Date: Tue, 14 Dec 2010 20:49:49 GMT From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 186939 for review Message-ID: <201012142049.oBEKnnDi099199@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@186939?ac=10 Change 186939 by csjp@csjp_hvm02 on 2010/12/14 20:49:04 Add support for the Solaris privilege and privilege set tokens. This fixes truncated record errors when processing Solaris created audit trails using openbsm. Sponsored by: Seccuris Inc. Submitted by: Dave Bertouille [1] [1] Dave added the support for the privilege set token. Affected files ... .. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#49 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#66 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#95 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#49 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#48 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#49 $ */ #ifndef _LIBBSM_H_ @@ -671,6 +671,31 @@ } au_text_t; /* + * upriv status 1 byte + * privstr len 2 bytes + * privstr N bytes + 1 (\0 byte) + */ +typedef struct { + u_int8_t sorf; + u_int16_t privstrlen; + char *priv; +} au_priv_t; + +/* +* privset +* privtstrlen 2 bytes +* privtstr N Bytes + 1 +* privstrlen 2 bytes +* privstr N Bytes + 1 +*/ +typedef struct { + u_int16_t privtstrlen; + char *privtstr; + u_int16_t privstrlen; + char *privstr; +} au_privset_t; + +/* * zonename length 2 bytes * zonename text N bytes + 1 NULL terminator */ @@ -748,6 +773,8 @@ au_invalid_t invalid; au_trailer_t trail; au_zonename_t zonename; + au_priv_t priv; + au_privset_t privset; } tt; /* The token is one of the above types */ }; ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#66 (text+ko) ==== @@ -32,7 +32,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#65 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#66 $ */ #include <sys/types.h> @@ -3380,7 +3380,114 @@ } } +static void +print_upriv_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + + print_tok_type(fp, tok->id, "use of privilege", raw, xml); + if (xml) { + open_attr(fp, "status"); + if (tok->tt.priv.sorf) + (void) fprintf(fp, "successful use of priv"); + else + (void) fprintf(fp, "failed use of priv"); + close_attr(fp); + open_attr(fp, "name"); + print_string(fp, tok->tt.priv.priv, + tok->tt.priv.privstrlen); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + if (tok->tt.priv.sorf) + (void) fprintf(fp, "successful use of priv"); + else + (void) fprintf(fp, "failed use of priv"); + print_delim(fp, del); + print_string(fp, tok->tt.priv.priv, + tok->tt.priv.privstrlen); + } +} + +/* + * status 1 byte + * privstrlen 2 bytes + * priv N bytes + 1 (\0 byte) + */ +static int +fetch_priv_tok(tokenstr_t *tok, u_char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_CHAR(buf, len, tok->tt.priv.sorf, tok->len, err); + if (err) + return (-1); + READ_TOKEN_U_INT16(buf, len, tok->tt.priv.privstrlen, tok->len, err); + if (err) + return (-1); + SET_PTR((char *)buf, len, tok->tt.priv.priv, tok->tt.priv.privstrlen, + tok->len, err); + if (err) + return (-1); + return (0); +} + /* + * privtstrlen 1 byte + * privtstr N bytes + 1 + * privstrlen 1 byte + * privstr N bytes + 1 + */ +static int +fetch_privset_tok(tokenstr_t *tok, u_char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT16(buf, len, tok->tt.privset.privtstrlen, + tok->len, err); + if (err) + return (-1); + SET_PTR((char *)buf, len, tok->tt.privset.privtstr, + tok->tt.privset.privtstrlen, tok->len, err); + if (err) + return (-1); + READ_TOKEN_U_INT16(buf, len, tok->tt.privset.privstrlen, + tok->len, err); + if (err) + return (-1); + SET_PTR((char *)buf, len, tok->tt.privset.privstr, + tok->tt.privset.privstrlen, tok->len, err); + if (err) + return (-1); + return (0); +} + +static void +print_privset_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + print_tok_type(fp, tok->id, "privilege", raw, xml); + if (xml) { + open_attr(fp, "type"); + print_string(fp, tok->tt.privset.privtstr, + tok->tt.privset.privtstrlen); + close_attr(fp); + open_attr(fp, "priv"); + print_string(fp, tok->tt.privset.privstr, + tok->tt.privset.privstrlen); + close_attr(fp); + } else { + print_delim(fp, del); + print_string(fp, tok->tt.privset.privtstr, + tok->tt.privset.privtstrlen); + print_delim(fp, del); + print_string(fp, tok->tt.privset.privstr, + tok->tt.privset.privstrlen); + } +} + +/* * audit ID 4 bytes * euid 4 bytes * egid 4 bytes @@ -4110,6 +4217,12 @@ case AUT_ZONENAME: return (fetch_zonename_tok(tok, buf, len)); + case AUT_UPRIV: + return (fetch_priv_tok(tok, buf, len)); + + case AUT_PRIV: + return (fetch_privset_tok(tok, buf, len)); + default: return (fetch_invalid_tok(tok, buf, len)); } @@ -4284,6 +4397,14 @@ print_zonename_tok(outfp, tok, del, oflags); return; + case AUT_UPRIV: + print_upriv_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + + case AUT_PRIV: + print_privset_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + default: print_invalid_tok(outfp, tok, del, oflags); } @@ -4433,6 +4554,14 @@ } break; + case AUT_UPRIV: + print_upriv_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + + case AUT_PRIV: + print_privset_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + default: errno = EINVAL; return (-1); ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#95 (text+ko) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#94 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#95 $ */ #include <sys/types.h> @@ -92,6 +92,59 @@ /* * token ID 1 byte + * success/failure 1 byte + * privstrlen 2 bytes + * privstr N bytes + 1 (\0 byte) + */ +token_t * +au_to_upriv(char sorf, char *priv) +{ + u_int16_t textlen; + u_char *dptr; + token_t *t; + + textlen = strlen(priv) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) + + sizeof(u_int16_t) + textlen); + if (t == NULL) + return (NULL); + ADD_U_CHAR(dptr, AUT_UPRIV); + ADD_U_CHAR(dptr, sorf); + ADD_U_INT16(dptr, textlen); + ADD_STRING(dptr, priv, textlen); + return (t); +} + +/* + * token ID 1 byte + * privtstrlen 2 bytes + * privtstr N bytes + 1 + * privstrlen 2 bytes + * privstr N bytes + 1 + */ +token_t * +au_to_privset(char *privtypestr, char *privstr) +{ + u_int16_t type_len, priv_len; + u_char *dptr; + token_t *t; + + type_len = strlen(privtypestr) + 1; + priv_len = strlen(privstr) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + + sizeof(u_int16_t) + type_len + priv_len); + if (t == NULL) + return (NULL); + ADD_U_CHAR(dptr, AUT_PRIV); + ADD_U_INT16(dptr, type_len); + ADD_STRING(dptr, privtypestr, type_len); + ADD_U_INT16(dptr, priv_len); + ADD_STRING(dptr, privstr, priv_len); + return (t); +} + +/* + * token ID 1 byte * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) * text length 2 bytes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012142049.oBEKnnDi099199>