diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2006-06-05 13:13:02 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2006-06-05 13:13:02 +0000 |
commit | 4b6d6bcffdcd30ec5367cb499f444c1f0de628fb (patch) | |
tree | 8dfaa941086154c1a2552f542d80d84c698c2fb0 /sys/security | |
parent | d3778141bfead36fdcb604af77639d0c5b591d1a (diff) | |
download | src-4b6d6bcffdcd30ec5367cb499f444c1f0de628fb.tar.gz src-4b6d6bcffdcd30ec5367cb499f444c1f0de628fb.zip |
Merge OpenBSM 1.0 alpha 6 changes for BSM token creation to
src/sys/security/audit:
- Clarify and clean up AUR_ types to match Solaris.
- Clean up use of host vs. network byte order for IP addresses.
- Remove combined user/kernel implementations of some token creation
calls, such as au_to_file(), header calls, etc.
Obtained from: TrustedBSD Project
Notes
Notes:
svn path=/head/; revision=159259
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/audit/audit_bsm.c | 2 | ||||
-rw-r--r-- | sys/security/audit/audit_bsm_token.c | 102 |
2 files changed, 35 insertions, 69 deletions
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index 25d49a3b6022..a87bb2450fcc 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -122,7 +122,7 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event) /* Create the header token */ tm.tv_usec = ctime->tv_nsec / 1000; tm.tv_sec = ctime->tv_sec; - hdr = au_to_header32(tot_rec_size, event, 0, tm); + hdr = au_to_header32_tm(tot_rec_size, event, 0, tm); TAILQ_INSERT_HEAD(&rec->token_q, hdr, tokens); trail = au_to_trailer(tot_rec_size); diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c index 31e7d0fa656c..23a9c7cb7908 100644 --- a/sys/security/audit/audit_bsm_token.c +++ b/sys/security/audit/audit_bsm_token.c @@ -30,12 +30,13 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#9 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#15 $ * $FreeBSD$ */ #include <sys/types.h> #include <sys/endian.h> +#include <sys/queue.h> #include <sys/socket.h> #include <sys/time.h> @@ -208,6 +209,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p) /* Determine the size of the basic unit. */ switch (unit_type) { case AUR_BYTE: + /* case AUR_CHAR: */ datasize = AUR_BYTE_SIZE; break; @@ -215,8 +217,13 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p) datasize = AUR_SHORT_SIZE; break; - case AUR_LONG: - datasize = AUR_LONG_SIZE; + case AUR_INT32: + /* case AUR_INT: */ + datasize = AUR_INT32_SIZE; + break; + + case AUR_INT64: + datasize = AUR_INT64_SIZE; break; default: @@ -225,7 +232,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p) totdata = datasize * unit_count; - GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char)); + GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); ADD_U_CHAR(dptr, AUT_DATA); ADD_U_CHAR(dptr, unit_print); @@ -299,10 +306,10 @@ au_to_in_addr(struct in_addr *internet_addr) token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_IN_ADDR); - ADD_U_INT32(dptr, internet_addr->s_addr); + ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); return (t); } @@ -319,11 +326,11 @@ au_to_in_addr_ex(struct in6_addr *internet_addr) u_char *dptr = NULL; u_int32_t type = AF_INET6; - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); ADD_U_INT32(dptr, type); - ADD_MEM(dptr, internet_addr, sizeof(*internet_addr)); + ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t)); return (t); } @@ -463,24 +470,12 @@ au_to_opaque(char *data, u_int16_t bytes) * file pathname N bytes + 1 terminating NULL byte */ token_t * -#if defined(KERNEL) || defined(_KERNEL) au_to_file(char *file, struct timeval tm) -#else -au_to_file(char *file) -#endif { token_t *t; u_char *dptr = NULL; u_int16_t filelen; u_int32_t timems; -#if !defined(KERNEL) && !defined(_KERNEL) - struct timeval tm; - struct timezone tzp; - - if (gettimeofday(&tm, &tzp) == -1) - return (NULL); -#endif - /* XXXRW: else ...? */ filelen = strlen(file); filelen += 1; @@ -578,7 +573,7 @@ au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); - ADD_U_INT32(dptr, tid->machine); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } @@ -822,19 +817,26 @@ au_to_sock_inet32(struct sockaddr_in *so) { token_t *t; u_char *dptr = NULL; + uint16_t family; - GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + - sizeof(u_int32_t)); + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + + sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_SOCKINET32); /* - * In Darwin, sin_family is one octet, but BSM defines the token - * to store two. So we copy in a 0 first. + * BSM defines the family field as 16 bits, but many operating + * systems have an 8-bit sin_family field. Extend to 16 bits before + * writing into the token. Assume that both the port and the address + * in the sockaddr_in are already in network byte order, but family + * is in local byte order. + * + * XXXRW: Should a name space conversion be taking place on the value + * of sin_family? */ - ADD_U_CHAR(dptr, 0); - ADD_U_CHAR(dptr, so->sin_family); - ADD_U_INT16(dptr, so->sin_port); - ADD_U_INT32(dptr, so->sin_addr.s_addr); + family = so->sin_family; + ADD_U_INT16(dptr, family); + ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); + ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); return (t); @@ -858,7 +860,7 @@ au_to_sock_inet128(struct sockaddr_in6 *so) ADD_U_CHAR(dptr, so->sin6_family); ADD_U_INT16(dptr, so->sin6_port); - ADD_MEM(dptr, &so->sin6_addr, sizeof(so->sin6_addr)); + ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); return (t); @@ -902,7 +904,7 @@ au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); - ADD_U_INT32(dptr, tid->machine); + ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } @@ -1088,24 +1090,12 @@ au_to_exec_env(const char **env) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * -#if defined(KERNEL) || defined(_KERNEL) -au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod, +au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm) -#else -au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) -#endif { token_t *t; u_char *dptr = NULL; u_int32_t timems; -#if !defined(KERNEL) && !defined(_KERNEL) - struct timeval tm; - struct timezone tzp; - - if (gettimeofday(&tm, &tzp) == -1) - return (NULL); -#endif - /* XXXRW: else ...? */ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); @@ -1124,30 +1114,6 @@ au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) return (t); } -token_t * -au_to_header64(__unused int rec_size, __unused au_event_t e_type, - __unused au_emod_t e_mod) -{ - - return (NULL); -} - -token_t * -#if defined(KERNEL) || defined(_KERNEL) -au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod, - struct timeval tm) -{ - - return (au_to_header32(rec_size, e_type, e_mod, tm)); -} -#else -au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) -{ - - return (au_to_header32(rec_size, e_type, e_mod)); -} -#endif - /* * token ID 1 byte * trailer magic number 2 bytes |