PERFORCE change 143821 for review
Stacey Son
sson at FreeBSD.org
Fri Jun 20 15:03:57 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=143821
Change 143821 by sson at sson_amd64 on 2008/06/20 15:03:20
- For darwin, added Mach IPC support for audit trigger messages.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- Fixed minor autoconf bugs in audit and auditd dealing with queue.h.
- Updated the HISTORY file.
Affected files ...
.. //depot/projects/trustedbsd/openbsm/HISTORY#67 edit
.. //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#2 edit
.. //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#5 edit
.. //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#9 edit
.. //depot/projects/trustedbsd/openbsm/bin/audit/auditd_control.defs#1 add
.. //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#2 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#5 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/audit_triggers.defs#1 add
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#27 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_control.defs#1 add
.. //depot/projects/trustedbsd/openbsm/config/config.h.in#12 edit
.. //depot/projects/trustedbsd/openbsm/configure#36 edit
.. //depot/projects/trustedbsd/openbsm/configure.ac#39 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/HISTORY#67 (text+ko) ====
@@ -1,4 +1,7 @@
- Modify the -m option so users can select more then one audit event.
+- For darwin, added Mach IPC support for audit trigger messages.
+- Fixed a bug in getacna() which resulted in a locking problem on darwin.
+- Added LOG_PERROR flag to openlog when -d option is used with auditd.
OpenBSM 1.1 alpha 1
@@ -318,4 +321,4 @@
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#66 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#67 $
==== //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#2 (text+ko) ====
@@ -1,10 +1,19 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#1 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#2 $
#
INCLUDES = -I$(top_srcdir)
sbin_PROGRAMS = audit
-audit_SOURCES = audit.c
audit_LDADD = $(top_builddir)/libbsm/libbsm.la
man8_MANS = audit.8
+
+if USE_MACH_IPC
+audit_SOURCES = auditd_control_user.c audit.c
+CLEANFILES = auditd_control_user.c auditd_control_user.h
+
+auditd_control_user.c: auditd_control.defs
+ $(MIG) -user auditd_control_user.c -header auditd_control_user.h -server /dev/null -sheader /dev/null auditd_control.defs
+else
+audit_SOURCES = audit.c
+endif
==== //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#5 (text+ko) ====
@@ -15,7 +15,7 @@
@SET_MAKE@
#
-# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#4 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#5 $
#
VPATH = @srcdir@
@@ -49,7 +49,10 @@
am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(sbin_PROGRAMS)
-am_audit_OBJECTS = audit.$(OBJEXT)
+am__audit_SOURCES_DIST = audit.c auditd_control_user.c
+ at USE_MACH_IPC_FALSE@am_audit_OBJECTS = audit.$(OBJEXT)
+ at USE_MACH_IPC_TRUE@am_audit_OBJECTS = auditd_control_user.$(OBJEXT) \
+ at USE_MACH_IPC_TRUE@ audit.$(OBJEXT)
audit_OBJECTS = $(am_audit_OBJECTS)
audit_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
DEFAULT_INCLUDES = -I. -I$(top_builddir)/config at am__isrc@
@@ -65,7 +68,7 @@
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(audit_SOURCES)
-DIST_SOURCES = $(audit_SOURCES)
+DIST_SOURCES = $(am__audit_SOURCES_DIST)
man8dir = $(mandir)/man8
NROFF = nroff
MANS = $(man8_MANS)
@@ -113,6 +116,7 @@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
+MIG = @MIG@
MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
@@ -123,7 +127,6 @@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
-SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
@@ -180,9 +183,11 @@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
INCLUDES = -I$(top_srcdir)
-audit_SOURCES = audit.c
audit_LDADD = $(top_builddir)/libbsm/libbsm.la
man8_MANS = audit.8
+ at USE_MACH_IPC_FALSE@audit_SOURCES = audit.c
+ at USE_MACH_IPC_TRUE@audit_SOURCES = auditd_control_user.c audit.c
+ at USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_user.c auditd_control_user.h
all: all-am
.SUFFIXES:
@@ -196,9 +201,9 @@
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign bin/audit/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu bin/audit/Makefile'; \
cd $(top_srcdir) && \
- $(AUTOMAKE) --foreign bin/audit/Makefile
+ $(AUTOMAKE) --gnu bin/audit/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -255,6 +260,7 @@
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/audit.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/auditd_control_user.Po at am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -426,6 +432,7 @@
mostlyclean-generic:
clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -511,6 +518,9 @@
tags uninstall uninstall-am uninstall-man uninstall-man8 \
uninstall-sbinPROGRAMS
+
+ at USE_MACH_IPC_TRUE@auditd_control_user.c: auditd_control.defs
+ at USE_MACH_IPC_TRUE@ $(MIG) -user auditd_control_user.c -header auditd_control_user.h -server /dev/null -sheader /dev/null auditd_control.defs
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
==== //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#9 (text+ko) ====
@@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#8 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#9 $
*/
/*
* Program to trigger the audit daemon with a message that is either:
@@ -37,7 +37,12 @@
*/
#include <sys/types.h>
+#include <config/config.h>
+#ifdef HAVE_FULL_QUEUE_H
#include <sys/queue.h>
+#else /* !HAVE_FULL_QUEUE_H */
+#include <compat/queue.h>
+#endif /* !HAVE_FULL_QUEUE_H */
#include <sys/uio.h>
#include <bsm/libbsm.h>
@@ -47,6 +52,58 @@
#include <stdlib.h>
#include <unistd.h>
+
+static int send_trigger(unsigned int);
+
+#ifdef USE_MACH_IPC
+#include <mach/mach.h>
+#include <servers/netname.h>
+#include <mach/message.h>
+#include <mach/port.h>
+#include <mach/mach_error.h>
+#include <mach/host_special_ports.h>
+#include <servers/bootstrap.h>
+
+#include "auditd_control_user.h"
+
+static int
+send_trigger(unsigned int trigger)
+{
+ mach_port_t serverPort;
+ kern_return_t error;
+
+ error = host_get_audit_control_port(mach_host_self(), &serverPort);
+ if (error != KERN_SUCCESS) {
+ mach_error("Cannot get auditd_control Mach port: ", error);
+ return (-1);
+ }
+
+ error = auditd_control(serverPort, trigger);
+ if (error != KERN_SUCCESS) {
+ mach_error("Error sending trigger: ", error);
+ return (-1);
+ }
+
+ return (0);
+}
+
+#else /* ! USE_MACH_IPC */
+
+static int
+send_trigger(unsigned int trigger)
+{
+ int error;
+
+ error = auditon(A_SENDTRIGGER, &trigger, sizeof(trigger));
+ if (error != 0) {
+ perror("Error sending trigger");
+ return (-1);
+ }
+
+ return (0);
+}
+#endif /* ! USE_MACH_IPC */
+
static void
usage(void)
{
@@ -88,11 +145,9 @@
break;
}
}
- if (auditon(A_SENDTRIGGER, &trigger, sizeof(trigger)) < 0) {
- perror("Error sending trigger");
+ if (send_trigger(trigger) < 0)
exit(-1);
- } else {
- printf("Trigger sent.\n");
- exit (0);
- }
+
+ printf("Trigger sent.\n");
+ exit (0);
}
==== //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#2 (text+ko) ====
@@ -1,10 +1,22 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#1 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#2 $
#
INCLUDES = -I$(top_srcdir)
sbin_PROGRAMS = auditd
-auditd_SOURCES = audit_warn.c auditd.c
auditd_LDADD = $(top_builddir)/libbsm/libbsm.la
man8_MANS = auditd.8
+
+if USE_MACH_IPC
+auditd_SOURCES = auditd_control_server.c audit_triggers_server.c audit_warn.c auditd.c
+CLEANFILES = auditd_control_server.c auditd_control_server.h audit_triggers_server.c audit_triggers_server.h
+
+auditd_control_server.c: auditd_control.defs
+ $(MIG) -user /dev/null -header /dev/null -server auditd_control_server.c -sheader auditd_control_server.h auditd_control.defs
+
+audit_triggers_server.c: audit_triggers.defs
+ $(MIG) -user /dev/null -header /dev/null -server audit_triggers_server.c -sheader audit_triggers_server.h audit_triggers.defs
+else
+auditd_SOURCES = audit_warn.c auditd.c
+endif
==== //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#5 (text+ko) ====
@@ -15,7 +15,7 @@
@SET_MAKE@
#
-# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#4 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#5 $
#
VPATH = @srcdir@
@@ -49,7 +49,14 @@
am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(sbin_PROGRAMS)
-am_auditd_OBJECTS = audit_warn.$(OBJEXT) auditd.$(OBJEXT)
+am__auditd_SOURCES_DIST = audit_warn.c auditd.c \
+ auditd_control_server.c audit_triggers_server.c
+ at USE_MACH_IPC_FALSE@am_auditd_OBJECTS = audit_warn.$(OBJEXT) \
+ at USE_MACH_IPC_FALSE@ auditd.$(OBJEXT)
+ at USE_MACH_IPC_TRUE@am_auditd_OBJECTS = \
+ at USE_MACH_IPC_TRUE@ auditd_control_server.$(OBJEXT) \
+ at USE_MACH_IPC_TRUE@ audit_triggers_server.$(OBJEXT) \
+ at USE_MACH_IPC_TRUE@ audit_warn.$(OBJEXT) auditd.$(OBJEXT)
auditd_OBJECTS = $(am_auditd_OBJECTS)
auditd_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
DEFAULT_INCLUDES = -I. -I$(top_builddir)/config at am__isrc@
@@ -65,7 +72,7 @@
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(auditd_SOURCES)
-DIST_SOURCES = $(auditd_SOURCES)
+DIST_SOURCES = $(am__auditd_SOURCES_DIST)
man8dir = $(mandir)/man8
NROFF = nroff
MANS = $(man8_MANS)
@@ -113,6 +120,7 @@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
+MIG = @MIG@
MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
@@ -123,7 +131,6 @@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
-SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
@@ -180,9 +187,11 @@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
INCLUDES = -I$(top_srcdir)
-auditd_SOURCES = audit_warn.c auditd.c
auditd_LDADD = $(top_builddir)/libbsm/libbsm.la
man8_MANS = auditd.8
+ at USE_MACH_IPC_FALSE@auditd_SOURCES = audit_warn.c auditd.c
+ at USE_MACH_IPC_TRUE@auditd_SOURCES = auditd_control_server.c audit_triggers_server.c audit_warn.c auditd.c
+ at USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_server.c auditd_control_server.h audit_triggers_server.c audit_triggers_server.h
all: all-am
.SUFFIXES:
@@ -196,9 +205,9 @@
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign bin/auditd/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu bin/auditd/Makefile'; \
cd $(top_srcdir) && \
- $(AUTOMAKE) --foreign bin/auditd/Makefile
+ $(AUTOMAKE) --gnu bin/auditd/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
@@ -254,8 +263,10 @@
distclean-compile:
-rm -f *.tab.c
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/audit_triggers_server.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/audit_warn.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/auditd.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/auditd_control_server.Po at am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -427,6 +438,7 @@
mostlyclean-generic:
clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -512,6 +524,12 @@
tags uninstall uninstall-am uninstall-man uninstall-man8 \
uninstall-sbinPROGRAMS
+
+ at USE_MACH_IPC_TRUE@auditd_control_server.c: auditd_control.defs
+ at USE_MACH_IPC_TRUE@ $(MIG) -user /dev/null -header /dev/null -server auditd_control_server.c -sheader auditd_control_server.h auditd_control.defs
+
+ at USE_MACH_IPC_TRUE@audit_triggers_server.c: audit_triggers.defs
+ at USE_MACH_IPC_TRUE@ $(MIG) -user /dev/null -header /dev/null -server audit_triggers_server.c -sheader audit_triggers_server.h audit_triggers.defs
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#27 (text+ko) ====
@@ -26,13 +26,20 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#26 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#27 $
*/
#include <sys/types.h>
+
+#include <config/config.h>
+
#include <sys/dirent.h>
#include <sys/mman.h>
+#ifdef HAVE_FULL_QUEUE_H
#include <sys/queue.h>
+#else /* !HAVE_FULL_QUEUE_H */
+#include <compat/queue.h>
+#endif /* !HAVE_FULL_QUEUE_H */
#include <sys/stat.h>
#include <sys/wait.h>
@@ -53,18 +60,40 @@
#include <syslog.h>
#include "auditd.h"
+#ifdef USE_MACH_IPC
+#include <notify.h>
+#include <mach/port.h>
+#include <mach/mach_error.h>
+#include <mach/mach_traps.h>
+#include <mach/mach.h>
+#include <mach/host_special_ports.h>
+#include "auditd_control_server.h"
+#include "audit_triggers_server.h"
+#endif /* USE_MACH_IPC */
+
#define NA_EVENT_STR_SIZE 25
#define POL_STR_SIZE 128
-
static int ret, minval;
static char *lastfile = NULL;
static int allhardcount = 0;
static int triggerfd = 0;
static int sigchlds, sigchlds_handled;
static int sighups, sighups_handled;
+#ifndef USE_MACH_IPC
static int sigterms, sigterms_handled;
+#else /* USE_MACH_IPC */
+
+static mach_port_t control_port = MACH_PORT_NULL;
+static mach_port_t signal_port = MACH_PORT_NULL;
+static mach_port_t port_set = MACH_PORT_NULL;
+
+#ifndef __BSM_INTERNAL_NOTIFY_KEY
+#define __BSM_INTERNAL_NOTIFY_KEY "com.apple.audit.change"
+#endif /* __BSM_INTERNAL_NOTIFY_KEY */
+#endif /* USE_MACH_IPC */
+
static TAILQ_HEAD(, dir_ent) dir_q;
static int config_audit_controls(void);
@@ -305,6 +334,11 @@
free_dir_q();
endac();
+#ifdef USE_MACH_IPC
+ /* Post that the audit config changed. */
+ notify_post(__BSM_INTERNAL_NOTIFY_KEY);
+#endif
+
/*
* Read the list of directories into a local linked list.
*
@@ -415,8 +449,10 @@
}
endac();
+#ifdef USE_MACH_IPC
if (close(triggerfd) != 0)
syslog(LOG_ERR, "Error closing control file");
+#endif
syslog(LOG_INFO, "Finished");
return (0);
}
@@ -427,6 +463,22 @@
* main servicing loop to do proper handling from a non-signal-handler
* context.
*/
+#ifdef USE_MACH_IPC
+static void
+relay_signal(int signal)
+{
+ mach_msg_empty_send_t msg;
+
+ msg.header.msgh_id = signal;
+ msg.header.msgh_remote_port = signal_port;
+ msg.header.msgh_local_port = MACH_PORT_NULL;
+ msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_MAKE_SEND, 0);
+ mach_msg(&(msg.header), MACH_SEND_MSG|MACH_SEND_TIMEOUT, sizeof(msg),
+ 0, MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL);
+}
+
+#else /* ! USE_MACH_IPC */
+
static void
relay_signal(int signal)
{
@@ -438,6 +490,7 @@
if (signal == SIGCHLD)
sigchlds++;
}
+#endif /* ! USE_MACH_IPC */
/*
* Registering the daemon.
@@ -492,6 +545,48 @@
return (0);
}
+#ifdef USE_MACH_IPC
+/*
+ * Implementation of the auditd_control() MIG simpleroutine.
+ *
+ * React to input from the audit(1) tool.
+ */
+
+/* ARGSUSED */
+kern_return_t
+auditd_control(mach_port_t __unused auditd_port, int trigger)
+{
+ int err_ret = 0;
+
+ switch (trigger) {
+
+ case AUDIT_TRIGGER_ROTATE_USER:
+ /*
+ * Create a new file and swap with the one
+ * being used in kernel.
+ */
+ if (swap_audit_file() == -1)
+ syslog(LOG_ERR, "Error swapping audit file");
+ break;
+
+ case AUDIT_TRIGGER_READ_FILE:
+ if (read_control_file() == -1)
+ syslog(LOG_ERR, "Error in audit control file");
+ break;
+
+ case AUDIT_TRIGGER_CLOSE_AND_DIE:
+ err_ret = close_all();
+ exit (err_ret);
+ break;
+
+ default:
+ break;
+ }
+
+ return (KERN_SUCCESS);
+}
+#endif /* USE_MACH_IPC */
+
/*
* Handle the audit trigger event.
*
@@ -503,8 +598,18 @@
* not be retransmitted, and the log file will grow in an unbounded fashion.
*/
#define DUPLICATE_INTERVAL 30
-static void
+#ifdef USE_MACH_IPC
+#define AT_SUCCESS KERN_SUCCESS
+
+/* ARGSUSED */
+kern_return_t
+audit_triggers(mach_port_t __unused audit_port, int trigger)
+#else
+#define AT_SUCCESS 0
+
+static int
handle_audit_trigger(int trigger)
+#endif
{
static int last_trigger, last_warning;
static time_t last_time;
@@ -533,7 +638,7 @@
syslog(LOG_INFO,
"Suppressing duplicate trigger %d",
trigger);
- return;
+ return (AT_SUCCESS);
}
last_warning = tt;
break;
@@ -634,8 +739,12 @@
syslog(LOG_ERR, "Got unknown trigger %d", trigger);
break;
}
+
+ return (AT_SUCCESS);
}
+#undef AT_SUCCESS
+
static void
handle_sighup(void)
{
@@ -675,6 +784,60 @@
/*
* Read the control file for triggers/signals and handle appropriately.
*/
+#ifdef USE_MACH_IPC
+#define MAX_MSG_SIZE 4096
+
+static boolean_t
+auditd_combined_server(mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP)
+{
+ mach_port_t local_port = InHeadP->msgh_local_port;
+
+ if (local_port == signal_port) {
+ int signo = InHeadP->msgh_id;
+ int ret;
+
+ switch(signo) {
+ case SIGTERM:
+ ret = close_all();
+ exit(ret);
+
+ case SIGCHLD:
+ handle_sigchld();
+ return (TRUE);
+
+ case SIGHUP:
+ handle_sighup();
+ return (TRUE);
+
+ default:
+ syslog(LOG_INFO, "Received signal %d", signo);
+ return (TRUE);
+ }
+ } else if (local_port == control_port) {
+ boolean_t result;
+
+ result = audit_triggers_server(InHeadP, OutHeadP);
+ if (!result)
+ result = auditd_control_server(InHeadP, OutHeadP);
+ return (result);
+ }
+ syslog(LOG_INFO, "Recevied msg on bad port 0x%x.", local_port);
+ return (FALSE);
+}
+
+static int
+wait_for_events(void)
+{
+ kern_return_t result;
+
+ result = mach_msg_server(auditd_combined_server, MAX_MSG_SIZE,
+ port_set, MACH_MSG_OPTION_NONE);
+ syslog(LOG_ERR, "abnormal exit\n");
+ return (close_all());
+}
+
+#else /* ! USE_MACH_IPC */
+
static int
wait_for_events(void)
{
@@ -706,10 +869,11 @@
if (trigger == AUDIT_TRIGGER_CLOSE_AND_DIE)
break;
else
- handle_audit_trigger(trigger);
+ (void)handle_audit_trigger(trigger);
}
return (close_all());
}
+#endif /* ! USE_MACH_IPC */
/*
* Configure the audit controls in the kernel: the event to class mapping,
@@ -820,6 +984,62 @@
return (0);
}
+#ifdef USE_MACH_IPC
+static void
+mach_setup(void)
+{
+ mach_msg_type_name_t poly;
+
+ /*
+ * Allocate a port set
+ */
+ if (mach_port_allocate(mach_task_self(),
+ MACH_PORT_RIGHT_PORT_SET,
+ &port_set) != KERN_SUCCESS) {
+ syslog(LOG_ERR, "Allocation of port set failed");
+ fail_exit();
+ }
+
+ /*
+ * Allocate a signal reflection port
+ */
+ if (mach_port_allocate(mach_task_self(),
+ MACH_PORT_RIGHT_RECEIVE,
+ &signal_port) != KERN_SUCCESS ||
+ mach_port_move_member(mach_task_self(),
+ signal_port,
+ port_set) != KERN_SUCCESS) {
+ syslog(LOG_ERR, "Allocation of signal port failed");
+ fail_exit();
+ }
+
+ /*
+ *Allocate a trigger port
+ */
+ if (mach_port_allocate(mach_task_self(),
+ MACH_PORT_RIGHT_RECEIVE,
+ &control_port) != KERN_SUCCESS ||
+ mach_port_move_member(mach_task_self(),
+ control_port,
+ port_set) != KERN_SUCCESS) {
+ syslog(LOG_ERR, "Allocation of trigger port failed");
+ fail_exit();
+ }
+ /* create a send right on our trigger port */
+ mach_port_extract_right(mach_task_self(), control_port,
+ MACH_MSG_TYPE_MAKE_SEND, &control_port, &poly);
+
+ /* register the trigger port with the kernel */
+ if (host_set_audit_control_port(mach_host_self(), control_port) !=
+ KERN_SUCCESS) {
+ syslog(LOG_ERR, "Cannot set Mach control port");
+ fail_exit();
+ }
+ else
+ syslog(LOG_DEBUG, "Mach control port registered");
+}
+#endif /* USE_MACH_IPC */
+
static void
setup(void)
{
@@ -828,6 +1048,10 @@
int aufd;
token_t *tok;
+#ifdef USE_MACH_IPC
+ mach_setup();
+#endif
+
if ((triggerfd = open(AUDIT_TRIGGER_FILE, O_RDONLY, 0)) < 0) {
syslog(LOG_ERR, "Error opening trigger file");
fail_exit();
@@ -890,7 +1114,7 @@
{
int ch;
int debug = 0;
- int rc;
+ int rc, logopts;
while ((ch = getopt(argc, argv, "d")) != -1) {
switch(ch) {
@@ -907,10 +1131,14 @@
}
}
+ logopts = LOG_CONS | LOG_PID;
+ if (debug != 0)
+ logopts |= LOG_PERROR;
+
#ifdef LOG_SECURITY
- openlog("auditd", LOG_CONS | LOG_PID, LOG_SECURITY);
+ openlog("auditd", logopts, LOG_SECURITY);
#else
- openlog("auditd", LOG_CONS | LOG_PID, LOG_AUTH);
+ openlog("auditd", logopts, LOG_AUTH);
#endif
syslog(LOG_INFO, "starting...");
==== //depot/projects/trustedbsd/openbsm/config/config.h.in#12 (text+ko) ====
@@ -174,6 +174,9 @@
/* Define to 1 if your <sys/time.h> declares `struct tm'. */
#undef TM_IN_SYS_TIME
+/* Define if uses Mach IPC for Triggers messages */
+#undef USE_MACH_IPC
+
/* Version number of package */
#undef VERSION
==== //depot/projects/trustedbsd/openbsm/configure#36 (xtext) ====
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#37 .
+# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#38 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61 for OpenBSM 1.1alpha1.
#
@@ -812,6 +812,7 @@
MAINTAINER_MODE_TRUE
MAINTAINER_MODE_FALSE
MAINT
+MIG
CC
CFLAGS
LDFLAGS
@@ -830,7 +831,6 @@
host_cpu
host_vendor
host_os
-SED
GREP
EGREP
LN_S
@@ -880,6 +880,8 @@
LIBOBJS
HAVE_AUDIT_SYSCALLS_TRUE
HAVE_AUDIT_SYSCALLS_FALSE
+USE_MACH_IPC_TRUE
+USE_MACH_IPC_FALSE
LTLIBOBJS'
ac_subst_files=''
ac_precious_vars='build_alias
@@ -2001,6 +2003,52 @@
+for ac_prog in mig
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_path_MIG+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $MIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_MIG="$MIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_MIG="$as_dir/$ac_word$ac_exec_ext"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+MIG=$ac_cv_path_MIG
+if test -n "$MIG"; then
+ { echo "$as_me:$LINENO: result: $MIG" >&5
+echo "${ECHO_T}$MIG" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$MIG" && break
+done
+
+
# Checks for programs.
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -3170,13 +3218,12 @@
test -z "$as_dir" && as_dir=.
for lt_ac_prog in sed gsed; do
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$lt_ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$lt_ac_prog$ac_exec_ext"; }; then
+ if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
fi
done
done
done
-IFS=$as_save_IFS
lt_ac_max=0
lt_ac_count=0
# Add /usr/xpg4/bin/sed as it is typically found on Solaris
@@ -3211,7 +3258,6 @@
fi
SED=$lt_cv_path_SED
-
{ echo "$as_me:$LINENO: result: $SED" >&5
echo "${ECHO_T}$SED" >&6; }
@@ -3573,8 +3619,8 @@
echo "${ECHO_T}no, using $LN_S" >&6; }
fi
-{ echo "$as_me:$LINENO: checking how to recognize dependent libraries" >&5
-echo $ECHO_N "checking how to recognize dependent libraries... $ECHO_C" >&6; }
+{ echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5
+echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6; }
if test "${lt_cv_deplibs_check_method+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
@@ -3615,22 +3661,16 @@
mingw* | pw32*)
# Base MSYS/MinGW do not provide the 'file' command needed by
- # func_win32_libid shell function, so use a weaker test based on 'objdump',
- # unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- else
- lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- fi
+ # func_win32_libid shell function, so use a weaker test based on 'objdump'.
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
;;
darwin* | rhapsody*)
lt_cv_deplibs_check_method=pass_all
;;
-freebsd* | dragonfly*)
+freebsd* | kfreebsd*-gnu | dragonfly*)
if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
case $host_cpu in
i*86 )
@@ -3668,7 +3708,7 @@
esac
;;
-interix[3-9]*)
+interix3*)
# PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
;;
@@ -3684,7 +3724,7 @@
;;
# This must be Linux ELF.
-linux* | k*bsd*-gnu)
+linux*)
lt_cv_deplibs_check_method=pass_all
;;
@@ -3718,10 +3758,6 @@
lt_cv_deplibs_check_method=pass_all
;;
-rdos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
solaris*)
lt_cv_deplibs_check_method=pass_all
;;
@@ -3809,7 +3845,7 @@
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 3812 "configure"' > conftest.$ac_ext
+ echo '#line 3848 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -3844,8 +3880,7 @@
rm -rf conftest*
;;
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
-s390*-*linux*|sparc*-*linux*)
+x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list