Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 19 Oct 2007 10:59:05 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 127768 for review
Message-ID:  <200710191059.l9JAx5Jv005039@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=127768

Change 127768 by rwatson@rwatson_zoo on 2007/10/19 10:58:41

	Integrate latest OpenBSM code into audit3 branch.

Affected files ...

.. //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#22 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#13 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#8 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_class#7 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#23 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#12 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#26 integrate

Differences ...

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#22 (text+ko) ====

@@ -1,3 +1,10 @@
+OpenBSM 1.0
+
+- Fix bug in auditreduce(8) which resulted in a memory fault/crash when
+  the user specified an event name with -m.
+- Remove AU_.* hard-coded audit class constants, as udit classes are now
+  entirely dynamically configured using /etc/security/audit_class.
+
 OpenBSM 1.0 alpha 15
 
 - Fix bug when processing in_addr_ex tokens.
@@ -295,4 +302,4 @@
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#21 $
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#22 $

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#13 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#12 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#13 $
  */
 
 /* 
@@ -722,7 +722,6 @@
 				if (n == NULL)
 					usage("Incorrect event name");
 				p_evtype = *n;
-				free(n);
 			}
 			SETOPT(opttochk, OPT_m);
 			break;

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#8 (text+ko) ====

@@ -27,7 +27,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#7 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#8 $
  */
 
 /*
@@ -107,6 +107,7 @@
 		free(buf);
 		if (oneline)
 			printf("\n");
+		fflush(stdout);
 	}
 	return (0);
 }

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_class#7 (text+ko) ====

@@ -1,9 +1,7 @@
 #
-# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_class#6 $
+# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_class#7 $
 # $FreeBSD: src/contrib/openbsm/etc/audit_class,v 1.2 2006/03/26 01:44:35 rwatson Exp $
 #
-# This file must match audit.h
-#
 0x00000000:no:invalid class
 0x00000001:fr:file read
 0x00000002:fw:file write

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#23 (text+ko) ====

@@ -1,7 +1,13 @@
 #
-# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#22 $
+# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#23 $
 # $FreeBSD: src/contrib/openbsm/etc/audit_event,v 1.8 2007/07/22 12:20:42 rwatson Exp $
 #
+# The mapping between event identifiers and values is also hard-codedd in
+# audit_kevents.h and audit_uevents.h, so changes must occur in both places,
+# and programs, such as the kernel, may need to be recompiled to recognize
+# those changes.  It is advisable not to change the numbering or naming of
+# kernel audit events.
+#
 0:AUE_NULL:indir system call:no
 1:AUE_EXIT:exit(2):pc
 2:AUE_FORK:fork(2):pc
@@ -438,7 +444,7 @@
 43097:AUE_ACL_SET_LINK:acl_set_link(2):fm
 43098:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
 43099:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
-43100:AUE_SYSARCH:sysarch(2):na
+43100:AUE_SYSARCH:sysarch(2):ot
 43101:AUE_EXTATTRCTL:extattrctl(2):fm
 43102:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
 43103:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#12 (text+ko) ====

@@ -27,7 +27,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#11 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#12 $
  */
 
 #include <bsm/libbsm.h>
@@ -83,11 +83,11 @@
 	 */
 	if (evclass != NULL) {
 		if (getauditflagsbin(evclass, &evmask) != 0)
-			e->ae_class = AU_NULL;
+			e->ae_class = 0;
 		else
 			e->ae_class = evmask.am_success;
 	} else
-		e->ae_class = AU_NULL;
+		e->ae_class = 0;
 
 	return (e);
 }

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#26 (text+ko) ====

@@ -32,7 +32,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#25 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#26 $
  */
 
 #include <sys/types.h>
@@ -3873,14 +3873,14 @@
  * zonename                     size bytes;
  */
 static int
-fetch_zonename_tok(tokenstr_t *tok, char *buf, int len)
+fetch_zonename_tok(tokenstr_t *tok, u_char *buf, int len)
 {
 	int err = 0;
 
 	READ_TOKEN_U_INT16(buf, len, tok->tt.zonename.len, tok->len, err);
 	if (err)
 		return (-1);
-	SET_PTR(buf, len, tok->tt.zonename.zonename, tok->tt.zonename.len,
+	SET_PTR((char *)buf, len, tok->tt.zonename.zonename, tok->tt.zonename.len,
 	    tok->len, err);
 	if (err)
 		return (-1);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710191059.l9JAx5Jv005039>