PERFORCE change 106344 for review

Robert Watson rwatson at FreeBSD.org
Tue Sep 19 06:23:01 PDT 2006 

http://perforce.freebsd.org/chv.cgi?CH=106344

Change 106344 by rwatson at rwatson_zoo on 2006/09/19 13:22:42

	Integrate TrustedBSD OpenBSM branch to audit3 user space --
	primarily addition of audit_control(5) policy field and fixes to
	exec argument token processing.

Affected files ...

.. //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#14 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#15 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#18 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_open.3#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#19 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#8 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#8 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/test/samples/execve-long-args.trail#1 branch

Differences ...

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#14 (text+ko) ====

@@ -24,7 +24,11 @@
 - Update audump to print the audit_control policy field.
 - Update auditd to read the audit_control policy field and set the kernel
   policy to match it when configuring/reconfiguring.  Remove the -s and -h
-  arguments as these policies are now set via the configuration file.
+  arguments as these policies are now set via the configuration file.  If a
+  policy line is not found in the configuration file, continue with the
+  current default of setting AUDIT_CNT.
+- Fix bugs in the parsing of large execve(2) arguments and environmental
+  variable tokens; increase maximum parsed argument and variable count.
 
 OpenBSM 1.0 alpha 10
 
@@ -237,4 +241,4 @@
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#13 $
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#14 $

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#15 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#14 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#15 $
  */
 
 #include <sys/types.h>
@@ -789,12 +789,22 @@
 		syslog(LOG_ERR,
 		    "Failed to obtain non-attributable event mask.");
 
+	/*
+	 * If a policy is configured in audit_control(5), implement the
+	 * policy.  However, if one isn't defined, set AUDIT_CNT to avoid
+	 * leaving the system in a fragile state.
+	 */
 	if ((getacpol(polstr, POL_STR_SIZE) == 0) &&
 	    (au_strtopol(polstr, &policy) == 0)) {
 		if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
-			syslog(LOG_ERR, "Failed to set audit policy.");
-	} else
-		syslog(LOG_ERR, "Failed to obtain policy flags.");
+			syslog(LOG_ERR, "Failed to set audit policy: %m");
+	} else {
+		syslog(LOG_ERR, "Failed to obtain policy flags: %m");
+		policy = AUDIT_CNT;
+		if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
+			syslog(LOG_ERR,
+			    "Failed to set default audit policy: %m");
+	}
 
 	return (0);
 }

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#18 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#17 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#18 $
  */
 
 #ifndef _LIBBSM_H_
@@ -37,9 +37,6 @@
  * solely to allow OpenSSH to compile; Darwin/Apple code should not use them.
  */
 
-#define	AUDIT_MAX_ARGS	10
-#define	AUDIT_MAX_ENV	10
-
 #include <sys/types.h>
 #include <sys/cdefs.h>
 
@@ -55,13 +52,25 @@
 #include <mach/mach.h>		/* audit_token_t */
 #endif
 
+/*
+ * Size parsed token vectors for execve(2) arguments and environmental
+ * variables.  Note: changing these sizes affects the ABI of the token
+ * structure, and as the token structure is often placed in the caller stack,
+ * this is undesirable.
+ */
+#define	AUDIT_MAX_ARGS	128
+#define	AUDIT_MAX_ENV	128
+
+/*
+ * Arguments to au_preselect(3).
+ */
+#define	AU_PRS_USECACHE	0
+#define	AU_PRS_REREAD	1
+
 #define	AU_PRS_SUCCESS	1
 #define	AU_PRS_FAILURE	2
 #define	AU_PRS_BOTH	(AU_PRS_SUCCESS|AU_PRS_FAILURE)
 
-#define	AU_PRS_USECACHE	0
-#define	AU_PRS_REREAD	1
-
 #define	AUDIT_EVENT_FILE	"/etc/security/audit_event"
 #define	AUDIT_CLASS_FILE	"/etc/security/audit_class"
 #define	AUDIT_CONTROL_FILE	"/etc/security/audit_control"

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_open.3#3 (text+ko) ====

@@ -23,16 +23,17 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_open.3#2 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_open.3#3 $
 .\"
 .Dd March 4, 2006
 .Dt AU_OPEN 3
 .Os
 .Sh NAME
+.Nm au_close ,
+.Nm au_close_buffer ,
+.Nm au_close_token ,
 .Nm au_open ,
-.Nm au_write ,
-.Nm au_close ,
-.Nm au_close_buffer
+.Nm au_write
 .Nd "Create and commit audit records"
 .Sh LIBRARY
 .Lb libbsm
@@ -120,6 +121,7 @@
 information in
 .Va errno .
 .Sh SEE ALSO
+.Xr audit_submit 3 ,
 .Xr libbsm 3
 .Sh AUTHORS
 This software was created by Robert Watson, Wayne Salamon, and Suresh

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#19 (text+ko) ====

@@ -31,7 +31,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#18 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#19 $
  */
 
 #include <sys/types.h>
@@ -1190,7 +1190,8 @@
 
 	for (i = 0; i < tok->tt.execarg.count; i++) {
 		bptr = buf + tok->len;
-		tok->tt.execarg.text[i] = bptr;
+		if (i < AUDIT_MAX_ARGS)
+			tok->tt.execarg.text[i] = bptr;
 
 		/* Look for a null terminated string. */
 		while (bptr && (*bptr != '\0')) {
@@ -1202,6 +1203,8 @@
 			return (-1);
 		tok->len++; /* \0 character */
 	}
+	if (tok->tt.execarg.count > AUDIT_MAX_ARGS)
+		tok->tt.execarg.count = AUDIT_MAX_ARGS;
 
 	return (0);
 }
@@ -1235,9 +1238,10 @@
 	if (err)
 		return (-1);
 
-	for (i = 0; i< tok->tt.execenv.count; i++) {
+	for (i = 0; i < tok->tt.execenv.count; i++) {
 		bptr = buf + tok->len;
-		tok->tt.execenv.text[i] = bptr;
+		if (i < AUDIT_MAX_ENV)
+			tok->tt.execenv.text[i] = bptr;
 
 		/* Look for a null terminated string. */
 		while (bptr && (*bptr != '\0')) {
@@ -1249,6 +1253,8 @@
 			return (-1);
 		tok->len++; /* \0 character */
 	}
+	if (tok->tt.execenv.count > AUDIT_MAX_ENV)
+		tok->tt.execenv.count = AUDIT_MAX_ENV;
 
 	return (0);
 }

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#8 (text+ko) ====

@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#7 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#8 $
 .\"
 .Dd April 19, 2005
 .Dt LIBBSM 3
@@ -55,15 +55,18 @@
 .Xr au_notify 3 ,
 .Xr au_stream 3 ,
 .Xr au_token 3 ,
+and
 .Xr au_user 3
-man pages.
+manual pages.
 .Ss Audit Event Stream Interfaces
 Audit event stream interfaces support interaction with file-backed audit
 event streams:
-.Xr au_close 3 .
+.Xr au_close 3 ,
+.Xr au_close_buffer 3 ,
 .Xr au_free_token 3 ,
 .Xr au_open 3 ,
 .Xr au_write 3 ,
+.Xr audit_submit 3 .
 .Ss Audit Class Interfaces
 Audit class interfaces support the look up of information from the
 .Xr audit_class 5
@@ -83,7 +86,10 @@
 .Xr getacdir 3 ,
 .Xr getacflg 3 ,
 .Xr getacmin 3 ,
-.Xr getacna 3 .
+.Xr getacna 3 ,
+.Xr getacpol 3 ,
+.Xr au_poltostr 3 ,
+.Xr au_strtopol 3 .
 .Ss Audit Event Interfaces
 Audit event interfaces support the look up of information from the
 .Xr audit_event 5
@@ -188,6 +194,7 @@
 .Xr au_stream 3 ,
 .Xr au_token 3 ,
 .Xr au_user 3 ,
+.Xr audit_submit 3 ,
 .Xr audit_class 5 ,
 .Xr audit_control 5
 .Sh AUTHORS

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#8 (text+ko) ====

@@ -25,7 +25,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#7 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#8 $
 .\"
 .Dd January 4, 2006
 .Dt AUDIT_CONTROL 5
@@ -113,7 +113,7 @@
 implemented on FreeBSD or Darwin).
 .It group
 Include supplementary groups list in generated audit records (not implemented
-on FreeBSD or Darwin; supplementary groupsi are never included in records on
+on FreeBSD or Darwin; supplementary groups are never included in records on
 these systems).
 .It trail
 Append a trailer token to each audit record (not implemented on FreeBSD or

More information about the trustedbsd-cvs mailing list