PERFORCE change 106292 for review

Robert Watson rwatson at FreeBSD.org
Mon Sep 18 07:39:48 PDT 2006 

http://perforce.freebsd.org/chv.cgi?CH=106292

Change 106292 by rwatson at rwatson_sesame on 2006/09/18 14:32:34

	- Fix a number of thread related bugs in the reading of the
	  audit_control configuration file.
	
	- Add new APIs getacpol(), au_poltostr() and au_strtopol() which
	  are used to retrieve global audit policy flags from the
	  audit_control configuration file.
	
	- Modify auditd(8) to read and set audit policy flags.  Remove the
	  -s and -h flags, they are replaced by the policy field in
	  audit_control.
	
	- Update audump to read, parse, and print policy flags.
	
	- Update history, documentation.
	
	It's now possible to set flags like argv, arge, cnt, etc, in the
	/etc configuration file.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/HISTORY#29 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#9 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#20 edit
.. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#28 edit
.. //depot/projects/trustedbsd/openbsm/etc/audit_control#4 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#14 edit
.. //depot/projects/trustedbsd/openbsm/man/audit_control.5#10 edit
.. //depot/projects/trustedbsd/openbsm/tools/audump.c#6 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/HISTORY#29 (text+ko) ====

@@ -3,20 +3,28 @@
 - Reclassify certain read/write operations as having no class rather than the
   fr/fw class; our default classes audit intent (open) not operations (read,
   write).
-
 - Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
   and writes of sysctls as separate events.  Add additional kernel
   environment and jail events for FreeBSD.
-
 - Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
   (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
   by the kernel audit implementation) so that they can be distinguished.
-
 - Disable rate limiting of rotate requests; as the kernel doesn't retransmit
   a dropped request, the log file will otherwise grow indefinitely if the
   trigger is dropped.
-
 - Improve auditd debugging output.
+- Fix a number of threading related bugs in audit_control file reading
+  routines.
+- Add APIs au_poltostr() and au_strtopol() to convert between text
+  representations of audit_control policy flags and the flags passed to
+  auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
+- Add API getacpol() to return the 'policy:' entry from audit_control, an
+  extension to the Solaris file format to allow specification of policy
+  persistent flags.
+- Update audump to print the audit_control policy field.
+- Update auditd to read the audit_control policy field and set the kernel
+  policy to match it when configuring/reconfiguring.  Remove the -s and -h
+  arguments as these policies are now set via the configuration file.
 
 OpenBSM 1.0 alpha 10
 
@@ -229,4 +237,4 @@
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#28 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#29 $

==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#9 (text+ko) ====

@@ -29,7 +29,7 @@
 .\"
 .\" @APPLE_BSD_LICENSE_HEADER_END@
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#8 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#9 $
 .\"
 .Dd January 24, 2004
 .Dt AUDITD 8
@@ -51,14 +51,20 @@
 .Bl -tag -width Ds
 .It Fl d
 Starts the daemon in debug mode - it will not daemonize.
-.It Fl h
-Specifies that if auditing cannot be performed as specified, the system should
-halt (panic).  Normally, the system will attempt to proceed - although individual
-processes may be stopped (see the -s option).
-.It Fl s
-Specifies that individual processes should stop rather than perform operations
-that may cause audit records to be lost due to log file full conditions
 .El
+.Pp
+The historical
+.Fl h
+and
+.Fl s
+flags are now configured using
+.Xr audit_control 5
+policy flags
+.Dv ahlt
+and
+.Dv cnt ,
+and are no longer available as arguments to
+.Xr auditd 8 .
 .Sh NOTE
 .Pp
 To assure uninterrupted audit support, the

==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#20 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#19 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#20 $
  */
 
 #include <sys/types.h>
@@ -59,6 +59,7 @@
 #include "auditd.h"
 
 #define	NA_EVENT_STR_SIZE	25
+#define	POL_STR_SIZE		128
 
 static int	 ret, minval;
 static char	*lastfile = NULL;
@@ -67,7 +68,6 @@
 static int	 sigchlds, sigchlds_handled;
 static int	 sighups, sighups_handled;
 static int	 sigterms, sigterms_handled;
-static long	 global_flags;
 
 static TAILQ_HEAD(, dir_ent)	dir_q;
 
@@ -725,6 +725,8 @@
 	au_mask_t aumask;
 	int ctr = 0;
 	char naeventstr[NA_EVENT_STR_SIZE];
+	char polstr[POL_STR_SIZE];
+	long policy;
 
 	/*
 	 * Process the audit event file, obtaining a class mapping for each
@@ -787,15 +789,12 @@
 		syslog(LOG_ERR,
 		    "Failed to obtain non-attributable event mask.");
 
-	/*
-	 * Set the audit policy flags based on passed in parameter values.
-	 *
-	 * XXXRW: This removes existing policy flags not related to cnt/ahlt.
-	 * We need a way to merge configuration policy and command line
-	 * argument policy.
-	 */
-	if (auditon(A_SETPOLICY, &global_flags, sizeof(global_flags)))
-		syslog(LOG_ERR, "Failed to set audit policy.");
+	if ((getacpol(polstr, POL_STR_SIZE) == 0) &&
+	    (au_strtopol(polstr, &policy) == 0)) {
+		if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
+			syslog(LOG_ERR, "Failed to set audit policy.");
+	} else
+		syslog(LOG_ERR, "Failed to obtain policy flags.");
 
 	return (0);
 }
@@ -872,7 +871,6 @@
 	int debug = 0;
 	int rc;
 
-	global_flags |= AUDIT_CNT;
 	while ((ch = getopt(argc, argv, "dhs")) != -1) {
 		switch(ch) {
 		case 'd':
@@ -880,20 +878,10 @@
 			debug = 1;
 			break;
 
-		case 's':
-			/* Fail-stop option. */
-			global_flags &= ~(AUDIT_CNT);
-			break;
-
-		case 'h':
-			/* Halt-stop option. */
-			global_flags |= AUDIT_AHLT;
-			break;
-
 		case '?':
 		default:
 			(void)fprintf(stderr,
-			    "usage: auditd [-h | -s] [-d] \n");
+			    "usage: auditd [-d] \n");
 			exit(1);
 		}
 	}

==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#28 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#27 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#28 $
  */
 
 #ifndef _LIBBSM_H_
@@ -71,6 +71,7 @@
 #define	MINFREE_CONTROL_ENTRY	"minfree"
 #define	FLAGS_CONTROL_ENTRY	"flags"
 #define	NA_CONTROL_ENTRY	"naflags"
+#define	POLICY_CONTROL_ENTRY	"policy"
 
 #define	AU_CLASS_NAME_MAX	8
 #define	AU_CLASS_DESC_MAX	72
@@ -711,11 +712,14 @@
 int			 getacmin(int *min_val);
 int			 getacflg(char *auditstr, int len);
 int			 getacna(char *auditstr, int len);
+int			 getacpol(char *auditstr, size_t len);
 int			 getauditflagsbin(char *auditstr, au_mask_t *masks);
 int			 getauditflagschar(char *auditstr, au_mask_t *masks,
 			    int verbose);
 int			 au_preselect(au_event_t event, au_mask_t *mask_p,
 			    int sorf, int flag);
+ssize_t			 au_poltostr(long policy, size_t maxsize, char *buf);
+int			 au_strtopol(const char *polstr, long *policy);
 
 /*
  * Functions relating to querying audit event information.

==== //depot/projects/trustedbsd/openbsm/etc/audit_control#4 (text+ko) ====

@@ -1,7 +1,8 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#3 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#4 $
 #
 dir:/var/audit
 flags:lo
 minfree:20
 naflags:lo
+policy:cnt

==== //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 (text+ko) ====

@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#3 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $
 .\"
 .Dd April 19, 2005
 .Dt AU_CONTROL 3
@@ -34,7 +34,10 @@
 .Nm getacdir ,
 .Nm getacmin ,
 .Nm getacflg ,
-.Nm getacna
+.Nm getacna ,
+.Nm getacpol ,
+.Nm au_poltostr
+.Nm au_strtopol
 .Nd "Look up information from the audit_control database"
 .Sh LIBRARY
 .Lb libbsm
@@ -52,6 +55,12 @@
 .Fn getacflg "char *auditstr" "int len"
 .Ft int
 .Fn getacna "char *auditstr" "int len"
+.Ft int
+.Fn getacpol "char *auditstr" "size_t len"
+.Ft ssize_t
+.Fn au_poltostr "long policy" "size_t maxsize" "char *buf"
+.Ft int
+.Fn au_strtopol "const char *polstr" "long *policy"
 .Sh DESCRIPTION
 These interfaces may be used to look up information from the
 .Xr audit_control 5
@@ -90,15 +99,42 @@
 .Va auditstr
 of length
 .Va len .
+.Pp
+.Fn getacpol
+returns the audit policy flags via the passed character buffer
+.Va auditstr
+of length
+.Va len .
+.Pp
+.Fn au_poltostr
+converts a numeric audit policy mask,
+.Va policy ,
+value to a string in the passed character buffer
+.Va buf
+of lenth
+.Va maxsize .
+.Pp
+.Fn au_strtopol
+converts an audit policy flags string,
+.Va polstr ,
+to a numeric audit policy mask returned via
+.Va policy .
 .Sh RETURN VALULES
 .Fn getacdir ,
 .Fn getacmin ,
 .Fn getacflg ,
+.Fn getacna ,
+.Fn getacpol ,
 and
-.Fn getacna
+.Fn au_strtopol
 return 0 on success, or a negative value on failure, along with error
 information in
 .Va errno .
+.Pp
+.Fn au_poltostr
+returns a string length of 0 or more on success, or a negative value on
+if there is a failure.
+.Pp
 Functions that return a string value will return a failure if there is
 insufficient room in the passed character buffer for the full string.
 .Sh SEE ALSO

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#14 (text+ko) ====

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2004 Apple Computer, Inc.
+ * Copyright (c) 2006 Robert N. M. Watson
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +27,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#13 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#14 $
  */
 
 #include <bsm/libbsm.h>
@@ -39,7 +40,7 @@
 
 /*
  * Parse the contents of the audit_control file to return the audit control
- * parameters.
+ * parameters.  These static fields are protected by 'mutex'.
  */
 static FILE	*fp = NULL;
 static char	linestr[AU_LINE_MAX];
@@ -98,21 +99,223 @@
 }
 
 /*
+ * Convert a policy to a string.  Return -1 on failure, or >= 0 representing
+ * the actual size of the string placed in the buffer (excluding terminating
+ * nul).
+ */
+ssize_t
+au_poltostr(long policy, size_t maxsize, char *buf)
+{
+	int first;
+
+	if (maxsize < 1)
+		return (-1);
+	first = 1;
+	buf[0] = '\0';
+
+	if (policy & AUDIT_CNT) {
+		if (strlcat(buf, "cnt", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_AHLT) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "ahlt", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_ARGV) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "argv", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_ARGE) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "arge", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_SEQ) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "seq", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_WINDATA) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "windata", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_USER) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "user", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_GROUP) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "group", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_TRAIL) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "trail", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_PATH) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "path", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_SCNT) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "scnt", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_PUBLIC) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "public", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_ZONENAME) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "zonename", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_PERZONE) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "perzone", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	return (strlen(buf));
+}
+
+/*
+ * Convert a string to a policy.  Return -1 on failure (with errno EINVAL,
+ * ENOMEM) or 0 on success.
+ */
+int
+au_strtopol(const char *polstr, long *policy)
+{
+	char *bufp, *string;
+	char *buffer;
+
+	*policy = 0;
+	buffer = strdup(polstr);
+	if (buffer == NULL)
+		return (-1);
+
+	bufp = buffer;
+	while ((string = strsep(&bufp, ",")) != NULL) {
+		if (strcmp(string, "cnt") == 0)
+			*policy |= AUDIT_CNT;
+		else if (strcmp(string, "ahlt") == 0)
+			*policy |= AUDIT_AHLT;
+		else if (strcmp(string, "argv") == 0)
+			*policy |= AUDIT_ARGV;
+		else if (strcmp(string, "arge") == 0)
+			*policy |= AUDIT_ARGE;
+		else if (strcmp(string, "seq") == 0)
+			*policy |= AUDIT_SEQ;
+		else if (strcmp(string, "winau_fstat") == 0)
+			*policy |= AUDIT_WINDATA;
+		else if (strcmp(string, "user") == 0)
+			*policy |= AUDIT_USER;
+		else if (strcmp(string, "group") == 0)
+			*policy |= AUDIT_GROUP;
+		else if (strcmp(string, "trail") == 0)
+			*policy |= AUDIT_TRAIL;
+		else if (strcmp(string, "path") == 0)
+			*policy |= AUDIT_PATH;
+		else if (strcmp(string, "scnt") == 0)
+			*policy |= AUDIT_SCNT;
+		else if (strcmp(string, "public") == 0)
+			*policy |= AUDIT_PUBLIC;
+		else if (strcmp(string, "zonename") == 0)
+			*policy |= AUDIT_ZONENAME;
+		else if (strcmp(string, "perzone") == 0)
+			*policy |= AUDIT_PERZONE;
+		else {
+			free(buffer);
+			errno = EINVAL;
+			return (-1);
+		}
+	}
+	free(buffer);
+	return (0);
+}
+
+/*
  * Rewind the file pointer to beginning.
  */
+static void
+setac_locked(void)
+{
+
+	ptrmoved = 1;
+	if (fp != NULL)
+		fseek(fp, 0, SEEK_SET);
+}
+
 void
 setac(void)
 {
 
 	pthread_mutex_lock(&mutex);
-	ptrmoved = 1;
-	if (fp != NULL)
-		fseek(fp, 0, SEEK_SET);
+	setac_locked();
 	pthread_mutex_unlock(&mutex);
 }
 
 /*
- * Close the audit_control file
+ * Close the audit_control file.
  */
 void
 endac(void)
@@ -136,72 +339,54 @@
 	char *dir;
 	int ret = 0;
 
-	if (name == NULL) {
-		errno = EINVAL;
-		return (-2);
-	}
-
-	pthread_mutex_lock(&mutex);
-
 	/*
-	 * Check if another function was called between
-	 * successive calls to getacdir
+	 * Check if another function was called between successive calls to
+	 * getacdir.
 	 */
+	pthread_mutex_lock(&mutex);
 	if (inacdir && ptrmoved) {
 		ptrmoved = 0;
 		if (fp != NULL)
 			fseek(fp, 0, SEEK_SET);
 		ret = 2;
 	}
-
-
 	if (getstrfromtype_locked(DIR_CONTROL_ENTRY, &dir) < 0) {
 		pthread_mutex_unlock(&mutex);
 		return (-2);
 	}
-
-	pthread_mutex_unlock(&mutex);
-
-	if (dir == NULL)
+	if (dir == NULL) {
+		pthread_mutex_unlock(&mutex);
 		return (-1);
-
-	if (strlen(dir) >= len)
+	}
+	if (strlen(dir) >= len) {
+		pthread_mutex_unlock(&mutex);
 		return (-3);
-
+	}
 	strcpy(name, dir);
-
+	pthread_mutex_unlock(&mutex);
 	return (ret);
 }
 
 /*
- * Return the minimum free diskspace value from the audit control file
+ * Return the minimum free diskspace value from the audit control file.
  */
 int
 getacmin(int *min_val)
 {
 	char *min;
 
-	setac();
-
-	if (min_val == NULL) {
-		errno = EINVAL;
-		return (-2);
-	}
-
 	pthread_mutex_lock(&mutex);
-
+	setac_locked();
 	if (getstrfromtype_locked(MINFREE_CONTROL_ENTRY, &min) < 0) {
 		pthread_mutex_unlock(&mutex);
 		return (-2);
 	}
-
-	pthread_mutex_unlock(&mutex);
-
-	if (min == NULL)
+	if (min == NULL) {
+		pthread_mutex_unlock(&mutex);
 		return (1);
-
+	}
 	*min_val = atoi(min);
-
+	pthread_mutex_unlock(&mutex);
 	return (0);
 }
 
@@ -213,30 +398,22 @@
 {
 	char *str;
 
-	setac();
-
-	if (auditstr == NULL) {
-		errno = EINVAL;
-		return (-2);
-	}
-
 	pthread_mutex_lock(&mutex);
-
+	setac_locked();
 	if (getstrfromtype_locked(FLAGS_CONTROL_ENTRY, &str) < 0) {
 		pthread_mutex_unlock(&mutex);
 		return (-2);
 	}
-
-	pthread_mutex_unlock(&mutex);
-
-	if (str == NULL)
+	if (str == NULL) {
+		pthread_mutex_unlock(&mutex);
 		return (1);
-
-	if (strlen(str) >= len)
+	}
+	if (strlen(str) >= len) {
+		pthread_mutex_unlock(&mutex);
 		return (-3);
-
+	}
 	strcpy(auditstr, str);
-
+	pthread_mutex_unlock(&mutex);
 	return (0);
 }
 
@@ -248,28 +425,47 @@
 {
 	char *str;
 
-	setac();
-
-	if (auditstr == NULL) {
-		errno = EINVAL;
+	pthread_mutex_lock(&mutex);
+	setac_locked();
+	if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) {
+		pthread_mutex_unlock(&mutex);
 		return (-2);
 	}
+	if (str == NULL) {
+		pthread_mutex_unlock(&mutex);
+		return (1);
+	}
+	if (strlen(str) >= len) {
+		pthread_mutex_unlock(&mutex);
+		return (-3);
+	}
+	strcpy(auditstr, str);
+	return (0);
+}
+
+/*
+ * Return the policy field from the audit control file.
+ */
+int
+getacpol(char *auditstr, size_t len)
+{
+	char *str;
 
 	pthread_mutex_lock(&mutex);
-
-	if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) {
+	setac_locked();
+	if (getstrfromtype_locked(POLICY_CONTROL_ENTRY, &str) < 0) {
 		pthread_mutex_unlock(&mutex);
 		return (-2);
 	}
-	pthread_mutex_unlock(&mutex);
-
-	if (str == NULL)
-		return (1);
-
-	if (strlen(str) >= len)
+	if (str == NULL) {
+		pthread_mutex_unlock(&mutex);
+		return (-1);
+	}
+	if (strlen(str) >= len) {
+		pthread_mutex_unlock(&mutex);
 		return (-3);
-
+	}
 	strcpy(auditstr, str);
-
+	pthread_mutex_unlock(&mutex);
 	return (0);
 }

==== //depot/projects/trustedbsd/openbsm/man/audit_control.5#10 (text+ko) ====

@@ -25,7 +25,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#10 $
 .\"
 .Dd January 4, 2006
 .Dt AUDIT_CONTROL 5
@@ -63,6 +63,9 @@
 The minimum free space required on the file system audit logs are being written to.
 When the free space falls below this limit a warning will be issued.
 Not currently used as the value of 20 percent is chosen by the kernel.
+.It Va policy
+A list of global audit policy flags specifying various behaviors, such as
+fail stop, auditing of paths and arguments, etc.
 .El
 .Sh AUDIT FLAGS
 Audit flags are a comma-delimited list of audit classes as defined in the
@@ -86,6 +89,53 @@
 .It ^-
 Do not record failed events
 .El
+.Sh AUDIT POLICY FLAGS
+The policy flags field is a comma-delimited list of policy flags from the
+following list:
+.Pp
+.Bl -tag -width zonename -compact -offset indent
+.It cnt
+Allow processes to continue running even though events are not being audited.
+If not set, processes will be suspended when the audit store space is
+exhausted.
+Currently, this is not a recoverable state.
+.It ahlt
+Fail stop the system if unable to audit an event--this consists of first
+draining pending records to disk, and then halting the operating system.
+.It argv
+Audit command line arguments to
+.Xr execve 2 .
+.It arge
+Audit environmental variable arguments to
+.Xr execve 2 .
+.It seq
+Include a unique audit sequence number token in generated audit records (not
+implemented on FreeBSD or Darwin).
+.It group
+Include supplementary groups list in generated audit records (not implemented
+on FreeBSD or Darwin; supplementary groupsi are never included in records on
+these systems).
+.It trail
+Append a trailer token to each audit record (not implemented on FreeBSD or
+Darwin; trailers are always included in records on these systems).
+.It path
+Include secondary file paths in audit records (not implemented on FreeBSD or
+Darwin; secondary paths are never included in records on these systems).
+.It zonename
+Include a zone ID token with each audit record (not implemented on FreeBSD or
+Darwin; FreeBSD audit records do not currently include the jail ID or name.)
+.It perzone
+Enable auditing for each local zone (not implemented on FreeBSD or Darwin; on
+FreeBSD, audit records are collected from all jails and placed in a single
+global trail, and only limited audit controls are permitted within a jail.)
+.El
+.Pp
+It is recommended that installations set the
+.Dv cnt
+flag but not
+.Dv ahlt
+flag unless it is intended that audit logs exceeding available disk space
+halt the system.
 .Sh DEFAULT
 The following settings appear in the default
 .Nm
@@ -95,12 +145,18 @@
 flags:lo
 minfree:20
 naflags:lo
+policy:cnt
 .Ed
 .Pp
 The
 .Va flags
 parameter above specifies the system-wide mask corresponding to login/logout
 events.
+The
+.Va policy
+parameter specifies that the system should neither fail stop nor suspend
+processes when the audit store fills.
+will be audited.
 .Sh FILES
 .Bl -tag -width "/etc/security/audit_control" -compact
 .It Pa /etc/security/audit_control

==== //depot/projects/trustedbsd/openbsm/tools/audump.c#6 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005 Robert N. M. Watson
+ * Copyright (c) 2005-2006 Robert N. M. Watson
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#5 $
+ * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#6 $
  */
 
 #include <bsm/libbsm.h>
@@ -77,8 +77,9 @@
 static void
 audump_control(void)
 {
-	char string[PATH_MAX];
+	char string[PATH_MAX], string2[PATH_MAX];
 	int ret, val;
+	long policy;
 
 	ret = getacflg(string, PATH_MAX);
 	if (ret == -2)
@@ -116,6 +117,15 @@
 		printf("dir:%s\n", string);
 
 	} while (ret == 0);
+
+	ret = getacpol(string, PATH_MAX);
+	if (ret != 0)
+		err(-1, "getacpol");
+	if (au_strtopol(string, &policy) < 0)
+		err(-1, "au_strtopol");
+	if (au_poltostr(policy, string2, PATH_MAX) < 0)
+		err(-1, "au_poltostr");
+	printf("policy:%s\n", string2);
 }
 
 static void

More information about the trustedbsd-cvs mailing list