Date: Wed, 8 Feb 2006 03:04:01 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 91368 for review Message-ID: <200602080304.k18341ak040725@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=91368 Change 91368 by rwatson@rwatson_peppercorn on 2006/02/08 03:03:39 Integrate OpenBSM branch into TrustedBSD audit3 branch: - Build fixes for Darwin. - cannot_audit() required by OpenSSH. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#8 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#5 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#6 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_user#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_notify.c#5 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#7 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#8 (text+ko) ==== @@ -1,3 +1,15 @@ +OpenBSM 1.0 alpha 4 + +- Remove "audit" user example from audit_user, as it's not present on most + systems. +- Add cannot_audit() function non-Darwin systems that wraps auditon(); + required by OpenSSH BSM support. Convert Darwin cannot_audit() into a + function rather than a macro. +- Library build fixed on Darwin following include file tweaks. The native + Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so + for now we force bsm_wrappers.c to not perform a nested include of + sys/audit.h. + OpenBSM 1.0 alpha 3 - Man page formatting, cross reference, mlinks, and accuracy improvements. @@ -82,4 +94,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#7 $ +$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#8 $ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#4 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#3 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/audit/audit.c#4 $ */ /* * Program to trigger the audit daemon with a message that is either: @@ -40,8 +40,8 @@ * */ +#include <sys/types.h> #include <sys/queue.h> -#include <sys/types.h> #include <sys/uio.h> #include <bsm/audit.h> ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#5 (text+ko) ==== @@ -30,14 +30,14 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#4 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#5 $ */ +#include <sys/types.h> #include <sys/dirent.h> #include <sys/mman.h> #include <sys/queue.h> #include <sys/stat.h> -#include <sys/types.h> #include <sys/wait.h> #include <bsm/audit.h> ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#6 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#5 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#6 $ */ #ifndef _LIBBSM_H_ @@ -44,11 +44,12 @@ #include <sys/cdefs.h> #include <sys/queue.h> +#include <stdint.h> /* Required for audit.h. */ + #include <bsm/audit.h> #include <bsm/audit_record.h> #include <stdio.h> -#include <stdint.h> #ifdef __APPLE__ #include <mach/mach.h> /* audit_token_t */ @@ -871,7 +872,7 @@ __END_DECLS /* OpenSSH compatibility */ -#define cannot_audit(x) (!(au_get_state() == AUC_AUDITING)) +int cannot_audit(int); __BEGIN_DECLS /* ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_user#4 (text+ko) ==== @@ -1,5 +1,4 @@ # -# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_user#3 $ +# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_user#4 $ # root:lo:no -audit:fc:no ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_notify.c#5 (text+ko) ==== @@ -26,15 +26,12 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_notify.c#4 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_notify.c#5 $ */ -#ifdef __APPLE__ - /* * Based on sample code from Marc Majka. */ -#include <notify.h> #include <string.h> /* strerror() */ #include <sys/errno.h> /* errno */ #include <bsm/libbsm.h> @@ -42,6 +39,8 @@ #include <syslog.h> /* syslog() */ #include <stdarg.h> /* syslog() */ +#ifdef __APPLE__ +#include <notify.h> /* If 1, assumes a kernel that sends the right notification. */ #define AUDIT_NOTIFICATION_ENABLED 1 @@ -145,5 +144,25 @@ return (AUC_AUDITING); } } +#endif /* !__APPLE__ */ -#endif /* !__APPLE__ */ +int +cannot_audit(int val __unused) +{ +#ifdef __APPLE__ + return (!(au_get_state() == AUC_AUDITING)); +#else + unsigned long au_cond; + + if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { + if (errno != ENOSYS) { + syslog(LOG_ERR, "Audit status check failed (%s)", + strerror(errno)); + } + return (1); + } + if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED) + return (1); + return (0); +#endif /* !__APPLE__ */ +} ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#7 (text+ko) ==== @@ -26,9 +26,13 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#6 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#7 $ */ +#ifdef __APPLE__ +#define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */ +#endif + #include <sys/param.h> #include <sys/stat.h> #include <sys/sysctl.h>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602080304.k18341ak040725>