From owner-trustedbsd-cvs@FreeBSD.ORG Sun Mar 5 15:34:14 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F7D316A420 for ; Sun, 5 Mar 2006 15:34:14 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2729F43D49 for ; Sun, 5 Mar 2006 15:34:13 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 08E8446BA2 for ; Sun, 5 Mar 2006 10:33:49 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 1452B55B70; Sun, 5 Mar 2006 15:34:08 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 0084516A424; Sun, 5 Mar 2006 15:34:07 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF6F416A420 for ; Sun, 5 Mar 2006 15:34:07 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2809143D49 for ; Sun, 5 Mar 2006 15:34:07 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k25FY7CU059858 for ; Sun, 5 Mar 2006 15:34:07 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k25FY6RY059855 for perforce@freebsd.org; Sun, 5 Mar 2006 15:34:06 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sun, 5 Mar 2006 15:34:06 GMT Message-Id: <200603051534.k25FY6RY059855@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 92786 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Mar 2006 15:34:14 -0000 http://perforce.freebsd.org/chv.cgi?CH=92786 Change 92786 by rwatson@rwatson_peppercorn on 2006/03/05 15:33:21 Various compatibility and functionality tweaks to help support a BSM file format and API test suite: - Support a more complete range of data types for the arbitrary data token: add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias to AUR_INT), add AUR_INT64. - Add au_close_token(), which allows writing a single token_t to a memory buffer. Not likely to be used much by applications, but useful for writing test tools. This is not a Solaris BSM API. - Modify au_to_file() so that it accepts a timeval in user space, not just kernel -- this is not a Solaris BSM API so can be modified without causing compatibility issues. Affected files ... .. //depot/projects/trustedbsd/openbsm/HISTORY#4 edit .. //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#15 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#6 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#25 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#35 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#44 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/HISTORY#4 (text+ko) ==== @@ -4,6 +4,15 @@ previously we used hard-coded 0 and 1 values. - Add man page for au_open(), au_write(), au_close(), and au_close_buffer(). +- Support a more complete range of data types for the arbitrary data token: + add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias + to AUR_INT), add AUR_INT64. +- Add au_close_token(), which allows writing a single token_t to a memory + buffer. Not likely to be used much by applications, but useful for + writing test tools. +- Modify au_to_file() so that it accepts a timeval in user space, not just + kernel -- this is not a Solaris BSM API so can be modified without + causing compatibility issues. OpenBSM 1.0 alpha 5 @@ -131,4 +140,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/HISTORY#3 $ +$P4: //depot/projects/trustedbsd/openbsm/HISTORY#4 $ ==== //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#15 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#14 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#15 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -187,13 +187,19 @@ /* data-types for the arbitrary token */ #define AUR_BYTE 0 +#define AUR_CHAR AUR_BYTE #define AUR_SHORT 1 -#define AUR_LONG 2 +#define AUR_INT32 2 +#define AUR_INT AUR_INT +#define AUR_INT64 3 /* ... and their sizes */ #define AUR_BYTE_SIZE sizeof(u_char) +#define AUR_CHAR_SIZE AUR_BYTE_SIZE #define AUR_SHORT_SIZE sizeof(uint16_t) -#define AUR_LONG_SIZE sizeof(uint32_t) +#define AUR_INT32_SIZE sizeof(uint32_t) +#define AUR_INT_SIZE AUR_INT32_SIZE +#define AUR_INT64_SIZE sizeof(uint64_t) /* Modifiers for the header token */ #define PAD_NOTATTR 0x4000 /* nonattributable event */ @@ -230,12 +236,9 @@ int au_write(int d, token_t *m); int au_close(int d, int keep, short event); int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen); +int au_close_token(token_t *tok, u_char *buffer, size_t *buflen); -#if defined(KERNEL) || defined(_KERNEL) token_t *au_to_file(char *file, struct timeval tm); -#else -token_t *au_to_file(char *file); -#endif #if defined(KERNEL) || defined(_KERNEL) token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod, ==== //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#3 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 $ .\" .Dd March 4, 2006 .Dt AU_OPEN 3 @@ -46,6 +46,8 @@ .Fn au_close "int d" "int keep" "short event" .Ft int .Fn au_close_buffer "int d" "short event" "u_char *buffer" "size_t *buflen" +.Ft int +.Fn au_close_token "token_t *tok" "u_char *buffer" "size_t *buflen" .Sh DESCRIPTION These interfaces allow applications to allocate audit records, construct a record using a series of tokens, and commit the audit record to the system @@ -90,6 +92,17 @@ The argument .Va short is the event identifier to use in the record header. +.Pp +The +.Fn au_close_token +function generates the BSM stream output for a single token, +.Va tok , +in the passed buffer +.Va buffer . +The initial buffer size and resulting data size are passed via +.Va *buflen . +.Fn au_close_token +will free the token before returning. .Sh RETURN VALUES The function .Fn au_open @@ -100,8 +113,9 @@ The functions .Fn au_write , .Fn au_close , +.Fn au_close_buffer , and -.Fn au_close_buffer +.Fn au_close_token return 0 on success, or a negative value on failure, along with error information in .Va errno . @@ -120,9 +134,6 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh BUGS -There is currently no interface to extract a single token without -it being automatically wrapped in a header and trailer. -.Pp Currently, .Fn au_open does not reserve kernel resources necessary to commit the record to the ==== //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#6 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#5 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#6 $ .\" .Dd April 19, 2005 .Dt AU_TOKEN 3 @@ -116,9 +116,7 @@ .Ft token_t * .Fn au_to_opaque "char *data" "u_int64_t bytes" .Ft token_t * -.Fn au_to_file "char *file" -.Ft token_t * -.Fn au_to_file "char *file" +.Fn au_to_file "char *file" "struct timeval tm" .Ft token_t * .Fn au_to_text "char *text" .Ft token_t * ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#25 (text+ko) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#24 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#25 $ */ #include @@ -360,3 +360,24 @@ au_teardown(rec); return (retval); } + +/* + * au_close_token() returns the byte format of a token_t. This won't + * generally be used by applications, but is quite useful for writing test + * tools. Will free the token on either success or failure. + */ +int +au_close_token(token_t *tok, u_char *buffer, size_t *buflen) +{ + + if (tok->len > *buflen) { + au_free_token(tok); + errno = ENOMEM; + return (EINVAL); + } + + memcpy(buffer, tok->t_data, tok->len); + *buflen = tok->len; + au_free_token(tok); + return (0); +} ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#35 (text+ko) ==== @@ -31,7 +31,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#34 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#35 $ */ #include @@ -893,6 +893,7 @@ */ switch(tok->tt.arb.bu) { case AUR_BYTE: + /* case AUR_CHAR: */ datasize = AUR_BYTE_SIZE; break; @@ -900,8 +901,13 @@ datasize = AUR_SHORT_SIZE; break; - case AUR_LONG: - datasize = AUR_LONG_SIZE; + case AUR_INT32: + /* case AUR_INT: */ + datasize = AUR_INT32_SIZE; + break; + + case AUR_INT64: + datasize = AUR_INT64_SIZE; break; default: @@ -962,6 +968,7 @@ print_delim(fp, del); switch(tok->tt.arb.bu) { case AUR_BYTE: + /* case AUR_CHAR: */ str = "byte"; size = AUR_BYTE_SIZE; print_string(fp, str, strlen(str)); @@ -979,23 +986,36 @@ print_delim(fp, del); print_1_byte(fp, tok->tt.arb.uc, "%u"); print_delim(fp, del); - for (i = 0; itt.arb.uc; i++) + for (i = 0; i < tok->tt.arb.uc; i++) fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data + (size * i)))); break; - case AUR_LONG: + case AUR_INT32: + /* case AUR_INT: */ str = "int"; - size = AUR_LONG_SIZE; + size = AUR_INT32_SIZE; print_string(fp, str, strlen(str)); print_delim(fp, del); print_1_byte(fp, tok->tt.arb.uc, "%u"); print_delim(fp, del); - for (i = 0; itt.arb.uc; i++) + for (i = 0; i < tok->tt.arb.uc; i++) fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data + (size * i)))); break; + case AUR_INT64: + str = "int64"; + size = AUR_INT64_SIZE; + print_string(fp, str, strlen(str)); + print_delim(fp, del); + print_1_byte(fp, tok->tt.arb.uc, "%u"); + print_delim(fp, del); + for (i = 0; i < tok->tt.arb.uc; i++) + fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data + + (size * i)))); + break; + default: return; } ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#44 (text+ko) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#43 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#44 $ */ #include @@ -243,6 +243,7 @@ /* Determine the size of the basic unit. */ switch (unit_type) { case AUR_BYTE: + /* case AUR_CHAR: */ datasize = AUR_BYTE_SIZE; break; @@ -250,8 +251,13 @@ datasize = AUR_SHORT_SIZE; break; - case AUR_LONG: - datasize = AUR_LONG_SIZE; + case AUR_INT32: + /* case AUR_INT: */ + datasize = AUR_INT32_SIZE; + break; + + case AUR_INT64: + datasize = AUR_INT64_SIZE; break; default: @@ -261,7 +267,7 @@ totdata = datasize * unit_count; - GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char)); + GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); if (t == NULL) return (NULL); @@ -528,23 +534,12 @@ * file pathname N bytes + 1 terminating NULL byte */ token_t * -#if defined(KERNEL) || defined(_KERNEL) au_to_file(char *file, struct timeval tm) -#else -au_to_file(char *file) -#endif { token_t *t; u_char *dptr = NULL; u_int16_t filelen; u_int32_t timems; -#if !defined(KERNEL) && !defined(_KERNEL) - struct timeval tm; - struct timezone tzp; - - if (gettimeofday(&tm, &tzp) == -1) - return (NULL); -#endif filelen = strlen(file); filelen += 1;