PERFORCE change 110202 for review
Robert Watson
rwatson at FreeBSD.org
Tue Nov 21 17:24:29 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=110202
Change 110202 by rwatson at rwatson_fledge on 2006/11/18 09:42:17
Add encoding and decoding routines for process64_ex, process32_ex,
subject64_ex token types.
Submitted by: Diego Giagio <dgiagio at gmail dot com>
Affected files ...
.. //depot/projects/trustedbsd/openbsm/HISTORY#45 edit
.. //depot/projects/trustedbsd/openbsm/README#22 edit
.. //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#24 edit
.. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#32 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#43 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#53 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/HISTORY#45 (text+ko) ====
@@ -5,6 +5,8 @@
- Countless man page fixes.
- praudit XML support via "praudit -x".
- audit.log.5 expanded to include additional BSM token types.
+- Added encoding and decoding routines for process64_ex, process32_ex, and
+ subject32_ex tokens.
OpenBSM 1.0 alpha 12
@@ -272,4 +274,4 @@
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#44 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#45 $
==== //depot/projects/trustedbsd/openbsm/README#22 (text+ko) ====
@@ -78,6 +78,7 @@
Martin Englund
Ruslan Ermilov
Martin Voros
+ Diego Giagio
In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
Software's FlexeLint tool were used to identify a number of bugs in the
@@ -99,4 +100,4 @@
http://www.TrustedBSD.org/
-$P4: //depot/projects/trustedbsd/openbsm/README#21 $
+$P4: //depot/projects/trustedbsd/openbsm/README#22 $
==== //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#24 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#23 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#24 $
*/
#ifndef _BSM_AUDIT_RECORD_H_
@@ -246,6 +246,8 @@
token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
struct timeval tm);
+token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+ struct timeval tm);
#if !defined(KERNEL) && !defined(_KERNEL)
token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#32 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#31 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#32 $
*/
#ifndef _LIBBSM_H_
@@ -164,6 +164,12 @@
u_int32_t addr[4];
} au_tidaddr32_t;
+typedef struct au_tidaddr64 {
+ u_int64_t port;
+ u_int32_t type;
+ u_int32_t addr[4];
+} au_tidaddr64_t;
+
/*
* argument # 1 byte
* argument value 4 bytes/8 bytes (32-bit/64-bit value)
@@ -483,6 +489,17 @@
au_tidaddr32_t tid;
} au_proc32ex_t;
+typedef struct {
+ u_int32_t auid;
+ u_int32_t euid;
+ u_int32_t egid;
+ u_int32_t ruid;
+ u_int32_t rgid;
+ u_int32_t pid;
+ u_int32_t sid;
+ au_tidaddr64_t tid;
+} au_proc64ex_t;
+
/*
* error status 1 byte
* return value 4 bytes/8 bytes (32-bit/64-bit value)
@@ -616,6 +633,17 @@
au_tidaddr32_t tid;
} au_subject32ex_t;
+typedef struct {
+ u_int32_t auid;
+ u_int32_t euid;
+ u_int32_t egid;
+ u_int32_t ruid;
+ u_int32_t rgid;
+ u_int32_t pid;
+ u_int32_t sid;
+ au_tidaddr64_t tid;
+} au_subject64ex_t;
+
/*
* text length 2 bytes
* text N bytes + 1 terminating NULL byte
@@ -675,8 +703,9 @@
au_opaque_t opaque;
au_path_t path;
au_proc32_t proc32;
+ au_proc32ex_t proc32_ex;
au_proc64_t proc64;
- au_proc32ex_t proc32_ex;
+ au_proc64ex_t proc64_ex;
au_ret32_t ret32;
au_ret64_t ret64;
au_seq_t seq;
@@ -685,8 +714,9 @@
au_socketinet32_t sockinet32;
au_socketunix_t sockunix;
au_subject32_t subj32;
+ au_subject32ex_t subj32_ex;
au_subject64_t subj64;
- au_subject32ex_t subj32_ex;
+ au_subject64ex_t subj64_ex;
au_text_t text;
au_kevent_t kevent;
au_invalid_t invalid;
==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#43 (text+ko) ====
@@ -32,7 +32,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#42 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#43 $
*/
#include <sys/types.h>
@@ -333,6 +333,14 @@
fprintf(fp, "/>");
break;
+ case AUT_PROCESS64:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_PROCESS64_EX:
+ fprintf(fp, "/>");
+ break;
+
case AUT_RETURN32:
fprintf(fp, "/>");
break;
@@ -369,6 +377,10 @@
fprintf(fp, "/>");
break;
+ case AUT_SUBJECT64_EX:
+ fprintf(fp, "/>");
+ break;
+
case AUT_TEXT:
fprintf(fp, "</text>");
break;
@@ -488,6 +500,14 @@
fprintf(fp, "<process ");
break;
+ case AUT_PROCESS64:
+ fprintf(fp, "<process ");
+ break;
+
+ case AUT_PROCESS64_EX:
+ fprintf(fp, "<process ");
+ break;
+
case AUT_RETURN32:
fprintf(fp, "<return ");
break;
@@ -524,6 +544,10 @@
fprintf(fp, "<subject ");
break;
+ case AUT_SUBJECT64_EX:
+ fprintf(fp, "<subject ");
+ break;
+
case AUT_TEXT:
fprintf(fp, "<text>");
break;
@@ -2530,7 +2554,133 @@
}
}
+/*
+ * token ID 1 byte
+ * audit ID 4 bytes
+ * euid 4 bytes
+ * egid 4 bytes
+ * ruid 4 bytes
+ * rgid 4 bytes
+ * pid 4 bytes
+ * sessid 4 bytes
+ * terminal ID
+ * portid 8 bytes
+ * machine id 4 bytes
+ */
static int
+fetch_process64_tok(tokenstr_t *tok, char *buf, int len)
+{
+ int err = 0;
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.auid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.euid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.egid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.ruid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.rgid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.pid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.sid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT64(buf, len, tok->tt.proc64.tid.port, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_BYTES(buf, len, &tok->tt.proc64.tid.addr,
+ sizeof(tok->tt.proc64.tid.addr), tok->len, err);
+ if (err)
+ return (-1);
+
+ return (0);
+}
+
+static void
+print_process64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
+ __unused char sfrm, int xml)
+{
+ print_tok_type(fp, tok->id, "process", raw, xml);
+ if (xml) {
+ open_attr(fp, "audit-uid");
+ print_user(fp, tok->tt.proc64.auid, raw);
+ close_attr(fp);
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.proc64.euid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.proc64.egid, raw);
+ close_attr(fp);
+ open_attr(fp, "ruid");
+ print_user(fp, tok->tt.proc64.ruid, raw);
+ close_attr(fp);
+ open_attr(fp, "rgid");
+ print_group(fp, tok->tt.proc64.rgid, raw);
+ close_attr(fp);
+ open_attr(fp, "pid");
+ print_4_bytes(fp, tok->tt.proc64.pid, "%u");
+ close_attr(fp);
+ open_attr(fp, "sid");
+ print_4_bytes(fp, tok->tt.proc64.sid, "%u");
+ close_attr(fp);
+ open_attr(fp, "tid");
+ print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu");
+ print_ip_address(fp, tok->tt.proc64.tid.addr);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc64.auid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc64.euid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.proc64.egid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc64.ruid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.proc64.rgid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.proc64.pid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.proc64.sid, "%u");
+ print_delim(fp, del);
+ print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu");
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.proc64.tid.addr);
+ }
+}
+
+/*
+ * token ID 1 byte
+ * audit ID 4 bytes
+ * effective user ID 4 bytes
+ * effective group ID 4 bytes
+ * real user ID 4 bytes
+ * real group ID 4 bytes
+ * process ID 4 bytes
+ * session ID 4 bytes
+ * terminal ID
+ * port ID 4 bytes
+ * address type-len 4 bytes
+ * machine address 16 bytes
+ */
+static int
fetch_process32ex_tok(tokenstr_t *tok, char *buf, int len)
{
int err = 0;
@@ -2646,6 +2796,135 @@
}
}
+/*
+ * token ID 1 byte
+ * audit ID 4 bytes
+ * effective user ID 4 bytes
+ * effective group ID 4 bytes
+ * real user ID 4 bytes
+ * real group ID 4 bytes
+ * process ID 4 bytes
+ * session ID 4 bytes
+ * terminal ID
+ * port ID 8 bytes
+ * address type-len 4 bytes
+ * machine address 16 bytes
+ */
+static int
+fetch_process64ex_tok(tokenstr_t *tok, char *buf, int len)
+{
+ int err = 0;
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.auid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.euid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.egid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.ruid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.rgid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.pid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.sid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT64(buf, len, tok->tt.proc64_ex.tid.port, tok->len,
+ err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.tid.type, tok->len,
+ err);
+ if (err)
+ return (-1);
+
+ if (tok->tt.proc64_ex.tid.type == AU_IPv4) {
+ READ_TOKEN_BYTES(buf, len, &tok->tt.proc64_ex.tid.addr[0],
+ sizeof(tok->tt.proc64_ex.tid.addr[0]), tok->len, err);
+ if (err)
+ return (-1);
+ } else if (tok->tt.proc64_ex.tid.type == AU_IPv6) {
+ READ_TOKEN_BYTES(buf, len, tok->tt.proc64_ex.tid.addr,
+ sizeof(tok->tt.proc64_ex.tid.addr), tok->len, err);
+ if (err)
+ return (-1);
+ } else
+ return (-1);
+
+ return (0);
+}
+
+static void
+print_process64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
+ __unused char sfrm, int xml)
+{
+ print_tok_type(fp, tok->id, "process_ex", raw, xml);
+ if (xml) {
+ open_attr(fp, "audit-uid");
+ print_user(fp, tok->tt.proc64_ex.auid, raw);
+ close_attr(fp);
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.proc64_ex.euid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.proc64_ex.egid, raw);
+ close_attr(fp);
+ open_attr(fp, "ruid");
+ print_user(fp, tok->tt.proc64_ex.ruid, raw);
+ close_attr(fp);
+ open_attr(fp, "rgid");
+ print_group(fp, tok->tt.proc64_ex.rgid, raw);
+ close_attr(fp);
+ open_attr(fp, "pid");
+ print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u");
+ close_attr(fp);
+ open_attr(fp, "sid");
+ print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u");
+ close_attr(fp);
+ open_attr(fp, "tid");
+ print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu");
+ print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type,
+ tok->tt.proc64_ex.tid.addr);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc64_ex.auid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc64_ex.euid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.proc64_ex.egid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc64_ex.ruid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.proc64_ex.rgid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u");
+ print_delim(fp, del);
+ print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu");
+ print_delim(fp, del);
+ print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type,
+ tok->tt.proc64_ex.tid.addr);
+ }
+}
+
/*
* errno 1 byte
* return value 4 bytes
@@ -3290,6 +3569,134 @@
}
/*
+ * audit ID 4 bytes
+ * euid 4 bytes
+ * egid 4 bytes
+ * ruid 4 bytes
+ * rgid 4 bytes
+ * pid 4 bytes
+ * sessid 4 bytes
+ * terminal ID
+ * portid 8 bytes
+ * type 4 bytes
+ * machine id 16 bytes
+ */
+static int
+fetch_subject64ex_tok(tokenstr_t *tok, char *buf, int len)
+{
+ int err = 0;
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.auid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.euid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.egid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.ruid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.rgid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.pid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.sid, tok->len, err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT64(buf, len, tok->tt.subj64_ex.tid.port, tok->len,
+ err);
+ if (err)
+ return (-1);
+
+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.tid.type, tok->len,
+ err);
+ if (err)
+ return (-1);
+
+ if (tok->tt.subj64_ex.tid.type == AU_IPv4) {
+ READ_TOKEN_BYTES(buf, len, &tok->tt.subj64_ex.tid.addr[0],
+ sizeof(tok->tt.subj64_ex.tid.addr[0]), tok->len, err);
+ if (err)
+ return (-1);
+ } else if (tok->tt.subj64_ex.tid.type == AU_IPv6) {
+ READ_TOKEN_BYTES(buf, len, tok->tt.subj64_ex.tid.addr,
+ sizeof(tok->tt.subj64_ex.tid.addr), tok->len, err);
+ if (err)
+ return (-1);
+ } else
+ return (-1);
+
+ return (0);
+}
+
+static void
+print_subject64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
+ __unused char sfrm, int xml)
+{
+ print_tok_type(fp, tok->id, "subject_ex", raw, xml);
+ if (xml) {
+ open_attr(fp, "audit-uid");
+ print_user(fp, tok->tt.subj64_ex.auid, raw);
+ close_attr(fp);
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.subj64_ex.euid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.subj64_ex.egid, raw);
+ close_attr(fp);
+ open_attr(fp, "ruid");
+ print_user(fp, tok->tt.subj64_ex.ruid, raw);
+ close_attr(fp);
+ open_attr(fp, "rgid");
+ print_group(fp, tok->tt.subj64_ex.rgid, raw);
+ close_attr(fp);
+ open_attr(fp, "pid");
+ print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");
+ close_attr(fp);
+ open_attr(fp, "sid");
+ print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u");
+ close_attr(fp);
+ open_attr(fp, "tid");
+ print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu");
+ print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type,
+ tok->tt.subj64_ex.tid.addr);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj64_ex.auid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj64_ex.euid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.subj64_ex.egid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj64_ex.ruid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.subj64_ex.rgid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u");
+ print_delim(fp, del);
+ print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu");
+ print_delim(fp, del);
+ print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type,
+ tok->tt.subj64_ex.tid.addr);
+ }
+}
+
+/*
* size 2 bytes
* data size bytes
*/
@@ -3533,6 +3940,12 @@
case AUT_PROCESS32_EX:
return (fetch_process32ex_tok(tok, buf, len));
+ case AUT_PROCESS64:
+ return (fetch_process64_tok(tok, buf, len));
+
+ case AUT_PROCESS64_EX:
+ return (fetch_process64ex_tok(tok, buf, len));
+
case AUT_RETURN32:
return (fetch_return32_tok(tok, buf, len));
@@ -3554,11 +3967,14 @@
case AUT_SUBJECT32:
return (fetch_subject32_tok(tok, buf, len));
+ case AUT_SUBJECT32_EX:
+ return (fetch_subject32ex_tok(tok, buf, len));
+
case AUT_SUBJECT64:
return (fetch_subject64_tok(tok, buf, len));
- case AUT_SUBJECT32_EX:
- return (fetch_subject32ex_tok(tok, buf, len));
+ case AUT_SUBJECT64_EX:
+ return (fetch_subject64ex_tok(tok, buf, len));
case AUT_TEXT:
return (fetch_text_tok(tok, buf, len));
@@ -3682,6 +4098,14 @@
print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
return;
+ case AUT_PROCESS64:
+ print_process64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
+ return;
+
+ case AUT_PROCESS64_EX:
+ print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
+ return;
+
case AUT_RETURN32:
print_return32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
return;
@@ -3718,6 +4142,10 @@
print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
return;
+ case AUT_SUBJECT64_EX:
+ print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
+ return;
+
case AUT_TEXT:
print_text_tok(outfp, tok, del, raw, sfrm, AU_PLAIN);
return;
@@ -3840,6 +4268,14 @@
print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_XML);
return;
+ case AUT_PROCESS64:
+ print_process64_tok(outfp, tok, del, raw, sfrm, AU_XML);
+ return;
+
+ case AUT_PROCESS64_EX:
+ print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_XML);
+ return;
+
case AUT_RETURN32:
print_return32_tok(outfp, tok, del, raw, sfrm, AU_XML);
return;
@@ -3876,6 +4312,10 @@
print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_XML);
return;
+ case AUT_SUBJECT64_EX:
+ print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_XML);
+ return;
+
case AUT_TEXT:
print_text_tok(outfp, tok, del, raw, sfrm, AU_XML);
return;
==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#53 (text+ko) ====
@@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#52 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#53 $
*/
#include <sys/types.h>
@@ -212,9 +212,46 @@
token_t *
au_to_attr64(struct vnode_au_info *vni)
{
+ token_t *t;
+ u_char *dptr = NULL;
+ u_int16_t pad0_16 = 0;
+ u_int16_t pad0_32 = 0;
+
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) +
+ 3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2);
+ if (t == NULL)
+ return (NULL);
+
+ ADD_U_CHAR(dptr, AUT_ATTR64);
+
+ /*
+ * Darwin defines the size for the file mode
+ * as 2 bytes; BSM defines 4 so pad with 0
+ */
+ ADD_U_INT16(dptr, pad0_16);
+ ADD_U_INT16(dptr, vni->vn_mode);
+
+ ADD_U_INT32(dptr, vni->vn_uid);
+ ADD_U_INT32(dptr, vni->vn_gid);
+ ADD_U_INT32(dptr, vni->vn_fsid);
- errno = ENOTSUP;
- return (NULL);
+ /*
+ * Some systems use 32-bit file ID's, other's use 64-bit file IDs.
+ * Attempt to handle both, and let the compiler sort it out. If we
+ * could pick this out at compile-time, it would be better, so as to
+ * avoid the else case below.
+ */
+ if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) {
+ ADD_U_INT32(dptr, pad0_32);
+ ADD_U_INT32(dptr, vni->vn_fileid);
+ } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t))
+ ADD_U_INT64(dptr, vni->vn_fileid);
+ else
+ ADD_U_INT64(dptr, 0LL);
+
+ ADD_U_INT64(dptr, vni->vn_dev);
+
+ return (t);
}
token_t *
@@ -654,9 +691,26 @@
__unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid,
__unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid)
{
+ token_t *t;
+ u_char *dptr = NULL;
+
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) +
+ sizeof(u_int64_t));
+ if (t == NULL)
+ return (NULL);
+
+ ADD_U_CHAR(dptr, AUT_PROCESS64);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->port);
+ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
- errno = ENOTSUP;
- return (NULL);
+ return (t);
}
token_t *
@@ -727,9 +781,42 @@
au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
{
+ token_t *t;
+ u_char *dptr = NULL;
+
+ if (tid->at_type == AU_IPv4)
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+ 7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+ 2 * sizeof(u_int32_t));
+ else if (tid->at_type == AU_IPv6)
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+ 7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+ 5 * sizeof(u_int32_t));
+ else {
+ errno = EINVAL;
+ return (NULL);
+ }
+ if (t == NULL)
+ return (NULL);
+
+ ADD_U_CHAR(dptr, AUT_PROCESS64_EX);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->at_port);
+ ADD_U_INT32(dptr, tid->at_type);
+ ADD_U_INT32(dptr, tid->at_addr[0]);
+ if (tid->at_type == AU_IPv6) {
+ ADD_U_INT32(dptr, tid->at_addr[1]);
+ ADD_U_INT32(dptr, tid->at_addr[2]);
+ ADD_U_INT32(dptr, tid->at_addr[3]);
+ }
- errno = ENOTSUP;
- return (NULL);
+ return (t);
}
token_t *
@@ -944,9 +1031,26 @@
au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
pid_t pid, au_asid_t sid, au_tid_t *tid)
{
+ token_t *t;
+ u_char *dptr = NULL;
+
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) +
+ sizeof(u_int64_t) + sizeof(u_int32_t));
+ if (t == NULL)
+ return (NULL);
- errno = ENOTSUP;
- return (NULL);
+ ADD_U_CHAR(dptr, AUT_SUBJECT64);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->port);
+ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
+
+ return (t);
}
token_t *
@@ -1016,9 +1120,42 @@
au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
{
+ token_t *t;
+ u_char *dptr = NULL;
+
+ if (tid->at_type == AU_IPv4)
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+ 7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+ 2 * sizeof(u_int32_t));
+ else if (tid->at_type == AU_IPv6)
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+ 7 * sizeof(u_int32_t) + sizeof(u_int64_t) +
+ 5 * sizeof(u_int32_t));
+ else {
+ errno = EINVAL;
+ return (NULL);
+ }
+ if (t == NULL)
+ return (NULL);
+
+ ADD_U_CHAR(dptr, AUT_SUBJECT64_EX);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->at_port);
+ ADD_U_INT32(dptr, tid->at_type);
+ ADD_U_INT32(dptr, tid->at_addr[0]);
+ if (tid->at_type == AU_IPv6) {
+ ADD_U_INT32(dptr, tid->at_addr[1]);
+ ADD_U_INT32(dptr, tid->at_addr[2]);
+ ADD_U_INT32(dptr, tid->at_addr[3]);
+ }
- errno = ENOTSUP;
- return (NULL);
+ return (t);
}
token_t *
@@ -1166,6 +1303,33 @@
return (t);
}
+token_t *
+au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+ struct timeval tm)
+{
+ token_t *t;
+ u_char *dptr = NULL;
+ u_int32_t timems;
+
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
+ sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t));
+ if (t == NULL)
+ return (NULL);
+
+ ADD_U_CHAR(dptr, AUT_HEADER64);
+ ADD_U_INT32(dptr, rec_size);
+ ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM);
+ ADD_U_INT16(dptr, e_type);
+ ADD_U_INT16(dptr, e_mod);
+
+ timems = tm.tv_usec/1000;
+ /* Add the timestamp */
+ ADD_U_INT64(dptr, tm.tv_sec);
+ ADD_U_INT64(dptr, timems); /* We need time in ms. */
+
+ return (t);
+}
+
#if !defined(KERNEL) && !defined(_KERNEL)
token_t *
au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
@@ -1181,9 +1345,11 @@
au_to_header64(__unused int rec_size, __unused au_event_t e_type,
__unused au_emod_t e_mod)
{
+ struct timeval tm;
- errno = ENOTSUP;
- return (NULL);
+ if (gettimeofday(&tm, NULL) == -1)
+ return (NULL);
+ return (au_to_header64_tm(rec_size, e_type, e_mod, tm));
}
token_t *
More information about the trustedbsd-cvs
mailing list