diff options
Diffstat (limited to 'contrib/openbsm/bin')
-rw-r--r-- | contrib/openbsm/bin/auditd/auditd.c | 4 | ||||
-rw-r--r-- | contrib/openbsm/bin/auditfilterd/auditfilterd.c | 24 | ||||
-rw-r--r-- | contrib/openbsm/bin/auditfilterd/auditfilterd.h | 6 | ||||
-rw-r--r-- | contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c | 44 |
4 files changed, 57 insertions, 21 deletions
diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c index edfe6c0..3996081 100644 --- a/contrib/openbsm/bin/auditd/auditd.c +++ b/contrib/openbsm/bin/auditd/auditd.c @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#17 $ */ #include <sys/types.h> @@ -88,7 +88,7 @@ fail_exit(void) * Free our local list of directory names. */ static void -free_dir_q() +free_dir_q(void) { struct dir_ent *dirent; diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd.c b/contrib/openbsm/bin/auditfilterd/auditfilterd.c index 5128af0..2723a97 100644 --- a/contrib/openbsm/bin/auditfilterd/auditfilterd.c +++ b/contrib/openbsm/bin/auditfilterd/auditfilterd.c @@ -25,7 +25,16 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#6 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#9 $ + */ + +/* + * Main file for the audit filter daemon, which presents audit records to a + * set of run-time registered loadable modules. This is the main event loop + * of the daemon, which handles starting up, waiting for records, and + * presenting records to configured modules. auditfilterd_conf.c handles the + * reading and management of the configuration, module list and module state, + * etc. */ #include <sys/types.h> @@ -106,13 +115,13 @@ signal_handler(int signum) * Present raw BSM to a set of registered and interested filters. */ static void -present_bsmrecord(struct timespec *ts, u_char *data, u_int len) +present_rawrecord(struct timespec *ts, u_char *data, u_int len) { struct auditfilter_module *am; TAILQ_FOREACH(am, &filter_list, am_list) { - if (am->am_bsmrecord != NULL) - (am->am_bsmrecord)(am->am_instance, ts, data, len); + if (am->am_rawrecord != NULL) + (am->am_rawrecord)(am, ts, data, len); } } @@ -140,8 +149,7 @@ present_tokens(struct timespec *ts, u_char *data, u_int len) TAILQ_FOREACH(am, &filter_list, am_list) { if (am->am_record != NULL) - (am->am_record)(am->am_instance, ts, tokencount, - tokens); + (am->am_record)(am, ts, tokencount, tokens); } } @@ -191,7 +199,7 @@ mainloop_file(const char *conffile, const char *trailfile, FILE *trail_fp) continue; if (clock_gettime(CLOCK_REALTIME, &ts) < 0) err(-1, "clock_gettime"); - present_bsmrecord(&ts, buf, reclen); + present_rawrecord(&ts, buf, reclen); present_tokens(&ts, buf, reclen); free(buf); } @@ -241,7 +249,7 @@ mainloop_pipe(const char *conffile, const char *pipefile, int pipe_fd) continue; if (clock_gettime(CLOCK_REALTIME, &ts) < 0) err(-1, "clock_gettime"); - present_bsmrecord(&ts, record, reclen); + present_rawrecord(&ts, record, reclen); present_tokens(&ts, record, reclen); } } diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd.h b/contrib/openbsm/bin/auditfilterd/auditfilterd.h index 189c21f..d55aeee 100644 --- a/contrib/openbsm/bin/auditfilterd/auditfilterd.h +++ b/contrib/openbsm/bin/auditfilterd/auditfilterd.h @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.h#3 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.h#5 $ */ #define AUDITFILTERD_CONFFILE "/etc/security/audit_filter" @@ -53,11 +53,11 @@ struct auditfilter_module { /* * Fields provided by or extracted from the module. */ - void *am_instance; + void *am_cookie; audit_filter_attach_t am_attach; audit_filter_reinit_t am_reinit; audit_filter_record_t am_record; - audit_filter_bsmrecord_t am_bsmrecord; + audit_filter_rawrecord_t am_rawrecord; audit_filter_detach_t am_detach; /* diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c b/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c index 4e1759d..b0642fa 100644 --- a/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c +++ b/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd_conf.c#5 $ */ /* @@ -38,6 +38,12 @@ * Modules are in one of two states: attached, or detached. If attach fails, * detach is not called because it was not attached. If a module is attached * and a call to its reinit method fails, we will detach it. + * + * Modules are passed a (void *) reference to their configuration state so + * that they may pass this into any common APIs we provide which may rely on + * that state. Currently, the only such API is the cookie API, which allows + * per-instance state to be maintained by a module. In the future, this will + * also be used to support per-instance preselection state. */ #include <sys/types.h> @@ -105,8 +111,8 @@ auditfilter_module_detach(struct auditfilter_module *am) { if (am->am_detach != NULL) - am->am_detach(am->am_instance); - am->am_instance = NULL; + am->am_detach(am); + am->am_cookie = NULL; (void)dlclose(am->am_dlhandle); am->am_dlhandle = NULL; } @@ -149,21 +155,22 @@ auditfilter_module_attach(struct auditfilter_module *am) am->am_attach = dlsym(am->am_dlhandle, AUDIT_FILTER_ATTACH_STRING); am->am_reinit = dlsym(am->am_dlhandle, AUDIT_FILTER_REINIT_STRING); am->am_record = dlsym(am->am_dlhandle, AUDIT_FILTER_RECORD_STRING); - am->am_bsmrecord = dlsym(am->am_dlhandle, - AUDIT_FILTER_BSMRECORD_STRING); + am->am_rawrecord = dlsym(am->am_dlhandle, + AUDIT_FILTER_RAWRECORD_STRING); am->am_detach = dlsym(am->am_dlhandle, AUDIT_FILTER_DETACH_STRING); if (am->am_attach != NULL) { - if (am->am_attach(&am->am_instance, am->am_argc, am->am_argv) + if (am->am_attach(am, am->am_argc, am->am_argv) != AUDIT_FILTER_SUCCESS) { warnx("auditfilter_module_attach: %s: failed", am->am_modulename); dlclose(am->am_dlhandle); am->am_dlhandle = NULL; + am->am_cookie = NULL; am->am_attach = NULL; am->am_reinit = NULL; am->am_record = NULL; - am->am_bsmrecord = NULL; + am->am_rawrecord = NULL; am->am_detach = NULL; return (-1); } @@ -184,7 +191,7 @@ auditfilter_module_reinit(struct auditfilter_module *am) if (am->am_reinit == NULL) return (0); - if (am->am_reinit(&am->am_instance, am->am_argc, am->am_argv) != + if (am->am_reinit(am, am->am_argc, am->am_argv) != AUDIT_FILTER_SUCCESS) { warnx("auditfilter_module_reinit: %s: failed", am->am_modulename); @@ -483,3 +490,24 @@ auditfilterd_conf_shutdown(void) auditfilter_module_list_detach(&filter_list); auditfilter_module_list_free(&filter_list); } + +/* + * APIs to allow modules to query and set their per-instance cookie. + */ +void +audit_filter_getcookie(void *instance, void **cookie) +{ + struct auditfilter_module *am; + + am = (struct auditfilter_module *)instance; + *cookie = am->am_cookie; +} + +void +audit_filter_setcookie(void *instance, void *cookie) +{ + struct auditfilter_module *am; + + am = (struct auditfilter_module *)instance; + am->am_cookie = cookie; +} |