From fdb4472c922529a63f0a510764a809b6e6b9dbbb Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Sat, 2 Sep 2006 09:37:14 +0000 Subject: [PATCH] Vendor import of OpenBSM 1.0 alpha 10, with the following changes: - auditd now generates complete audit records for its events, as required for application-submitted audit records in the the FreeBSD kernel audit implementation. This also restores contrib/openbsm/bsm/audit_record to the vendor version after the build fixes previously committed; however, this file is not used in the build. Obtained from: TrustedBSD Project --- contrib/openbsm/HISTORY | 8 +++++++- contrib/openbsm/bin/auditd/auditd.c | 27 ++++++++++++++++++++++++++- contrib/openbsm/bsm/audit_internal.h | 6 +++--- contrib/openbsm/bsm/audit_record.h | 4 ++-- contrib/openbsm/configure | 22 +++++++++++----------- contrib/openbsm/configure.ac | 4 ++-- 6 files changed, 51 insertions(+), 20 deletions(-) diff --git a/contrib/openbsm/HISTORY b/contrib/openbsm/HISTORY index 18b9dcae3d84..7b249ae63155 100644 --- a/contrib/openbsm/HISTORY +++ b/contrib/openbsm/HISTORY @@ -1,3 +1,9 @@ +OpenBSM 1.0 alpha 10 + +- auditd now generates complete audit records for its events, as required for + application-submitted audit records in the the FreeBSD kernel audit + implementation. + OpenBSM 1.0 alpha 9 - Rename many OpenBSM-specific constants and API elements containing the @@ -203,4 +209,4 @@ OpenBSM 1.0 alpha 1 to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/HISTORY#25 $ +$P4: //depot/projects/trustedbsd/openbsm/HISTORY#26 $ diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c index 39960810674c..838424e2bc7d 100644 --- a/contrib/openbsm/bin/auditd/auditd.c +++ b/contrib/openbsm/bin/auditd/auditd.c @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#17 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 $ */ #include @@ -366,6 +366,7 @@ read_control_file(void) static int close_all(void) { + struct auditinfo ai; int err_ret = 0; char TS[POSTFIX_LEN]; int aufd; @@ -378,6 +379,17 @@ close_all(void) else { if ((tok = au_to_text("auditd::Audit shutdown")) != NULL) au_write(aufd, tok); + /* + * XXX we need to implement extended subject tokens so we can + * effectively represent terminal lines with this token type. + */ + bzero(&ai, sizeof(ai)); + if ((tok = au_to_subject32(getuid(), geteuid(), getegid(), + getuid(), getgid(), getpid(), getpid(), &ai.ai_termid)) + != NULL) + au_write(aufd, tok); + if ((tok = au_to_return32(0, 0)) != NULL) + au_write(aufd, tok); if (au_close(aufd, 1, AUE_audit_shutdown) == -1) syslog(LOG_ERR, "Could not close audit shutdown event."); @@ -745,6 +757,7 @@ config_audit_controls(void) static void setup(void) { + struct auditinfo ai; auditinfo_t auinfo; int aufd; token_t *tok; @@ -781,8 +794,20 @@ setup(void) if ((aufd = au_open()) == -1) syslog(LOG_ERR, "Could not create audit startup event."); else { + /* + * XXXCSJP Perhaps we wan't more robust audit records for + * audit start up and shutdown. This might include capturing + * failures to initialize the audit subsystem? + */ + bzero(&ai, sizeof(ai)); + if ((tok = au_to_subject32(getuid(), geteuid(), getegid(), + getuid(), getgid(), getpid(), getpid(), &ai.ai_termid)) + != NULL) + au_write(aufd, tok); if ((tok = au_to_text("auditd::Audit startup")) != NULL) au_write(aufd, tok); + if ((tok = au_to_return32(0, 0)) != NULL) + au_write(aufd, tok); if (au_close(aufd, 1, AUE_audit_startup) == -1) syslog(LOG_ERR, "Could not close audit startup event."); diff --git a/contrib/openbsm/bsm/audit_internal.h b/contrib/openbsm/bsm/audit_internal.h index 97bafca6977f..b579c1b86232 100644 --- a/contrib/openbsm/bsm/audit_internal.h +++ b/contrib/openbsm/bsm/audit_internal.h @@ -34,7 +34,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#14 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#15 $ */ #ifndef _AUDIT_INTERNAL_H @@ -70,9 +70,9 @@ typedef struct au_record au_record_t; /* * We could determined the header and trailer sizes by defining appropriate - * structures. We hold off that approach until we have a consistant way of + * structures. We hold off that approach until we have a consistent way of * using structures for all tokens. This is not straightforward since these - * token structures may contain pointers of whose contents we dont know the + * token structures may contain pointers of whose contents we do not know the * size (e.g text tokens). */ #define AUDIT_HEADER_SIZE 18 diff --git a/contrib/openbsm/bsm/audit_record.h b/contrib/openbsm/bsm/audit_record.h index 13828309fd07..79d13c3c3c20 100644 --- a/contrib/openbsm/bsm/audit_record.h +++ b/contrib/openbsm/bsm/audit_record.h @@ -322,8 +322,8 @@ token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, token_t *au_to_exec_args(char *args, int argc); token_t *au_to_exec_env(char *envs, int envc); #else -token_t *au_to_exec_args(const char **argv); -token_t *au_to_exec_env(const char **envp); +token_t *au_to_exec_args(char **argv); +token_t *au_to_exec_env(char **envp); #endif token_t *au_to_text(char *text); token_t *au_to_kevent(struct kevent *kev); diff --git a/contrib/openbsm/configure b/contrib/openbsm/configure index c7e1c35403d7..c6394ade3025 100755 --- a/contrib/openbsm/configure +++ b/contrib/openbsm/configure @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#27 . +# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a9. +# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a10. # # Report bugs to . # @@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='OpenBSM' PACKAGE_TARNAME='openbsm' -PACKAGE_VERSION='1.0a9' -PACKAGE_STRING='OpenBSM 1.0a9' +PACKAGE_VERSION='1.0a10' +PACKAGE_STRING='OpenBSM 1.0a10' PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org' ac_unique_file="bin/auditreduce/auditreduce.c" @@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenBSM 1.0a9 to adapt to many kinds of systems. +\`configure' configures OpenBSM 1.0a10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1021,7 +1021,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenBSM 1.0a9:";; + short | recursive ) echo "Configuration of OpenBSM 1.0a10:";; esac cat <<\_ACEOF @@ -1162,7 +1162,7 @@ fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -OpenBSM configure 1.0a9 +OpenBSM configure 1.0a10 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenBSM $as_me 1.0a9, which was +It was created by OpenBSM $as_me 1.0a10, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -19278,7 +19278,7 @@ fi # Define the identity of the package. PACKAGE=OpenBSM - VERSION=1.0a9 + VERSION=1.0a10 cat >>confdefs.h <<_ACEOF @@ -23478,7 +23478,7 @@ _ASBOX } >&5 cat >&5 <<_CSEOF -This file was extended by OpenBSM $as_me 1.0a9, which was +This file was extended by OpenBSM $as_me 1.0a10, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23541,7 +23541,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -OpenBSM config.status 1.0a9 +OpenBSM config.status 1.0a10 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff --git a/contrib/openbsm/configure.ac b/contrib/openbsm/configure.ac index 9302b2a39456..cd708bedecca 100644 --- a/contrib/openbsm/configure.ac +++ b/contrib/openbsm/configure.ac @@ -2,8 +2,8 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([OpenBSM], [1.0a9], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) -AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 $]) +AC_INIT([OpenBSM], [1.0a10], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) +AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#29 $]) AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_HEADER([config/config.h])