PERFORCE change 77121 for review
Wayne Salamon
wsalamon at FreeBSD.org
Wed May 18 00:38:00 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=77121
Change 77121 by wsalamon at rickenbacker on 2005/05/18 00:37:05
Integrate shared files from the OpenBSM branch. Changes to come.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#1 branch
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#13 edit
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#3 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_klib.h#5 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#10 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#6 integrate
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#13 (text+ko) ====
@@ -267,13 +267,6 @@
struct timespec *endtime, short event);
void kau_free(struct au_record *rec);
void kau_init(void);
-token_t *kau_to_file(char *file, struct timeval *tv);
-token_t *kau_to_header(struct timespec *ctime, int rec_size,
- au_event_t e_type, au_emod_t e_mod);
-token_t *kau_to_header32(struct timespec *ctime, int rec_size,
- au_event_t e_type, au_emod_t e_mod);
-token_t *kau_to_header64(struct timespec *ctime, int rec_size,
- au_event_t e_type, au_emod_t e_mod);
/*
* The remaining kernel functions are conditionally compiled in as they
* are wrapped by a macro, and the macro should be the only place in
==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#3 (text+ko) ====
@@ -1,15 +1,15 @@
/*
* @APPLE_LICENSE_HEADER_START@
- *
+ *
* Copyright (c) 1999-2004 Apple Computer, Inc. All Rights Reserved.
- *
+ *
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
- *
+ *
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -17,186 +17,154 @@
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
- *
+ *
* @APPLE_LICENSE_HEADER_END@
*/
#ifndef _BSM_AUDIT_RECORD_H_
#define _BSM_AUDIT_RECORD_H_
-#include <sys/cdefs.h>
-#include <sys/vnode.h>
-#include <sys/ipc.h>
-#include <sys/un.h>
-#include <sys/event.h>
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-
-/* We could determined the header and trailer sizes by
- * defining appropriate structures. We hold off that approach
- * till we have a consistant way of using structures for all tokens.
- * This is not straightforward since these token structures may
- * contain pointers of whose contents we dont know the size
- * (e.g text tokens)
- */
-#define HEADER_SIZE 18
-#define TRAILER_SIZE 7
-
-#define ADD_U_CHAR(loc, val) \
- do {\
- *loc = val;\
- loc += sizeof(u_char);\
- }while(0)
-
-
-#define ADD_U_INT16(loc, val) \
- do { \
- memcpy(loc, (u_char *)&val, sizeof(u_int16_t));\
- loc += sizeof(u_int16_t); \
- }while(0)
-
-#define ADD_U_INT32(loc, val) \
- do { \
- memcpy(loc, (u_char *)&val, sizeof(u_int32_t));\
- loc += sizeof(u_int32_t); \
- }while(0)
-
-#define ADD_U_INT64(loc, val)\
- do {\
- memcpy(loc, (u_char *)&val, sizeof(u_int64_t));\
- loc += sizeof(u_int64_t); \
- }while(0)
-
-#define ADD_MEM(loc, data, size) \
- do { \
- memcpy(loc, data, size);\
- loc += size;\
- }while(0)
-
-#define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size)
-
-
/* Various token id types */
-/*
+/*
* Values inside the comments are not documented in the BSM pages and
- * have been picked up from the header files
- */
-
-/*
- * Values marked as XXX do not have a value defined in the BSM header files
- */
-
-/*
- * Control token types
-
-#define AUT_OTHER_FILE ((char)0x11)
-#define AUT_OTHER_FILE32 AUT_OTHER_FILE
-#define AUT_OHEADER ((char)0x12)
-
+ * have been picked up from the header files
*/
-#define AUT_INVALID 0x00
-#define AU_FILE_TOKEN 0x11
-#define AU_TRAILER_TOKEN 0x13
-#define AU_HEADER_32_TOKEN 0x14
-#define AU_HEADER_EX_32_TOKEN 0x15
-
/*
- * Data token types
-#define AUT_SERVER ((char)0x25)
-#define AUT_SERVER32 AUT_SERVER
+ * Values marked as XXX do not have a value defined in the BSM header files
*/
-#define AU_DATA_TOKEN 0x21
-#define AU_ARB_TOKEN AU_DATA_TOKEN
-#define AU_IPC_TOKEN 0x22
-#define AU_PATH_TOKEN 0x23
-#define AU_SUBJECT_32_TOKEN 0x24
-#define AU_PROCESS_32_TOKEN 0x26
-#define AU_RETURN_32_TOKEN 0x27
-#define AU_TEXT_TOKEN 0x28
-#define AU_OPAQUE_TOKEN 0x29
-#define AU_IN_ADDR_TOKEN 0x2A
-#define AU_IP_TOKEN 0x2B
-#define AU_IPORT_TOKEN 0x2C
-#define AU_ARG32_TOKEN 0x2D
-#define AU_SOCK_TOKEN 0x2E
-#define AU_SEQ_TOKEN 0x2F
+#define AUT_INVALID 0x00
+#define AUT_OTHER_FILE32 0x11
+#define AUT_OHEADER 0x12
+#define AUT_TRAILER 0x13
+#define AUT_HEADER32 0x14
+#define AUT_HEADER32_EX 0x15
+#define AUT_DATA 0x21
+#define AUT_IPC 0x22
+#define AUT_PATH 0x23
+#define AUT_SUBJECT32 0x24
+#define AUT_SERVER32 0x25
+#define AUT_PROCESS32 0x26
+#define AUT_RETURN32 0x27
+#define AUT_TEXT 0x28
+#define AUT_OPAQUE 0x29
+#define AUT_IN_ADDR 0x2a
+#define AUT_IP 0x2b
+#define AUT_IPORT 0x2c
+#define AUT_ARG32 0x2d
+#define AUT_SOCKET 0x2e
+#define AUT_SEQ 0x2f
+#define AUT_ACL 0x30
+#define AUT_ATTR 0x31
+#define AUT_IPC_PERM 0x32
+#define AUT_LABEL 0x33
+#define AUT_GROUPS 0x34
+#define AUT_ILABEL 0x35
+#define AUT_SLABEL 0x36
+#define AUT_CLEAR 0x37
+#define AUT_PRIV 0x38
+#define AUT_UPRIV 0x39
+#define AUT_LIAISON 0x3a
+#define AUT_NEWGROUPS 0x3b
+#define AUT_EXEC_ARGS 0x3c
+#define AUT_EXEC_ENV 0x3d
+#define AUT_ATTR32 0x3e
+/* #define AUT_???? 0x3f */
+#define AUT_XATOM 0x40
+#define AUT_XOBJ 0x41
+#define AUT_XPROTO 0x42
+#define AUT_XSELECT 0x43
+/* XXXRW: Additional X11 tokens not defined? */
+#define AUT_CMD 0x51
+#define AUT_EXIT 0x52
+/* XXXRW: OpenBSM AUT_HOST 0x70? */
+#define AUT_ARG64 0x71
+#define AUT_RETURN64 0x72
+#define AUT_ATTR64 0x73
+#define AUT_HEADER64 0x74
+#define AUT_SUBJECT64 0x75
+#define AUT_SERVER64 0x76
+#define AUT_PROCESS64 0x77
+#define AUT_OTHER_FILE64 0x78
+#define AUT_HEADER64_EX 0x79
+#define AUT_SUBJECT32_EX 0x7a
+#define AUT_PROCESS32_EX 0x7b
+#define AUT_SUBJECT64_EX 0x7c
+#define AUT_PROCESS64_EX 0x7d
+#define AUT_IN_ADDR_EX 0x7e
+#define AUT_SOCKET_EX 0x7f
/*
- * Modifier token types
-
-#define AUT_ACL ((char)0x30)
-#define AUT_LABEL ((char)0x33)
-#define AUT_GROUPS ((char)0x34)
-#define AUT_ILABEL ((char)0x35)
-#define AUT_SLABEL ((char)0x36)
-#define AUT_CLEAR ((char)0x37)
-#define AUT_PRIV ((char)0x38)
-#define AUT_UPRIV ((char)0x39)
-#define AUT_LIAISON ((char)0x3A)
-
+ * Pre-64-bit BSM, 32-bit tokens weren't explicitly named as '32'. We have
+ * compatibility defines.
*/
-
-#define AU_ATTR_TOKEN 0x31
-#define AU_IPCPERM_TOKEN 0x32
-#define AU_NEWGROUPS_TOKEN 0x3B
-#define AU_EXEC_ARG_TOKEN 0x3C
-#define AU_EXEC_ENV_TOKEN 0x3D
-#define AU_ATTR32_TOKEN 0x3E
+#define AUT_HEADER AUT_HEADER32
+#define AUT_ARG AUT_ARG32
+#define AUT_RETURN AUT_RETURN32
+#define AUT_SUBJECT AUT_SUBJECT32
+#define AUT_SERVER AUT_SERVER32
+#define AUT_PROCESS AUT_PROCESS32
+#define AUT_OTHER_FILE AUT_OTHER_FILE32
/*
- * Command token types
+ * Darwin's bsm distribution uses the following non-BSM token name defines.
+ * We provide them for a single OpenBSM release for compatibility reasons.
*/
-
-#define AU_CMD_TOKEN 0x51
-#define AU_EXIT_TOKEN 0x52
+#define AU_FILE_TOKEN AUT_OTHER_FILE32
+#define AU_TRAILER_TOKEN AUT_TRAILER
+#define AU_HEADER_32_TOKEN AUT_HEADER32
+#define AU_DATA_TOKEN AUT_DATA
+#define AU_ARB_TOKEN AUT_DATA
+#define AU_IPC_TOKEN AUT_IPC
+#define AU_PATH_TOKEN AUT_PATH
+#define AU_SUBJECT_32_TOKEN AUT_SUBJECT32
+#define AU_PROCESS_32_TOKEN AUT_PROCESS32
+#define AU_RETURN_32_TOKEN AUT_RETURN32
+#define AU_TEXT_TOKEN AUT_TEXT
+#define AU_OPAQUE_TOKEN AUT_OPAQUE
+#define AU_IN_ADDR_TOKEN AUT_IN_ADDR
+#define AU_IP_TOKEN AUT_IP
+#define AU_IPORT_TOKEN AUT_IPORT
+#define AU_ARG32_TOKEN AUT_ARG32
+#define AU_SOCK_TOKEN AUT_SOCKET
+#define AU_SEQ_TOKEN AUT_SEQ
+#define AU_ATTR_TOKEN AUT_ATTR
+#define AU_IPCPERM_TOKEN AUT_IPC_PERM
+#define AU_NEWGROUPS_TOKEN AUT_NEWGROUPS
+#define AU_EXEC_ARG_TOKEN AUT_EXEC_ARGS
+#define AU_EXEC_ENV_TOKEN AUT_EXEC_ENV
+#define AU_ATTR32_TOKEN AUT_ATTR32
+#define AU_CMD_TOKEN AUT_CMD
+#define AU_EXIT_TOKEN AUT_EXIT
+#define AU_ARG64_TOKEN AUT_ARG64
+#define AU_RETURN_64_TOKEN AUT_RETURN64
+#define AU_ATTR64_TOKEN AUT_ATTR64
+#define AU_HEADER_64_TOKEN AUT_HEADER64
+#define AU_SUBJECT_64_TOKEN AUT_SUBJECT64
+#define AU_PROCESS_64_TOKEN AUT_PROCESS64
+#define AU_HEADER_64_EX_TOKEN AUT_HEADER64_EX
+#define AU_SUBJECT_32_EX_TOKEN AUT_SUBJECT32_EX
+#define AU_PROCESS_32_EX_TOKEN AUT_PROCESS32_EX
+#define AU_SUBJECT_64_EX_TOKEN AUT_SUBJECT64_EX
+#define AU_PROCESS_64_EX_TOKEN AUT_PROCESS64_EX
+#define AU_IN_ADDR_EX_TOKEN AUT_IN_ADDR_EX
+#define AU_SOCK_32_EX_TOKEN AUT_SOCKET_EX
/*
- * Miscellaneous token types
-
-#define AUT_HOST ((char)0x70)
-
+ * The values for the following token ids are not defined by BSM.
+ *
+ * XXXRW: Not sure how to andle these in OpenBSM yet, but I'll give them
+ * names more consistent with Sun's BSM. These originally came from Apple's
+ * BSM.
*/
-
-/*
- * 64bit token types
-
-#define AUT_SERVER64 ((char)0x76)
-#define AUT_OTHER_FILE64 ((char)0x78)
-
- */
-
-#define AU_ARG64_TOKEN 0x71
-#define AU_RETURN_64_TOKEN 0x72
-#define AU_ATTR64_TOKEN 0x73
-#define AU_HEADER_64_TOKEN 0x74
-#define AU_SUBJECT_64_TOKEN 0x75
-#define AU_PROCESS_64_TOKEN 0x77
-
-/*
- * Extended network address token types
- */
-
-#define AU_HEADER_EX_64_TOKEN 0x79
-#define AU_SUBJECT_32_EX_TOKEN 0x7a
-#define AU_PROCESS_32_EX_TOKEN 0x7b
-#define AU_SUBJECT_64_EX_TOKEN 0x7c
-#define AU_PROCESS_64_EX_TOKEN 0x7d
-#define AU_IN_ADDR_EX_TOKEN 0x7e
-#define AU_SOCK_EX32_TOKEN 0x7f
-#define AU_SOCK_EX128_TOKEN AUT_INVALID /*XXX*/
-#define AU_IP_EX_TOKEN AUT_INVALID /*XXX*/
-
-/*
- * The values for the following token ids are not
- * defined by BSM
- */
-#define AU_SOCK_INET_32_TOKEN 0x80 /*XXX*/
-#define AU_SOCK_INET_128_TOKEN 0x81 /*XXX*/
-#define AU_SOCK_UNIX_TOKEN 0x82 /*XXX*/
+#define AUT_SOCKINET32 0x80 /* XXX */
+#define AUT_SOCKINET128 0x81 /* XXX */
+#define AUT_SOCKUNIX 0x82 /* XXX */
+#define AU_SOCK_INET_32_TOKEN AUT_SOCKINET32
+#define AU_SOCK_INET_128_TOKEN AUT_SOCKINET128
+#define AU_SOCK_UNIX_TOKEN AUT_SOCKUNIX
/* print values for the arbitrary token */
#define AUP_BINARY 0
@@ -211,7 +179,7 @@
#define AUR_LONG 2
/* ... and their sizes */
-#define AUR_BYTE_SIZE sizeof(u_char)
+#define AUR_BYTE_SIZE sizeof(u_char)
#define AUR_SHORT_SIZE sizeof(u_int16_t)
#define AUR_LONG_SIZE sizeof(u_int32_t)
@@ -220,32 +188,65 @@
#define PAD_FAILURE 0x8000 /* fail audit event */
-#define MAX_GROUPS 16
+#define BSM_MAX_GROUPS 16
#define HEADER_VERSION 1
-#define TRAILER_PAD_MAGIC 0xB105
+
+/*
+ * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we
+ * split the difference, will remove the Apple define for the next release.
+ */
+#define AUT_TRAILER_MAGIC 0xb105
+#define TRAILER_PAD_MAGIC AUT_TRAILER_MAGIC
/* BSM library calls */
__BEGIN_DECLS
+struct in_addr;
+struct in6_addr;
+struct ip;
+struct ipc_perm;
+struct kevent;
+struct sockaddr_in;
+struct sockaddr_in6;
+struct sockaddr_un;
+#if defined(_KERNEL) || defined(KERNEL)
+struct vnode_au_info;
+#endif
+
int au_open(void);
int au_write(int d, token_t *m);
int au_close(int d, int keep, short event);
+int au_close_buffer(int d, short event, u_char *buffer,
+ size_t *buflen);
+#if defined(KERNEL) || defined(_KERNEL)
+token_t *au_to_file(char *file, struct timeval tm);
+#else
token_t *au_to_file(char *file);
-token_t *au_to_header(int rec_size, au_event_t e_type,
+#endif
+#if defined(KERNEL) || defined(_KERNEL)
+token_t *au_to_header(int rec_size, au_event_t e_type,
+ au_emod_t e_mod, struct timeval tm);
+token_t *au_to_header32(int rec_size, au_event_t e_type,
+ au_emod_t e_mod, struct timeval tm);
+#else
+token_t *au_to_header(int rec_size, au_event_t e_type,
au_emod_t e_mod);
-token_t *au_to_header32(int rec_size, au_event_t e_type,
+token_t *au_to_header32(int rec_size, au_event_t e_type,
au_emod_t e_mod);
-token_t *au_to_header64(int rec_size, au_event_t e_type,
+#endif
+token_t *au_to_header64(int rec_size, au_event_t e_type,
au_emod_t e_mod);
token_t *au_to_me(void);
-
+
token_t *au_to_arg(char n, char *text, u_int32_t v);
token_t *au_to_arg32(char n, char *text, u_int32_t v);
token_t *au_to_arg64(char n, char *text, u_int64_t v);
-token_t *au_to_attr(struct vattr *attr);
-token_t *au_to_attr32(struct vattr *attr);
-token_t *au_to_attr64(struct vattr *attr);
+#if defined(_KERNEL) || defined(KERNEL)
+token_t *au_to_attr(struct vnode_au_info *vni);
+token_t *au_to_attr32(struct vnode_au_info *vni);
+token_t *au_to_attr64(struct vnode_au_info *vni);
+#endif
token_t *au_to_data(char unit_print, char unit_type,
char unit_count, char *p);
token_t *au_to_exit(int retval, int err);
@@ -281,9 +282,13 @@
token_t *au_to_return32(char status, u_int32_t ret);
token_t *au_to_return64(char status, u_int64_t ret);
token_t *au_to_seq(long audit_count);
+#if defined(_KERNEL) || defined(KERNEL)
token_t *au_to_socket(struct socket *so);
-token_t *au_to_socket_ex_32(struct socket *so);
-token_t *au_to_socket_ex_128(struct socket *so);
+token_t *au_to_socket_ex_32(u_int16_t lp, u_int16_t rp,
+ struct sockaddr *la, struct sockaddr *ta);
+token_t *au_to_socket_ex_128(u_int16_t lp, u_int16_t rp,
+ struct sockaddr *la, struct sockaddr *ta);
+#endif
token_t *au_to_sock_inet(struct sockaddr_in *so);
token_t *au_to_sock_inet32(struct sockaddr_in *so);
token_t *au_to_sock_inet128(struct sockaddr_in6 *so);
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_klib.h#5 (text+ko) ====
@@ -36,7 +36,6 @@
* data structures. The prototypes of these functions are declared here.
*/
token_t *kau_to_socket(struct socket_au_info *soi);
-token_t *kau_to_attr32(struct vnode_au_info *vni);
/*
* audit_klib prototypes
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#10 (text+ko) ====
@@ -32,6 +32,7 @@
#include <sys/systm.h>
#include <bsm/audit.h>
+#include <bsm/audit_internal.h>
#include <bsm/audit_record.h>
#include <bsm/audit_kernel.h>
#include <bsm/audit_kevents.h>
@@ -157,11 +158,14 @@
u_char *dptr;
size_t tot_rec_size;
token_t *cur, *hdr, *trail;
+ struct timeval tm;
- tot_rec_size = rec->len + HEADER_SIZE + TRAILER_SIZE;
+ tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
if(tot_rec_size <= MAX_AUDIT_RECORD_SIZE) {
/* Create the header token */
- hdr = kau_to_header32(ctime, tot_rec_size, event, 0);
+ tm.tv_usec = ctime->tv_nsec / 1000;
+ tm.tv_sec = ctime->tv_sec;
+ hdr = au_to_header32(tot_rec_size, event, 0, tm);
if(hdr != NULL) {
/* Add to head of list */
@@ -237,7 +241,7 @@
kau_write(rec, tok); \
} \
if (ar->ar_valid_arg & ARG_VNODE1) { \
- tok = kau_to_attr32(&ar->ar_arg_vnode1);\
+ tok = au_to_attr32(&ar->ar_arg_vnode1);\
kau_write(rec, tok); \
} \
} while (0)
@@ -251,7 +255,7 @@
UPATH1_TOKENS; \
} \
if (ar->ar_valid_arg & ARG_VNODE1) { \
- tok = kau_to_attr32(&ar->ar_arg_vnode1);\
+ tok = au_to_attr32(&ar->ar_arg_vnode1);\
kau_write(rec, tok); \
} \
} while (0)
@@ -263,7 +267,7 @@
kau_write(rec, tok); \
} \
if (ar->ar_valid_arg & ARG_VNODE2) { \
- tok = kau_to_attr32(&ar->ar_arg_vnode2);\
+ tok = au_to_attr32(&ar->ar_arg_vnode2);\
kau_write(rec, tok); \
} \
} while (0)
@@ -274,7 +278,7 @@
tok = au_to_path(ar->ar_arg_kpath1); \
kau_write(rec, tok); \
if (ar->ar_valid_arg & ARG_VNODE1) { \
- tok = kau_to_attr32(&ar->ar_arg_vnode1);\
+ tok = au_to_attr32(&ar->ar_arg_vnode1);\
kau_write(rec, tok); \
} \
} else { \
@@ -1103,10 +1107,10 @@
/* XXXAUDIT There needs to be a token structure to map a token.
* XXXAUDIT 'Shouldn't be simply looking at the first char.
*/
- if ( (c != AU_HEADER_32_TOKEN) &&
- (c != AU_HEADER_EX_32_TOKEN) &&
- (c != AU_HEADER_64_TOKEN) &&
- (c != AU_HEADER_EX_64_TOKEN) ) {
+ if ( (c != AUT_HEADER32) &&
+ (c != AUT_HEADER32_EX) &&
+ (c != AUT_HEADER64) &&
+ (c != AUT_HEADER64_EX) ) {
return (0);
}
return (1);
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#6 (text+ko) ====
@@ -1,44 +1,80 @@
/*
- * Copyright (c) 2004 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2004, Apple Computer, Inc.
+ * Copyright (c) 2005 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ * its contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
*
- * @APPLE_LICENSE_HEADER_START@
- *
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License"). You may not use this file except in compliance with the
- * License. Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
- * License for the specific language governing rights and limitations
- * under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
-#include <sys/param.h>
-#include <sys/event.h>
-#include <sys/libkern.h>
-#include <sys/malloc.h>
-#include <sys/un.h>
+#include <sys/types.h>
+#ifdef __APPLE__
+#include <compat/endian.h>
+#else /* !__APPLE__ */
+#include <sys/endian.h>
+#endif /* __APPLE__*/
+#include <sys/socket.h>
+#include <sys/time.h>
+
+#include <sys/ipc.h>
+#include <sys/libkern.h>
+#include <sys/malloc.h>
+#include <sys/un.h>
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+
+#include <sys/socketvar.h>
+
+#include <bsm/audit.h>
+#include <bsm/audit_internal.h>
+#include <bsm/audit_kernel.h>
+#include <bsm/audit_record.h>
+#include <security/audit/audit_klib.h>
+
+#define GET_TOKEN_AREA(t, dptr, length) \
+ do {\
+ t = (token_t *) malloc (sizeof(token_t), M_AUDIT, M_WAITOK);\
+ if(t != NULL)\
+ {\
+ t->len = length;\
+ t->t_data = (u_char *) malloc (length * sizeof(u_char),\
+ M_AUDIT, M_WAITOK);\
+ if((dptr = t->t_data) == NULL)\
+ {\
+ free(t, M_AUDIT);\
+ t = NULL;\
+ }\
+ else\
+ {\
+ memset(dptr, 0, length);\
+ }\
+ }\
+ }while(0)
-#include <bsm/audit.h>
-#include <bsm/audit_record.h>
-#include <bsm/audit_kernel.h>
-#include <security/audit/audit_klib.h>
-#define GET_TOKEN_AREA(tok, dptr, length) \
- do { \
- tok = malloc(sizeof(*tok), M_AUDIT, M_WAITOK); \
- tok->len = length; \
- dptr = tok->t_data = malloc(length * sizeof(u_char), \
- M_AUDIT, M_WAITOK); \
- memset(tok->t_data, 0, length); \
- } while(0)
/*
* token ID 1 byte
@@ -50,13 +86,14 @@
token_t *au_to_arg32(char n, char *text, u_int32_t v)
{
token_t *t;
- u_char *dptr;
+ u_char *dptr = NULL;
u_int16_t textlen;
-
+
if(text == NULL) {
- return NULL;
+ errno = EINVAL;
+ return NULL;
}
-
+
textlen = strlen(text);
GET_TOKEN_AREA(t, dptr, 9 + textlen);
if(t == NULL) {
@@ -65,7 +102,7 @@
textlen += 1;
- ADD_U_CHAR(dptr, AU_ARG32_TOKEN);
+ ADD_U_CHAR(dptr, AUT_ARG32);
ADD_U_CHAR(dptr, n);
ADD_U_INT32(dptr, v);
ADD_U_INT16(dptr, textlen);
@@ -78,27 +115,28 @@
token_t *au_to_arg64(char n, char *text, u_int64_t v)
{
token_t *t;
- u_char *dptr;
+ u_char *dptr = NULL;
u_int16_t textlen;
-
+
if(text == NULL) {
- return NULL;
+ errno = EINVAL;
+ return NULL;
}
-
+
textlen = strlen(text);
GET_TOKEN_AREA(t, dptr, 13 + textlen);
if(t == NULL) {
return NULL;
}
- textlen += 1;
+ textlen += 1;
- ADD_U_CHAR(dptr, AU_ARG64_TOKEN);
+ ADD_U_CHAR(dptr, AUT_ARG64);
ADD_U_CHAR(dptr, n);
ADD_U_INT64(dptr, v);
ADD_U_INT16(dptr, textlen);
ADD_STRING(dptr, text, textlen);
-
+
return t;
}
@@ -108,6 +146,7 @@
return au_to_arg32(n, text, v);
}
+#if defined(_KERNEL) || defined(KERNEL)
/*
* token ID 1 byte
* file access mode 4 bytes
@@ -117,72 +156,70 @@
* node ID 8 bytes
* device 4 bytes/8 bytes (32-bit/64-bit)
*/
-token_t *au_to_attr32(struct vattr *attr)
+token_t *au_to_attr32(struct vnode_au_info *vni)
{
- return NULL;
-}
-
-/* Kernel-specific version of the above function */
-token_t *kau_to_attr32(struct vnode_au_info *vni)
-{
token_t *t;
- u_char *dptr;
- u_int32_t pad0_32 = 0;
+ u_char *dptr = NULL;
+ u_int16_t pad0_16 = 0;
+ u_int16_t pad0_32 = 0;
if(vni == NULL) {
+ errno = EINVAL;
return NULL;
}
-
+
+
GET_TOKEN_AREA(t, dptr, 29);
if(t == NULL) {
return NULL;
}
- ADD_U_CHAR(dptr, AU_ATTR32_TOKEN);
- ADD_U_INT32(dptr, vni->vn_mode);
+ ADD_U_CHAR(dptr, AUT_ATTR32);
+
+ /*
+ * Darwin defines the size for the file mode
+ * as 2 bytes; BSM defines 4 so pad with 0
+ */
+ ADD_U_INT16(dptr, pad0_16);
+ ADD_U_INT16(dptr, vni->vn_mode);
+
ADD_U_INT32(dptr, vni->vn_uid);
ADD_U_INT32(dptr, vni->vn_gid);
ADD_U_INT32(dptr, vni->vn_fsid);
- /* Pad four bytes for the file ID due to BSM's need for 8 bytes */
- ADD_U_INT32(dptr, pad0_32);
- ADD_U_INT32(dptr, vni->vn_fileid);
- ADD_U_INT32(dptr, vni->vn_gen);
-
- return t;
-}
-token_t *au_to_attr64(struct vattr *attr)
-{
- token_t *t;
- u_char *dptr;
+ /*
+ * Some systems use 32-bit file ID's, other's use 64-bit file IDs.
+ * Attempt to handle both, and let the compiler sort it out. If we
+ * could pick this out at compile-time, it would be better, so as to
+ * avoid the else case below.
+ */
+ if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) {
+ ADD_U_INT32(dptr, pad0_32);
+ ADD_U_INT32(dptr, vni->vn_fileid);
+ } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) {
+ ADD_U_INT64(dptr, vni->vn_fileid);
+ } else {
+ ADD_U_INT64(dptr, 0LL);
+ }
- if(attr == NULL) {
- return NULL;
- }
-
-
- GET_TOKEN_AREA(t, dptr, 33);
- if(t == NULL) {
- return NULL;
- }
+ ADD_U_INT32(dptr, vni->vn_dev);
- ADD_U_CHAR(dptr, AU_ATTR64_TOKEN);
- ADD_U_INT32(dptr, attr->va_mode);
- ADD_U_INT32(dptr, attr->va_uid);
- ADD_U_INT32(dptr, attr->va_gid);
- ADD_U_INT32(dptr, attr->va_fsid);
- ADD_U_INT64(dptr, attr->va_fileid);
- ADD_U_INT64(dptr, attr->va_rdev);
-
return t;
}
-token_t *au_to_attr(struct vattr *attr)
+token_t *au_to_attr64(struct vnode_au_info *vni)
{
- return au_to_attr32(attr);
+ errno = ENOTSUP;
+ return NULL;
}
+token_t *au_to_attr(struct vnode_au_info *vni)
+{
+ return au_to_attr32(vni);
+}
+#endif /* !(defined(_KERNEL) || defined(KERNEL) */
+
/*
* token ID 1 byte
* how to print 1 byte
@@ -194,13 +231,14 @@
char unit_count, char *p)
{
token_t *t;
- u_char *dptr;
+ u_char *dptr = NULL;
size_t datasize, totdata;
-
+
if(p == NULL) {
+ errno = EINVAL;
return NULL;
}
-
+
/* Determine the size of the basic unit */
switch(unit_type) {
case AUR_BYTE: datasize = AUR_BYTE_SIZE;
@@ -208,56 +246,59 @@
case AUR_SHORT: datasize = AUR_SHORT_SIZE;
break;
-
+
case AUR_LONG: datasize = AUR_LONG_SIZE;
break;
-
- default: return NULL;
+
+ default:
+ errno = EINVAL;
+ return NULL;
}
totdata = datasize * unit_count;
-
+
GET_TOKEN_AREA(t, dptr, totdata + 4);
if(t == NULL) {
return NULL;
}
- ADD_U_CHAR(dptr, AU_ARB_TOKEN);
+ ADD_U_CHAR(dptr, AUT_DATA);
ADD_U_CHAR(dptr, unit_print);
ADD_U_CHAR(dptr, unit_type);
ADD_U_CHAR(dptr, unit_count);
ADD_MEM(dptr, p, totdata);
-
+
return t;
}
+
/*
* token ID 1 byte
* status 4 bytes
- * return value 4 bytes
+ * return value 4 bytes
*/
token_t *au_to_exit(int retval, int err)
{
token_t *t;
- u_char *dptr;
-
+ u_char *dptr = NULL;
+
GET_TOKEN_AREA(t, dptr, 9);
if(t == NULL) {
return NULL;
}
-
- ADD_U_CHAR(dptr, AU_EXIT_TOKEN);
+
+ ADD_U_CHAR(dptr, AUT_EXIT);
ADD_U_INT32(dptr, err);
ADD_U_INT32(dptr, retval);
- return t;
+ return t;
}
/*
*/
token_t *au_to_groups(int *groups)
{
- return au_to_newgroups(MAX_GROUPS, groups);
+ return au_to_newgroups(BSM_MAX_GROUPS, groups);
}
/*
@@ -268,25 +309,26 @@
token_t *au_to_newgroups(u_int16_t n, gid_t *groups)
{
token_t *t;
- u_char *dptr;
+ u_char *dptr = NULL;
int i;
-
+
if(groups == NULL) {
+ errno = EINVAL;
return NULL;
}
-
+
GET_TOKEN_AREA(t, dptr, n * 4 + 3);
if(t == NULL) {
return NULL;
}
-
- ADD_U_CHAR(dptr, AU_NEWGROUPS_TOKEN);
+
+ ADD_U_CHAR(dptr, AUT_NEWGROUPS);
ADD_U_INT16(dptr, n);
for(i = 0; i < n; i++) {
ADD_U_INT32(dptr, groups[i]);
}
-
- return t;
+
+ return t;
}
@@ -299,9 +341,10 @@
token_t *au_to_in_addr(struct in_addr *internet_addr)
{
token_t *t;
- u_char *dptr;
-
+ u_char *dptr = NULL;
+
if(internet_addr == NULL) {
+ errno = EINVAL;
return NULL;
}
@@ -309,8 +352,8 @@
if(t == NULL) {
return NULL;
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list