From owner-trustedbsd-cvs@FreeBSD.ORG Thu Aug 24 11:00:48 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEFE716A4E8 for ; Thu, 24 Aug 2006 11:00:48 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C1FA43D5E for ; Thu, 24 Aug 2006 11:00:40 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 206A146D4A for ; Thu, 24 Aug 2006 07:00:39 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id AF19314BCE8; Thu, 24 Aug 2006 10:57:38 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id A737B16A4E5; Thu, 24 Aug 2006 10:57:38 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69A5816A4E1 for ; Thu, 24 Aug 2006 10:57:38 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAE4C43D49 for ; Thu, 24 Aug 2006 10:57:37 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k7OAvb5P060486 for ; Thu, 24 Aug 2006 10:57:37 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k7OAvbqv060483 for perforce@freebsd.org; Thu, 24 Aug 2006 10:57:37 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 24 Aug 2006 10:57:37 GMT Message-Id: <200608241057.k7OAvbqv060483@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 104912 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Aug 2006 11:00:49 -0000 http://perforce.freebsd.org/chv.cgi?CH=104912 Change 104912 by rwatson@rwatson_sesame on 2006/08/24 10:56:48 Merge OpenBSM 1.0a9 features from TrustedBSD OpenBSM branch to TrustedBSD audit3 branch: - Constant renaming, which may require further work in the audit3 branch to catch up with. - auditfilterd API updates. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#10 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/README#15 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/VERSION#11 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#9 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#14 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#15 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/configure#9 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#10 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#13 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#17 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#20 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#9 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c#3 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#10 (text+ko) ==== @@ -1,3 +1,14 @@ +OpenBSM 1.0 alpha 9 + +- Rename many OpenBSM-specific constants and API elements containing the + strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true + for almost all existing constants and APIs. +- Instead of passing a per-instance cookie directly into all audit filter + APIs, pass in the audit filter daemon state pointer, which is then used by + the module using an audit_filter_{get,set}cookie() API. This will allow + future service APIs provided by the filter daemon to maintain their own + state -- for example, per-module preselection state. + OpenBSM 1.0 alpha 8 - Correct typo in definition of AUR_INT. @@ -192,4 +203,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#9 $ +$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#10 $ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/README#15 (text+ko) ==== @@ -75,6 +75,7 @@ Christian Peron Martin Fong Pawel Worach + Martin Englund In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel Software's FlexeLint tool were used to identify a number of bugs in the @@ -96,4 +97,4 @@ http://www.TrustedBSD.org/ -$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/README#14 $ +$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/README#15 $ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/VERSION#11 (text+ko) ==== @@ -1,1 +1,1 @@ -OPENBSM_1_0_ALPHA_8 +OPENBSM_1_0_ALPHA_9 ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#4 (text+ko) ==== @@ -25,7 +25,16 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#3 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.c#4 $ + */ + +/* + * Main file for the audit filter daemon, which presents audit records to a + * set of run-time registered loadable modules. This is the main event loop + * of the daemon, which handles starting up, waiting for records, and + * presenting records to configured modules. auditfilterd_conf.c handles the + * reading and management of the configuration, module list and module state, + * etc. */ #include @@ -106,13 +115,13 @@ * Present raw BSM to a set of registered and interested filters. */ static void -present_bsmrecord(struct timespec *ts, u_char *data, u_int len) +present_rawrecord(struct timespec *ts, u_char *data, u_int len) { struct auditfilter_module *am; TAILQ_FOREACH(am, &filter_list, am_list) { - if (am->am_bsmrecord != NULL) - (am->am_bsmrecord)(am->am_instance, ts, data, len); + if (am->am_rawrecord != NULL) + (am->am_rawrecord)(am, ts, data, len); } } @@ -140,8 +149,7 @@ TAILQ_FOREACH(am, &filter_list, am_list) { if (am->am_record != NULL) - (am->am_record)(am->am_instance, ts, tokencount, - tokens); + (am->am_record)(am, ts, tokencount, tokens); } } @@ -191,7 +199,7 @@ continue; if (clock_gettime(CLOCK_REALTIME, &ts) < 0) err(-1, "clock_gettime"); - present_bsmrecord(&ts, buf, reclen); + present_rawrecord(&ts, buf, reclen); present_tokens(&ts, buf, reclen); free(buf); } @@ -241,7 +249,7 @@ continue; if (clock_gettime(CLOCK_REALTIME, &ts) < 0) err(-1, "clock_gettime"); - present_bsmrecord(&ts, record, reclen); + present_rawrecord(&ts, record, reclen); present_tokens(&ts, record, reclen); } } ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#4 (text+ko) ==== @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#3 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd.h#4 $ */ #define AUDITFILTERD_CONFFILE "/etc/security/audit_filter" @@ -53,11 +53,11 @@ /* * Fields provided by or extracted from the module. */ - void *am_instance; + void *am_cookie; audit_filter_attach_t am_attach; audit_filter_reinit_t am_reinit; audit_filter_record_t am_record; - audit_filter_bsmrecord_t am_bsmrecord; + audit_filter_rawrecord_t am_rawrecord; audit_filter_detach_t am_detach; /* ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 (text+ko) ==== @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c#2 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 $ */ /* @@ -38,6 +38,12 @@ * Modules are in one of two states: attached, or detached. If attach fails, * detach is not called because it was not attached. If a module is attached * and a call to its reinit method fails, we will detach it. + * + * Modules are passed a (void *) reference to their configuration state so + * that they may pass this into any common APIs we provide which may rely on + * that state. Currently, the only such API is the cookie API, which allows + * per-instance state to be maintained by a module. In the future, this will + * also be used to support per-instance preselection state. */ #include @@ -105,8 +111,8 @@ { if (am->am_detach != NULL) - am->am_detach(am->am_instance); - am->am_instance = NULL; + am->am_detach(am); + am->am_cookie = NULL; (void)dlclose(am->am_dlhandle); am->am_dlhandle = NULL; } @@ -149,21 +155,22 @@ am->am_attach = dlsym(am->am_dlhandle, AUDIT_FILTER_ATTACH_STRING); am->am_reinit = dlsym(am->am_dlhandle, AUDIT_FILTER_REINIT_STRING); am->am_record = dlsym(am->am_dlhandle, AUDIT_FILTER_RECORD_STRING); - am->am_bsmrecord = dlsym(am->am_dlhandle, - AUDIT_FILTER_BSMRECORD_STRING); + am->am_rawrecord = dlsym(am->am_dlhandle, + AUDIT_FILTER_RAWRECORD_STRING); am->am_detach = dlsym(am->am_dlhandle, AUDIT_FILTER_DETACH_STRING); if (am->am_attach != NULL) { - if (am->am_attach(&am->am_instance, am->am_argc, am->am_argv) + if (am->am_attach(am, am->am_argc, am->am_argv) != AUDIT_FILTER_SUCCESS) { warnx("auditfilter_module_attach: %s: failed", am->am_modulename); dlclose(am->am_dlhandle); am->am_dlhandle = NULL; + am->am_cookie = NULL; am->am_attach = NULL; am->am_reinit = NULL; am->am_record = NULL; - am->am_bsmrecord = NULL; + am->am_rawrecord = NULL; am->am_detach = NULL; return (-1); } @@ -184,7 +191,7 @@ if (am->am_reinit == NULL) return (0); - if (am->am_reinit(&am->am_instance, am->am_argc, am->am_argv) != + if (am->am_reinit(am, am->am_argc, am->am_argv) != AUDIT_FILTER_SUCCESS) { warnx("auditfilter_module_reinit: %s: failed", am->am_modulename); @@ -483,3 +490,24 @@ auditfilter_module_list_detach(&filter_list); auditfilter_module_list_free(&filter_list); } + +/* + * APIs to allow modules to query and set their per-instance cookie. + */ +void +audit_filter_getcookie(void *instance, void **cookie) +{ + struct auditfilter_module *am; + + am = (struct auditfilter_module *)instance; + *cookie = am->am_cookie; +} + +void +audit_filter_setcookie(void *instance, void *cookie) +{ + struct auditfilter_module *am; + + am = (struct auditfilter_module *)instance; + am->am_cookie = cookie; +} ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#4 (text+ko) ==== @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#3 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_filter.h#4 $ */ #ifndef _BSM_AUDIT_FILTER_H_ @@ -38,22 +38,28 @@ * audit_filter_reinit_t - arguments to module have changed * audit_filter_record_t - present parsed record to filter module, with * receipt time - * audit_filter_bsmrecord_t - present bsm format record to filter module, + * audit_filter_rawrecord_t - present BSM format record to filter module, * with receipt time * audit_filter_destach_t - filter module is being detached * * There may be many instances of the same filter, identified by the instance * void pointer maintained by the filter instance. */ -typedef int (*audit_filter_attach_t)(void **instance, int argc, char *argv[]); +typedef int (*audit_filter_attach_t)(void *instance, int argc, char *argv[]); typedef int (*audit_filter_reinit_t)(void *instance, int argc, char *argv[]); typedef void (*audit_filter_record_t)(void *instance, struct timespec *ts, int token_count, const tokenstr_t tok[]); -typedef void (*audit_filter_bsmrecord_t)(void *instance, struct timespec *ts, +typedef void (*audit_filter_rawrecord_t)(void *instance, struct timespec *ts, void *data, u_int len); typedef void (*audit_filter_detach_t)(void *instance); /* + * APIs that may be called by audit filters. + */ +void audit_filter_getcookie(void *instance, void **cookie); +void audit_filter_setcookie(void *instance, void *cookie); + +/* * Values to be returned by audit_filter_init_t. */ #define AUDIT_FILTER_SUCCESS (0) @@ -66,12 +72,12 @@ #define AUDIT_FILTER_ATTACH audit_filter_attach #define AUDIT_FILTER_REINIT audit_filter_reinit #define AUDIT_FILTER_RECORD audit_filter_record -#define AUDIT_FILTER_BSMRECORD audit_filter_bsmrecord +#define AUDIT_FILTER_RAWRECORD audit_filter_rawrecord #define AUDIT_FILTER_DETACH audit_filter_detach #define AUDIT_FILTER_ATTACH_STRING "audit_filter_attach" #define AUDIT_FILTER_REINIT_STRING "audit_filter_reinit" #define AUDIT_FILTER_RECORD_STRING "audit_filter_record" -#define AUDIT_FILTER_BSMRECORD_STRING "audit_filter_bsmrecord" +#define AUDIT_FILTER_RAWRECORD_STRING "audit_filter_rawrecord" #define AUDIT_FILTER_DETACH_STRING "audit_filter_detach" #endif /* !_BSM_AUDIT_FILTER_H_ */ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#9 (text+ko) ==== @@ -34,7 +34,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#8 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#9 $ */ #ifndef _AUDIT_INTERNAL_H @@ -68,15 +68,15 @@ typedef struct au_record au_record_t; -/* We could determined the header and trailer sizes by - * defining appropriate structures. We hold off that approach - * till we have a consistant way of using structures for all tokens. - * This is not straightforward since these token structures may - * contain pointers of whose contents we dont know the size - * (e.g text tokens) +/* + * We could determined the header and trailer sizes by defining appropriate + * structures. We hold off that approach until we have a consistant way of + * using structures for all tokens. This is not straightforward since these + * token structures may contain pointers of whose contents we dont know the + * size (e.g text tokens). */ -#define BSM_HEADER_SIZE 18 -#define BSM_TRAILER_SIZE 7 +#define AUDIT_HEADER_SIZE 18 +#define AUDIT_TRAILER_SIZE 7 /* * BSM token streams store fields in big endian byte order, so as to be ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#14 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#13 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#14 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -199,7 +199,7 @@ #define PAD_NOTATTR 0x4000 /* nonattributable event */ #define PAD_FAILURE 0x8000 /* fail audit event */ -#define BSM_MAX_GROUPS 16 +#define AUDIT_MAX_GROUPS 16 /* * A number of BSM versions are floating around and defined. Here are @@ -207,11 +207,11 @@ * Solaris BSM version, but has a separate version number in order to * identify a potentially different event identifier name space. */ -#define BSM_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */ -#define BSM_HEADER_VERSION_SOLARIS 2 -#define BSM_HEADER_VERSION_TSOL25 3 -#define BSM_HEADER_VERSION_TSOL 4 -#define BSM_HEADER_VERSION_OPENBSM 10 +#define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */ +#define AUDIT_HEADER_VERSION_SOLARIS 2 +#define AUDIT_HEADER_VERSION_TSOL25 3 +#define AUDIT_HEADER_VERSION_TSOL 4 +#define AUDIT_HEADER_VERSION_OPENBSM 10 /* * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#15 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#14 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#15 $ */ #ifndef _LIBBSM_H_ @@ -37,8 +37,8 @@ * solely to allow OpenSSH to compile; Darwin/Apple code should not use them. */ -#define BSM_MAX_ARGS 10 -#define BSM_MAX_ENV 10 +#define AUDIT_MAX_ARGS 10 +#define AUDIT_MAX_ENV 10 #include #include @@ -218,7 +218,7 @@ */ typedef struct { u_int32_t count; - char *text[BSM_MAX_ARGS]; + char *text[AUDIT_MAX_ARGS]; } au_execarg_t; /* @@ -227,7 +227,7 @@ */ typedef struct { u_int32_t count; - char *text[BSM_MAX_ENV]; + char *text[AUDIT_MAX_ENV]; } au_execenv_t; /* @@ -259,7 +259,7 @@ */ typedef struct { u_int16_t no; - u_int32_t list[BSM_MAX_GROUPS]; + u_int32_t list[AUDIT_MAX_GROUPS]; } au_groups_t; /* ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/configure#9 (xtext) ==== @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#26 . +# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#27 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a8. +# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a9. # # Report bugs to . # @@ -424,8 +424,8 @@ # Identity of this package. PACKAGE_NAME='OpenBSM' PACKAGE_TARNAME='openbsm' -PACKAGE_VERSION='1.0a8' -PACKAGE_STRING='OpenBSM 1.0a8' +PACKAGE_VERSION='1.0a9' +PACKAGE_STRING='OpenBSM 1.0a9' PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org' ac_unique_file="bin/auditreduce/auditreduce.c" @@ -955,7 +955,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenBSM 1.0a8 to adapt to many kinds of systems. +\`configure' configures OpenBSM 1.0a9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1021,7 +1021,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenBSM 1.0a8:";; + short | recursive ) echo "Configuration of OpenBSM 1.0a9:";; esac cat <<\_ACEOF @@ -1162,7 +1162,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -OpenBSM configure 1.0a8 +OpenBSM configure 1.0a9 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1176,7 +1176,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenBSM $as_me 1.0a8, which was +It was created by OpenBSM $as_me 1.0a9, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -19278,7 +19278,7 @@ # Define the identity of the package. PACKAGE=OpenBSM - VERSION=1.0a8 + VERSION=1.0a9 cat >>confdefs.h <<_ACEOF @@ -23478,7 +23478,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by OpenBSM $as_me 1.0a8, which was +This file was extended by OpenBSM $as_me 1.0a9, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23541,7 +23541,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -OpenBSM config.status 1.0a8 +OpenBSM config.status 1.0a9 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#10 (text+ko) ==== @@ -2,8 +2,8 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([OpenBSM], [1.0a8], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) -AC_REVISION([$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#9 $]) +AC_INIT([OpenBSM], [1.0a9], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) +AC_REVISION([$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/configure.ac#10 $]) AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_HEADER([config/config.h]) ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#13 (text+ko) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#12 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#13 $ */ #include @@ -54,14 +54,14 @@ static au_record_t *open_desc_table[MAX_AUDIT_RECORDS]; /* The current number of active record descriptors */ -static int bsm_rec_count = 0; +static int audit_rec_count = 0; /* * Records that can be recycled are maintained in the list given below. The * maximum number of elements that can be present in this list is bounded by * MAX_AUDIT_RECORDS. Memory allocated for these records are never freed. */ -static LIST_HEAD(, au_record) bsm_free_q; +static LIST_HEAD(, au_record) audit_free_q; static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; @@ -93,15 +93,15 @@ pthread_mutex_lock(&mutex); - if (bsm_rec_count == 0) - LIST_INIT(&bsm_free_q); + if (audit_rec_count == 0) + LIST_INIT(&audit_free_q); /* * Find an unused descriptor, remove it from the free list, mark as * used. */ - if (!LIST_EMPTY(&bsm_free_q)) { - rec = LIST_FIRST(&bsm_free_q); + if (!LIST_EMPTY(&audit_free_q)) { + rec = LIST_FIRST(&audit_free_q); rec->used = 1; LIST_REMOVE(rec, au_rec_q); } @@ -125,7 +125,7 @@ pthread_mutex_lock(&mutex); - if (bsm_rec_count == MAX_AUDIT_RECORDS) { + if (audit_rec_count == MAX_AUDIT_RECORDS) { pthread_mutex_unlock(&mutex); free(rec->data); free(rec); @@ -134,9 +134,9 @@ errno = ENOMEM; return (-1); } - rec->desc = bsm_rec_count; - open_desc_table[bsm_rec_count] = rec; - bsm_rec_count++; + rec->desc = audit_rec_count; + open_desc_table[audit_rec_count] = rec; + audit_rec_count++; pthread_mutex_unlock(&mutex); @@ -174,7 +174,7 @@ return (-1); /* Invalid descriptor */ } - if (rec->len + tok->len + BSM_TRAILER_SIZE > MAX_AUDIT_RECORD_SIZE) { + if (rec->len + tok->len + AUDIT_TRAILER_SIZE > MAX_AUDIT_RECORD_SIZE) { errno = ENOMEM; return (-1); } @@ -208,7 +208,7 @@ u_char *dptr; int error; - tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE; + tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; header = au_to_header32(tot_rec_size, event, 0); if (header == NULL) return (-1); @@ -257,7 +257,7 @@ pthread_mutex_lock(&mutex); /* Add the record to the freelist tail */ - LIST_INSERT_HEAD(&bsm_free_q, rec, au_rec_q); + LIST_INSERT_HEAD(&audit_free_q, rec, au_rec_q); pthread_mutex_unlock(&mutex); } @@ -285,7 +285,7 @@ goto cleanup; } - tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE; + tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; if (tot_rec_size > MAX_AUDIT_RECORD_SIZE) { /* @@ -335,7 +335,7 @@ } retval = 0; - tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE; + tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; if ((tot_rec_size > MAX_AUDIT_RECORD_SIZE) || (tot_rec_size > *buflen)) { /* ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#17 (text+ko) ==== @@ -31,7 +31,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#16 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#17 $ */ #include @@ -2448,7 +2448,7 @@ int err = 0; int recoversize; - recoversize = len - (tok->len + BSM_TRAILER_SIZE); + recoversize = len - (tok->len + AUDIT_TRAILER_SIZE); if (recoversize <= 0) return (-1); ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#20 (text+ko) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#19 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#20 $ */ #include @@ -309,7 +309,7 @@ au_to_groups(int *groups) { - return (au_to_newgroups(BSM_MAX_GROUPS, groups)); + return (au_to_newgroups(AUDIT_MAX_GROUPS, groups)); } /* @@ -1155,7 +1155,7 @@ ADD_U_CHAR(dptr, AUT_HEADER32); ADD_U_INT32(dptr, rec_size); - ADD_U_CHAR(dptr, BSM_HEADER_VERSION_OPENBSM); + ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); ADD_U_INT16(dptr, e_type); ADD_U_INT16(dptr, e_mod); ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#9 (text+ko) ==== @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2005 Robert N. M. Watson +.\" Copyright (c) 2005-2006 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#8 $ +.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#9 $ .\" .Dd May 1, 2005 .Dt AUDIT.LOG 5 @@ -91,10 +91,14 @@ token is used to mark the beginning of a complete audit record, and includes the length of the total record in bytes, a version number for the record layout, the event type and subtype, and the time at which the event occurred. -A +A 32-bit +.Dv header +token can be created using +.Xr au_to_header32 3 ; +a 64-bit .Dv header token can be created using -.Xr au_to_header32 3 . +.Xr au_to_header64 3 . .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" .It Sy "Field" Ta Sy Bytes Ta Sy Description .It Li "Token ID" Ta "1 byte" Ta "Token ID" @@ -111,11 +115,14 @@ token is an expanded version of the .Dv header token, with the addition of a machine IPv4 or IPv6 address. -The -.Xr libbsm 3 -API cannot currently create an -.Dv expanded header -token. +A 32-bit extended +.Dv header +token can be created using +.Xr au_to_header32_ex 3 ; +a 64-bit extended +.Dv header +token can be created using +.Xr au_to_header64_ex 3 . .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" .It Sy "Field" Ta Sy Bytes Ta Sy Description .It Li "Token ID" Ta "1 byte" Ta "Token ID" @@ -154,11 +161,10 @@ .Dv How to print field is present to specify how to print the data, but interpretation of that field is not currently defined. -The -.Xr libbsm 3 -API cannot currently create an +An .Dv arbitrary data -token. +token can be created using +.Xr au_to_data 3 . .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" .It Sy "Field" Ta Sy Bytes Ta Sy Description .It Li "Token ID" Ta "1 byte" Ta "Token ID" ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c#3 (text+ko) ==== @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c#2 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c#3 $ */ /* @@ -39,7 +39,7 @@ #include int -AUDIT_FILTER_ATTACH(void **instance, int argc, char *argv[]) +AUDIT_FILTER_ATTACH(void *instance, int argc, char *argv[]) { return (0); @@ -60,7 +60,7 @@ } void -AUDIT_FILTER_BSMRECORD(void *instance, struct timespec *ts, u_char *data, +AUDIT_FILTER_RAWRECORD(void *instance, struct timespec *ts, u_char *data, u_int len) {