Date: Mon, 26 Nov 2012 22:59:13 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 219849 for review Message-ID: <201211262259.qAQMxDpF083210@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@219849?ac=10 Change 219849 by rwatson@rwatson_cinnamon on 2012/11/26 22:58:43 Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to sys/bsm and sys/security/audit. Mostly cosmetic, one set of additions for privilege tokens not yet used by the kernel. Affected files ... .. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit.h#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_domain.h#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_errno.h#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_fcntl.h#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_internal.h#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_kevents.h#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_record.h#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_socket_type.h#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm.c#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_domain.c#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_errno.c#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_fcntl.c#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_socket_type.c#2 integrate .. //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_token.c#2 edit Differences ... ==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit.h#2 (text) ==== @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#10 + * $P4$ * $FreeBSD: head/sys/bsm/audit.h 195740 2009-07-17 14:02:20Z rwatson $ */ ==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_domain.h#2 (text) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_domain.h#2 + * $P4$ * $FreeBSD: head/sys/bsm/audit_domain.h 191273 2009-04-19 16:17:13Z rwatson $ */ ==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_errno.h#2 (text) ==== ==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_fcntl.h#2 (text) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_fcntl.h#2 + * $P4$ * $FreeBSD: head/sys/bsm/audit_fcntl.h 191147 2009-04-16 20:17:32Z rwatson $ */ ==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_internal.h#2 (text) ==== @@ -15,7 +15,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -30,7 +30,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5 + * $P4$ * $FreeBSD: head/sys/bsm/audit_internal.h 187214 2009-01-14 10:44:16Z rwatson $ */ ==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_kevents.h#2 (text) ==== ==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_record.h#2 (text) ==== @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#10 + * $P4$ * $FreeBSD: head/sys/bsm/audit_record.h 191270 2009-04-19 14:53:17Z rwatson $ */ ==== //depot/projects/trustedbsd/audit_merge/src/sys/bsm/audit_socket_type.h#2 (text) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_socket_type.h#1 + * $P4$ * $FreeBSD: head/sys/bsm/audit_socket_type.h 187214 2009-01-14 10:44:16Z rwatson $ */ ==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm.c#2 (text) ==== @@ -25,6 +25,8 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. + * + * $P4$ */ #include <sys/cdefs.h> ==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_domain.c#2 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#3 + * $P4: //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_domain.c#2 $ */ #include <sys/cdefs.h> ==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_errno.c#2 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18 + * $P4: //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_errno.c#2 $ */ #include <sys/cdefs.h> @@ -666,7 +666,7 @@ #endif ES("Required key not available") }, { BSM_ERRNO_EKEYEXPIRED, -#ifdef EKEEXPIRED +#ifdef EKEYEXPIRED EKEYEXPIRED, #else ERRNO_NO_LOCAL_MAPPING, @@ -680,7 +680,7 @@ #endif ES("Key has been revoked") }, { BSM_ERRNO_EKEYREJECTED, -#ifdef EKEREJECTED +#ifdef EKEYREJECTED EKEYREJECTED, #else ERRNO_NO_LOCAL_MAPPING, ==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_fcntl.c#2 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_fcntl.c#2 + * $P4: //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_fcntl.c#2 $ */ #include <sys/cdefs.h> ==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_socket_type.c#2 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_socket_type.c#1 + * $P4: //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_socket_type.c#2 $ */ #include <sys/cdefs.h> ==== //depot/projects/trustedbsd/audit_merge/src/sys/security/audit/audit_bsm_token.c#2 (text) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 + * $P4$ */ #include <sys/cdefs.h> @@ -68,6 +68,57 @@ /* * token ID 1 byte + * success/failure 1 byte + * privstrlen 2 bytes + * privstr N bytes + 1 (\0 byte) + */ +token_t * +au_to_upriv(char sorf, char *priv) +{ + u_int16_t textlen; + u_char *dptr; + token_t *t; + + textlen = strlen(priv) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) + + sizeof(u_int16_t) + textlen); + + ADD_U_CHAR(dptr, AUT_UPRIV); + ADD_U_CHAR(dptr, sorf); + ADD_U_INT16(dptr, textlen); + ADD_STRING(dptr, priv, textlen); + return (t); +} + +/* + * token ID 1 byte + * privtstrlen 2 bytes + * privtstr N bytes + 1 + * privstrlen 2 bytes + * privstr N bytes + 1 + */ +token_t * +au_to_privset(char *privtypestr, char *privstr) +{ + u_int16_t type_len, priv_len; + u_char *dptr; + token_t *t; + + type_len = strlen(privtypestr) + 1; + priv_len = strlen(privstr) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + + sizeof(u_int16_t) + type_len + priv_len); + + ADD_U_CHAR(dptr, AUT_PRIV); + ADD_U_INT16(dptr, type_len); + ADD_STRING(dptr, privtypestr, type_len); + ADD_U_INT16(dptr, priv_len); + ADD_STRING(dptr, privstr, priv_len); + return (t); +} + +/* + * token ID 1 byte * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) * text length 2 bytes @@ -1204,9 +1255,9 @@ auinfo.ai_asid, &auinfo.ai_termid)); } else { /* getaudit_addr(2) failed for some other reason. */ - return (NULL); + return (NULL); } - } + } return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); @@ -1438,7 +1489,7 @@ ADD_U_INT32(dptr, tm.tv_sec); ADD_U_INT32(dptr, timems); /* We need time in ms. */ - return (t); + return (t); } token_t *
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211262259.qAQMxDpF083210>