From ee5318d5431890ccd7baeb15560b4bebe982525b Mon Sep 17 00:00:00 2001 From: rwatson Date: Mon, 2 Mar 2009 13:29:18 +0000 Subject: Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). OpenBSM history for imported revision below for reference. MFC after: 1 month Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens. --- sys/security/audit/audit_bsm_errno.c | 4 ++-- sys/security/audit/audit_bsm_token.c | 15 ++++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) (limited to 'sys/security') diff --git a/sys/security/audit/audit_bsm_errno.c b/sys/security/audit/audit_bsm_errno.c index 782ce62..ccca41e 100644 --- a/sys/security/audit/audit_bsm_errno.c +++ b/sys/security/audit/audit_bsm_errno.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#12 + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#17 */ #include @@ -496,7 +496,7 @@ static const struct bsm_errno bsm_errnos[] = { #else ERRNO_NO_LOCAL_MAPPING, #endif - ES("Malfored Macho file") }, + ES("Malformed Macho file") }, { BSM_ERRNO_EPOLICY, #ifdef EPOLICY EPOLICY, diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c index a30fa53..56f0ceb 100644 --- a/sys/security/audit/audit_bsm_token.c +++ b/sys/security/audit/audit_bsm_token.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#86 + * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#90 */ #include @@ -139,7 +139,7 @@ au_to_attr32(struct vnode_au_info *vni) token_t *t; u_char *dptr = NULL; u_int16_t pad0_16 = 0; - u_int16_t pad0_32 = 0; + u_int32_t pad0_32 = 0; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); @@ -186,7 +186,7 @@ au_to_attr64(struct vnode_au_info *vni) token_t *t; u_char *dptr = NULL; u_int16_t pad0_16 = 0; - u_int16_t pad0_32 = 0; + u_int32_t pad0_32 = 0; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2); @@ -439,7 +439,8 @@ au_to_ipc_perm(struct ipc_perm *perm) u_char *dptr = NULL; u_int16_t pad0 = 0; - GET_TOKEN_AREA(t, dptr, 12 * sizeof(u_int16_t) + sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 12 * sizeof(u_int16_t) + + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_IPC_PERM); @@ -869,13 +870,13 @@ au_to_socket_ex(u_short so_domain, u_short so_type, 5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); else if (so_domain == AF_INET6) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + - 5 * sizeof(u_int16_t) + 16 * sizeof(u_int32_t)); + 5 * sizeof(u_int16_t) + 8 * sizeof(u_int32_t)); else return (NULL); ADD_U_CHAR(dptr, AUT_SOCKET_EX); - ADD_U_INT16(dptr, so_domain); /* XXXRW: explicitly convert? */ - ADD_U_INT16(dptr, so_type); /* XXXRW: explicitly convert? */ + ADD_U_INT16(dptr, au_domain_to_bsm(so_domain)); + ADD_U_INT16(dptr, au_socket_type_to_bsm(so_type)); if (so_domain == AF_INET) { ADD_U_INT16(dptr, AU_IPv4); sin = (struct sockaddr_in *)sa_local; -- cgit v1.1