PERFORCE change 98552 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jun 5 06:29:32 PDT 2006
http://perforce.freebsd.org/chv.cgi?CH=98552
Change 98552 by rwatson at rwatson_zoo on 2006/06/05 13:26:20
Integrate TrustedBSD base branch from FreeBSD CVS to loop back
various audit-related changes:
- Merge OpenBSM 1.0 alpha 6 changes into src/sys/bsm,
src/sys/security/audit.
- Audit accounting setup.
Affected files ...
.. //depot/projects/trustedbsd/base/sys/bsm/audit.h#4 integrate
.. //depot/projects/trustedbsd/base/sys/bsm/audit_record.h#2 integrate
.. //depot/projects/trustedbsd/base/sys/dev/acpi_support/acpi_panasonic.c#5 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_acct.c#29 integrate
.. //depot/projects/trustedbsd/base/sys/pc98/pc98/machdep.c#11 integrate
.. //depot/projects/trustedbsd/base/sys/security/audit/audit_bsm.c#4 integrate
.. //depot/projects/trustedbsd/base/sys/security/audit/audit_bsm_token.c#3 integrate
Differences ...
==== //depot/projects/trustedbsd/base/sys/bsm/audit.h#4 (text+ko) ====
@@ -30,8 +30,8 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/base/sys/bsm/audit.h#3 $
- * $FreeBSD: src/sys/bsm/audit.h,v 1.3 2006/03/04 16:54:21 rwatson Exp $
+ * $P4: //depot/projects/trustedbsd/base/sys/bsm/audit.h#4 $
+ * $FreeBSD: src/sys/bsm/audit.h,v 1.4 2006/06/05 12:55:45 rwatson Exp $
*/
#ifndef _BSM_AUDIT_H
@@ -282,11 +282,11 @@
unsigned int as_version;
unsigned int as_numevent;
int as_generated;
- int as_nonattring;
+ int as_nonattrib;
int as_kernel;
int as_audit;
int as_auditctl;
- int as_enqueu;
+ int as_enqueue;
int as_written;
int as_wblocked;
int as_rblocked;
==== //depot/projects/trustedbsd/base/sys/bsm/audit_record.h#2 (text) ====
@@ -30,24 +30,16 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#8 $
- * $FreeBSD: src/sys/bsm/audit_record.h,v 1.1 2006/02/01 19:54:22 rwatson Exp $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#13 $
+ * $FreeBSD: src/sys/bsm/audit_record.h,v 1.2 2006/06/05 13:00:52 rwatson Exp $
*/
#ifndef _BSM_AUDIT_RECORD_H_
#define _BSM_AUDIT_RECORD_H_
-/* Various token id types */
-
/*
- * Values inside the comments are not documented in the BSM pages and
- * have been picked up from the header files
+ * Token type identifiers.
*/
-
-/*
- * Values marked as XXX do not have a value defined in the BSM header files
- */
-
#define AUT_INVALID 0x00
#define AUT_OTHER_FILE32 0x11
#define AUT_OHEADER 0x12
@@ -188,13 +180,19 @@
/* data-types for the arbitrary token */
#define AUR_BYTE 0
+#define AUR_CHAR AUR_BYTE
#define AUR_SHORT 1
-#define AUR_LONG 2
+#define AUR_INT32 2
+#define AUR_INT AUR_INT
+#define AUR_INT64 3
/* ... and their sizes */
#define AUR_BYTE_SIZE sizeof(u_char)
+#define AUR_CHAR_SIZE AUR_BYTE_SIZE
#define AUR_SHORT_SIZE sizeof(uint16_t)
-#define AUR_LONG_SIZE sizeof(uint32_t)
+#define AUR_INT32_SIZE sizeof(uint32_t)
+#define AUR_INT_SIZE AUR_INT32_SIZE
+#define AUR_INT64_SIZE sizeof(uint64_t)
/* Modifiers for the header token */
#define PAD_NOTATTR 0x4000 /* nonattributable event */
@@ -231,24 +229,18 @@
int au_write(int d, token_t *m);
int au_close(int d, int keep, short event);
int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen);
+int au_close_token(token_t *tok, u_char *buffer, size_t *buflen);
-#if defined(KERNEL) || defined(_KERNEL)
token_t *au_to_file(char *file, struct timeval tm);
-#else
-token_t *au_to_file(char *file);
-#endif
-#if defined(KERNEL) || defined(_KERNEL)
-token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod,
+token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
struct timeval tm);
-token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod,
- struct timeval tm);
-#else
+#if !defined(KERNEL) && !defined(_KERNEL)
token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
#endif
-token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_me(void);
token_t *au_to_arg(char n, char *text, uint32_t v);
token_t *au_to_arg32(char n, char *text, uint32_t v);
==== //depot/projects/trustedbsd/base/sys/dev/acpi_support/acpi_panasonic.c#5 (text+ko) ====
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/dev/acpi_support/acpi_panasonic.c,v 1.9 2005/09/11 18:39:00 obrien Exp $");
+__FBSDID("$FreeBSD: src/sys/dev/acpi_support/acpi_panasonic.c,v 1.10 2006/06/05 11:55:20 nyan Exp $");
#include "opt_acpi.h"
#include <sys/param.h>
@@ -413,8 +413,11 @@
acpi_panasonic_hkey_action(struct acpi_panasonic_softc *sc, ACPI_HANDLE h,
UINT32 key)
{
+ struct acpi_softc *acpi_sc;
int arg, max, min;
+ acpi_sc = acpi_device_get_parent_softc(sc->dev);
+
ACPI_SERIAL_ASSERT(panasonic);
switch (key) {
case 1:
@@ -450,6 +453,10 @@
arg = 1;
hkey_sound_mute(h, HKEY_SET, &arg);
break;
+ case 7:
+ /* Suspend. */
+ acpi_SetSleepState(acpi_sc, ACPI_STATE_S3);
+ break;
}
}
==== //depot/projects/trustedbsd/base/sys/kern/kern_acct.c#29 (text+ko) ====
@@ -42,7 +42,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/kern_acct.c,v 1.81 2006/03/28 21:26:59 jhb Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/kern_acct.c,v 1.82 2006/06/05 13:02:34 rwatson Exp $");
#include "opt_mac.h"
@@ -171,8 +171,8 @@
* appending and make sure it's a 'normal'.
*/
if (uap->path != NULL) {
- NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE, UIO_USERSPACE,
- uap->path, td);
+ NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1,
+ UIO_USERSPACE, uap->path, td);
flags = FWRITE | O_APPEND;
error = vn_open(&nd, &flags, 0, -1);
if (error)
==== //depot/projects/trustedbsd/base/sys/pc98/pc98/machdep.c#11 (text+ko) ====
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/pc98/pc98/machdep.c,v 1.375 2006/05/11 17:29:23 phk Exp $");
+__FBSDID("$FreeBSD: src/sys/pc98/pc98/machdep.c,v 1.376 2006/06/05 11:53:36 nyan Exp $");
#include "opt_atalk.h"
#include "opt_compat.h"
@@ -2540,6 +2540,10 @@
bcopy(&mcp->mc_fpstate, addr, sizeof(mcp->mc_fpstate));
}
#ifdef DEV_NPX
+#ifdef CPU_ENABLE_SSE
+ if (cpu_fxsr)
+ addr->sv_xmm.sv_env.en_mxcsr &= cpu_mxcsr_mask;
+#endif
/*
* XXX we violate the dubious requirement that npxsetregs()
* be called with interrupts disabled.
==== //depot/projects/trustedbsd/base/sys/security/audit/audit_bsm.c#4 (text) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/audit/audit_bsm.c,v 1.4 2006/03/19 17:34:00 rwatson Exp $
+ * $FreeBSD: src/sys/security/audit/audit_bsm.c,v 1.5 2006/06/05 13:13:02 rwatson Exp $
*/
#include <sys/param.h>
@@ -122,7 +122,7 @@
/* Create the header token */
tm.tv_usec = ctime->tv_nsec / 1000;
tm.tv_sec = ctime->tv_sec;
- hdr = au_to_header32(tot_rec_size, event, 0, tm);
+ hdr = au_to_header32_tm(tot_rec_size, event, 0, tm);
TAILQ_INSERT_HEAD(&rec->token_q, hdr, tokens);
trail = au_to_trailer(tot_rec_size);
==== //depot/projects/trustedbsd/base/sys/security/audit/audit_bsm_token.c#3 (text) ====
@@ -30,12 +30,13 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#9 $
- * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.2 2006/03/04 17:00:55 rwatson Exp $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#15 $
+ * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.3 2006/06/05 13:13:02 rwatson Exp $
*/
#include <sys/types.h>
#include <sys/endian.h>
+#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/time.h>
@@ -208,6 +209,7 @@
/* Determine the size of the basic unit. */
switch (unit_type) {
case AUR_BYTE:
+ /* case AUR_CHAR: */
datasize = AUR_BYTE_SIZE;
break;
@@ -215,8 +217,13 @@
datasize = AUR_SHORT_SIZE;
break;
- case AUR_LONG:
- datasize = AUR_LONG_SIZE;
+ case AUR_INT32:
+ /* case AUR_INT: */
+ datasize = AUR_INT32_SIZE;
+ break;
+
+ case AUR_INT64:
+ datasize = AUR_INT64_SIZE;
break;
default:
@@ -225,7 +232,7 @@
totdata = datasize * unit_count;
- GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char));
+ GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata);
ADD_U_CHAR(dptr, AUT_DATA);
ADD_U_CHAR(dptr, unit_print);
@@ -299,10 +306,10 @@
token_t *t;
u_char *dptr = NULL;
- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t));
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t));
ADD_U_CHAR(dptr, AUT_IN_ADDR);
- ADD_U_INT32(dptr, internet_addr->s_addr);
+ ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t));
return (t);
}
@@ -319,11 +326,11 @@
u_char *dptr = NULL;
u_int32_t type = AF_INET6;
- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int32_t));
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t));
ADD_U_CHAR(dptr, AUT_IN_ADDR_EX);
ADD_U_INT32(dptr, type);
- ADD_MEM(dptr, internet_addr, sizeof(*internet_addr));
+ ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t));
return (t);
}
@@ -463,25 +470,13 @@
* file pathname N bytes + 1 terminating NULL byte
*/
token_t *
-#if defined(KERNEL) || defined(_KERNEL)
au_to_file(char *file, struct timeval tm)
-#else
-au_to_file(char *file)
-#endif
{
token_t *t;
u_char *dptr = NULL;
u_int16_t filelen;
u_int32_t timems;
-#if !defined(KERNEL) && !defined(_KERNEL)
- struct timeval tm;
- struct timezone tzp;
- if (gettimeofday(&tm, &tzp) == -1)
- return (NULL);
-#endif
- /* XXXRW: else ...? */
-
filelen = strlen(file);
filelen += 1;
@@ -578,7 +573,7 @@
ADD_U_INT32(dptr, pid);
ADD_U_INT32(dptr, sid);
ADD_U_INT32(dptr, tid->port);
- ADD_U_INT32(dptr, tid->machine);
+ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
return (t);
}
@@ -822,19 +817,26 @@
{
token_t *t;
u_char *dptr = NULL;
+ uint16_t family;
- GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) +
- sizeof(u_int32_t));
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) +
+ sizeof(uint32_t));
ADD_U_CHAR(dptr, AUT_SOCKINET32);
/*
- * In Darwin, sin_family is one octet, but BSM defines the token
- * to store two. So we copy in a 0 first.
+ * BSM defines the family field as 16 bits, but many operating
+ * systems have an 8-bit sin_family field. Extend to 16 bits before
+ * writing into the token. Assume that both the port and the address
+ * in the sockaddr_in are already in network byte order, but family
+ * is in local byte order.
+ *
+ * XXXRW: Should a name space conversion be taking place on the value
+ * of sin_family?
*/
- ADD_U_CHAR(dptr, 0);
- ADD_U_CHAR(dptr, so->sin_family);
- ADD_U_INT16(dptr, so->sin_port);
- ADD_U_INT32(dptr, so->sin_addr.s_addr);
+ family = so->sin_family;
+ ADD_U_INT16(dptr, family);
+ ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t));
+ ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t));
return (t);
@@ -858,7 +860,7 @@
ADD_U_CHAR(dptr, so->sin6_family);
ADD_U_INT16(dptr, so->sin6_port);
- ADD_MEM(dptr, &so->sin6_addr, sizeof(so->sin6_addr));
+ ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t));
return (t);
@@ -902,7 +904,7 @@
ADD_U_INT32(dptr, pid);
ADD_U_INT32(dptr, sid);
ADD_U_INT32(dptr, tid->port);
- ADD_U_INT32(dptr, tid->machine);
+ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
return (t);
}
@@ -1088,24 +1090,12 @@
* milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value)
*/
token_t *
-#if defined(KERNEL) || defined(_KERNEL)
-au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod,
+au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
struct timeval tm)
-#else
-au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
-#endif
{
token_t *t;
u_char *dptr = NULL;
u_int32_t timems;
-#if !defined(KERNEL) && !defined(_KERNEL)
- struct timeval tm;
- struct timezone tzp;
-
- if (gettimeofday(&tm, &tzp) == -1)
- return (NULL);
-#endif
- /* XXXRW: else ...? */
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t));
@@ -1124,30 +1114,6 @@
return (t);
}
-token_t *
-au_to_header64(__unused int rec_size, __unused au_event_t e_type,
- __unused au_emod_t e_mod)
-{
-
- return (NULL);
-}
-
-token_t *
-#if defined(KERNEL) || defined(_KERNEL)
-au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod,
- struct timeval tm)
-{
-
- return (au_to_header32(rec_size, e_type, e_mod, tm));
-}
-#else
-au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod)
-{
-
- return (au_to_header32(rec_size, e_type, e_mod));
-}
-#endif
-
/*
* token ID 1 byte
* trailer magic number 2 bytes
More information about the trustedbsd-cvs
mailing list