Author: rwatson
Date: Sat Dec 1 13:46:37 2012
New Revision: 243751
URL: http://svnweb.freebsd.org/changeset/base/243751
Log:
Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to
src/sys/{bsm,security/audit}. There are a few tweaks to help with the
FreeBSD build environment that will be merged back to OpenBSM. No
significant functional changes appear on the kernel side.
Obtained from: TrustedBSD Project
Sponsored by: The FreeBSD Foundation (auditdistd)
Modified:
head/sys/bsm/audit_errno.h
head/sys/bsm/audit_internal.h
head/sys/bsm/audit_record.h
head/sys/security/audit/audit_bsm_errno.c
head/sys/security/audit/audit_bsm_token.c
Modified: head/sys/bsm/audit_errno.h
==============================================================================
--- head/sys/bsm/audit_errno.h Sat Dec 1 11:58:08 2012 (r243750)
+++ head/sys/bsm/audit_errno.h Sat Dec 1 13:46:37 2012 (r243751)
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#7
* $FreeBSD$
*/
Modified: head/sys/bsm/audit_internal.h
==============================================================================
--- head/sys/bsm/audit_internal.h Sat Dec 1 11:58:08 2012
(r243750)
+++ head/sys/bsm/audit_internal.h Sat Dec 1 13:46:37 2012
(r243751)
@@ -15,7 +15,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ * 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
@@ -30,7 +30,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#6
* $FreeBSD$
*/
Modified: head/sys/bsm/audit_record.h
==============================================================================
--- head/sys/bsm/audit_record.h Sat Dec 1 11:58:08 2012 (r243750)
+++ head/sys/bsm/audit_record.h Sat Dec 1 13:46:37 2012 (r243751)
@@ -234,6 +234,7 @@ token_t *au_to_ipc_perm(struct ipc_perm
token_t *au_to_iport(uint16_t iport);
token_t *au_to_opaque(const char *data, uint16_t bytes);
token_t *au_to_path(const char *path);
+token_t *au_to_privset(char *privtypestr, char *privstr);
token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t
ruid,
@@ -279,6 +280,7 @@ token_t *au_to_exec_env(char **envp);
token_t *au_to_text(const char *text);
token_t *au_to_kevent(struct kevent *kev);
token_t *au_to_trailer(int rec_size);
+token_t *au_to_upriv(char sorf, char *priv);
token_t *au_to_zonename(const char *zonename);
/*
Modified: head/sys/security/audit/audit_bsm_errno.c
==============================================================================
--- head/sys/security/audit/audit_bsm_errno.c Sat Dec 1 11:58:08 2012
(r243750)
+++ head/sys/security/audit/audit_bsm_errno.c Sat Dec 1 13:46:37 2012
(r243751)
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#22
*/
#include <sys/cdefs.h>
@@ -494,7 +494,7 @@ static const struct bsm_errno bsm_errnos
#ifdef EPROCUNAVAIL
EPROCUNAVAIL,
#else
- ERRNO_NO_LOCAL_MAPPING
+ ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Bad procedure for program") },
{ BSM_ERRNO_EFTYPE,
@@ -666,7 +666,7 @@ static const struct bsm_errno bsm_errnos
#endif
ES("Required key not available") },
{ BSM_ERRNO_EKEYEXPIRED,
-#ifdef EKEEXPIRED
+#ifdef EKEYEXPIRED
EKEYEXPIRED,
#else
ERRNO_NO_LOCAL_MAPPING,
@@ -680,7 +680,7 @@ static const struct bsm_errno bsm_errnos
#endif
ES("Key has been revoked") },
{ BSM_ERRNO_EKEYREJECTED,
-#ifdef EKEREJECTED
+#ifdef EKEYREJECTED
EKEYREJECTED,
#else
ERRNO_NO_LOCAL_MAPPING,
Modified: head/sys/security/audit/audit_bsm_token.c
==============================================================================
--- head/sys/security/audit/audit_bsm_token.c Sat Dec 1 11:58:08 2012
(r243750)
+++ head/sys/security/audit/audit_bsm_token.c Sat Dec 1 13:46:37 2012
(r243751)
@@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99
*/
#include <sys/cdefs.h>
@@ -68,6 +68,57 @@ __FBSDID("$FreeBSD$");
/*
* token ID 1 byte
+ * success/failure 1 byte
+ * privstrlen 2 bytes
+ * privstr N bytes + 1 (\0 byte)
+ */
+token_t *
+au_to_upriv(char sorf, char *priv)
+{
+ u_int16_t textlen;
+ u_char *dptr;
+ token_t *t;
+
+ textlen = strlen(priv) + 1;
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) +
+ sizeof(u_int16_t) + textlen);
+
+ ADD_U_CHAR(dptr, AUT_UPRIV);
+ ADD_U_CHAR(dptr, sorf);
+ ADD_U_INT16(dptr, textlen);
+ ADD_STRING(dptr, priv, textlen);
+ return (t);
+}
+
+/*
+ * token ID 1 byte
+ * privtstrlen 2 bytes
+ * privtstr N bytes + 1
+ * privstrlen 2 bytes
+ * privstr N bytes + 1
+ */
+token_t *
+au_to_privset(char *privtypestr, char *privstr)
+{
+ u_int16_t type_len, priv_len;
+ u_char *dptr;
+ token_t *t;
+
+ type_len = strlen(privtypestr) + 1;
+ priv_len = strlen(privstr) + 1;
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
+ sizeof(u_int16_t) + type_len + priv_len);
+
+ ADD_U_CHAR(dptr, AUT_PRIV);
+ ADD_U_INT16(dptr, type_len);
+ ADD_STRING(dptr, privtypestr, type_len);
+ ADD_U_INT16(dptr, priv_len);
+ ADD_STRING(dptr, privstr, priv_len);
+ return (t);
+}
+
+/*
+ * token ID 1 byte
* argument # 1 byte
* argument value 4 bytes/8 bytes (32-bit/64-bit value)
* text length 2 bytes
@@ -1204,9 +1255,9 @@ au_to_me(void)
auinfo.ai_asid, &auinfo.ai_termid));
} else {
/* getaudit_addr(2) failed for some other reason. */
- return (NULL);
+ return (NULL);
}
- }
+ }
return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
getgid(), getpid(), aia.ai_asid, &aia.ai_termid));
@@ -1438,7 +1489,7 @@ au_to_header32_ex_tm(int rec_size, au_ev
ADD_U_INT32(dptr, tm.tv_sec);
ADD_U_INT32(dptr, timems); /* We need time in ms. */
- return (t);
+ return (t);
}
token_t *
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
