PERFORCE change 92786 for review

Robert Watson rwatson at FreeBSD.org
Sun Mar 5 07:34:14 PST 2006 

http://perforce.freebsd.org/chv.cgi?CH=92786

Change 92786 by rwatson at rwatson_peppercorn on 2006/03/05 15:33:21

	Various compatibility and functionality tweaks to help support a
	BSM file format and API test suite:
	
	- Support a more complete range of data types for the arbitrary
	  data token: add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG,
	  add AUR_INT32 (alias to AUR_INT), add AUR_INT64.
	
	- Add au_close_token(), which allows writing a single token_t to
	  a memory buffer.  Not likely to be used much by applications,
	  but useful for writing test tools.  This is not a Solaris BSM
	  API.
	
	- Modify au_to_file() so that it accepts a timeval in user space,
	  not just  kernel -- this is not a Solaris BSM API so can be
	  modified without causing compatibility issues.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/HISTORY#4 edit
.. //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#15 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#6 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#25 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#35 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#44 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/HISTORY#4 (text+ko) ====

@@ -4,6 +4,15 @@
   previously we used hard-coded 0 and 1 values.
 - Add man page for au_open(), au_write(), au_close(), and
   au_close_buffer().
+- Support a more complete range of data types for the arbitrary data token:
+  add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
+  to AUR_INT), add AUR_INT64.
+- Add au_close_token(), which allows writing a single token_t to a memory
+  buffer.  Not likely to be used much by applications, but useful for
+  writing test tools.
+- Modify au_to_file() so that it accepts a timeval in user space, not just
+  kernel -- this is not a Solaris BSM API so can be modified without
+  causing compatibility issues.
 
 OpenBSM 1.0 alpha 5
 
@@ -131,4 +140,4 @@
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#3 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#4 $

==== //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#15 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#14 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#15 $
  */
 
 #ifndef _BSM_AUDIT_RECORD_H_
@@ -187,13 +187,19 @@
 
 /* data-types for the arbitrary token */
 #define AUR_BYTE        0
+#define AUR_CHAR        AUR_BYTE
 #define AUR_SHORT       1
-#define AUR_LONG        2
+#define AUR_INT32       2
+#define AUR_INT         AUR_INT
+#define AUR_INT64       3
 
 /* ... and their sizes */
 #define AUR_BYTE_SIZE       sizeof(u_char)
+#define AUR_CHAR_SIZE       AUR_BYTE_SIZE
 #define AUR_SHORT_SIZE      sizeof(uint16_t)
-#define AUR_LONG_SIZE       sizeof(uint32_t)
+#define AUR_INT32_SIZE      sizeof(uint32_t)
+#define AUR_INT_SIZE        AUR_INT32_SIZE
+#define AUR_INT64_SIZE      sizeof(uint64_t)
 
 /* Modifiers for the header token */
 #define PAD_NOTATTR  0x4000   /* nonattributable event */
@@ -230,12 +236,9 @@
 int	 au_write(int d, token_t *m);
 int	 au_close(int d, int keep, short event);
 int	 au_close_buffer(int d, short event, u_char *buffer, size_t *buflen);
+int	 au_close_token(token_t *tok, u_char *buffer, size_t *buflen);
 
-#if defined(KERNEL) || defined(_KERNEL)
 token_t	*au_to_file(char *file, struct timeval tm);
-#else
-token_t	*au_to_file(char *file);
-#endif
 
 #if defined(KERNEL) || defined(_KERNEL)
 token_t	*au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod,

==== //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 (text+ko) ====

@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#3 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 $
 .\"
 .Dd March 4, 2006
 .Dt AU_OPEN 3
@@ -46,6 +46,8 @@
 .Fn au_close "int d" "int keep" "short event"
 .Ft int
 .Fn au_close_buffer "int d" "short event" "u_char *buffer" "size_t *buflen"
+.Ft int
+.Fn au_close_token "token_t *tok" "u_char *buffer" "size_t *buflen"
 .Sh DESCRIPTION
 These interfaces allow applications to allocate audit records, construct a
 record using a series of tokens, and commit the audit record to the system
@@ -90,6 +92,17 @@
 The argument
 .Va short
 is the event identifier to use in the record header.
+.Pp
+The
+.Fn au_close_token
+function generates the BSM stream output for a single token,
+.Va tok ,
+in the passed buffer
+.Va buffer .
+The initial buffer size and resulting data size are passed via
+.Va *buflen .
+.Fn au_close_token
+will free the token before returning.
 .Sh RETURN VALUES
 The function
 .Fn au_open
@@ -100,8 +113,9 @@
 The functions
 .Fn au_write ,
 .Fn au_close ,
+.Fn au_close_buffer ,
 and
-.Fn au_close_buffer
+.Fn au_close_token
 return 0 on success, or a negative value on failure, along with error
 information in
 .Va errno .
@@ -120,9 +134,6 @@
 It was subsequently adopted by the TrustedBSD Project as the foundation for
 the OpenBSM distribution.
 .Sh BUGS
-There is currently no interface to extract a single token without
-it being automatically wrapped in a header and trailer.
-.Pp
 Currently,
 .Fn au_open
 does not reserve kernel resources necessary to commit the record to the

==== //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#6 (text+ko) ====

@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#6 $
 .\"
 .Dd April 19, 2005
 .Dt AU_TOKEN 3
@@ -116,9 +116,7 @@
 .Ft token_t *
 .Fn au_to_opaque "char *data" "u_int64_t bytes"
 .Ft token_t *
-.Fn au_to_file "char *file"
-.Ft token_t *
-.Fn au_to_file "char *file"
+.Fn au_to_file "char *file" "struct timeval tm"
 .Ft token_t *
 .Fn au_to_text "char *text"
 .Ft token_t *

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#25 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#24 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#25 $
  */
 
 #include <sys/types.h>
@@ -360,3 +360,24 @@
 	au_teardown(rec);
 	return (retval);
 }
+
+/*
+ * au_close_token() returns the byte format of a token_t.  This won't
+ * generally be used by applications, but is quite useful for writing test
+ * tools.  Will free the token on either success or failure.
+ */
+int
+au_close_token(token_t *tok, u_char *buffer, size_t *buflen)
+{
+
+	if (tok->len > *buflen) {
+		au_free_token(tok);
+		errno = ENOMEM;
+		return (EINVAL);
+	}
+
+	memcpy(buffer, tok->t_data, tok->len);
+	*buflen = tok->len;
+	au_free_token(tok);
+	return (0);
+}

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#35 (text+ko) ====

@@ -31,7 +31,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#34 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#35 $
  */
 
 #include <sys/types.h>
@@ -893,6 +893,7 @@
 	 */
 	switch(tok->tt.arb.bu) {
 	case AUR_BYTE:
+	/* case AUR_CHAR: */
 		datasize = AUR_BYTE_SIZE;
 		break;
 
@@ -900,8 +901,13 @@
 		datasize = AUR_SHORT_SIZE;
 		break;
 
-	case AUR_LONG:
-		datasize = AUR_LONG_SIZE;
+	case AUR_INT32:
+	/* case AUR_INT: */
+		datasize = AUR_INT32_SIZE;
+		break;
+
+	case AUR_INT64:
+		datasize = AUR_INT64_SIZE;
 		break;
 
 	default:
@@ -962,6 +968,7 @@
 	print_delim(fp, del);
 	switch(tok->tt.arb.bu) {
 	case AUR_BYTE:
+	/* case AUR_CHAR: */
 		str = "byte";
 		size = AUR_BYTE_SIZE;
 		print_string(fp, str, strlen(str));
@@ -979,23 +986,36 @@
 		print_delim(fp, del);
 		print_1_byte(fp, tok->tt.arb.uc, "%u");
 		print_delim(fp, del);
-		for (i = 0; i<tok->tt.arb.uc; i++)
+		for (i = 0; i < tok->tt.arb.uc; i++)
 			fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data +
 			    (size * i))));
 		break;
 
-	case AUR_LONG:
+	case AUR_INT32:
+	/* case AUR_INT: */
 		str = "int";
-		size = AUR_LONG_SIZE;
+		size = AUR_INT32_SIZE;
 		print_string(fp, str, strlen(str));
 		print_delim(fp, del);
 		print_1_byte(fp, tok->tt.arb.uc, "%u");
 		print_delim(fp, del);
-		for (i = 0; i<tok->tt.arb.uc; i++)
+		for (i = 0; i < tok->tt.arb.uc; i++)
 			fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data +
 			    (size * i))));
 		break;
 
+	case AUR_INT64:
+		str = "int64";
+		size = AUR_INT64_SIZE;
+		print_string(fp, str, strlen(str));
+		print_delim(fp, del);
+		print_1_byte(fp, tok->tt.arb.uc, "%u");
+		print_delim(fp, del);
+		for (i = 0; i < tok->tt.arb.uc; i++)
+			fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data +
+			    (size * i))));
+		break;
+
 	default:
 		return;
 	}

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#44 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#43 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#44 $
  */
 
 #include <sys/types.h>
@@ -243,6 +243,7 @@
 	/* Determine the size of the basic unit. */
 	switch (unit_type) {
 	case AUR_BYTE:
+	/* case AUR_CHAR: */
 		datasize = AUR_BYTE_SIZE;
 		break;
 
@@ -250,8 +251,13 @@
 		datasize = AUR_SHORT_SIZE;
 		break;
 
-	case AUR_LONG:
-		datasize = AUR_LONG_SIZE;
+	case AUR_INT32:
+	/* case AUR_INT: */
+		datasize = AUR_INT32_SIZE;
+		break;
+
+	case AUR_INT64:
+		datasize = AUR_INT64_SIZE;
 		break;
 
 	default:
@@ -261,7 +267,7 @@
 
 	totdata = datasize * unit_count;
 
-	GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char));
+	GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata);
 	if (t == NULL)
 		return (NULL);
 
@@ -528,23 +534,12 @@
  * file pathname           N bytes + 1 terminating NULL byte
  */
 token_t *
-#if defined(KERNEL) || defined(_KERNEL)
 au_to_file(char *file, struct timeval tm)
-#else
-au_to_file(char *file)
-#endif
 {
 	token_t *t;
 	u_char *dptr = NULL;
 	u_int16_t filelen;
 	u_int32_t timems;
-#if !defined(KERNEL) && !defined(_KERNEL)
-	struct timeval tm;
-	struct timezone tzp;
-
-	if (gettimeofday(&tm, &tzp) == -1)
-		return (NULL);
-#endif
 
 	filelen = strlen(file);
 	filelen += 1;

More information about the trustedbsd-cvs mailing list