Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 Aug 2006 10:57:37 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 104912 for review
Message-ID:  <200608241057.k7OAvbqv060483@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=104912

Change 104912 by rwatson@rwatson_sesame on 2006/08/24 10:56:48

	Merge OpenBSM 1.0a9 features from TrustedBSD OpenBSM branch to
	TrustedBSD audit3 branch:
	
	- Constant renaming, which may require further work in the audit3
	  branch to catch up with.
	- auditfilterd API updates.

Affected files ...

.. //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#10 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/README#15 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/VERSION#11 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#9 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#14 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#15 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/configure#9 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#10 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#13 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#17 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#20 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#9 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c#3 integrate

Differences ...

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#10 (text+ko) ====

@@ -1,3 +1,14 @@
+OpenBSM 1.0 alpha 9
+
+- Rename many OpenBSM-specific constants and API elements containing the
+  strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true
+  for almost all existing constants and APIs.
+- Instead of passing a per-instance cookie directly into all audit filter
+  APIs, pass in the audit filter daemon state pointer, which is then used by
+  the module using an audit_filter_{get,set}cookie() API.  This will allow
+  future service APIs provided by the filter daemon to maintain their own
+  state -- for example, per-module preselection state.
+
 OpenBSM 1.0 alpha 8
 
 - Correct typo in definition of AUR_INT.
@@ -192,4 +203,4 @@
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#9 $
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#10 $

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/README#15 (text+ko) ====

@@ -75,6 +75,7 @@
     Christian Peron
     Martin Fong
     Pawel Worach
+    Martin Englund
 
 In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
 Software's FlexeLint tool were used to identify a number of bugs in the
@@ -96,4 +97,4 @@
 
     http://www.TrustedBSD.org/
 
-$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/README#14 $
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/README#15 $

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/VERSION#11 (text+ko) ====

@@ -1,1 +1,1 @@
-OPENBSM_1_0_ALPHA_8
+OPENBSM_1_0_ALPHA_9

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#4 (text+ko) ====

@@ -25,7 +25,16 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#3 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#4 $
+ */
+
+/*
+ * Main file for the audit filter daemon, which presents audit records to a
+ * set of run-time registered loadable modules.  This is the main event loop
+ * of the daemon, which handles starting up, waiting for records, and
+ * presenting records to configured modules.  auditfilterd_conf.c handles the
+ * reading and management of the configuration, module list and module state,
+ * etc.
  */
 
 #include <sys/types.h>
@@ -106,13 +115,13 @@
  * Present raw BSM to a set of registered and interested filters.
  */
 static void
-present_bsmrecord(struct timespec *ts, u_char *data, u_int len)
+present_rawrecord(struct timespec *ts, u_char *data, u_int len)
 {
 	struct auditfilter_module *am;
 
 	TAILQ_FOREACH(am, &filter_list, am_list) {
-		if (am->am_bsmrecord != NULL)
-			(am->am_bsmrecord)(am->am_instance, ts, data, len);
+		if (am->am_rawrecord != NULL)
+			(am->am_rawrecord)(am, ts, data, len);
 	}
 }
 
@@ -140,8 +149,7 @@
 
 	TAILQ_FOREACH(am, &filter_list, am_list) {
 		if (am->am_record != NULL)
-			(am->am_record)(am->am_instance, ts, tokencount,
-			    tokens);
+			(am->am_record)(am, ts, tokencount, tokens);
 	}
 }
 
@@ -191,7 +199,7 @@
 			continue;
 		if (clock_gettime(CLOCK_REALTIME, &ts) < 0)
 			err(-1, "clock_gettime");
-		present_bsmrecord(&ts, buf, reclen);
+		present_rawrecord(&ts, buf, reclen);
 		present_tokens(&ts, buf, reclen);
 		free(buf);
 	}
@@ -241,7 +249,7 @@
 			continue;
 		if (clock_gettime(CLOCK_REALTIME, &ts) < 0)
 			err(-1, "clock_gettime");
-		present_bsmrecord(&ts, record, reclen);
+		present_rawrecord(&ts, record, reclen);
 		present_tokens(&ts, record, reclen);
 	}
 }

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#4 (text+ko) ====

@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#3 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#4 $
  */
 
 #define	AUDITFILTERD_CONFFILE	"/etc/security/audit_filter"
@@ -53,11 +53,11 @@
 	/*
 	 * Fields provided by or extracted from the module.
 	 */
-	void						*am_instance;
+	void						*am_cookie;
 	audit_filter_attach_t				 am_attach;
 	audit_filter_reinit_t				 am_reinit;
 	audit_filter_record_t				 am_record;
-	audit_filter_bsmrecord_t			 am_bsmrecord;
+	audit_filter_rawrecord_t			 am_rawrecord;
 	audit_filter_detach_t				 am_detach;
 
 	/*

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 (text+ko) ====

@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c#2 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 $
  */
 
 /*
@@ -38,6 +38,12 @@
  * Modules are in one of two states: attached, or detached.  If attach fails,
  * detach is not called because it was not attached.  If a module is attached
  * and a call to its reinit method fails, we will detach it.
+ *
+ * Modules are passed a (void *) reference to their configuration state so
+ * that they may pass this into any common APIs we provide which may rely on
+ * that state.  Currently, the only such API is the cookie API, which allows
+ * per-instance state to be maintained by a module.  In the future, this will
+ * also be used to support per-instance preselection state.
  */
 
 #include <sys/types.h>
@@ -105,8 +111,8 @@
 {
 
 	if (am->am_detach != NULL)
-		am->am_detach(am->am_instance);
-	am->am_instance = NULL;
+		am->am_detach(am);
+	am->am_cookie = NULL;
 	(void)dlclose(am->am_dlhandle);
 	am->am_dlhandle = NULL;
 }
@@ -149,21 +155,22 @@
 	am->am_attach = dlsym(am->am_dlhandle, AUDIT_FILTER_ATTACH_STRING);
 	am->am_reinit = dlsym(am->am_dlhandle, AUDIT_FILTER_REINIT_STRING);
 	am->am_record = dlsym(am->am_dlhandle, AUDIT_FILTER_RECORD_STRING);
-	am->am_bsmrecord = dlsym(am->am_dlhandle,
-	    AUDIT_FILTER_BSMRECORD_STRING);
+	am->am_rawrecord = dlsym(am->am_dlhandle,
+	    AUDIT_FILTER_RAWRECORD_STRING);
 	am->am_detach = dlsym(am->am_dlhandle, AUDIT_FILTER_DETACH_STRING);
 
 	if (am->am_attach != NULL) {
-		if (am->am_attach(&am->am_instance, am->am_argc, am->am_argv)
+		if (am->am_attach(am, am->am_argc, am->am_argv)
 		    != AUDIT_FILTER_SUCCESS) {
 			warnx("auditfilter_module_attach: %s: failed",
 			    am->am_modulename);
 			dlclose(am->am_dlhandle);
 			am->am_dlhandle = NULL;
+			am->am_cookie = NULL;
 			am->am_attach = NULL;
 			am->am_reinit = NULL;
 			am->am_record = NULL;
-			am->am_bsmrecord = NULL;
+			am->am_rawrecord = NULL;
 			am->am_detach = NULL;
 			return (-1);
 		}
@@ -184,7 +191,7 @@
 	if (am->am_reinit == NULL)
 		return (0);
 
-	if (am->am_reinit(&am->am_instance, am->am_argc, am->am_argv) !=
+	if (am->am_reinit(am, am->am_argc, am->am_argv) !=
 	    AUDIT_FILTER_SUCCESS) {
 		warnx("auditfilter_module_reinit: %s: failed",
 		    am->am_modulename);
@@ -483,3 +490,24 @@
 	auditfilter_module_list_detach(&filter_list);
 	auditfilter_module_list_free(&filter_list);
 }
+
+/*
+ * APIs to allow modules to query and set their per-instance cookie.
+ */
+void
+audit_filter_getcookie(void *instance, void **cookie)
+{
+	struct auditfilter_module *am;
+
+	am = (struct auditfilter_module *)instance;
+	*cookie = am->am_cookie;
+}
+
+void
+audit_filter_setcookie(void *instance, void *cookie)
+{
+	struct auditfilter_module *am;
+
+	am = (struct auditfilter_module *)instance;
+	am->am_cookie = cookie;
+}

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#4 (text+ko) ====

@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#3 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#4 $
  */
 
 #ifndef _BSM_AUDIT_FILTER_H_
@@ -38,22 +38,28 @@
  * audit_filter_reinit_t - arguments to module have changed
  * audit_filter_record_t - present parsed record to filter module, with
  *                         receipt time
- * audit_filter_bsmrecord_t - present bsm format record to filter module,
+ * audit_filter_rawrecord_t - present BSM format record to filter module,
  *                            with receipt time
  * audit_filter_destach_t - filter module is being detached
  *
  * There may be many instances of the same filter, identified by the instance
  * void pointer maintained by the filter instance.
  */
-typedef int (*audit_filter_attach_t)(void **instance, int argc, char *argv[]);
+typedef int (*audit_filter_attach_t)(void *instance, int argc, char *argv[]);
 typedef int (*audit_filter_reinit_t)(void *instance, int argc, char *argv[]);
 typedef void (*audit_filter_record_t)(void *instance, struct timespec *ts,
 	    int token_count, const tokenstr_t tok[]);
-typedef void (*audit_filter_bsmrecord_t)(void *instance, struct timespec *ts,
+typedef void (*audit_filter_rawrecord_t)(void *instance, struct timespec *ts,
 	    void *data, u_int len);
 typedef void (*audit_filter_detach_t)(void *instance);
 
 /*
+ * APIs that may be called by audit filters.
+ */
+void	audit_filter_getcookie(void *instance, void **cookie);
+void	audit_filter_setcookie(void *instance, void *cookie);
+
+/*
  * Values to be returned by audit_filter_init_t.
  */
 #define	AUDIT_FILTER_SUCCESS	(0)
@@ -66,12 +72,12 @@
 #define	AUDIT_FILTER_ATTACH	audit_filter_attach
 #define	AUDIT_FILTER_REINIT	audit_filter_reinit
 #define	AUDIT_FILTER_RECORD	audit_filter_record
-#define	AUDIT_FILTER_BSMRECORD	audit_filter_bsmrecord
+#define	AUDIT_FILTER_RAWRECORD	audit_filter_rawrecord
 #define	AUDIT_FILTER_DETACH	audit_filter_detach
 #define	AUDIT_FILTER_ATTACH_STRING	"audit_filter_attach"
 #define	AUDIT_FILTER_REINIT_STRING	"audit_filter_reinit"
 #define	AUDIT_FILTER_RECORD_STRING	"audit_filter_record"
-#define	AUDIT_FILTER_BSMRECORD_STRING	"audit_filter_bsmrecord"
+#define	AUDIT_FILTER_RAWRECORD_STRING	"audit_filter_rawrecord"
 #define	AUDIT_FILTER_DETACH_STRING	"audit_filter_detach"
 
 #endif /* !_BSM_AUDIT_FILTER_H_ */

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#9 (text+ko) ====

@@ -34,7 +34,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#8 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#9 $
  */
 
 #ifndef _AUDIT_INTERNAL_H
@@ -68,15 +68,15 @@
 typedef	struct au_record	au_record_t;
 
 
-/* We could determined the header and trailer sizes by
- * defining appropriate structures. We hold off that approach
- * till we have a consistant way of using structures for all tokens.
- * This is not straightforward since these token structures may
- * contain pointers of whose contents we dont know the size
- * (e.g text tokens)
+/*
+ * We could determined the header and trailer sizes by defining appropriate
+ * structures.  We hold off that approach until we have a consistant way of
+ * using structures for all tokens.  This is not straightforward since these
+ * token structures may contain pointers of whose contents we dont know the
+ * size (e.g text tokens).
  */
-#define	BSM_HEADER_SIZE		18
-#define	BSM_TRAILER_SIZE	7
+#define	AUDIT_HEADER_SIZE	18
+#define	AUDIT_TRAILER_SIZE	7
 
 /*
  * BSM token streams store fields in big endian byte order, so as to be

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#14 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#13 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#14 $
  */
 
 #ifndef _BSM_AUDIT_RECORD_H_
@@ -199,7 +199,7 @@
 #define PAD_NOTATTR  0x4000   /* nonattributable event */
 #define PAD_FAILURE  0x8000   /* fail audit event */
 
-#define BSM_MAX_GROUPS      16
+#define AUDIT_MAX_GROUPS      16
 
 /*
  * A number of BSM versions are floating around and defined.  Here are
@@ -207,11 +207,11 @@
  * Solaris BSM version, but has a separate version number in order to
  * identify a potentially different event identifier name space.
  */
-#define	BSM_HEADER_VERSION_OLDDARWIN	1	/* In retrospect, a mistake. */
-#define	BSM_HEADER_VERSION_SOLARIS	2
-#define	BSM_HEADER_VERSION_TSOL25	3
-#define	BSM_HEADER_VERSION_TSOL		4
-#define	BSM_HEADER_VERSION_OPENBSM	10
+#define	AUDIT_HEADER_VERSION_OLDDARWIN	1	/* In retrospect, a mistake. */
+#define	AUDIT_HEADER_VERSION_SOLARIS	2
+#define	AUDIT_HEADER_VERSION_TSOL25	3
+#define	AUDIT_HEADER_VERSION_TSOL	4
+#define	AUDIT_HEADER_VERSION_OPENBSM	10
 
 /*
  * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#15 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#14 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#15 $
  */
 
 #ifndef _LIBBSM_H_
@@ -37,8 +37,8 @@
  * solely to allow OpenSSH to compile; Darwin/Apple code should not use them.
  */
 
-#define	BSM_MAX_ARGS	10
-#define	BSM_MAX_ENV	10
+#define	AUDIT_MAX_ARGS	10
+#define	AUDIT_MAX_ENV	10
 
 #include <sys/types.h>
 #include <sys/cdefs.h>
@@ -218,7 +218,7 @@
  */
 typedef struct {
 	u_int32_t	 count;
-	char		*text[BSM_MAX_ARGS];
+	char		*text[AUDIT_MAX_ARGS];
 } au_execarg_t;
 
 /*
@@ -227,7 +227,7 @@
  */
 typedef struct {
 	u_int32_t	 count;
-	char		*text[BSM_MAX_ENV];
+	char		*text[AUDIT_MAX_ENV];
 } au_execenv_t;
 
 /*
@@ -259,7 +259,7 @@
  */
 typedef struct {
 	u_int16_t	no;
-	u_int32_t	list[BSM_MAX_GROUPS];
+	u_int32_t	list[AUDIT_MAX_GROUPS];
 } au_groups_t;
 
 /*

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/configure#9 (xtext) ====

@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#26 .
+# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#27 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a8.
+# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a9.
 #
 # Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
 #
@@ -424,8 +424,8 @@
 # Identity of this package.
 PACKAGE_NAME='OpenBSM'
 PACKAGE_TARNAME='openbsm'
-PACKAGE_VERSION='1.0a8'
-PACKAGE_STRING='OpenBSM 1.0a8'
+PACKAGE_VERSION='1.0a9'
+PACKAGE_STRING='OpenBSM 1.0a9'
 PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
 
 ac_unique_file="bin/auditreduce/auditreduce.c"
@@ -955,7 +955,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures OpenBSM 1.0a8 to adapt to many kinds of systems.
+\`configure' configures OpenBSM 1.0a9 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1021,7 +1021,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of OpenBSM 1.0a8:";;
+     short | recursive ) echo "Configuration of OpenBSM 1.0a9:";;
    esac
   cat <<\_ACEOF
 
@@ -1162,7 +1162,7 @@
 test -n "$ac_init_help" && exit 0
 if $ac_init_version; then
   cat <<\_ACEOF
-OpenBSM configure 1.0a8
+OpenBSM configure 1.0a9
 generated by GNU Autoconf 2.59
 
 Copyright (C) 2003 Free Software Foundation, Inc.
@@ -1176,7 +1176,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by OpenBSM $as_me 1.0a8, which was
+It was created by OpenBSM $as_me 1.0a9, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
   $ $0 $@
@@ -19278,7 +19278,7 @@
 
 # Define the identity of the package.
  PACKAGE=OpenBSM
- VERSION=1.0a8
+ VERSION=1.0a9
 
 
 cat >>confdefs.h <<_ACEOF
@@ -23478,7 +23478,7 @@
 } >&5
 cat >&5 <<_CSEOF
 
-This file was extended by OpenBSM $as_me 1.0a8, which was
+This file was extended by OpenBSM $as_me 1.0a9, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -23541,7 +23541,7 @@
 
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-OpenBSM config.status 1.0a8
+OpenBSM config.status 1.0a9
 configured by $0, generated by GNU Autoconf 2.59,
   with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
 

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#10 (text+ko) ====

@@ -2,8 +2,8 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.59)
-AC_INIT([OpenBSM], [1.0a8], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
-AC_REVISION([$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#9 $])
+AC_INIT([OpenBSM], [1.0a9], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
+AC_REVISION([$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#10 $])
 AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_HEADER([config/config.h])

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#13 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#12 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#13 $
  */
 
 #include <sys/types.h>
@@ -54,14 +54,14 @@
 static au_record_t	*open_desc_table[MAX_AUDIT_RECORDS];
 
 /* The current number of active record descriptors */
-static int	bsm_rec_count = 0;
+static int	audit_rec_count = 0;
 
 /*
  * Records that can be recycled are maintained in the list given below.  The
  * maximum number of elements that can be present in this list is bounded by
  * MAX_AUDIT_RECORDS.  Memory allocated for these records are never freed.
  */
-static LIST_HEAD(, au_record)	bsm_free_q;
+static LIST_HEAD(, au_record)	audit_free_q;
 
 static pthread_mutex_t	mutex = PTHREAD_MUTEX_INITIALIZER;
 
@@ -93,15 +93,15 @@
 
 	pthread_mutex_lock(&mutex);
 
-	if (bsm_rec_count == 0)
-		LIST_INIT(&bsm_free_q);
+	if (audit_rec_count == 0)
+		LIST_INIT(&audit_free_q);
 
 	/*
 	 * Find an unused descriptor, remove it from the free list, mark as
 	 * used.
 	 */
-	if (!LIST_EMPTY(&bsm_free_q)) {
-		rec = LIST_FIRST(&bsm_free_q);
+	if (!LIST_EMPTY(&audit_free_q)) {
+		rec = LIST_FIRST(&audit_free_q);
 		rec->used = 1;
 		LIST_REMOVE(rec, au_rec_q);
 	}
@@ -125,7 +125,7 @@
 
 		pthread_mutex_lock(&mutex);
 
-		if (bsm_rec_count == MAX_AUDIT_RECORDS) {
+		if (audit_rec_count == MAX_AUDIT_RECORDS) {
 			pthread_mutex_unlock(&mutex);
 			free(rec->data);
 			free(rec);
@@ -134,9 +134,9 @@
 			errno = ENOMEM;
 			return (-1);
 		}
-		rec->desc = bsm_rec_count;
-		open_desc_table[bsm_rec_count] = rec;
-		bsm_rec_count++;
+		rec->desc = audit_rec_count;
+		open_desc_table[audit_rec_count] = rec;
+		audit_rec_count++;
 
 		pthread_mutex_unlock(&mutex);
 
@@ -174,7 +174,7 @@
 		return (-1); /* Invalid descriptor */
 	}
 
-	if (rec->len + tok->len + BSM_TRAILER_SIZE > MAX_AUDIT_RECORD_SIZE) {
+	if (rec->len + tok->len + AUDIT_TRAILER_SIZE > MAX_AUDIT_RECORD_SIZE) {
 		errno = ENOMEM;
 		return (-1);
 	}
@@ -208,7 +208,7 @@
 	u_char *dptr;
 	int error;
 
-	tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
+	tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
 	header = au_to_header32(tot_rec_size, event, 0);
 	if (header == NULL)
 		return (-1);
@@ -257,7 +257,7 @@
 	pthread_mutex_lock(&mutex);
 
 	/* Add the record to the freelist tail */
-	LIST_INSERT_HEAD(&bsm_free_q, rec, au_rec_q);
+	LIST_INSERT_HEAD(&audit_free_q, rec, au_rec_q);
 
 	pthread_mutex_unlock(&mutex);
 }
@@ -285,7 +285,7 @@
 		goto cleanup;
 	}
 
-	tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
+	tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
 
 	if (tot_rec_size > MAX_AUDIT_RECORD_SIZE) {
 		/*
@@ -335,7 +335,7 @@
 	}
 
 	retval = 0;
-	tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
+	tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
 	if ((tot_rec_size > MAX_AUDIT_RECORD_SIZE) ||
 	    (tot_rec_size > *buflen)) {
 		/*

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#17 (text+ko) ====

@@ -31,7 +31,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#16 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#17 $
  */
 
 #include <sys/types.h>
@@ -2448,7 +2448,7 @@
 	int err = 0;
 	int recoversize;
 
-	recoversize = len - (tok->len + BSM_TRAILER_SIZE);
+	recoversize = len - (tok->len + AUDIT_TRAILER_SIZE);
 	if (recoversize <= 0)
 		return (-1);
 

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#20 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#19 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#20 $
  */
 
 #include <sys/types.h>
@@ -309,7 +309,7 @@
 au_to_groups(int *groups)
 {
 
-	return (au_to_newgroups(BSM_MAX_GROUPS, groups));
+	return (au_to_newgroups(AUDIT_MAX_GROUPS, groups));
 }
 
 /*
@@ -1155,7 +1155,7 @@
 
 	ADD_U_CHAR(dptr, AUT_HEADER32);
 	ADD_U_INT32(dptr, rec_size);
-	ADD_U_CHAR(dptr, BSM_HEADER_VERSION_OPENBSM);
+	ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM);
 	ADD_U_INT16(dptr, e_type);
 	ADD_U_INT16(dptr, e_mod);
 

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#9 (text+ko) ====

@@ -1,5 +1,5 @@
 .\"-
-.\" Copyright (c) 2005 Robert N. M. Watson
+.\" Copyright (c) 2005-2006 Robert N. M. Watson
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#8 $
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#9 $
 .\"
 .Dd May 1, 2005
 .Dt AUDIT.LOG 5
@@ -91,10 +91,14 @@
 token is used to mark the beginning of a complete audit record, and includes
 the length of the total record in bytes, a version number for the record
 layout, the event type and subtype, and the time at which the event occurred.
-A
+A 32-bit
+.Dv header
+token can be created using
+.Xr au_to_header32 3 ;
+a 64-bit
 .Dv header
 token can be created using
-.Xr au_to_header32 3 .
+.Xr au_to_header64 3 .
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
 .It Li "Token ID" Ta "1 byte" Ta "Token ID"
@@ -111,11 +115,14 @@
 token is an expanded version of the
 .Dv header
 token, with the addition of a machine IPv4 or IPv6 address.
-The
-.Xr libbsm 3
-API cannot currently create an
-.Dv expanded header
-token.
+A 32-bit extended
+.Dv header
+token can be created using
+.Xr au_to_header32_ex 3 ;
+a 64-bit extended
+.Dv header
+token can be created using
+.Xr au_to_header64_ex 3 .
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
 .It Li "Token ID" Ta "1 byte" Ta "Token ID"
@@ -154,11 +161,10 @@
 .Dv How to print
 field is present to specify how to print the data, but interpretation of
 that field is not currently defined.
-The
-.Xr libbsm 3
-API cannot currently create an
+An
 .Dv arbitrary data
-token.
+token can be created using
+.Xr au_to_data 3 .
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
 .It Li "Token ID" Ta "1 byte" Ta "Token ID"

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c#3 (text+ko) ====

@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c#2 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c#3 $
  */
 
 /*
@@ -39,7 +39,7 @@
 #include <bsm/audit_filter.h>
 
 int
-AUDIT_FILTER_ATTACH(void **instance, int argc, char *argv[])
+AUDIT_FILTER_ATTACH(void *instance, int argc, char *argv[])
 {
 
 	return (0);
@@ -60,7 +60,7 @@
 }
 
 void
-AUDIT_FILTER_BSMRECORD(void *instance, struct timespec *ts, u_char *data,
+AUDIT_FILTER_RAWRECORD(void *instance, struct timespec *ts, u_char *data,
     u_int len)
 {
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608241057.k7OAvbqv060483>