsm_errnos_count; i++) { + if (bsm_errnos[i].be_local_errno == local_errno) + return (&bsm_errnos[i]); } return (NULL); } -static const struct bsm_errors * -au_bsm_error_lookup_bsm(u_char bsm_error) +/* + * Conversion to the BSM errno space isn't allowed to fail; we simply map to + * BSM_ERRNO_UNKNOWN and let the remote endpoint deal with it. + */ +u_char +au_errno_to_bsm(int local_errno) +{ + const struct bsm_errno *bsme; + + bsme = bsm_lookup_errno_local(local_errno); + if (bsme == NULL) + return (BSM_ERRNO_UNKNOWN); + return (bsme->be_bsm_errno); +} + +static const struct bsm_errno * +bsm_lookup_errno_bsm(u_char bsm_errno) { int i; - for (i = 0; i < bsm_errors_count; i++) { - if (bsm_errors[i].be_bsm_error == bsm_error) - return (&bsm_errors[i]); + for (i = 0; i < bsm_errnos_count; i++) { + if (bsm_errnos[i].be_bsm_errno == bsm_errno) + return (&bsm_errnos[i]); } return (NULL); } @@ -596,49 +633,31 @@ au_bsm_error_lookup_bsm(u_char bsm_error) /* * Converstion from a BSM error to a local error number may fail if either * OpenBSM doesn't recognize the error on the wire, or because there is no - * appropriate local mapping. However, we don't allow conversion to BSM to - * fail, we just convert to BSM_UKNOWNERR. + * appropriate local mapping. */ int -au_bsm_to_errno(u_char bsm_error, int *errorp) +au_bsm_to_errno(u_char bsm_errno, int *errorp) { - const struct bsm_errors *bsme; + const struct bsm_errno *bsme; - bsme = au_bsm_error_lookup_bsm(bsm_error); - if (bsme == NULL || bsme->be_os_error == ERRNO_NO_LOCAL_MAPPING) + bsme = bsm_lookup_errno_bsm(bsm_errno); + if (bsme == NULL || bsme->be_local_errno == ERRNO_NO_LOCAL_MAPPING) return (-1); - *errorp = bsme->be_os_error; + *errorp = bsme->be_local_errno; return (0); } -u_char -au_errno_to_bsm(int error) -{ - const struct bsm_errors *bsme; - - /* - * We should never be passed this libbsm-internal constant, and - * because it is ambiguous we just return an error. - */ - if (error == ERRNO_NO_LOCAL_MAPPING) - return (BSM_UNKNOWNERR); - bsme = au_bsm_error_lookup_errno(error); - if (bsme == NULL) - return (BSM_UNKNOWNERR); - return (bsme->be_bsm_error); -} - #if !defined(KERNEL) && !defined(_KERNEL) const char * -au_strerror(u_char bsm_error) +au_strerror(u_char bsm_errno) { - const struct bsm_errors *bsme; + const struct bsm_errno *bsme; - bsme = au_bsm_error_lookup_bsm(bsm_error); + bsme = bsm_lookup_errno_bsm(bsm_errno); if (bsme == NULL) return ("Unrecognized BSM error"); - if (bsme->be_os_error != ERRNO_NO_LOCAL_MAPPING) - return (strerror(bsme->be_os_error)); + if (bsme->be_local_errno != ERRNO_NO_LOCAL_MAPPING) + return (strerror(bsme->be_local_errno)); return (bsme->be_strerror); } #endif diff --git a/sys/security/audit/audit_bsm_socket_type.c b/sys/security/audit/audit_bsm_socket_type.c new file mode 100644 index 0000000..c049179 --- /dev/null +++ b/sys/security/audit/audit_bsm_socket_type.c @@ -0,0 +1,107 @@ +/*- + * Copyright (c) 2008 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_socket_type.c#1 + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <sys/param.h> +#include <sys/socket.h> + +#include <security/audit/audit.h> + +#include <bsm/audit_record.h> +#include <bsm/audit_socket_type.h> + +struct bsm_socket_type { + u_short bst_bsm_socket_type; + int bst_local_socket_type; +}; + +#define ST_NO_LOCAL_MAPPING -600 + +static const struct bsm_socket_type bsm_socket_types[] = { + { BSM_SOCK_DGRAM, SOCK_DGRAM }, + { BSM_SOCK_STREAM, SOCK_STREAM }, + { BSM_SOCK_RAW, SOCK_RAW }, + { BSM_SOCK_RDM, SOCK_RDM }, + { BSM_SOCK_SEQPACKET, SOCK_SEQPACKET }, +}; +static const int bsm_socket_types_count = sizeof(bsm_socket_types) / + sizeof(bsm_socket_types[0]); + +static const struct bsm_socket_type * +bsm_lookup_local_socket_type(int local_socket_type) +{ + int i; + + for (i = 0; i < bsm_socket_types_count; i++) { + if (bsm_socket_types[i].bst_local_socket_type == + local_socket_type) + return (&bsm_socket_types[i]); + } + return (NULL); +} + +u_short +au_socket_type_to_bsm(int local_socket_type) +{ + const struct bsm_socket_type *bstp; + + bstp = bsm_lookup_local_socket_type(local_socket_type); + if (bstp == NULL) + return (BSM_SOCK_UNKNOWN); + return (bstp->bst_bsm_socket_type); +} + +static const struct bsm_socket_type * +bsm_lookup_bsm_socket_type(u_short bsm_socket_type) +{ + int i; + + for (i = 0; i < bsm_socket_types_count; i++) { + if (bsm_socket_types[i].bst_bsm_socket_type == + bsm_socket_type) + return (&bsm_socket_types[i]); + } + return (NULL); +} + +int +au_bsm_to_socket_type(u_short bsm_socket_type, int *local_socket_typep) +{ + const struct bsm_socket_type *bstp; + + bstp = bsm_lookup_bsm_socket_type(bsm_socket_type); + if (bstp == NULL || bstp->bst_local_socket_type) + return (-1); + *local_socket_typep = bstp->bst_local_socket_type; + return (0); +} diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c index 6733030..f4a84e7 100644 --- a/sys/security/audit/audit_bsm_token.c +++ b/sys/security/audit/audit_bsm_token.c @@ -851,6 +851,9 @@ au_to_seq(long audit_count) * local address 4 bytes/16 bytes (IPv4/IPv6 address) * remote port 2 bytes * remote address 4 bytes/16 bytes (IPv4/IPv6 address) + * + * Domain and type arguments to this routine are assumed to already have been + * converted to the BSM constant space, so we don't do that here. */ token_t * au_to_socket_ex(u_short so_domain, u_short so_type, |