Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to

src/sys/{bsm,security/audit}. There are a few tweaks to help with the FreeBSD build environment that will be merged back to OpenBSM. No significant functional changes appear on the kernel side. Obtained from: TrustedBSD Project Sponsored by: The FreeBSD Foundation (auditdistd)
svn path=/head/; revision=243751
2024-11-14 06:12:01 +01:00 · 2012-12-01 13:46:37 +00:00 · 2012-12-01 13:46:37 +00:00 · d0c2e5bd23 · 2020-12-20 02:59:44 +00:00
commit d0c2e5bd23
parent aa77200569
5 changed files with 64 additions and 11 deletions
--- a/sys/bsm/audit_errno.h
+++ b/sys/bsm/audit_errno.h
@ -26,7 +26,7 @@
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE. 
 *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#7
 * $FreeBSD$
 */

--- a/sys/bsm/audit_internal.h
+++ b/sys/bsm/audit_internal.h
@ -15,7 +15,7 @@
 * 2.  Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
- * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
 *     its contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
@ -30,7 +30,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#6
 * $FreeBSD$
 */

--- a/sys/bsm/audit_record.h
+++ b/sys/bsm/audit_record.h
@ -234,6 +234,7 @@ token_t	*au_to_ipc_perm(struct ipc_perm *perm);
 token_t	*au_to_iport(uint16_t iport);
 token_t	*au_to_opaque(const char *data, uint16_t bytes);
 token_t	*au_to_path(const char *path);
+token_t	*au_to_privset(char *privtypestr, char *privstr);
 token_t	*au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
 	    gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
 token_t	*au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
@ -279,6 +280,7 @@ token_t	*au_to_exec_env(char **envp);
 token_t	*au_to_text(const char *text);
 token_t	*au_to_kevent(struct kevent *kev);
 token_t	*au_to_trailer(int rec_size);
+token_t	*au_to_upriv(char sorf, char *priv);
 token_t	*au_to_zonename(const char *zonename);

 /*
--- a/sys/security/audit/audit_bsm_errno.c
+++ b/sys/security/audit/audit_bsm_errno.c
@ -26,7 +26,7 @@
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE. 
 *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#22
 */

 #include <sys/cdefs.h>
@ -494,7 +494,7 @@ static const struct bsm_errno bsm_errnos[] = {
 #ifdef EPROCUNAVAIL
 	EPROCUNAVAIL,
 #else
-	ERRNO_NO_LOCAL_MAPPING
+	ERRNO_NO_LOCAL_MAPPING,
 #endif
 	ES("Bad procedure for program") },
 	{ BSM_ERRNO_EFTYPE,
@ -666,7 +666,7 @@ static const struct bsm_errno bsm_errnos[] = {
 #endif
 	ES("Required key not available") },
 	{ BSM_ERRNO_EKEYEXPIRED,
-#ifdef EKEEXPIRED
+#ifdef EKEYEXPIRED
 	EKEYEXPIRED,
 #else
 	ERRNO_NO_LOCAL_MAPPING,
@ -680,7 +680,7 @@ static const struct bsm_errno bsm_errnos[] = {
 #endif
 	ES("Key has been revoked") },
 	{ BSM_ERRNO_EKEYREJECTED,
-#ifdef EKEREJECTED
+#ifdef EKEYREJECTED
 	EKEYREJECTED,
 #else
 	ERRNO_NO_LOCAL_MAPPING,
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@ -30,7 +30,7 @@
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99
 */

 #include <sys/cdefs.h>
@ -66,6 +66,57 @@ __FBSDID("$FreeBSD$");
 	dptr = t->t_data;						\
 } while (0)

+/*
+ * token ID                1 byte
+ * success/failure         1 byte
+ * privstrlen              2 bytes
+ * privstr                 N bytes + 1 (\0 byte)
+ */
+token_t *
+au_to_upriv(char sorf, char *priv)
+{
+	u_int16_t textlen;
+	u_char *dptr;
+	token_t *t;
+
+	textlen = strlen(priv) + 1;
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) +
+	    sizeof(u_int16_t) + textlen);
+
+	ADD_U_CHAR(dptr, AUT_UPRIV);
+	ADD_U_CHAR(dptr, sorf);
+	ADD_U_INT16(dptr, textlen);
+	ADD_STRING(dptr, priv, textlen);
+	return (t);
+}
+
+/*
+ * token ID		1 byte
+ * privtstrlen		2 bytes
+ * privtstr		N bytes + 1
+ * privstrlen		2 bytes
+ * privstr		N bytes + 1
+ */
+token_t *
+au_to_privset(char *privtypestr, char *privstr)
+{
+	u_int16_t	 type_len, priv_len;
+	u_char		*dptr;
+	token_t		*t;
+
+	type_len = strlen(privtypestr) + 1;
+	priv_len = strlen(privstr) + 1;
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
+	    sizeof(u_int16_t) + type_len + priv_len);
+
+	ADD_U_CHAR(dptr, AUT_PRIV);
+	ADD_U_INT16(dptr, type_len);
+	ADD_STRING(dptr, privtypestr, type_len);
+	ADD_U_INT16(dptr, priv_len);
+	ADD_STRING(dptr, privstr, priv_len);
+	return (t);
+}
+
 /*
 * token ID                1 byte
 * argument #              1 byte
@ -1204,9 +1255,9 @@ au_to_me(void)
 				auinfo.ai_asid, &auinfo.ai_termid));
 		} else {
 			/* getaudit_addr(2) failed for some other reason. */
-			return (NULL); 
+			return (NULL);
 		}
-	} 
+	}

 	return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
 		getgid(), getpid(), aia.ai_asid, &aia.ai_termid));
@ -1438,7 +1489,7 @@ au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
 	ADD_U_INT32(dptr, tm.tv_sec);
 	ADD_U_INT32(dptr, timems);      /* We need time in ms. */

-	return (t);   
+	return (t);
 }

 token_t *