Index: projects/ino64/contrib/openbsm/libbsm/bsm_wrappers.c =================================================================== --- projects/ino64/contrib/openbsm/libbsm/bsm_wrappers.c (revision 276114) +++ projects/ino64/contrib/openbsm/libbsm/bsm_wrappers.c (revision 276115) @@ -1,823 +1,825 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#32 $ */ #ifdef __APPLE__ #define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */ #endif #include #include #ifdef __APPLE__ #include /* Our bsm/audit.h doesn't include queue.h. */ #endif #include #include #include #include #include #include #include /* These are not advertised in libbsm.h */ int audit_set_terminal_port(dev_t *p); int audit_set_terminal_host(uint32_t *m); /* * General purpose audit submission mechanism for userspace. */ int audit_submit(short au_event, au_id_t auid, char status, int reterr, const char *fmt, ...) { char text[MAX_AUDITSTRING_LEN]; token_t *token; int acond; va_list ap; pid_t pid; int error, afd, subj_ex; struct auditinfo ai; struct auditinfo_addr aia; au_tid_t atid; if (audit_get_cond(&acond) != 0) { /* * If auditon(2) returns ENOSYS, then audit has not been * compiled into the kernel, so just return. */ if (errno == ENOSYS) return (0); error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", strerror(errno)); errno = error; return (-1); } if (acond == AUC_NOAUDIT) return (0); afd = au_open(); if (afd < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", strerror(errno)); errno = error; return (-1); } /* * Try to use getaudit_addr(2) first. If this kernel does not support * it, then fall back on to getaudit(2). */ subj_ex = 0; error = getaudit_addr(&aia, sizeof(aia)); if (error < 0 && errno == ENOSYS) { error = getaudit(&ai); if (error < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", strerror(errno)); errno = error; return (-1); } /* * Convert this auditinfo_t to an auditinfo_addr_t to make the * following code less complicated wrt to preselection and * subject token generation. */ aia.ai_auid = ai.ai_auid; aia.ai_mask = ai.ai_mask; aia.ai_asid = ai.ai_asid; aia.ai_termid.at_type = AU_IPv4; aia.ai_termid.at_addr[0] = ai.ai_termid.machine; aia.ai_termid.at_port = ai.ai_termid.port; } else if (error < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s", strerror(errno)); errno = error; return (-1); } /* * NB: We should be performing pre-selection here now that we have the * masks for this process. */ if (aia.ai_termid.at_type == AU_IPv6) subj_ex = 1; pid = getpid(); if (subj_ex == 0) { atid.port = aia.ai_termid.at_port; atid.machine = aia.ai_termid.at_addr[0]; token = au_to_subject32(auid, geteuid(), getegid(), getuid(), getgid(), pid, pid, &atid); } else token = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), getgid(), pid, pid, &aia.ai_termid); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: unable to build subject token"); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = EPERM; return (-1); } if (au_write(afd, token) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_write failed: %s", strerror(errno)); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = error; return (-1); } if (fmt != NULL) { va_start(ap, fmt); (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); va_end(ap); token = au_to_text(text); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: failed to generate text token"); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = EPERM; return (-1); } if (au_write(afd, token) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_write failed: %s", strerror(errno)); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = error; return (-1); } } token = au_to_return32(au_errno_to_bsm(status), reterr); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: unable to build return token"); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = EPERM; return (-1); } if (au_write(afd, token) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_write failed: %s", strerror(errno)); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = error; return (-1); } if (au_close(afd, AU_TO_WRITE, au_event) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); errno = error; return (-1); } return (0); } int audit_set_terminal_port(dev_t *p) { struct stat st; if (p == NULL) return (kAUBadParamErr); #ifdef NODEV *p = NODEV; #else *p = -1; #endif /* for /usr/bin/login, try fstat() first */ if (fstat(STDIN_FILENO, &st) != 0) { if (errno != EBADF) { syslog(LOG_ERR, "fstat() failed (%s)", strerror(errno)); return (kAUStatErr); } if (stat("/dev/console", &st) != 0) { syslog(LOG_ERR, "stat() failed (%s)", strerror(errno)); return (kAUStatErr); } } *p = st.st_rdev; return (kAUNoErr); } int audit_set_terminal_host(uint32_t *m) { #ifdef KERN_HOSTID int name[2] = { CTL_KERN, KERN_HOSTID }; size_t len; if (m == NULL) return (kAUBadParamErr); *m = 0; len = sizeof(*m); if (sysctl(name, 2, m, &len, NULL, 0) != 0) { syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno)); return (kAUSysctlErr); } return (kAUNoErr); #else *m = -1; return (kAUNoErr); #endif } int audit_set_terminal_id(au_tid_t *tid) { + dev_t port; int ret; if (tid == NULL) return (kAUBadParamErr); - if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr) + if ((ret = audit_set_terminal_port(&port)) != kAUNoErr) return (ret); + tid->port = port; return (audit_set_terminal_host(&tid->machine)); } /* * This is OK for those callers who have only one token to write. If you have * multiple tokens that logically form part of the same audit record, you need * to use the existing au_open()/au_write()/au_close() API: * * aufd = au_open(); * tok = au_to_random_token_1(...); * au_write(aufd, tok); * tok = au_to_random_token_2(...); * au_write(aufd, tok); * ... * au_close(aufd, AU_TO_WRITE, AUE_your_event_type); * * Assumes, like all wrapper calls, that the caller has previously checked * that auditing is enabled via the audit_get_state() call. * * XXX: Should be more robust against bad arguments. */ int audit_write(short event_code, token_t *subject, token_t *misctok, char retval, int errcode) { int aufd; char *func = "audit_write()"; token_t *rettok; if ((aufd = au_open()) == -1) { au_free_token(subject); au_free_token(misctok); syslog(LOG_ERR, "%s: au_open() failed", func); return (kAUOpenErr); } /* Save subject. */ if (subject && au_write(aufd, subject) == -1) { au_free_token(subject); au_free_token(misctok); (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: write of subject failed", func); return (kAUWriteSubjectTokErr); } /* Save the event-specific token. */ if (misctok && au_write(aufd, misctok) == -1) { au_free_token(misctok); (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: write of caller token failed", func); return (kAUWriteCallerTokErr); } /* Tokenize and save the return value. */ if ((rettok = au_to_return32(retval, errcode)) == NULL) { (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: au_to_return32() failed", func); return (kAUMakeReturnTokErr); } if (au_write(aufd, rettok) == -1) { au_free_token(rettok); (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: write of return code failed", func); return (kAUWriteReturnTokErr); } /* * We assume the caller wouldn't have bothered with this * function if it hadn't already decided to keep the record. */ if (au_close(aufd, AU_TO_WRITE, event_code) < 0) { syslog(LOG_ERR, "%s: au_close() failed", func); return (kAUCloseErr); } return (kAUNoErr); } /* * Same caveats as audit_write(). In addition, this function explicitly * assumes success; use audit_write_failure() on error. */ int audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { char *func = "audit_write_success()"; token_t *subject = NULL; /* Tokenize and save subject. */ subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); if (subject == NULL) { syslog(LOG_ERR, "%s: au_to_subject32() failed", func); return kAUMakeSubjectTokErr; } return (audit_write(event_code, subject, tok, 0, 0)); } /* * Same caveats as audit_write(). In addition, this function explicitly * assumes success; use audit_write_failure_self() on error. */ int audit_write_success_self(short event_code, token_t *tok) { token_t *subject; char *func = "audit_write_success_self()"; if ((subject = au_to_me()) == NULL) { syslog(LOG_ERR, "%s: au_to_me() failed", func); return (kAUMakeSubjectTokErr); } return (audit_write(event_code, subject, tok, 0, 0)); } /* * Same caveats as audit_write(). In addition, this function explicitly * assumes failure; use audit_write_success() otherwise. * * XXX This should let the caller pass an error return value rather than * hard-coding -1. */ int audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { char *func = "audit_write_failure()"; token_t *subject, *errtok; subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); if (subject == NULL) { syslog(LOG_ERR, "%s: au_to_subject32() failed", func); return (kAUMakeSubjectTokErr); } /* tokenize and save the error message */ if ((errtok = au_to_text(errmsg)) == NULL) { au_free_token(subject); syslog(LOG_ERR, "%s: au_to_text() failed", func); return (kAUMakeTextTokErr); } return (audit_write(event_code, subject, errtok, -1, errcode)); } /* * Same caveats as audit_write(). In addition, this function explicitly * assumes failure; use audit_write_success_self() otherwise. * * XXX This should let the caller pass an error return value rather than * hard-coding -1. */ int audit_write_failure_self(short event_code, char *errmsg, int errret) { char *func = "audit_write_failure_self()"; token_t *subject, *errtok; if ((subject = au_to_me()) == NULL) { syslog(LOG_ERR, "%s: au_to_me() failed", func); return (kAUMakeSubjectTokErr); } /* tokenize and save the error message */ if ((errtok = au_to_text(errmsg)) == NULL) { au_free_token(subject); syslog(LOG_ERR, "%s: au_to_text() failed", func); return (kAUMakeTextTokErr); } return (audit_write(event_code, subject, errtok, -1, errret)); } /* * For auditing errors during login. Such errors are implicitly * non-attributable (i.e., not ascribable to any user). * * Assumes, like all wrapper calls, that the caller has previously checked * that auditing is enabled via the audit_get_state() call. */ int audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid, uid_t egid, pid_t pid, au_tid_t *tid) { return (audit_write_failure(event_code, errmsg, errret, -1, euid, egid, -1, -1, pid, -1, tid)); } /* END OF au_write() WRAPPERS */ #ifdef __APPLE__ void audit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp, gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp, au_tid_t *tidp) { if (auidp != NULL) *auidp = (uid_t)atoken.val[0]; if (euidp != NULL) *euidp = (uid_t)atoken.val[1]; if (egidp != NULL) *egidp = (gid_t)atoken.val[2]; if (ruidp != NULL) *ruidp = (uid_t)atoken.val[3]; if (rgidp != NULL) *rgidp = (gid_t)atoken.val[4]; if (pidp != NULL) *pidp = (pid_t)atoken.val[5]; if (asidp != NULL) *asidp = (au_asid_t)atoken.val[6]; if (tidp != NULL) { audit_set_terminal_host(&tidp->machine); tidp->port = (dev_t)atoken.val[7]; } } #endif /* !__APPLE__ */ int audit_get_cond(int *cond) { int ret; ret = auditon(A_GETCOND, cond, sizeof(*cond)); #ifdef A_OLDGETCOND if ((0 != ret) && EINVAL == errno) { long lcond = *cond; ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond)); *cond = (int)lcond; } #endif return (ret); } int audit_set_cond(int *cond) { int ret; ret = auditon(A_SETCOND, cond, sizeof(*cond)); #ifdef A_OLDSETCOND if ((0 != ret) && (EINVAL == errno)) { long lcond = (long)*cond; ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond)); *cond = (int)lcond; } #endif return (ret); } int audit_get_policy(int *policy) { int ret; ret = auditon(A_GETPOLICY, policy, sizeof(*policy)); #ifdef A_OLDGETPOLICY if ((0 != ret) && (EINVAL == errno)){ long lpolicy = (long)*policy; ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy)); *policy = (int)lpolicy; } #endif return (ret); } int audit_set_policy(int *policy) { int ret; ret = auditon(A_SETPOLICY, policy, sizeof(*policy)); #ifdef A_OLDSETPOLICY if ((0 != ret) && (EINVAL == errno)){ long lpolicy = (long)*policy; ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy)); *policy = (int)lpolicy; } #endif return (ret); } int audit_get_qctrl(au_qctrl_t *qctrl, size_t sz) { int ret; if (sizeof(*qctrl) != sz) { errno = EINVAL; return (-1); } ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl)); #ifdef A_OLDGETQCTRL if ((0 != ret) && (EINVAL == errno)){ struct old_qctrl { size_t oq_hiwater; size_t oq_lowater; size_t oq_bufsz; clock_t oq_delay; int oq_minfree; } oq; oq.oq_hiwater = (size_t)qctrl->aq_hiwater; oq.oq_lowater = (size_t)qctrl->aq_lowater; oq.oq_bufsz = (size_t)qctrl->aq_bufsz; oq.oq_delay = (clock_t)qctrl->aq_delay; oq.oq_minfree = qctrl->aq_minfree; ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq)); qctrl->aq_hiwater = (int)oq.oq_hiwater; qctrl->aq_lowater = (int)oq.oq_lowater; qctrl->aq_bufsz = (int)oq.oq_bufsz; qctrl->aq_delay = (int)oq.oq_delay; qctrl->aq_minfree = oq.oq_minfree; } #endif /* A_OLDGETQCTRL */ return (ret); } int audit_set_qctrl(au_qctrl_t *qctrl, size_t sz) { int ret; if (sizeof(*qctrl) != sz) { errno = EINVAL; return (-1); } ret = auditon(A_SETQCTRL, qctrl, sz); #ifdef A_OLDSETQCTRL if ((0 != ret) && (EINVAL == errno)) { struct old_qctrl { size_t oq_hiwater; size_t oq_lowater; size_t oq_bufsz; clock_t oq_delay; int oq_minfree; } oq; oq.oq_hiwater = (size_t)qctrl->aq_hiwater; oq.oq_lowater = (size_t)qctrl->aq_lowater; oq.oq_bufsz = (size_t)qctrl->aq_bufsz; oq.oq_delay = (clock_t)qctrl->aq_delay; oq.oq_minfree = qctrl->aq_minfree; ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq)); qctrl->aq_hiwater = (int)oq.oq_hiwater; qctrl->aq_lowater = (int)oq.oq_lowater; qctrl->aq_bufsz = (int)oq.oq_bufsz; qctrl->aq_delay = (int)oq.oq_delay; qctrl->aq_minfree = oq.oq_minfree; } #endif /* A_OLDSETQCTRL */ return (ret); } int audit_send_trigger(int *trigger) { return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger))); } int audit_get_kaudit(auditinfo_addr_t *aia, size_t sz) { if (sizeof(*aia) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETKAUDIT, aia, sz)); } int audit_set_kaudit(auditinfo_addr_t *aia, size_t sz) { if (sizeof(*aia) != sz) { errno = EINVAL; return (-1); } return (auditon(A_SETKAUDIT, aia, sz)); } int audit_get_class(au_evclass_map_t *evc_map, size_t sz) { if (sizeof(*evc_map) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETCLASS, evc_map, sz)); } int audit_set_class(au_evclass_map_t *evc_map, size_t sz) { if (sizeof(*evc_map) != sz) { errno = EINVAL; return (-1); } return (auditon(A_SETCLASS, evc_map, sz)); } int audit_get_kmask(au_mask_t *kmask, size_t sz) { if (sizeof(*kmask) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETKMASK, kmask, sz)); } int audit_set_kmask(au_mask_t *kmask, size_t sz) { if (sizeof(*kmask) != sz) { errno = EINVAL; return (-1); } return (auditon(A_SETKMASK, kmask, sz)); } int audit_get_fsize(au_fstat_t *fstat, size_t sz) { if (sizeof(*fstat) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETFSIZE, fstat, sz)); } int audit_set_fsize(au_fstat_t *fstat, size_t sz) { if (sizeof(*fstat) != sz) { errno = EINVAL; return (-1); } return (auditon(A_SETFSIZE, fstat, sz)); } int audit_set_pmask(auditpinfo_t *api, size_t sz) { if (sizeof(*api) != sz) { errno = EINVAL; return (-1); } return (auditon(A_SETPMASK, api, sz)); } int audit_get_pinfo(auditpinfo_t *api, size_t sz) { if (sizeof(*api) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETPINFO, api, sz)); } int audit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz) { if (sizeof(*apia) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETPINFO_ADDR, apia, sz)); } int audit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz) { if (sizeof(*aia) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETSINFO_ADDR, aia, sz)); } int audit_get_stat(au_stat_t *stats, size_t sz) { if (sizeof(*stats) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETSTAT, stats, sz)); } int audit_set_stat(au_stat_t *stats, size_t sz) { if (sizeof(*stats) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETSTAT, stats, sz)); } int audit_get_cwd(char *path, size_t sz) { return (auditon(A_GETCWD, path, sz)); } int audit_get_car(char *path, size_t sz) { return (auditon(A_GETCAR, path, sz)); } Index: projects/ino64/sys/bsm/audit.h =================================================================== --- projects/ino64/sys/bsm/audit.h (revision 276114) +++ projects/ino64/sys/bsm/audit.h (revision 276115) @@ -1,328 +1,328 @@ /*- * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#10 * $FreeBSD$ */ #ifndef _BSM_AUDIT_H #define _BSM_AUDIT_H #include #include #define AUDIT_RECORD_MAGIC 0x828a0f1b #define MAX_AUDIT_RECORDS 20 #define MAXAUDITDATA (0x8000 - 1) #define MAX_AUDIT_RECORD_SIZE MAXAUDITDATA #define MIN_AUDIT_FILE_SIZE (512 * 1024) /* * Minimum noumber of free blocks on the filesystem containing the audit * log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0 * as the kernel does an unsigned compare, plus we want to leave a few blocks * free so userspace can terminate the log, etc. */ #define AUDIT_HARD_LIMIT_FREE_BLOCKS 4 /* * Triggers for the audit daemon. */ #define AUDIT_TRIGGER_MIN 1 #define AUDIT_TRIGGER_LOW_SPACE 1 /* Below low watermark. */ #define AUDIT_TRIGGER_ROTATE_KERNEL 2 /* Kernel requests rotate. */ #define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */ #define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */ #define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */ #define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests rotate. */ #define AUDIT_TRIGGER_INITIALIZE 7 /* User initialize of auditd. */ #define AUDIT_TRIGGER_EXPIRE_TRAILS 8 /* User expiration of trails. */ #define AUDIT_TRIGGER_MAX 8 /* * The special device filename (FreeBSD). */ #define AUDITDEV_FILENAME "audit" #define AUDIT_TRIGGER_FILE ("/dev/" AUDITDEV_FILENAME) /* * Pre-defined audit IDs */ #define AU_DEFAUDITID (uid_t)(-1) #define AU_DEFAUDITSID 0 #define AU_ASSIGN_ASID -1 /* * IPC types. */ #define AT_IPC_MSG ((u_char)1) /* Message IPC id. */ #define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */ #define AT_IPC_SHM ((u_char)3) /* Shared mem IPC id. */ /* * Audit conditions. */ #define AUC_UNSET 0 #define AUC_AUDITING 1 #define AUC_NOAUDIT 2 #define AUC_DISABLED -1 /* * auditon(2) commands. */ #define A_OLDGETPOLICY 2 #define A_OLDSETPOLICY 3 #define A_GETKMASK 4 #define A_SETKMASK 5 #define A_OLDGETQCTRL 6 #define A_OLDSETQCTRL 7 #define A_GETCWD 8 #define A_GETCAR 9 #define A_GETSTAT 12 #define A_SETSTAT 13 #define A_SETUMASK 14 #define A_SETSMASK 15 #define A_OLDGETCOND 20 #define A_OLDSETCOND 21 #define A_GETCLASS 22 #define A_SETCLASS 23 #define A_GETPINFO 24 #define A_SETPMASK 25 #define A_SETFSIZE 26 #define A_GETFSIZE 27 #define A_GETPINFO_ADDR 28 #define A_GETKAUDIT 29 #define A_SETKAUDIT 30 #define A_SENDTRIGGER 31 #define A_GETSINFO_ADDR 32 #define A_GETPOLICY 33 #define A_SETPOLICY 34 #define A_GETQCTRL 35 #define A_SETQCTRL 36 #define A_GETCOND 37 #define A_SETCOND 38 /* * Audit policy controls. */ #define AUDIT_CNT 0x0001 #define AUDIT_AHLT 0x0002 #define AUDIT_ARGV 0x0004 #define AUDIT_ARGE 0x0008 #define AUDIT_SEQ 0x0010 #define AUDIT_WINDATA 0x0020 #define AUDIT_USER 0x0040 #define AUDIT_GROUP 0x0080 #define AUDIT_TRAIL 0x0100 #define AUDIT_PATH 0x0200 #define AUDIT_SCNT 0x0400 #define AUDIT_PUBLIC 0x0800 #define AUDIT_ZONENAME 0x1000 #define AUDIT_PERZONE 0x2000 /* * Default audit queue control parameters. */ #define AQ_HIWATER 100 #define AQ_MAXHIGH 10000 #define AQ_LOWATER 10 #define AQ_BUFSZ MAXAUDITDATA #define AQ_MAXBUFSZ 1048576 /* * Default minimum percentage free space on file system. */ #define AU_FS_MINFREE 20 /* * Type definitions used indicating the length of variable length addresses * in tokens containing addresses, such as header fields. */ #define AU_IPv4 4 #define AU_IPv6 16 __BEGIN_DECLS typedef uid_t au_id_t; typedef pid_t au_asid_t; typedef u_int16_t au_event_t; typedef u_int16_t au_emod_t; typedef u_int32_t au_class_t; typedef u_int64_t au_asflgs_t __attribute__ ((aligned (8))); struct au_tid { - dev_t port; + u_int32_t port; /* XXX dev_t compatibility */ u_int32_t machine; }; typedef struct au_tid au_tid_t; struct au_tid_addr { - dev_t at_port; + u_int32_t at_port; /* XXX dev_t compatibility */ u_int32_t at_type; u_int32_t at_addr[4]; }; typedef struct au_tid_addr au_tid_addr_t; struct au_mask { unsigned int am_success; /* Success bits. */ unsigned int am_failure; /* Failure bits. */ }; typedef struct au_mask au_mask_t; struct auditinfo { au_id_t ai_auid; /* Audit user ID. */ au_mask_t ai_mask; /* Audit masks. */ au_tid_t ai_termid; /* Terminal ID. */ au_asid_t ai_asid; /* Audit session ID. */ }; typedef struct auditinfo auditinfo_t; struct auditinfo_addr { au_id_t ai_auid; /* Audit user ID. */ au_mask_t ai_mask; /* Audit masks. */ au_tid_addr_t ai_termid; /* Terminal ID. */ au_asid_t ai_asid; /* Audit session ID. */ au_asflgs_t ai_flags; /* Audit session flags. */ }; typedef struct auditinfo_addr auditinfo_addr_t; struct auditpinfo { pid_t ap_pid; /* ID of target process. */ au_id_t ap_auid; /* Audit user ID. */ au_mask_t ap_mask; /* Audit masks. */ au_tid_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ }; typedef struct auditpinfo auditpinfo_t; struct auditpinfo_addr { pid_t ap_pid; /* ID of target process. */ au_id_t ap_auid; /* Audit user ID. */ au_mask_t ap_mask; /* Audit masks. */ au_tid_addr_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ au_asflgs_t ap_flags; /* Audit session flags. */ }; typedef struct auditpinfo_addr auditpinfo_addr_t; struct au_session { auditinfo_addr_t *as_aia_p; /* Ptr to full audit info. */ au_mask_t as_mask; /* Process Audit Masks. */ }; typedef struct au_session au_session_t; /* * Contents of token_t are opaque outside of libbsm. */ typedef struct au_token token_t; /* * Kernel audit queue control parameters: * Default: Maximum: * aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000) * aq_lowater: AQ_LOWATER (10) mach_port_name_t audit_session_self(void); au_asid_t audit_session_join(mach_port_name_t port); #endif /* __APPLE_API_PRIVATE */ #endif /* defined(_KERNEL) || defined(KERNEL) */ __END_DECLS #endif /* !_BSM_AUDIT_H */ Index: projects/ino64/sys/security/audit/audit_private.h =================================================================== --- projects/ino64/sys/security/audit/audit_private.h (revision 276114) +++ projects/ino64/sys/security/audit/audit_private.h (revision 276115) @@ -1,431 +1,431 @@ /*- * Copyright (c) 1999-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * * $FreeBSD$ */ /* * This include file contains function prototypes and type definitions used * within the audit implementation. */ #ifndef _SECURITY_AUDIT_PRIVATE_H_ #define _SECURITY_AUDIT_PRIVATE_H_ #ifndef _KERNEL #error "no user-serviceable parts inside" #endif #include #include #include #include #ifdef MALLOC_DECLARE MALLOC_DECLARE(M_AUDITBSM); MALLOC_DECLARE(M_AUDITDATA); MALLOC_DECLARE(M_AUDITPATH); MALLOC_DECLARE(M_AUDITTEXT); MALLOC_DECLARE(M_AUDITGIDSET); #endif /* * Audit control variables that are usually set/read via system calls and * used to control various aspects of auditing. */ extern struct au_qctrl audit_qctrl; extern struct audit_fstat audit_fstat; extern struct au_mask audit_nae_mask; extern int audit_panic_on_write_fail; extern int audit_fail_stop; extern int audit_argv; extern int audit_arge; /* * Success/failure conditions for the conversion of a kernel audit record to * BSM format. */ #define BSM_SUCCESS 0 #define BSM_FAILURE 1 #define BSM_NOAUDIT 2 /* * Defines for the kernel audit record k_ar_commit field. Flags are set to * indicate what sort of record it is, and which preselection mechanism * selected it. */ #define AR_COMMIT_KERNEL 0x00000001U #define AR_COMMIT_USER 0x00000010U #define AR_PRESELECT_TRAIL 0x00001000U #define AR_PRESELECT_PIPE 0x00002000U #define AR_PRESELECT_USER_TRAIL 0x00004000U #define AR_PRESELECT_USER_PIPE 0x00008000U /* * Audit data is generated as a stream of struct audit_record structures, * linked by struct kaudit_record, and contain storage for possible audit so * that it will not need to be allocated during the processing of a system * call, both improving efficiency and avoiding sleeping at untimely moments. * This structure is converted to BSM format before being written to disk. */ struct vnode_au_info { mode_t vn_mode; uid_t vn_uid; gid_t vn_gid; - dev_t vn_dev; - long vn_fsid; - long vn_fileid; + u_int32_t vn_dev; /* XXX dev_t compatibility */ + long vn_fsid; /* XXX uint64_t compatibility */ + long vn_fileid; /* XXX ino_t compatibility */ long vn_gen; }; struct groupset { gid_t *gidset; u_int gidset_size; }; struct socket_au_info { int so_domain; int so_type; int so_protocol; in_addr_t so_raddr; /* Remote address if INET socket. */ in_addr_t so_laddr; /* Local address if INET socket. */ u_short so_rport; /* Remote port. */ u_short so_lport; /* Local port. */ }; /* * The following is used for A_OLDSETQCTRL and AU_OLDGETQCTRL and a 64-bit * userland. */ struct au_qctrl64 { u_int64_t aq64_hiwater; u_int64_t aq64_lowater; u_int64_t aq64_bufsz; u_int64_t aq64_delay; u_int64_t aq64_minfree; }; typedef struct au_qctrl64 au_qctrl64_t; union auditon_udata { char *au_path; int au_cond; int au_flags; int au_policy; int au_trigger; int64_t au_cond64; int64_t au_policy64; au_evclass_map_t au_evclass; au_mask_t au_mask; auditinfo_t au_auinfo; auditpinfo_t au_aupinfo; auditpinfo_addr_t au_aupinfo_addr; au_qctrl_t au_qctrl; au_qctrl64_t au_qctrl64; au_stat_t au_stat; au_fstat_t au_fstat; auditinfo_addr_t au_kau_info; }; struct posix_ipc_perm { uid_t pipc_uid; gid_t pipc_gid; mode_t pipc_mode; }; struct audit_record { /* Audit record header. */ u_int32_t ar_magic; int ar_event; int ar_retval; /* value returned to the process */ int ar_errno; /* return status of system call */ struct timespec ar_starttime; struct timespec ar_endtime; u_int64_t ar_valid_arg; /* Bitmask of valid arguments */ /* Audit subject information. */ struct xucred ar_subj_cred; uid_t ar_subj_ruid; gid_t ar_subj_rgid; gid_t ar_subj_egid; uid_t ar_subj_auid; /* Audit user ID */ pid_t ar_subj_asid; /* Audit session ID */ pid_t ar_subj_pid; struct au_tid ar_subj_term; struct au_tid_addr ar_subj_term_addr; struct au_mask ar_subj_amask; /* Operation arguments. */ uid_t ar_arg_euid; uid_t ar_arg_ruid; uid_t ar_arg_suid; gid_t ar_arg_egid; gid_t ar_arg_rgid; gid_t ar_arg_sgid; pid_t ar_arg_pid; pid_t ar_arg_asid; struct au_tid ar_arg_termid; struct au_tid_addr ar_arg_termid_addr; uid_t ar_arg_uid; uid_t ar_arg_auid; gid_t ar_arg_gid; struct groupset ar_arg_groups; int ar_arg_fd; int ar_arg_atfd1; int ar_arg_atfd2; int ar_arg_fflags; mode_t ar_arg_mode; - int ar_arg_dev; + int ar_arg_dev; /* XXX dev_t compatibility */ long ar_arg_value; void *ar_arg_addr; int ar_arg_len; int ar_arg_mask; u_int ar_arg_signum; char ar_arg_login[MAXLOGNAME]; int ar_arg_ctlname[CTL_MAXNAME]; struct socket_au_info ar_arg_sockinfo; char *ar_arg_upath1; char *ar_arg_upath2; char *ar_arg_text; struct au_mask ar_arg_amask; struct vnode_au_info ar_arg_vnode1; struct vnode_au_info ar_arg_vnode2; int ar_arg_cmd; int ar_arg_svipc_cmd; struct ipc_perm ar_arg_svipc_perm; int ar_arg_svipc_id; void *ar_arg_svipc_addr; struct posix_ipc_perm ar_arg_pipc_perm; union auditon_udata ar_arg_auditon; char *ar_arg_argv; int ar_arg_argc; char *ar_arg_envv; int ar_arg_envc; int ar_arg_exitstatus; int ar_arg_exitretval; struct sockaddr_storage ar_arg_sockaddr; cap_rights_t ar_arg_rights; uint32_t ar_arg_fcntl_rights; char ar_jailname[MAXHOSTNAMELEN]; }; /* * Arguments in the audit record are initially not defined; flags are set to * indicate if they are present so they can be included in the audit log * stream only if defined. */ #define ARG_EUID 0x0000000000000001ULL #define ARG_RUID 0x0000000000000002ULL #define ARG_SUID 0x0000000000000004ULL #define ARG_EGID 0x0000000000000008ULL #define ARG_RGID 0x0000000000000010ULL #define ARG_SGID 0x0000000000000020ULL #define ARG_PID 0x0000000000000040ULL #define ARG_UID 0x0000000000000080ULL #define ARG_AUID 0x0000000000000100ULL #define ARG_GID 0x0000000000000200ULL #define ARG_FD 0x0000000000000400ULL #define ARG_POSIX_IPC_PERM 0x0000000000000800ULL #define ARG_FFLAGS 0x0000000000001000ULL #define ARG_MODE 0x0000000000002000ULL #define ARG_DEV 0x0000000000004000ULL #define ARG_ADDR 0x0000000000008000ULL #define ARG_LEN 0x0000000000010000ULL #define ARG_MASK 0x0000000000020000ULL #define ARG_SIGNUM 0x0000000000040000ULL #define ARG_LOGIN 0x0000000000080000ULL #define ARG_SADDRINET 0x0000000000100000ULL #define ARG_SADDRINET6 0x0000000000200000ULL #define ARG_SADDRUNIX 0x0000000000400000ULL #define ARG_TERMID_ADDR 0x0000000000400000ULL #define ARG_UNUSED2 0x0000000001000000ULL #define ARG_UPATH1 0x0000000002000000ULL #define ARG_UPATH2 0x0000000004000000ULL #define ARG_TEXT 0x0000000008000000ULL #define ARG_VNODE1 0x0000000010000000ULL #define ARG_VNODE2 0x0000000020000000ULL #define ARG_SVIPC_CMD 0x0000000040000000ULL #define ARG_SVIPC_PERM 0x0000000080000000ULL #define ARG_SVIPC_ID 0x0000000100000000ULL #define ARG_SVIPC_ADDR 0x0000000200000000ULL #define ARG_GROUPSET 0x0000000400000000ULL #define ARG_CMD 0x0000000800000000ULL #define ARG_SOCKINFO 0x0000001000000000ULL #define ARG_ASID 0x0000002000000000ULL #define ARG_TERMID 0x0000004000000000ULL #define ARG_AUDITON 0x0000008000000000ULL #define ARG_VALUE 0x0000010000000000ULL #define ARG_AMASK 0x0000020000000000ULL #define ARG_CTLNAME 0x0000040000000000ULL #define ARG_PROCESS 0x0000080000000000ULL #define ARG_MACHPORT1 0x0000100000000000ULL #define ARG_MACHPORT2 0x0000200000000000ULL #define ARG_EXIT 0x0000400000000000ULL #define ARG_IOVECSTR 0x0000800000000000ULL #define ARG_ARGV 0x0001000000000000ULL #define ARG_ENVV 0x0002000000000000ULL #define ARG_ATFD1 0x0004000000000000ULL #define ARG_ATFD2 0x0008000000000000ULL #define ARG_RIGHTS 0x0010000000000000ULL #define ARG_FCNTL_RIGHTS 0x0020000000000000ULL #define ARG_NONE 0x0000000000000000ULL #define ARG_ALL 0xFFFFFFFFFFFFFFFFULL #define ARG_IS_VALID(kar, arg) ((kar)->k_ar.ar_valid_arg & (arg)) #define ARG_SET_VALID(kar, arg) do { \ (kar)->k_ar.ar_valid_arg |= (arg); \ } while (0) #define ARG_CLEAR_VALID(kar, arg) do { \ (kar)->k_ar.ar_valid_arg &= ~(arg); \ } while (0) /* * In-kernel version of audit record; the basic record plus queue meta-data. * This record can also have a pointer set to some opaque data that will be * passed through to the audit writing mechanism. */ struct kaudit_record { struct audit_record k_ar; u_int32_t k_ar_commit; void *k_udata; /* User data. */ u_int k_ulen; /* User data length. */ struct uthread *k_uthread; /* Audited thread. */ TAILQ_ENTRY(kaudit_record) k_q; }; TAILQ_HEAD(kaudit_queue, kaudit_record); /* * Functions to manage the allocation, release, and commit of kernel audit * records. */ void audit_abort(struct kaudit_record *ar); void audit_commit(struct kaudit_record *ar, int error, int retval); struct kaudit_record *audit_new(int event, struct thread *td); /* * Functions relating to the conversion of internal kernel audit records to * the BSM file format. */ struct au_record; int kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau); int bsm_rec_verify(void *rec); /* * Kernel versions of the libbsm audit record functions. */ void kau_free(struct au_record *rec); void kau_init(void); /* * Return values for pre-selection and post-selection decisions. */ #define AU_PRS_SUCCESS 1 #define AU_PRS_FAILURE 2 #define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) /* * Data structures relating to the kernel audit queue. Ideally, these might * be abstracted so that only accessor methods are exposed. */ extern struct mtx audit_mtx; extern struct cv audit_watermark_cv; extern struct cv audit_worker_cv; extern struct kaudit_queue audit_q; extern int audit_q_len; extern int audit_pre_q_len; extern int audit_in_failure; /* * Flags to use on audit files when opening and closing. */ #define AUDIT_OPEN_FLAGS (FWRITE | O_APPEND) #define AUDIT_CLOSE_FLAGS (FWRITE | O_APPEND) #include #include #include /* * Some of the BSM tokenizer functions take different parameters in the * kernel implementations in order to save the copying of large kernel data * structures. The prototypes of these functions are declared here. */ token_t *kau_to_socket(struct socket_au_info *soi); /* * audit_klib prototypes */ int au_preselect(au_event_t event, au_class_t class, au_mask_t *mask_p, int sorf); void au_evclassmap_init(void); void au_evclassmap_insert(au_event_t event, au_class_t class); au_class_t au_event_class(au_event_t event); au_event_t audit_ctlname_to_sysctlevent(int name[], uint64_t valid_arg); au_event_t audit_flags_and_error_to_openevent(int oflags, int error); au_event_t audit_flags_and_error_to_openatevent(int oflags, int error); au_event_t audit_msgctl_to_event(int cmd); au_event_t audit_semctl_to_event(int cmr); void audit_canon_path(struct thread *td, int dirfd, char *path, char *cpath); au_event_t auditon_command_event(int cmd); /* * Audit trigger events notify user space of kernel audit conditions * asynchronously. */ void audit_trigger_init(void); int audit_send_trigger(unsigned int trigger); /* * Accessor functions to manage global audit state. */ void audit_set_kinfo(struct auditinfo_addr *); void audit_get_kinfo(struct auditinfo_addr *); /* * General audit related functions. */ struct kaudit_record *currecord(void); void audit_free(struct kaudit_record *ar); void audit_shutdown(void *arg, int howto); void audit_rotate_vnode(struct ucred *cred, struct vnode *vp); void audit_worker_init(void); /* * Audit pipe functions. */ int audit_pipe_preselect(au_id_t auid, au_event_t event, au_class_t class, int sorf, int trail_select); void audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, int sorf, int trail_select, void *record, u_int record_len); void audit_pipe_submit_user(void *record, u_int record_len); #endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */