diff options
Diffstat (limited to 'sys/security/audit/audit_bsm_token.c')
| -rw-r--r-- | sys/security/audit/audit_bsm_token.c | 212 |
1 files changed, 137 insertions, 75 deletions
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c index ad9ffcc..b1d977d 100644 --- a/sys/security/audit/audit_bsm_token.c +++ b/sys/security/audit/audit_bsm_token.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004 Apple Inc. + * Copyright (c) 2004-2008 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * @@ -29,6 +29,8 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. + * + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#72 */ #include <sys/cdefs.h> @@ -71,7 +73,7 @@ __FBSDID("$FreeBSD$"); * text N bytes + 1 terminating NULL byte */ token_t * -au_to_arg32(char n, char *text, u_int32_t v) +au_to_arg32(char n, const char *text, u_int32_t v) { token_t *t; u_char *dptr = NULL; @@ -90,11 +92,10 @@ au_to_arg32(char n, char *text, u_int32_t v) ADD_STRING(dptr, text, textlen); return (t); - } token_t * -au_to_arg64(char n, char *text, u_int64_t v) +au_to_arg64(char n, const char *text, u_int64_t v) { token_t *t; u_char *dptr = NULL; @@ -113,11 +114,10 @@ au_to_arg64(char n, char *text, u_int64_t v) ADD_STRING(dptr, text, textlen); return (t); - } token_t * -au_to_arg(char n, char *text, u_int32_t v) +au_to_arg(char n, const char *text, u_int32_t v) { return (au_to_arg32(n, text, v)); @@ -147,8 +147,8 @@ au_to_attr32(struct vnode_au_info *vni) ADD_U_CHAR(dptr, AUT_ATTR32); /* - * Darwin defines the size for the file mode - * as 2 bytes; BSM defines 4 so pad with 0 + * Darwin defines the size for the file mode as 2 bytes; BSM defines + * 4 so pad with 0. */ ADD_U_INT16(dptr, pad0_16); ADD_U_INT16(dptr, vni->vn_mode); @@ -190,8 +190,8 @@ au_to_attr64(struct vnode_au_info *vni) ADD_U_CHAR(dptr, AUT_ATTR64); /* - * Darwin defines the size for the file mode - * as 2 bytes; BSM defines 4 so pad with 0 + * Darwin defines the size for the file mode as 2 bytes; BSM defines + * 4 so pad with 0. */ ADD_U_INT16(dptr, pad0_16); ADD_U_INT16(dptr, vni->vn_mode); @@ -235,7 +235,7 @@ au_to_attr(struct vnode_au_info *vni) * data items (depends on basic unit) */ token_t * -au_to_data(char unit_print, char unit_type, char unit_count, char *p) +au_to_data(char unit_print, char unit_type, char unit_count, const char *p) { token_t *t; u_char *dptr = NULL; @@ -305,7 +305,7 @@ token_t * au_to_groups(int *groups) { - return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t*)groups)); + return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t *)groups)); } /* @@ -352,7 +352,7 @@ au_to_in_addr(struct in_addr *internet_addr) /* * token ID 1 byte * address type/length 4 bytes - * Address 16 bytes + * address 16 bytes */ token_t * au_to_in_addr_ex(struct in6_addr *internet_addr) @@ -432,8 +432,8 @@ au_to_ipc_perm(struct ipc_perm *perm) ADD_U_CHAR(dptr, AUT_IPC_PERM); /* - * Darwin defines the sizes for ipc_perm members - * as 2 bytes; BSM defines 4 so pad with 0 + * Darwin defines the sizes for ipc_perm members as 2 bytes; BSM + * defines 4 so pad with 0. */ ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->uid); @@ -482,7 +482,7 @@ au_to_iport(u_int16_t iport) * data size bytes */ token_t * -au_to_opaque(char *data, u_int16_t bytes) +au_to_opaque(const char *data, u_int16_t bytes) { token_t *t; u_char *dptr = NULL; @@ -504,7 +504,7 @@ au_to_opaque(char *data, u_int16_t bytes) * file pathname N bytes + 1 terminating NULL byte */ token_t * -au_to_file(char *file, struct timeval tm) +au_to_file(const char *file, struct timeval tm) { token_t *t; u_char *dptr = NULL; @@ -534,7 +534,7 @@ au_to_file(char *file, struct timeval tm) * text N bytes + 1 terminating NULL byte */ token_t * -au_to_text(char *text) +au_to_text(const char *text) { token_t *t; u_char *dptr = NULL; @@ -558,7 +558,7 @@ au_to_text(char *text) * path N bytes + 1 terminating NULL byte */ token_t * -au_to_path(char *text) +au_to_path(const char *text) { token_t *t; u_char *dptr = NULL; @@ -657,7 +657,7 @@ au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * address type-len 4 bytes - * machine address 4/16 bytes + * machine address 16 bytes */ token_t * au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, @@ -668,12 +668,12 @@ au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6), ("au_to_process32_ex: type %u", (unsigned int)tid->at_type)); - if (tid->at_type == AU_IPv6) - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * - sizeof(u_int32_t)); + if (tid->at_type == AU_IPv4) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + + 10 * sizeof(u_int32_t)); else - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * - sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + + 13 * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_PROCESS32_EX); ADD_U_INT32(dptr, auid); @@ -685,10 +685,12 @@ au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); - if (tid->at_type == AU_IPv6) - ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); - else - ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); + ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); + if (tid->at_type == AU_IPv6) { + ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); + ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); + ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); + } return (t); } @@ -831,7 +833,7 @@ kau_to_socket(struct socket_au_info *soi) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + sizeof(u_int32_t) + sizeof(u_int16_t) + sizeof(u_int32_t)); - ADD_U_CHAR(dptr, AU_SOCK_TOKEN); + ADD_U_CHAR(dptr, AUT_SOCKET); /* Coerce the socket type into a short value */ so_type = soi->so_type; ADD_U_INT16(dptr, so_type); @@ -883,7 +885,7 @@ au_to_sock_unix(struct sockaddr_un *so) GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + strlen(so->sun_path) + 1); - ADD_U_CHAR(dptr, AU_SOCK_UNIX_TOKEN); + ADD_U_CHAR(dptr, AUT_SOCKUNIX); /* BSM token has two bytes for family */ ADD_U_CHAR(dptr, 0); ADD_U_CHAR(dptr, so->sun_family); @@ -925,7 +927,6 @@ au_to_sock_inet32(struct sockaddr_in *so) ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); return (t); - } token_t * @@ -949,7 +950,6 @@ au_to_sock_inet128(struct sockaddr_in6 *so) ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); return (t); - } token_t * @@ -1040,7 +1040,7 @@ au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * address type/length 4 bytes - * machine address 4/16 bytes + * machine address 16 bytes */ token_t * au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, @@ -1051,11 +1051,12 @@ au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6), ("au_to_subject32_ex: type %u", (unsigned int)tid->at_type)); - if (tid->at_type == AU_IPv6) - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * + + if (tid->at_type == AU_IPv4) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * sizeof(u_int32_t)); else - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_SUBJECT32_EX); @@ -1068,9 +1069,9 @@ au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); - if (tid->at_type == AU_IPv6) + if (tid->at_type == AU_IPv6) ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); - else + else ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); return (t); @@ -1083,17 +1084,17 @@ au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, token_t *t; u_char *dptr = NULL; + KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6), + ("au_to_subject64_ex: type %u", (unsigned int)tid->at_type)); + if (tid->at_type == AU_IPv4) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 2 * sizeof(u_int32_t)); - else if (tid->at_type == AU_IPv6) + else GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 5 * sizeof(u_int32_t)); - else - panic("au_to_subject64_ex: invalid at_type (%d)", - tid->at_type); ADD_U_CHAR(dptr, AUT_SUBJECT64_EX); ADD_U_INT32(dptr, auid); @@ -1124,8 +1125,8 @@ au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, #if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) /* - * Collects audit information for the current process - * and creates a subject token from it + * Collects audit information for the current process and creates a subject + * token from it. */ token_t * au_to_me(void) @@ -1227,6 +1228,7 @@ au_to_exec_args(char **argv) return (t); } +#endif /* * token ID 1 byte @@ -1234,7 +1236,7 @@ au_to_exec_args(char **argv) * zonename N bytes + 1 terminating NULL byte */ token_t * -au_to_zonename(char *zonename) +au_to_zonename(const char *zonename) { u_char *dptr = NULL; u_int16_t textlen; @@ -1249,6 +1251,7 @@ au_to_zonename(char *zonename) return (t); } +#if !defined(_KERNEL) && !defined(KERNEL) /* * token ID 1 byte * count 4 bytes @@ -1292,45 +1295,34 @@ au_to_exec_env(char **envp) /* * token ID 1 byte * record byte count 4 bytes - * version # 1 byte + * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes - * address type/length 4 bytes - * machine address 4 bytes/16 bytes (IPv4/IPv6 address) - * seconds of time 4 bytes/8 bytes (32/64-bits) - * milliseconds of time 4 bytes/8 bytes (32/64-bits) + * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) + * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * -au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, - struct timeval tm, struct auditinfo_addr *aia) +au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm) { - token_t *t; + token_t *t; u_char *dptr = NULL; u_int32_t timems; - struct au_tid_addr *tid; - - tid = &aia->ai_termid; - KASSERT(tid->at_type == AU_IPv4 || tid->at_type == AU_IPv6, - ("au_to_header32_ex_tm: invalid address family")); GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + - sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * sizeof(u_int32_t) + - tid->at_type); + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); - ADD_U_CHAR(dptr, AUT_HEADER32_EX); + ADD_U_CHAR(dptr, AUT_HEADER32); ADD_U_INT32(dptr, rec_size); ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); ADD_U_INT16(dptr, e_type); ADD_U_INT16(dptr, e_mod); - ADD_U_INT32(dptr, tid->at_type); - if (tid->at_type == AU_IPv6) - ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); - else - ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); - timems = tm.tv_usec / 1000; + + timems = tm.tv_usec/1000; /* Add the timestamp */ ADD_U_INT32(dptr, tm.tv_sec); - ADD_U_INT32(dptr, timems); /* We need time in ms. */ + ADD_U_INT32(dptr, timems); /* We need time in ms. */ + return (t); } @@ -1340,32 +1332,45 @@ au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes + * address type/length 4 bytes + * machine address 4 bytes/16 bytes (IPv4/IPv6 address) * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * -au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, - struct timeval tm) +au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm, struct auditinfo_addr *aia) { token_t *t; u_char *dptr = NULL; u_int32_t timems; + au_tid_addr_t *tid; + + tid = &aia->ai_termid; + KASSERT(tid->at_type == AU_IPv4 || tid->at_type == AU_IPv6, + ("au_to_header32_ex_tm: invalid address family")); GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + - sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); + sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * + sizeof(u_int32_t) + tid->at_type); - ADD_U_CHAR(dptr, AUT_HEADER32); + ADD_U_CHAR(dptr, AUT_HEADER32_EX); ADD_U_INT32(dptr, rec_size); ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); ADD_U_INT16(dptr, e_type); ADD_U_INT16(dptr, e_mod); + ADD_U_INT32(dptr, tid->at_type); + if (tid->at_type == AU_IPv6) + ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); + else + ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); timems = tm.tv_usec/1000; /* Add the timestamp */ ADD_U_INT32(dptr, tm.tv_sec); - ADD_U_INT32(dptr, timems); /* We need time in ms. */ + ADD_U_INT32(dptr, timems); /* We need time in ms. */ - return (t); + return (t); } token_t * @@ -1393,6 +1398,63 @@ au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, return (t); } +#if !defined(KERNEL) && !defined(_KERNEL) +#ifdef HAVE_AUDIT_SYSCALLS +token_t * +au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) +{ + struct timeval tm; + struct auditinfo_addr aia; + + if (gettimeofday(&tm, NULL) == -1) + return (NULL); + if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) { + if (errno != ENOSYS) + return (NULL); + return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); + } + return (au_to_header32_ex_tm(rec_size, e_type, e_mod, tm, &aia)); +} +#endif /* HAVE_AUDIT_SYSCALLS */ + +token_t * +au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) +{ + struct timeval tm; + + if (gettimeofday(&tm, NULL) == -1) + return (NULL); + return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); +} + +token_t * +au_to_header64(__unused int rec_size, __unused au_event_t e_type, + __unused au_emod_t e_mod) +{ + struct timeval tm; + + if (gettimeofday(&tm, NULL) == -1) + return (NULL); + return (au_to_header64_tm(rec_size, e_type, e_mod, tm)); +} + +token_t * +au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) +{ + + return (au_to_header32(rec_size, e_type, e_mod)); +} + +#ifdef HAVE_AUDIT_SYSCALLS +token_t * +au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) +{ + + return (au_to_header32_ex(rec_size, e_type, e_mod)); +} +#endif /* HAVE_AUDIT_SYSCALLS */ +#endif /* !defined(KERNEL) && !defined(_KERNEL) */ + /* * token ID 1 byte * trailer magic number 2 bytes |
