Date: Fri, 19 Oct 2007 10:59:05 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 127768 for review Message-ID: <200710191059.l9JAx5Jv005039@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=127768 Change 127768 by rwatson@rwatson_zoo on 2007/10/19 10:58:41 Integrate latest OpenBSM code into audit3 branch. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#22 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#13 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#8 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_class#7 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#23 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#12 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#26 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#22 (text+ko) ==== @@ -1,3 +1,10 @@ +OpenBSM 1.0 + +- Fix bug in auditreduce(8) which resulted in a memory fault/crash when + the user specified an event name with -m. +- Remove AU_.* hard-coded audit class constants, as udit classes are now + entirely dynamically configured using /etc/security/audit_class. + OpenBSM 1.0 alpha 15 - Fix bug when processing in_addr_ex tokens. @@ -295,4 +302,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#21 $ +$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#22 $ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#13 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#12 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#13 $ */ /* @@ -722,7 +722,6 @@ if (n == NULL) usage("Incorrect event name"); p_evtype = *n; - free(n); } SETOPT(opttochk, OPT_m); break; ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#8 (text+ko) ==== @@ -27,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#7 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#8 $ */ /* @@ -107,6 +107,7 @@ free(buf); if (oneline) printf("\n"); + fflush(stdout); } return (0); } ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_class#7 (text+ko) ==== @@ -1,9 +1,7 @@ # -# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_class#6 $ +# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_class#7 $ # $FreeBSD: src/contrib/openbsm/etc/audit_class,v 1.2 2006/03/26 01:44:35 rwatson Exp $ # -# This file must match audit.h -# 0x00000000:no:invalid class 0x00000001:fr:file read 0x00000002:fw:file write ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#23 (text+ko) ==== @@ -1,7 +1,13 @@ # -# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#22 $ +# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#23 $ # $FreeBSD: src/contrib/openbsm/etc/audit_event,v 1.8 2007/07/22 12:20:42 rwatson Exp $ # +# The mapping between event identifiers and values is also hard-codedd in +# audit_kevents.h and audit_uevents.h, so changes must occur in both places, +# and programs, such as the kernel, may need to be recompiled to recognize +# those changes. It is advisable not to change the numbering or naming of +# kernel audit events. +# 0:AUE_NULL:indir system call:no 1:AUE_EXIT:exit(2):pc 2:AUE_FORK:fork(2):pc @@ -438,7 +444,7 @@ 43097:AUE_ACL_SET_LINK:acl_set_link(2):fm 43098:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm 43099:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa -43100:AUE_SYSARCH:sysarch(2):na +43100:AUE_SYSARCH:sysarch(2):ot 43101:AUE_EXTATTRCTL:extattrctl(2):fm 43102:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa 43103:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#12 (text+ko) ==== @@ -27,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#11 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#12 $ */ #include <bsm/libbsm.h> @@ -83,11 +83,11 @@ */ if (evclass != NULL) { if (getauditflagsbin(evclass, &evmask) != 0) - e->ae_class = AU_NULL; + e->ae_class = 0; else e->ae_class = evmask.am_success; } else - e->ae_class = AU_NULL; + e->ae_class = 0; return (e); } ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#26 (text+ko) ==== @@ -32,7 +32,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#25 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#26 $ */ #include <sys/types.h> @@ -3873,14 +3873,14 @@ * zonename size bytes; */ static int -fetch_zonename_tok(tokenstr_t *tok, char *buf, int len) +fetch_zonename_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.zonename.len, tok->len, err); if (err) return (-1); - SET_PTR(buf, len, tok->tt.zonename.zonename, tok->tt.zonename.len, + SET_PTR((char *)buf, len, tok->tt.zonename.zonename, tok->tt.zonename.len, tok->len, err); if (err) return (-1);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710191059.l9JAx5Jv005039>