Index: head/contrib/openbsm/.travis.yml =================================================================== --- head/contrib/openbsm/.travis.yml (nonexistent) +++ head/contrib/openbsm/.travis.yml (revision 292432) @@ -0,0 +1,18 @@ +language: c + +compiler: + - clang + - gcc + +os: + - linux + - osx + +before_install: + - if [ $TRAVIS_OS_NAME == "linux" ]; then + sudo apt-get -qq update; + sudo apt-get -qq install byacc flex; + elif [ $TRAVIS_OS_NAME == "osx" ]; then + brew update; + brew install byacc flex; + fi Property changes on: head/contrib/openbsm/.travis.yml ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: head/contrib/openbsm/INSTALL =================================================================== --- head/contrib/openbsm/INSTALL (revision 292431) +++ head/contrib/openbsm/INSTALL (revision 292432) @@ -1,40 +1,40 @@ OpenBSM Build and Installation Instructions OpenBSM is currently built using autoconf and automake, which should allow for building on a range of operating systems, including FreeBSD, Mac OS X, and Linux. Some components are built only if appropriate kernel audit -suppport is found. Typical builds will be performed using: +support is found. Typical builds will be performed using: ./configure make If doing development work on OpenBSM with gcc, the following invocation of configure is preferred in order to generate full compiler warnings and force the compile to fail if a warning is found: CFLAGS="-Wall -Werror" ./configure On Linux systems, OpenSSL headers may have to be installed to support encryption of on-the-wire audit streams using auditdistd; the following appears to work on Ubuntu: sudo apt-get install libssl-dev To install the library, binaries, and man pages, use: make install The OpenBSM install will not install files in /etc; these have to be manually installed or merged. Currently, the locations of these files are not configurable. You may wish to specify that the OpenBSM components not be installed in the base system, rather in a specific directory. This may be done using the --prefix argument to configure. If installing to a specific directory, -remember to update your library path so that running tools from that +remember to update your library path so that when running tools from that directory the correct libbsm is used: ./configure --prefix=/home/rwatson/openbsm make make install LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH Index: head/contrib/openbsm/LICENSE =================================================================== --- head/contrib/openbsm/LICENSE (revision 292431) +++ head/contrib/openbsm/LICENSE (revision 292432) @@ -1,38 +1,36 @@ OpenBSM Copyrights and Licensing OpenBSM is covered by a number of copyrights, with licenses being either two or three clause BSD licenses. Individual file headers should be consulted for copyrights on specific elements of the distribution. The following copyright and license are asserted over the OpenBSM distribution as a whole: Copyright (c) 2005-2012 Robert N.M. Watson All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The TrustedBSD Project would appreciate the contribution of fixes and enhancements under an identical license in order to avoid potentially confusing license proliferation. - -$P4: //depot/projects/trustedbsd/openbsm/LICENSE#6 $ Index: head/contrib/openbsm/Makefile.am =================================================================== --- head/contrib/openbsm/Makefile.am (revision 292431) +++ head/contrib/openbsm/Makefile.am (revision 292432) @@ -1,27 +1,23 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/Makefile.am#5 $ -## - SUBDIRS = \ bsm if HAVE_AUDIT_SYSCALLS SUBDIRS += \ libauditd endif SUBDIRS += \ libbsm \ bin \ man \ modules \ sys ACLOCAL_AMFLAGS = -I m4 EXTRA_DIST = \ CHANGELOG \ LICENSE \ README \ TODO \ VERSION Index: head/contrib/openbsm/Makefile.in =================================================================== --- head/contrib/openbsm/Makefile.in (revision 292431) +++ head/contrib/openbsm/Makefile.in (revision 292432) @@ -1,777 +1,777 @@ # Makefile.in generated by automake 1.12.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2012 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_AUDIT_SYSCALLS_TRUE@am__append_1 = \ @HAVE_AUDIT_SYSCALLS_TRUE@ libauditd subdir = . DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/config/config.guess \ $(top_srcdir)/config/config.h.in \ $(top_srcdir)/config/config.sub \ $(top_srcdir)/config/install-sh $(top_srcdir)/config/ltmain.sh \ $(top_srcdir)/config/missing $(top_srcdir)/configure INSTALL \ - NEWS TODO config/config.guess config/config.sub config/depcomp \ - config/install-sh config/ltmain.sh config/missing \ - config/ylwrap + NEWS TODO config/compile config/config.guess config/config.sub \ + config/depcomp config/install-sh config/ltmain.sh \ + config/missing config/ylwrap ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ cscope distdir dist dist-all distcheck ETAGS = etags CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = bsm libauditd libbsm bin man modules sys DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best DIST_TARGETS = dist-gzip distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MIG = @MIG@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = bsm $(am__append_1) libbsm bin man modules sys ACLOCAL_AMFLAGS = -I m4 EXTRA_DIST = \ CHANGELOG \ LICENSE \ README \ TODO \ VERSION all: all-recursive .SUFFIXES: am--refresh: Makefile @: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): config/config.h: config/stamp-h1 @if test ! -f $@; then rm -f config/stamp-h1; else :; fi @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) config/stamp-h1; else :; fi config/stamp-h1: $(top_srcdir)/config/config.h.in $(top_builddir)/config.status @rm -f config/stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status config/config.h $(top_srcdir)/config/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) rm -f config/stamp-h1 touch $@ distclean-hdr: -rm -f config/config.h config/stamp-h1 mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs distclean-libtool: -rm -f libtool config.lt # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(RECURSIVE_TARGETS) $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done cscopelist-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) cscopelist); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscope: cscope.files test ! -s cscope.files \ || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) clean-cscope: -rm -f cscope.files cscope.files: clean-cscope cscopelist-recursive cscopelist cscopelist: cscopelist-recursive $(HEADERS) $(SOURCES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files distdir: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 $(am__post_remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz $(am__post_remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__post_remove_distdir) dist dist-all: $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir); chmod u+w $(distdir) mkdir $(distdir)/_build mkdir $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @test -n '$(distuninstallcheck_dir)' || { \ echo 'ERROR: trying to run $@ with an empty' \ '$$(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ $(am__cd) '$(distuninstallcheck_dir)' || { \ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -f Makefile distclean-am: clean-am distclean-generic distclean-hdr \ distclean-libtool distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) \ cscopelist-recursive ctags-recursive install-am install-strip \ tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am am--refresh check check-am clean clean-cscope \ clean-generic clean-libtool cscope cscopelist \ cscopelist-recursive ctags ctags-recursive dist dist-all \ dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ dist-xz \ dist-zip distcheck distclean distclean-generic distclean-hdr \ distclean-libtool distclean-tags distcleancheck distdir \ distuninstallcheck dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ installdirs-am maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags tags-recursive uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: Index: head/contrib/openbsm/NEWS =================================================================== --- head/contrib/openbsm/NEWS (revision 292431) +++ head/contrib/openbsm/NEWS (revision 292432) @@ -1,498 +1,507 @@ OpenBSM Version History +OpenBSM 1.2 alpha 4 + +- Fix praudit to emit correct XML. +- Fix auditdistd bugs related to IPv6 support, locking, and a kqueue-related + descriptor leak. +- Add audit event definitions for Capsicum-related syscalls, as well as + AUE_BINDAT and AUE_CONNECTAT. +- Manpage symlinks for all libbsm functions are installed again after the + move to autotools in OpenBSM 1.0 Alpha 5. +- A variety of minor documentation cleanups. + OpenBSM 1.2 alpha 3 - Various minor tweaks to the auditdistd build to make it fit the FreeBSD build environment better. - AUE_WAIT6 merged from FreeBSD 9. OpenBSM 1.2 alpha 2 - auditdistd, a distributed audit trail management daemon, has now been merged. This allows trail files to be securely and reliably synced from audited hosts to an audit server, and employs TLS encryption. Where available, it uses Capsicum to sandbox the service. This work was contributed by Pawel Jakub Dawidek under sponsorship from the FreeBSD Foundation. OpenBSM 1.2 alpha 1 - Add Capsicum-related error numbers for FreeBSD: ENOTCAPABLE, ECAPMODE. - Add Capsicum, process descriptor audit events for FreeBSD. - Allow 0% minspace. - Fixes from the clang static analyser. - Fix expiration of trail files when the host parameter is used. - Various typo fixes. - Support for Solaris privilege and privilege set tokens. - Documentation for getachost(), improvements for getacfilesz(). - Fix a directory descriptor leak that happened when audit trail partitions filled. - Support for more Linux distributions with a partial contemporary endian.h. - Improved escaping of XML-encapsulated BSM. - A variety of minor documentation, style, and functional. OpenBSM 1.1p2 - Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC. - Fix build on Linux. - Fix printing of class masks in the audump tool. OpenBSM 1.1p1 - Fixes to AUT_SOCKUNIX token parsing. - IPv6 support for au_to_me(3). - Improved robustness in the parsing of audit_control, especially long flags/naflags strings and whitespace in all fields. - Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM error number space. OpenBSM 1.1 - Change auditon(2) parameters and data structures to be 32/64-bit architecture independent. Add more information to man page about auditon(2) parameters. - Add wrapper functions for auditon(2) to use legacy commands when the new commands are not supported. - Add default for 'expire-after' in audit_control to expire trail files when the audit directory is more than 10 megabytes ('10M'). - Interface to convert between local and BSM fcntl(2) command values has been added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with definitions of constants in audit_fcntl.h. - A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens generated by audit_submit(3) were improperly encoded has been fixed. - Fix example in audit_submit(3) man page. Also, make it clear that we want the audit ID as the argument. - A new audit event class 'aa', for post-login authentication and authorization events, has been added. OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens. OpenBSM 1.1 alpha 5 - Stub libauditd(3) man page added. - All BSM error number constants with BSM_ERRNO_. - Interfaces to convert between local and BSM socket types and protocol families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3), au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions of constants in audit_domain.h and audit_socket_type.h. This improves interoperability by converting local constant spaces, which vary by OS, to and from Solaris constants (where available) or OpenBSM constants for protocol domains not present in Solaris (a fair number). These routines should be used when generating and interpreting extended socket tokens. - Fix build warnings with full gcc warnings enabled on most supported platforms. - Don't compile error strings into bsm_errno.c when building it in the kernel environment. - When started by launchd, use the label com.apple.auditd rather than org.trustedbsd.auditd. OpenBSM 1.1 alpha 4 - With the addition of BSM error number mapping, we also need to map the local error number passed to audit_submit(3) to a BSM error number, rather than have the caller perform that conversion. - Reallocate user audit events to avoid collisions with Solaris; adopt a more formal allocation scheme, and add some events allocated in Solaris that will be of immediate use on other platforms. - Add an event for Calife. - Add au_strerror(3), which allows generating strings for BSM errors directly, rather than requiring applications to map to the local error space, which might not be able to entirely represent the BSM error number space. - Major auditd rewrite for launchd(8) support. Add libauditd library that is shared between launchd and auditd. - Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for (re)starting auditing under launchd(8) on Mac OS X. - Add 'current' symlink to active audit trail. - Add crash recovery of previous audit trail file when detected on audit startup that it has not been properly terminated. - Add the event AUE_audit_recovery to indicated when an audit trail file has been recovered from not being properly terminated. This event is stored in the new audit trail file and includes the path of recovered audit trail file. - Mac OS X and FreeBSD dependent code in auditd.c is separated into auditd_darwin.c and auditd_fbsd.c files. - Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system calls. - For Mac OS X, we use ASL(3) instead of syslog(3) for logging. - Add support for NOTICE level logging. OpenBSM 1.1 alpha 3 - Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map between BSM error numbers (largely the Solaris definitions) and local errno(2) values for 32-bit and 64-bit return tokens. This is required as operating systems don't agree on some of the values of more recent error numbers. - Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the total size for the token. This bug resulted in "unknown" tokens being printed after the exec args/env tokens. - Support for AUT_SOCKET_EX extended socket tokens, which describe a socket using a pair of IPv4/IPv6 and port tuples. - OpenBSM BSM file header version bumped for 1.1 release. - Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed. OpenBSM 1.1 alpha 2 - Include files in OpenBSM are now broken out into two parts: library builds required solely for user space, and system includes, which may also be required for use in the kernels of systems integrating OpenBSM. Submitted by Stacey Son. - Configure option --with-native-includes allows forcing the use of native include for system includes, rather than the versions bundled with OpenBSM. This is intended specifically for platforms that ship OpenBSM, have adapted versions of the system includes in a kernel source tree, and will use the OpenBSM build infrastructure with an unmodified OpenBSM distribution, allowing the customized system includes to be used with the OpenBSM build. Submitted by Stacey Son. - Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s or asprintf(). Added compat/strlcpy.h for Linux. - Remove compatibility defines for old Darwin token constant names; now only BSM token names are provided and used. - Add support for extended header tokens, which contain space for information on the host generating the record. - Add support for setting extended host information in the kernel, which is used for setting host information in extended header tokens. The audit_control file now supports a "host" parameter which can be used by auditd to set the information; if not present, the kernel parameters won't be set and auditd uses unextended headers for records that it generates. OpenBSM 1.1 alpha 1 - Add option to auditreduce(1) which allows users to invert sense of matching, such that BSM records that do not match, are selected. - Fix bug in audit_write() where we commit an incomplete record in the event there is an error writing the subject token. This was submitted by Diego Giagio. - Build support for Mac OS X 10.5.1 submitted by Eric Hall. - Fix a bug which resulted in host XML attributes not being printed while processing extended header tokens. This patch was submitted by Martin Voros. - Constification of function arguments so that const strings can be passed as arguments to tokens. This patch was submitted by Xin LI. - Modify the -m option so users can select more then one audit event. - For Mac OS X, added Mach IPC support for audit trigger messages. - Fixed a bug in getacna() which resulted in a locking problem on Mac OS X. - Added LOG_PERROR flag to openlog when -d option is used with auditd. - AUE events added for Mac OS X Leopard system calls. OpenBSM 1.0 - Fix bug in auditreduce(1) which resulted in a memory fault/crash when the user specified an event name with -m. - Remove AU_.* hard-coded audit class constants, as audit classes are now entirely dynamically configured using /etc/security/audit_class. OpenBSM 1.0 alpha 15 - Fix bug when processing in_addr_ex tokens. - Restore the behavior of printing the string/text specified while auditing arg32 tokens. - Synchronized audit event list to Solaris, picking up the *at(2) system call definitions, now required for FreeBSD and Linux. Added additional events for *at(2) system calls not present in Solaris. - Bugs in auditreduce(1) fixed allowing partial date strings to be used in filtering events. OpenBSM 1.0 alpha 14 - Fix endian issues when processing IPv6 addresses for extended subject and process tokens. - gcc41 warnings clean. - Teach audit_submit(3) about getaudit_addr(2). - Add support for zonename tokens. OpenBSM 1.0 alpha 13 - compat/clock_gettime.h now provides a compatibility implementation of clock_gettime(), which fixes building on Mac OS X. - Countless man page improvements, markup fixes, content fixs, etc. - XML printing support via "praudit -x". - audit.log.5 expanded to include additional BSM token types. - Added encoding and decoding routines for process64_ex, process32_ex, subject32_ex, header64, and attr64 tokens. - Additional audit event identifiers for listen, mlockall/munlockall, getpath, POSIX message queues, and mandatory access control. OpenBSM 1.0 alpha 12 - Correct bug in auditreduce which prevented the -c option from working correctly when the user specifies to process successful or failed events. The problem stemmed from not having access to the return token at the time the initial preselection occurred, but now a second preselection process occurs while processing the return token. - getacfilesz(3) API added to read new audit_control(5) filesz setting, which auditd(8) now sets the kernel audit trail rotation size to. - auditreduce(1) now uses stdin if no file names are specified on the command line; this was the documented behavior previously, but it was not implemented. Be more specific in auditreduce(1)'s examples section about what might be done with the output of auditreduce. - Add audit_warn(5) closefile event so that administrators can hook termination of an audit trail file. For example, this might be used to compress the trail file after it is closed. - auditreduce(1) now uses regular expressions for pathname matching. Users can now supply one or more (comma delimited) regular expressions for searching the pathnames. If one of the regular expressions is prefixed with a tilde (~), and a path matches, it will be excluded from the search results. OpenBSM 1.0 alpha 11 - Reclassify certain read/write operations as having no class rather than the fr/fw class; our default classes audit intent (open) not operations (read, write). - Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads and writes of sysctls as separate events. Add additional kernel environment and jail events for FreeBSD. - Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued by the kernel audit implementation) so that they can be distinguished. - Disable rate limiting of rotate requests; as the kernel doesn't retransmit a dropped request, the log file will otherwise grow indefinitely if the trigger is dropped. - Improve auditd debugging output. - Fix a number of threading related bugs in audit_control file reading routines. - Add APIs au_poltostr() and au_strtopol() to convert between text representations of audit_control policy flags and the flags passed to auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY). - Add API getacpol() to return the 'policy:' entry from audit_control, an extension to the Solaris file format to allow specification of policy persistent flags. - Update audump to print the audit_control policy field. - Update auditd to read the audit_control policy field and set the kernel policy to match it when configuring/reconfiguring. Remove the -s and -h arguments as these policies are now set via the configuration file. If a policy line is not found in the configuration file, continue with the current default of setting AUDIT_CNT. - Fix bugs in the parsing of large execve(2) arguments and environmental variable tokens; increase maximum parsed argument and variable count. - configure now detects strlcat(), used by policy-related functions. - Reference token and record sample files added to test tree. OpenBSM 1.0 alpha 10 - auditd now generates complete audit records for its events, as required for application-submitted audit records in the FreeBSD kernel audit implementation. OpenBSM 1.0 alpha 9 - Rename many OpenBSM-specific constants and API elements containing the strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true for almost all existing constants and APIs. - Instead of passing a per-instance cookie directly into all audit filter APIs, pass in the audit filter daemon state pointer, which is then used by the module using an audit_filter_{get,set}cookie() API. This will allow future service APIs provided by the filter daemon to maintain their own state -- for example, per-module preselection state. OpenBSM 1.0 alpha 8 - Correct typo in definition of AUR_INT. - Adopt OpenSolaris constant values for AUDIT_* configuration flags. - Arguments to au_to_exec_args() and au_to_exec_env() no longer const. - Add kernel versions of au_to_exec_args() and au_to_exec_env(). - Fix exec argument type that is printed for env strings from 'arg' to 'env'. - New OpenBSM token version number assigned, constants added for other commonly seen version numbers. - OpenBSM-specific events assigned numbers in the 43xxx range to avoid future collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they are now deprecated numberings. - autoconf now detects clock_gettime(), which is not available on Darwin. - praudit output fixes relating to arg32 and arg64 tokens. - Maximum record size updated to 64k-1 to match Solaris record size limit. - Various style and comment cleanups in include files. OpenBSM 1.0 alpha 7 - Adopted Solaris-compatible format for subject32_ex and subject64_ex tokens, which previously did not correctly implement variable length address storage. - Prefer inttypes.h to stdint.h; enhance queue.h detection to test for TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not older ones. OpenBSM now builds on some FreeBSD 4.x versions. - New event types for extended attributes, ACLs, and scheduling. OpenBSM 1.0 alpha 6 - Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close(); previously we used hard-coded 0 and 1 values. - Add man page for au_open(), au_write(), au_close(), and au_close_buffer(). - Support a more complete range of data types for the arbitrary data token: add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias to AUR_INT), add AUR_INT64. - Add au_close_token(), which allows writing a single token_t to a memory buffer. Not likely to be used much by applications, but useful for writing test tools. - Modify au_to_file() so that it accepts a timeval in user space, not just kernel -- this is not a Solaris BSM API so can be modified without causing compatibility issues. - Define a new API, au_to_header32_tm(), which adds a struct timeval argument to the ordinary au_to_header32(), which is now implemented by wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL the APIs that invoke gettimeofday(), rather than having a variable definition. Don't try to retrieve time zone information using gettimeofday(), as it's not needed, and introduces possible failure modes. - Don't perform byte order transformations on the addr/machine fields of the terminal ID that appears in the process32/subject32 tokens. These are assumed to be IP addresses, and as such, to be in network byte order. - Universally, APIs now assume that IP addresses and ports are provided in network byte order. APIs now generally provide these types in network byte order when decoding. - Beginnings of an OpenBSM test framework can now be found in openbsm/test. This code is not built or installed by default. - auditd now assigns more appropriate syslog levels to its debugging and error information. - Support for audit filters introduced: audit filters are dynamically loaded shared objects that run in the context of a new daemon, auditfilterd. The daemon reads from an audit pipe and feeds both BSM and parsed versions of records to shared objects using a module API. This will provide a framework for the writing of intrusion detection services. - New utility API, audit_submit(), added to capture common elements of audit record submission for many applications. OpenBSM 1.0 alpha 5 - Update install notes to indicate /etc files are to be installed manually. - On systems without LOG_SECURITY, use LOG_AUTH. - Convert to autoconf/automake in order to move to a more portable (not BSD-specific) build infrastructure, and more easy conditional building of components. Currently, the primary feature loss is that automake does not have native support for manual symlinks. This will be addressed in a future OpenBSM release. - Add compat/queue.h, to be used on systems dated BSD queue macro libraries (as found on Linux). - Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the existing conventions for a CHANGELOG. - Some private data structures moved from audit.h to audit_internal.h to prevent inappropriate use by applications and name space pollution. - Improved detection and use of endian macros using autoconf. - Avoid non-portable use of struct in6_addr, which is largely opaque. - Avoid leaking BSD kernel socket related token code to user space in bsm_token.c. - Teach System V IPC calls to look for Linux naming variations for certain struct ipc_perm fields. - Test for audit system calls, and if not present, don't build bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on those system calls. - au_close() is not implemented on systems that don't have audit system calls, but au_close_buffer() is. - Work around missing BSDisms in bsm_wrapper.c. - Fix nested includes so including libbsm.h in an application on Linux picks up the necessary definitions. OpenBSM 1.0 alpha 4 - Remove "audit" user example from audit_user, as it's not present on most systems. - Add cannot_audit() function non-Darwin systems that wraps auditon(); required by OpenSSH BSM support. Convert Darwin cannot_audit() into a function rather than a macro. - Library build fixed on Darwin following include file tweaks. The native Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so for now we force bsm_wrappers.c to not perform a nested include of sys/audit.h. OpenBSM 1.0 alpha 3 - Man page formatting, cross reference, mlinks, and accuracy improvements. - auditd and tools now compile and run on FreeBSD/arm. - auditd will now fchown() the trail file to the audit review group, if defined at compile-time. - Added AUE_SYSARCH for FreeBSD. - Definition of AUE_SETFSGID fixed for Linux. OpenBSM 1.0 alpha 2 - Man page formatting improvements. - A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b events. - Remove 'tfm' class, unused in OpenBSM. OpenBSM 1.0 alpha 1 - Import of Darwin74 BSM drop - Use 'syslog' for audit log warnings, rather than echoing to a file in audit_warn. - Compile using BSD make infrastructure. - Integrate bsm/ include files from Darwin74 XNU drop into OpenBSM. - Narrow set of symbols and defines that are exposed in user space: don't compile in code relying on kernel-only types such as 'struct socket'. - Add README, including basic build documentation. - Compilation of Apple-specific notify and Machroutines now #ifdef __APPLE__. - Staticize libbsm global variables to avoid leakage into applications. - Add free_au_user_ent() so that au_user_ent's don't have to be leaked. - Clean up bogus nul-termination checks in libbsm. - Add libbsm API man pages: au_class.3 au_control.3 au_event.3 au_free_token.3 au_io.3 au_mask.3 au_token.3 au_user.3 libbsm.3. - Add man pages for BSM system calls: audit.2 auditctl.2 auditon.2 getaudit.2 getauid.2 setaudit.2 setauid.2 - Modify various libbsm interfaces to more consistently return 'errno' values on failure. - Break out au_close() into constituent parts, allowing records to be written to memory as well as files. - Prefix various defines with 'BSM_' to reduce name space pollution. - Added audit_internal.h, which can be used by a kernel audit implementation wanting to rely on libbsm components. - Build with warnings, and eliminate warnings. - Make libbsm endian-independent, storing and reading BSM are big endian (network byte order) rather than native byte order. More consistently print IP addresses using the IP address print routine. These changes make use of sys/endian.h from *BSD; since this isn't present on Darwin, add it to OpenBSM as compat/endian.h, which is used only on Darwin. - Import of Darwin80 BSM drop, including 64-bit file IDs, better documentation of private APIs, and bug fixes. - White space cleanup. - Add audit.log.5, a first cut at a man page documenting the BSM file format. - Teach au_read_rec() to recognize stand-alone file tokens, which are present at the beginning and end of Solaris audit trails. Technically, these appear to violate the high level BSM spec, which suggests that all tokens are present in records, but need to be supported. - Implement HEADER64, ATTR64, SUBJECT64 token types, which make it possible to run praudit(1) on basic Solaris BSM streams. - Switched to Solaris spelling of token names; Darwin spellings are now deprecated and will be removed in a future version of OpenBSM. - Adopt Solaris model for representing IPv4 and IPv6 addresses. - Prefer C99 types. - Attempt to universally adopt the BSD style(9) coding style for consistency. - auditreduce(1) now has a usage message. - Update support for auditctl(2) system call to support FreeBSD. - Add support for /dev/audit as the trigger source on FreeBSD. - Add additional event types for Darwin, FreeBSD, and Solaris. Annotate conflicts (there are a few, unfortunately). Correct spellings, comment, sort, etc. These include {get,set}res[ug]id(), sendfile(), lchflags(), eaccess(), kqueue(), kevent(), poll(), lchmod(). - Relicensed under a BSD license, many thanks to Apple, Inc! - Many bug fixes, cleanups, thread safety in the class, control, event, and user system audit databases. Annotate some persisting atomicity bugs associated with the API and implementation. - Add audump test tool. - Adopt OpenSolaris BSM API memory semantics: caller allocates memory, or static memory is returned for non-_r() versions of API calls. _free() calls dropped as a result, and source code compatibility with OpenSolaris improved significantly. - Annotate BSM events with origin OS and compatibility information. - auditd(8), audit(8) added to the OpenBSM distribution. auditd extended to support reloading of kernel event table. - Allow comments in /etc/security configuration files. - -$P4: //depot/projects/trustedbsd/openbsm/NEWS#55 $ Index: head/contrib/openbsm/README =================================================================== --- head/contrib/openbsm/README (revision 292431) +++ head/contrib/openbsm/README (revision 292432) @@ -1,68 +1,66 @@ -OpenBSM 1.2a2 +OpenBSM Introduction OpenBSM is an open source implementation of Sun's BSM event auditing file format and API. Originally created for Apple Computer by McAfee Research, OpenBSM is now maintained by volunteers and through the generous contribution of several organizations. OpenBSM includes several command line tools, including auditreduce(8) and praudit(8) for reducing and printing audit trails, as well as the libbsm(3) library to manage configuration files, generate audit records, and parse and -print audit trils. +print audit trails. Coupled with a kernel audit implementation, OpenBSM can be used to maintain system audit streams, and is a foundation for a full audit-enabled system. Portions of OpenBSM, including include files and token-building routines, are reusable in a kernel audit implementation, and may be found in the FreeBSD and Mac OS X kernels. Contents OpenBSM consists of several directories: bin/ Audit-related command line tools bsm/ Library include files for BSM compat/ Compatibility code to build on various operating systems etc/ Sample /etc/security configuration files libauditd Common audit management functions for auditd and launchd libbsm/ Implementation of BSM library interfaces and man pages man/ System call and configuration file man pages modules/ Directory for auditfilterd module source sys/ System include files for BSM test/ Test token sets and geneneration program tools/ Tool directory, including audump to dump databases The following programs are included with OpenBSM: audit Command line audit control tool auditd Audit management daemon auditdistd Audit trail distribution daemon auditfilterd Experimental event monitoring framework auditreduce Audit trail reduction tool audump Debugging tool to parse and print audit databases praudit Tool to print audit trails Build and Installation Please see the file INSTALL for build and installation instructions. Contributions The TrustedBSD Project would appreciate the contribution of bug fixes, enhancements, etc, under identically or substantially similar licenses to those present on the remainder of the OpenBSM source code. Please see the file CREDITS to learn more about who has contributed to the project. Location Information on OpenBSM may be found on the OpenBSM home page: http://www.OpenBSM.org/ Information on TrustedBSD may be found on the TrustedBSD home page: http://www.TrustedBSD.org/ - -$P4: //depot/projects/trustedbsd/openbsm/README#41 $ Index: head/contrib/openbsm/TODO =================================================================== --- head/contrib/openbsm/TODO (revision 292431) +++ head/contrib/openbsm/TODO (revision 292432) @@ -1,27 +1,23 @@ OpenBSM TODO - Build a regression test suite for libbsm that generates each token type and then compares the results with known good data. Make sure to test that things work properly with respect to endianness of the local platform. - Document contents of libbsm "public" data structures in libbsm man pages. - The audit.log.5 man page is incomplete, as it does not describe all token types. -- With the move to autoconf/automake, man page symlinks are no longer - installed. This needs to be fixed. - It might be desirable to be able to provide EOPNOTSUPP system call stubs on systems that don't have the necessary audit system calls; that would allow the full libbsm and tool set to build, just not run. - Teach praudit how to begin printing at any point in a token stream, not just at the beginning of a record. This will make it easier to use praudit in test suites processing single-token files without header and trailer context. - Document audit_warn event arguments. - Allow the path /etc/security to be configured at configure-time so that alternative locations can be used. - NLS support for au_strerror(3), which provides error strings for BSM errors not available on the local OS platform. - Support for client certificates in auditdistd, to include certificate chain validation. - -$P4: //depot/projects/trustedbsd/openbsm/TODO#14 $ Index: head/contrib/openbsm/VERSION =================================================================== --- head/contrib/openbsm/VERSION (revision 292431) +++ head/contrib/openbsm/VERSION (revision 292432) @@ -1 +1 @@ -OPENBSM_1_2_alpha3 +OPENBSM_1_2_alpha4 Index: head/contrib/openbsm/autogen.sh =================================================================== --- head/contrib/openbsm/autogen.sh (revision 292431) +++ head/contrib/openbsm/autogen.sh (revision 292432) @@ -1,10 +1,7 @@ #!/bin/sh -# -# $P4: //depot/projects/trustedbsd/openbsm/autogen.sh#2 $ -# libtoolize --copy --force aclocal autoheader automake -a -c --foreign autoconf Index: head/contrib/openbsm/bin/Makefile.am =================================================================== --- head/contrib/openbsm/bin/Makefile.am (revision 292431) +++ head/contrib/openbsm/bin/Makefile.am (revision 292432) @@ -1,15 +1,11 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.am#4 $ -## - SUBDIRS = \ auditdistd \ auditfilterd \ auditreduce \ praudit if HAVE_AUDIT_SYSCALLS SUBDIRS += \ audit \ auditd endif Index: head/contrib/openbsm/bin/audit/Makefile.am =================================================================== --- head/contrib/openbsm/bin/audit/Makefile.am (revision 292431) +++ head/contrib/openbsm/bin/audit/Makefile.am (revision 292432) @@ -1,23 +1,19 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#7 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif sbin_PROGRAMS = audit audit_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = audit.8 if USE_MACH_IPC audit_SOURCES = auditd_controlUser.c audit.c CLEANFILES = auditd_controlUser.c auditd_control.h auditd_controlUser.c auditd_control.h: $(top_srcdir)/bin/auditd/auditd_control.defs $(MIG) -user auditd_controlUser.c -header auditd_control.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs else audit_SOURCES = audit.c endif Index: head/contrib/openbsm/bin/audit/audit.8 =================================================================== --- head/contrib/openbsm/bin/audit/audit.8 (revision 292431) +++ head/contrib/openbsm/bin/audit/audit.8 (revision 292432) @@ -1,107 +1,105 @@ .\" Copyright (c) 2004-2009 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY .\" EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED .\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE .\" DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY .\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES .\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND .\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#16 $ -.\" -.Dd January 29, 2009 +.Dd July 25, 2015 .Dt AUDIT 8 .Os .Sh NAME .Nm audit .Nd audit management utility .Sh SYNOPSIS .Nm .Fl e | i | n | s | t .Sh DESCRIPTION The .Nm utility controls the state of the audit system. One of the following flags is required as an argument to .Nm : .Bl -tag -width indent .It Fl e Forces the audit system to immediately remove audit log files that meet the expiration criteria specified in the audit control file without doing a log rotation. .It Fl i Initializes and starts auditing. This option is currently for Mac OS X only and requires .Xr auditd 8 to be configured to run under .Xr launchd 8 . .It Fl n Forces the audit system to close the existing audit log file and rotate to a new log file in a location specified in the audit control file. Also, audit log files that meet the expiration criteria specified in the audit control file will be removed. .It Fl s Specifies that the audit system should [re]synchronize its configuration from the audit control file. A new log file will be created. .It Fl t Specifies that the audit system should terminate. Log files are closed and renamed to indicate the time of the shutdown. .El .Sh NOTES The .Xr auditd 8 daemon must already be running. Optionally, it can be configured to be started on-demand by .Xr launchd 8 (Mac OS X only). The .Nm utility requires audit administrator privileges for successful operation. .Sh FILES .Bl -tag -width ".Pa /etc/security/audit_control" -compact .It Pa /etc/security/audit_control Audit policy file used to configure the auditing system. .El .Sh SEE ALSO .Xr audit 4 , .Xr audit_control 5 , .Xr auditd 8 , -.Xr launchd 8 +.Xr launchd 8 (Mac OS X) .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/bin/audit/audit.c =================================================================== --- head/contrib/openbsm/bin/audit/audit.c (revision 292431) +++ head/contrib/openbsm/bin/audit/audit.c (revision 292432) @@ -1,181 +1,179 @@ /*- * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#15 $ */ /* * Program to trigger the audit daemon with a message that is either: * - Open a new audit log file * - Read the audit control file and take action on it * - Close the audit log file and exit * */ #include #include #ifdef HAVE_FULL_QUEUE_H #include #else /* !HAVE_FULL_QUEUE_H */ #include #endif /* !HAVE_FULL_QUEUE_H */ #include #include #include #include #include #include #include static int send_trigger(int); #ifdef USE_MACH_IPC #include #include #include #include #include #include #include #include "auditd_control.h" /* * XXX The following are temporary until these can be added to the kernel * audit.h header. */ #ifndef AUDIT_TRIGGER_INITIALIZE #define AUDIT_TRIGGER_INITIALIZE 7 #endif #ifndef AUDIT_TRIGGER_EXPIRE_TRAILS #define AUDIT_TRIGGER_EXPIRE_TRAILS 8 #endif static int send_trigger(int trigger) { mach_port_t serverPort; kern_return_t error; error = host_get_audit_control_port(mach_host_self(), &serverPort); if (error != KERN_SUCCESS) { if (geteuid() != 0) { errno = EPERM; perror("audit requires root privileges"); } else mach_error("Cannot get auditd_control Mach port:", error); return (-1); } error = auditd_control(serverPort, trigger); if (error != KERN_SUCCESS) { mach_error("Error sending trigger: ", error); return (-1); } return (0); } #else /* ! USE_MACH_IPC */ static int send_trigger(int trigger) { int error; error = audit_send_trigger(&trigger); if (error != 0) { if (error == EPERM) perror("audit requires root privileges"); else perror("Error sending trigger"); return (-1); } return (0); } #endif /* ! USE_MACH_IPC */ static void usage(void) { (void)fprintf(stderr, "Usage: audit -e | -i | -n | -s | -t \n"); exit(-1); } /* * Main routine to process command line options. */ int main(int argc, char **argv) { int ch; unsigned int trigger = 0; if (argc != 2) usage(); while ((ch = getopt(argc, argv, "einst")) != -1) { switch(ch) { case 'e': trigger = AUDIT_TRIGGER_EXPIRE_TRAILS; break; case 'i': trigger = AUDIT_TRIGGER_INITIALIZE; break; case 'n': trigger = AUDIT_TRIGGER_ROTATE_USER; break; case 's': trigger = AUDIT_TRIGGER_READ_FILE; break; case 't': trigger = AUDIT_TRIGGER_CLOSE_AND_DIE; break; case '?': default: usage(); break; } } if (send_trigger(trigger) < 0) exit(-1); printf("Trigger sent.\n"); exit (0); } Index: head/contrib/openbsm/bin/auditd/Makefile.am =================================================================== --- head/contrib/openbsm/bin/auditd/Makefile.am (revision 292431) +++ head/contrib/openbsm/bin/auditd/Makefile.am (revision 292432) @@ -1,26 +1,22 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#6 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif sbin_PROGRAMS = auditd auditd_LDADD = $(top_builddir)/libbsm/libbsm.la $(top_builddir)/libauditd/libauditd.la man8_MANS = auditd.8 if USE_MACH_IPC auditd_SOURCES = auditd_controlServer.c audit_triggersServer.c audit_warn.c auditd.c auditd_darwin.c CLEANFILES = auditd_control_server.c auditd_controlServer.h audit_triggersServer.c audit_triggersServer.h auditd_controlServer.c auditd_controlServer.h: auditd_control.defs $(MIG) -user /dev/null -header /dev/null -server auditd_controlServer.c -sheader auditd_controlServer.h $(top_srcdir)/bin/auditd/auditd_control.defs audit_triggersServer.c audit_triggersServer.h: audit_triggers.defs $(MIG) -user /dev/null -header /dev/null -server audit_triggersServer.c -sheader audit_triggersServer.h $(top_srcdir)/bin/auditd/audit_triggers.defs else auditd_SOURCES = audit_warn.c auditd.c auditd_fbsd.c endif Index: head/contrib/openbsm/bin/auditd/audit_triggers.defs =================================================================== --- head/contrib/openbsm/bin/auditd/audit_triggers.defs (revision 292431) +++ head/contrib/openbsm/bin/auditd/audit_triggers.defs (revision 292432) @@ -1,5 +1 @@ -/* - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_triggers.defs#1 $ - */ - #include Index: head/contrib/openbsm/bin/auditd/audit_warn.c =================================================================== --- head/contrib/openbsm/bin/auditd/audit_warn.c (revision 292431) +++ head/contrib/openbsm/bin/auditd/audit_warn.c (revision 292432) @@ -1,253 +1,251 @@ /*- * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#11 $ */ #include #include #include #include #include "auditd.h" /* * Write an audit-related error to the system log via syslog(3). */ static int auditwarnlog(char *args[]) { char *loc_args[9]; pid_t pid; int i; loc_args[0] = AUDITWARN_SCRIPT; for (i = 0; args[i] != NULL && i < 8; i++) loc_args[i+1] = args[i]; loc_args[i+1] = NULL; pid = fork(); if (pid == -1) return (-1); if (pid == 0) { /* * Child. */ execv(AUDITWARN_SCRIPT, loc_args); syslog(LOG_ERR, "Could not exec %s (%m)\n", AUDITWARN_SCRIPT); exit(1); } /* * Parent. */ return (0); } /* * Indicates that the hard limit for all filesystems has been exceeded. */ int audit_warn_allhard(void) { char *args[2]; args[0] = HARDLIM_ALL_WARN; args[1] = NULL; return (auditwarnlog(args)); } /* * Indicates that the soft limit for all filesystems has been exceeded. */ int audit_warn_allsoft(void) { char *args[2]; args[0] = SOFTLIM_ALL_WARN; args[1] = NULL; return (auditwarnlog(args)); } /* * Indicates that someone other than the audit daemon turned off auditing. * XXX Its not clear at this point how this function will be invoked. * * XXXRW: This function is not used. */ int audit_warn_auditoff(void) { char *args[2]; args[0] = AUDITOFF_WARN; args[1] = NULL; return (auditwarnlog(args)); } /* * Indicate that a trail file has been closed, so can now be post-processed. */ int audit_warn_closefile(char *filename) { char *args[3]; args[0] = CLOSEFILE_WARN; args[1] = filename; args[2] = NULL; return (auditwarnlog(args)); } /* * Indicates that the audit deammn is already running */ int audit_warn_ebusy(void) { char *args[2]; args[0] = EBUSY_WARN; args[1] = NULL; return (auditwarnlog(args)); } /* * Indicates that there is a problem getting the directory from * audit_control. * * XXX Note that we take the filename instead of a count as the argument here * (different from BSM). */ int audit_warn_getacdir(char *filename) { char *args[3]; args[0] = GETACDIR_WARN; args[1] = filename; args[2] = NULL; return (auditwarnlog(args)); } /* * Indicates that the hard limit for this file has been exceeded. */ int audit_warn_hard(char *filename) { char *args[3]; args[0] = HARDLIM_WARN; args[1] = filename; args[2] = NULL; return (auditwarnlog(args)); } /* * Indicates that auditing could not be started. */ int audit_warn_nostart(void) { char *args[2]; args[0] = NOSTART_WARN; args[1] = NULL; return (auditwarnlog(args)); } /* * Indicaes that an error occrred during the orderly shutdown of the audit * daemon. */ int audit_warn_postsigterm(void) { char *args[2]; args[0] = POSTSIGTERM_WARN; args[1] = NULL; return (auditwarnlog(args)); } /* * Indicates that the soft limit for this file has been exceeded. */ int audit_warn_soft(char *filename) { char *args[3]; args[0] = SOFTLIM_WARN; args[1] = filename; args[2] = NULL; return (auditwarnlog(args)); } /* * Indicates that the temporary audit file already exists indicating a fatal * error. */ int audit_warn_tmpfile(void) { char *args[2]; args[0] = TMPFILE_WARN; args[1] = NULL; return (auditwarnlog(args)); } /* * Indicates that this trail file has expired and was removed. */ int audit_warn_expired(char *filename) { char *args[3]; args[0] = EXPIRED_WARN; args[1] = filename; args[2] = NULL; return (auditwarnlog(args)); } Index: head/contrib/openbsm/bin/auditd/auditd.8 =================================================================== --- head/contrib/openbsm/bin/auditd/auditd.8 (revision 292431) +++ head/contrib/openbsm/bin/auditd/auditd.8 (revision 292432) @@ -1,142 +1,140 @@ .\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY .\" EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED .\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE .\" DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY .\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES .\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND .\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#19 $ -.\" -.Dd December 11, 2008 +.Dd July 25, 2015 .Dt AUDITD 8 .Os .Sh NAME .Nm auditd .Nd audit log management daemon .Sh SYNOPSIS .Nm .Op Fl d | l .Sh DESCRIPTION The .Nm daemon responds to requests from the .Xr audit 8 utility and notifications from the kernel. It manages the resulting audit log files and specified log file locations. .Pp The options are as follows: .Bl -tag -width indent .It Fl d Starts the daemon in debug mode \[em] it will not daemonize. .It Fl l This option is for when .Nm is configured to start on-demand using .Xr launchd 8 . .El .Pp Optionally, the audit review group "audit" may be created. Non-privileged users that are members of this group may read the audit trail log files. .Sh NOTE To assure uninterrupted audit support, the .Nm daemon should not be started and stopped manually. Instead, the .Xr audit 8 command should be used to inform the daemon to change state/configuration after altering the .Pa audit_control file. .Pp If .Nm is started on-demand by .Xr launchd 8 then auditing should only be started and stopped with .Xr audit 8 . .Pp On Mac OS X, .Nm uses the .Xr asl 3 API for writing system log messages. Therefore, only the audit administrator and members of the audit review group will be able to read the system log entries. .Sh FILES .Bl -tag -width ".Pa /etc/security" -compact .It Pa /var/audit Default directory for storing audit log files. .Pp .It Pa /etc/security The directory containing the auditing configuration files .Xr audit_class 5 , .Xr audit_control 5 , .Xr audit_event 5 , and .Xr audit_warn 5 . .El .Sh COMPATIBILITY The historical .Fl h and .Fl s flags are now configured using .Xr audit_control 5 policy flags .Cm ahlt and .Cm cnt , and are no longer available as arguments to .Nm . .Sh SEE ALSO .Xr asl 3 , .Xr libauditd 3 , .Xr audit 4 , .Xr audit_class 5 , .Xr audit_control 5 , .Xr audit_event 5 , .Xr audit_warn 5 , .Xr audit 8 , .Xr auditdistd 8 , -.Xr launchd 8 +.Xr launchd 8 (Mac OS X) .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/bin/auditd/auditd.c =================================================================== --- head/contrib/openbsm/bin/auditd/auditd.c (revision 292431) +++ head/contrib/openbsm/bin/auditd/auditd.c (revision 292432) @@ -1,852 +1,850 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#50 $ */ #include #include #include #ifdef HAVE_FULL_QUEUE_H #include #else /* !HAVE_FULL_QUEUE_H */ #include #endif /* !HAVE_FULL_QUEUE_H */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "auditd.h" #ifndef HAVE_STRLCPY #include #endif /* * XXX The following are temporary until these can be added to the kernel * audit.h header. */ #ifndef AUDIT_TRIGGER_INITIALIZE #define AUDIT_TRIGGER_INITIALIZE 7 #endif #ifndef AUDIT_TRIGGER_EXPIRE_TRAILS #define AUDIT_TRIGGER_EXPIRE_TRAILS 8 #endif /* * LaunchD flag (Mac OS X and, maybe, FreeBSD only.) See launchd(8) and * http://wiki.freebsd.org/launchd for more information. * * In order for auditd to work "on demand" with launchd(8) it can't: * call daemon(3) * call fork and having the parent process exit * change uids or gids. * set up the current working directory or chroot. * set the session id * change stdio to /dev/null. * call setrusage(2) * call setpriority(2) * Ignore SIGTERM. * auditd (in 'launchd mode') is launched on demand so it must catch * SIGTERM to exit cleanly. */ static int launchd_flag = 0; /* * The GID of the audit review group (if used). The audit trail files and * system logs (Mac OS X only) can only be reviewed by members of this group * or the audit administrator (aka. "root"). */ static gid_t audit_review_gid = -1; /* * The path and file name of the last audit trail file. */ static char *lastfile = NULL; /* * Error starting auditd. Run warn script and exit. */ static void fail_exit(void) { audit_warn_nostart(); exit(1); } /* * Follow the 'current' symlink to get the active trail file name. */ static char * get_curfile(void) { char *cf; int len; cf = malloc(MAXPATHLEN); if (cf == NULL) { auditd_log_err("malloc failed: %m"); return (NULL); } len = readlink(AUDIT_CURRENT_LINK, cf, MAXPATHLEN - 1); if (len < 0) { free(cf); return (NULL); } /* readlink() doesn't terminate string. */ cf[len] = '\0'; return (cf); } /* * Close the previous audit trail file. */ static int close_lastfile(char *TS) { char *ptr; char *oldname; /* If lastfile is NULL try to get it from the 'current' link. */ if (lastfile == NULL) lastfile = get_curfile(); if (lastfile != NULL) { oldname = strdup(lastfile); if (oldname == NULL) return (-1); /* Rename the last file -- append timestamp. */ if ((ptr = strstr(lastfile, NOT_TERMINATED)) != NULL) { memcpy(ptr, TS, POSTFIX_LEN); if (auditd_rename(oldname, lastfile) != 0) auditd_log_err( "Could not rename %s to %s: %m", oldname, lastfile); else { /* * Remove the 'current' symlink since the link * is now invalid. */ (void) unlink(AUDIT_CURRENT_LINK); auditd_log_notice("renamed %s to %s", oldname, lastfile); audit_warn_closefile(lastfile); } } else auditd_log_err("Could not rename %s to %s", oldname, lastfile); free(lastfile); free(oldname); lastfile = NULL; } return (0); } /* * Create the new file name, swap with existing audit file. */ static int swap_audit_file(void) { int err; char *newfile, *name; char TS[TIMESTAMP_LEN + 1]; time_t tt; if (getTSstr(tt, TS, sizeof(TS)) != 0) return (-1); /* * If prefix and suffix are the same, it means that records are * being produced too fast. We don't want to rename now, because * next trail file can get the same name and once that one is * terminated also within one second it will overwrite the current * one. Just keep writing to the same trail and wait for the next * trigger from the kernel. * FREEBSD KERNEL WAS UPDATED TO KEEP SENDING TRIGGERS, WHICH MIGHT * NOT BE THE CASE FOR OTHER OSES. * If the kernel will not keep sending triggers, trail file will not * be terminated. */ if (lastfile == NULL) { name = NULL; } else { name = strrchr(lastfile, '/'); if (name != NULL) name++; } if (name != NULL && strncmp(name, TS, TIMESTAMP_LEN) == 0) { auditd_log_debug("Not ready to terminate trail file yet."); return (0); } err = auditd_swap_trail(TS, &newfile, audit_review_gid, audit_warn_getacdir); if (err != ADE_NOERR) { auditd_log_err("%s: %m", auditd_strerror(err)); if (err != ADE_ACTL) return (-1); } /* * Only close the last file if were in an auditing state before * calling swap_audit_file(). We may need to recover from a crash. */ if (auditd_get_state() == AUD_STATE_ENABLED) close_lastfile(TS); /* * auditd_swap_trail() potentially enables auditing (if not already * enabled) so updated the cached state as well. */ auditd_set_state(AUD_STATE_ENABLED); /* * Create 'current' symlink. Recover from crash, if needed. */ if (auditd_new_curlink(newfile) != 0) auditd_log_err("auditd_new_curlink(\"%s\") failed: %s: %m", newfile, auditd_strerror(err)); lastfile = newfile; auditd_log_notice("New audit file is %s", newfile); return (0); } /* * Create a new audit log trail file and swap with the current one, if any. */ static int do_trail_file(void) { int err; /* * First, refresh the list of audit log directories. */ err = auditd_read_dirs(audit_warn_soft, audit_warn_hard); if (err) { auditd_log_err("auditd_read_dirs(): %s", auditd_strerror(err)); if (err == ADE_HARDLIM) audit_warn_allhard(); if (err != ADE_SOFTLIM) return (-1); else audit_warn_allsoft(); /* continue on with soft limit error */ } /* * Create a new file and swap with the one being used in kernel. */ if (swap_audit_file() == -1) { /* * XXX Faulty directory listing? - user should be given * XXX an opportunity to change the audit_control file * XXX switch to a reduced mode of auditing? */ return (-1); } /* * Finally, see if there are any trail files to expire. */ err = auditd_expire_trails(audit_warn_expired); if (err) auditd_log_err("auditd_expire_trails(): %s", auditd_strerror(err)); return (0); } /* * Start up auditing. */ static void audit_setup(void) { int err; /* Configure trail files distribution. */ err = auditd_set_dist(); if (err) { auditd_log_err("auditd_set_dist() %s: %m", auditd_strerror(err)); } else auditd_log_debug("Configured trail files distribution."); if (do_trail_file() == -1) { auditd_log_err("Error creating audit trail file"); fail_exit(); } /* Generate an audit record. */ err = auditd_gen_record(AUE_audit_startup, NULL); if (err) auditd_log_err("auditd_gen_record(AUE_audit_startup) %s: %m", auditd_strerror(err)); if (auditd_config_controls() == 0) auditd_log_info("Audit controls init successful"); else auditd_log_err("Audit controls init failed"); } /* * Close auditd pid file and trigger mechanism. */ static int close_misc(void) { auditd_close_dirs(); if (unlink(AUDITD_PIDFILE) == -1 && errno != ENOENT) { auditd_log_err("Couldn't remove %s: %m", AUDITD_PIDFILE); return (1); } endac(); if (auditd_close_trigger() != 0) { auditd_log_err("Error closing trigger messaging mechanism"); return (1); } return (0); } /* * Close all log files, control files, and tell the audit system. */ static int close_all(void) { int err_ret = 0; char TS[TIMESTAMP_LEN + 1]; int err; int cond; time_t tt; err = auditd_gen_record(AUE_audit_shutdown, NULL); if (err) auditd_log_err("auditd_gen_record(AUE_audit_shutdown) %s: %m", auditd_strerror(err)); /* Flush contents. */ cond = AUC_DISABLED; err_ret = audit_set_cond(&cond); if (err_ret != 0) { auditd_log_err("Disabling audit failed! : %s", strerror(errno)); err_ret = 1; } /* * Updated the cached state that auditing has been disabled. */ auditd_set_state(AUD_STATE_DISABLED); if (getTSstr(tt, TS, sizeof(TS)) == 0) close_lastfile(TS); if (lastfile != NULL) free(lastfile); err_ret += close_misc(); if (err_ret) { auditd_log_err("Could not unregister"); audit_warn_postsigterm(); } auditd_log_info("Finished"); return (err_ret); } /* * Register the daemon with the signal handler and the auditd pid file. */ static int register_daemon(void) { FILE * pidfile; int fd; pid_t pid; /* Set up the signal hander. */ if (signal(SIGTERM, auditd_relay_signal) == SIG_ERR) { auditd_log_err( "Could not set signal handler for SIGTERM"); fail_exit(); } if (signal(SIGCHLD, auditd_relay_signal) == SIG_ERR) { auditd_log_err( "Could not set signal handler for SIGCHLD"); fail_exit(); } if (signal(SIGHUP, auditd_relay_signal) == SIG_ERR) { auditd_log_err( "Could not set signal handler for SIGHUP"); fail_exit(); } if (signal(SIGALRM, auditd_relay_signal) == SIG_ERR) { auditd_log_err( "Could not set signal handler for SIGALRM"); fail_exit(); } if ((pidfile = fopen(AUDITD_PIDFILE, "a")) == NULL) { auditd_log_err("Could not open PID file"); audit_warn_tmpfile(); return (-1); } /* Attempt to lock the pid file; if a lock is present, exit. */ fd = fileno(pidfile); if (flock(fd, LOCK_EX | LOCK_NB) < 0) { auditd_log_err( "PID file is locked (is another auditd running?)."); audit_warn_ebusy(); return (-1); } pid = getpid(); ftruncate(fd, 0); if (fprintf(pidfile, "%u\n", pid) < 0) { /* Should not start the daemon. */ fail_exit(); } fflush(pidfile); return (0); } /* * Handle the audit trigger event. * * We suppress (ignore) duplicated triggers in close succession in order to * try to avoid thrashing-like behavior. However, not all triggers can be * ignored, as triggers generally represent edge triggers, not level * triggers, and won't be retransmitted if the condition persists. Of * specific concern is the rotate trigger -- if one is dropped, then it will * not be retransmitted, and the log file will grow in an unbounded fashion. */ #define DUPLICATE_INTERVAL 30 void auditd_handle_trigger(int trigger) { static int last_trigger, last_warning; static time_t last_time; struct timeval ts; struct timezone tzp; time_t tt; int au_state; int err = 0; /* * Suppress duplicate messages from the kernel within the specified * interval. */ if (gettimeofday(&ts, &tzp) == 0) { tt = (time_t)ts.tv_sec; switch (trigger) { case AUDIT_TRIGGER_LOW_SPACE: case AUDIT_TRIGGER_NO_SPACE: /* * Triggers we can suppress. Of course, we also need * to rate limit the warnings, so apply the same * interval limit on syslog messages. */ if ((trigger == last_trigger) && (tt < (last_time + DUPLICATE_INTERVAL))) { if (tt >= (last_warning + DUPLICATE_INTERVAL)) auditd_log_info( "Suppressing duplicate trigger %d", trigger); return; } last_warning = tt; break; case AUDIT_TRIGGER_ROTATE_KERNEL: case AUDIT_TRIGGER_ROTATE_USER: case AUDIT_TRIGGER_READ_FILE: case AUDIT_TRIGGER_CLOSE_AND_DIE: case AUDIT_TRIGGER_INITIALIZE: /* * Triggers that we cannot suppress. */ break; } /* * Only update last_trigger after aborting due to a duplicate * trigger, not before, or we will never allow that trigger * again. */ last_trigger = trigger; last_time = tt; } au_state = auditd_get_state(); /* * Message processing is done here. */ switch(trigger) { case AUDIT_TRIGGER_LOW_SPACE: auditd_log_notice("Got low space trigger"); if (do_trail_file() == -1) auditd_log_err("Error swapping audit file"); break; case AUDIT_TRIGGER_NO_SPACE: auditd_log_notice("Got no space trigger"); if (do_trail_file() == -1) auditd_log_err("Error swapping audit file"); break; case AUDIT_TRIGGER_ROTATE_KERNEL: case AUDIT_TRIGGER_ROTATE_USER: auditd_log_info("Got open new trigger from %s", trigger == AUDIT_TRIGGER_ROTATE_KERNEL ? "kernel" : "user"); if (au_state == AUD_STATE_ENABLED && do_trail_file() == -1) auditd_log_err("Error swapping audit file"); break; case AUDIT_TRIGGER_READ_FILE: auditd_log_info("Got read file trigger"); if (au_state == AUD_STATE_ENABLED) { if (auditd_config_controls() == -1) auditd_log_err("Error setting audit controls"); else if (do_trail_file() == -1) auditd_log_err("Error swapping audit file"); } break; case AUDIT_TRIGGER_CLOSE_AND_DIE: auditd_log_info("Got close and die trigger"); if (au_state == AUD_STATE_ENABLED) err = close_all(); /* * Running under launchd don't exit. Wait for launchd to * send SIGTERM. */ if (!launchd_flag) { auditd_log_info("auditd exiting."); exit (err); } break; case AUDIT_TRIGGER_INITIALIZE: auditd_log_info("Got audit initialize trigger"); if (au_state == AUD_STATE_DISABLED) audit_setup(); break; case AUDIT_TRIGGER_EXPIRE_TRAILS: auditd_log_info("Got audit expire trails trigger"); err = auditd_expire_trails(audit_warn_expired); if (err) auditd_log_err("auditd_expire_trails(): %s", auditd_strerror(err)); break; default: auditd_log_err("Got unknown trigger %d", trigger); break; } } /* * Reap our children. */ void auditd_reap_children(void) { pid_t child; int wstatus; while ((child = waitpid(-1, &wstatus, WNOHANG)) > 0) { if (!wstatus) continue; auditd_log_info("warn process [pid=%d] %s %d.", child, ((WIFEXITED(wstatus)) ? "exited with non-zero status" : "exited as a result of signal"), ((WIFEXITED(wstatus)) ? WEXITSTATUS(wstatus) : WTERMSIG(wstatus))); } } /* * Reap any children and terminate. If under launchd don't shutdown auditing * but just the other stuff. */ void auditd_terminate(void) { int ret; auditd_reap_children(); if (launchd_flag) ret = close_misc(); else ret = close_all(); exit(ret); } /* * Configure the audit controls in the kernel: the event to class mapping, * kernel preselection mask, etc. */ int auditd_config_controls(void) { int cnt, err; int ret = 0; /* * Configure event to class mappings in kernel. */ cnt = auditd_set_evcmap(); if (cnt < 0) { auditd_log_err("auditd_set_evcmap() failed: %m"); ret = -1; } else if (cnt == 0) { auditd_log_err("No events to class mappings registered."); ret = -1; } else auditd_log_debug("Registered %d event to class mappings.", cnt); /* * Configure non-attributable event mask in kernel. */ err = auditd_set_namask(); if (err) { auditd_log_err("auditd_set_namask() %s: %m", auditd_strerror(err)); ret = -1; } else auditd_log_debug("Registered non-attributable event mask."); /* * Configure audit policy in kernel. */ err = auditd_set_policy(); if (err) { auditd_log_err("auditd_set_policy() %s: %m", auditd_strerror(err)); ret = -1; } else auditd_log_debug("Set audit policy in kernel."); /* * Configure audit trail log size in kernel. */ err = auditd_set_fsize(); if (err) { auditd_log_err("audit_set_fsize() %s: %m", auditd_strerror(err)); ret = -1; } else auditd_log_debug("Set audit trail size in kernel."); /* * Configure audit trail volume minimum free percentage of blocks in * kernel. */ err = auditd_set_minfree(); if (err) { auditd_log_err("auditd_set_minfree() %s: %m", auditd_strerror(err)); ret = -1; } else auditd_log_debug( "Set audit trail min free percent in kernel."); /* * Configure host address in the audit kernel information. */ err = auditd_set_host(); if (err) { if (err == ADE_PARSE) { auditd_log_notice( "audit_control(5) may be missing 'host:' field"); } else { auditd_log_err("auditd_set_host() %s: %m", auditd_strerror(err)); ret = -1; } } else auditd_log_debug( "Set audit host address information in kernel."); return (ret); } /* * Setup and initialize auditd. */ static void setup(void) { int err; if (auditd_open_trigger(launchd_flag) < 0) { auditd_log_err("Error opening trigger messaging mechanism"); fail_exit(); } /* * To prevent event feedback cycles and avoid auditd becoming * stalled if auditing is suspended, auditd and its children run * without their events being audited. We allow the uid, tid, and * mask fields to be implicitly set to zero, but do set the pid. We * run this after opening the trigger device to avoid configuring * audit state without audit present in the system. */ err = auditd_prevent_audit(); if (err) { auditd_log_err("auditd_prevent_audit() %s: %m", auditd_strerror(err)); fail_exit(); } /* * Make sure auditd auditing state is correct. */ auditd_set_state(AUD_STATE_INIT); /* * If under launchd, don't start auditing. Wait for a trigger to * do so. */ if (!launchd_flag) audit_setup(); } int main(int argc, char **argv) { int ch; int debug = 0; #ifdef AUDIT_REVIEW_GROUP struct group *grp; #endif while ((ch = getopt(argc, argv, "dl")) != -1) { switch(ch) { case 'd': /* Debug option. */ debug = 1; break; case 'l': /* Be launchd friendly. */ launchd_flag = 1; break; case '?': default: (void)fprintf(stderr, "usage: auditd [-d] [-l]\n"); exit(1); } } audit_review_gid = getgid(); #ifdef AUDIT_REVIEW_GROUP /* * XXXRW: Currently, this code falls back to the daemon gid, which is * likely the wheel group. Is there a better way to deal with this? */ grp = getgrnam(AUDIT_REVIEW_GROUP); if (grp != NULL) audit_review_gid = grp->gr_gid; #endif auditd_openlog(debug, audit_review_gid); if (launchd_flag) auditd_log_info("started by launchd..."); else auditd_log_info("starting..."); #ifdef AUDIT_REVIEW_GROUP if (grp == NULL) auditd_log_info( "Audit review group '%s' not available, using daemon gid (%d)", AUDIT_REVIEW_GROUP, audit_review_gid); #endif if (debug == 0 && launchd_flag == 0 && daemon(0, 0) == -1) { auditd_log_err("Failed to daemonize"); exit(1); } if (register_daemon() == -1) { auditd_log_err("Could not register as daemon"); exit(1); } setup(); /* * auditd_wait_for_events() shouldn't return unless something is wrong. */ auditd_wait_for_events(); auditd_log_err("abnormal exit."); close_all(); exit(-1); } Index: head/contrib/openbsm/bin/auditd/auditd.h =================================================================== --- head/contrib/openbsm/bin/auditd/auditd.h (revision 292431) +++ head/contrib/openbsm/bin/auditd/auditd.h (revision 292432) @@ -1,102 +1,100 @@ /*- * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#13 $ */ #ifndef _AUDITD_H_ #define _AUDITD_H_ #include #include #include #define MAX_DIR_SIZE 255 #define AUDITD_NAME "auditd" /* * If defined, then the audit daemon will attempt to chown newly created logs * to this group. Otherwise, they will be the default for the user running * auditd, likely the audit group. */ #define AUDIT_REVIEW_GROUP "audit" #define HARDLIM_ALL_WARN "allhard" #define SOFTLIM_ALL_WARN "allsoft" #define AUDITOFF_WARN "auditoff" #define CLOSEFILE_WARN "closefile" #define EBUSY_WARN "ebusy" #define GETACDIR_WARN "getacdir" #define HARDLIM_WARN "hard" #define NOSTART_WARN "nostart" #define POSTSIGTERM_WARN "postsigterm" #define SOFTLIM_WARN "soft" #define TMPFILE_WARN "tmpfile" #define EXPIRED_WARN "expired" #define AUDITWARN_SCRIPT "/etc/security/audit_warn" #define AUDITD_PIDFILE "/var/run/auditd.pid" #define AUD_STATE_INIT -1 #define AUD_STATE_DISABLED 0 #define AUD_STATE_ENABLED 1 int audit_warn_allhard(void); int audit_warn_allsoft(void); int audit_warn_auditoff(void); int audit_warn_closefile(char *filename); int audit_warn_ebusy(void); int audit_warn_getacdir(char *filename); int audit_warn_hard(char *filename); int audit_warn_nostart(void); int audit_warn_postsigterm(void); int audit_warn_soft(char *filename); int audit_warn_tmpfile(void); int audit_warn_expired(char *filename); void auditd_openlog(int debug, gid_t gid); void auditd_log_err(const char *fmt, ...); void auditd_log_debug(const char *fmt, ...); void auditd_log_info(const char *fmt, ...); void auditd_log_notice(const char *fmt, ...); void auditd_set_state(int state); int auditd_get_state(void); int auditd_open_trigger(int launchd_flag); int auditd_close_trigger(void); void auditd_handle_trigger(int trigger); void auditd_wait_for_events(void); void auditd_relay_signal(int signal); void auditd_terminate(void); int auditd_config_controls(void); void auditd_reap_children(void); #endif /* !_AUDITD_H_ */ Index: head/contrib/openbsm/bin/auditd/auditd_control.defs =================================================================== --- head/contrib/openbsm/bin/auditd/auditd_control.defs (revision 292431) +++ head/contrib/openbsm/bin/auditd/auditd_control.defs (revision 292432) @@ -1,49 +1,47 @@ /*- * Copyright (c) 1999-2007 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_control.defs#2 $ */ /* * Exported client calls to the auditd facility. */ Subsystem KernelUser auditd_control 456; #ifndef __MigTypeCheck #define __MigTypeCheck 1 #endif #include #include simpleroutine auditd_control( auditd_port : mach_port_t; in trigger : int); Index: head/contrib/openbsm/bin/auditd/auditd_darwin.c =================================================================== --- head/contrib/openbsm/bin/auditd/auditd_darwin.c (revision 292431) +++ head/contrib/openbsm/bin/auditd/auditd_darwin.c (revision 292432) @@ -1,484 +1,482 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#5 $ */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "auditd.h" #include "auditd_controlServer.h" #include "audit_triggersServer.h" /* * Apple System Logger Handles. */ static aslmsg au_aslmsg = NULL; static aslclient au_aslclient = NULL; static mach_port_t control_port = MACH_PORT_NULL; static mach_port_t signal_port = MACH_PORT_NULL; static mach_port_t port_set = MACH_PORT_NULL; /* * Current auditing state (cache). */ static int auditing_state = AUD_STATE_INIT; /* * Maximum idle time before auditd terminates under launchd. * If it is zero then auditd does not timeout while idle. */ static int max_idletime = 0; #ifndef __BSM_INTERNAL_NOTIFY_KEY #define __BSM_INTERNAL_NOTIFY_KEY "com.apple.audit.change" #endif /* __BSM_INTERNAL_NOTIFY_KEY */ #ifndef __AUDIT_LAUNCHD_LABEL #define __AUDIT_LAUNCHD_LABEL "com.apple.auditd" #endif /* __AUDIT_LAUNCHD_LABEL */ #define MAX_MSG_SIZE 4096 /* * Open and set up system logging. */ void auditd_openlog(int debug, gid_t gid) { uint32_t opt = 0; char *cp = NULL; if (debug) opt = ASL_OPT_STDERR; au_aslclient = asl_open("auditd", "com.apple.auditd", opt); au_aslmsg = asl_new(ASL_TYPE_MSG); #ifdef ASL_KEY_READ_UID /* * Make it only so the audit administrator and members of the audit * review group (if used) have access to the auditd system log messages. */ asl_set(au_aslmsg, ASL_KEY_READ_UID, "0"); asprintf(&cp, "%u", gid); if (cp != NULL) { #ifdef ASL_KEY_READ_GID asl_set(au_aslmsg, ASL_KEY_READ_GID, cp); #endif free(cp); } #endif /* * Set the client-side system log filtering. */ if (debug) asl_set_filter(au_aslclient, ASL_FILTER_MASK_UPTO(ASL_LEVEL_DEBUG)); else asl_set_filter(au_aslclient, ASL_FILTER_MASK_UPTO(ASL_LEVEL_INFO)); } /* * Log messages at different priority levels. */ void auditd_log_err(const char *fmt, ...) { va_list ap; va_start(ap, fmt); asl_vlog(au_aslclient, au_aslmsg, ASL_LEVEL_ERR, fmt, ap); va_end(ap); } void auditd_log_notice(const char *fmt, ...) { va_list ap; va_start(ap, fmt); asl_vlog(au_aslclient, au_aslmsg, ASL_LEVEL_NOTICE, fmt, ap); va_end(ap); } void auditd_log_info(const char *fmt, ...) { va_list ap; va_start(ap, fmt); asl_vlog(au_aslclient, au_aslmsg, ASL_LEVEL_INFO, fmt, ap); va_end(ap); } void auditd_log_debug(const char *fmt, ...) { va_list ap; va_start(ap, fmt); asl_vlog(au_aslclient, au_aslmsg, ASL_LEVEL_DEBUG, fmt, ap); va_end(ap); } /* * Get the auditing state from the kernel and cache it. */ static void init_audit_state(void) { int au_cond; if (audit_get_cond(&au_cond) < 0) { if (errno != ENOSYS) { auditd_log_err("Audit status check failed (%s)", strerror(errno)); } auditing_state = AUD_STATE_DISABLED; } else if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED) auditing_state = AUD_STATE_DISABLED; else auditing_state = AUD_STATE_ENABLED; } /* * Update the cached auditing state. Let other tasks that may be caching it * as well to update their state via notify(3). */ void auditd_set_state(int state) { int old_auditing_state = auditing_state; if (state == AUD_STATE_INIT) init_audit_state(); else auditing_state = state; if (auditing_state != old_auditing_state) { notify_post(__BSM_INTERNAL_NOTIFY_KEY); if (auditing_state == AUD_STATE_ENABLED) auditd_log_notice("Auditing enabled"); if (auditing_state == AUD_STATE_DISABLED) auditd_log_notice("Auditing disabled"); } } /* * Get the cached auditing state. */ int auditd_get_state(void) { if (auditing_state == AUD_STATE_INIT) { init_audit_state(); notify_post(__BSM_INTERNAL_NOTIFY_KEY); } return (auditing_state); } /* * Lookup the audit mach port in the launchd dictionary. */ static mach_port_t lookup_machport(const char *label) { launch_data_t msg, msd, ld, cdict, to; mach_port_t mp = MACH_PORT_NULL; msg = launch_data_new_string(LAUNCH_KEY_CHECKIN); cdict = launch_msg(msg); if (cdict == NULL) { auditd_log_err("launch_msg(\"" LAUNCH_KEY_CHECKIN "\") IPC failure: %m"); return (MACH_PORT_NULL); } if (launch_data_get_type(cdict) == LAUNCH_DATA_ERRNO) { errno = launch_data_get_errno(cdict); auditd_log_err("launch_data_get_type() can't get dict: %m"); return (MACH_PORT_NULL); } to = launch_data_dict_lookup(cdict, LAUNCH_JOBKEY_TIMEOUT); if (to) { max_idletime = launch_data_get_integer(to); auditd_log_debug("launchd timeout set to %d", max_idletime); } else { auditd_log_debug("launchd timeout not set, setting to 60"); max_idletime = 60; } msd = launch_data_dict_lookup(cdict, LAUNCH_JOBKEY_MACHSERVICES); if (msd == NULL) { auditd_log_err( "launch_data_dict_lookup() can't get mach services"); return (MACH_PORT_NULL); } ld = launch_data_dict_lookup(msd, label); if (ld == NULL) { auditd_log_err("launch_data_dict_lookup can't find %s", label); return (MACH_PORT_NULL); } mp = launch_data_get_machport(ld); return (mp); } static int mach_setup(int launchd_flag) { mach_msg_type_name_t poly; /* * Allocate a port set. */ if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_PORT_SET, &port_set) != KERN_SUCCESS) { auditd_log_err("Allocation of port set failed"); return (-1); } /* * Allocate a signal reflection port. */ if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &signal_port) != KERN_SUCCESS || mach_port_move_member(mach_task_self(), signal_port, port_set) != KERN_SUCCESS) { auditd_log_err("Allocation of signal port failed"); return (-1); } /* * Allocate a trigger port. */ if (launchd_flag) { /* * If started under launchd, lookup port in launchd dictionary. */ if ((control_port = lookup_machport(__AUDIT_LAUNCHD_LABEL)) == MACH_PORT_NULL || mach_port_move_member(mach_task_self(), control_port, port_set) != KERN_SUCCESS) { auditd_log_err("Cannot get Mach control port" " via launchd"); return (-1); } else auditd_log_debug("Mach control port registered" " via launchd"); } else { /* * If not started under launchd, allocate port and register. */ if (mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &control_port) != KERN_SUCCESS || mach_port_move_member(mach_task_self(), control_port, port_set) != KERN_SUCCESS) auditd_log_err("Allocation of trigger port failed"); /* * Create a send right on our trigger port. */ mach_port_extract_right(mach_task_self(), control_port, MACH_MSG_TYPE_MAKE_SEND, &control_port, &poly); /* * Register the trigger port with the kernel. */ if (host_set_audit_control_port(mach_host_self(), control_port) != KERN_SUCCESS) { auditd_log_err("Cannot set Mach control port"); return (-1); } else auditd_log_debug("Mach control port registered"); } return (0); } /* * Open the trigger messaging mechanism. */ int auditd_open_trigger(int launchd_flag) { return (mach_setup(launchd_flag)); } /* * Close the trigger messaging mechanism. */ int auditd_close_trigger(void) { return (0); } /* * Combined server handler. Called by the mach message loop when there is * a trigger or signal message. */ static boolean_t auditd_combined_server(mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP) { mach_port_t local_port = InHeadP->msgh_local_port; /* Reset the idle time alarm, if used. */ if (max_idletime) alarm(max_idletime); if (local_port == signal_port) { int signo = InHeadP->msgh_id; switch(signo) { case SIGTERM: case SIGALRM: auditd_terminate(); /* Not reached. */ case SIGCHLD: auditd_reap_children(); return (TRUE); case SIGHUP: auditd_config_controls(); return (TRUE); default: auditd_log_info("Received signal %d", signo); return (TRUE); } } else if (local_port == control_port) { boolean_t result; result = audit_triggers_server(InHeadP, OutHeadP); if (!result) result = auditd_control_server(InHeadP, OutHeadP); return (result); } auditd_log_info("Recevied msg on bad port 0x%x.", local_port); return (FALSE); } /* * The main event loop. Wait for trigger messages or signals and handle them. * It should not return unless there is a problem. */ void auditd_wait_for_events(void) { kern_return_t result; /* * Call the mach messaging server loop. */ result = mach_msg_server(auditd_combined_server, MAX_MSG_SIZE, port_set, MACH_MSG_OPTION_NONE); } /* * Implementation of the audit_triggers() MIG simpleroutine. Simply a * wrapper function. This handles input from the kernel on the host * special mach port. */ kern_return_t audit_triggers(mach_port_t __unused audit_port, int trigger) { auditd_handle_trigger(trigger); return (KERN_SUCCESS); } /* * Implementation of the auditd_control() MIG simpleroutine. Simply a * wrapper function. This handles input from the audit(1) tool. */ kern_return_t auditd_control(mach_port_t __unused auditd_port, int trigger) { auditd_handle_trigger(trigger); return (KERN_SUCCESS); } /* * When we get a signal, we are often not at a clean point. So, little can * be done in the signal handler itself. Instead, we send a message to the * main servicing loop to do proper handling from a non-signal-handler * context. */ void auditd_relay_signal(int signal) { mach_msg_empty_send_t msg; msg.header.msgh_id = signal; msg.header.msgh_remote_port = signal_port; msg.header.msgh_local_port = MACH_PORT_NULL; msg.header.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_MAKE_SEND, 0); mach_msg(&(msg.header), MACH_SEND_MSG|MACH_SEND_TIMEOUT, sizeof(msg), 0, MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL); } Index: head/contrib/openbsm/bin/auditd/auditd_fbsd.c =================================================================== --- head/contrib/openbsm/bin/auditd/auditd_fbsd.c (revision 292431) +++ head/contrib/openbsm/bin/auditd/auditd_fbsd.c (revision 292432) @@ -1,274 +1,272 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#4 $ */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "auditd.h" /* * Current auditing state (cache). */ static int auditing_state = AUD_STATE_INIT; /* * Maximum idle time before auditd terminates under launchd. * If it is zero then auditd does not timeout while idle. */ static int max_idletime = 0; static int sigchlds, sigchlds_handled; static int sighups, sighups_handled; static int sigterms, sigterms_handled; static int sigalrms, sigalrms_handled; static int triggerfd = 0; /* * Open and set up system logging. */ void auditd_openlog(int debug, gid_t __unused gid) { int logopts = LOG_CONS | LOG_PID; if (debug) logopts |= LOG_PERROR; #ifdef LOG_SECURITY openlog("auditd", logopts, LOG_SECURITY); #else openlog("auditd", logopts, LOG_AUTH); #endif } /* * Log messages at different priority levels. */ void auditd_log_err(const char *fmt, ...) { va_list ap; va_start(ap, fmt); vsyslog(LOG_ERR, fmt, ap); va_end(ap); } void auditd_log_notice(const char *fmt, ...) { va_list ap; va_start(ap, fmt); vsyslog(LOG_NOTICE, fmt, ap); va_end(ap); } void auditd_log_info(const char *fmt, ...) { va_list ap; va_start(ap, fmt); vsyslog(LOG_INFO, fmt, ap); va_end(ap); } void auditd_log_debug(const char *fmt, ...) { va_list ap; va_start(ap, fmt); vsyslog(LOG_DEBUG, fmt, ap); va_end(ap); } /* * Get the auditing state from the kernel and cache it. */ static void init_audit_state(void) { int au_cond; if (audit_get_cond(&au_cond) < 0) { if (errno != ENOSYS) { auditd_log_err("Audit status check failed (%s)", strerror(errno)); } auditing_state = AUD_STATE_DISABLED; } else if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED) auditing_state = AUD_STATE_DISABLED; else auditing_state = AUD_STATE_ENABLED; } /* * Update the cached auditing state. */ void auditd_set_state(int state) { int old_auditing_state = auditing_state; if (state == AUD_STATE_INIT) init_audit_state(); else auditing_state = state; if (auditing_state != old_auditing_state) { if (auditing_state == AUD_STATE_ENABLED) auditd_log_notice("Auditing enabled"); if (auditing_state == AUD_STATE_DISABLED) auditd_log_notice("Auditing disabled"); } } /* * Get the cached auditing state. */ int auditd_get_state(void) { if (auditing_state == AUD_STATE_INIT) init_audit_state(); return (auditing_state); } /* * Open the trigger messaging mechanism. */ int auditd_open_trigger(int __unused launchd_flag) { return ((triggerfd = open(AUDIT_TRIGGER_FILE, O_RDONLY, 0))); } /* * Close the trigger messaging mechanism. */ int auditd_close_trigger(void) { return (close(triggerfd)); } /* * The main event loop. Wait for trigger messages or signals and handle them. * It should not return unless there is a problem. */ void auditd_wait_for_events(void) { int num; unsigned int trigger; for (;;) { num = read(triggerfd, &trigger, sizeof(trigger)); if ((num == -1) && (errno != EINTR)) { auditd_log_err("%s: error %d", __FUNCTION__, errno); return; } /* Reset the idle time alarm, if used. */ if (max_idletime) alarm(max_idletime); if (sigterms != sigterms_handled) { auditd_log_debug("%s: SIGTERM", __FUNCTION__); auditd_terminate(); /* not reached */ } if (sigalrms != sigalrms_handled) { auditd_log_debug("%s: SIGALRM", __FUNCTION__); auditd_terminate(); /* not reached */ } if (sigchlds != sigchlds_handled) { sigchlds_handled = sigchlds; auditd_reap_children(); } if (sighups != sighups_handled) { auditd_log_debug("%s: SIGHUP", __FUNCTION__); sighups_handled = sighups; auditd_config_controls(); } if ((num == -1) && (errno == EINTR)) continue; if (num == 0) { auditd_log_err("%s: read EOF", __FUNCTION__); return; } auditd_handle_trigger(trigger); } } /* * When we get a signal, we are often not at a clean point. So, little can * be done in the signal handler itself. Instead, we send a message to the * main servicing loop to do proper handling from a non-signal-handler * context. */ void auditd_relay_signal(int signal) { if (signal == SIGHUP) sighups++; if (signal == SIGTERM) sigterms++; if (signal == SIGCHLD) sigchlds++; if (signal == SIGALRM) sigalrms++; } Index: head/contrib/openbsm/bin/auditdistd/Makefile.am =================================================================== --- head/contrib/openbsm/bin/auditdistd/Makefile.am (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/Makefile.am (revision 292432) @@ -1,33 +1,29 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/Makefile.am#1 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif sbin_PROGRAMS = auditdistd man5_MANS = auditdistd.conf.5 man8_MANS = auditdistd.8 CFLAGS = -Wno-format YFLAGS = -d auditdistd_LDFLAGS = -lcrypto auditdistd_SOURCES = \ auditdistd.c \ parse.y \ pjdlog.c \ proto.c \ proto_common.c \ proto_socketpair.c \ proto_tcp.c \ proto_tls.c \ proto_uds.c \ receiver.c \ sandbox.c \ sender.c \ subr.c \ token.l \ trail.c Index: head/contrib/openbsm/bin/auditdistd/auditdistd.8 =================================================================== --- head/contrib/openbsm/bin/auditdistd/auditdistd.8 (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/auditdistd.8 (revision 292432) @@ -1,106 +1,106 @@ .\" Copyright (c) 2012 The FreeBSD Foundation .\" All rights reserved. .\" .\" This documentation was written by Pawel Jakub Dawidek under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd March 5, 2012 .Dt AUDITDISTD 8 .Os .Sh NAME .Nm auditdistd .Nd "Audit trail files distribution daemon" .Sh SYNOPSIS .Nm .Op Fl dFhl .Op Fl c Ar config .Op Fl P Ar pidfile .Sh DESCRIPTION The .Nm -daemon is responsible for distributing audit trail files over TCP/IP network in +daemon is responsible for distributing audit trail files over a TCP/IP network in a secure and reliable way. .Pp The .Nm daemon can be started with the following command line arguments: .Bl -tag -width ".Fl P Ar pidfile" .It Fl c Ar config -Specify alternative location of the configuration file. +Specify an alternative location of the configuration file. The default location is .Pa /etc/security/auditdistd.conf . Note: the configuration file may contain passwords. Care should be taken to configure proper permissions on this file .Li ( eg. 0600 ) . .It Fl d Print or log debugging information. This option can be specified multiple times to raise the verbosity level. .It Fl F Start the .Nm daemon in the foreground. By default .Nm starts in the background. .It Fl h Print the .Nm usage message. .It Fl l Start in a launchd-friendly mode, ie. do not use .Xr daemon 3 . .It Fl P Ar pidfile -Specify alternative location of a file where main process PID will be +Specify an alternative location of a file where main process PID will be stored. The default location is .Pa /var/run/auditdistd.pid . .El .Sh FILES .Bl -tag -width ".Pa /etc/security/auditdistd.conf" -compact .It Pa /etc/security/auditdistd.conf The configuration file for .Nm . .It Pa /var/run/auditdistd.pid The default location of the .Nm PID file. .El .Sh EXIT STATUS Exit status is 0 on success, or one of the values described in .Xr sysexits 3 on failure. .Sh SEE ALSO .Xr sysexits 3 , .Xr audit 4 , .Xr auditdistd.conf 5 , .Xr auditd 8 .Sh AUTHORS The .Nm was developed by .An Pawel Jakub Dawidek Aq pawel@dawidek.net under sponsorship of the FreeBSD Foundation. Index: head/contrib/openbsm/bin/auditdistd/auditdistd.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/auditdistd.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/auditdistd.c (revision 292432) @@ -1,800 +1,798 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/auditdistd.c#3 $ */ #include #include #if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BSWAP) #include #else /* !HAVE_SYS_ENDIAN_H || !HAVE_BSWAP */ #ifdef HAVE_MACHINE_ENDIAN_H #include #else /* !HAVE_MACHINE_ENDIAN_H */ #ifdef HAVE_ENDIAN_H #include #else /* !HAVE_ENDIAN_H */ #error "No supported endian.h" #endif /* !HAVE_ENDIAN_H */ #endif /* !HAVE_MACHINE_ENDIAN_H */ #include #endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BSWAP */ #include #include #include #include #include #include #ifdef HAVE_LIBUTIL_H #include #endif #include #include #include #include #include #include #include #ifndef HAVE_PIDFILE_OPEN #include #endif #ifndef HAVE_STRLCPY #include #endif #ifndef HAVE_SIGTIMEDWAIT #include "sigtimedwait.h" #endif #include "auditdistd.h" #include "pjdlog.h" #include "proto.h" #include "subr.h" #include "synch.h" /* Path to configuration file. */ const char *cfgpath = ADIST_CONFIG; /* Auditdistd configuration. */ static struct adist_config *adcfg; /* Was SIGINT or SIGTERM signal received? */ bool sigexit_received = false; /* PID file handle. */ struct pidfh *pfh; /* How often check for hooks running for too long. */ #define SIGNALS_CHECK_INTERVAL 5 static void usage(void) { errx(EX_USAGE, "[-dFhl] [-c config] [-P pidfile]"); } void descriptors_cleanup(struct adist_host *adhost) { struct adist_host *adh; struct adist_listen *lst; TAILQ_FOREACH(adh, &adcfg->adc_hosts, adh_next) { if (adh == adhost) continue; if (adh->adh_remote != NULL) { proto_close(adh->adh_remote); adh->adh_remote = NULL; } } TAILQ_FOREACH(lst, &adcfg->adc_listen, adl_next) { if (lst->adl_conn != NULL) proto_close(lst->adl_conn); } (void)pidfile_close(pfh); pjdlog_fini(); } static void child_cleanup(struct adist_host *adhost) { if (adhost->adh_conn != NULL) { PJDLOG_ASSERT(adhost->adh_role == ADIST_ROLE_SENDER); proto_close(adhost->adh_conn); adhost->adh_conn = NULL; } adhost->adh_worker_pid = 0; } static void child_exit_log(const char *type, unsigned int pid, int status) { if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { pjdlog_debug(1, "%s process exited gracefully (pid=%u).", type, pid); } else if (WIFSIGNALED(status)) { pjdlog_error("%s process killed (pid=%u, signal=%d).", type, pid, WTERMSIG(status)); } else { pjdlog_error("%s process exited ungracefully (pid=%u, exitcode=%d).", type, pid, WIFEXITED(status) ? WEXITSTATUS(status) : -1); } } static void child_exit(void) { struct adist_host *adhost; bool restart; int status; pid_t pid; restart = false; while ((pid = wait3(&status, WNOHANG, NULL)) > 0) { /* Find host related to the process that just exited. */ TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) { if (pid == adhost->adh_worker_pid) break; } if (adhost == NULL) { child_exit_log("Sandbox", pid, status); } else { if (adhost->adh_role == ADIST_ROLE_SENDER) restart = true; pjdlog_prefix_set("[%s] (%s) ", adhost->adh_name, role2str(adhost->adh_role)); child_exit_log("Worker", pid, status); child_cleanup(adhost); pjdlog_prefix_set("%s", ""); } } if (!restart) return; /* We have some sender processes to restart. */ sleep(1); TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) { if (adhost->adh_role != ADIST_ROLE_SENDER) continue; if (adhost->adh_worker_pid != 0) continue; pjdlog_prefix_set("[%s] (%s) ", adhost->adh_name, role2str(adhost->adh_role)); pjdlog_info("Restarting sender process."); adist_sender(adcfg, adhost); pjdlog_prefix_set("%s", ""); } } /* TODO */ static void adist_reload(void) { pjdlog_info("Reloading configuration is not yet implemented."); } static void terminate_workers(void) { struct adist_host *adhost; pjdlog_info("Termination signal received, exiting."); TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) { if (adhost->adh_worker_pid == 0) continue; pjdlog_info("Terminating worker process (adhost=%s, role=%s, pid=%u).", adhost->adh_name, role2str(adhost->adh_role), adhost->adh_worker_pid); if (kill(adhost->adh_worker_pid, SIGTERM) == 0) continue; pjdlog_errno(LOG_WARNING, "Unable to send signal to worker process (adhost=%s, role=%s, pid=%u).", adhost->adh_name, role2str(adhost->adh_role), adhost->adh_worker_pid); } } static void listen_accept(struct adist_listen *lst) { unsigned char rnd[32], hash[32], resp[32]; struct adist_host *adhost; struct proto_conn *conn; char adname[ADIST_HOSTSIZE]; char laddr[256], raddr[256]; char welcome[8]; int status, version; pid_t pid; proto_local_address(lst->adl_conn, laddr, sizeof(laddr)); pjdlog_debug(1, "Accepting connection to %s.", laddr); if (proto_accept(lst->adl_conn, &conn) == -1) { pjdlog_errno(LOG_ERR, "Unable to accept connection to %s", laddr); return; } proto_local_address(conn, laddr, sizeof(laddr)); proto_remote_address(conn, raddr, sizeof(raddr)); pjdlog_info("Connection from %s to %s.", raddr, laddr); /* Error in setting timeout is not critical, but why should it fail? */ if (proto_timeout(conn, ADIST_TIMEOUT) < 0) pjdlog_errno(LOG_WARNING, "Unable to set connection timeout"); /* * Before receiving any data see if remote host is known. */ TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) { if (adhost->adh_role != ADIST_ROLE_RECEIVER) continue; if (!proto_address_match(conn, adhost->adh_remoteaddr)) continue; break; } if (adhost == NULL) { pjdlog_error("Client %s is not known.", raddr); goto close; } /* Ok, remote host is known. */ /* Exchange welcome message, which include version number. */ bzero(welcome, sizeof(welcome)); if (proto_recv(conn, welcome, sizeof(welcome)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to receive welcome message from %s", adhost->adh_remoteaddr); goto close; } if (strncmp(welcome, "ADIST", 5) != 0 || !isdigit(welcome[5]) || !isdigit(welcome[6]) || welcome[7] != '\0') { pjdlog_warning("Invalid welcome message from %s.", adhost->adh_remoteaddr); goto close; } version = MIN(ADIST_VERSION, atoi(welcome + 5)); (void)snprintf(welcome, sizeof(welcome), "ADIST%02d", version); if (proto_send(conn, welcome, sizeof(welcome)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to send welcome message to %s", adhost->adh_remoteaddr); goto close; } if (proto_recv(conn, adname, sizeof(adhost->adh_name)) < 0) { pjdlog_errno(LOG_ERR, "Unable to receive hostname from %s", raddr); goto close; } /* Find host now that we have hostname. */ TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) { if (adhost->adh_role != ADIST_ROLE_RECEIVER) continue; if (!proto_address_match(conn, adhost->adh_remoteaddr)) continue; if (strcmp(adhost->adh_name, adname) != 0) continue; break; } if (adhost == NULL) { pjdlog_error("No configuration for host %s from address %s.", adname, raddr); goto close; } adhost->adh_version = version; pjdlog_debug(1, "Version %d negotiated with %s.", adhost->adh_version, adhost->adh_remoteaddr); /* Now that we know host name setup log prefix. */ pjdlog_prefix_set("[%s] (%s) ", adhost->adh_name, role2str(adhost->adh_role)); if (adist_random(rnd, sizeof(rnd)) == -1) { pjdlog_error("Unable to generate challenge."); goto close; } pjdlog_debug(1, "Challenge generated."); if (proto_send(conn, rnd, sizeof(rnd)) == -1) { pjdlog_errno(LOG_ERR, "Unable to send challenge to %s", adhost->adh_remoteaddr); goto close; } pjdlog_debug(1, "Challenge sent."); if (proto_recv(conn, resp, sizeof(resp)) == -1) { pjdlog_errno(LOG_ERR, "Unable to receive response from %s", adhost->adh_remoteaddr); goto close; } pjdlog_debug(1, "Response received."); if (HMAC(EVP_sha256(), adhost->adh_password, (int)strlen(adhost->adh_password), rnd, (int)sizeof(rnd), hash, NULL) == NULL) { pjdlog_error("Unable to generate hash."); goto close; } pjdlog_debug(1, "Hash generated."); if (memcmp(resp, hash, sizeof(hash)) != 0) { pjdlog_error("Invalid response from %s (wrong password?).", adhost->adh_remoteaddr); goto close; } pjdlog_info("Sender authenticated."); if (proto_recv(conn, rnd, sizeof(rnd)) == -1) { pjdlog_errno(LOG_ERR, "Unable to receive challenge from %s", adhost->adh_remoteaddr); goto close; } pjdlog_debug(1, "Challenge received."); if (HMAC(EVP_sha256(), adhost->adh_password, (int)strlen(adhost->adh_password), rnd, (int)sizeof(rnd), hash, NULL) == NULL) { pjdlog_error("Unable to generate response."); goto close; } pjdlog_debug(1, "Response generated."); if (proto_send(conn, hash, sizeof(hash)) == -1) { pjdlog_errno(LOG_ERR, "Unable to send response to %s", adhost->adh_remoteaddr); goto close; } pjdlog_debug(1, "Response sent."); if (adhost->adh_worker_pid != 0) { pjdlog_debug(1, "Receiver process exists (pid=%u), stopping it.", (unsigned int)adhost->adh_worker_pid); /* Stop child process. */ if (kill(adhost->adh_worker_pid, SIGINT) == -1) { pjdlog_errno(LOG_ERR, "Unable to stop worker process (pid=%u)", (unsigned int)adhost->adh_worker_pid); /* * Other than logging the problem we * ignore it - nothing smart to do. */ } /* Wait for it to exit. */ else if ((pid = waitpid(adhost->adh_worker_pid, &status, 0)) != adhost->adh_worker_pid) { /* We can only log the problem. */ pjdlog_errno(LOG_ERR, "Waiting for worker process (pid=%u) failed", (unsigned int)adhost->adh_worker_pid); } else { child_exit_log("Worker", adhost->adh_worker_pid, status); } child_cleanup(adhost); } adhost->adh_remote = conn; adist_receiver(adcfg, adhost); pjdlog_prefix_set("%s", ""); return; close: proto_close(conn); pjdlog_prefix_set("%s", ""); } static void connection_migrate(struct adist_host *adhost) { struct proto_conn *conn; int16_t val = 0; pjdlog_prefix_set("[%s] (%s) ", adhost->adh_name, role2str(adhost->adh_role)); PJDLOG_ASSERT(adhost->adh_role == ADIST_ROLE_SENDER); if (proto_recv(adhost->adh_conn, &val, sizeof(val)) < 0) { pjdlog_errno(LOG_WARNING, "Unable to receive connection command"); return; } if (proto_set("tls:fingerprint", adhost->adh_fingerprint) == -1) { val = errno; pjdlog_errno(LOG_WARNING, "Unable to set fingerprint"); goto out; } if (proto_connect(adhost->adh_localaddr[0] != '\0' ? adhost->adh_localaddr : NULL, adhost->adh_remoteaddr, -1, &conn) < 0) { val = errno; pjdlog_errno(LOG_WARNING, "Unable to connect to %s", adhost->adh_remoteaddr); goto out; } val = 0; out: if (proto_send(adhost->adh_conn, &val, sizeof(val)) < 0) { pjdlog_errno(LOG_WARNING, "Unable to send reply to connection request"); } if (val == 0 && proto_connection_send(adhost->adh_conn, conn) < 0) pjdlog_errno(LOG_WARNING, "Unable to send connection"); pjdlog_prefix_set("%s", ""); } static void check_signals(void) { struct timespec sigtimeout; sigset_t mask; int signo; sigtimeout.tv_sec = 0; sigtimeout.tv_nsec = 0; PJDLOG_VERIFY(sigemptyset(&mask) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGHUP) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGINT) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGTERM) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGCHLD) == 0); while ((signo = sigtimedwait(&mask, NULL, &sigtimeout)) != -1) { switch (signo) { case SIGINT: case SIGTERM: sigexit_received = true; terminate_workers(); exit(EX_OK); break; case SIGCHLD: child_exit(); break; case SIGHUP: adist_reload(); break; default: PJDLOG_ABORT("Unexpected signal (%d).", signo); } } } static void main_loop(void) { struct adist_host *adhost; struct adist_listen *lst; struct timeval seltimeout; int fd, maxfd, ret; fd_set rfds; seltimeout.tv_sec = SIGNALS_CHECK_INTERVAL; seltimeout.tv_usec = 0; pjdlog_info("Started successfully."); for (;;) { check_signals(); /* Setup descriptors for select(2). */ FD_ZERO(&rfds); maxfd = -1; TAILQ_FOREACH(lst, &adcfg->adc_listen, adl_next) { if (lst->adl_conn == NULL) continue; fd = proto_descriptor(lst->adl_conn); PJDLOG_ASSERT(fd >= 0); FD_SET(fd, &rfds); maxfd = fd > maxfd ? fd : maxfd; } TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) { if (adhost->adh_role == ADIST_ROLE_SENDER) { /* Only sender workers asks for connections. */ PJDLOG_ASSERT(adhost->adh_conn != NULL); fd = proto_descriptor(adhost->adh_conn); PJDLOG_ASSERT(fd >= 0); FD_SET(fd, &rfds); maxfd = fd > maxfd ? fd : maxfd; } else { PJDLOG_ASSERT(adhost->adh_conn == NULL); } } PJDLOG_ASSERT(maxfd + 1 <= (int)FD_SETSIZE); ret = select(maxfd + 1, &rfds, NULL, NULL, &seltimeout); if (ret == 0) { /* * select(2) timed out, so there should be no * descriptors to check. */ continue; } else if (ret == -1) { if (errno == EINTR) continue; KEEP_ERRNO((void)pidfile_remove(pfh)); pjdlog_exit(EX_OSERR, "select() failed"); } PJDLOG_ASSERT(ret > 0); /* * Check for signals before we do anything to update our * info about terminated workers in the meantime. */ check_signals(); TAILQ_FOREACH(lst, &adcfg->adc_listen, adl_next) { if (lst->adl_conn == NULL) continue; if (FD_ISSET(proto_descriptor(lst->adl_conn), &rfds)) listen_accept(lst); } TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) { if (adhost->adh_role == ADIST_ROLE_SENDER) { PJDLOG_ASSERT(adhost->adh_conn != NULL); if (FD_ISSET(proto_descriptor(adhost->adh_conn), &rfds)) { connection_migrate(adhost); } } else { PJDLOG_ASSERT(adhost->adh_conn == NULL); } } } } static void adist_config_dump(struct adist_config *cfg) { struct adist_host *adhost; struct adist_listen *lst; pjdlog_debug(2, "Configuration:"); pjdlog_debug(2, " Global:"); pjdlog_debug(2, " pidfile: %s", cfg->adc_pidfile); pjdlog_debug(2, " timeout: %d", cfg->adc_timeout); if (TAILQ_EMPTY(&cfg->adc_listen)) { pjdlog_debug(2, " Sender only, not listening."); } else { pjdlog_debug(2, " Listening on:"); TAILQ_FOREACH(lst, &cfg->adc_listen, adl_next) { pjdlog_debug(2, " listen: %s", lst->adl_addr); pjdlog_debug(2, " conn: %p", lst->adl_conn); } } pjdlog_debug(2, " Hosts:"); TAILQ_FOREACH(adhost, &cfg->adc_hosts, adh_next) { pjdlog_debug(2, " name: %s", adhost->adh_name); pjdlog_debug(2, " role: %s", role2str(adhost->adh_role)); pjdlog_debug(2, " version: %d", adhost->adh_version); pjdlog_debug(2, " localaddr: %s", adhost->adh_localaddr); pjdlog_debug(2, " remoteaddr: %s", adhost->adh_remoteaddr); pjdlog_debug(2, " remote: %p", adhost->adh_remote); pjdlog_debug(2, " directory: %s", adhost->adh_directory); pjdlog_debug(2, " compression: %d", adhost->adh_compression); pjdlog_debug(2, " checksum: %d", adhost->adh_checksum); pjdlog_debug(2, " pid: %ld", (long)adhost->adh_worker_pid); pjdlog_debug(2, " conn: %p", adhost->adh_conn); } } static void dummy_sighandler(int sig __unused) { /* Nothing to do. */ } int main(int argc, char *argv[]) { struct adist_host *adhost; struct adist_listen *lst; const char *execpath, *pidfile; bool foreground, launchd; pid_t otherpid; int debuglevel; sigset_t mask; execpath = argv[0]; if (execpath[0] != '/') { errx(EX_USAGE, "auditdistd requires execution with an absolute path."); } /* * We are executed from proto to create sandbox. */ if (argc > 1 && strcmp(argv[1], "proto") == 0) { argc -= 2; argv += 2; if (proto_exec(argc, argv) == -1) err(EX_USAGE, "Unable to execute proto"); } foreground = false; debuglevel = 0; launchd = false; pidfile = NULL; for (;;) { int ch; ch = getopt(argc, argv, "c:dFhlP:"); if (ch == -1) break; switch (ch) { case 'c': cfgpath = optarg; break; case 'd': debuglevel++; break; case 'F': foreground = true; break; case 'l': launchd = true; break; case 'P': pidfile = optarg; break; case 'h': default: usage(); } } argc -= optind; argv += optind; pjdlog_init(PJDLOG_MODE_STD); pjdlog_debug_set(debuglevel); if (proto_set("execpath", execpath) == -1) pjdlog_exit(EX_TEMPFAIL, "Unable to set executable name"); if (proto_set("user", ADIST_USER) == -1) pjdlog_exit(EX_TEMPFAIL, "Unable to set proto user"); if (proto_set("tcp:port", ADIST_TCP_PORT) == -1) pjdlog_exit(EX_TEMPFAIL, "Unable to set default TCP port"); /* * When path to the configuration file is relative, obtain full path, * so we can always find the file, even after daemonizing and changing * working directory to /. */ if (cfgpath[0] != '/') { const char *newcfgpath; newcfgpath = realpath(cfgpath, NULL); if (newcfgpath == NULL) { pjdlog_exit(EX_CONFIG, "Unable to obtain full path of %s", cfgpath); } cfgpath = newcfgpath; } adcfg = yy_config_parse(cfgpath, true); PJDLOG_ASSERT(adcfg != NULL); adist_config_dump(adcfg); if (proto_set("tls:certfile", adcfg->adc_certfile) == -1) pjdlog_exit(EX_TEMPFAIL, "Unable to set certfile path"); if (proto_set("tls:keyfile", adcfg->adc_keyfile) == -1) pjdlog_exit(EX_TEMPFAIL, "Unable to set keyfile path"); if (pidfile != NULL) { if (strlcpy(adcfg->adc_pidfile, pidfile, sizeof(adcfg->adc_pidfile)) >= sizeof(adcfg->adc_pidfile)) { pjdlog_exitx(EX_CONFIG, "Pidfile path is too long."); } } if (foreground && pidfile == NULL) { pfh = NULL; } else { pfh = pidfile_open(adcfg->adc_pidfile, 0600, &otherpid); if (pfh == NULL) { if (errno == EEXIST) { pjdlog_exitx(EX_TEMPFAIL, "Another auditdistd is already running, pid: %jd.", (intmax_t)otherpid); } /* * If we cannot create pidfile from other reasons, * only warn. */ pjdlog_errno(LOG_WARNING, "Unable to open or create pidfile %s", adcfg->adc_pidfile); } } /* * Restore default actions for interesting signals in case parent * process (like init(8)) decided to ignore some of them (like SIGHUP). */ PJDLOG_VERIFY(signal(SIGHUP, SIG_DFL) != SIG_ERR); PJDLOG_VERIFY(signal(SIGINT, SIG_DFL) != SIG_ERR); PJDLOG_VERIFY(signal(SIGTERM, SIG_DFL) != SIG_ERR); /* * Because SIGCHLD is ignored by default, setup dummy handler for it, * so we can mask it. */ PJDLOG_VERIFY(signal(SIGCHLD, dummy_sighandler) != SIG_ERR); PJDLOG_VERIFY(sigemptyset(&mask) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGHUP) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGINT) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGTERM) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGCHLD) == 0); PJDLOG_VERIFY(sigprocmask(SIG_SETMASK, &mask, NULL) == 0); /* Listen for remote connections. */ TAILQ_FOREACH(lst, &adcfg->adc_listen, adl_next) { if (proto_server(lst->adl_addr, &lst->adl_conn) == -1) { KEEP_ERRNO((void)pidfile_remove(pfh)); pjdlog_exit(EX_OSERR, "Unable to listen on address %s", lst->adl_addr); } } if (!foreground) { if (!launchd && daemon(0, 0) == -1) { KEEP_ERRNO((void)pidfile_remove(pfh)); pjdlog_exit(EX_OSERR, "Unable to daemonize"); } /* Start logging to syslog. */ pjdlog_mode_set(PJDLOG_MODE_SYSLOG); } if (pfh != NULL) { /* Write PID to a file. */ if (pidfile_write(pfh) < 0) { pjdlog_errno(LOG_WARNING, "Unable to write PID to a file"); } } TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) { if (adhost->adh_role == ADIST_ROLE_SENDER) adist_sender(adcfg, adhost); } main_loop(); exit(0); } Index: head/contrib/openbsm/bin/auditdistd/auditdistd.conf.5 =================================================================== --- head/contrib/openbsm/bin/auditdistd/auditdistd.conf.5 (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/auditdistd.conf.5 (revision 292432) @@ -1,361 +1,364 @@ .\" Copyright (c) 2012 The FreeBSD Foundation .\" All rights reserved. .\" .\" This documentation was written by Pawel Jakub Dawidek under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd March 22, 2011 +.Dd July 1, 2015 .Dt AUDITDISTD.CONF 5 .Os .Sh NAME .Nm auditdistd.conf .Nd configuration file for the .Xr auditdistd 8 daemon. .Sh DESCRIPTION Note: the configuration file may contain passwords. -Care should be taken to configure proper permissions on this file -.Li ( eg. 0600 ) . +Care should be taken to configure proper permissions for this file +.Li ( e.g., 0600 ) . .Pp -Every line starting with # is treated as comment and ignored. +Every line starting with +.Li # +gets treated as a comment and is ignored. .Sh CONFIGURATION FILE SYNTAX -General syntax of the +The general syntax of the .Nm -file is following: -.Bd -literal -offset +file is as follows: +.Bd -literal ## Global section. # Our name. -# The default is first part of the hostname. +# The default is the first part of the hostname. name "" # Connection timeout. # The default is 5. timeout # Path to pidfile. # The default is "/var/run/auditdistd.pid". pidfile "" sender { ## Sender section. # Source address for connections. # Optional. source "" # Directory with audit trail files managed by auditdistd. # The default is /var/audit/dist. directory "" .\" -.\" # Checksum algorithm for data send over the wire. +.\" # Checksum algorithm for data sent over the wire. .\" # The default is none. .\" checksum "" .\" -.\" # Compression algorithm for data send over the wire. +.\" # Compression algorithm for data sent over the wire. .\" # The default is none. .\" compression "" # Configuration for the target system we want to send audit trail # files to. host "" { # Source address for connections. # Optional. source "" - # Address of auditdistd receiver. + # Address of the auditdistd receiver. # No default. Obligatory. remote "" # Directory with audit trail files managed by auditdistd. # The default is /var/audit/dist. directory "" # Fingerprint of the receiver's public key when using TLS - # for connection. + # for connections. # Example fingerprint: # SHA256=8F:0A:FC:8A:3D:09:80:AF:D9:AA:38:CC:8A:86:53:E6:8F:B6:1C:55:30:14:D7:F9:AA:8B:3E:73:CD:F5:76:2B fingerprint "" # Password used to authenticate in front of the receiver. password "" .\" -.\" # Checksum algorithm for data send over the wire. +.\" # Checksum algorithm for data sent over the wire. .\" # The default is none. .\" checksum "" .\" -.\" # Compression algorithm for data send over the wire. +.\" # Compression algorithm for data sent over the wire. .\" # The default is none. .\" compression "" } - # Currently local audit trail files can be send only to one remote + # Currently local audit trail files can be sent only to one remote # auditdistd receiver, but this can change in the future. } receiver { ## Receiver section. - # Address to listen on. Multiple listen addresses might be specified. + # Address to listen on. Multiple listen addresses may be specified. # The defaults are "tcp4://0.0.0.0:7878" and "tcp6://[::]:7878". listen "" # Base directory. - # If directory in host section is no absolute, it will be concatenated - # with this base directory. + # If the directory in the host section is not absolute, it will be + # concatenated with this base directory. # The default is "/var/audit/remote". directory "" - # Path to receiver's certificate file. + # Path to the receiver's certificate file. # The default is "/etc/security/auditdistd.cert.pem". certfile "" - # Path to receiver's private key file. + # Path to the receiver's private key file. # The default is "/etc/security/auditdistd.key.pem". keyfile "" # Configuration for a source system we want to receive audit trail # files from. host "" { # Sender address. # No default. Obligatory. remote "" # Directory where to store audit trail files received # from system . # The default is "/". directory "" # Password used by the sender to authenticate. password "" } # Multiple hosts to receive from can be configured. } .Ed .Pp Most of the various available configuration parameters are optional. -If parameter is not defined in the particular section, it will be +If a parameter is not defined in the particular section, it will be inherited from the parent section if possible. For example, if the .Ic source parameter is not defined in the .Ic host section, it will be inherited from the .Ic sender section. In case the .Ic global section does not define the .Ic source parameter at all, the default value will be used. -.Sh CONFIGURATION FILE DESCRIPTION +.Sh CONFIGURATION OPTION DESCRIPTION The following statements are available: .Bl -tag -width ".Ic xxxx" .It Ic name Aq name .Pp This host's name. -It is send to the receiver, so it can properly recognize us if there are -more than one sender coming from the same IP address. +It is sent to the receiver, so it can properly recognize us if there are +multiple senders coming from the same IP address. .It Ic timeout Aq seconds .Pp Connection timeout in seconds. The default value is .Va 5 . .It Ic pidfile Aq path .Pp File in which to store the process ID of the main .Xr auditdistd 8 process. .Pp The default value is .Pa /var/run/auditdistd.pid . .It Ic source Aq addr .Pp Local address to bind to before connecting to the remote .Nm auditdistd daemon. -Format is the same as for the +The format is the same as for the .Ic listen statement. .It Ic directory Aq path .Pp -Directory where to look for audit trail files in case of sender mode or -directory where to store received audit trail files. +The directory where to look for audit trail files in case of sender mode, or +the directory where to store received audit trail files. The provided path has to be an absolute path. -The only exception is when directory is provided in the +The only exception is when the directory is provided in the .Ic receiver -section, then path provided in the +section; then the path provided in the .Ic host subsections can be relative to the directory in the .Ic receiver section. The default value is .Pa /var/audit/dist for the entire .Ic sender section, .Pa /var/audit/remote for the non-host .Ic receiver section and .Pa /var/audit/remote/ for the .Ic host subsections in the .Ic receiver section where .Aq name -is host's name. +is the host's name. .\".It Ic checksum Aq algorithm .\".Pp .\"Checksum algorithm should be one of the following: .\".Bl -tag -width ".Ic sha256" .\".It Ic none -.\"No checksum will be calculated for the data being send over the network. +.\"No checksum will be calculated for the data being sent over the network. .\"This is the default setting. .\".It Ic crc32 .\"CRC32 checksum will be calculated. .\".It Ic sha256 .\"SHA256 checksum will be calculated. .\".El .\".It Ic compression Aq algorithm .\".Pp .\"Compression algorithm should be one of the following: .\".Bl -tag -width ".Ic none" .\".It Ic none -.\"Data send over the network will not be compressed. +.\"Data sent over the network will not be compressed. .\"This is the default setting. .\".It Ic lzf .\"The .\".Nm LZF .\"algorithm by .\".An Marc Alexander Lehmann -.\"will be used to compress the data send over the network. +.\"will be used to compress the data sent over the network. .\".Nm LZF -.\"is very fast, general purpose compression algorithm. +.\"is a very fast, general purpose compression algorithm. .\".El .It Ic remote Aq addr .Pp Address of the remote .Nm auditdistd daemon. -Format is the same as for the +The format is the same as for the .Ic listen statement. -When operating in the +When operating in .Ic sender mode this address will be used to connect to the .Ic receiver . -When operating in the +When operating in .Ic receiver mode only connections from this address will be accepted. .It Ic listen Aq addr .Pp Address to listen on in form of: .Bd -literal -offset indent protocol://protocol-specific-address .Ed .Pp Each of the following examples defines the same listen address: .Bd -literal -offset indent 0.0.0.0 0.0.0.0:7878 tcp://0.0.0.0 tcp://0.0.0.0:7878 tcp4://0.0.0.0 tcp4://0.0.0.0:7878 .Ed .Pp Multiple listen addresses can be specified. By default .Nm auditdistd listens on .Pa tcp4://0.0.0.0:7878 and -.Pa tcp6://[::]:7878 -if kernel supports IPv4 and IPv6 respectively. +.Pa tcp6://[::]:7878 , +if the kernel supports IPv4 and IPv6 respectively. .It Ic keyfile Aq path .Pp -Path to a file that contains private key for TLS communication. +Path to a file that contains the private key for TLS communication. .It Ic certfile Aq path .Pp -Path to a file that contains certificate for TLS communication. +Path to a file that contains the certificate for TLS communication. .It Ic fingerprint Aq algo=hash .Pp -Finger print of the receiver's public key. -Currently only SHA256 algorithm is supported. -Certificate public key's fingerprint ready to be pasted into auditdistd +Fingerprint of the receiver's public key. +Currently only the SHA256 algorithm is supported. +The certificate public key's fingerprint ready to be pasted into the +.Nm auditdistd configuration file can be obtained by running: -.Bd -literal -offset +.Bd -literal # openssl x509 -in /etc/security/auditdistd.cert.pem -noout -fingerprint -sha256 | awk -F '[ =]' '{printf("%s=%s\\n", $1, $3)}' .Ed .It Ic password Aq password .Pp Password used to authenticate the sender in front of the receiver. .El .Sh FILES .Bl -tag -width ".Pa /etc/security/auditdistd.conf" -compact .It Pa /etc/security/auditdistd.conf The default .Nm auditdistd configuration file. .El .Sh EXAMPLES The example configuration files can look as follows. .Pp Web server: .Bd -literal -offset indent sender { host backup { remote 10.0.0.4 } } .Ed .Pp Audit backup server: .Bd -literal -offset indent receiver { host webserv { remote 10.0.0.1 } host mailserv { remote 10.0.0.2 } host dnsserv { remote 10.0.0.3 } } .Ed .Sh SEE ALSO .Xr audit 4 , -.Xr auditdistd 8 . +.Xr auditdistd 8 .Sh AUTHORS The .Nm auditdistd -was developed by +daemon was developed by .An Pawel Jakub Dawidek Aq pawel@dawidek.net under sponsorship of the FreeBSD Foundation. Index: head/contrib/openbsm/bin/auditdistd/auditdistd.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/auditdistd.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/auditdistd.h (revision 292432) @@ -1,276 +1,274 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/auditdistd.h#2 $ */ #ifndef _AUDITDISTD_H_ #define _AUDITDISTD_H_ #include #include #include #include #include #include #include #include #include #include #include #include "proto.h" /* * Version history: * 0 - initial version */ #define ADIST_VERSION 0 #define ADIST_ROLE_UNDEF 0 #define ADIST_ROLE_SENDER 1 #define ADIST_ROLE_RECEIVER 2 #define ADIST_USER "auditdistd" #define ADIST_TIMEOUT 20 #define ADIST_CONFIG "/etc/security/auditdistd.conf" #define ADIST_TCP_PORT "7878" #define ADIST_LISTEN_TLS_TCP4 "tls://0.0.0.0:" ADIST_TCP_PORT #define ADIST_LISTEN_TLS_TCP6 "tls://[::]:" ADIST_TCP_PORT #define ADIST_PIDFILE "/var/run/auditdistd.pid" #define ADIST_DIRECTORY_SENDER "/var/audit/dist" #define ADIST_DIRECTORY_RECEIVER "/var/audit/remote" #define ADIST_CERTFILE "/etc/security/auditdistd.cert.pem" #define ADIST_KEYFILE "/etc/security/auditdistd.key.pem" #define ADIST_ERROR_WRONG_ORDER 1 #define ADIST_ERROR_INVALID_NAME 2 #define ADIST_ERROR_OPEN_OLD 3 #define ADIST_ERROR_CREATE 4 #define ADIST_ERROR_OPEN 5 #define ADIST_ERROR_READ 6 #define ADIST_ERROR_WRITE 7 #define ADIST_ERROR_RENAME 8 #define ADIST_ADDRSIZE 1024 #define ADIST_HOSTSIZE 256 #define ADIST_PATHSIZE 256 #define ADIST_PASSWORDSIZE 128 #define ADIST_FINGERPRINTSIZE 256 /* Number of seconds to sleep between reconnect retries or keepalive packets. */ #define ADIST_KEEPALIVE 10 struct adist_listen { /* Address to listen on. */ char adl_addr[ADIST_ADDRSIZE]; /* Protocol-specific data. */ struct proto_conn *adl_conn; TAILQ_ENTRY(adist_listen) adl_next; }; struct adist_config { /* Our name. */ char adc_name[ADIST_HOSTSIZE]; /* PID file path. */ char adc_pidfile[PATH_MAX]; /* Connection timeout. */ int adc_timeout; /* Path to receiver's certificate file. */ char adc_certfile[PATH_MAX]; /* Path to receiver's private key file. */ char adc_keyfile[PATH_MAX]; /* List of addresses to listen on. */ TAILQ_HEAD(, adist_listen) adc_listen; /* List of hosts. */ TAILQ_HEAD(, adist_host) adc_hosts; }; #define ADIST_COMPRESSION_NONE 0 #define ADIST_COMPRESSION_LZF 1 #define ADIST_CHECKSUM_NONE 0 #define ADIST_CHECKSUM_CRC32 1 #define ADIST_CHECKSUM_SHA256 2 /* * Structure that describes single host (either sender or receiver). */ struct adist_host { /* Host name. */ char adh_name[ADIST_HOSTSIZE]; /* Host role: ADIST_ROLE_{SENDER,RECEIVER}. */ int adh_role; /* Protocol version negotiated. */ int adh_version; /* Local address to bind to. */ char adh_localaddr[ADIST_ADDRSIZE]; /* Address of the remote component. */ char adh_remoteaddr[ADIST_ADDRSIZE]; /* Connection with remote host. */ struct proto_conn *adh_remote; /* Connection was reestablished, reset the state. */ bool adh_reset; /* * Directory from which audit trail files should be send in * ADIST_ROLE_SENDER case or stored into in ADIST_ROLE_RECEIVER case. */ char adh_directory[PATH_MAX]; /* Compression algorithm. Currently unused. */ int adh_compression; /* Checksum algorithm. Currently unused. */ int adh_checksum; /* Sender's password. */ char adh_password[ADIST_PASSWORDSIZE]; /* Fingerprint of receiver's public key. */ char adh_fingerprint[ADIST_FINGERPRINTSIZE]; /* PID of child worker process. 0 - no child. */ pid_t adh_worker_pid; /* Connection requests from sender to main. */ struct proto_conn *adh_conn; /* Receiver-specific fields. */ char adh_trail_name[ADIST_PATHSIZE]; int adh_trail_fd; int adh_trail_dirfd; DIR *adh_trail_dirfp; /* Sender-specific fields. */ uint64_t adh_trail_offset; /* Next resource. */ TAILQ_ENTRY(adist_host) adh_next; }; #define ADIST_BYTEORDER_UNDEFINED 0 #define ADIST_BYTEORDER_LITTLE_ENDIAN 1 #define ADIST_BYTEORDER_BIG_ENDIAN 2 #if _BYTE_ORDER == _LITTLE_ENDIAN #define ADIST_BYTEORDER ADIST_BYTEORDER_LITTLE_ENDIAN #elif _BYTE_ORDER == _BIG_ENDIAN #define ADIST_BYTEORDER ADIST_BYTEORDER_BIG_ENDIAN #else #error Unknown byte order. #endif struct adpkt { uint8_t adp_byteorder; #define ADIST_CMD_UNDEFINED 0 #define ADIST_CMD_OPEN 1 #define ADIST_CMD_APPEND 2 #define ADIST_CMD_CLOSE 3 #define ADIST_CMD_KEEPALIVE 4 #define ADIST_CMD_ERROR 5 uint8_t adp_cmd; uint64_t adp_seq; uint32_t adp_datasize; unsigned char adp_data[0]; } __packed; struct adreq { int adr_error; TAILQ_ENTRY(adreq) adr_next; struct adpkt adr_packet; }; #define adr_byteorder adr_packet.adp_byteorder #define adr_cmd adr_packet.adp_cmd #define adr_seq adr_packet.adp_seq #define adr_datasize adr_packet.adp_datasize #define adr_data adr_packet.adp_data #define ADPKT_SIZE(adreq) (sizeof((adreq)->adr_packet) + (adreq)->adr_datasize) struct adrep { uint8_t adrp_byteorder; uint64_t adrp_seq; uint16_t adrp_error; } __packed; #define ADIST_QUEUE_SIZE 16 #define ADIST_BUF_SIZE 65536 #define QUEUE_TAKE(adreq, list, timeout) do { \ mtx_lock(list##_lock); \ if ((timeout) == 0) { \ while (((adreq) = TAILQ_FIRST(list)) == NULL) \ cv_wait(list##_cond, list##_lock); \ } else { \ (adreq) = TAILQ_FIRST(list); \ if ((adreq) == NULL) { \ cv_timedwait(list##_cond, list##_lock, \ (timeout)); \ (adreq) = TAILQ_FIRST(list); \ } \ } \ if ((adreq) != NULL) \ TAILQ_REMOVE((list), (adreq), adr_next); \ mtx_unlock(list##_lock); \ } while (0) #define QUEUE_INSERT(adreq, list) do { \ bool _wakeup; \ \ mtx_lock(list##_lock); \ _wakeup = TAILQ_EMPTY(list); \ TAILQ_INSERT_TAIL((list), (adreq), adr_next); \ mtx_unlock(list##_lock); \ if (_wakeup) \ cv_signal(list##_cond); \ } while (0) #define QUEUE_WAIT(list) do { \ mtx_lock(list##_lock); \ while (TAILQ_EMPTY(list)) \ cv_wait(list##_cond, list##_lock); \ mtx_unlock(list##_lock); \ } while (0) extern const char *cfgpath; extern bool sigexit_received; extern struct pidfh *pfh; void descriptors_cleanup(struct adist_host *adhost); void descriptors_assert(const struct adist_host *adhost, int pjdlogmode); void adist_sender(struct adist_config *config, struct adist_host *adhost); void adist_receiver(struct adist_config *config, struct adist_host *adhost); struct adist_config *yy_config_parse(const char *config, bool exitonerror); void yy_config_free(struct adist_config *config); void yyerror(const char *); int yylex(void); #endif /* !_AUDITDISTD_H_ */ Index: head/contrib/openbsm/bin/auditdistd/faccessat.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/faccessat.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/faccessat.h (revision 292432) @@ -1,69 +1,67 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/faccessat.h#1 $ */ #ifndef _FACCESSAT_H_ #define _FACCESSAT_H_ #include #define AT_EACCESS 0x01 static int faccessat(int fd, const char *path, int mode, int flag) { int cfd, error, ret; if (flag == AT_EACCESS) { errno = EINVAL; return (-1); } cfd = open(".", O_RDONLY | O_DIRECTORY); if (cfd == -1) return (-1); if (fchdir(fd) == -1) { error = errno; (void)close(cfd); errno = error; return (-1); } ret = access(path, mode); error = errno; (void)fchdir(cfd); (void)close(cfd); errno = error; return (ret); } #endif /* !_FACCESSAT_H_ */ Index: head/contrib/openbsm/bin/auditdistd/fstatat.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/fstatat.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/fstatat.h (revision 292432) @@ -1,69 +1,67 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/fstatat.h#1 $ */ #ifndef _FSTATAT_H_ #define _FSTATAT_H_ #include #include #define AT_SYMLINK_NOFOLLOW 0x01 static int fstatat(int fd, const char *path, struct stat *buf, int flag) { int cfd, error, ret; cfd = open(".", O_RDONLY | O_DIRECTORY); if (cfd == -1) return (-1); if (fchdir(fd) == -1) { error = errno; (void)close(cfd); errno = error; return (-1); } if (flag == AT_SYMLINK_NOFOLLOW) ret = lstat(path, buf); else ret = stat(path, buf); error = errno; (void)fchdir(cfd); (void)close(cfd); errno = error; return (ret); } #endif /* !_FSTATAT_H_ */ Index: head/contrib/openbsm/bin/auditdistd/openat.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/openat.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/openat.h (revision 292432) @@ -1,75 +1,73 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/openat.h#1 $ */ #ifndef _OPENAT_H_ #define _OPENAT_H_ #include #include #include static int openat(int fd, const char *path, int flags, ...) { int cfd, ffd, error; cfd = open(".", O_RDONLY | O_DIRECTORY); if (cfd == -1) return (-1); if (fchdir(fd) == -1) { error = errno; (void)close(cfd); errno = error; return (-1); } if ((flags & O_CREAT) != 0) { va_list ap; int mode; va_start(ap, flags); mode = va_arg(ap, int); va_end(ap); ffd = open(path, flags, mode); } else { ffd = open(path, flags); } error = errno; (void)fchdir(cfd); (void)close(cfd); errno = error; return (ffd); } #endif /* !_OPENAT_H_ */ Index: head/contrib/openbsm/bin/auditdistd/parse.y =================================================================== --- head/contrib/openbsm/bin/auditdistd/parse.y (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/parse.y (revision 292432) @@ -1,856 +1,854 @@ %{ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/parse.y#5 $ */ #include #include #include #include #include #include #include #include #include #include #include #ifndef HAVE_STRLCPY #include #endif #include "auditdistd.h" #include "pjdlog.h" extern int depth; extern int lineno; extern FILE *yyin; extern char *yytext; static struct adist_config *lconfig; static struct adist_host *curhost; #define SECTION_GLOBAL 0 #define SECTION_SENDER 1 #define SECTION_RECEIVER 2 static int cursection; /* Sender section. */ static char depth1_source[ADIST_ADDRSIZE]; static int depth1_checksum; static int depth1_compression; /* Sender and receiver sections. */ static char depth1_directory[PATH_MAX]; static bool adjust_directory(char *path); static bool family_supported(int family); extern void yyrestart(FILE *); %} %token CB %token CERTFILE %token DIRECTORY %token FINGERPRINT %token HOST %token KEYFILE %token LISTEN %token NAME %token OB %token PASSWORD %token PIDFILE %token RECEIVER REMOTE %token SENDER SOURCE %token TIMEOUT /* %type checksum_type %type compression_type */ %union { int num; char *str; } %token NUM %token STR %% statements: | statements statement ; statement: name_statement | pidfile_statement | timeout_statement | sender_statement | receiver_statement ; name_statement: NAME STR { PJDLOG_RASSERT(depth == 0, "The name variable can only be specificed in the global section."); if (lconfig->adc_name[0] != '\0') { pjdlog_error("The name variable is specified twice."); free($2); return (1); } if (strlcpy(lconfig->adc_name, $2, sizeof(lconfig->adc_name)) >= sizeof(lconfig->adc_name)) { pjdlog_error("The name value is too long."); free($2); return (1); } free($2); } ; pidfile_statement: PIDFILE STR { PJDLOG_RASSERT(depth == 0, "The pidfile variable can only be specificed in the global section."); if (lconfig->adc_pidfile[0] != '\0') { pjdlog_error("The pidfile variable is specified twice."); free($2); return (1); } if (strcmp($2, "none") != 0 && $2[0] != '/') { pjdlog_error("The pidfile variable must be set to absolute pathname or \"none\"."); free($2); return (1); } if (strlcpy(lconfig->adc_pidfile, $2, sizeof(lconfig->adc_pidfile)) >= sizeof(lconfig->adc_pidfile)) { pjdlog_error("The pidfile value is too long."); free($2); return (1); } free($2); } ; timeout_statement: TIMEOUT NUM { PJDLOG_ASSERT(depth == 0); lconfig->adc_timeout = $2; } ; sender_statement: SENDER sender_start sender_entries CB { PJDLOG_ASSERT(depth == 0); PJDLOG_ASSERT(cursection == SECTION_SENDER); /* Configure defaults. */ if (depth1_checksum == -1) depth1_checksum = ADIST_CHECKSUM_NONE; if (depth1_compression == -1) depth1_compression = ADIST_COMPRESSION_NONE; if (depth1_directory[0] == '\0') { (void)strlcpy(depth1_directory, ADIST_DIRECTORY_SENDER, sizeof(depth1_directory)); } /* Empty depth1_source is ok. */ TAILQ_FOREACH(curhost, &lconfig->adc_hosts, adh_next) { if (curhost->adh_role != ADIST_ROLE_SENDER) continue; if (curhost->adh_checksum == -1) curhost->adh_checksum = depth1_checksum; if (curhost->adh_compression == -1) curhost->adh_compression = depth1_compression; if (curhost->adh_directory[0] == '\0') { (void)strlcpy(curhost->adh_directory, depth1_directory, sizeof(curhost->adh_directory)); } if (curhost->adh_localaddr[0] == '\0') { (void)strlcpy(curhost->adh_localaddr, depth1_source, sizeof(curhost->adh_localaddr)); } } cursection = SECTION_GLOBAL; } ; sender_start: OB { PJDLOG_ASSERT(depth == 1); PJDLOG_ASSERT(cursection == SECTION_GLOBAL); cursection = SECTION_SENDER; depth1_checksum = -1; depth1_compression = -1; depth1_source[0] = '\0'; depth1_directory[0] = '\0'; #ifndef HAVE_AUDIT_SYSCALLS pjdlog_error("Sender functionality is not available."); return (1); #endif } ; sender_entries: | sender_entries sender_entry ; sender_entry: source_statement | directory_statement /* | checksum_statement | compression_statement */ | sender_host_statement ; receiver_statement: RECEIVER receiver_start receiver_entries CB { PJDLOG_ASSERT(depth == 0); PJDLOG_ASSERT(cursection == SECTION_RECEIVER); /* * If not listen addresses were specified, * configure default ones. */ if (TAILQ_EMPTY(&lconfig->adc_listen)) { struct adist_listen *lst; if (family_supported(AF_INET)) { lst = calloc(1, sizeof(*lst)); if (lst == NULL) { pjdlog_error("Unable to allocate memory for listen address."); return (1); } (void)strlcpy(lst->adl_addr, ADIST_LISTEN_TLS_TCP4, sizeof(lst->adl_addr)); TAILQ_INSERT_TAIL(&lconfig->adc_listen, lst, adl_next); } else { pjdlog_debug(1, "No IPv4 support in the kernel, not listening on IPv4 address."); } if (family_supported(AF_INET6)) { lst = calloc(1, sizeof(*lst)); if (lst == NULL) { pjdlog_error("Unable to allocate memory for listen address."); return (1); } (void)strlcpy(lst->adl_addr, ADIST_LISTEN_TLS_TCP6, sizeof(lst->adl_addr)); TAILQ_INSERT_TAIL(&lconfig->adc_listen, lst, adl_next); } else { pjdlog_debug(1, "No IPv6 support in the kernel, not listening on IPv6 address."); } if (TAILQ_EMPTY(&lconfig->adc_listen)) { pjdlog_error("No address to listen on."); return (1); } } /* Configure defaults. */ if (depth1_directory[0] == '\0') { (void)strlcpy(depth1_directory, ADIST_DIRECTORY_RECEIVER, sizeof(depth1_directory)); } TAILQ_FOREACH(curhost, &lconfig->adc_hosts, adh_next) { if (curhost->adh_role != ADIST_ROLE_RECEIVER) continue; if (curhost->adh_directory[0] == '\0') { if (snprintf(curhost->adh_directory, sizeof(curhost->adh_directory), "%s/%s", depth1_directory, curhost->adh_name) >= (ssize_t)sizeof(curhost->adh_directory)) { pjdlog_error("Directory value is too long."); return (1); } } } cursection = SECTION_GLOBAL; } ; receiver_start: OB { PJDLOG_ASSERT(depth == 1); PJDLOG_ASSERT(cursection == SECTION_GLOBAL); cursection = SECTION_RECEIVER; depth1_directory[0] = '\0'; } ; receiver_entries: | receiver_entries receiver_entry ; receiver_entry: listen_statement | directory_statement | certfile_statement | keyfile_statement | receiver_host_statement ; /* checksum_statement: CHECKSUM checksum_type { PJDLOG_ASSERT(cursection == SECTION_SENDER); switch (depth) { case 1: depth1_checksum = $2; break; case 2: PJDLOG_ASSERT(curhost != NULL); curhost->adh_checksum = $2; break; default: PJDLOG_ABORT("checksum at wrong depth level"); } } ; checksum_type: NONE { $$ = ADIST_CHECKSUM_NONE; } | CRC32 { $$ = ADIST_CHECKSUM_CRC32; } | SHA256 { $$ = ADIST_CHECKSUM_SHA256; } ; compression_statement: COMPRESSION compression_type { PJDLOG_ASSERT(cursection == SECTION_SENDER); switch (depth) { case 1: depth1_compression = $2; break; case 2: PJDLOG_ASSERT(curhost != NULL); curhost->adh_compression = $2; break; default: PJDLOG_ABORT("compression at wrong depth level"); } } ; compression_type: NONE { $$ = ADIST_COMPRESSION_NONE; } | LZF { $$ = ADIST_COMPRESSION_LZF; } ; */ directory_statement: DIRECTORY STR { PJDLOG_ASSERT(cursection == SECTION_SENDER || cursection == SECTION_RECEIVER); switch (depth) { case 1: if (strlcpy(depth1_directory, $2, sizeof(depth1_directory)) >= sizeof(depth1_directory)) { pjdlog_error("Directory value is too long."); free($2); return (1); } if (!adjust_directory(depth1_directory)) return (1); break; case 2: if (cursection == SECTION_SENDER || $2[0] == '/') { if (strlcpy(curhost->adh_directory, $2, sizeof(curhost->adh_directory)) >= sizeof(curhost->adh_directory)) { pjdlog_error("Directory value is too long."); free($2); return (1); } } else /* if (cursection == SECTION_RECEIVER) */ { if (depth1_directory[0] == '\0') { pjdlog_error("Directory path must be absolute."); free($2); return (1); } if (snprintf(curhost->adh_directory, sizeof(curhost->adh_directory), "%s/%s", depth1_directory, $2) >= (ssize_t)sizeof(curhost->adh_directory)) { pjdlog_error("Directory value is too long."); free($2); return (1); } } break; default: PJDLOG_ABORT("directory at wrong depth level"); } free($2); } ; source_statement: SOURCE STR { PJDLOG_RASSERT(cursection == SECTION_SENDER, "The source variable must be in sender section."); switch (depth) { case 1: if (strlcpy(depth1_source, $2, sizeof(depth1_source)) >= sizeof(depth1_source)) { pjdlog_error("Source value is too long."); free($2); return (1); } break; case 2: if (strlcpy(curhost->adh_localaddr, $2, sizeof(curhost->adh_localaddr)) >= sizeof(curhost->adh_localaddr)) { pjdlog_error("Source value is too long."); free($2); return (1); } break; } free($2); } ; fingerprint_statement: FINGERPRINT STR { PJDLOG_ASSERT(cursection == SECTION_SENDER); PJDLOG_ASSERT(depth == 2); if (strncasecmp($2, "SHA256=", 7) != 0) { pjdlog_error("Invalid fingerprint value."); free($2); return (1); } if (strlcpy(curhost->adh_fingerprint, $2, sizeof(curhost->adh_fingerprint)) >= sizeof(curhost->adh_fingerprint)) { pjdlog_error("Fingerprint value is too long."); free($2); return (1); } free($2); } ; password_statement: PASSWORD STR { PJDLOG_ASSERT(cursection == SECTION_SENDER || cursection == SECTION_RECEIVER); PJDLOG_ASSERT(depth == 2); if (strlcpy(curhost->adh_password, $2, sizeof(curhost->adh_password)) >= sizeof(curhost->adh_password)) { pjdlog_error("Password value is too long."); bzero($2, strlen($2)); free($2); return (1); } bzero($2, strlen($2)); free($2); } ; certfile_statement: CERTFILE STR { PJDLOG_ASSERT(cursection == SECTION_RECEIVER); PJDLOG_ASSERT(depth == 1); if (strlcpy(lconfig->adc_certfile, $2, sizeof(lconfig->adc_certfile)) >= sizeof(lconfig->adc_certfile)) { pjdlog_error("Certfile value is too long."); free($2); return (1); } free($2); } ; keyfile_statement: KEYFILE STR { PJDLOG_ASSERT(cursection == SECTION_RECEIVER); PJDLOG_ASSERT(depth == 1); if (strlcpy(lconfig->adc_keyfile, $2, sizeof(lconfig->adc_keyfile)) >= sizeof(lconfig->adc_keyfile)) { pjdlog_error("Keyfile value is too long."); free($2); return (1); } free($2); } ; listen_statement: LISTEN STR { struct adist_listen *lst; PJDLOG_ASSERT(depth == 1); PJDLOG_ASSERT(cursection == SECTION_RECEIVER); lst = calloc(1, sizeof(*lst)); if (lst == NULL) { pjdlog_error("Unable to allocate memory for listen address."); free($2); return (1); } if (strlcpy(lst->adl_addr, $2, sizeof(lst->adl_addr)) >= sizeof(lst->adl_addr)) { pjdlog_error("listen argument is too long."); free($2); free(lst); return (1); } TAILQ_INSERT_TAIL(&lconfig->adc_listen, lst, adl_next); free($2); } ; sender_host_statement: HOST host_start OB sender_host_entries CB { /* Put it onto host list. */ TAILQ_INSERT_TAIL(&lconfig->adc_hosts, curhost, adh_next); curhost = NULL; } ; receiver_host_statement: HOST host_start OB receiver_host_entries CB { /* Put it onto host list. */ TAILQ_INSERT_TAIL(&lconfig->adc_hosts, curhost, adh_next); curhost = NULL; } ; host_start: STR { /* Check if there is no duplicate entry. */ TAILQ_FOREACH(curhost, &lconfig->adc_hosts, adh_next) { if (strcmp(curhost->adh_name, $1) != 0) continue; if (curhost->adh_role == ADIST_ROLE_SENDER && cursection == SECTION_RECEIVER) { continue; } if (curhost->adh_role == ADIST_ROLE_RECEIVER && cursection == SECTION_SENDER) { continue; } pjdlog_error("%s host %s is configured more than once.", curhost->adh_role == ADIST_ROLE_SENDER ? "Sender" : "Receiver", curhost->adh_name); free($1); return (1); } curhost = calloc(1, sizeof(*curhost)); if (curhost == NULL) { pjdlog_error("Unable to allocate memory for host configuration."); free($1); return (1); } if (strlcpy(curhost->adh_name, $1, sizeof(curhost->adh_name)) >= sizeof(curhost->adh_name)) { pjdlog_error("Host name is too long."); free($1); return (1); } free($1); curhost->adh_role = cursection == SECTION_SENDER ? ADIST_ROLE_SENDER : ADIST_ROLE_RECEIVER; curhost->adh_version = ADIST_VERSION; curhost->adh_localaddr[0] = '\0'; curhost->adh_remoteaddr[0] = '\0'; curhost->adh_remote = NULL; curhost->adh_directory[0] = '\0'; curhost->adh_password[0] = '\0'; curhost->adh_fingerprint[0] = '\0'; curhost->adh_worker_pid = 0; curhost->adh_conn = NULL; } ; sender_host_entries: | sender_host_entries sender_host_entry ; sender_host_entry: source_statement | remote_statement | directory_statement | fingerprint_statement | password_statement /* | checksum_statement | compression_statement */ ; receiver_host_entries: | receiver_host_entries receiver_host_entry ; receiver_host_entry: remote_statement | directory_statement | password_statement ; remote_statement: REMOTE STR { PJDLOG_ASSERT(depth == 2); PJDLOG_ASSERT(cursection == SECTION_SENDER || cursection == SECTION_RECEIVER); if (strlcpy(curhost->adh_remoteaddr, $2, sizeof(curhost->adh_remoteaddr)) >= sizeof(curhost->adh_remoteaddr)) { pjdlog_error("Remote value is too long."); free($2); return (1); } free($2); } ; %% static bool family_supported(int family) { int sock; sock = socket(family, SOCK_STREAM, 0); if (sock == -1 && errno == EPROTONOSUPPORT) return (false); if (sock >= 0) (void)close(sock); return (true); } static bool adjust_directory(char *path) { size_t len; len = strlen(path); for (;;) { if (len == 0) { pjdlog_error("Directory path is empty."); return (false); } if (path[len - 1] != '/') break; len--; path[len] = '\0'; } if (path[0] != '/') { pjdlog_error("Directory path must be absolute."); return (false); } return (true); } static int my_name(char *name, size_t size) { char buf[MAXHOSTNAMELEN]; char *pos; if (gethostname(buf, sizeof(buf)) < 0) { pjdlog_errno(LOG_ERR, "gethostname() failed"); return (-1); } /* First component of the host name. */ pos = strchr(buf, '.'); if (pos == NULL) (void)strlcpy(name, buf, size); else (void)strlcpy(name, buf, MIN((size_t)(pos - buf + 1), size)); if (name[0] == '\0') { pjdlog_error("Empty host name."); return (-1); } return (0); } void yyerror(const char *str) { pjdlog_error("Unable to parse configuration file at line %d near '%s': %s", lineno, yytext, str); } struct adist_config * yy_config_parse(const char *config, bool exitonerror) { int ret; curhost = NULL; cursection = SECTION_GLOBAL; depth = 0; lineno = 0; lconfig = calloc(1, sizeof(*lconfig)); if (lconfig == NULL) { pjdlog_error("Unable to allocate memory for configuration."); if (exitonerror) exit(EX_TEMPFAIL); return (NULL); } TAILQ_INIT(&lconfig->adc_hosts); TAILQ_INIT(&lconfig->adc_listen); lconfig->adc_name[0] = '\0'; lconfig->adc_timeout = -1; lconfig->adc_pidfile[0] = '\0'; lconfig->adc_certfile[0] = '\0'; lconfig->adc_keyfile[0] = '\0'; yyin = fopen(config, "r"); if (yyin == NULL) { pjdlog_errno(LOG_ERR, "Unable to open configuration file %s", config); yy_config_free(lconfig); if (exitonerror) exit(EX_OSFILE); return (NULL); } yyrestart(yyin); ret = yyparse(); fclose(yyin); if (ret != 0) { yy_config_free(lconfig); if (exitonerror) exit(EX_CONFIG); return (NULL); } /* * Let's see if everything is set up. */ if (lconfig->adc_name[0] == '\0' && my_name(lconfig->adc_name, sizeof(lconfig->adc_name)) == -1) { yy_config_free(lconfig); if (exitonerror) exit(EX_CONFIG); return (NULL); } if (lconfig->adc_timeout == -1) lconfig->adc_timeout = ADIST_TIMEOUT; if (lconfig->adc_pidfile[0] == '\0') { (void)strlcpy(lconfig->adc_pidfile, ADIST_PIDFILE, sizeof(lconfig->adc_pidfile)); } if (lconfig->adc_certfile[0] == '\0') { (void)strlcpy(lconfig->adc_certfile, ADIST_CERTFILE, sizeof(lconfig->adc_certfile)); } if (lconfig->adc_keyfile[0] == '\0') { (void)strlcpy(lconfig->adc_keyfile, ADIST_KEYFILE, sizeof(lconfig->adc_keyfile)); } return (lconfig); } void yy_config_free(struct adist_config *config) { struct adist_host *adhost; struct adist_listen *lst; while ((lst = TAILQ_FIRST(&config->adc_listen)) != NULL) { TAILQ_REMOVE(&config->adc_listen, lst, adl_next); free(lst); } while ((adhost = TAILQ_FIRST(&config->adc_hosts)) != NULL) { TAILQ_REMOVE(&config->adc_hosts, adhost, adh_next); bzero(adhost, sizeof(*adhost)); free(adhost); } free(config); } Index: head/contrib/openbsm/bin/auditdistd/pjdlog.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/pjdlog.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/pjdlog.c (revision 292432) @@ -1,621 +1,619 @@ /*- * Copyright (c) 2009-2010 The FreeBSD Foundation * Copyright (c) 2011 Pawel Jakub Dawidek * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/pjdlog.c#1 $ */ #include #include #include #include #include #include #ifdef __FreeBSD__ #include #include #endif #include #include #include #include #include #include #include #include "pjdlog.h" #define PJDLOG_NEVER_INITIALIZED 0 #define PJDLOG_NOT_INITIALIZED 1 #define PJDLOG_INITIALIZED 2 static int pjdlog_initialized = PJDLOG_NEVER_INITIALIZED; static int pjdlog_mode, pjdlog_debug_level; static char pjdlog_prefix[128]; #ifdef __FreeBSD__ static int pjdlog_printf_arginfo_humanized_number(const struct printf_info *pi __unused, size_t n, int *argt) { assert(n >= 1); argt[0] = PA_INT | PA_FLAG_INTMAX; return (1); } static int pjdlog_printf_render_humanized_number(struct __printf_io *io, const struct printf_info *pi, const void * const *arg) { char buf[5]; intmax_t num; int ret; num = *(const intmax_t *)arg[0]; humanize_number(buf, sizeof(buf), (int64_t)num, "", HN_AUTOSCALE, HN_NOSPACE | HN_DECIMAL); ret = __printf_out(io, pi, buf, strlen(buf)); __printf_flush(io); return (ret); } static int pjdlog_printf_arginfo_sockaddr(const struct printf_info *pi __unused, size_t n, int *argt) { assert(n >= 1); argt[0] = PA_POINTER; return (1); } static int pjdlog_printf_render_sockaddr(struct __printf_io *io, const struct printf_info *pi, const void * const *arg) { const struct sockaddr_storage *ss; char buf[64]; int ret; ss = *(const struct sockaddr_storage * const *)arg[0]; switch (ss->ss_family) { case AF_INET: { char addr[INET_ADDRSTRLEN]; const struct sockaddr_in *sin; unsigned int port; sin = (const struct sockaddr_in *)ss; port = ntohs(sin->sin_port); if (inet_ntop(ss->ss_family, &sin->sin_addr, addr, sizeof(addr)) == NULL) { PJDLOG_ABORT("inet_ntop(AF_INET) failed: %s.", strerror(errno)); } snprintf(buf, sizeof(buf), "%s:%u", addr, port); break; } case AF_INET6: { char addr[INET6_ADDRSTRLEN]; const struct sockaddr_in6 *sin; unsigned int port; sin = (const struct sockaddr_in6 *)ss; port = ntohs(sin->sin6_port); if (inet_ntop(ss->ss_family, &sin->sin6_addr, addr, sizeof(addr)) == NULL) { PJDLOG_ABORT("inet_ntop(AF_INET6) failed: %s.", strerror(errno)); } snprintf(buf, sizeof(buf), "[%s]:%u", addr, port); break; } default: snprintf(buf, sizeof(buf), "[unsupported family %hhu]", ss->ss_family); break; } ret = __printf_out(io, pi, buf, strlen(buf)); __printf_flush(io); return (ret); } #endif /* __FreeBSD__ */ void pjdlog_init(int mode) { int saved_errno; assert(pjdlog_initialized == PJDLOG_NEVER_INITIALIZED || pjdlog_initialized == PJDLOG_NOT_INITIALIZED); assert(mode == PJDLOG_MODE_STD || mode == PJDLOG_MODE_SYSLOG); saved_errno = errno; if (pjdlog_initialized == PJDLOG_NEVER_INITIALIZED) { #ifdef __FreeBSD__ __use_xprintf = 1; register_printf_render_std("T"); register_printf_render('N', pjdlog_printf_render_humanized_number, pjdlog_printf_arginfo_humanized_number); register_printf_render('S', pjdlog_printf_render_sockaddr, pjdlog_printf_arginfo_sockaddr); #endif } if (mode == PJDLOG_MODE_SYSLOG) openlog(NULL, LOG_PID | LOG_NDELAY, LOG_DAEMON); pjdlog_mode = mode; pjdlog_debug_level = 0; bzero(pjdlog_prefix, sizeof(pjdlog_prefix)); pjdlog_initialized = PJDLOG_INITIALIZED; errno = saved_errno; } void pjdlog_fini(void) { int saved_errno; assert(pjdlog_initialized == PJDLOG_INITIALIZED); saved_errno = errno; if (pjdlog_mode == PJDLOG_MODE_SYSLOG) closelog(); pjdlog_initialized = PJDLOG_NOT_INITIALIZED; errno = saved_errno; } /* * Configure where the logs should go. * By default they are send to stdout/stderr, but after going into background * (eg. by calling daemon(3)) application is responsible for changing mode to * PJDLOG_MODE_SYSLOG, so logs will be send to syslog. */ void pjdlog_mode_set(int mode) { int saved_errno; assert(pjdlog_initialized == PJDLOG_INITIALIZED); assert(mode == PJDLOG_MODE_STD || mode == PJDLOG_MODE_SYSLOG); if (pjdlog_mode == mode) return; saved_errno = errno; if (mode == PJDLOG_MODE_SYSLOG) openlog(NULL, LOG_PID | LOG_NDELAY, LOG_DAEMON); else /* if (mode == PJDLOG_MODE_STD) */ closelog(); pjdlog_mode = mode; errno = saved_errno; } /* * Return current mode. */ int pjdlog_mode_get(void) { assert(pjdlog_initialized == PJDLOG_INITIALIZED); return (pjdlog_mode); } /* * Set debug level. All the logs above the level specified here will be * ignored. */ void pjdlog_debug_set(int level) { assert(pjdlog_initialized == PJDLOG_INITIALIZED); assert(level >= 0); pjdlog_debug_level = level; } /* * Return current debug level. */ int pjdlog_debug_get(void) { assert(pjdlog_initialized == PJDLOG_INITIALIZED); return (pjdlog_debug_level); } /* * Set prefix that will be used before each log. * Setting prefix to NULL will remove it. */ void pjdlog_prefix_set(const char *fmt, ...) { va_list ap; assert(pjdlog_initialized == PJDLOG_INITIALIZED); va_start(ap, fmt); pjdlogv_prefix_set(fmt, ap); va_end(ap); } /* * Set prefix that will be used before each log. * Setting prefix to NULL will remove it. */ void pjdlogv_prefix_set(const char *fmt, va_list ap) { int saved_errno; assert(pjdlog_initialized == PJDLOG_INITIALIZED); assert(fmt != NULL); saved_errno = errno; vsnprintf(pjdlog_prefix, sizeof(pjdlog_prefix), fmt, ap); errno = saved_errno; } /* * Convert log level into string. */ static const char * pjdlog_level_string(int loglevel) { switch (loglevel) { case LOG_EMERG: return ("EMERG"); case LOG_ALERT: return ("ALERT"); case LOG_CRIT: return ("CRIT"); case LOG_ERR: return ("ERROR"); case LOG_WARNING: return ("WARNING"); case LOG_NOTICE: return ("NOTICE"); case LOG_INFO: return ("INFO"); case LOG_DEBUG: return ("DEBUG"); } assert(!"Invalid log level."); abort(); /* XXX: gcc */ } /* * Common log routine. */ void pjdlog_common(int loglevel, int debuglevel, int error, const char *fmt, ...) { va_list ap; assert(pjdlog_initialized == PJDLOG_INITIALIZED); va_start(ap, fmt); pjdlogv_common(loglevel, debuglevel, error, fmt, ap); va_end(ap); } /* * Common log routine, which can handle regular log level as well as debug * level. We decide here where to send the logs (stdout/stderr or syslog). */ void pjdlogv_common(int loglevel, int debuglevel, int error, const char *fmt, va_list ap) { int saved_errno; assert(pjdlog_initialized == PJDLOG_INITIALIZED); assert(loglevel == LOG_EMERG || loglevel == LOG_ALERT || loglevel == LOG_CRIT || loglevel == LOG_ERR || loglevel == LOG_WARNING || loglevel == LOG_NOTICE || loglevel == LOG_INFO || loglevel == LOG_DEBUG); assert(loglevel != LOG_DEBUG || debuglevel > 0); assert(error >= -1); /* Ignore debug above configured level. */ if (loglevel == LOG_DEBUG && debuglevel > pjdlog_debug_level) return; saved_errno = errno; switch (pjdlog_mode) { case PJDLOG_MODE_STD: { FILE *out; /* * We send errors and warning to stderr and the rest to stdout. */ switch (loglevel) { case LOG_EMERG: case LOG_ALERT: case LOG_CRIT: case LOG_ERR: case LOG_WARNING: out = stderr; break; case LOG_NOTICE: case LOG_INFO: case LOG_DEBUG: out = stdout; break; default: assert(!"Invalid loglevel."); abort(); /* XXX: gcc */ } fprintf(out, "(%d) ", getpid()); fprintf(out, "[%s]", pjdlog_level_string(loglevel)); /* Attach debuglevel if this is debug log. */ if (loglevel == LOG_DEBUG) fprintf(out, "[%d]", debuglevel); fprintf(out, " %s", pjdlog_prefix); vfprintf(out, fmt, ap); if (error != -1) fprintf(out, ": %s.", strerror(error)); fprintf(out, "\n"); fflush(out); break; } case PJDLOG_MODE_SYSLOG: { char log[1024]; int len; len = snprintf(log, sizeof(log), "%s", pjdlog_prefix); if ((size_t)len < sizeof(log)) len += vsnprintf(log + len, sizeof(log) - len, fmt, ap); if (error != -1 && (size_t)len < sizeof(log)) { (void)snprintf(log + len, sizeof(log) - len, ": %s.", strerror(error)); } syslog(loglevel, "%s", log); break; } default: assert(!"Invalid mode."); } errno = saved_errno; } /* * Regular logs. */ void pjdlogv(int loglevel, const char *fmt, va_list ap) { assert(pjdlog_initialized == PJDLOG_INITIALIZED); /* LOG_DEBUG is invalid here, pjdlogv?_debug() should be used. */ assert(loglevel == LOG_EMERG || loglevel == LOG_ALERT || loglevel == LOG_CRIT || loglevel == LOG_ERR || loglevel == LOG_WARNING || loglevel == LOG_NOTICE || loglevel == LOG_INFO); pjdlogv_common(loglevel, 0, -1, fmt, ap); } /* * Regular logs. */ void pjdlog(int loglevel, const char *fmt, ...) { va_list ap; assert(pjdlog_initialized == PJDLOG_INITIALIZED); va_start(ap, fmt); pjdlogv(loglevel, fmt, ap); va_end(ap); } /* * Debug logs. */ void pjdlogv_debug(int debuglevel, const char *fmt, va_list ap) { assert(pjdlog_initialized == PJDLOG_INITIALIZED); pjdlogv_common(LOG_DEBUG, debuglevel, -1, fmt, ap); } /* * Debug logs. */ void pjdlog_debug(int debuglevel, const char *fmt, ...) { va_list ap; assert(pjdlog_initialized == PJDLOG_INITIALIZED); va_start(ap, fmt); pjdlogv_debug(debuglevel, fmt, ap); va_end(ap); } /* * Error logs with errno logging. */ void pjdlogv_errno(int loglevel, const char *fmt, va_list ap) { assert(pjdlog_initialized == PJDLOG_INITIALIZED); pjdlogv_common(loglevel, 0, errno, fmt, ap); } /* * Error logs with errno logging. */ void pjdlog_errno(int loglevel, const char *fmt, ...) { va_list ap; assert(pjdlog_initialized == PJDLOG_INITIALIZED); va_start(ap, fmt); pjdlogv_errno(loglevel, fmt, ap); va_end(ap); } /* * Log error, errno and exit. */ void pjdlogv_exit(int exitcode, const char *fmt, va_list ap) { assert(pjdlog_initialized == PJDLOG_INITIALIZED); pjdlogv_errno(LOG_ERR, fmt, ap); exit(exitcode); /* NOTREACHED */ } /* * Log error, errno and exit. */ void pjdlog_exit(int exitcode, const char *fmt, ...) { va_list ap; assert(pjdlog_initialized == PJDLOG_INITIALIZED); va_start(ap, fmt); pjdlogv_exit(exitcode, fmt, ap); /* NOTREACHED */ va_end(ap); } /* * Log error and exit. */ void pjdlogv_exitx(int exitcode, const char *fmt, va_list ap) { assert(pjdlog_initialized == PJDLOG_INITIALIZED); pjdlogv(LOG_ERR, fmt, ap); exit(exitcode); /* NOTREACHED */ } /* * Log error and exit. */ void pjdlog_exitx(int exitcode, const char *fmt, ...) { va_list ap; assert(pjdlog_initialized == PJDLOG_INITIALIZED); va_start(ap, fmt); pjdlogv_exitx(exitcode, fmt, ap); /* NOTREACHED */ va_end(ap); } /* * Log failure message and exit. */ void pjdlog_abort(const char *func, const char *file, int line, const char *failedexpr, const char *fmt, ...) { va_list ap; assert(pjdlog_initialized == PJDLOG_INITIALIZED); /* * When there is no message we pass __func__ as 'fmt'. * It would be cleaner to pass NULL or "", but gcc generates a warning * for both of those. */ if (fmt != func) { va_start(ap, fmt); pjdlogv_critical(fmt, ap); va_end(ap); } if (failedexpr == NULL) { if (func == NULL) { pjdlog_critical("Aborted at file %s, line %d.", file, line); } else { pjdlog_critical("Aborted at function %s, file %s, line %d.", func, file, line); } } else { if (func == NULL) { pjdlog_critical("Assertion failed: (%s), file %s, line %d.", failedexpr, file, line); } else { pjdlog_critical("Assertion failed: (%s), function %s, file %s, line %d.", failedexpr, func, file, line); } } abort(); } Index: head/contrib/openbsm/bin/auditdistd/pjdlog.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/pjdlog.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/pjdlog.h (revision 292432) @@ -1,119 +1,117 @@ /*- * Copyright (c) 2009-2010 The FreeBSD Foundation * Copyright (c) 2011 Pawel Jakub Dawidek * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/pjdlog.h#1 $ */ #ifndef _PJDLOG_H_ #define _PJDLOG_H_ #include #include #include #include #include #define PJDLOG_MODE_STD 0 #define PJDLOG_MODE_SYSLOG 1 void pjdlog_init(int mode); void pjdlog_fini(void); void pjdlog_mode_set(int mode); int pjdlog_mode_get(void); void pjdlog_debug_set(int level); int pjdlog_debug_get(void); void pjdlog_prefix_set(const char *fmt, ...) __printflike(1, 2); void pjdlogv_prefix_set(const char *fmt, va_list ap) __printflike(1, 0); void pjdlog_common(int loglevel, int debuglevel, int error, const char *fmt, ...) __printflike(4, 5); void pjdlogv_common(int loglevel, int debuglevel, int error, const char *fmt, va_list ap) __printflike(4, 0); void pjdlog(int loglevel, const char *fmt, ...) __printflike(2, 3); void pjdlogv(int loglevel, const char *fmt, va_list ap) __printflike(2, 0); #define pjdlogv_emergency(fmt, ap) pjdlogv(LOG_EMERG, (fmt), (ap)) #define pjdlog_emergency(...) pjdlog(LOG_EMERG, __VA_ARGS__) #define pjdlogv_alert(fmt, ap) pjdlogv(LOG_ALERT, (fmt), (ap)) #define pjdlog_alert(...) pjdlog(LOG_ALERT, __VA_ARGS__) #define pjdlogv_critical(fmt, ap) pjdlogv(LOG_CRIT, (fmt), (ap)) #define pjdlog_critical(...) pjdlog(LOG_CRIT, __VA_ARGS__) #define pjdlogv_error(fmt, ap) pjdlogv(LOG_ERR, (fmt), (ap)) #define pjdlog_error(...) pjdlog(LOG_ERR, __VA_ARGS__) #define pjdlogv_warning(fmt, ap) pjdlogv(LOG_WARNING, (fmt), (ap)) #define pjdlog_warning(...) pjdlog(LOG_WARNING, __VA_ARGS__) #define pjdlogv_notice(fmt, ap) pjdlogv(LOG_NOTICE, (fmt), (ap)) #define pjdlog_notice(...) pjdlog(LOG_NOTICE, __VA_ARGS__) #define pjdlogv_info(fmt, ap) pjdlogv(LOG_INFO, (fmt), (ap)) #define pjdlog_info(...) pjdlog(LOG_INFO, __VA_ARGS__) void pjdlog_debug(int debuglevel, const char *fmt, ...) __printflike(2, 3); void pjdlogv_debug(int debuglevel, const char *fmt, va_list ap) __printflike(2, 0); void pjdlog_errno(int loglevel, const char *fmt, ...) __printflike(2, 3); void pjdlogv_errno(int loglevel, const char *fmt, va_list ap) __printflike(2, 0); void pjdlog_exit(int exitcode, const char *fmt, ...) __printflike(2, 3) __dead2; void pjdlogv_exit(int exitcode, const char *fmt, va_list ap) __printflike(2, 0) __dead2; void pjdlog_exitx(int exitcode, const char *fmt, ...) __printflike(2, 3) __dead2; void pjdlogv_exitx(int exitcode, const char *fmt, va_list ap) __printflike(2, 0) __dead2; void pjdlog_abort(const char *func, const char *file, int line, const char *failedexpr, const char *fmt, ...) __printflike(5, 6) __dead2; #define PJDLOG_VERIFY(expr) do { \ if (!(expr)) { \ pjdlog_abort(__func__, __FILE__, __LINE__, #expr, \ "%s", __func__); \ } \ } while (0) #define PJDLOG_RVERIFY(expr, ...) do { \ if (!(expr)) { \ pjdlog_abort(__func__, __FILE__, __LINE__, #expr, \ __VA_ARGS__); \ } \ } while (0) #define PJDLOG_ABORT(...) pjdlog_abort(__func__, __FILE__, \ __LINE__, NULL, __VA_ARGS__) #ifdef NDEBUG #define PJDLOG_ASSERT(expr) do { } while (0) #define PJDLOG_RASSERT(...) do { } while (0) #else #define PJDLOG_ASSERT(expr) PJDLOG_VERIFY(expr) #define PJDLOG_RASSERT(...) PJDLOG_RVERIFY(__VA_ARGS__) #endif #endif /* !_PJDLOG_H_ */ Index: head/contrib/openbsm/bin/auditdistd/proto.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/proto.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/proto.c (revision 292432) @@ -1,529 +1,527 @@ /*- * Copyright (c) 2009-2010 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/proto.c#1 $ */ #include #include #include #include #include #include #include #include "pjdlog.h" #include "proto.h" #include "proto_impl.h" #define PROTO_CONN_MAGIC 0x907041c struct proto_conn { int pc_magic; struct proto *pc_proto; void *pc_ctx; int pc_side; #define PROTO_SIDE_CLIENT 0 #define PROTO_SIDE_SERVER_LISTEN 1 #define PROTO_SIDE_SERVER_WORK 2 }; static TAILQ_HEAD(, proto) protos = TAILQ_HEAD_INITIALIZER(protos); void proto_register(struct proto *proto, bool isdefault) { static bool seen_default = false; if (!isdefault) TAILQ_INSERT_HEAD(&protos, proto, prt_next); else { PJDLOG_ASSERT(!seen_default); seen_default = true; TAILQ_INSERT_TAIL(&protos, proto, prt_next); } } static struct proto_conn * proto_alloc(struct proto *proto, int side) { struct proto_conn *conn; PJDLOG_ASSERT(proto != NULL); PJDLOG_ASSERT(side == PROTO_SIDE_CLIENT || side == PROTO_SIDE_SERVER_LISTEN || side == PROTO_SIDE_SERVER_WORK); conn = malloc(sizeof(*conn)); if (conn != NULL) { conn->pc_proto = proto; conn->pc_side = side; conn->pc_magic = PROTO_CONN_MAGIC; } return (conn); } static void proto_free(struct proto_conn *conn) { PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_side == PROTO_SIDE_CLIENT || conn->pc_side == PROTO_SIDE_SERVER_LISTEN || conn->pc_side == PROTO_SIDE_SERVER_WORK); PJDLOG_ASSERT(conn->pc_proto != NULL); bzero(conn, sizeof(*conn)); free(conn); } static int proto_common_setup(const char *srcaddr, const char *dstaddr, int timeout, int side, struct proto_conn **connp) { struct proto *proto; struct proto_conn *conn; void *ctx; int ret; PJDLOG_ASSERT(side == PROTO_SIDE_CLIENT || side == PROTO_SIDE_SERVER_LISTEN); TAILQ_FOREACH(proto, &protos, prt_next) { if (side == PROTO_SIDE_CLIENT) { if (proto->prt_connect == NULL) { ret = -1; } else { ret = proto->prt_connect(srcaddr, dstaddr, timeout, &ctx); } } else /* if (side == PROTO_SIDE_SERVER_LISTEN) */ { if (proto->prt_server == NULL) ret = -1; else ret = proto->prt_server(dstaddr, &ctx); } /* * ret == 0 - success * ret == -1 - dstaddr is not for this protocol * ret > 0 - right protocol, but an error occured */ if (ret >= 0) break; } if (proto == NULL) { /* Unrecognized address. */ errno = EINVAL; return (-1); } if (ret > 0) { /* An error occured. */ errno = ret; return (-1); } conn = proto_alloc(proto, side); if (conn == NULL) { if (proto->prt_close != NULL) proto->prt_close(ctx); errno = ENOMEM; return (-1); } conn->pc_ctx = ctx; *connp = conn; return (0); } int proto_connect(const char *srcaddr, const char *dstaddr, int timeout, struct proto_conn **connp) { PJDLOG_ASSERT(srcaddr == NULL || srcaddr[0] != '\0'); PJDLOG_ASSERT(dstaddr != NULL); PJDLOG_ASSERT(timeout >= -1); return (proto_common_setup(srcaddr, dstaddr, timeout, PROTO_SIDE_CLIENT, connp)); } int proto_connect_wait(struct proto_conn *conn, int timeout) { int error; PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_side == PROTO_SIDE_CLIENT); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_connect_wait != NULL); PJDLOG_ASSERT(timeout >= 0); error = conn->pc_proto->prt_connect_wait(conn->pc_ctx, timeout); if (error != 0) { errno = error; return (-1); } return (0); } int proto_server(const char *addr, struct proto_conn **connp) { PJDLOG_ASSERT(addr != NULL); return (proto_common_setup(NULL, addr, -1, PROTO_SIDE_SERVER_LISTEN, connp)); } int proto_accept(struct proto_conn *conn, struct proto_conn **newconnp) { struct proto_conn *newconn; int error; PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_side == PROTO_SIDE_SERVER_LISTEN); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_accept != NULL); newconn = proto_alloc(conn->pc_proto, PROTO_SIDE_SERVER_WORK); if (newconn == NULL) return (-1); error = conn->pc_proto->prt_accept(conn->pc_ctx, &newconn->pc_ctx); if (error != 0) { proto_free(newconn); errno = error; return (-1); } *newconnp = newconn; return (0); } int proto_send(const struct proto_conn *conn, const void *data, size_t size) { int error; PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_send != NULL); error = conn->pc_proto->prt_send(conn->pc_ctx, data, size, -1); if (error != 0) { errno = error; return (-1); } return (0); } int proto_recv(const struct proto_conn *conn, void *data, size_t size) { int error; PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_recv != NULL); error = conn->pc_proto->prt_recv(conn->pc_ctx, data, size, NULL); if (error != 0) { errno = error; return (-1); } return (0); } int proto_connection_send(const struct proto_conn *conn, struct proto_conn *mconn) { const char *protoname; int error, fd; PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_send != NULL); PJDLOG_ASSERT(mconn != NULL); PJDLOG_ASSERT(mconn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(mconn->pc_proto != NULL); fd = proto_descriptor(mconn); PJDLOG_ASSERT(fd >= 0); protoname = mconn->pc_proto->prt_name; PJDLOG_ASSERT(protoname != NULL); error = conn->pc_proto->prt_send(conn->pc_ctx, (const unsigned char *)protoname, strlen(protoname) + 1, fd); proto_close(mconn); if (error != 0) { errno = error; return (-1); } return (0); } int proto_wrap(const char *protoname, bool client, int fd, struct proto_conn **newconnp) { struct proto *proto; struct proto_conn *newconn; int error; TAILQ_FOREACH(proto, &protos, prt_next) { if (strcmp(proto->prt_name, protoname) == 0) break; } if (proto == NULL) { errno = EINVAL; return (-1); } newconn = proto_alloc(proto, client ? PROTO_SIDE_CLIENT : PROTO_SIDE_SERVER_WORK); if (newconn == NULL) return (-1); PJDLOG_ASSERT(newconn->pc_proto->prt_wrap != NULL); error = newconn->pc_proto->prt_wrap(fd, client, &newconn->pc_ctx); if (error != 0) { proto_free(newconn); errno = error; return (-1); } *newconnp = newconn; return (0); } int proto_connection_recv(const struct proto_conn *conn, bool client, struct proto_conn **newconnp) { char protoname[128]; int error, fd; PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_recv != NULL); PJDLOG_ASSERT(newconnp != NULL); bzero(protoname, sizeof(protoname)); error = conn->pc_proto->prt_recv(conn->pc_ctx, (unsigned char *)protoname, sizeof(protoname) - 1, &fd); if (error != 0) { errno = error; return (-1); } PJDLOG_ASSERT(fd >= 0); return (proto_wrap(protoname, client, fd, newconnp)); } int proto_descriptor(const struct proto_conn *conn) { PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_descriptor != NULL); return (conn->pc_proto->prt_descriptor(conn->pc_ctx)); } bool proto_address_match(const struct proto_conn *conn, const char *addr) { PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_address_match != NULL); return (conn->pc_proto->prt_address_match(conn->pc_ctx, addr)); } void proto_local_address(const struct proto_conn *conn, char *addr, size_t size) { PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_local_address != NULL); conn->pc_proto->prt_local_address(conn->pc_ctx, addr, size); } void proto_remote_address(const struct proto_conn *conn, char *addr, size_t size) { PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_remote_address != NULL); conn->pc_proto->prt_remote_address(conn->pc_ctx, addr, size); } int proto_timeout(const struct proto_conn *conn, int timeout) { struct timeval tv; int fd; PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_proto != NULL); fd = proto_descriptor(conn); if (fd < 0) return (-1); tv.tv_sec = timeout; tv.tv_usec = 0; if (setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)) < 0) return (-1); if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) return (-1); return (0); } void proto_close(struct proto_conn *conn) { PJDLOG_ASSERT(conn != NULL); PJDLOG_ASSERT(conn->pc_magic == PROTO_CONN_MAGIC); PJDLOG_ASSERT(conn->pc_proto != NULL); PJDLOG_ASSERT(conn->pc_proto->prt_close != NULL); conn->pc_proto->prt_close(conn->pc_ctx); proto_free(conn); } int proto_exec(int argc, char *argv[]) { struct proto *proto; int error; if (argc == 0) { errno = EINVAL; return (-1); } TAILQ_FOREACH(proto, &protos, prt_next) { if (strcmp(proto->prt_name, argv[0]) == 0) break; } if (proto == NULL) { errno = EINVAL; return (-1); } if (proto->prt_exec == NULL) { errno = EOPNOTSUPP; return (-1); } error = proto->prt_exec(argc, argv); if (error != 0) { errno = error; return (-1); } /* NOTREACHED */ return (0); } struct proto_nvpair { char *pnv_name; char *pnv_value; TAILQ_ENTRY(proto_nvpair) pnv_next; }; static TAILQ_HEAD(, proto_nvpair) proto_nvpairs = TAILQ_HEAD_INITIALIZER(proto_nvpairs); int proto_set(const char *name, const char *value) { struct proto_nvpair *pnv; TAILQ_FOREACH(pnv, &proto_nvpairs, pnv_next) { if (strcmp(pnv->pnv_name, name) == 0) break; } if (pnv != NULL) { TAILQ_REMOVE(&proto_nvpairs, pnv, pnv_next); free(pnv->pnv_value); } else { pnv = malloc(sizeof(*pnv)); if (pnv == NULL) return (-1); pnv->pnv_name = strdup(name); if (pnv->pnv_name == NULL) { free(pnv); return (-1); } } pnv->pnv_value = strdup(value); if (pnv->pnv_value == NULL) { free(pnv->pnv_name); free(pnv); return (-1); } TAILQ_INSERT_TAIL(&proto_nvpairs, pnv, pnv_next); return (0); } const char * proto_get(const char *name) { struct proto_nvpair *pnv; TAILQ_FOREACH(pnv, &proto_nvpairs, pnv_next) { if (strcmp(pnv->pnv_name, name) == 0) break; } if (pnv != NULL) return (pnv->pnv_value); return (NULL); } Index: head/contrib/openbsm/bin/auditdistd/proto.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/proto.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/proto.h (revision 292432) @@ -1,63 +1,61 @@ /*- * Copyright (c) 2009-2010 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/proto.h#1 $ */ #ifndef _PROTO_H_ #define _PROTO_H_ #include /* bool */ #include /* size_t */ struct proto_conn; int proto_connect(const char *srcaddr, const char *dstaddr, int timeout, struct proto_conn **connp); int proto_connect_wait(struct proto_conn *conn, int timeout); int proto_server(const char *addr, struct proto_conn **connp); int proto_accept(struct proto_conn *conn, struct proto_conn **newconnp); int proto_send(const struct proto_conn *conn, const void *data, size_t size); int proto_recv(const struct proto_conn *conn, void *data, size_t size); int proto_connection_send(const struct proto_conn *conn, struct proto_conn *mconn); int proto_connection_recv(const struct proto_conn *conn, bool client, struct proto_conn **newconnp); int proto_descriptor(const struct proto_conn *conn); bool proto_address_match(const struct proto_conn *conn, const char *addr); void proto_local_address(const struct proto_conn *conn, char *addr, size_t size); void proto_remote_address(const struct proto_conn *conn, char *addr, size_t size); int proto_timeout(const struct proto_conn *conn, int timeout); void proto_close(struct proto_conn *conn); int proto_exec(int argc, char *argv[]); int proto_set(const char *name, const char *value); const char *proto_get(const char *name); #endif /* !_PROTO_H_ */ Index: head/contrib/openbsm/bin/auditdistd/proto_common.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/proto_common.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/proto_common.c (revision 292432) @@ -1,233 +1,231 @@ /*- * Copyright (c) 2009-2010 The FreeBSD Foundation * Copyright (c) 2011 Pawel Jakub Dawidek * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/proto_common.c#1 $ */ #include #include #include #include #include #include #include #include #include #include "pjdlog.h" #include "proto_impl.h" /* Maximum size of packet we want to use when sending data. */ #ifndef MAX_SEND_SIZE #define MAX_SEND_SIZE 32768 #endif static bool blocking_socket(int sock) { int flags; flags = fcntl(sock, F_GETFL); PJDLOG_ASSERT(flags >= 0); return ((flags & O_NONBLOCK) == 0); } static int proto_descriptor_send(int sock, int fd) { unsigned char ctrl[CMSG_SPACE(sizeof(fd))]; struct msghdr msg; struct cmsghdr *cmsg; PJDLOG_ASSERT(sock >= 0); PJDLOG_ASSERT(fd >= 0); bzero(&msg, sizeof(msg)); bzero(&ctrl, sizeof(ctrl)); msg.msg_iov = NULL; msg.msg_iovlen = 0; msg.msg_control = ctrl; msg.msg_controllen = sizeof(ctrl); cmsg = CMSG_FIRSTHDR(&msg); cmsg->cmsg_level = SOL_SOCKET; cmsg->cmsg_type = SCM_RIGHTS; cmsg->cmsg_len = CMSG_LEN(sizeof(fd)); bcopy(&fd, CMSG_DATA(cmsg), sizeof(fd)); if (sendmsg(sock, &msg, 0) == -1) return (errno); return (0); } int proto_common_send(int sock, const unsigned char *data, size_t size, int fd) { ssize_t done; size_t sendsize; int errcount = 0; PJDLOG_ASSERT(sock >= 0); if (data == NULL) { /* The caller is just trying to decide about direction. */ PJDLOG_ASSERT(size == 0); if (shutdown(sock, SHUT_RD) == -1) return (errno); return (0); } PJDLOG_ASSERT(data != NULL); PJDLOG_ASSERT(size > 0); do { sendsize = size < MAX_SEND_SIZE ? size : MAX_SEND_SIZE; done = send(sock, data, sendsize, MSG_NOSIGNAL); if (done == 0) { return (ENOTCONN); } else if (done < 0) { if (errno == EINTR) continue; if (errno == ENOBUFS) { /* * If there are no buffers we retry. * After each try we increase delay before the * next one and we give up after fifteen times. * This gives 11s of total wait time. */ if (errcount == 15) { pjdlog_warning("Getting ENOBUFS errors for 11s on send(), giving up."); } else { if (errcount == 0) pjdlog_warning("Got ENOBUFS error on send(), retrying for a bit."); errcount++; usleep(100000 * errcount); continue; } } /* * If this is blocking socket and we got EAGAIN, this * means the request timed out. Translate errno to * ETIMEDOUT, to give administrator a hint to * eventually increase timeout. */ if (errno == EAGAIN && blocking_socket(sock)) errno = ETIMEDOUT; return (errno); } data += done; size -= done; } while (size > 0); if (errcount > 0) { pjdlog_info("Data sent successfully after %d ENOBUFS error%s.", errcount, errcount == 1 ? "" : "s"); } if (fd == -1) return (0); return (proto_descriptor_send(sock, fd)); } static int proto_descriptor_recv(int sock, int *fdp) { unsigned char ctrl[CMSG_SPACE(sizeof(*fdp))]; struct msghdr msg; struct cmsghdr *cmsg; PJDLOG_ASSERT(sock >= 0); PJDLOG_ASSERT(fdp != NULL); bzero(&msg, sizeof(msg)); bzero(&ctrl, sizeof(ctrl)); msg.msg_iov = NULL; msg.msg_iovlen = 0; msg.msg_control = ctrl; msg.msg_controllen = sizeof(ctrl); if (recvmsg(sock, &msg, 0) == -1) return (errno); cmsg = CMSG_FIRSTHDR(&msg); if (cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_RIGHTS) { return (EINVAL); } bcopy(CMSG_DATA(cmsg), fdp, sizeof(*fdp)); return (0); } int proto_common_recv(int sock, unsigned char *data, size_t size, int *fdp) { ssize_t done; PJDLOG_ASSERT(sock >= 0); if (data == NULL) { /* The caller is just trying to decide about direction. */ PJDLOG_ASSERT(size == 0); if (shutdown(sock, SHUT_WR) == -1) return (errno); return (0); } PJDLOG_ASSERT(data != NULL); PJDLOG_ASSERT(size > 0); do { done = recv(sock, data, size, MSG_WAITALL); } while (done == -1 && errno == EINTR); if (done == 0) { return (ENOTCONN); } else if (done < 0) { /* * If this is blocking socket and we got EAGAIN, this * means the request timed out. Translate errno to * ETIMEDOUT, to give administrator a hint to * eventually increase timeout. */ if (errno == EAGAIN && blocking_socket(sock)) errno = ETIMEDOUT; return (errno); } if (fdp == NULL) return (0); return (proto_descriptor_recv(sock, fdp)); } Index: head/contrib/openbsm/bin/auditdistd/proto_impl.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/proto_impl.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/proto_impl.h (revision 292432) @@ -1,84 +1,82 @@ /*- * Copyright (c) 2009-2010 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/proto_impl.h#1 $ */ #ifndef _PROTO_IMPL_H_ #define _PROTO_IMPL_H_ #include #include /* bool */ #include /* size_t */ #define __constructor __attribute__((constructor)) struct proto_conn; typedef int prt_connect_t(const char *, const char *, int, void **); typedef int prt_connect_wait_t(void *, int); typedef int prt_server_t(const char *, void **); typedef int prt_accept_t(void *, void **); typedef int prt_wrap_t(int, bool, void **); typedef int prt_send_t(void *, const unsigned char *, size_t, int); typedef int prt_recv_t(void *, unsigned char *, size_t, int *); typedef int prt_descriptor_t(const void *); typedef bool prt_address_match_t(const void *, const char *); typedef void prt_local_address_t(const void *, char *, size_t); typedef void prt_remote_address_t(const void *, char *, size_t); typedef void prt_close_t(void *); typedef int prt_exec_t(int, char *[]); struct proto { const char *prt_name; prt_connect_t *prt_connect; prt_connect_wait_t *prt_connect_wait; prt_server_t *prt_server; prt_accept_t *prt_accept; prt_wrap_t *prt_wrap; prt_send_t *prt_send; prt_recv_t *prt_recv; prt_descriptor_t *prt_descriptor; prt_address_match_t *prt_address_match; prt_local_address_t *prt_local_address; prt_remote_address_t *prt_remote_address; prt_close_t *prt_close; prt_exec_t *prt_exec; TAILQ_ENTRY(proto) prt_next; }; void proto_register(struct proto *proto, bool isdefault); int proto_wrap(const char *protoname, bool client, int fd, struct proto_conn **newconnp); int proto_common_send(int sock, const unsigned char *data, size_t size, int fd); int proto_common_recv(int sock, unsigned char *data, size_t size, int *fdp); #endif /* !_PROTO_IMPL_H_ */ Index: head/contrib/openbsm/bin/auditdistd/proto_socketpair.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/proto_socketpair.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/proto_socketpair.c (revision 292432) @@ -1,266 +1,264 @@ /*- * Copyright (c) 2009-2010 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/proto_socketpair.c#1 $ */ #include #include #include #include #include #include #include #include #include "pjdlog.h" #include "proto_impl.h" #define SP_CTX_MAGIC 0x50c3741 struct sp_ctx { int sp_magic; int sp_fd[2]; int sp_side; #define SP_SIDE_UNDEF 0 #define SP_SIDE_CLIENT 1 #define SP_SIDE_SERVER 2 }; static void sp_close(void *ctx); static int sp_connect(const char *srcaddr, const char *dstaddr, int timeout, void **ctxp) { struct sp_ctx *spctx; int error; PJDLOG_ASSERT(dstaddr != NULL); PJDLOG_ASSERT(timeout >= -1); if (strcmp(dstaddr, "socketpair://") != 0) return (-1); PJDLOG_ASSERT(srcaddr == NULL); spctx = malloc(sizeof(*spctx)); if (spctx == NULL) return (errno); if (socketpair(PF_UNIX, SOCK_STREAM, 0, spctx->sp_fd) == -1) { error = errno; free(spctx); return (error); } spctx->sp_side = SP_SIDE_UNDEF; spctx->sp_magic = SP_CTX_MAGIC; *ctxp = spctx; return (0); } static int sp_wrap(int fd, bool client, void **ctxp) { struct sp_ctx *spctx; PJDLOG_ASSERT(fd >= 0); spctx = malloc(sizeof(*spctx)); if (spctx == NULL) return (errno); if (client) { spctx->sp_side = SP_SIDE_CLIENT; spctx->sp_fd[0] = fd; spctx->sp_fd[1] = -1; } else { spctx->sp_side = SP_SIDE_SERVER; spctx->sp_fd[0] = -1; spctx->sp_fd[1] = fd; } spctx->sp_magic = SP_CTX_MAGIC; *ctxp = spctx; return (0); } static int sp_send(void *ctx, const unsigned char *data, size_t size, int fd) { struct sp_ctx *spctx = ctx; int sock; PJDLOG_ASSERT(spctx != NULL); PJDLOG_ASSERT(spctx->sp_magic == SP_CTX_MAGIC); switch (spctx->sp_side) { case SP_SIDE_UNDEF: /* * If the first operation done by the caller is proto_send(), * we assume this is the client. */ /* FALLTHROUGH */ spctx->sp_side = SP_SIDE_CLIENT; /* Close other end. */ close(spctx->sp_fd[1]); spctx->sp_fd[1] = -1; case SP_SIDE_CLIENT: PJDLOG_ASSERT(spctx->sp_fd[0] >= 0); sock = spctx->sp_fd[0]; break; case SP_SIDE_SERVER: PJDLOG_ASSERT(spctx->sp_fd[1] >= 0); sock = spctx->sp_fd[1]; break; default: PJDLOG_ABORT("Invalid socket side (%d).", spctx->sp_side); } /* Someone is just trying to decide about side. */ if (data == NULL) return (0); return (proto_common_send(sock, data, size, fd)); } static int sp_recv(void *ctx, unsigned char *data, size_t size, int *fdp) { struct sp_ctx *spctx = ctx; int sock; PJDLOG_ASSERT(spctx != NULL); PJDLOG_ASSERT(spctx->sp_magic == SP_CTX_MAGIC); switch (spctx->sp_side) { case SP_SIDE_UNDEF: /* * If the first operation done by the caller is proto_recv(), * we assume this is the server. */ /* FALLTHROUGH */ spctx->sp_side = SP_SIDE_SERVER; /* Close other end. */ close(spctx->sp_fd[0]); spctx->sp_fd[0] = -1; case SP_SIDE_SERVER: PJDLOG_ASSERT(spctx->sp_fd[1] >= 0); sock = spctx->sp_fd[1]; break; case SP_SIDE_CLIENT: PJDLOG_ASSERT(spctx->sp_fd[0] >= 0); sock = spctx->sp_fd[0]; break; default: PJDLOG_ABORT("Invalid socket side (%d).", spctx->sp_side); } /* Someone is just trying to decide about side. */ if (data == NULL) return (0); return (proto_common_recv(sock, data, size, fdp)); } static int sp_descriptor(const void *ctx) { const struct sp_ctx *spctx = ctx; PJDLOG_ASSERT(spctx != NULL); PJDLOG_ASSERT(spctx->sp_magic == SP_CTX_MAGIC); PJDLOG_ASSERT(spctx->sp_side == SP_SIDE_CLIENT || spctx->sp_side == SP_SIDE_SERVER); switch (spctx->sp_side) { case SP_SIDE_CLIENT: PJDLOG_ASSERT(spctx->sp_fd[0] >= 0); return (spctx->sp_fd[0]); case SP_SIDE_SERVER: PJDLOG_ASSERT(spctx->sp_fd[1] >= 0); return (spctx->sp_fd[1]); } PJDLOG_ABORT("Invalid socket side (%d).", spctx->sp_side); } static void sp_close(void *ctx) { struct sp_ctx *spctx = ctx; PJDLOG_ASSERT(spctx != NULL); PJDLOG_ASSERT(spctx->sp_magic == SP_CTX_MAGIC); switch (spctx->sp_side) { case SP_SIDE_UNDEF: PJDLOG_ASSERT(spctx->sp_fd[0] >= 0); close(spctx->sp_fd[0]); spctx->sp_fd[0] = -1; PJDLOG_ASSERT(spctx->sp_fd[1] >= 0); close(spctx->sp_fd[1]); spctx->sp_fd[1] = -1; break; case SP_SIDE_CLIENT: PJDLOG_ASSERT(spctx->sp_fd[0] >= 0); close(spctx->sp_fd[0]); spctx->sp_fd[0] = -1; PJDLOG_ASSERT(spctx->sp_fd[1] == -1); break; case SP_SIDE_SERVER: PJDLOG_ASSERT(spctx->sp_fd[1] >= 0); close(spctx->sp_fd[1]); spctx->sp_fd[1] = -1; PJDLOG_ASSERT(spctx->sp_fd[0] == -1); break; default: PJDLOG_ABORT("Invalid socket side (%d).", spctx->sp_side); } spctx->sp_magic = 0; free(spctx); } static struct proto sp_proto = { .prt_name = "socketpair", .prt_connect = sp_connect, .prt_wrap = sp_wrap, .prt_send = sp_send, .prt_recv = sp_recv, .prt_descriptor = sp_descriptor, .prt_close = sp_close }; static __constructor void sp_ctor(void) { proto_register(&sp_proto, false); } Index: head/contrib/openbsm/bin/auditdistd/proto_tcp.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/proto_tcp.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/proto_tcp.c (revision 292432) @@ -1,723 +1,721 @@ /*- * Copyright (c) 2009-2010 The FreeBSD Foundation * Copyright (c) 2011 Pawel Jakub Dawidek * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/proto_tcp.c#2 $ */ #include #include /* MAXHOSTNAMELEN */ #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef HAVE_STRLCPY #include #endif #include "pjdlog.h" #include "proto_impl.h" #include "subr.h" #define TCP_CTX_MAGIC 0x7c41c struct tcp_ctx { int tc_magic; struct sockaddr_storage tc_sa; int tc_fd; int tc_side; #define TCP_SIDE_CLIENT 0 #define TCP_SIDE_SERVER_LISTEN 1 #define TCP_SIDE_SERVER_WORK 2 bool tc_wait_called; }; static int tcp_connect_wait(void *ctx, int timeout); static void tcp_close(void *ctx); /* * Function converts the given string to unsigned number. */ static int numfromstr(const char *str, intmax_t minnum, intmax_t maxnum, intmax_t *nump) { intmax_t digit, num; if (str[0] == '\0') goto invalid; /* Empty string. */ num = 0; for (; *str != '\0'; str++) { if (*str < '0' || *str > '9') goto invalid; /* Non-digit character. */ digit = *str - '0'; if (num > num * 10 + digit) goto invalid; /* Overflow. */ num = num * 10 + digit; if (num > maxnum) goto invalid; /* Too big. */ } if (num < minnum) goto invalid; /* Too small. */ *nump = num; return (0); invalid: errno = EINVAL; return (-1); } static int tcp_addr(const char *addr, int defport, struct sockaddr_storage *sap) { char iporhost[MAXHOSTNAMELEN], portstr[6]; struct addrinfo hints; struct addrinfo *res; const char *pp; intmax_t port; size_t size; int error; if (addr == NULL) return (-1); bzero(&hints, sizeof(hints)); hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV; hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = IPPROTO_TCP; if (strncasecmp(addr, "tcp4://", 7) == 0) { addr += 7; hints.ai_family = PF_INET; } else if (strncasecmp(addr, "tcp6://", 7) == 0) { addr += 7; hints.ai_family = PF_INET6; } else if (strncasecmp(addr, "tcp://", 6) == 0) { addr += 6; } else { /* * Because TCP is the default assume IP or host is given without * prefix. */ } /* * Extract optional port. * There are three cases to consider. * 1. hostname with port, eg. freefall.freebsd.org:8457 * 2. IPv4 address with port, eg. 192.168.0.101:8457 * 3. IPv6 address with port, eg. [fe80::1]:8457 * We discover IPv6 address by checking for two colons and if port is * given, the address has to start with [. */ pp = NULL; if (strchr(addr, ':') != strrchr(addr, ':')) { if (addr[0] == '[') pp = strrchr(addr, ':'); } else { pp = strrchr(addr, ':'); } if (pp == NULL) { /* Port not given, use the default. */ port = defport; } else { if (numfromstr(pp + 1, 1, 65535, &port) < 0) return (errno); } (void)snprintf(portstr, sizeof(portstr), "%jd", (intmax_t)port); /* Extract host name or IP address. */ if (pp == NULL) { size = sizeof(iporhost); if (strlcpy(iporhost, addr, size) >= size) return (ENAMETOOLONG); } else if (addr[0] == '[' && pp[-1] == ']') { size = (size_t)(pp - addr - 2 + 1); if (size > sizeof(iporhost)) return (ENAMETOOLONG); (void)strlcpy(iporhost, addr + 1, size); } else { size = (size_t)(pp - addr + 1); if (size > sizeof(iporhost)) return (ENAMETOOLONG); (void)strlcpy(iporhost, addr, size); } error = getaddrinfo(iporhost, portstr, &hints, &res); if (error != 0) { pjdlog_debug(1, "getaddrinfo(%s, %s) failed: %s.", iporhost, portstr, gai_strerror(error)); return (EINVAL); } if (res == NULL) return (ENOENT); memcpy(sap, res->ai_addr, res->ai_addrlen); freeaddrinfo(res); return (0); } static int tcp_setup_new(const char *addr, int side, struct tcp_ctx **tctxp) { struct tcp_ctx *tctx; int error, nodelay; PJDLOG_ASSERT(addr != NULL); PJDLOG_ASSERT(side == TCP_SIDE_CLIENT || side == TCP_SIDE_SERVER_LISTEN); PJDLOG_ASSERT(tctxp != NULL); tctx = malloc(sizeof(*tctx)); if (tctx == NULL) return (errno); /* Parse given address. */ error = tcp_addr(addr, atoi(proto_get("tcp:port")), &tctx->tc_sa); if (error != 0) { free(tctx); return (error); } PJDLOG_ASSERT(tctx->tc_sa.ss_family != AF_UNSPEC); tctx->tc_fd = socket(tctx->tc_sa.ss_family, SOCK_STREAM, 0); if (tctx->tc_fd == -1) { error = errno; free(tctx); return (error); } PJDLOG_ASSERT(tctx->tc_sa.ss_family != AF_UNSPEC); /* Socket settings. */ nodelay = 1; if (setsockopt(tctx->tc_fd, IPPROTO_TCP, TCP_NODELAY, &nodelay, sizeof(nodelay)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to set TCP_NOELAY"); } tctx->tc_wait_called = (side == TCP_SIDE_CLIENT ? false : true); tctx->tc_side = side; tctx->tc_magic = TCP_CTX_MAGIC; *tctxp = tctx; return (0); } static socklen_t sockaddr_len(const struct sockaddr_storage *ss) { #ifdef HAVE_SOCKADDR_STORAGE_SS_LEN return (ss->ss_len); #else switch (ss->ss_family) { case AF_INET: return (sizeof(struct sockaddr_in)); case AF_INET6: return (sizeof(struct sockaddr_in6)); default: PJDLOG_ABORT("Unexpected family %hhu.", ss->ss_family); } #endif } static int tcp_connect(const char *srcaddr, const char *dstaddr, int timeout, void **ctxp) { struct tcp_ctx *tctx; struct sockaddr_storage sa; int error, flags, ret; PJDLOG_ASSERT(srcaddr == NULL || srcaddr[0] != '\0'); PJDLOG_ASSERT(dstaddr != NULL); PJDLOG_ASSERT(timeout >= -1); error = tcp_setup_new(dstaddr, TCP_SIDE_CLIENT, &tctx); if (error != 0) return (error); if (srcaddr != NULL) { error = tcp_addr(srcaddr, 0, &sa); if (error != 0) goto fail; if (bind(tctx->tc_fd, (struct sockaddr *)&sa, sockaddr_len(&sa)) == -1) { error = errno; goto fail; } } flags = fcntl(tctx->tc_fd, F_GETFL); if (flags == -1) { error = errno; pjdlog_common(LOG_DEBUG, 1, errno, "fcntl(F_GETFL) failed"); goto fail; } /* * We make socket non-blocking so we can handle connection timeout * manually. */ flags |= O_NONBLOCK; if (fcntl(tctx->tc_fd, F_SETFL, flags) == -1) { error = errno; pjdlog_common(LOG_DEBUG, 1, errno, "fcntl(F_SETFL, O_NONBLOCK) failed"); goto fail; } ret = connect(tctx->tc_fd, (struct sockaddr *)&tctx->tc_sa, sockaddr_len(&tctx->tc_sa)); if (ret == -1 && errno != EINPROGRESS) { error = errno; pjdlog_common(LOG_DEBUG, 1, errno, "connect() failed"); goto fail; } if (timeout >= 0) { if (ret == -1) { /* Connection still in progress. Wait for it. */ error = tcp_connect_wait(tctx, timeout); if (error != 0) goto fail; } else { /* Connection already complete. */ flags &= ~O_NONBLOCK; if (fcntl(tctx->tc_fd, F_SETFL, flags) == -1) { error = errno; pjdlog_common(LOG_DEBUG, 1, errno, "fcntl(F_SETFL, ~O_NONBLOCK) failed"); goto fail; } } } *ctxp = tctx; return (0); fail: tcp_close(tctx); return (error); } static int tcp_connect_wait(void *ctx, int timeout) { struct tcp_ctx *tctx = ctx; struct timeval tv; fd_set fdset; socklen_t esize; int error, flags, ret; PJDLOG_ASSERT(tctx != NULL); PJDLOG_ASSERT(tctx->tc_magic == TCP_CTX_MAGIC); PJDLOG_ASSERT(tctx->tc_side == TCP_SIDE_CLIENT); PJDLOG_ASSERT(!tctx->tc_wait_called); PJDLOG_ASSERT(tctx->tc_fd >= 0); PJDLOG_ASSERT(timeout >= 0); tv.tv_sec = timeout; tv.tv_usec = 0; again: FD_ZERO(&fdset); FD_SET(tctx->tc_fd, &fdset); ret = select(tctx->tc_fd + 1, NULL, &fdset, NULL, &tv); if (ret == 0) { error = ETIMEDOUT; goto done; } else if (ret == -1) { if (errno == EINTR) goto again; error = errno; pjdlog_common(LOG_DEBUG, 1, errno, "select() failed"); goto done; } PJDLOG_ASSERT(ret > 0); PJDLOG_ASSERT(FD_ISSET(tctx->tc_fd, &fdset)); esize = sizeof(error); if (getsockopt(tctx->tc_fd, SOL_SOCKET, SO_ERROR, &error, &esize) == -1) { error = errno; pjdlog_common(LOG_DEBUG, 1, errno, "getsockopt(SO_ERROR) failed"); goto done; } if (error != 0) { pjdlog_common(LOG_DEBUG, 1, error, "getsockopt(SO_ERROR) returned error"); goto done; } error = 0; tctx->tc_wait_called = true; done: flags = fcntl(tctx->tc_fd, F_GETFL); if (flags == -1) { if (error == 0) error = errno; pjdlog_common(LOG_DEBUG, 1, errno, "fcntl(F_GETFL) failed"); return (error); } flags &= ~O_NONBLOCK; if (fcntl(tctx->tc_fd, F_SETFL, flags) == -1) { if (error == 0) error = errno; pjdlog_common(LOG_DEBUG, 1, errno, "fcntl(F_SETFL, ~O_NONBLOCK) failed"); } return (error); } static int tcp_server(const char *addr, void **ctxp) { struct tcp_ctx *tctx; int error, val; error = tcp_setup_new(addr, TCP_SIDE_SERVER_LISTEN, &tctx); if (error != 0) return (error); val = 1; /* Ignore failure. */ (void)setsockopt(tctx->tc_fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)); PJDLOG_ASSERT(tctx->tc_sa.ss_family != AF_UNSPEC); if (bind(tctx->tc_fd, (struct sockaddr *)&tctx->tc_sa, sockaddr_len(&tctx->tc_sa)) == -1) { error = errno; tcp_close(tctx); return (error); } if (listen(tctx->tc_fd, 8) == -1) { error = errno; tcp_close(tctx); return (error); } *ctxp = tctx; return (0); } static int tcp_accept(void *ctx, void **newctxp) { struct tcp_ctx *tctx = ctx; struct tcp_ctx *newtctx; socklen_t fromlen; int ret; PJDLOG_ASSERT(tctx != NULL); PJDLOG_ASSERT(tctx->tc_magic == TCP_CTX_MAGIC); PJDLOG_ASSERT(tctx->tc_side == TCP_SIDE_SERVER_LISTEN); PJDLOG_ASSERT(tctx->tc_fd >= 0); PJDLOG_ASSERT(tctx->tc_sa.ss_family != AF_UNSPEC); newtctx = malloc(sizeof(*newtctx)); if (newtctx == NULL) return (errno); fromlen = sockaddr_len(&tctx->tc_sa); newtctx->tc_fd = accept(tctx->tc_fd, (struct sockaddr *)&tctx->tc_sa, &fromlen); if (newtctx->tc_fd < 0) { ret = errno; free(newtctx); return (ret); } newtctx->tc_wait_called = true; newtctx->tc_side = TCP_SIDE_SERVER_WORK; newtctx->tc_magic = TCP_CTX_MAGIC; *newctxp = newtctx; return (0); } static int tcp_wrap(int fd, bool client, void **ctxp) { struct tcp_ctx *tctx; PJDLOG_ASSERT(fd >= 0); PJDLOG_ASSERT(ctxp != NULL); tctx = malloc(sizeof(*tctx)); if (tctx == NULL) return (errno); tctx->tc_fd = fd; tctx->tc_sa.ss_family = AF_UNSPEC; tctx->tc_wait_called = (client ? false : true); tctx->tc_side = (client ? TCP_SIDE_CLIENT : TCP_SIDE_SERVER_WORK); tctx->tc_magic = TCP_CTX_MAGIC; *ctxp = tctx; return (0); } static int tcp_send(void *ctx, const unsigned char *data, size_t size, int fd) { struct tcp_ctx *tctx = ctx; PJDLOG_ASSERT(tctx != NULL); PJDLOG_ASSERT(tctx->tc_magic == TCP_CTX_MAGIC); PJDLOG_ASSERT(tctx->tc_side == TCP_SIDE_CLIENT || tctx->tc_side == TCP_SIDE_SERVER_WORK); PJDLOG_ASSERT(tctx->tc_wait_called); PJDLOG_ASSERT(tctx->tc_fd >= 0); PJDLOG_ASSERT(fd == -1); return (proto_common_send(tctx->tc_fd, data, size, -1)); } static int tcp_recv(void *ctx, unsigned char *data, size_t size, int *fdp) { struct tcp_ctx *tctx = ctx; PJDLOG_ASSERT(tctx != NULL); PJDLOG_ASSERT(tctx->tc_magic == TCP_CTX_MAGIC); PJDLOG_ASSERT(tctx->tc_side == TCP_SIDE_CLIENT || tctx->tc_side == TCP_SIDE_SERVER_WORK); PJDLOG_ASSERT(tctx->tc_wait_called); PJDLOG_ASSERT(tctx->tc_fd >= 0); PJDLOG_ASSERT(fdp == NULL); return (proto_common_recv(tctx->tc_fd, data, size, NULL)); } static int tcp_descriptor(const void *ctx) { const struct tcp_ctx *tctx = ctx; PJDLOG_ASSERT(tctx != NULL); PJDLOG_ASSERT(tctx->tc_magic == TCP_CTX_MAGIC); return (tctx->tc_fd); } static bool tcp_address_match(const void *ctx, const char *addr) { const struct tcp_ctx *tctx = ctx; struct sockaddr_storage sa1, sa2; socklen_t salen; PJDLOG_ASSERT(tctx != NULL); PJDLOG_ASSERT(tctx->tc_magic == TCP_CTX_MAGIC); if (tcp_addr(addr, atoi(proto_get("tcp:port")), &sa1) != 0) return (false); salen = sizeof(sa2); if (getpeername(tctx->tc_fd, (struct sockaddr *)&sa2, &salen) < 0) return (false); if (sa1.ss_family != sa2.ss_family) return (false); #ifdef HAVE_SOCKADDR_STORAGE_SS_LEN if (sa1.ss_len != sa2.ss_len) return (false); #endif switch (sa1.ss_family) { case AF_INET: { struct sockaddr_in *sin1, *sin2; sin1 = (struct sockaddr_in *)&sa1; sin2 = (struct sockaddr_in *)&sa2; return (memcmp(&sin1->sin_addr, &sin2->sin_addr, sizeof(sin1->sin_addr)) == 0); } case AF_INET6: { struct sockaddr_in6 *sin1, *sin2; sin1 = (struct sockaddr_in6 *)&sa1; sin2 = (struct sockaddr_in6 *)&sa2; return (memcmp(&sin1->sin6_addr, &sin2->sin6_addr, sizeof(sin1->sin6_addr)) == 0); } default: return (false); } } #ifndef __FreeBSD__ static void sockaddr_to_string(const void *sa, char *buf, size_t size) { const struct sockaddr_storage *ss; ss = (const struct sockaddr_storage * const *)sa; switch (ss->ss_family) { case AF_INET: { char addr[INET_ADDRSTRLEN]; const struct sockaddr_in *sin; unsigned int port; sin = (const struct sockaddr_in *)ss; port = ntohs(sin->sin_port); if (inet_ntop(ss->ss_family, &sin->sin_addr, addr, sizeof(addr)) == NULL) { PJDLOG_ABORT("inet_ntop(AF_INET) failed: %s.", strerror(errno)); } snprintf(buf, size, "%s:%u", addr, port); break; } case AF_INET6: { char addr[INET6_ADDRSTRLEN]; const struct sockaddr_in6 *sin; unsigned int port; sin = (const struct sockaddr_in6 *)ss; port = ntohs(sin->sin6_port); if (inet_ntop(ss->ss_family, &sin->sin6_addr, addr, sizeof(addr)) == NULL) { PJDLOG_ABORT("inet_ntop(AF_INET6) failed: %s.", strerror(errno)); } snprintf(buf, size, "[%s]:%u", addr, port); break; } default: snprintf(buf, size, "[unsupported family %hhu]", ss->ss_family); break; } } #endif /* !__FreeBSD__ */ static void tcp_local_address(const void *ctx, char *addr, size_t size) { const struct tcp_ctx *tctx = ctx; struct sockaddr_storage sa; socklen_t salen; PJDLOG_ASSERT(tctx != NULL); PJDLOG_ASSERT(tctx->tc_magic == TCP_CTX_MAGIC); salen = sizeof(sa); if (getsockname(tctx->tc_fd, (struct sockaddr *)&sa, &salen) < 0) { PJDLOG_VERIFY(strlcpy(addr, "N/A", size) < size); return; } #ifdef __FreeBSD__ PJDLOG_VERIFY(snprintf(addr, size, "tcp://%S", &sa) < (ssize_t)size); #else strlcpy(addr, "tcp://", size); if (size > 6) sockaddr_to_string(&sa, addr + 6, size - 6); #endif } static void tcp_remote_address(const void *ctx, char *addr, size_t size) { const struct tcp_ctx *tctx = ctx; struct sockaddr_storage sa; socklen_t salen; PJDLOG_ASSERT(tctx != NULL); PJDLOG_ASSERT(tctx->tc_magic == TCP_CTX_MAGIC); salen = sizeof(sa); if (getpeername(tctx->tc_fd, (struct sockaddr *)&sa, &salen) < 0) { PJDLOG_VERIFY(strlcpy(addr, "N/A", size) < size); return; } #ifdef __FreeBSD__ PJDLOG_VERIFY(snprintf(addr, size, "tcp://%S", &sa) < (ssize_t)size); #else strlcpy(addr, "tcp://", size); if (size > 6) sockaddr_to_string(&sa, addr + 6, size - 6); #endif } static void tcp_close(void *ctx) { struct tcp_ctx *tctx = ctx; PJDLOG_ASSERT(tctx != NULL); PJDLOG_ASSERT(tctx->tc_magic == TCP_CTX_MAGIC); if (tctx->tc_fd >= 0) close(tctx->tc_fd); tctx->tc_magic = 0; free(tctx); } static struct proto tcp_proto = { .prt_name = "tcp", .prt_connect = tcp_connect, .prt_connect_wait = tcp_connect_wait, .prt_server = tcp_server, .prt_accept = tcp_accept, .prt_wrap = tcp_wrap, .prt_send = tcp_send, .prt_recv = tcp_recv, .prt_descriptor = tcp_descriptor, .prt_address_match = tcp_address_match, .prt_local_address = tcp_local_address, .prt_remote_address = tcp_remote_address, .prt_close = tcp_close }; static __constructor void tcp_ctor(void) { proto_register(&tcp_proto, true); } Index: head/contrib/openbsm/bin/auditdistd/proto_tls.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/proto_tls.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/proto_tls.c (revision 292432) @@ -1,1076 +1,1074 @@ /*- * Copyright (c) 2011 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/proto_tls.c#2 $ */ #include #include /* MAXHOSTNAMELEN */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef HAVE_CLOSEFROM #include #endif #ifndef HAVE_STRLCPY #include #endif #include "pjdlog.h" #include "proto_impl.h" #include "sandbox.h" #include "subr.h" #define TLS_CTX_MAGIC 0x715c7 struct tls_ctx { int tls_magic; struct proto_conn *tls_sock; struct proto_conn *tls_tcp; char tls_laddr[256]; char tls_raddr[256]; int tls_side; #define TLS_SIDE_CLIENT 0 #define TLS_SIDE_SERVER_LISTEN 1 #define TLS_SIDE_SERVER_WORK 2 bool tls_wait_called; }; #define TLS_DEFAULT_TIMEOUT 30 static int tls_connect_wait(void *ctx, int timeout); static void tls_close(void *ctx); static void block(int fd) { int flags; flags = fcntl(fd, F_GETFL); if (flags == -1) pjdlog_exit(EX_TEMPFAIL, "fcntl(F_GETFL) failed"); flags &= ~O_NONBLOCK; if (fcntl(fd, F_SETFL, flags) == -1) pjdlog_exit(EX_TEMPFAIL, "fcntl(F_SETFL) failed"); } static void nonblock(int fd) { int flags; flags = fcntl(fd, F_GETFL); if (flags == -1) pjdlog_exit(EX_TEMPFAIL, "fcntl(F_GETFL) failed"); flags |= O_NONBLOCK; if (fcntl(fd, F_SETFL, flags) == -1) pjdlog_exit(EX_TEMPFAIL, "fcntl(F_SETFL) failed"); } static int wait_for_fd(int fd, int timeout) { struct timeval tv; fd_set fdset; int error, ret; error = 0; for (;;) { FD_ZERO(&fdset); FD_SET(fd, &fdset); tv.tv_sec = timeout; tv.tv_usec = 0; ret = select(fd + 1, NULL, &fdset, NULL, timeout == -1 ? NULL : &tv); if (ret == 0) { error = ETIMEDOUT; break; } else if (ret == -1) { if (errno == EINTR) continue; error = errno; break; } PJDLOG_ASSERT(ret > 0); PJDLOG_ASSERT(FD_ISSET(fd, &fdset)); break; } return (error); } static void ssl_log_errors(void) { unsigned long error; while ((error = ERR_get_error()) != 0) pjdlog_error("SSL error: %s", ERR_error_string(error, NULL)); } static int ssl_check_error(SSL *ssl, int ret) { int error; error = SSL_get_error(ssl, ret); switch (error) { case SSL_ERROR_NONE: return (0); case SSL_ERROR_WANT_READ: pjdlog_debug(2, "SSL_ERROR_WANT_READ"); return (-1); case SSL_ERROR_WANT_WRITE: pjdlog_debug(2, "SSL_ERROR_WANT_WRITE"); return (-1); case SSL_ERROR_ZERO_RETURN: pjdlog_exitx(EX_OK, "Connection closed."); case SSL_ERROR_SYSCALL: ssl_log_errors(); pjdlog_exitx(EX_TEMPFAIL, "SSL I/O error."); case SSL_ERROR_SSL: ssl_log_errors(); pjdlog_exitx(EX_TEMPFAIL, "SSL protocol error."); default: ssl_log_errors(); pjdlog_exitx(EX_TEMPFAIL, "Unknown SSL error (%d).", error); } } static void tcp_recv_ssl_send(int recvfd, SSL *sendssl) { static unsigned char buf[65536]; ssize_t tcpdone; int sendfd, ssldone; sendfd = SSL_get_fd(sendssl); PJDLOG_ASSERT(sendfd >= 0); pjdlog_debug(2, "%s: start %d -> %d", __func__, recvfd, sendfd); for (;;) { tcpdone = recv(recvfd, buf, sizeof(buf), 0); pjdlog_debug(2, "%s: recv() returned %zd", __func__, tcpdone); if (tcpdone == 0) { pjdlog_debug(1, "Connection terminated."); exit(0); } else if (tcpdone == -1) { if (errno == EINTR) continue; else if (errno == EAGAIN) break; pjdlog_exit(EX_TEMPFAIL, "recv() failed"); } for (;;) { ssldone = SSL_write(sendssl, buf, (int)tcpdone); pjdlog_debug(2, "%s: send() returned %d", __func__, ssldone); if (ssl_check_error(sendssl, ssldone) == -1) { (void)wait_for_fd(sendfd, -1); continue; } PJDLOG_ASSERT(ssldone == tcpdone); break; } } pjdlog_debug(2, "%s: done %d -> %d", __func__, recvfd, sendfd); } static void ssl_recv_tcp_send(SSL *recvssl, int sendfd) { static unsigned char buf[65536]; unsigned char *ptr; ssize_t tcpdone; size_t todo; int recvfd, ssldone; recvfd = SSL_get_fd(recvssl); PJDLOG_ASSERT(recvfd >= 0); pjdlog_debug(2, "%s: start %d -> %d", __func__, recvfd, sendfd); for (;;) { ssldone = SSL_read(recvssl, buf, sizeof(buf)); pjdlog_debug(2, "%s: SSL_read() returned %d", __func__, ssldone); if (ssl_check_error(recvssl, ssldone) == -1) break; todo = (size_t)ssldone; ptr = buf; do { tcpdone = send(sendfd, ptr, todo, MSG_NOSIGNAL); pjdlog_debug(2, "%s: send() returned %zd", __func__, tcpdone); if (tcpdone == 0) { pjdlog_debug(1, "Connection terminated."); exit(0); } else if (tcpdone == -1) { if (errno == EINTR || errno == ENOBUFS) continue; if (errno == EAGAIN) { (void)wait_for_fd(sendfd, -1); continue; } pjdlog_exit(EX_TEMPFAIL, "send() failed"); } todo -= tcpdone; ptr += tcpdone; } while (todo > 0); } pjdlog_debug(2, "%s: done %d -> %d", __func__, recvfd, sendfd); } static void tls_loop(int sockfd, SSL *tcpssl) { fd_set fds; int maxfd, tcpfd; tcpfd = SSL_get_fd(tcpssl); PJDLOG_ASSERT(tcpfd >= 0); for (;;) { FD_ZERO(&fds); FD_SET(sockfd, &fds); FD_SET(tcpfd, &fds); maxfd = MAX(sockfd, tcpfd); PJDLOG_ASSERT(maxfd + 1 <= (int)FD_SETSIZE); if (select(maxfd + 1, &fds, NULL, NULL, NULL) == -1) { if (errno == EINTR) continue; pjdlog_exit(EX_TEMPFAIL, "select() failed"); } if (FD_ISSET(sockfd, &fds)) tcp_recv_ssl_send(sockfd, tcpssl); if (FD_ISSET(tcpfd, &fds)) ssl_recv_tcp_send(tcpssl, sockfd); } } static void tls_certificate_verify(SSL *ssl, const char *fingerprint) { unsigned char md[EVP_MAX_MD_SIZE]; char mdstr[sizeof("SHA256=") - 1 + EVP_MAX_MD_SIZE * 3]; char *mdstrp; unsigned int i, mdsize; X509 *cert; if (fingerprint[0] == '\0') { pjdlog_debug(1, "No fingerprint verification requested."); return; } cert = SSL_get_peer_certificate(ssl); if (cert == NULL) pjdlog_exitx(EX_TEMPFAIL, "No peer certificate received."); if (X509_digest(cert, EVP_sha256(), md, &mdsize) != 1) pjdlog_exitx(EX_TEMPFAIL, "X509_digest() failed."); PJDLOG_ASSERT(mdsize <= EVP_MAX_MD_SIZE); X509_free(cert); (void)strlcpy(mdstr, "SHA256=", sizeof(mdstr)); mdstrp = mdstr + strlen(mdstr); for (i = 0; i < mdsize; i++) { PJDLOG_VERIFY(mdstrp + 3 <= mdstr + sizeof(mdstr)); (void)sprintf(mdstrp, "%02hhX:", md[i]); mdstrp += 3; } /* Clear last colon. */ mdstrp[-1] = '\0'; if (strcasecmp(mdstr, fingerprint) != 0) { pjdlog_exitx(EX_NOPERM, "Finger print doesn't match. Received \"%s\", expected \"%s\"", mdstr, fingerprint); } } static void tls_exec_client(const char *user, int startfd, const char *srcaddr, const char *dstaddr, const char *fingerprint, const char *defport, int timeout, int debuglevel) { struct proto_conn *tcp; char *saddr, *daddr; SSL_CTX *sslctx; SSL *ssl; long ret; int sockfd, tcpfd; uint8_t connected; pjdlog_debug_set(debuglevel); pjdlog_prefix_set("[TLS sandbox] (client) "); #ifdef HAVE_SETPROCTITLE setproctitle("[TLS sandbox] (client) "); #endif proto_set("tcp:port", defport); sockfd = startfd; /* Change tls:// to tcp://. */ if (srcaddr == NULL) { saddr = NULL; } else { saddr = strdup(srcaddr); if (saddr == NULL) pjdlog_exitx(EX_TEMPFAIL, "Unable to allocate memory."); bcopy("tcp://", saddr, 6); } daddr = strdup(dstaddr); if (daddr == NULL) pjdlog_exitx(EX_TEMPFAIL, "Unable to allocate memory."); bcopy("tcp://", daddr, 6); /* Establish TCP connection. */ if (proto_connect(saddr, daddr, timeout, &tcp) == -1) exit(EX_TEMPFAIL); SSL_load_error_strings(); SSL_library_init(); /* * TODO: On FreeBSD we could move this below sandbox() once libc and * libcrypto use sysctl kern.arandom to obtain random data * instead of /dev/urandom and friends. */ sslctx = SSL_CTX_new(TLSv1_client_method()); if (sslctx == NULL) pjdlog_exitx(EX_TEMPFAIL, "SSL_CTX_new() failed."); if (sandbox(user, true, "proto_tls client: %s", dstaddr) != 0) pjdlog_exitx(EX_CONFIG, "Unable to sandbox TLS client."); pjdlog_debug(1, "Privileges successfully dropped."); SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); /* Load CA certs. */ /* TODO */ //SSL_CTX_load_verify_locations(sslctx, cacerts_file, NULL); ssl = SSL_new(sslctx); if (ssl == NULL) pjdlog_exitx(EX_TEMPFAIL, "SSL_new() failed."); tcpfd = proto_descriptor(tcp); block(tcpfd); if (SSL_set_fd(ssl, tcpfd) != 1) pjdlog_exitx(EX_TEMPFAIL, "SSL_set_fd() failed."); ret = SSL_connect(ssl); ssl_check_error(ssl, (int)ret); nonblock(sockfd); nonblock(tcpfd); tls_certificate_verify(ssl, fingerprint); /* * The following byte is send to make proto_connect_wait() to work. */ connected = 1; for (;;) { switch (send(sockfd, &connected, sizeof(connected), 0)) { case -1: if (errno == EINTR || errno == ENOBUFS) continue; if (errno == EAGAIN) { (void)wait_for_fd(sockfd, -1); continue; } pjdlog_exit(EX_TEMPFAIL, "send() failed"); case 0: pjdlog_debug(1, "Connection terminated."); exit(0); case 1: break; } break; } tls_loop(sockfd, ssl); } static void tls_call_exec_client(struct proto_conn *sock, const char *srcaddr, const char *dstaddr, int timeout) { char *timeoutstr, *startfdstr, *debugstr; int startfd; /* Declare that we are receiver. */ proto_recv(sock, NULL, 0); if (pjdlog_mode_get() == PJDLOG_MODE_STD) startfd = 3; else /* if (pjdlog_mode_get() == PJDLOG_MODE_SYSLOG) */ startfd = 0; if (proto_descriptor(sock) != startfd) { /* Move socketpair descriptor to descriptor number startfd. */ if (dup2(proto_descriptor(sock), startfd) == -1) pjdlog_exit(EX_OSERR, "dup2() failed"); proto_close(sock); } else { /* * The FD_CLOEXEC is cleared by dup2(2), so when we not * call it, we have to clear it by hand in case it is set. */ if (fcntl(startfd, F_SETFD, 0) == -1) pjdlog_exit(EX_OSERR, "fcntl() failed"); } closefrom(startfd + 1); if (asprintf(&startfdstr, "%d", startfd) == -1) pjdlog_exit(EX_TEMPFAIL, "asprintf() failed"); if (timeout == -1) timeout = TLS_DEFAULT_TIMEOUT; if (asprintf(&timeoutstr, "%d", timeout) == -1) pjdlog_exit(EX_TEMPFAIL, "asprintf() failed"); if (asprintf(&debugstr, "%d", pjdlog_debug_get()) == -1) pjdlog_exit(EX_TEMPFAIL, "asprintf() failed"); execl(proto_get("execpath"), proto_get("execpath"), "proto", "tls", proto_get("user"), "client", startfdstr, srcaddr == NULL ? "" : srcaddr, dstaddr, proto_get("tls:fingerprint"), proto_get("tcp:port"), timeoutstr, debugstr, NULL); pjdlog_exit(EX_SOFTWARE, "execl() failed"); } static int tls_connect(const char *srcaddr, const char *dstaddr, int timeout, void **ctxp) { struct tls_ctx *tlsctx; struct proto_conn *sock; pid_t pid; int error; PJDLOG_ASSERT(srcaddr == NULL || srcaddr[0] != '\0'); PJDLOG_ASSERT(dstaddr != NULL); PJDLOG_ASSERT(timeout >= -1); PJDLOG_ASSERT(ctxp != NULL); if (strncmp(dstaddr, "tls://", 6) != 0) return (-1); if (srcaddr != NULL && strncmp(srcaddr, "tls://", 6) != 0) return (-1); if (proto_connect(NULL, "socketpair://", -1, &sock) == -1) return (errno); #if 0 /* * We use rfork() with the following flags to disable SIGCHLD * delivery upon the sandbox process exit. */ pid = rfork(RFFDG | RFPROC | RFTSIGZMB | RFTSIGFLAGS(0)); #else /* * We don't use rfork() to be able to log information about sandbox * process exiting. */ pid = fork(); #endif switch (pid) { case -1: /* Failure. */ error = errno; proto_close(sock); return (error); case 0: /* Child. */ pjdlog_prefix_set("[TLS sandbox] (client) "); #ifdef HAVE_SETPROCTITLE setproctitle("[TLS sandbox] (client) "); #endif tls_call_exec_client(sock, srcaddr, dstaddr, timeout); /* NOTREACHED */ default: /* Parent. */ tlsctx = calloc(1, sizeof(*tlsctx)); if (tlsctx == NULL) { error = errno; proto_close(sock); (void)kill(pid, SIGKILL); return (error); } proto_send(sock, NULL, 0); tlsctx->tls_sock = sock; tlsctx->tls_tcp = NULL; tlsctx->tls_side = TLS_SIDE_CLIENT; tlsctx->tls_wait_called = false; tlsctx->tls_magic = TLS_CTX_MAGIC; if (timeout >= 0) { error = tls_connect_wait(tlsctx, timeout); if (error != 0) { (void)kill(pid, SIGKILL); tls_close(tlsctx); return (error); } } *ctxp = tlsctx; return (0); } } static int tls_connect_wait(void *ctx, int timeout) { struct tls_ctx *tlsctx = ctx; int error, sockfd; uint8_t connected; PJDLOG_ASSERT(tlsctx != NULL); PJDLOG_ASSERT(tlsctx->tls_magic == TLS_CTX_MAGIC); PJDLOG_ASSERT(tlsctx->tls_side == TLS_SIDE_CLIENT); PJDLOG_ASSERT(tlsctx->tls_sock != NULL); PJDLOG_ASSERT(!tlsctx->tls_wait_called); PJDLOG_ASSERT(timeout >= 0); sockfd = proto_descriptor(tlsctx->tls_sock); error = wait_for_fd(sockfd, timeout); if (error != 0) return (error); for (;;) { switch (recv(sockfd, &connected, sizeof(connected), MSG_WAITALL)) { case -1: if (errno == EINTR || errno == ENOBUFS) continue; error = errno; break; case 0: pjdlog_debug(1, "Connection terminated."); error = ENOTCONN; break; case 1: tlsctx->tls_wait_called = true; break; } break; } return (error); } static int tls_server(const char *lstaddr, void **ctxp) { struct proto_conn *tcp; struct tls_ctx *tlsctx; char *laddr; int error; if (strncmp(lstaddr, "tls://", 6) != 0) return (-1); tlsctx = malloc(sizeof(*tlsctx)); if (tlsctx == NULL) { pjdlog_warning("Unable to allocate memory."); return (ENOMEM); } laddr = strdup(lstaddr); if (laddr == NULL) { free(tlsctx); pjdlog_warning("Unable to allocate memory."); return (ENOMEM); } bcopy("tcp://", laddr, 6); if (proto_server(laddr, &tcp) == -1) { error = errno; free(tlsctx); free(laddr); return (error); } free(laddr); tlsctx->tls_sock = NULL; tlsctx->tls_tcp = tcp; tlsctx->tls_side = TLS_SIDE_SERVER_LISTEN; tlsctx->tls_wait_called = true; tlsctx->tls_magic = TLS_CTX_MAGIC; *ctxp = tlsctx; return (0); } static void tls_exec_server(const char *user, int startfd, const char *privkey, const char *cert, int debuglevel) { SSL_CTX *sslctx; SSL *ssl; int sockfd, tcpfd, ret; pjdlog_debug_set(debuglevel); pjdlog_prefix_set("[TLS sandbox] (server) "); #ifdef HAVE_SETPROCTITLE setproctitle("[TLS sandbox] (server) "); #endif sockfd = startfd; tcpfd = startfd + 1; SSL_load_error_strings(); SSL_library_init(); sslctx = SSL_CTX_new(TLSv1_server_method()); if (sslctx == NULL) pjdlog_exitx(EX_TEMPFAIL, "SSL_CTX_new() failed."); SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); ssl = SSL_new(sslctx); if (ssl == NULL) pjdlog_exitx(EX_TEMPFAIL, "SSL_new() failed."); if (SSL_use_RSAPrivateKey_file(ssl, privkey, SSL_FILETYPE_PEM) != 1) { ssl_log_errors(); pjdlog_exitx(EX_CONFIG, "SSL_use_RSAPrivateKey_file(%s) failed.", privkey); } if (SSL_use_certificate_file(ssl, cert, SSL_FILETYPE_PEM) != 1) { ssl_log_errors(); pjdlog_exitx(EX_CONFIG, "SSL_use_certificate_file(%s) failed.", cert); } if (sandbox(user, true, "proto_tls server") != 0) pjdlog_exitx(EX_CONFIG, "Unable to sandbox TLS server."); pjdlog_debug(1, "Privileges successfully dropped."); nonblock(sockfd); nonblock(tcpfd); if (SSL_set_fd(ssl, tcpfd) != 1) pjdlog_exitx(EX_TEMPFAIL, "SSL_set_fd() failed."); ret = SSL_accept(ssl); ssl_check_error(ssl, ret); tls_loop(sockfd, ssl); } static void tls_call_exec_server(struct proto_conn *sock, struct proto_conn *tcp) { int startfd, sockfd, tcpfd, safefd; char *startfdstr, *debugstr; if (pjdlog_mode_get() == PJDLOG_MODE_STD) startfd = 3; else /* if (pjdlog_mode_get() == PJDLOG_MODE_SYSLOG) */ startfd = 0; /* Declare that we are receiver. */ proto_send(sock, NULL, 0); sockfd = proto_descriptor(sock); tcpfd = proto_descriptor(tcp); safefd = MAX(sockfd, tcpfd); safefd = MAX(safefd, startfd); safefd++; /* Move sockfd and tcpfd to safe numbers first. */ if (dup2(sockfd, safefd) == -1) pjdlog_exit(EX_OSERR, "dup2() failed"); proto_close(sock); sockfd = safefd; if (dup2(tcpfd, safefd + 1) == -1) pjdlog_exit(EX_OSERR, "dup2() failed"); proto_close(tcp); tcpfd = safefd + 1; /* Move socketpair descriptor to descriptor number startfd. */ if (dup2(sockfd, startfd) == -1) pjdlog_exit(EX_OSERR, "dup2() failed"); (void)close(sockfd); /* Move tcp descriptor to descriptor number startfd + 1. */ if (dup2(tcpfd, startfd + 1) == -1) pjdlog_exit(EX_OSERR, "dup2() failed"); (void)close(tcpfd); closefrom(startfd + 2); /* * Even if FD_CLOEXEC was set on descriptors before dup2(), it should * have been cleared on dup2(), but better be safe than sorry. */ if (fcntl(startfd, F_SETFD, 0) == -1) pjdlog_exit(EX_OSERR, "fcntl() failed"); if (fcntl(startfd + 1, F_SETFD, 0) == -1) pjdlog_exit(EX_OSERR, "fcntl() failed"); if (asprintf(&startfdstr, "%d", startfd) == -1) pjdlog_exit(EX_TEMPFAIL, "asprintf() failed"); if (asprintf(&debugstr, "%d", pjdlog_debug_get()) == -1) pjdlog_exit(EX_TEMPFAIL, "asprintf() failed"); execl(proto_get("execpath"), proto_get("execpath"), "proto", "tls", proto_get("user"), "server", startfdstr, proto_get("tls:keyfile"), proto_get("tls:certfile"), debugstr, NULL); pjdlog_exit(EX_SOFTWARE, "execl() failed"); } static int tls_accept(void *ctx, void **newctxp) { struct tls_ctx *tlsctx = ctx; struct tls_ctx *newtlsctx; struct proto_conn *sock, *tcp; pid_t pid; int error; PJDLOG_ASSERT(tlsctx != NULL); PJDLOG_ASSERT(tlsctx->tls_magic == TLS_CTX_MAGIC); PJDLOG_ASSERT(tlsctx->tls_side == TLS_SIDE_SERVER_LISTEN); if (proto_connect(NULL, "socketpair://", -1, &sock) == -1) return (errno); /* Accept TCP connection. */ if (proto_accept(tlsctx->tls_tcp, &tcp) == -1) { error = errno; proto_close(sock); return (error); } pid = fork(); switch (pid) { case -1: /* Failure. */ error = errno; proto_close(sock); return (error); case 0: /* Child. */ pjdlog_prefix_set("[TLS sandbox] (server) "); #ifdef HAVE_SETPROCTITLE setproctitle("[TLS sandbox] (server) "); #endif /* Close listen socket. */ proto_close(tlsctx->tls_tcp); tls_call_exec_server(sock, tcp); /* NOTREACHED */ PJDLOG_ABORT("Unreachable."); default: /* Parent. */ newtlsctx = calloc(1, sizeof(*tlsctx)); if (newtlsctx == NULL) { error = errno; proto_close(sock); proto_close(tcp); (void)kill(pid, SIGKILL); return (error); } proto_local_address(tcp, newtlsctx->tls_laddr, sizeof(newtlsctx->tls_laddr)); PJDLOG_ASSERT(strncmp(newtlsctx->tls_laddr, "tcp://", 6) == 0); bcopy("tls://", newtlsctx->tls_laddr, 6); *strrchr(newtlsctx->tls_laddr, ':') = '\0'; proto_remote_address(tcp, newtlsctx->tls_raddr, sizeof(newtlsctx->tls_raddr)); PJDLOG_ASSERT(strncmp(newtlsctx->tls_raddr, "tcp://", 6) == 0); bcopy("tls://", newtlsctx->tls_raddr, 6); *strrchr(newtlsctx->tls_raddr, ':') = '\0'; proto_close(tcp); proto_recv(sock, NULL, 0); newtlsctx->tls_sock = sock; newtlsctx->tls_tcp = NULL; newtlsctx->tls_wait_called = true; newtlsctx->tls_side = TLS_SIDE_SERVER_WORK; newtlsctx->tls_magic = TLS_CTX_MAGIC; *newctxp = newtlsctx; return (0); } } static int tls_wrap(int fd, bool client, void **ctxp) { struct tls_ctx *tlsctx; struct proto_conn *sock; int error; tlsctx = calloc(1, sizeof(*tlsctx)); if (tlsctx == NULL) return (errno); if (proto_wrap("socketpair", client, fd, &sock) == -1) { error = errno; free(tlsctx); return (error); } tlsctx->tls_sock = sock; tlsctx->tls_tcp = NULL; tlsctx->tls_wait_called = (client ? false : true); tlsctx->tls_side = (client ? TLS_SIDE_CLIENT : TLS_SIDE_SERVER_WORK); tlsctx->tls_magic = TLS_CTX_MAGIC; *ctxp = tlsctx; return (0); } static int tls_send(void *ctx, const unsigned char *data, size_t size, int fd) { struct tls_ctx *tlsctx = ctx; PJDLOG_ASSERT(tlsctx != NULL); PJDLOG_ASSERT(tlsctx->tls_magic == TLS_CTX_MAGIC); PJDLOG_ASSERT(tlsctx->tls_side == TLS_SIDE_CLIENT || tlsctx->tls_side == TLS_SIDE_SERVER_WORK); PJDLOG_ASSERT(tlsctx->tls_sock != NULL); PJDLOG_ASSERT(tlsctx->tls_wait_called); PJDLOG_ASSERT(fd == -1); if (proto_send(tlsctx->tls_sock, data, size) == -1) return (errno); return (0); } static int tls_recv(void *ctx, unsigned char *data, size_t size, int *fdp) { struct tls_ctx *tlsctx = ctx; PJDLOG_ASSERT(tlsctx != NULL); PJDLOG_ASSERT(tlsctx->tls_magic == TLS_CTX_MAGIC); PJDLOG_ASSERT(tlsctx->tls_side == TLS_SIDE_CLIENT || tlsctx->tls_side == TLS_SIDE_SERVER_WORK); PJDLOG_ASSERT(tlsctx->tls_sock != NULL); PJDLOG_ASSERT(tlsctx->tls_wait_called); PJDLOG_ASSERT(fdp == NULL); if (proto_recv(tlsctx->tls_sock, data, size) == -1) return (errno); return (0); } static int tls_descriptor(const void *ctx) { const struct tls_ctx *tlsctx = ctx; PJDLOG_ASSERT(tlsctx != NULL); PJDLOG_ASSERT(tlsctx->tls_magic == TLS_CTX_MAGIC); switch (tlsctx->tls_side) { case TLS_SIDE_CLIENT: case TLS_SIDE_SERVER_WORK: PJDLOG_ASSERT(tlsctx->tls_sock != NULL); return (proto_descriptor(tlsctx->tls_sock)); case TLS_SIDE_SERVER_LISTEN: PJDLOG_ASSERT(tlsctx->tls_tcp != NULL); return (proto_descriptor(tlsctx->tls_tcp)); default: PJDLOG_ABORT("Invalid side (%d).", tlsctx->tls_side); } } static bool tcp_address_match(const void *ctx, const char *addr) { const struct tls_ctx *tlsctx = ctx; PJDLOG_ASSERT(tlsctx != NULL); PJDLOG_ASSERT(tlsctx->tls_magic == TLS_CTX_MAGIC); return (strcmp(tlsctx->tls_raddr, addr) == 0); } static void tls_local_address(const void *ctx, char *addr, size_t size) { const struct tls_ctx *tlsctx = ctx; PJDLOG_ASSERT(tlsctx != NULL); PJDLOG_ASSERT(tlsctx->tls_magic == TLS_CTX_MAGIC); PJDLOG_ASSERT(tlsctx->tls_wait_called); switch (tlsctx->tls_side) { case TLS_SIDE_CLIENT: PJDLOG_ASSERT(tlsctx->tls_sock != NULL); PJDLOG_VERIFY(strlcpy(addr, "tls://N/A", size) < size); break; case TLS_SIDE_SERVER_WORK: PJDLOG_ASSERT(tlsctx->tls_sock != NULL); PJDLOG_VERIFY(strlcpy(addr, tlsctx->tls_laddr, size) < size); break; case TLS_SIDE_SERVER_LISTEN: PJDLOG_ASSERT(tlsctx->tls_tcp != NULL); proto_local_address(tlsctx->tls_tcp, addr, size); PJDLOG_ASSERT(strncmp(addr, "tcp://", 6) == 0); /* Replace tcp:// prefix with tls:// */ bcopy("tls://", addr, 6); break; default: PJDLOG_ABORT("Invalid side (%d).", tlsctx->tls_side); } } static void tls_remote_address(const void *ctx, char *addr, size_t size) { const struct tls_ctx *tlsctx = ctx; PJDLOG_ASSERT(tlsctx != NULL); PJDLOG_ASSERT(tlsctx->tls_magic == TLS_CTX_MAGIC); PJDLOG_ASSERT(tlsctx->tls_wait_called); switch (tlsctx->tls_side) { case TLS_SIDE_CLIENT: PJDLOG_ASSERT(tlsctx->tls_sock != NULL); PJDLOG_VERIFY(strlcpy(addr, "tls://N/A", size) < size); break; case TLS_SIDE_SERVER_WORK: PJDLOG_ASSERT(tlsctx->tls_sock != NULL); PJDLOG_VERIFY(strlcpy(addr, tlsctx->tls_raddr, size) < size); break; case TLS_SIDE_SERVER_LISTEN: PJDLOG_ASSERT(tlsctx->tls_tcp != NULL); proto_remote_address(tlsctx->tls_tcp, addr, size); PJDLOG_ASSERT(strncmp(addr, "tcp://", 6) == 0); /* Replace tcp:// prefix with tls:// */ bcopy("tls://", addr, 6); break; default: PJDLOG_ABORT("Invalid side (%d).", tlsctx->tls_side); } } static void tls_close(void *ctx) { struct tls_ctx *tlsctx = ctx; PJDLOG_ASSERT(tlsctx != NULL); PJDLOG_ASSERT(tlsctx->tls_magic == TLS_CTX_MAGIC); if (tlsctx->tls_sock != NULL) { proto_close(tlsctx->tls_sock); tlsctx->tls_sock = NULL; } if (tlsctx->tls_tcp != NULL) { proto_close(tlsctx->tls_tcp); tlsctx->tls_tcp = NULL; } tlsctx->tls_side = 0; tlsctx->tls_magic = 0; free(tlsctx); } static int tls_exec(int argc, char *argv[]) { PJDLOG_ASSERT(argc > 3); PJDLOG_ASSERT(strcmp(argv[0], "tls") == 0); pjdlog_init(atoi(argv[3]) == 0 ? PJDLOG_MODE_SYSLOG : PJDLOG_MODE_STD); if (strcmp(argv[2], "client") == 0) { if (argc != 10) return (EINVAL); tls_exec_client(argv[1], atoi(argv[3]), argv[4][0] == '\0' ? NULL : argv[4], argv[5], argv[6], argv[7], atoi(argv[8]), atoi(argv[9])); } else if (strcmp(argv[2], "server") == 0) { if (argc != 7) return (EINVAL); tls_exec_server(argv[1], atoi(argv[3]), argv[4], argv[5], atoi(argv[6])); } return (EINVAL); } static struct proto tls_proto = { .prt_name = "tls", .prt_connect = tls_connect, .prt_connect_wait = tls_connect_wait, .prt_server = tls_server, .prt_accept = tls_accept, .prt_wrap = tls_wrap, .prt_send = tls_send, .prt_recv = tls_recv, .prt_descriptor = tls_descriptor, .prt_address_match = tcp_address_match, .prt_local_address = tls_local_address, .prt_remote_address = tls_remote_address, .prt_close = tls_close, .prt_exec = tls_exec }; static __constructor void tls_ctor(void) { proto_register(&tls_proto, false); } Index: head/contrib/openbsm/bin/auditdistd/proto_uds.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/proto_uds.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/proto_uds.c (revision 292432) @@ -1,362 +1,360 @@ /*- * Copyright (c) 2009-2010 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/proto_uds.c#2 $ */ /* UDS - UNIX Domain Socket */ #include #include #include #include #include #include #include #include #include #include #ifndef HAVE_STRLCPY #include #endif #include "pjdlog.h" #include "proto_impl.h" #define UDS_CTX_MAGIC 0xd541c struct uds_ctx { int uc_magic; struct sockaddr_un uc_sun; int uc_fd; int uc_side; #define UDS_SIDE_CLIENT 0 #define UDS_SIDE_SERVER_LISTEN 1 #define UDS_SIDE_SERVER_WORK 2 pid_t uc_owner; }; static void uds_close(void *ctx); static int uds_addr(const char *addr, struct sockaddr_un *sunp) { if (addr == NULL) return (-1); if (strncasecmp(addr, "uds://", 6) == 0) addr += 6; else if (strncasecmp(addr, "unix://", 7) == 0) addr += 7; else if (addr[0] == '/' && /* If it starts from /... */ strstr(addr, "://") == NULL)/* ...and there is no prefix... */ ; /* ...we assume its us. */ else return (-1); sunp->sun_family = AF_UNIX; if (strlcpy(sunp->sun_path, addr, sizeof(sunp->sun_path)) >= sizeof(sunp->sun_path)) { return (ENAMETOOLONG); } #ifdef HAVE_SOCKADDR_STORAGE_SS_LEN sunp->sun_len = SUN_LEN(sunp); #endif return (0); } static int uds_common_setup(const char *addr, int side, struct uds_ctx **uctxp) { struct uds_ctx *uctx; int error; uctx = malloc(sizeof(*uctx)); if (uctx == NULL) return (errno); /* Parse given address. */ error = uds_addr(addr, &uctx->uc_sun); if (error != 0) { free(uctx); return (error); } uctx->uc_fd = socket(AF_UNIX, SOCK_STREAM, 0); if (uctx->uc_fd == -1) { error = errno; free(uctx); return (error); } uctx->uc_side = side; uctx->uc_owner = 0; uctx->uc_magic = UDS_CTX_MAGIC; *uctxp = uctx; return (0); } static int uds_connect(const char *srcaddr, const char *dstaddr, int timeout, void **ctxp) { struct uds_ctx *uctx; int error; PJDLOG_ASSERT(dstaddr != NULL); PJDLOG_ASSERT(timeout >= -1); error = uds_common_setup(dstaddr, UDS_SIDE_CLIENT, &uctx); if (error != 0) return (error); PJDLOG_ASSERT(srcaddr == NULL); if (connect(uctx->uc_fd, (struct sockaddr *)&uctx->uc_sun, sizeof(uctx->uc_sun)) == -1) { error = errno; uds_close(uctx); return (error); } *ctxp = uctx; return (0); } static int uds_connect_wait(void *ctx, int timeout) { struct uds_ctx *uctx = ctx; PJDLOG_ASSERT(uctx != NULL); PJDLOG_ASSERT(uctx->uc_magic == UDS_CTX_MAGIC); PJDLOG_ASSERT(uctx->uc_side == UDS_SIDE_CLIENT); PJDLOG_ASSERT(uctx->uc_fd >= 0); PJDLOG_ASSERT(timeout >= 0); return (0); } static int uds_server(const char *addr, void **ctxp) { struct uds_ctx *uctx; int error; error = uds_common_setup(addr, UDS_SIDE_SERVER_LISTEN, &uctx); if (error != 0) return (error); (void)unlink(uctx->uc_sun.sun_path); if (bind(uctx->uc_fd, (struct sockaddr *)&uctx->uc_sun, sizeof(uctx->uc_sun)) == -1) { error = errno; uds_close(uctx); return (error); } uctx->uc_owner = getpid(); if (listen(uctx->uc_fd, 8) == -1) { error = errno; uds_close(uctx); return (error); } *ctxp = uctx; return (0); } static int uds_accept(void *ctx, void **newctxp) { struct uds_ctx *uctx = ctx; struct uds_ctx *newuctx; socklen_t fromlen; int error; PJDLOG_ASSERT(uctx != NULL); PJDLOG_ASSERT(uctx->uc_magic == UDS_CTX_MAGIC); PJDLOG_ASSERT(uctx->uc_side == UDS_SIDE_SERVER_LISTEN); PJDLOG_ASSERT(uctx->uc_fd >= 0); newuctx = malloc(sizeof(*newuctx)); if (newuctx == NULL) return (errno); fromlen = sizeof(newuctx->uc_sun); newuctx->uc_fd = accept(uctx->uc_fd, (struct sockaddr *)&newuctx->uc_sun, &fromlen); if (newuctx->uc_fd < 0) { error = errno; free(newuctx); return (error); } newuctx->uc_side = UDS_SIDE_SERVER_WORK; newuctx->uc_magic = UDS_CTX_MAGIC; *newctxp = newuctx; return (0); } static int uds_send(void *ctx, const unsigned char *data, size_t size, int fd) { struct uds_ctx *uctx = ctx; PJDLOG_ASSERT(uctx != NULL); PJDLOG_ASSERT(uctx->uc_magic == UDS_CTX_MAGIC); PJDLOG_ASSERT(uctx->uc_fd >= 0); return (proto_common_send(uctx->uc_fd, data, size, fd)); } static int uds_recv(void *ctx, unsigned char *data, size_t size, int *fdp) { struct uds_ctx *uctx = ctx; PJDLOG_ASSERT(uctx != NULL); PJDLOG_ASSERT(uctx->uc_magic == UDS_CTX_MAGIC); PJDLOG_ASSERT(uctx->uc_fd >= 0); return (proto_common_recv(uctx->uc_fd, data, size, fdp)); } static int uds_descriptor(const void *ctx) { const struct uds_ctx *uctx = ctx; PJDLOG_ASSERT(uctx != NULL); PJDLOG_ASSERT(uctx->uc_magic == UDS_CTX_MAGIC); return (uctx->uc_fd); } static void uds_local_address(const void *ctx, char *addr, size_t size) { const struct uds_ctx *uctx = ctx; struct sockaddr_un sun; socklen_t sunlen; PJDLOG_ASSERT(uctx != NULL); PJDLOG_ASSERT(uctx->uc_magic == UDS_CTX_MAGIC); PJDLOG_ASSERT(addr != NULL); sunlen = sizeof(sun); if (getsockname(uctx->uc_fd, (struct sockaddr *)&sun, &sunlen) < 0) { PJDLOG_VERIFY(strlcpy(addr, "N/A", size) < size); return; } PJDLOG_ASSERT(sun.sun_family == AF_UNIX); if (sun.sun_path[0] == '\0') { PJDLOG_VERIFY(strlcpy(addr, "N/A", size) < size); return; } PJDLOG_VERIFY(snprintf(addr, size, "uds://%s", sun.sun_path) < (ssize_t)size); } static void uds_remote_address(const void *ctx, char *addr, size_t size) { const struct uds_ctx *uctx = ctx; struct sockaddr_un sun; socklen_t sunlen; PJDLOG_ASSERT(uctx != NULL); PJDLOG_ASSERT(uctx->uc_magic == UDS_CTX_MAGIC); PJDLOG_ASSERT(addr != NULL); sunlen = sizeof(sun); if (getpeername(uctx->uc_fd, (struct sockaddr *)&sun, &sunlen) < 0) { PJDLOG_VERIFY(strlcpy(addr, "N/A", size) < size); return; } PJDLOG_ASSERT(sun.sun_family == AF_UNIX); if (sun.sun_path[0] == '\0') { PJDLOG_VERIFY(strlcpy(addr, "N/A", size) < size); return; } snprintf(addr, size, "uds://%s", sun.sun_path); } static void uds_close(void *ctx) { struct uds_ctx *uctx = ctx; PJDLOG_ASSERT(uctx != NULL); PJDLOG_ASSERT(uctx->uc_magic == UDS_CTX_MAGIC); if (uctx->uc_fd >= 0) close(uctx->uc_fd); /* * Unlink the socket only if we are the owner and this is descriptor * we listen on. */ if (uctx->uc_side == UDS_SIDE_SERVER_LISTEN && uctx->uc_owner == getpid()) { PJDLOG_ASSERT(uctx->uc_sun.sun_path[0] != '\0'); if (unlink(uctx->uc_sun.sun_path) == -1) { pjdlog_errno(LOG_WARNING, "Unable to unlink socket file %s", uctx->uc_sun.sun_path); } } uctx->uc_owner = 0; uctx->uc_magic = 0; free(uctx); } static struct proto uds_proto = { .prt_name = "uds", .prt_connect = uds_connect, .prt_connect_wait = uds_connect_wait, .prt_server = uds_server, .prt_accept = uds_accept, .prt_send = uds_send, .prt_recv = uds_recv, .prt_descriptor = uds_descriptor, .prt_local_address = uds_local_address, .prt_remote_address = uds_remote_address, .prt_close = uds_close }; static __constructor void uds_ctor(void) { proto_register(&uds_proto, false); } Index: head/contrib/openbsm/bin/auditdistd/receiver.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/receiver.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/receiver.c (revision 292432) @@ -1,714 +1,712 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/receiver.c#3 $ */ #include #include #if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BSWAP) #include #else /* !HAVE_SYS_ENDIAN_H || !HAVE_BSWAP */ #ifdef HAVE_MACHINE_ENDIAN_H #include #else /* !HAVE_MACHINE_ENDIAN_H */ #ifdef HAVE_ENDIAN_H #include #else /* !HAVE_ENDIAN_H */ #error "No supported endian.h" #endif /* !HAVE_ENDIAN_H */ #endif /* !HAVE_MACHINE_ENDIAN_H */ #include #endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BSWAP */ #include #include #include #include #include #include #ifdef HAVE_LIBUTIL_H #include #endif #include #include #include #include #include #include #include #include #ifndef HAVE_STRLCPY #include #endif #ifndef HAVE_FSTATAT #include "fstatat.h" #endif #ifndef HAVE_OPENAT #include "openat.h" #endif #ifndef HAVE_RENAMEAT #include "renameat.h" #endif #include "auditdistd.h" #include "pjdlog.h" #include "proto.h" #include "sandbox.h" #include "subr.h" #include "synch.h" #include "trail.h" static struct adist_config *adcfg; static struct adist_host *adhost; static TAILQ_HEAD(, adreq) adist_free_list; static pthread_mutex_t adist_free_list_lock; static pthread_cond_t adist_free_list_cond; static TAILQ_HEAD(, adreq) adist_disk_list; static pthread_mutex_t adist_disk_list_lock; static pthread_cond_t adist_disk_list_cond; static TAILQ_HEAD(, adreq) adist_send_list; static pthread_mutex_t adist_send_list_lock; static pthread_cond_t adist_send_list_cond; static void adreq_clear(struct adreq *adreq) { adreq->adr_error = -1; adreq->adr_byteorder = ADIST_BYTEORDER_UNDEFINED; adreq->adr_cmd = ADIST_CMD_UNDEFINED; adreq->adr_seq = 0; adreq->adr_datasize = 0; } static void init_environment(void) { struct adreq *adreq; unsigned int ii; TAILQ_INIT(&adist_free_list); mtx_init(&adist_free_list_lock); cv_init(&adist_free_list_cond); TAILQ_INIT(&adist_disk_list); mtx_init(&adist_disk_list_lock); cv_init(&adist_disk_list_cond); TAILQ_INIT(&adist_send_list); mtx_init(&adist_send_list_lock); cv_init(&adist_send_list_cond); for (ii = 0; ii < ADIST_QUEUE_SIZE; ii++) { adreq = malloc(sizeof(*adreq) + ADIST_BUF_SIZE); if (adreq == NULL) { pjdlog_exitx(EX_TEMPFAIL, "Unable to allocate %zu bytes of memory for adreq object.", sizeof(*adreq) + ADIST_BUF_SIZE); } adreq_clear(adreq); TAILQ_INSERT_TAIL(&adist_free_list, adreq, adr_next); } } static void adreq_decode_and_validate_header(struct adreq *adreq) { /* Byte-swap only is the sender is using different byte order. */ if (adreq->adr_byteorder != ADIST_BYTEORDER) { adreq->adr_byteorder = ADIST_BYTEORDER; adreq->adr_seq = bswap64(adreq->adr_seq); adreq->adr_datasize = bswap32(adreq->adr_datasize); } /* Validate packet header. */ if (adreq->adr_datasize > ADIST_BUF_SIZE) { pjdlog_exitx(EX_PROTOCOL, "Invalid datasize received (%ju).", (uintmax_t)adreq->adr_datasize); } switch (adreq->adr_cmd) { case ADIST_CMD_OPEN: case ADIST_CMD_APPEND: case ADIST_CMD_CLOSE: if (adreq->adr_datasize == 0) { pjdlog_exitx(EX_PROTOCOL, "Invalid datasize received (%ju).", (uintmax_t)adreq->adr_datasize); } break; case ADIST_CMD_KEEPALIVE: case ADIST_CMD_ERROR: if (adreq->adr_datasize > 0) { pjdlog_exitx(EX_PROTOCOL, "Invalid datasize received (%ju).", (uintmax_t)adreq->adr_datasize); } break; default: pjdlog_exitx(EX_PROTOCOL, "Invalid command received (%hhu).", adreq->adr_cmd); } } static void adreq_validate_data(const struct adreq *adreq) { /* Validate packet data. */ switch (adreq->adr_cmd) { case ADIST_CMD_OPEN: case ADIST_CMD_CLOSE: /* * File name must end up with '\0' and there must be no '\0' * in the middle. */ if (adreq->adr_data[adreq->adr_datasize - 1] != '\0' || strchr(adreq->adr_data, '\0') != (const char *)adreq->adr_data + adreq->adr_datasize - 1) { pjdlog_exitx(EX_PROTOCOL, "Invalid file name received."); } break; } } /* * Thread receives requests from the sender. */ static void * recv_thread(void *arg __unused) { struct adreq *adreq; for (;;) { pjdlog_debug(3, "recv: Taking free request."); QUEUE_TAKE(adreq, &adist_free_list, 0); pjdlog_debug(3, "recv: (%p) Got request.", adreq); if (proto_recv(adhost->adh_remote, &adreq->adr_packet, sizeof(adreq->adr_packet)) == -1) { pjdlog_exit(EX_TEMPFAIL, "Unable to receive request header"); } adreq_decode_and_validate_header(adreq); switch (adreq->adr_cmd) { case ADIST_CMD_KEEPALIVE: adreq->adr_error = 0; adreq_log(LOG_DEBUG, 2, -1, adreq, "recv: (%p) Got request header: ", adreq); pjdlog_debug(3, "recv: (%p) Moving request to the send queue.", adreq); QUEUE_INSERT(adreq, &adist_send_list); continue; case ADIST_CMD_ERROR: pjdlog_error("An error occured on the sender while reading \"%s/%s\".", adhost->adh_directory, adhost->adh_trail_name); adreq_log(LOG_DEBUG, 2, ADIST_ERROR_READ, adreq, "recv: (%p) Got request header: ", adreq); pjdlog_debug(3, "recv: (%p) Moving request to the send queue.", adreq); QUEUE_INSERT(adreq, &adist_disk_list); continue; case ADIST_CMD_OPEN: case ADIST_CMD_APPEND: case ADIST_CMD_CLOSE: if (proto_recv(adhost->adh_remote, adreq->adr_data, adreq->adr_datasize) == -1) { pjdlog_exit(EX_TEMPFAIL, "Unable to receive request data"); } adreq_validate_data(adreq); adreq_log(LOG_DEBUG, 2, -1, adreq, "recv: (%p) Got request header: ", adreq); pjdlog_debug(3, "recv: (%p) Moving request to the disk queue.", adreq); QUEUE_INSERT(adreq, &adist_disk_list); break; default: PJDLOG_ABORT("Invalid condition."); } } /* NOTREACHED */ return (NULL); } /* * Function that opens trail file requested by the sender. * If the file already exist, it has to be the most recent file and it can * only be open for append. * If the file doesn't already exist, it has to be "older" than all existing * files. */ static int receiver_open(const char *filename) { int fd; /* * Previous file should be closed by now. Sending OPEN request without * sending CLOSE for the previous file is a sender bug. */ if (adhost->adh_trail_fd != -1) { pjdlog_error("Sender requested opening file \"%s\" without first closing \"%s\".", filename, adhost->adh_trail_name); return (ADIST_ERROR_WRONG_ORDER); } if (!trail_validate_name(filename, NULL)) { pjdlog_error("Sender wants to open file \"%s\", which has invalid name.", filename); return (ADIST_ERROR_INVALID_NAME); } switch (trail_name_compare(filename, adhost->adh_trail_name)) { case TRAIL_RENAMED: if (!trail_is_not_terminated(adhost->adh_trail_name)) { pjdlog_error("Terminated trail \"%s/%s\" was unterminated on the sender as \"%s/%s\"?", adhost->adh_directory, adhost->adh_trail_name, adhost->adh_directory, filename); return (ADIST_ERROR_INVALID_NAME); } if (renameat(adhost->adh_trail_dirfd, adhost->adh_trail_name, adhost->adh_trail_dirfd, filename) == -1) { pjdlog_errno(LOG_ERR, "Unable to rename file \"%s/%s\" to \"%s/%s\"", adhost->adh_directory, adhost->adh_trail_name, adhost->adh_directory, filename); PJDLOG_ASSERT(errno > 0); return (ADIST_ERROR_RENAME); } pjdlog_debug(1, "Renamed file \"%s/%s\" to \"%s/%s\".", adhost->adh_directory, adhost->adh_trail_name, adhost->adh_directory, filename); /* FALLTHROUGH */ case TRAIL_IDENTICAL: /* Opening existing file. */ fd = openat(adhost->adh_trail_dirfd, filename, O_WRONLY | O_APPEND | O_NOFOLLOW); if (fd == -1) { pjdlog_errno(LOG_ERR, "Unable to open file \"%s/%s\" for append", adhost->adh_directory, filename); PJDLOG_ASSERT(errno > 0); return (ADIST_ERROR_OPEN); } pjdlog_debug(1, "Opened file \"%s/%s\".", adhost->adh_directory, filename); break; case TRAIL_NEWER: /* Opening new file. */ fd = openat(adhost->adh_trail_dirfd, filename, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0600); if (fd == -1) { pjdlog_errno(LOG_ERR, "Unable to create file \"%s/%s\"", adhost->adh_directory, filename); PJDLOG_ASSERT(errno > 0); return (ADIST_ERROR_CREATE); } pjdlog_debug(1, "Created file \"%s/%s\".", adhost->adh_directory, filename); break; case TRAIL_OLDER: /* Trying to open old file. */ pjdlog_error("Sender wants to open an old file \"%s\".", filename); return (ADIST_ERROR_OPEN_OLD); default: PJDLOG_ABORT("Unknown return value from trail_name_compare()."); } PJDLOG_VERIFY(strlcpy(adhost->adh_trail_name, filename, sizeof(adhost->adh_trail_name)) < sizeof(adhost->adh_trail_name)); adhost->adh_trail_fd = fd; return (0); } /* * Function appends data to the trail file that is currently open. */ static int receiver_append(const unsigned char *data, size_t size) { ssize_t done; size_t osize; /* We should have opened trail file. */ if (adhost->adh_trail_fd == -1) { pjdlog_error("Sender requested append without first opening file."); return (ADIST_ERROR_WRONG_ORDER); } osize = size; while (size > 0) { done = write(adhost->adh_trail_fd, data, size); if (done == -1) { if (errno == EINTR) continue; pjdlog_errno(LOG_ERR, "Write to \"%s/%s\" failed", adhost->adh_directory, adhost->adh_trail_name); PJDLOG_ASSERT(errno > 0); return (ADIST_ERROR_WRITE); } pjdlog_debug(3, "Wrote %zd bytes into \"%s/%s\".", done, adhost->adh_directory, adhost->adh_trail_name); size -= done; } pjdlog_debug(2, "Appended %zu bytes to file \"%s/%s\".", osize, adhost->adh_directory, adhost->adh_trail_name); return (0); } static int receiver_close(const char *filename) { /* We should have opened trail file. */ if (adhost->adh_trail_fd == -1) { pjdlog_error("Sender requested closing file without first opening it."); return (ADIST_ERROR_WRONG_ORDER); } /* Validate if we can do the rename. */ if (!trail_validate_name(adhost->adh_trail_name, filename)) { pjdlog_error("Sender wants to close file \"%s\" using name \"%s\".", adhost->adh_trail_name, filename); return (ADIST_ERROR_INVALID_NAME); } PJDLOG_VERIFY(close(adhost->adh_trail_fd) == 0); adhost->adh_trail_fd = -1; pjdlog_debug(1, "Closed file \"%s/%s\".", adhost->adh_directory, adhost->adh_trail_name); if (strcmp(adhost->adh_trail_name, filename) == 0) { /* File name didn't change, we are done here. */ return (0); } if (renameat(adhost->adh_trail_dirfd, adhost->adh_trail_name, adhost->adh_trail_dirfd, filename) == -1) { pjdlog_errno(LOG_ERR, "Unable to rename \"%s\" to \"%s\"", adhost->adh_trail_name, filename); PJDLOG_ASSERT(errno > 0); return (ADIST_ERROR_RENAME); } pjdlog_debug(1, "Renamed file \"%s/%s\" to \"%s/%s\".", adhost->adh_directory, adhost->adh_trail_name, adhost->adh_directory, filename); PJDLOG_VERIFY(strlcpy(adhost->adh_trail_name, filename, sizeof(adhost->adh_trail_name)) < sizeof(adhost->adh_trail_name)); return (0); } static int receiver_error(void) { /* We should have opened trail file. */ if (adhost->adh_trail_fd == -1) { pjdlog_error("Sender send read error, but file is not open."); return (ADIST_ERROR_WRONG_ORDER); } PJDLOG_VERIFY(close(adhost->adh_trail_fd) == 0); adhost->adh_trail_fd = -1; pjdlog_debug(1, "Closed file \"%s/%s\".", adhost->adh_directory, adhost->adh_trail_name); return (0); } static void * disk_thread(void *arg __unused) { struct adreq *adreq; for (;;) { pjdlog_debug(3, "disk: Taking request."); QUEUE_TAKE(adreq, &adist_disk_list, 0); adreq_log(LOG_DEBUG, 3, -1, adreq, "disk: (%p) Got request: ", adreq); /* Handle the actual request. */ switch (adreq->adr_cmd) { case ADIST_CMD_OPEN: adreq->adr_error = receiver_open(adreq->adr_data); break; case ADIST_CMD_APPEND: adreq->adr_error = receiver_append(adreq->adr_data, adreq->adr_datasize); break; case ADIST_CMD_CLOSE: adreq->adr_error = receiver_close(adreq->adr_data); break; case ADIST_CMD_ERROR: adreq->adr_error = receiver_error(); break; default: PJDLOG_ABORT("Unexpected command (cmd=%hhu).", adreq->adr_cmd); } if (adreq->adr_error != 0) { adreq_log(LOG_ERR, 0, adreq->adr_error, adreq, "Request failed: "); } pjdlog_debug(3, "disk: (%p) Moving request to the send queue.", adreq); QUEUE_INSERT(adreq, &adist_send_list); } /* NOTREACHED */ return (NULL); } /* * Thread sends requests back to primary node. */ static void * send_thread(void *arg __unused) { struct adreq *adreq; struct adrep adrep; for (;;) { pjdlog_debug(3, "send: Taking request."); QUEUE_TAKE(adreq, &adist_send_list, 0); adreq_log(LOG_DEBUG, 3, -1, adreq, "send: (%p) Got request: ", adreq); adrep.adrp_byteorder = ADIST_BYTEORDER; adrep.adrp_seq = adreq->adr_seq; adrep.adrp_error = adreq->adr_error; if (proto_send(adhost->adh_remote, &adrep, sizeof(adrep)) == -1) { pjdlog_exit(EX_TEMPFAIL, "Unable to send reply"); } pjdlog_debug(3, "send: (%p) Moving request to the free queue.", adreq); adreq_clear(adreq); QUEUE_INSERT(adreq, &adist_free_list); } /* NOTREACHED */ return (NULL); } static void receiver_directory_create(void) { struct passwd *pw; /* * According to getpwnam(3) we have to clear errno before calling the * function to be able to distinguish between an error and missing * entry (with is not treated as error by getpwnam(3)). */ errno = 0; pw = getpwnam(ADIST_USER); if (pw == NULL) { if (errno != 0) { pjdlog_exit(EX_NOUSER, "Unable to find info about '%s' user", ADIST_USER); } else { pjdlog_exitx(EX_NOUSER, "User '%s' doesn't exist.", ADIST_USER); } } if (mkdir(adhost->adh_directory, 0700) == -1) { pjdlog_exit(EX_OSFILE, "Unable to create directory \"%s\"", adhost->adh_directory); } if (chown(adhost->adh_directory, pw->pw_uid, pw->pw_gid) == -1) { pjdlog_errno(LOG_ERR, "Unable to change owner of the directory \"%s\"", adhost->adh_directory); (void)rmdir(adhost->adh_directory); exit(EX_OSFILE); } } static void receiver_directory_open(void) { #ifdef HAVE_FDOPENDIR adhost->adh_trail_dirfd = open(adhost->adh_directory, O_RDONLY | O_DIRECTORY); if (adhost->adh_trail_dirfd == -1) { if (errno == ENOENT) { receiver_directory_create(); adhost->adh_trail_dirfd = open(adhost->adh_directory, O_RDONLY | O_DIRECTORY); } if (adhost->adh_trail_dirfd == -1) { pjdlog_exit(EX_CONFIG, "Unable to open directory \"%s\"", adhost->adh_directory); } } adhost->adh_trail_dirfp = fdopendir(adhost->adh_trail_dirfd); if (adhost->adh_trail_dirfp == NULL) { pjdlog_exit(EX_CONFIG, "Unable to fdopen directory \"%s\"", adhost->adh_directory); } #else struct stat sb; if (stat(adhost->adh_directory, &sb) == -1) { if (errno == ENOENT) { receiver_directory_create(); } else { pjdlog_exit(EX_CONFIG, "Unable to stat directory \"%s\"", adhost->adh_directory); } } adhost->adh_trail_dirfp = opendir(adhost->adh_directory); if (adhost->adh_trail_dirfp == NULL) { pjdlog_exit(EX_CONFIG, "Unable to open directory \"%s\"", adhost->adh_directory); } adhost->adh_trail_dirfd = dirfd(adhost->adh_trail_dirfp); #endif } static void receiver_connect(void) { uint64_t trail_size; struct stat sb; PJDLOG_ASSERT(adhost->adh_trail_dirfp != NULL); trail_last(adhost->adh_trail_dirfp, adhost->adh_trail_name, sizeof(adhost->adh_trail_name)); if (adhost->adh_trail_name[0] == '\0') { trail_size = 0; } else { if (fstatat(adhost->adh_trail_dirfd, adhost->adh_trail_name, &sb, AT_SYMLINK_NOFOLLOW) == -1) { pjdlog_exit(EX_CONFIG, "Unable to stat \"%s/%s\"", adhost->adh_directory, adhost->adh_trail_name); } if (!S_ISREG(sb.st_mode)) { pjdlog_exitx(EX_CONFIG, "File \"%s/%s\" is not a regular file.", adhost->adh_directory, adhost->adh_trail_name); } trail_size = sb.st_size; } trail_size = htole64(trail_size); if (proto_send(adhost->adh_remote, &trail_size, sizeof(trail_size)) == -1) { pjdlog_exit(EX_TEMPFAIL, "Unable to send size of the most recent trail file"); } if (proto_send(adhost->adh_remote, adhost->adh_trail_name, sizeof(adhost->adh_trail_name)) == -1) { pjdlog_exit(EX_TEMPFAIL, "Unable to send name of the most recent trail file"); } } void adist_receiver(struct adist_config *config, struct adist_host *adh) { sigset_t mask; pthread_t td; pid_t pid; int error, mode, debuglevel; pid = fork(); if (pid == -1) { pjdlog_errno(LOG_ERR, "Unable to fork"); proto_close(adh->adh_remote); adh->adh_remote = NULL; return; } if (pid > 0) { /* This is parent. */ proto_close(adh->adh_remote); adh->adh_remote = NULL; adh->adh_worker_pid = pid; return; } adcfg = config; adhost = adh; mode = pjdlog_mode_get(); debuglevel = pjdlog_debug_get(); descriptors_cleanup(adhost); // descriptors_assert(adhost, mode); pjdlog_init(mode); pjdlog_debug_set(debuglevel); pjdlog_prefix_set("[%s] (%s) ", adhost->adh_name, role2str(adhost->adh_role)); #ifdef HAVE_SETPROCTITLE setproctitle("%s (%s)", adhost->adh_name, role2str(adhost->adh_role)); #endif PJDLOG_VERIFY(sigemptyset(&mask) == 0); PJDLOG_VERIFY(sigprocmask(SIG_SETMASK, &mask, NULL) == 0); /* Error in setting timeout is not critical, but why should it fail? */ if (proto_timeout(adhost->adh_remote, adcfg->adc_timeout) == -1) pjdlog_errno(LOG_WARNING, "Unable to set connection timeout"); init_environment(); adhost->adh_trail_fd = -1; receiver_directory_open(); if (sandbox(ADIST_USER, true, "auditdistd: %s (%s)", role2str(adhost->adh_role), adhost->adh_name) != 0) { exit(EX_CONFIG); } pjdlog_info("Privileges successfully dropped."); receiver_connect(); error = pthread_create(&td, NULL, recv_thread, adhost); PJDLOG_ASSERT(error == 0); error = pthread_create(&td, NULL, disk_thread, adhost); PJDLOG_ASSERT(error == 0); (void)send_thread(adhost); } Index: head/contrib/openbsm/bin/auditdistd/renameat.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/renameat.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/renameat.h (revision 292432) @@ -1,68 +1,66 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/renameat.h#1 $ */ #ifndef _RENAMEAT_H_ #define _RENAMEAT_H_ #include #include static int renameat(int fromfd, const char *from, int tofd, const char *to) { int cfd, error, ret; if (fromfd != tofd) { errno = EINVAL; return (-1); } cfd = open(".", O_RDONLY | O_DIRECTORY); if (cfd == -1) return (-1); if (fchdir(fromfd) == -1) { error = errno; (void)close(cfd); errno = error; return (-1); } ret = rename(from, to); error = errno; (void)fchdir(cfd); (void)close(cfd); errno = error; return (ret); } #endif /* !_RENAMEAT_H_ */ Index: head/contrib/openbsm/bin/auditdistd/sandbox.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/sandbox.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/sandbox.c (revision 292432) @@ -1,234 +1,232 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/sandbox.c#3 $ */ #include #include #ifdef HAVE_JAIL #include #endif #ifdef HAVE_CAP_ENTER #include #endif #include #include #include #include #include #include #include #include #include "pjdlog.h" #include "sandbox.h" static int groups_compare(const void *grp0, const void *grp1) { gid_t gr0 = *(const gid_t *)grp0; gid_t gr1 = *(const gid_t *)grp1; return (gr0 <= gr1 ? (gr0 < gr1 ? -1 : 0) : 1); } int sandbox(const char *user, bool capsicum, const char *fmt, ...) { #ifdef HAVE_JAIL struct jail jailst; char *jailhost; va_list ap; #endif struct passwd *pw; uid_t ruid, euid; gid_t rgid, egid; #ifdef HAVE_GETRESUID uid_t suid; #endif #ifdef HAVE_GETRESGID gid_t sgid; #endif gid_t *groups, *ggroups; bool jailed; int ngroups, ret; PJDLOG_ASSERT(user != NULL); PJDLOG_ASSERT(fmt != NULL); ret = -1; groups = NULL; ggroups = NULL; /* * According to getpwnam(3) we have to clear errno before calling the * function to be able to distinguish between an error and missing * entry (with is not treated as error by getpwnam(3)). */ errno = 0; pw = getpwnam(user); if (pw == NULL) { if (errno != 0) { pjdlog_errno(LOG_ERR, "Unable to find info about '%s' user", user); goto out; } else { pjdlog_error("'%s' user doesn't exist.", user); errno = ENOENT; goto out; } } ngroups = sysconf(_SC_NGROUPS_MAX); if (ngroups == -1) { pjdlog_errno(LOG_WARNING, "Unable to obtain maximum number of groups"); ngroups = NGROUPS_MAX; } ngroups++; /* For base gid. */ groups = malloc(sizeof(groups[0]) * ngroups); if (groups == NULL) { pjdlog_error("Unable to allocate memory for %d groups.", ngroups); goto out; } if (getgrouplist(user, pw->pw_gid, groups, &ngroups) == -1) { pjdlog_error("Unable to obtain groups of user %s.", user); goto out; } #ifdef HAVE_JAIL va_start(ap, fmt); (void)vasprintf(&jailhost, fmt, ap); va_end(ap); if (jailhost == NULL) { pjdlog_error("Unable to allocate memory for jail host name."); goto out; } bzero(&jailst, sizeof(jailst)); jailst.version = JAIL_API_VERSION; jailst.path = pw->pw_dir; jailst.hostname = jailhost; if (jail(&jailst) >= 0) { jailed = true; } else { jailed = false; pjdlog_errno(LOG_WARNING, "Unable to jail to directory %s", pw->pw_dir); } free(jailhost); #else /* !HAVE_JAIL */ jailed = false; #endif /* !HAVE_JAIL */ if (!jailed) { if (chroot(pw->pw_dir) == -1) { pjdlog_errno(LOG_ERR, "Unable to change root directory to %s", pw->pw_dir); goto out; } } PJDLOG_VERIFY(chdir("/") == 0); if (setgroups(ngroups, groups) == -1) { pjdlog_errno(LOG_ERR, "Unable to set groups"); goto out; } if (setgid(pw->pw_gid) == -1) { pjdlog_errno(LOG_ERR, "Unable to set gid to %u", (unsigned int)pw->pw_gid); goto out; } if (setuid(pw->pw_uid) == -1) { pjdlog_errno(LOG_ERR, "Unable to set uid to %u", (unsigned int)pw->pw_uid); goto out; } #ifdef HAVE_CAP_ENTER if (capsicum) { capsicum = (cap_enter() == 0); if (!capsicum) { pjdlog_common(LOG_DEBUG, 1, errno, "Unable to sandbox using capsicum"); } } #else /* !HAVE_CAP_ENTER */ capsicum = false; #endif /* !HAVE_CAP_ENTER */ /* * Better be sure that everything succeeded. */ #ifdef HAVE_GETRESUID PJDLOG_VERIFY(getresuid(&ruid, &euid, &suid) == 0); PJDLOG_VERIFY(suid == pw->pw_uid); #else ruid = getuid(); euid = geteuid(); #endif PJDLOG_VERIFY(ruid == pw->pw_uid); PJDLOG_VERIFY(euid == pw->pw_uid); #ifdef HAVE_GETRESGID PJDLOG_VERIFY(getresgid(&rgid, &egid, &sgid) == 0); PJDLOG_VERIFY(sgid == pw->pw_gid); #else rgid = getgid(); egid = getegid(); #endif PJDLOG_VERIFY(rgid == pw->pw_gid); PJDLOG_VERIFY(egid == pw->pw_gid); PJDLOG_VERIFY(getgroups(0, NULL) == ngroups); ggroups = malloc(sizeof(ggroups[0]) * ngroups); if (ggroups == NULL) { pjdlog_error("Unable to allocate memory for %d groups.", ngroups); goto out; } PJDLOG_VERIFY(getgroups(ngroups, ggroups) == ngroups); qsort(groups, (size_t)ngroups, sizeof(groups[0]), groups_compare); qsort(ggroups, (size_t)ngroups, sizeof(ggroups[0]), groups_compare); PJDLOG_VERIFY(bcmp(groups, ggroups, sizeof(groups[0]) * ngroups) == 0); pjdlog_debug(1, "Privileges successfully dropped using %s%s+setgid+setuid.", capsicum ? "capsicum+" : "", jailed ? "jail" : "chroot"); ret = 0; out: if (groups != NULL) free(groups); if (ggroups != NULL) free(ggroups); return (ret); } Index: head/contrib/openbsm/bin/auditdistd/sandbox.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/sandbox.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/sandbox.h (revision 292432) @@ -1,39 +1,37 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/sandbox.h#1 $ */ #ifndef _SANDBOX_H_ #define _SANDBOX_H_ #include int sandbox(const char *user, bool capsicum, const char *fmt, ...); #endif /* !_SANDBOX_H_ */ Index: head/contrib/openbsm/bin/auditdistd/sender.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/sender.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/sender.c (revision 292432) @@ -1,847 +1,845 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/sender.c#3 $ */ #include #include #if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BSWAP) #include #else /* !HAVE_SYS_ENDIAN_H || !HAVE_BSWAP */ #ifdef HAVE_MACHINE_ENDIAN_H #include #else /* !HAVE_MACHINE_ENDIAN_H */ #ifdef HAVE_ENDIAN_H #include #else /* !HAVE_ENDIAN_H */ #error "No supported endian.h" #endif /* !HAVE_ENDIAN_H */ #endif /* !HAVE_MACHINE_ENDIAN_H */ #include #endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BSWAP */ #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_LIBUTIL_H #include #endif #include #include #include #include #ifndef HAVE_SIGTIMEDWAIT #include "sigtimedwait.h" #endif #include "auditdistd.h" #include "pjdlog.h" #include "proto.h" #include "sandbox.h" #include "subr.h" #include "synch.h" #include "trail.h" static struct adist_config *adcfg; static struct adist_host *adhost; static pthread_rwlock_t adist_remote_lock; static pthread_mutex_t adist_remote_mtx; static pthread_cond_t adist_remote_cond; static struct trail *adist_trail; static TAILQ_HEAD(, adreq) adist_free_list; static pthread_mutex_t adist_free_list_lock; static pthread_cond_t adist_free_list_cond; static TAILQ_HEAD(, adreq) adist_send_list; static pthread_mutex_t adist_send_list_lock; static pthread_cond_t adist_send_list_cond; static TAILQ_HEAD(, adreq) adist_recv_list; static pthread_mutex_t adist_recv_list_lock; static pthread_cond_t adist_recv_list_cond; static void init_environment(void) { struct adreq *adreq; unsigned int ii; rw_init(&adist_remote_lock); mtx_init(&adist_remote_mtx); cv_init(&adist_remote_cond); TAILQ_INIT(&adist_free_list); mtx_init(&adist_free_list_lock); cv_init(&adist_free_list_cond); TAILQ_INIT(&adist_send_list); mtx_init(&adist_send_list_lock); cv_init(&adist_send_list_cond); TAILQ_INIT(&adist_recv_list); mtx_init(&adist_recv_list_lock); cv_init(&adist_recv_list_cond); for (ii = 0; ii < ADIST_QUEUE_SIZE; ii++) { adreq = malloc(sizeof(*adreq) + ADIST_BUF_SIZE); if (adreq == NULL) { pjdlog_exitx(EX_TEMPFAIL, "Unable to allocate %zu bytes of memory for adreq object.", sizeof(*adreq) + ADIST_BUF_SIZE); } adreq->adr_byteorder = ADIST_BYTEORDER; adreq->adr_cmd = ADIST_CMD_UNDEFINED; adreq->adr_seq = 0; adreq->adr_datasize = 0; TAILQ_INSERT_TAIL(&adist_free_list, adreq, adr_next); } } static int sender_connect(void) { unsigned char rnd[32], hash[32], resp[32]; struct proto_conn *conn; char welcome[8]; int16_t val; val = 1; if (proto_send(adhost->adh_conn, &val, sizeof(val)) < 0) { pjdlog_exit(EX_TEMPFAIL, "Unable to send connection request to parent"); } if (proto_recv(adhost->adh_conn, &val, sizeof(val)) < 0) { pjdlog_exit(EX_TEMPFAIL, "Unable to receive reply to connection request from parent"); } if (val != 0) { errno = val; pjdlog_errno(LOG_WARNING, "Unable to connect to %s", adhost->adh_remoteaddr); return (-1); } if (proto_connection_recv(adhost->adh_conn, true, &conn) < 0) { pjdlog_exit(EX_TEMPFAIL, "Unable to receive connection from parent"); } if (proto_connect_wait(conn, adcfg->adc_timeout) < 0) { pjdlog_errno(LOG_WARNING, "Unable to connect to %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Connected to %s.", adhost->adh_remoteaddr); /* Error in setting timeout is not critical, but why should it fail? */ if (proto_timeout(conn, adcfg->adc_timeout) < 0) pjdlog_errno(LOG_WARNING, "Unable to set connection timeout"); else pjdlog_debug(1, "Timeout set to %d.", adcfg->adc_timeout); /* Exchange welcome message, which includes version number. */ (void)snprintf(welcome, sizeof(welcome), "ADIST%02d", ADIST_VERSION); if (proto_send(conn, welcome, sizeof(welcome)) < 0) { pjdlog_errno(LOG_WARNING, "Unable to send welcome message to %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Welcome message sent (%s).", welcome); bzero(welcome, sizeof(welcome)); if (proto_recv(conn, welcome, sizeof(welcome)) < 0) { pjdlog_errno(LOG_WARNING, "Unable to receive welcome message from %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } if (strncmp(welcome, "ADIST", 5) != 0 || !isdigit(welcome[5]) || !isdigit(welcome[6]) || welcome[7] != '\0') { pjdlog_warning("Invalid welcome message from %s.", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Welcome message received (%s).", welcome); /* * Receiver can only reply with version number lower or equal to * the one we sent. */ adhost->adh_version = atoi(welcome + 5); if (adhost->adh_version > ADIST_VERSION) { pjdlog_warning("Invalid version number from %s (%d received, up to %d supported).", adhost->adh_remoteaddr, adhost->adh_version, ADIST_VERSION); proto_close(conn); return (-1); } pjdlog_debug(1, "Version %d negotiated with %s.", adhost->adh_version, adhost->adh_remoteaddr); if (proto_send(conn, adcfg->adc_name, sizeof(adcfg->adc_name)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to send name to %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Name (%s) sent.", adcfg->adc_name); if (proto_recv(conn, rnd, sizeof(rnd)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to receive challenge from %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Challenge received."); if (HMAC(EVP_sha256(), adhost->adh_password, (int)strlen(adhost->adh_password), rnd, (int)sizeof(rnd), hash, NULL) == NULL) { pjdlog_warning("Unable to generate response."); proto_close(conn); return (-1); } pjdlog_debug(1, "Response generated."); if (proto_send(conn, hash, sizeof(hash)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to send response to %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Response sent."); if (adist_random(rnd, sizeof(rnd)) == -1) { pjdlog_warning("Unable to generate challenge."); proto_close(conn); return (-1); } pjdlog_debug(1, "Challenge generated."); if (proto_send(conn, rnd, sizeof(rnd)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to send challenge to %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Challenge sent."); if (proto_recv(conn, resp, sizeof(resp)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to receive response from %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Response received."); if (HMAC(EVP_sha256(), adhost->adh_password, (int)strlen(adhost->adh_password), rnd, (int)sizeof(rnd), hash, NULL) == NULL) { pjdlog_warning("Unable to generate hash."); proto_close(conn); return (-1); } pjdlog_debug(1, "Hash generated."); if (memcmp(resp, hash, sizeof(hash)) != 0) { pjdlog_warning("Invalid response from %s (wrong password?).", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_info("Receiver authenticated."); if (proto_recv(conn, &adhost->adh_trail_offset, sizeof(adhost->adh_trail_offset)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to receive size of the most recent trail file from %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } adhost->adh_trail_offset = le64toh(adhost->adh_trail_offset); if (proto_recv(conn, &adhost->adh_trail_name, sizeof(adhost->adh_trail_name)) == -1) { pjdlog_errno(LOG_WARNING, "Unable to receive name of the most recent trail file from %s", adhost->adh_remoteaddr); proto_close(conn); return (-1); } pjdlog_debug(1, "Trail name (%s) and offset (%ju) received.", adhost->adh_trail_name, (uintmax_t)adhost->adh_trail_offset); rw_wlock(&adist_remote_lock); mtx_lock(&adist_remote_mtx); PJDLOG_ASSERT(adhost->adh_remote == NULL); PJDLOG_ASSERT(conn != NULL); adhost->adh_remote = conn; mtx_unlock(&adist_remote_mtx); rw_unlock(&adist_remote_lock); cv_signal(&adist_remote_cond); return (0); } static void sender_disconnect(void) { rw_wlock(&adist_remote_lock); /* * Check for a race between dropping rlock and acquiring wlock - * another thread can close connection in-between. */ if (adhost->adh_remote == NULL) { rw_unlock(&adist_remote_lock); return; } pjdlog_debug(2, "Closing connection to %s.", adhost->adh_remoteaddr); proto_close(adhost->adh_remote); mtx_lock(&adist_remote_mtx); adhost->adh_remote = NULL; adhost->adh_reset = true; adhost->adh_trail_name[0] = '\0'; adhost->adh_trail_offset = 0; mtx_unlock(&adist_remote_mtx); rw_unlock(&adist_remote_lock); pjdlog_warning("Disconnected from %s.", adhost->adh_remoteaddr); /* Move all in-flight requests back onto free list. */ mtx_lock(&adist_free_list_lock); mtx_lock(&adist_send_list_lock); TAILQ_CONCAT(&adist_free_list, &adist_send_list, adr_next); mtx_unlock(&adist_send_list_lock); mtx_lock(&adist_recv_list_lock); TAILQ_CONCAT(&adist_free_list, &adist_recv_list, adr_next); mtx_unlock(&adist_recv_list_lock); mtx_unlock(&adist_free_list_lock); } static void adreq_fill(struct adreq *adreq, uint8_t cmd, const unsigned char *data, size_t size) { static uint64_t seq = 1; PJDLOG_ASSERT(size <= ADIST_BUF_SIZE); switch (cmd) { case ADIST_CMD_OPEN: case ADIST_CMD_CLOSE: PJDLOG_ASSERT(data != NULL && size == 0); size = strlen(data) + 1; break; case ADIST_CMD_APPEND: PJDLOG_ASSERT(data != NULL && size > 0); break; case ADIST_CMD_KEEPALIVE: case ADIST_CMD_ERROR: PJDLOG_ASSERT(data == NULL && size == 0); break; default: PJDLOG_ABORT("Invalid command (%hhu).", cmd); } adreq->adr_cmd = cmd; adreq->adr_seq = seq++; adreq->adr_datasize = size; /* Don't copy if data is already in out buffer. */ if (data != NULL && data != adreq->adr_data) bcopy(data, adreq->adr_data, size); } static bool read_thread_wait(void) { bool newfile = false; mtx_lock(&adist_remote_mtx); if (adhost->adh_reset) { reset: adhost->adh_reset = false; if (trail_filefd(adist_trail) != -1) trail_close(adist_trail); trail_reset(adist_trail); while (adhost->adh_remote == NULL) cv_wait(&adist_remote_cond, &adist_remote_mtx); trail_start(adist_trail, adhost->adh_trail_name, adhost->adh_trail_offset); newfile = true; } mtx_unlock(&adist_remote_mtx); while (trail_filefd(adist_trail) == -1) { newfile = true; wait_for_dir(); /* * We may have been disconnected and reconnected in the * meantime, check if reset is set. */ mtx_lock(&adist_remote_mtx); if (adhost->adh_reset) goto reset; mtx_unlock(&adist_remote_mtx); if (trail_filefd(adist_trail) == -1) trail_next(adist_trail); } if (newfile) { pjdlog_debug(1, "Trail file \"%s/%s\" opened.", adhost->adh_directory, trail_filename(adist_trail)); (void)wait_for_file_init(trail_filefd(adist_trail)); } return (newfile); } static void * read_thread(void *arg __unused) { struct adreq *adreq; ssize_t done; bool newfile; pjdlog_debug(1, "%s started.", __func__); for (;;) { newfile = read_thread_wait(); QUEUE_TAKE(adreq, &adist_free_list, 0); if (newfile) { adreq_fill(adreq, ADIST_CMD_OPEN, trail_filename(adist_trail), 0); newfile = false; goto move; } done = read(trail_filefd(adist_trail), adreq->adr_data, ADIST_BUF_SIZE); if (done == -1) { off_t offset; int error; error = errno; offset = lseek(trail_filefd(adist_trail), 0, SEEK_CUR); errno = error; pjdlog_errno(LOG_ERR, "Error while reading \"%s/%s\" at offset %jd", adhost->adh_directory, trail_filename(adist_trail), offset); trail_close(adist_trail); adreq_fill(adreq, ADIST_CMD_ERROR, NULL, 0); goto move; } else if (done == 0) { /* End of file. */ pjdlog_debug(3, "End of \"%s/%s\".", adhost->adh_directory, trail_filename(adist_trail)); if (!trail_switch(adist_trail)) { /* More audit records can arrive. */ mtx_lock(&adist_free_list_lock); TAILQ_INSERT_TAIL(&adist_free_list, adreq, adr_next); mtx_unlock(&adist_free_list_lock); wait_for_file(); continue; } adreq_fill(adreq, ADIST_CMD_CLOSE, trail_filename(adist_trail), 0); trail_close(adist_trail); goto move; } adreq_fill(adreq, ADIST_CMD_APPEND, adreq->adr_data, done); move: pjdlog_debug(3, "read thread: Moving request %p to the send queue (%hhu).", adreq, adreq->adr_cmd); QUEUE_INSERT(adreq, &adist_send_list); } /* NOTREACHED */ return (NULL); } static void keepalive_send(void) { struct adreq *adreq; rw_rlock(&adist_remote_lock); if (adhost->adh_remote == NULL) { rw_unlock(&adist_remote_lock); return; } rw_unlock(&adist_remote_lock); mtx_lock(&adist_free_list_lock); adreq = TAILQ_FIRST(&adist_free_list); if (adreq != NULL) TAILQ_REMOVE(&adist_free_list, adreq, adr_next); mtx_unlock(&adist_free_list_lock); if (adreq == NULL) return; adreq_fill(adreq, ADIST_CMD_KEEPALIVE, NULL, 0); QUEUE_INSERT(adreq, &adist_send_list); pjdlog_debug(3, "keepalive_send: Request sent."); } /* * Thread sends request to secondary node. */ static void * send_thread(void *arg __unused) { time_t lastcheck, now; struct adreq *adreq; pjdlog_debug(1, "%s started.", __func__); lastcheck = time(NULL); for (;;) { pjdlog_debug(3, "send thread: Taking request."); for (;;) { QUEUE_TAKE(adreq, &adist_send_list, ADIST_KEEPALIVE); if (adreq != NULL) break; now = time(NULL); if (lastcheck + ADIST_KEEPALIVE <= now) { keepalive_send(); lastcheck = now; } } PJDLOG_ASSERT(adreq != NULL); pjdlog_debug(3, "send thread: (%p) Got request %hhu.", adreq, adreq->adr_cmd); /* * Protect connection from disappearing. */ rw_rlock(&adist_remote_lock); /* * Move the request to the recv queue first to avoid race * where the recv thread receives the reply before we move * the request to the recv queue. */ QUEUE_INSERT(adreq, &adist_recv_list); if (adhost->adh_remote == NULL || proto_send(adhost->adh_remote, &adreq->adr_packet, ADPKT_SIZE(adreq)) == -1) { rw_unlock(&adist_remote_lock); pjdlog_debug(1, "send thread: (%p) Unable to send request.", adreq); if (adhost->adh_remote != NULL) sender_disconnect(); continue; } else { pjdlog_debug(3, "Request %p sent successfully.", adreq); adreq_log(LOG_DEBUG, 2, -1, adreq, "send: (%p) Request sent: ", adreq); rw_unlock(&adist_remote_lock); } } /* NOTREACHED */ return (NULL); } static void adrep_decode_header(struct adrep *adrep) { /* Byte-swap only is the receiver is using different byte order. */ if (adrep->adrp_byteorder != ADIST_BYTEORDER) { adrep->adrp_byteorder = ADIST_BYTEORDER; adrep->adrp_seq = bswap64(adrep->adrp_seq); adrep->adrp_error = bswap16(adrep->adrp_error); } } /* * Thread receives answer from secondary node and passes it to ggate_send * thread. */ static void * recv_thread(void *arg __unused) { struct adrep adrep; struct adreq *adreq; pjdlog_debug(1, "%s started.", __func__); for (;;) { /* Wait until there is anything to receive. */ QUEUE_WAIT(&adist_recv_list); pjdlog_debug(3, "recv thread: Got something."); rw_rlock(&adist_remote_lock); if (adhost->adh_remote == NULL) { /* * Connection is dead. * XXX: We shouldn't be here. */ rw_unlock(&adist_remote_lock); continue; } if (proto_recv(adhost->adh_remote, &adrep, sizeof(adrep)) == -1) { rw_unlock(&adist_remote_lock); pjdlog_errno(LOG_ERR, "Unable to receive reply"); sender_disconnect(); continue; } rw_unlock(&adist_remote_lock); adrep_decode_header(&adrep); /* * Find the request that was just confirmed. */ mtx_lock(&adist_recv_list_lock); TAILQ_FOREACH(adreq, &adist_recv_list, adr_next) { if (adreq->adr_seq == adrep.adrp_seq) { TAILQ_REMOVE(&adist_recv_list, adreq, adr_next); break; } } if (adreq == NULL) { /* * If we disconnected in the meantime, just continue. * On disconnect sender_disconnect() clears the queue, * we can use that. */ if (TAILQ_EMPTY(&adist_recv_list)) { mtx_unlock(&adist_recv_list_lock); continue; } mtx_unlock(&adist_recv_list_lock); pjdlog_error("Found no request matching received 'seq' field (%ju).", (uintmax_t)adrep.adrp_seq); sender_disconnect(); continue; } mtx_unlock(&adist_recv_list_lock); adreq_log(LOG_DEBUG, 2, -1, adreq, "recv thread: (%p) Request confirmed: ", adreq); pjdlog_debug(3, "recv thread: (%p) Got request %hhu.", adreq, adreq->adr_cmd); if (adrep.adrp_error != 0) { pjdlog_error("Receiver returned error (%s), disconnecting.", adist_errstr((int)adrep.adrp_error)); sender_disconnect(); continue; } if (adreq->adr_cmd == ADIST_CMD_CLOSE) trail_unlink(adist_trail, adreq->adr_data); pjdlog_debug(3, "Request received successfully."); QUEUE_INSERT(adreq, &adist_free_list); } /* NOTREACHED */ return (NULL); } static void guard_check_connection(void) { PJDLOG_ASSERT(adhost->adh_role == ADIST_ROLE_SENDER); rw_rlock(&adist_remote_lock); if (adhost->adh_remote != NULL) { rw_unlock(&adist_remote_lock); pjdlog_debug(3, "remote_guard: Connection to %s is ok.", adhost->adh_remoteaddr); return; } /* * Upgrade the lock. It doesn't have to be atomic as no other thread * can change connection status from disconnected to connected. */ rw_unlock(&adist_remote_lock); pjdlog_debug(1, "remote_guard: Reconnecting to %s.", adhost->adh_remoteaddr); if (sender_connect() == 0) { pjdlog_info("Successfully reconnected to %s.", adhost->adh_remoteaddr); } else { pjdlog_debug(1, "remote_guard: Reconnect to %s failed.", adhost->adh_remoteaddr); } } /* * Thread guards remote connections and reconnects when needed, handles * signals, etc. */ static void * guard_thread(void *arg __unused) { struct timespec timeout; time_t lastcheck, now; sigset_t mask; int signo; lastcheck = time(NULL); PJDLOG_VERIFY(sigemptyset(&mask) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGINT) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGTERM) == 0); timeout.tv_sec = ADIST_KEEPALIVE; timeout.tv_nsec = 0; signo = -1; for (;;) { switch (signo) { case SIGINT: case SIGTERM: sigexit_received = true; pjdlog_exitx(EX_OK, "Termination signal received, exiting."); break; default: break; } pjdlog_debug(3, "remote_guard: Checking connections."); now = time(NULL); if (lastcheck + ADIST_KEEPALIVE <= now) { guard_check_connection(); lastcheck = now; } signo = sigtimedwait(&mask, NULL, &timeout); } /* NOTREACHED */ return (NULL); } void adist_sender(struct adist_config *config, struct adist_host *adh) { pthread_t td; pid_t pid; int error, mode, debuglevel; /* * Create communication channel for sending connection requests from * child to parent. */ if (proto_connect(NULL, "socketpair://", -1, &adh->adh_conn) == -1) { pjdlog_errno(LOG_ERR, "Unable to create connection sockets between child and parent"); return; } pid = fork(); if (pid == -1) { pjdlog_errno(LOG_ERR, "Unable to fork"); proto_close(adh->adh_conn); adh->adh_conn = NULL; return; } if (pid > 0) { /* This is parent. */ adh->adh_worker_pid = pid; /* Declare that we are receiver. */ proto_recv(adh->adh_conn, NULL, 0); return; } adcfg = config; adhost = adh; mode = pjdlog_mode_get(); debuglevel = pjdlog_debug_get(); /* Declare that we are sender. */ proto_send(adhost->adh_conn, NULL, 0); descriptors_cleanup(adhost); #ifdef TODO descriptors_assert(adhost, mode); #endif pjdlog_init(mode); pjdlog_debug_set(debuglevel); pjdlog_prefix_set("[%s] (%s) ", adhost->adh_name, role2str(adhost->adh_role)); #ifdef HAVE_SETPROCTITLE setproctitle("[%s] (%s) ", adhost->adh_name, role2str(adhost->adh_role)); #endif /* * The sender process should be able to remove entries from its * trail directory, but it should not be able to write to the * trail files, only read from them. */ adist_trail = trail_new(adhost->adh_directory, false); if (adist_trail == NULL) exit(EX_OSFILE); if (sandbox(ADIST_USER, true, "auditdistd: %s (%s)", role2str(adhost->adh_role), adhost->adh_name) != 0) { exit(EX_CONFIG); } pjdlog_info("Privileges successfully dropped."); /* * We can ignore wait_for_dir_init() failures. It will fall back to * using sleep(3). */ (void)wait_for_dir_init(trail_dirfd(adist_trail)); init_environment(); if (sender_connect() == 0) { pjdlog_info("Successfully connected to %s.", adhost->adh_remoteaddr); } adhost->adh_reset = true; /* * Create the guard thread first, so we can handle signals from the * very begining. */ error = pthread_create(&td, NULL, guard_thread, NULL); PJDLOG_ASSERT(error == 0); error = pthread_create(&td, NULL, send_thread, NULL); PJDLOG_ASSERT(error == 0); error = pthread_create(&td, NULL, recv_thread, NULL); PJDLOG_ASSERT(error == 0); (void)read_thread(NULL); } Index: head/contrib/openbsm/bin/auditdistd/sigtimedwait.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/sigtimedwait.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/sigtimedwait.h (revision 292432) @@ -1,92 +1,90 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/sigtimedwait.h#2 $ */ #ifndef _SIGTIMEDWAIT_H_ #define _SIGTIMEDWAIT_H_ #include #include #include #include #include #include #include #include #include "pjdlog.h" static int sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout) { struct itimerval it; sigset_t mask; int error, signo; PJDLOG_ASSERT(info == NULL); PJDLOG_VERIFY(sigemptyset(&mask) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGALRM) == 0); PJDLOG_VERIFY(sigprocmask(SIG_BLOCK, &mask, NULL) == 0); timerclear(&it.it_interval); it.it_value.tv_sec = timeout->tv_sec; it.it_value.tv_usec = timeout->tv_nsec / 1000; if (it.it_value.tv_sec == 0 && it.it_value.tv_usec == 0) it.it_value.tv_usec = 1; PJDLOG_VERIFY(setitimer(ITIMER_REAL, &it, NULL) == 0); bcopy(set, &mask, sizeof(mask)); PJDLOG_VERIFY(sigaddset(&mask, SIGALRM) == 0); PJDLOG_VERIFY(sigwait(&mask, &signo) == 0); error = errno; timerclear(&it.it_interval); timerclear(&it.it_value); PJDLOG_VERIFY(setitimer(ITIMER_REAL, &it, NULL) == 0); PJDLOG_VERIFY(sigemptyset(&mask) == 0); PJDLOG_VERIFY(sigaddset(&mask, SIGALRM) == 0); PJDLOG_VERIFY(sigprocmask(SIG_UNBLOCK, &mask, NULL) == 0); if (signo == SIGALRM) { errno = EAGAIN; signo = -1; } else { errno = error; } return (signo); } #endif /* !_SIGTIMEDWAIT_H_ */ Index: head/contrib/openbsm/bin/auditdistd/strndup.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/strndup.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/strndup.h (revision 292432) @@ -1,55 +1,53 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/strndup.h#1 $ */ #ifndef _STRNDUP_H_ #define _STRNDUP_H_ #include #include static char * strndup(const char *str, size_t len) { size_t outlen; char *outstr; outlen = strlen(str); if (outlen > len) outlen = len; outstr = malloc(outlen + 1); if (outstr != NULL) { memcpy(outstr, str, outlen); outstr[outlen] = '\0'; } return (outstr); } #endif /* !_STRNDUP_H_ */ Index: head/contrib/openbsm/bin/auditdistd/subr.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/subr.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/subr.c (revision 292432) @@ -1,306 +1,304 @@ /*- * Copyright (c) 2011-2012 Pawel Jakub Dawidek * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/subr.c#3 $ */ #include #ifdef HAVE_KQUEUE #include #include #include #endif #include #include #include #include #include #ifndef HAVE_ARC4RANDOM #include #endif #ifndef HAVE_STRLCAT #include #endif #include "auditdistd.h" #include "pjdlog.h" #include "subr.h" int vsnprlcat(char *str, size_t size, const char *fmt, va_list ap) { size_t len; len = strlen(str); return (vsnprintf(str + len, size - len, fmt, ap)); } int snprlcat(char *str, size_t size, const char *fmt, ...) { va_list ap; int result; va_start(ap, fmt); result = vsnprlcat(str, size, fmt, ap); va_end(ap); return (result); } const char * role2str(int role) { switch (role) { case ADIST_ROLE_SENDER: return ("sender"); case ADIST_ROLE_RECEIVER: return ("receiver"); } return ("unknown"); } const char * adist_errstr(int error) { switch (error) { case ADIST_ERROR_WRONG_ORDER: return ("wrong operations order"); case ADIST_ERROR_INVALID_NAME: return ("invalid trail file name"); case ADIST_ERROR_OPEN_OLD: return ("attempt to open an old trail file"); case ADIST_ERROR_CREATE: return ("creation of new trail file failed"); case ADIST_ERROR_OPEN: return ("open of existing trail file failed"); case ADIST_ERROR_READ: return ("read failed"); case ADIST_ERROR_WRITE: return ("write failed"); case ADIST_ERROR_RENAME: return ("rename of a trail file failed"); default: return ("unknown error"); } } void adreq_log(int loglevel, int debuglevel, int error, struct adreq *adreq, const char *fmt, ...) { char msg[1024]; va_list ap; va_start(ap, fmt); (void)vsnprintf(msg, sizeof(msg), fmt, ap); va_end(ap); (void)snprlcat(msg, sizeof(msg), "(seq=%ju) ", (uintmax_t)adreq->adr_seq); switch (adreq->adr_cmd) { case ADIST_CMD_OPEN: (void)snprlcat(msg, sizeof(msg), "OPEN(%s)", adreq->adr_data); break; case ADIST_CMD_APPEND: (void)snprlcat(msg, sizeof(msg), "APPEND(%ju)", (uintmax_t)adreq->adr_datasize); break; case ADIST_CMD_CLOSE: (void)snprlcat(msg, sizeof(msg), "CLOSE(%s)", adreq->adr_data); break; case ADIST_CMD_KEEPALIVE: (void)snprlcat(msg, sizeof(msg), "KEEPALIVE"); break; case ADIST_CMD_ERROR: (void)snprlcat(msg, sizeof(msg), "ERROR"); break; default: (void)snprlcat(msg, sizeof(msg), "UNKNOWN(%hhu)", adreq->adr_cmd); break; } if (error != -1) (void)snprlcat(msg, sizeof(msg), ": %s", adist_errstr(error)); (void)strlcat(msg, ".", sizeof(msg)); pjdlog_common(loglevel, debuglevel, -1, "%s", msg); } int adist_random(unsigned char *buf, size_t size) { #ifdef HAVE_ARC4RANDOM_BUF arc4random_buf(buf, size); return (0); #elif defined(HAVE_ARC4RANDOM) uint32_t val; PJDLOG_ASSERT(size > 0); PJDLOG_ASSERT((size % sizeof(val)) == 0); do { val = arc4random(); bcopy(&val, buf, sizeof(val)); buf += sizeof(val); size -= sizeof(val); } while (size > 0); return (0); #else if (RAND_bytes(buf, (int)size) == 0) return (-1); return (0); #endif } static int wait_for_dir_kq = -1; static int wait_for_file_kq = -1; int wait_for_dir_init(int fd) { #ifdef HAVE_KQUEUE struct kevent ev; int error, kq; PJDLOG_ASSERT(wait_for_dir_kq == -1); #endif PJDLOG_ASSERT(fd != -1); #ifdef HAVE_KQUEUE kq = kqueue(); if (kq == -1) { pjdlog_errno(LOG_WARNING, "kqueue() failed"); return (-1); } EV_SET(&ev, fd, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_CLEAR, NOTE_WRITE, 0, 0); if (kevent(kq, &ev, 1, NULL, 0, NULL) == -1) { error = errno; pjdlog_errno(LOG_WARNING, "kevent() failed"); (void)close(kq); errno = error; return (-1); } wait_for_dir_kq = kq; #endif return (0); } int wait_for_file_init(int fd) { #ifdef HAVE_KQUEUE struct kevent ev[2]; int error, kq; #endif PJDLOG_ASSERT(fd != -1); #ifdef HAVE_KQUEUE if (wait_for_file_kq != -1) { close(wait_for_file_kq); wait_for_file_kq = -1; } kq = kqueue(); if (kq == -1) { pjdlog_errno(LOG_WARNING, "kqueue() failed"); return (-1); } EV_SET(&ev[0], fd, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_CLEAR, NOTE_RENAME, 0, 0); EV_SET(&ev[1], fd, EVFILT_READ, EV_ADD | EV_ENABLE | EV_CLEAR, 0, 0, 0); if (kevent(kq, ev, 2, NULL, 0, NULL) == -1) { error = errno; pjdlog_errno(LOG_WARNING, "kevent() failed"); (void)close(kq); errno = error; return (-1); } wait_for_file_kq = kq; #endif return (0); } /* * Wait for new file to appear in directory. */ void wait_for_dir(void) { #ifdef HAVE_KQUEUE struct kevent ev; #endif if (wait_for_dir_kq == -1) { sleep(1); return; } #ifdef HAVE_KQUEUE PJDLOG_ASSERT(wait_for_dir_kq != -1); if (kevent(wait_for_dir_kq, NULL, 0, &ev, 1, NULL) == -1) { pjdlog_errno(LOG_WARNING, "kevent() failed"); sleep(1); } #endif } /* * Wait for file growth or rename. */ void wait_for_file(void) { #ifdef HAVE_KQUEUE struct kevent ev[2]; #endif if (wait_for_file_kq == -1) { sleep(1); return; } #ifdef HAVE_KQUEUE PJDLOG_ASSERT(wait_for_file_kq != -1); if (kevent(wait_for_file_kq, NULL, 0, ev, 2, NULL) == -1) { pjdlog_errno(LOG_WARNING, "kevent() failed"); sleep(1); } #endif } Index: head/contrib/openbsm/bin/auditdistd/subr.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/subr.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/subr.h (revision 292432) @@ -1,60 +1,58 @@ /*- * Copyright (c) 2011 Pawel Jakub Dawidek * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/subr.h#1 $ */ #ifndef _AUDITDISTD_SUBR_H_ #define _AUDITDISTD_SUBR_H_ #include #include "auditdistd.h" #define KEEP_ERRNO(work) do { \ int _rerrno; \ \ _rerrno = errno; \ work; \ errno = _rerrno; \ } while (0) int vsnprlcat(char *str, size_t size, const char *fmt, va_list ap); int snprlcat(char *str, size_t size, const char *fmt, ...); const char *role2str(int role); const char *adist_errstr(int error); void adreq_log(int loglevel, int debuglevel, int error, struct adreq *adreq, const char *fmt, ...); int adist_random(unsigned char *buf, size_t size); int wait_for_dir_init(int fd); int wait_for_file_init(int fd); void wait_for_dir(void); void wait_for_file(void); #endif /* !_AUDITDISTD_SUBR_H_ */ Index: head/contrib/openbsm/bin/auditdistd/synch.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/synch.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/synch.h (revision 292432) @@ -1,206 +1,204 @@ /*- * Copyright (c) 2009-2010 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/synch.h#3 $ */ #ifndef _SYNCH_H_ #define _SYNCH_H_ #include #include #ifdef HAVE_PTHREAD_NP_H #include #endif #include #include #include "pjdlog.h" #ifndef PJDLOG_ASSERT #include #define PJDLOG_ASSERT(...) assert(__VA_ARGS__) #endif static __inline void mtx_init(pthread_mutex_t *lock) { int error; error = pthread_mutex_init(lock, NULL); PJDLOG_ASSERT(error == 0); } static __inline void mtx_destroy(pthread_mutex_t *lock) { int error; error = pthread_mutex_destroy(lock); PJDLOG_ASSERT(error == 0); } static __inline void mtx_lock(pthread_mutex_t *lock) { int error; error = pthread_mutex_lock(lock); PJDLOG_ASSERT(error == 0); } static __inline bool mtx_trylock(pthread_mutex_t *lock) { int error; error = pthread_mutex_trylock(lock); PJDLOG_ASSERT(error == 0 || error == EBUSY); return (error == 0); } static __inline void mtx_unlock(pthread_mutex_t *lock) { int error; error = pthread_mutex_unlock(lock); PJDLOG_ASSERT(error == 0); } static __inline bool mtx_owned(pthread_mutex_t *lock) { return (pthread_mutex_isowned_np(lock) != 0); } static __inline void rw_init(pthread_rwlock_t *lock) { int error; error = pthread_rwlock_init(lock, NULL); PJDLOG_ASSERT(error == 0); } static __inline void rw_destroy(pthread_rwlock_t *lock) { int error; error = pthread_rwlock_destroy(lock); PJDLOG_ASSERT(error == 0); } static __inline void rw_rlock(pthread_rwlock_t *lock) { int error; error = pthread_rwlock_rdlock(lock); PJDLOG_ASSERT(error == 0); } static __inline void rw_wlock(pthread_rwlock_t *lock) { int error; error = pthread_rwlock_wrlock(lock); PJDLOG_ASSERT(error == 0); } static __inline void rw_unlock(pthread_rwlock_t *lock) { int error; error = pthread_rwlock_unlock(lock); PJDLOG_ASSERT(error == 0); } static __inline void cv_init(pthread_cond_t *cv) { pthread_condattr_t attr; int error; error = pthread_condattr_init(&attr); PJDLOG_ASSERT(error == 0); #ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK error = pthread_condattr_setclock(&attr, CLOCK_MONOTONIC); PJDLOG_ASSERT(error == 0); #endif error = pthread_cond_init(cv, &attr); PJDLOG_ASSERT(error == 0); error = pthread_condattr_destroy(&attr); PJDLOG_ASSERT(error == 0); } static __inline void cv_wait(pthread_cond_t *cv, pthread_mutex_t *lock) { int error; error = pthread_cond_wait(cv, lock); PJDLOG_ASSERT(error == 0); } static __inline bool cv_timedwait(pthread_cond_t *cv, pthread_mutex_t *lock, int timeout) { struct timespec ts; int error; if (timeout == 0) { cv_wait(cv, lock); return (false); } #ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK error = clock_gettime(CLOCK_MONOTONIC, &ts); PJDLOG_ASSERT(error == 0); ts.tv_sec += timeout; error = pthread_cond_timedwait(cv, lock, &ts); #elif HAVE_PTHREAD_COND_TIMEDWAIT_RELATIVE_NP ts.tv_sec = timeout; ts.tv_nsec = 0; error = pthread_cond_timedwait_relative_np(cv, lock, &ts); #else #error Neither pthread_condattr_setclock nor pthread_cond_timedwait_relative_np is available. #endif PJDLOG_ASSERT(error == 0 || error == ETIMEDOUT); return (error == ETIMEDOUT); } static __inline void cv_signal(pthread_cond_t *cv) { int error; error = pthread_cond_signal(cv); PJDLOG_ASSERT(error == 0); } static __inline void cv_broadcast(pthread_cond_t *cv) { int error; error = pthread_cond_broadcast(cv); PJDLOG_ASSERT(error == 0); } #endif /* !_SYNCH_H_ */ Index: head/contrib/openbsm/bin/auditdistd/token.l =================================================================== --- head/contrib/openbsm/bin/auditdistd/token.l (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/token.l (revision 292432) @@ -1,84 +1,82 @@ %{ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/token.l#2 $ */ #include #include #include #ifndef HAVE_STRNDUP #include "strndup.h" #endif #include "auditdistd.h" #include "parse.h" #define SECTION_GLOBAL 0 #define SECTION_SENDER 1 #define SECTION_RECEIVER 2 int cursection; int depth; int lineno; #define DP do { } while (0) #define YY_DECL int yylex(void) %} %option noinput %option nounput %option noyywrap %% certfile { DP; return CERTFILE; } directory { DP; return DIRECTORY; } fingerprint { DP; return FINGERPRINT; } host { DP; return HOST; } keyfile { DP; return KEYFILE; } listen { DP; return LISTEN; } name { DP; return NAME; } password { DP; return PASSWORD; } pidfile { DP; return PIDFILE; } receiver { DP; return RECEIVER; } remote { DP; return REMOTE; } sender { DP; return SENDER; } source { DP; return SOURCE; } timeout { DP; return TIMEOUT; } [0-9]+ { DP; yylval.num = atoi(yytext); return NUM; } \"[a-zA-Z0-9_/ !@#\$%\^\&\*\(\)\+\=\|\;\?\,\.\[\]\-\:]*\" { DP; yylval.str = strndup(yytext + 1, strlen(yytext) - 2); return STR; } \{ { DP; depth++; return OB; } \} { DP; depth--; return CB; } #.*$ /* ignore comments */; \n { lineno++; } [ \t]+ /* ignore whitespace */; %% Index: head/contrib/openbsm/bin/auditdistd/trail.c =================================================================== --- head/contrib/openbsm/bin/auditdistd/trail.c (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/trail.c (revision 292432) @@ -1,611 +1,609 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/trail.c#3 $ */ #include #include #include #include #include #include #include #include #include #include #include #include #ifndef HAVE_STRLCPY #include #endif #ifndef HAVE_FACCESSAT #include "faccessat.h" #endif #ifndef HAVE_FSTATAT #include "fstatat.h" #endif #ifndef HAVE_OPENAT #include "openat.h" #endif #ifndef HAVE_UNLINKAT #include "unlinkat.h" #endif #include "pjdlog.h" #include "trail.h" #define TRAIL_MAGIC 0x79a11 struct trail { int tr_magic; /* Path usually to /var/audit/dist/ directory. */ char tr_dirname[PATH_MAX]; /* Descriptor to td_dirname directory. */ DIR *tr_dirfp; /* Path to audit trail file. */ char tr_filename[PATH_MAX]; /* Descriptor to audit trail file. */ int tr_filefd; }; #define HALF_LEN 14 bool trail_is_not_terminated(const char *filename) { return (strcmp(filename + HALF_LEN, ".not_terminated") == 0); } bool trail_is_crash_recovery(const char *filename) { return (strcmp(filename + HALF_LEN, ".crash_recovery") == 0); } struct trail * trail_new(const char *dirname, bool create) { struct trail *trail; trail = calloc(1, sizeof(*trail)); if (strlcpy(trail->tr_dirname, dirname, sizeof(trail->tr_dirname)) >= sizeof(trail->tr_dirname)) { free(trail); pjdlog_error("Directory name too long (\"%s\").", dirname); errno = ENAMETOOLONG; return (NULL); } trail->tr_dirfp = opendir(dirname); if (trail->tr_dirfp == NULL) { if (create && errno == ENOENT) { if (mkdir(dirname, 0700) == -1) { pjdlog_errno(LOG_ERR, "Unable to create directory \"%s\"", dirname); free(trail); return (NULL); } /* TODO: Set directory ownership. */ } else { pjdlog_errno(LOG_ERR, "Unable to open directory \"%s\"", dirname); free(trail); return (NULL); } trail->tr_dirfp = opendir(dirname); if (trail->tr_dirfp == NULL) { pjdlog_errno(LOG_ERR, "Unable to open directory \"%s\"", dirname); free(trail); return (NULL); } } trail->tr_filefd = -1; trail->tr_magic = TRAIL_MAGIC; return (trail); } void trail_free(struct trail *trail) { PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); if (trail->tr_filefd != -1) trail_close(trail); closedir(trail->tr_dirfp); bzero(trail, sizeof(*trail)); trail->tr_magic = 0; trail->tr_filefd = -1; free(trail); } static uint8_t trail_type(DIR *dirfp, const char *filename) { struct stat sb; int dfd; PJDLOG_ASSERT(dirfp != NULL); dfd = dirfd(dirfp); PJDLOG_ASSERT(dfd >= 0); if (fstatat(dfd, filename, &sb, AT_SYMLINK_NOFOLLOW) == -1) { pjdlog_errno(LOG_ERR, "Unable to stat \"%s\"", filename); return (DT_UNKNOWN); } return (IFTODT(sb.st_mode)); } /* * Find trail file by first part of the name in case it was renamed. * First part of the trail file name never changes, but trail file * can be renamed when hosts are disconnected from .not_terminated * to .[0-9]{14} or to .crash_recovery. */ static bool trail_find(struct trail *trail) { struct dirent *dp; PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); PJDLOG_ASSERT(trail_is_not_terminated(trail->tr_filename)); rewinddir(trail->tr_dirfp); while ((dp = readdir(trail->tr_dirfp)) != NULL) { if (strncmp(dp->d_name, trail->tr_filename, HALF_LEN + 1) == 0) break; } if (dp == NULL) return (false); PJDLOG_VERIFY(strlcpy(trail->tr_filename, dp->d_name, sizeof(trail->tr_filename)) < sizeof(trail->tr_filename)); return (true); } /* * Open the given trail file and move pointer at the given offset, as this is * where receiver finished the last time. * If the file doesn't exist or the given offset is equal to the file size, * move to the next trail file. */ void trail_start(struct trail *trail, const char *filename, off_t offset) { struct stat sb; int dfd, fd; PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); PJDLOG_VERIFY(strlcpy(trail->tr_filename, filename, sizeof(trail->tr_filename)) < sizeof(trail->tr_filename)); trail->tr_filefd = -1; if (trail->tr_filename[0] == '\0') { PJDLOG_ASSERT(offset == 0); trail_next(trail); return; } dfd = dirfd(trail->tr_dirfp); PJDLOG_ASSERT(dfd >= 0); again: fd = openat(dfd, trail->tr_filename, O_RDONLY); if (fd == -1) { if (errno == ENOENT && trail_is_not_terminated(trail->tr_filename) && trail_find(trail)) { /* File was renamed. Retry with new name. */ pjdlog_debug(1, "Trail file was renamed since last connection to \"%s/%s\".", trail->tr_dirname, trail->tr_filename); goto again; } else if (errno == ENOENT) { /* File disappeared. */ pjdlog_debug(1, "File \"%s/%s\" doesn't exist.", trail->tr_dirname, trail->tr_filename); } else { pjdlog_errno(LOG_ERR, "Unable to open file \"%s/%s\", skipping", trail->tr_dirname, trail->tr_filename); } trail_next(trail); return; } if (fstat(fd, &sb) == -1) { pjdlog_errno(LOG_ERR, "Unable to stat file \"%s/%s\", skipping", trail->tr_dirname, trail->tr_filename); close(fd); trail_next(trail); return; } if (!S_ISREG(sb.st_mode)) { pjdlog_warning("File \"%s/%s\" is not a regular file, skipping.", trail->tr_dirname, trail->tr_filename); close(fd); trail_next(trail); return; } /* * We continue sending requested file if: * 1. It is not fully sent yet, or * 2. It is fully sent, but is not terminated, so new data can be * appended still, or * 3. It is fully sent but file name has changed. * * Note that we are fine if our .not_terminated or .crash_recovery file * is smaller than the one on the receiver side, as it is possible that * more data was send to the receiver than was safely stored on disk. * We accept .not_terminated only because auditdistd can start before * auditd manage to rename it to .crash_recovery. */ if (offset < sb.st_size || (offset >= sb.st_size && trail_is_not_terminated(trail->tr_filename)) || (offset >= sb.st_size && trail_is_not_terminated(filename) && trail_is_crash_recovery(trail->tr_filename))) { /* File was not fully send. Let's finish it. */ if (lseek(fd, offset, SEEK_SET) == -1) { pjdlog_errno(LOG_ERR, "Unable to move to offset %jd within file \"%s/%s\", skipping", (intmax_t)offset, trail->tr_dirname, trail->tr_filename); close(fd); trail_next(trail); return; } if (!trail_is_crash_recovery(trail->tr_filename)) { pjdlog_debug(1, "Restarting file \"%s/%s\" at offset %jd.", trail->tr_dirname, trail->tr_filename, (intmax_t)offset); } trail->tr_filefd = fd; return; } close(fd); if (offset > sb.st_size) { pjdlog_warning("File \"%s/%s\" shrinked, removing it.", trail->tr_dirname, trail->tr_filename); } else { pjdlog_debug(1, "File \"%s/%s\" is already sent, removing it.", trail->tr_dirname, trail->tr_filename); } /* Entire file is already sent or it shirnked, we can remove it. */ if (unlinkat(dfd, trail->tr_filename, 0) == -1) { pjdlog_errno(LOG_WARNING, "Unable to remove file \"%s/%s\"", trail->tr_dirname, trail->tr_filename); } trail_next(trail); } /* * Set next file in the trail->tr_dirname directory and open it for reading. */ void trail_next(struct trail *trail) { char curfile[PATH_MAX]; struct dirent *dp; int dfd; PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); PJDLOG_ASSERT(trail->tr_filefd == -1); again: curfile[0] = '\0'; rewinddir(trail->tr_dirfp); while ((dp = readdir(trail->tr_dirfp)) != NULL) { if (dp->d_name[0] < '0' || dp->d_name[0] > '9') continue; if (dp->d_type == DT_UNKNOWN) dp->d_type = trail_type(trail->tr_dirfp, dp->d_name); /* We are only interested in regular files, skip the rest. */ if (dp->d_type != DT_REG) { pjdlog_debug(1, "File \"%s/%s\" is not a regular file, skipping.", trail->tr_dirname, dp->d_name); continue; } /* Skip all files "greater" than curfile. */ if (curfile[0] != '\0' && strcmp(dp->d_name, curfile) > 0) continue; /* Skip all files "smaller" than the current trail_filename. */ if (trail->tr_filename[0] != '\0' && strcmp(dp->d_name, trail->tr_filename) <= 0) { continue; } PJDLOG_VERIFY(strlcpy(curfile, dp->d_name, sizeof(curfile)) < sizeof(curfile)); } if (curfile[0] == '\0') { /* * There are no new trail files, so we return. * We don't clear trail_filename string, to know where to * start when new file appears. */ PJDLOG_ASSERT(trail->tr_filefd == -1); pjdlog_debug(1, "No new trail files."); return; } PJDLOG_VERIFY(strlcpy(trail->tr_filename, curfile, sizeof(trail->tr_filename)) < sizeof(trail->tr_filename)); dfd = dirfd(trail->tr_dirfp); PJDLOG_ASSERT(dfd >= 0); trail->tr_filefd = openat(dfd, trail->tr_filename, O_RDONLY); if (trail->tr_filefd == -1) { pjdlog_errno(LOG_ERR, "Unable to open file \"%s/%s\", skipping", trail->tr_dirname, trail->tr_filename); goto again; } pjdlog_debug(1, "Found next trail file: \"%s/%s\".", trail->tr_dirname, trail->tr_filename); } /* * Close current trial file. */ void trail_close(struct trail *trail) { PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); PJDLOG_ASSERT(trail->tr_filefd >= 0); PJDLOG_ASSERT(trail->tr_filename[0] != '\0'); PJDLOG_VERIFY(close(trail->tr_filefd) == 0); trail->tr_filefd = -1; } /* * Reset trail state. Used when connection is disconnected and we will * need to start over after reconnect. Trail needs to be already closed. */ void trail_reset(struct trail *trail) { PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); PJDLOG_ASSERT(trail->tr_filefd == -1); trail->tr_filename[0] = '\0'; } /* * Unlink current trial file. */ void trail_unlink(struct trail *trail, const char *filename) { int dfd; PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); PJDLOG_ASSERT(filename != NULL); PJDLOG_ASSERT(filename[0] != '\0'); dfd = dirfd(trail->tr_dirfp); PJDLOG_ASSERT(dfd >= 0); if (unlinkat(dfd, filename, 0) == -1) { pjdlog_errno(LOG_ERR, "Unable to remove \"%s/%s\"", trail->tr_dirname, filename); } else { pjdlog_debug(1, "Trail file \"%s/%s\" removed.", trail->tr_dirname, filename); } } /* * Return true if we should switch to next trail file. * We don't switch if our file name ends with ".not_terminated" and it * exists (ie. wasn't renamed). */ bool trail_switch(struct trail *trail) { char filename[PATH_MAX]; int fd; PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); PJDLOG_ASSERT(trail->tr_filefd >= 0); if (!trail_is_not_terminated(trail->tr_filename)) return (true); fd = dirfd(trail->tr_dirfp); PJDLOG_ASSERT(fd >= 0); if (faccessat(fd, trail->tr_filename, F_OK, 0) == 0) return (false); if (errno != ENOENT) { pjdlog_errno(LOG_ERR, "Unable to access file \"%s/%s\"", trail->tr_dirname, trail->tr_filename); } strlcpy(filename, trail->tr_filename, sizeof(filename)); if (!trail_find(trail)) { pjdlog_error("Trail file \"%s/%s\" disappeared.", trail->tr_dirname, trail->tr_filename); return (true); } pjdlog_debug(1, "Trail file \"%s/%s\" was renamed to \"%s/%s\".", trail->tr_dirname, filename, trail->tr_dirname, trail->tr_filename); return (true); } const char * trail_filename(const struct trail *trail) { PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); return (trail->tr_filename); } int trail_filefd(const struct trail *trail) { PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); return (trail->tr_filefd); } int trail_dirfd(const struct trail *trail) { PJDLOG_ASSERT(trail->tr_magic == TRAIL_MAGIC); return (dirfd(trail->tr_dirfp)); } /* * Find the last file in the directory opened under dirfp. */ void trail_last(DIR *dirfp, char *filename, size_t filenamesize) { char curfile[PATH_MAX]; struct dirent *dp; PJDLOG_ASSERT(dirfp != NULL); curfile[0] = '\0'; rewinddir(dirfp); while ((dp = readdir(dirfp)) != NULL) { if (dp->d_name[0] < '0' || dp->d_name[0] > '9') continue; if (dp->d_type == DT_UNKNOWN) dp->d_type = trail_type(dirfp, dp->d_name); /* We are only interested in regular files, skip the rest. */ if (dp->d_type != DT_REG) continue; /* Skip all files "greater" than curfile. */ if (curfile[0] != '\0' && strcmp(dp->d_name, curfile) < 0) continue; PJDLOG_VERIFY(strlcpy(curfile, dp->d_name, sizeof(curfile)) < sizeof(curfile)); } if (curfile[0] == '\0') { /* * There are no trail files, so we return. */ pjdlog_debug(1, "No trail files."); bzero(filename, filenamesize); return; } PJDLOG_VERIFY(strlcpy(filename, curfile, filenamesize) < filenamesize); pjdlog_debug(1, "Found the most recent trail file: \"%s\".", filename); } /* * Check if the given file name is a valid audit trail file name. * Possible names: * 20120106132657.20120106132805 * 20120106132657.not_terminated * 20120106132657.crash_recovery * If two names are given, check if the first name can be renamed * to the second name. When renaming, first part of the name has * to be identical and only the following renames are valid: * 20120106132657.not_terminated -> 20120106132657.20120106132805 * 20120106132657.not_terminated -> 20120106132657.crash_recovery */ bool trail_validate_name(const char *srcname, const char *dstname) { int i; PJDLOG_ASSERT(srcname != NULL); if (strlen(srcname) != 2 * HALF_LEN + 1) return (false); if (srcname[HALF_LEN] != '.') return (false); for (i = 0; i < HALF_LEN; i++) { if (srcname[i] < '0' || srcname[i] > '9') return (false); } for (i = HALF_LEN + 1; i < 2 * HALF_LEN - 1; i++) { if (srcname[i] < '0' || srcname[i] > '9') break; } if (i < 2 * HALF_LEN - 1 && strcmp(srcname + HALF_LEN + 1, "not_terminated") != 0 && strcmp(srcname + HALF_LEN + 1, "crash_recovery") != 0) { return (false); } if (dstname == NULL) return (true); /* We tolarate if both names are identical. */ if (strcmp(srcname, dstname) == 0) return (true); /* We can only rename not_terminated files. */ if (strcmp(srcname + HALF_LEN + 1, "not_terminated") != 0) return (false); if (strlen(dstname) != 2 * HALF_LEN + 1) return (false); if (strncmp(srcname, dstname, HALF_LEN + 1) != 0) return (false); for (i = HALF_LEN + 1; i < 2 * HALF_LEN - 1; i++) { if (dstname[i] < '0' || dstname[i] > '9') break; } if (i < 2 * HALF_LEN - 1 && strcmp(dstname + HALF_LEN + 1, "crash_recovery") != 0) { return (false); } return (true); } int trail_name_compare(const char *name0, const char *name1) { int ret; ret = strcmp(name0, name1); if (ret == 0) return (TRAIL_IDENTICAL); if (strncmp(name0, name1, HALF_LEN + 1) == 0) return (TRAIL_RENAMED); return (ret < 0 ? TRAIL_OLDER : TRAIL_NEWER); } Index: head/contrib/openbsm/bin/auditdistd/trail.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/trail.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/trail.h (revision 292432) @@ -1,62 +1,60 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/trail.h#1 $ */ #ifndef _AUDITDISTD_TRAIL_H_ #define _AUDITDISTD_TRAIL_H_ #include #include /* off_t */ #define TRAIL_IDENTICAL 0 #define TRAIL_RENAMED 1 #define TRAIL_OLDER 2 #define TRAIL_NEWER 3 struct trail; struct trail *trail_new(const char *dirname, bool create); void trail_free(struct trail *trail); bool trail_is_not_terminated(const char *filename); bool trail_is_crash_recovery(const char *filename); void trail_start(struct trail *trail, const char *filename, off_t offset); void trail_next(struct trail *trail); void trail_close(struct trail *trail); void trail_reset(struct trail *trail); void trail_unlink(struct trail *trail, const char *filename); bool trail_switch(struct trail *trail); const char *trail_filename(const struct trail *trail); int trail_filefd(const struct trail *trail); int trail_dirfd(const struct trail *trail); void trail_last(DIR *dirfp, char *filename, size_t filenamesize); bool trail_validate_name(const char *srcname, const char *dstname); int trail_name_compare(const char *name0, const char *name1); #endif /* !_AUDITDISTD_TRAIL_H_ */ Index: head/contrib/openbsm/bin/auditdistd/unlinkat.h =================================================================== --- head/contrib/openbsm/bin/auditdistd/unlinkat.h (revision 292431) +++ head/contrib/openbsm/bin/auditdistd/unlinkat.h (revision 292432) @@ -1,68 +1,66 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/unlinkat.h#1 $ */ #ifndef _UNLINKAT_H_ #define _UNLINKAT_H_ #include #include #define AT_REMOVEDIR 0x01 static int unlinkat(int fd, const char *path, int flag) { int cfd, error, ret; cfd = open(".", O_RDONLY | O_DIRECTORY); if (cfd == -1) return (-1); if (fchdir(fd) == -1) { error = errno; (void)close(cfd); errno = error; return (-1); } if (flag == AT_REMOVEDIR) ret = rmdir(path); else ret = unlink(path); error = errno; (void)fchdir(cfd); (void)close(cfd); errno = error; return (ret); } #endif /* !_UNLINKAT_H_ */ Index: head/contrib/openbsm/bin/auditfilterd/Makefile.am =================================================================== --- head/contrib/openbsm/bin/auditfilterd/Makefile.am (revision 292431) +++ head/contrib/openbsm/bin/auditfilterd/Makefile.am (revision 292432) @@ -1,14 +1,10 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.am#4 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif sbin_PROGRAMS = auditfilterd auditfilterd_SOURCES = auditfilterd_conf.c auditfilterd.c auditfilterd_LDADD = $(top_builddir)/libbsm/libbsm.la man8_MANS = auditfilterd.8 Index: head/contrib/openbsm/bin/auditfilterd/auditfilterd.8 =================================================================== --- head/contrib/openbsm/bin/auditfilterd/auditfilterd.8 (revision 292431) +++ head/contrib/openbsm/bin/auditfilterd/auditfilterd.8 (revision 292432) @@ -1,86 +1,84 @@ .\"- .\" Copyright (c) 2006 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.8#6 $ -.\" .Dd October 3, 2006 .Dt AUDITFILTERD 8 .Os .Sh NAME .Nm auditfilterd .Nd audit filter daemon .Sh SYNOPSIS .Nm .Op Fl d .Op Fl c Ar conffile .Op Fl p Ar pipefile .Op Fl t Ar trailfile .Sh DESCRIPTION The .Nm daemon is an extensible audit event monitoring daemon, allowing pluggable modules to track audit events from a live audit source. It is configured using the audit_filter configuration file. The source can either be a pipe or a file. .Pp The options are as follows: .Bl -tag -width indent .It Fl c Ar conffile Specify an alternative configuration file. .It Fl d Starts the daemon in debug mode \[em] it will not daemonize. .It Fl p Ar pipefile Specify a pipe as an alternative source of audit event records. Default is .Pa /dev/auditpipe . .It Fl t Ar trailfile Specify a file as an alternative source of audit event records. .El .Sh FILES .Bl -tag -width ".Pa /etc/security/audit_filterd" -compact .It Pa /etc/security/audit_filterd Default configuration file for .Nm . .It Pa /dev/auditpipe Default audit record source for .Nm . .El .Sh SEE ALSO .Xr audit 8 , .Xr auditd 8 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS The .Nm daemon and audit filter APIs were created by .An Robert Watson . .Sh BUGS .Nm is experimental, and should not be relied on in production. APIs and services it offers can and will change in future OpenBSM releases. Index: head/contrib/openbsm/bin/auditfilterd/auditfilterd.c =================================================================== --- head/contrib/openbsm/bin/auditfilterd/auditfilterd.c (revision 292431) +++ head/contrib/openbsm/bin/auditfilterd/auditfilterd.c (revision 292432) @@ -1,354 +1,352 @@ /*- * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#13 $ */ /* * Main file for the audit filter daemon, which presents audit records to a * set of run-time registered loadable modules. This is the main event loop * of the daemon, which handles starting up, waiting for records, and * presenting records to configured modules. auditfilterd_conf.c handles the * reading and management of the configuration, module list and module state, * etc. */ #include #include #include #include #ifdef HAVE_FULL_QUEUE_H #include #else #include #endif #ifndef HAVE_CLOCK_GETTIME #include #endif #include #include #include #include #include #include #include #include #include #include "auditfilterd.h" /* * Global list of registered filters. */ struct auditfilter_module_list filter_list; /* * Configuration and signal->main flags. */ int debug; /* Debugging mode requested, don't detach. */ int reread_config; /* SIGHUP has been received. */ int quit; /* SIGQUIT/TERM/INT has been received. */ static void usage(void) { fprintf(stderr, "auditfilterd [-d] [-c conffile] [-p pipefile]" " [-t trailfile]\n"); fprintf(stderr, " -c Specify configuration file (default: %s)\n", AUDITFILTERD_CONFFILE); fprintf(stderr, " -d Debugging mode, don't daemonize\n"); fprintf(stderr, " -p Specify pipe file (default: %s)\n", AUDITFILTERD_PIPEFILE); fprintf(stderr, " -t Specify audit trail file (default: none)\n"); exit(-1); } static void auditfilterd_init(void) { TAILQ_INIT(&filter_list); } static void signal_handler(int signum) { switch (signum) { case SIGHUP: reread_config++; break; case SIGINT: case SIGTERM: case SIGQUIT: quit++; break; } } /* * Present raw BSM to a set of registered and interested filters. */ static void present_rawrecord(struct timespec *ts, u_char *data, u_int len) { struct auditfilter_module *am; TAILQ_FOREACH(am, &filter_list, am_list) { if (am->am_rawrecord != NULL) (am->am_rawrecord)(am, ts, data, len); } } /* - * Parse the BSM into a set of tokens, which will be pased to registered + * Parse the BSM into a set of tokens, which will be passed to registered * and interested filters. */ #define MAX_TOKENS 128 /* Maximum tokens we handle per record. */ static void present_tokens(struct timespec *ts, u_char *data, u_int len) { struct auditfilter_module *am; tokenstr_t tokens[MAX_TOKENS]; u_int bytesread; int tokencount; tokencount = 0; while (bytesread < len) { if (au_fetch_tok(&tokens[tokencount], data + bytesread, len - bytesread) == -1) break; bytesread += tokens[tokencount].len; tokencount++; } TAILQ_FOREACH(am, &filter_list, am_list) { if (am->am_record != NULL) (am->am_record)(am, ts, tokencount, tokens); } } /* * The main loop spins pulling records out of the record source and passing * them to modules for processing. */ static void mainloop_file(const char *conffile, const char *trailfile, FILE *trail_fp) { struct timespec ts; FILE *conf_fp; u_char *buf; int reclen; while (1) { /* * On SIGHUP, we reread the configuration file and reopen * the trail file. */ if (reread_config) { reread_config = 0; warnx("rereading configuration"); conf_fp = fopen(conffile, "r"); if (conf_fp == NULL) err(-1, "%s", conffile); auditfilterd_conf(conffile, conf_fp); fclose(conf_fp); fclose(trail_fp); trail_fp = fopen(trailfile, "r"); if (trail_fp == NULL) err(-1, "%s", trailfile); } if (quit) { warnx("quitting"); break; } /* * For now, be relatively unrobust about incomplete records, * but in the future will want to do better. Need to look * more at the right blocking and signal behavior here. */ reclen = au_read_rec(trail_fp, &buf); if (reclen == -1) continue; if (clock_gettime(CLOCK_REALTIME, &ts) < 0) err(-1, "clock_gettime"); present_rawrecord(&ts, buf, reclen); present_tokens(&ts, buf, reclen); free(buf); } } /* * The main loop spins pulling records out of the record source and passing * them to modules for processing. This version of the function accepts * discrete record input from a file descriptor, as opposed to buffered input * from a file stream. */ static void mainloop_pipe(const char *conffile, const char *pipefile __unused, int pipe_fd) { u_char record[MAX_AUDIT_RECORD_SIZE]; struct timespec ts; FILE *conf_fp; int reclen; while (1) { /* * On SIGHUP, we reread the configuration file. Unlike with * a trail file, we don't reopen the pipe, as we don't want * to miss records which will be flushed if we do. */ if (reread_config) { reread_config = 0; warnx("rereading configuration"); conf_fp = fopen(conffile, "r"); if (conf_fp == NULL) err(-1, "%s", conffile); auditfilterd_conf(conffile, conf_fp); fclose(conf_fp); } if (quit) { warnx("quitting"); break; } /* * For now, be relatively unrobust about incomplete records, * but in the future will want to do better. Need to look * more at the right blocking and signal behavior here. */ reclen = read(pipe_fd, record, MAX_AUDIT_RECORD_SIZE); if (reclen < 0) continue; if (clock_gettime(CLOCK_REALTIME, &ts) < 0) err(-1, "clock_gettime"); present_rawrecord(&ts, record, reclen); present_tokens(&ts, record, reclen); } } int main(int argc, char *argv[]) { const char *pipefile, *trailfile, *conffile; FILE *trail_fp, *conf_fp; struct stat sb; int pipe_fd; int ch; conffile = AUDITFILTERD_CONFFILE; trailfile = NULL; pipefile = NULL; while ((ch = getopt(argc, argv, "c:dp:t:")) != -1) { switch (ch) { case 'c': conffile = optarg; break; case 'd': debug++; break; case 't': if (trailfile != NULL || pipefile != NULL) usage(); trailfile = optarg; break; case 'p': if (pipefile != NULL || trailfile != NULL) usage(); pipefile = optarg; break; default: usage(); } } argc -= optind; argv += optind; if (argc != 0) usage(); /* * We allow only one of a pipe or a trail to be used. If none is * specified, we provide a default pipe path. */ if (pipefile == NULL && trailfile == NULL) pipefile = AUDITFILTERD_PIPEFILE; if (pipefile != NULL) { pipe_fd = open(pipefile, O_RDONLY); if (pipe_fd < 0) err(-1, "open:%s", pipefile); if (fstat(pipe_fd, &sb) < 0) err(-1, "stat: %s", pipefile); if (!S_ISCHR(sb.st_mode)) errx(-1, "fstat: %s not device", pipefile); } else { trail_fp = fopen(trailfile, "r"); if (trail_fp == NULL) err(-1, "%s", trailfile); } conf_fp = fopen(conffile, "r"); if (conf_fp == NULL) err(-1, "%s", conffile); auditfilterd_init(); if (auditfilterd_conf(conffile, conf_fp) < 0) exit(-1); fclose(conf_fp); if (!debug) { if (daemon(0, 0) < 0) err(-1, "daemon"); } signal(SIGHUP, signal_handler); signal(SIGINT, signal_handler); signal(SIGQUIT, signal_handler); signal(SIGTERM, signal_handler); if (pipefile != NULL) mainloop_pipe(conffile, pipefile, pipe_fd); else mainloop_file(conffile, trailfile, trail_fp); auditfilterd_conf_shutdown(); return (0); } Index: head/contrib/openbsm/bin/auditfilterd/auditfilterd.h =================================================================== --- head/contrib/openbsm/bin/auditfilterd/auditfilterd.h (revision 292431) +++ head/contrib/openbsm/bin/auditfilterd/auditfilterd.h (revision 292432) @@ -1,79 +1,77 @@ /*- * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.h#5 $ */ #define AUDITFILTERD_CONFFILE "/etc/security/audit_filter" #define AUDITFILTERD_PIPEFILE "/dev/auditpipe" /* * Limit on the number of arguments that can appear in an audit_filterd * configuration line. */ #define AUDITFILTERD_CONF_MAXARGS 256 /* * Data structure description each instantiated module. */ struct auditfilter_module { /* * Fields from configuration file and dynamic linker. */ char *am_modulename; char *am_arg_buffer; int am_argc; char **am_argv; void *am_dlhandle; /* * Fields provided by or extracted from the module. */ void *am_cookie; audit_filter_attach_t am_attach; audit_filter_reinit_t am_reinit; audit_filter_record_t am_record; audit_filter_rawrecord_t am_rawrecord; audit_filter_detach_t am_detach; /* * Fields for maintaining the list of modules. */ TAILQ_ENTRY(auditfilter_module) am_list; }; TAILQ_HEAD(auditfilter_module_list, auditfilter_module); /* * List of currently registered modules. */ extern struct auditfilter_module_list filter_list; /* * Function definitions. */ int auditfilterd_conf(const char *filename, FILE *fp); void auditfilterd_conf_shutdown(void); Index: head/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c =================================================================== --- head/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c (revision 292431) +++ head/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c (revision 292432) @@ -1,513 +1,511 @@ /*- * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd_conf.c#5 $ */ /* * Configuration file parser for auditfilterd. The configuration file is a * very simple format, similar to other BSM configuration files, consisting * of configuration entries of one line each. The configuration function is * aware of previous runs, and will update the current configuration as * needed. * * Modules are in one of two states: attached, or detached. If attach fails, * detach is not called because it was not attached. If a module is attached * and a call to its reinit method fails, we will detach it. * * Modules are passed a (void *) reference to their configuration state so * that they may pass this into any common APIs we provide which may rely on * that state. Currently, the only such API is the cookie API, which allows * per-instance state to be maintained by a module. In the future, this will * also be used to support per-instance preselection state. */ #include #include #ifdef HAVE_FULL_QUEUE_H #include #else #include #endif #include #include #include #include #include #include #include #include #include #include "auditfilterd.h" /* * Free an individual auditfilter_module structure. Will not shut down the * module, just frees the memory. Does so conditional on pointers being * non-NULL so that it can be used on partially allocated structures. */ static void auditfilter_module_free(struct auditfilter_module *am) { if (am->am_modulename != NULL) free(am->am_modulename); if (am->am_arg_buffer != NULL) free(am->am_arg_buffer); if (am->am_argv != NULL) free(am->am_argv); } /* * Free all memory associated with an auditfilter_module list. Does not * dlclose() or shut down the modules, just free the memory. Use * auditfilter_module_list_detach() for that, if required. */ static void auditfilter_module_list_free(struct auditfilter_module_list *list) { struct auditfilter_module *am; while (!(TAILQ_EMPTY(list))) { am = TAILQ_FIRST(list); TAILQ_REMOVE(list, am, am_list); auditfilter_module_free(am); } } /* * Detach an attached module from an auditfilter_module structure. Does not * free the data structure itself. */ static void auditfilter_module_detach(struct auditfilter_module *am) { if (am->am_detach != NULL) am->am_detach(am); am->am_cookie = NULL; (void)dlclose(am->am_dlhandle); am->am_dlhandle = NULL; } /* * Walk an auditfilter_module list, detaching each module. Intended to be * combined with auditfilter_module_list_free(). */ static void auditfilter_module_list_detach(struct auditfilter_module_list *list) { struct auditfilter_module *am; TAILQ_FOREACH(am, list, am_list) auditfilter_module_detach(am); } /* * Given a filled out auditfilter_module, use dlopen() and dlsym() to attach * the module. If we fail, leave fields in the state we found them. * * XXXRW: Need a better way to report errors. */ static int auditfilter_module_attach(struct auditfilter_module *am) { am->am_dlhandle = dlopen(am->am_modulename, RTLD_NOW); if (am->am_dlhandle == NULL) { warnx("auditfilter_module_attach: %s: %s", am->am_modulename, dlerror()); return (-1); } /* * Not implementing these is not considered a failure condition, * although we might want to consider warning if obvious stuff is * not implemented, such as am_record. */ am->am_attach = dlsym(am->am_dlhandle, AUDIT_FILTER_ATTACH_STRING); am->am_reinit = dlsym(am->am_dlhandle, AUDIT_FILTER_REINIT_STRING); am->am_record = dlsym(am->am_dlhandle, AUDIT_FILTER_RECORD_STRING); am->am_rawrecord = dlsym(am->am_dlhandle, AUDIT_FILTER_RAWRECORD_STRING); am->am_detach = dlsym(am->am_dlhandle, AUDIT_FILTER_DETACH_STRING); if (am->am_attach != NULL) { if (am->am_attach(am, am->am_argc, am->am_argv) != AUDIT_FILTER_SUCCESS) { warnx("auditfilter_module_attach: %s: failed", am->am_modulename); dlclose(am->am_dlhandle); am->am_dlhandle = NULL; am->am_cookie = NULL; am->am_attach = NULL; am->am_reinit = NULL; am->am_record = NULL; am->am_rawrecord = NULL; am->am_detach = NULL; return (-1); } } return (0); } /* * When the arguments for a module are changed, we notify the module through * a call to its reinit method, if any. Return 0 on success, or -1 on * failure. */ static int auditfilter_module_reinit(struct auditfilter_module *am) { if (am->am_reinit == NULL) return (0); if (am->am_reinit(am, am->am_argc, am->am_argv) != AUDIT_FILTER_SUCCESS) { warnx("auditfilter_module_reinit: %s: failed", am->am_modulename); return (-1); } return (0); } /* * Given a configuration line, generate an auditfilter_module structure that * describes it; caller will not pass comments in, so they are not looked * for. Do not attempt to instantiate it. Will destroy the contents of * 'buffer'. * * Configuration lines consist of two parts: the module name and arguments * separated by a ':', and then a ','-delimited list of arguments. * * XXXRW: Need to decide where to send the warning output -- stderr for now. */ struct auditfilter_module * auditfilter_module_parse(const char *filename, int linenumber, char *buffer) { char *arguments, *module, **ap; struct auditfilter_module *am; am = malloc(sizeof(*am)); if (am == NULL) { warn("auditfilter_module_parse: %s:%d", filename, linenumber); return (NULL); } bzero(am, sizeof(*am)); /* * First, break out the module and arguments strings. We look for * one extra argument to make sure there are no more :'s in the line. * That way, we prevent modules from using argument strings that, in * the future, may cause problems for adding additional columns. */ arguments = buffer; module = strsep(&arguments, ":"); if (module == NULL || arguments == NULL) { warnx("auditfilter_module_parse: %s:%d: parse error", filename, linenumber); return (NULL); } am->am_modulename = strdup(module); if (am->am_modulename == NULL) { warn("auditfilter_module_parse: %s:%d", filename, linenumber); auditfilter_module_free(am); return (NULL); } am->am_arg_buffer = strdup(buffer); if (am->am_arg_buffer == NULL) { warn("auditfilter_module_parse: %s:%d", filename, linenumber); auditfilter_module_free(am); return (NULL); } /* * Now, break out the arguments string into a series of arguments. * This is a bit more complicated, and requires cleanup if things go * wrong. */ am->am_argv = malloc(sizeof(char *) * AUDITFILTERD_CONF_MAXARGS); if (am->am_argv == NULL) { warn("auditfilter_module_parse: %s:%d", filename, linenumber); auditfilter_module_free(am); return (NULL); } bzero(am->am_argv, sizeof(char *) * AUDITFILTERD_CONF_MAXARGS); am->am_argc = 0; for (ap = am->am_argv; (*ap = strsep(&arguments, " \t")) != NULL;) { if (**ap != '\0') { am->am_argc++; if (++ap >= &am->am_argv[AUDITFILTERD_CONF_MAXARGS]) break; } } if (ap >= &am->am_argv[AUDITFILTERD_CONF_MAXARGS]) { warnx("auditfilter_module_parse: %s:%d: too many arguments", filename, linenumber); auditfilter_module_free(am); return (NULL); } return (am); } /* * Read a configuration file, and populate 'list' with the configuration * lines. Does not attempt to instantiate the configuration, just read it * into a useful set of data structures. */ static int auditfilterd_conf_read(const char *filename, FILE *fp, struct auditfilter_module_list *list) { int error, linenumber, syntaxerror; struct auditfilter_module *am; char buffer[LINE_MAX]; syntaxerror = 0; linenumber = 0; while (!feof(fp) && !ferror(fp)) { if (fgets(buffer, LINE_MAX, fp) == NULL) break; linenumber++; if (buffer[0] == '#' || strlen(buffer) < 1) continue; buffer[strlen(buffer)-1] = '\0'; am = auditfilter_module_parse(filename, linenumber, buffer); if (am == NULL) { syntaxerror = 1; break; } TAILQ_INSERT_HEAD(list, am, am_list); } /* * File I/O error. */ if (ferror(fp)) { error = errno; auditfilter_module_list_free(list); errno = error; return (-1); } /* * Syntax error. */ if (syntaxerror) { auditfilter_module_list_free(list); errno = EINVAL; return (-1); } return (0); } /* * Apply changes necessary to bring a new configuration into force. The new * configuration data is passed in, and the current configuration is updated * to match it. The contents of 'list' are freed or otherwise disposed of * before return. * * The algorithms here are not very efficient, but this is an infrequent * operation on very short lists. */ static void auditfilterd_conf_apply(struct auditfilter_module_list *list) { struct auditfilter_module *am1, *am2, *am_tmp; int argc_tmp, found; char **argv_tmp; /* * First, remove remove and detach any entries that appear in the * current configuration, but not the new configuration. */ TAILQ_FOREACH_SAFE(am1, &filter_list, am_list, am_tmp) { found = 0; TAILQ_FOREACH(am2, list, am_list) { if (strcmp(am1->am_modulename, am2->am_modulename) == 0) { found = 1; break; } } if (found) continue; /* * am1 appears in filter_list, but not the new list, detach * and free the module. */ warnx("detaching module %s", am1->am_modulename); TAILQ_REMOVE(&filter_list, am1, am_list); auditfilter_module_detach(am1); auditfilter_module_free(am1); } /* * Next, update the configuration of any modules that appear in both * lists. We do this by swapping the two argc and argv values and * freeing the new one, rather than detaching the old one and * attaching the new one. That way module state is preserved. */ TAILQ_FOREACH(am1, &filter_list, am_list) { found = 0; TAILQ_FOREACH(am2, list, am_list) { if (strcmp(am1->am_modulename, am2->am_modulename) == 0) { found = 1; break; } } if (!found) continue; /* * Swap the arguments. */ argc_tmp = am1->am_argc; argv_tmp = am1->am_argv; am1->am_argc = am2->am_argc; am1->am_argv = am2->am_argv; am2->am_argc = argc_tmp; am2->am_argv = argv_tmp; /* * The reinit is a bit tricky: if reinit fails, we actually * remove the old entry and detach that, as we don't allow * running modules to be out of sync with the configuration * file. */ warnx("reiniting module %s", am1->am_modulename); if (auditfilter_module_reinit(am1) != 0) { warnx("reinit failed for module %s, detaching", am1->am_modulename); TAILQ_REMOVE(&filter_list, am1, am_list); auditfilter_module_detach(am1); auditfilter_module_free(am1); } /* * Free the entry from the new list, which will discard the * old arguments. No need to detach, as it was never * attached in the first place. */ TAILQ_REMOVE(list, am2, am_list); auditfilter_module_free(am2); } /* * Finally, attach any new entries that don't appear in the old * configuration, and if they attach successfully, move them to the * real configuration list. */ TAILQ_FOREACH(am1, list, am_list) { found = 0; TAILQ_FOREACH(am2, &filter_list, am_list) { if (strcmp(am1->am_modulename, am2->am_modulename) == 0) { found = 1; break; } } if (found) continue; /* * Attach the entry. If it succeeds, add to filter_list, * otherwise, free. No need to detach if attach failed. */ warnx("attaching module %s", am1->am_modulename); TAILQ_REMOVE(list, am1, am_list); if (auditfilter_module_attach(am1) != 0) { warnx("attaching module %s failed", am1->am_modulename); auditfilter_module_free(am1); } else TAILQ_INSERT_HEAD(&filter_list, am1, am_list); } if (TAILQ_FIRST(list) != NULL) warnx("auditfilterd_conf_apply: new list not empty\n"); } /* * Read the new configuration file into a local list. If the configuration * file is parsed OK, then apply the changes. */ int auditfilterd_conf(const char *filename, FILE *fp) { struct auditfilter_module_list list; TAILQ_INIT(&list); if (auditfilterd_conf_read(filename, fp, &list) < 0) return (-1); auditfilterd_conf_apply(&list); return (0); } /* * Detach and free all active filter modules for daemon shutdown. */ void auditfilterd_conf_shutdown(void) { auditfilter_module_list_detach(&filter_list); auditfilter_module_list_free(&filter_list); } /* * APIs to allow modules to query and set their per-instance cookie. */ void audit_filter_getcookie(void *instance, void **cookie) { struct auditfilter_module *am; am = (struct auditfilter_module *)instance; *cookie = am->am_cookie; } void audit_filter_setcookie(void *instance, void *cookie) { struct auditfilter_module *am; am = (struct auditfilter_module *)instance; am->am_cookie = cookie; } Index: head/contrib/openbsm/bin/auditreduce/Makefile.am =================================================================== --- head/contrib/openbsm/bin/auditreduce/Makefile.am (revision 292431) +++ head/contrib/openbsm/bin/auditreduce/Makefile.am (revision 292432) @@ -1,14 +1,10 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/Makefile.am#4 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif sbin_PROGRAMS = auditreduce auditreduce_SOURCES = auditreduce.c auditreduce_LDADD = $(top_builddir)/libbsm/libbsm.la man1_MANS = auditreduce.1 Index: head/contrib/openbsm/bin/auditreduce/auditreduce.1 =================================================================== --- head/contrib/openbsm/bin/auditreduce/auditreduce.1 (revision 292431) +++ head/contrib/openbsm/bin/auditreduce/auditreduce.1 (revision 292432) @@ -1,197 +1,195 @@ .\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#18 $ -.\" .Dd January 24, 2004 .Dt AUDITREDUCE 1 .Os .Sh NAME .Nm auditreduce .Nd "select records from audit trail files" .Sh SYNOPSIS .Nm .Op Fl A .Op Fl a Ar YYYYMMDD Ns Op Ar HH Ns Op Ar MM Ns Op Ar SS .Op Fl b Ar YYYYMMDD Ns Op Ar HH Ns Op Ar MM Ns Op Ar SS .Op Fl c Ar flags .Op Fl d Ar YYYYMMDD .Op Fl e Ar euid .Op Fl f Ar egid .Op Fl g Ar rgid .Op Fl j Ar id .Op Fl m Ar event .Op Fl o Ar object Ns = Ns Ar value .Op Fl r Ar ruid .Op Fl u Ar auid .Op Fl v .Op Ar .Sh DESCRIPTION The .Nm utility selects records from the audit trail files based on the specified criteria. Matching audit records are printed to the standard output in their raw binary form. If no .Ar file argument is specified, the standard input is used by default. Use the .Xr praudit 1 utility to print the selected audit records in human-readable form. .Pp The options are as follows: .Bl -tag -width indent .It Fl A Select all records. .It Fl a Ar YYYYMMDD Ns Op Ar HH Ns Op Ar MM Ns Op Ar SS Select records that occurred after or on the given datetime. .It Fl b Ar YYYYMMDD Ns Op Ar HH Ns Op Ar MM Ns Op Ar SS Select records that occurred before the given datetime. .It Fl c Ar flags Select records matching the given audit classes specified as a comma separated list of audit flags. See .Xr audit_control 5 for a description of audit flags. .It Fl d Ar YYYYMMDD Select records that occurred on a given date. This option cannot be used with .Fl a or .Fl b . .It Fl e Ar euid Select records with the given effective user ID or name. .It Fl f Ar egid Select records with the given effective group ID or name. .It Fl g Ar rgid Select records with the given real group ID or name. .It Fl j Ar id Select records having a subject token with matching ID, where ID is a process ID. .It Fl m Ar event Select records with the given event name or number. This option can be used more then once to select records of multiple event types. See .Xr audit_event 5 for a description of audit event names and numbers. .It Fl o Ar object Ns = Ns Ar value .Bl -tag -width ".Cm msgqid" .It Cm file Select records containing path tokens, where the pathname matches one of the comma delimited extended regular expression contained in given specification. Regular expressions which are prefixed with a tilde .Pq Ql ~ are excluded from the search results. These extended regular expressions are processed from left to right, and a path will either be selected or deslected based on the first match. .Pp Since commas are used to delimit the regular expressions, a backslash .Pq Ql \e character should be used to escape the comma if it is a part of the search pattern. .It Cm msgqid Select records containing the given message queue ID. .It Cm pid Select records containing the given process ID. .It Cm semid Select records containing the given semaphore ID. .It Cm shmid Select records containing the given shared memory ID. .El .It Fl r Ar ruid Select records with the given real user ID or name. .It Fl u Ar auid Select records with the given audit ID. .It Fl v Invert sense of matching, to select records that do not match. .El .Sh EXAMPLES To select all records associated with effective user ID root from the audit log .Pa /var/audit/20031016184719.20031017122634 : .Bd -literal -offset indent auditreduce -e root \e /var/audit/20031016184719.20031017122634 .Ed .Pp To select all .Xr setlogin 2 events from that log: .Bd -literal -offset indent auditreduce -m AUE_SETLOGIN \e /var/audit/20031016184719.20031017122634 .Ed .Pp Output from the above command lines will typically be piped to a new trail file, or via standard output to the .Xr praudit 1 command. .Pp Select all records containing a path token where the pathname contains .Pa /etc/master.passwd : .Bd -literal -offset indent auditreduce -o file="/etc/master.passwd" \e /var/audit/20031016184719.20031017122634 .Ed .Pp Select all records containing path tokens, where the pathname is a TTY device: .Bd -literal -offset indent auditreduce -o file="/dev/tty[a-zA-Z][0-9]+" \e /var/audit/20031016184719.20031017122634 .Ed .Pp Select all records containing path tokens, where the pathname is a TTY except for .Pa /dev/ttyp2 : .Bd -literal -offset indent auditreduce -o file="~/dev/ttyp2,/dev/tty[a-zA-Z][0-9]+" \e /var/audit/20031016184719.20031017122634 .Ed .Sh SEE ALSO .Xr praudit 1 , .Xr audit_control 5 , .Xr audit_event 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/bin/auditreduce/auditreduce.c =================================================================== --- head/contrib/openbsm/bin/auditreduce/auditreduce.c (revision 292431) +++ head/contrib/openbsm/bin/auditreduce/auditreduce.c (revision 292432) @@ -1,803 +1,801 @@ /*- * Copyright (c) 2004-2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#31 $ */ /* * Tool used to merge and select audit records from audit trail files */ /* * XXX Currently we do not support merging of records from multiple * XXX audit trail files * XXX We assume that records are sorted chronologically - both wrt to * XXX the records present within the file and between the files themselves */ #include #define _GNU_SOURCE /* Required for strptime() on glibc2. */ #ifdef HAVE_FULL_QUEUE_H #include #else #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #ifndef HAVE_STRLCPY #include #endif #include "auditreduce.h" static TAILQ_HEAD(tailhead, re_entry) re_head = TAILQ_HEAD_INITIALIZER(re_head); extern char *optarg; extern int optind, optopt, opterr,optreset; static au_mask_t maskp; /* Class. */ static time_t p_atime; /* Created after this time. */ static time_t p_btime; /* Created before this time. */ static int p_auid; /* Audit id. */ static int p_euid; /* Effective user id. */ static int p_egid; /* Effective group id. */ static int p_rgid; /* Real group id. */ static int p_ruid; /* Real user id. */ static int p_subid; /* Subject id. */ /* * Maintain a dynamically sized array of events for -m */ static uint16_t *p_evec; /* Event type list */ static int p_evec_used; /* Number of events used */ static int p_evec_alloc; /* Number of events allocated */ /* * Following are the objects (-o option) that we can select upon. */ static char *p_fileobj = NULL; static char *p_msgqobj = NULL; static char *p_pidobj = NULL; static char *p_semobj = NULL; static char *p_shmobj = NULL; static char *p_sockobj = NULL; static uint32_t opttochk = 0; static void parse_regexp(char *re_string) { char *orig, *copy, re_error[64]; struct re_entry *rep; int error, nstrs, i, len; copy = strdup(re_string); orig = copy; len = strlen(copy); for (nstrs = 0, i = 0; i < len; i++) { if (copy[i] == ',' && i > 0) { if (copy[i - 1] == '\\') strlcpy(©[i - 1], ©[i], len); else { nstrs++; copy[i] = '\0'; } } } TAILQ_INIT(&re_head); for (i = 0; i < nstrs + 1; i++) { rep = calloc(1, sizeof(*rep)); if (rep == NULL) { (void) fprintf(stderr, "calloc: %s\n", strerror(errno)); exit(1); } if (*copy == '~') { copy++; rep->re_negate = 1; } rep->re_pattern = strdup(copy); error = regcomp(&rep->re_regexp, rep->re_pattern, REG_EXTENDED | REG_NOSUB); if (error != 0) { regerror(error, &rep->re_regexp, re_error, 64); (void) fprintf(stderr, "regcomp: %s\n", re_error); exit(1); } TAILQ_INSERT_TAIL(&re_head, rep, re_glue); len = strlen(copy); copy += len + 1; } free(orig); } static void usage(const char *msg) { fprintf(stderr, "%s\n", msg); fprintf(stderr, "Usage: auditreduce [options] [file ...]\n"); fprintf(stderr, "\tOptions are : \n"); fprintf(stderr, "\t-A : all records\n"); fprintf(stderr, "\t-a YYYYMMDD[HH[[MM[SS]]] : after date\n"); fprintf(stderr, "\t-b YYYYMMDD[HH[[MM[SS]]] : before date\n"); fprintf(stderr, "\t-c : matching class\n"); fprintf(stderr, "\t-d YYYYMMDD : on date\n"); fprintf(stderr, "\t-e : effective user\n"); fprintf(stderr, "\t-f : effective group\n"); fprintf(stderr, "\t-g : real group\n"); fprintf(stderr, "\t-j : subject id \n"); fprintf(stderr, "\t-m : matching event\n"); fprintf(stderr, "\t-o objecttype=objectvalue\n"); fprintf(stderr, "\t\t file=\n"); fprintf(stderr, "\t\t msgqid=\n"); fprintf(stderr, "\t\t pid=\n"); fprintf(stderr, "\t\t semid=\n"); fprintf(stderr, "\t\t shmid=\n"); fprintf(stderr, "\t-r : real user\n"); fprintf(stderr, "\t-u : audit user\n"); fprintf(stderr, "\t-v : select non-matching records\n"); exit(EX_USAGE); } /* * Check if the given auid matches the selection criteria. */ static int select_auid(int au) { /* Check if we want to select on auid. */ if (ISOPTSET(opttochk, OPT_u)) { if (au != p_auid) return (0); } return (1); } /* * Check if the given euid matches the selection criteria. */ static int select_euid(int euser) { /* Check if we want to select on euid. */ if (ISOPTSET(opttochk, OPT_e)) { if (euser != p_euid) return (0); } return (1); } /* * Check if the given egid matches the selection criteria. */ static int select_egid(int egrp) { /* Check if we want to select on egid. */ if (ISOPTSET(opttochk, OPT_f)) { if (egrp != p_egid) return (0); } return (1); } /* * Check if the given rgid matches the selection criteria. */ static int select_rgid(int grp) { /* Check if we want to select on rgid. */ if (ISOPTSET(opttochk, OPT_g)) { if (grp != p_rgid) return (0); } return (1); } /* * Check if the given ruid matches the selection criteria. */ static int select_ruid(int user) { /* Check if we want to select on rgid. */ if (ISOPTSET(opttochk, OPT_r)) { if (user != p_ruid) return (0); } return (1); } /* * Check if the given subject id (pid) matches the selection criteria. */ static int select_subid(int subid) { /* Check if we want to select on subject uid. */ if (ISOPTSET(opttochk, OPT_j)) { if (subid != p_subid) return (0); } return (1); } /* * Check if object's pid maches the given pid. */ static int select_pidobj(uint32_t pid) { if (ISOPTSET(opttochk, OPT_op)) { if (pid != (uint32_t)strtol(p_pidobj, (char **)NULL, 10)) return (0); } return (1); } /* * Check if the given ipc object with the given type matches the selection * criteria. */ static int select_ipcobj(u_char type, uint32_t id, uint32_t *optchkd) { if (type == AT_IPC_MSG) { SETOPT((*optchkd), OPT_om); if (ISOPTSET(opttochk, OPT_om)) { if (id != (uint32_t)strtol(p_msgqobj, (char **)NULL, 10)) return (0); } return (1); } else if (type == AT_IPC_SEM) { SETOPT((*optchkd), OPT_ose); if (ISOPTSET(opttochk, OPT_ose)) { if (id != (uint32_t)strtol(p_semobj, (char **)NULL, 10)) return (0); } return (1); } else if (type == AT_IPC_SHM) { SETOPT((*optchkd), OPT_osh); if (ISOPTSET(opttochk, OPT_osh)) { if (id != (uint32_t)strtol(p_shmobj, (char **)NULL, 10)) return (0); } return (1); } /* Unknown type -- filter if *any* ipc filtering is required. */ if (ISOPTSET(opttochk, OPT_om) || ISOPTSET(opttochk, OPT_ose) || ISOPTSET(opttochk, OPT_osh)) return (0); return (1); } /* * Check if the file name matches selection criteria. */ static int select_filepath(char *path, uint32_t *optchkd) { struct re_entry *rep; int match; SETOPT((*optchkd), OPT_of); match = 1; if (ISOPTSET(opttochk, OPT_of)) { match = 0; TAILQ_FOREACH(rep, &re_head, re_glue) { if (regexec(&rep->re_regexp, path, 0, NULL, 0) != REG_NOMATCH) return (!rep->re_negate); } } return (match); } /* * Returns 1 if the following pass the selection rules: * * before-time, * after time, * date, * class, * event */ static int select_hdr32(tokenstr_t tok, uint32_t *optchkd) { uint16_t *ev; int match; SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m | OPT_v)); /* The A option overrides a, b and d. */ if (!ISOPTSET(opttochk, OPT_A)) { if (ISOPTSET(opttochk, OPT_a)) { if (difftime((time_t)tok.tt.hdr32.s, p_atime) < 0) { /* Record was created before p_atime. */ return (0); } } if (ISOPTSET(opttochk, OPT_b)) { if (difftime(p_btime, (time_t)tok.tt.hdr32.s) < 0) { /* Record was created after p_btime. */ return (0); } } } if (ISOPTSET(opttochk, OPT_c)) { /* * Check if the classes represented by the event matches * given class. */ if (au_preselect(tok.tt.hdr32.e_type, &maskp, AU_PRS_BOTH, AU_PRS_USECACHE) != 1) return (0); } /* Check if event matches. */ if (ISOPTSET(opttochk, OPT_m)) { match = 0; for (ev = p_evec; ev < &p_evec[p_evec_used]; ev++) if (tok.tt.hdr32.e_type == *ev) match = 1; if (match == 0) return (0); } return (1); } static int select_return32(tokenstr_t tok_ret32, tokenstr_t tok_hdr32, uint32_t *optchkd) { int sorf; SETOPT((*optchkd), (OPT_c)); if (tok_ret32.tt.ret32.status == 0) sorf = AU_PRS_SUCCESS; else sorf = AU_PRS_FAILURE; if (ISOPTSET(opttochk, OPT_c)) { if (au_preselect(tok_hdr32.tt.hdr32.e_type, &maskp, sorf, AU_PRS_USECACHE) != 1) return (0); } return (1); } /* * Return 1 if checks for the the following succeed * auid, * euid, * egid, * rgid, * ruid, * process id */ static int select_proc32(tokenstr_t tok, uint32_t *optchkd) { SETOPT((*optchkd), (OPT_u | OPT_e | OPT_f | OPT_g | OPT_r | OPT_op)); if (!select_auid(tok.tt.proc32.auid)) return (0); if (!select_euid(tok.tt.proc32.euid)) return (0); if (!select_egid(tok.tt.proc32.egid)) return (0); if (!select_rgid(tok.tt.proc32.rgid)) return (0); if (!select_ruid(tok.tt.proc32.ruid)) return (0); if (!select_pidobj(tok.tt.proc32.pid)) return (0); return (1); } /* * Return 1 if checks for the the following succeed * auid, * euid, * egid, * rgid, * ruid, * subject id */ static int select_subj32(tokenstr_t tok, uint32_t *optchkd) { SETOPT((*optchkd), (OPT_u | OPT_e | OPT_f | OPT_g | OPT_r | OPT_j)); if (!select_auid(tok.tt.subj32.auid)) return (0); if (!select_euid(tok.tt.subj32.euid)) return (0); if (!select_egid(tok.tt.subj32.egid)) return (0); if (!select_rgid(tok.tt.subj32.rgid)) return (0); if (!select_ruid(tok.tt.subj32.ruid)) return (0); if (!select_subid(tok.tt.subj32.pid)) return (0); return (1); } /* * Read each record from the audit trail. Check if it is selected after * passing through each of the options */ static int select_records(FILE *fp) { tokenstr_t tok_hdr32_copy; u_char *buf; tokenstr_t tok; int reclen; int bytesread; int selected; uint32_t optchkd; int print; int err = 0; while ((reclen = au_read_rec(fp, &buf)) != -1) { optchkd = 0; bytesread = 0; selected = 1; while ((selected == 1) && (bytesread < reclen)) { if (-1 == au_fetch_tok(&tok, buf + bytesread, reclen - bytesread)) { /* Is this an incomplete record? */ err = 1; break; } /* * For each token type we have have different * selection criteria. */ switch(tok.id) { case AUT_HEADER32: selected = select_hdr32(tok, &optchkd); bcopy(&tok, &tok_hdr32_copy, sizeof(tok)); break; case AUT_PROCESS32: selected = select_proc32(tok, &optchkd); break; case AUT_SUBJECT32: selected = select_subj32(tok, &optchkd); break; case AUT_IPC: selected = select_ipcobj( tok.tt.ipc.type, tok.tt.ipc.id, &optchkd); break; case AUT_PATH: selected = select_filepath( tok.tt.path.path, &optchkd); break; case AUT_RETURN32: selected = select_return32(tok, tok_hdr32_copy, &optchkd); break; default: break; } bytesread += tok.len; } /* Check if all the options were matched. */ print = ((selected == 1) && (!err) && (!(opttochk & ~optchkd))); if (ISOPTSET(opttochk, OPT_v)) print = !print; if (print) (void) fwrite(buf, 1, reclen, stdout); free(buf); } return (0); } /* * The -o option has the form object_type=object_value. Identify the object * components. */ static void parse_object_type(char *name, char *val) { if (val == NULL) return; if (!strcmp(name, FILEOBJ)) { p_fileobj = val; parse_regexp(val); SETOPT(opttochk, OPT_of); } else if (!strcmp(name, MSGQIDOBJ)) { p_msgqobj = val; SETOPT(opttochk, OPT_om); } else if (!strcmp(name, PIDOBJ)) { p_pidobj = val; SETOPT(opttochk, OPT_op); } else if (!strcmp(name, SEMIDOBJ)) { p_semobj = val; SETOPT(opttochk, OPT_ose); } else if (!strcmp(name, SHMIDOBJ)) { p_shmobj = val; SETOPT(opttochk, OPT_osh); } else if (!strcmp(name, SOCKOBJ)) { p_sockobj = val; SETOPT(opttochk, OPT_oso); } else usage("unknown value for -o"); } int main(int argc, char **argv) { struct group *grp; struct passwd *pw; struct tm tm; au_event_t *n; FILE *fp; int i; char *objval, *converr; int ch; char timestr[128]; char *fname; uint16_t *etp; converr = NULL; while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:v")) != -1) { switch(ch) { case 'A': SETOPT(opttochk, OPT_A); break; case 'a': if (ISOPTSET(opttochk, OPT_a)) { usage("d is exclusive with a and b"); } SETOPT(opttochk, OPT_a); bzero(&tm, sizeof(tm)); strptime(optarg, "%Y%m%d%H%M%S", &tm); strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", &tm); /* fprintf(stderr, "Time converted = %s\n", timestr); */ p_atime = mktime(&tm); break; case 'b': if (ISOPTSET(opttochk, OPT_b)) { usage("d is exclusive with a and b"); } SETOPT(opttochk, OPT_b); bzero(&tm, sizeof(tm)); strptime(optarg, "%Y%m%d%H%M%S", &tm); strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", &tm); /* fprintf(stderr, "Time converted = %s\n", timestr); */ p_btime = mktime(&tm); break; case 'c': if (0 != getauditflagsbin(optarg, &maskp)) { /* Incorrect class */ usage("Incorrect class"); } SETOPT(opttochk, OPT_c); break; case 'd': if (ISOPTSET(opttochk, OPT_b) || ISOPTSET(opttochk, OPT_a)) usage("'d' is exclusive with 'a' and 'b'"); SETOPT(opttochk, OPT_d); bzero(&tm, sizeof(tm)); strptime(optarg, "%Y%m%d", &tm); strftime(timestr, sizeof(timestr), "%Y%m%d", &tm); /* fprintf(stderr, "Time converted = %s\n", timestr); */ p_atime = mktime(&tm); tm.tm_hour = 23; tm.tm_min = 59; tm.tm_sec = 59; strftime(timestr, sizeof(timestr), "%Y%m%d", &tm); /* fprintf(stderr, "Time converted = %s\n", timestr); */ p_btime = mktime(&tm); break; case 'e': p_euid = strtol(optarg, &converr, 10); if (*converr != '\0') { /* Try the actual name */ if ((pw = getpwnam(optarg)) == NULL) break; p_euid = pw->pw_uid; } SETOPT(opttochk, OPT_e); break; case 'f': p_egid = strtol(optarg, &converr, 10); if (*converr != '\0') { /* Try actual group name. */ if ((grp = getgrnam(optarg)) == NULL) break; p_egid = grp->gr_gid; } SETOPT(opttochk, OPT_f); break; case 'g': p_rgid = strtol(optarg, &converr, 10); if (*converr != '\0') { /* Try actual group name. */ if ((grp = getgrnam(optarg)) == NULL) break; p_rgid = grp->gr_gid; } SETOPT(opttochk, OPT_g); break; case 'j': p_subid = strtol(optarg, (char **)NULL, 10); SETOPT(opttochk, OPT_j); break; case 'm': if (p_evec == NULL) { p_evec_alloc = 32; p_evec = malloc(sizeof(*etp) * p_evec_alloc); if (p_evec == NULL) err(1, "malloc"); } else if (p_evec_alloc == p_evec_used) { p_evec_alloc <<= 1; p_evec = realloc(p_evec, sizeof(*p_evec) * p_evec_alloc); if (p_evec == NULL) err(1, "realloc"); } etp = &p_evec[p_evec_used++]; *etp = strtol(optarg, (char **)NULL, 10); if (*etp == 0) { /* Could be the string representation. */ n = getauevnonam(optarg); if (n == NULL) usage("Incorrect event name"); *etp = *n; } SETOPT(opttochk, OPT_m); break; case 'o': objval = strchr(optarg, '='); if (objval != NULL) { *objval = '\0'; objval += 1; parse_object_type(optarg, objval); } break; case 'r': p_ruid = strtol(optarg, &converr, 10); if (*converr != '\0') { if ((pw = getpwnam(optarg)) == NULL) break; p_ruid = pw->pw_uid; } SETOPT(opttochk, OPT_r); break; case 'u': p_auid = strtol(optarg, &converr, 10); if (*converr != '\0') { if ((pw = getpwnam(optarg)) == NULL) break; p_auid = pw->pw_uid; } SETOPT(opttochk, OPT_u); break; case 'v': SETOPT(opttochk, OPT_v); break; case '?': default: usage("Unknown option"); } } argv += optind; argc -= optind; if (argc == 0) { if (select_records(stdin) == -1) errx(EXIT_FAILURE, "Couldn't select records from stdin"); exit(EXIT_SUCCESS); } /* * XXX: We should actually be merging records here. */ for (i = 0; i < argc; i++) { fname = argv[i]; fp = fopen(fname, "r"); if (fp == NULL) errx(EXIT_FAILURE, "Couldn't open %s", fname); if (select_records(fp) == -1) { errx(EXIT_FAILURE, "Couldn't select records %s", fname); } fclose(fp); } exit(EXIT_SUCCESS); } Index: head/contrib/openbsm/bin/auditreduce/auditreduce.h =================================================================== --- head/contrib/openbsm/bin/auditreduce/auditreduce.h (revision 292431) +++ head/contrib/openbsm/bin/auditreduce/auditreduce.h (revision 292432) @@ -1,75 +1,73 @@ /*- * Copyright (c) 2004 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#7 $ */ #ifndef _AUDITREDUCE_H_ #define _AUDITREDUCE_H_ struct re_entry { char *re_pattern; int re_negate; regex_t re_regexp; TAILQ_ENTRY(re_entry) re_glue; }; #define OPT_a 0x00000001 #define OPT_b 0x00000002 #define OPT_c 0x00000004 #define OPT_d (OPT_a | OPT_b) #define OPT_e 0x00000010 #define OPT_f 0x00000020 #define OPT_g 0x00000040 #define OPT_j 0x00000080 #define OPT_m 0x00000100 #define OPT_of 0x00000200 #define OPT_om 0x00000400 #define OPT_op 0x00000800 #define OPT_ose 0x00001000 #define OPT_osh 0x00002000 #define OPT_oso 0x00004000 #define OPT_r 0x00008000 #define OPT_u 0x00010000 #define OPT_A 0x00020000 #define OPT_v 0x00040000 #define FILEOBJ "file" #define MSGQIDOBJ "msgqid" #define PIDOBJ "pid" #define SEMIDOBJ "semid" #define SHMIDOBJ "shmid" #define SOCKOBJ "sock" #define SETOPT(optmask, bit) (optmask |= bit) #define ISOPTSET(optmask, bit) (optmask & bit) #endif /* !_AUDITREDUCE_H_ */ Index: head/contrib/openbsm/bin/praudit/Makefile.am =================================================================== --- head/contrib/openbsm/bin/praudit/Makefile.am (revision 292431) +++ head/contrib/openbsm/bin/praudit/Makefile.am (revision 292432) @@ -1,14 +1,10 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/Makefile.am#4 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif sbin_PROGRAMS = praudit praudit_SOURCES = praudit.c praudit_LDADD = $(top_builddir)/libbsm/libbsm.la man1_MANS = praudit.1 Index: head/contrib/openbsm/bin/praudit/praudit.1 =================================================================== --- head/contrib/openbsm/bin/praudit/praudit.1 (revision 292431) +++ head/contrib/openbsm/bin/praudit/praudit.1 (revision 292432) @@ -1,121 +1,119 @@ .\" Copyright (c) 2004-2009 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#14 $ -.\" .Dd August 4, 2009 .Dt PRAUDIT 1 .Os .Sh NAME .Nm praudit .Nd "print the contents of audit trail files" .Sh SYNOPSIS .Nm .Op Fl lnpx .Op Fl r | s .Op Fl d Ar del .Op Ar .Sh DESCRIPTION The .Nm utility prints the contents of the audit trail files to the standard output in human-readable form. If no .Ar file argument is specified, the standard input is used by default. .Pp The options are as follows: .Bl -tag -width indent .It Fl d Ar del Specifies the delimiter. The default delimiter is the comma. .It Fl l Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line. .It Fl n Do not convert user and group IDs to their names but leave in their numeric forms. .It Fl p Specify this option if input to .Nm is piped from the .Xr tail 1 utility. This causes .Nm to sync to the start of the next record. .It Fl r Prints the records in their raw, numeric form. This option is exclusive from .Fl s . .It Fl s Prints the tokens in their short form. Short text representations for record and event type are displayed. This option is exclusive from .Fl r . .It Fl x Print audit records in the XML output format. .El .Pp If the raw or short forms are not specified, the default is to print the tokens in their long form. Events are displayed as per their descriptions given in .Pa /etc/security/audit_event ; UIDs and GIDs are expanded to their names; dates and times are displayed in human-readable format. .Sh FILES .Bl -tag -width ".Pa /etc/security/audit_control" -compact .It Pa /etc/security/audit_class Descriptions of audit event classes. .It Pa /etc/security/audit_event Descriptions of audit events. .El .Sh SEE ALSO .Xr auditreduce 1 , .Xr audit 4 , .Xr auditpipe 4 , .Xr audit_class 5 , .Xr audit_event 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/bin/praudit/praudit.c =================================================================== --- head/contrib/openbsm/bin/praudit/praudit.c (revision 292431) +++ head/contrib/openbsm/bin/praudit/praudit.c (revision 292432) @@ -1,175 +1,173 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * Copyright (c) 2006 Martin Voros * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#16 $ */ /* * Tool used to parse audit records conforming to the BSM structure. */ /* * praudit [-lnpx] [-r | -s] [-d del] [file ...] */ #include #include #include #include extern char *optarg; extern int optind, optopt, opterr,optreset; static char *del = ","; /* Default delimiter. */ static int oneline = 0; static int partial = 0; static int oflags = AU_OFLAG_NONE; static void usage(void) { fprintf(stderr, "usage: praudit [-lnpx] [-r | -s] [-d del] " "[file ...]\n"); exit(1); } /* * Token printing for each token type . */ static int print_tokens(FILE *fp) { u_char *buf; tokenstr_t tok; int reclen; int bytesread; /* Allow tail -f | praudit to work. */ if (partial) { u_char type = 0; /* Record must begin with a header token. */ do { type = fgetc(fp); } while(type != AUT_HEADER32); ungetc(type, fp); } while ((reclen = au_read_rec(fp, &buf)) != -1) { bytesread = 0; while (bytesread < reclen) { /* Is this an incomplete record? */ if (-1 == au_fetch_tok(&tok, buf + bytesread, reclen - bytesread)) break; au_print_flags_tok(stdout, &tok, del, oflags); bytesread += tok.len; if (oneline) { if (!(oflags & AU_OFLAG_XML)) printf("%s", del); } else printf("\n"); } free(buf); if (oneline) printf("\n"); fflush(stdout); } return (0); } int main(int argc, char **argv) { int ch; int i; FILE *fp; while ((ch = getopt(argc, argv, "d:lnprsx")) != -1) { switch(ch) { case 'd': del = optarg; break; case 'l': oneline = 1; break; case 'n': oflags |= AU_OFLAG_NORESOLVE; break; case 'p': partial = 1; break; case 'r': if (oflags & AU_OFLAG_SHORT) usage(); /* Exclusive from shortfrm. */ oflags |= AU_OFLAG_RAW; break; case 's': if (oflags & AU_OFLAG_RAW) usage(); /* Exclusive from raw. */ oflags |= AU_OFLAG_SHORT; break; case 'x': oflags |= AU_OFLAG_XML; break; case '?': default: usage(); } } if (oflags & AU_OFLAG_XML) au_print_xml_header(stdout); /* For each of the files passed as arguments dump the contents. */ if (optind == argc) { print_tokens(stdin); return (1); } for (i = optind; i < argc; i++) { fp = fopen(argv[i], "r"); if ((fp == NULL) || (print_tokens(fp) == -1)) perror(argv[i]); if (fp != NULL) fclose(fp); } if (oflags & AU_OFLAG_XML) au_print_xml_footer(stdout); return (1); } Index: head/contrib/openbsm/bsm/Makefile.am =================================================================== --- head/contrib/openbsm/bsm/Makefile.am (revision 292431) +++ head/contrib/openbsm/bsm/Makefile.am (revision 292432) @@ -1,12 +1,8 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#5 $ -## - openbsmdir = $(includedir)/bsm openbsm_HEADERS = \ audit_filter.h \ audit_uevents.h \ auditd_lib.h \ libbsm.h Index: head/contrib/openbsm/bsm/audit_filter.h =================================================================== --- head/contrib/openbsm/bsm/audit_filter.h (revision 292431) +++ head/contrib/openbsm/bsm/audit_filter.h (revision 292432) @@ -1,83 +1,81 @@ /*- * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_filter.h#4 $ */ #ifndef _BSM_AUDIT_FILTER_H_ #define _BSM_AUDIT_FILTER_H_ /* * Module interface for audit filter modules. * * audit_filter_attach_t - filter module is being attached with arguments * audit_filter_reinit_t - arguments to module have changed * audit_filter_record_t - present parsed record to filter module, with * receipt time * audit_filter_rawrecord_t - present BSM format record to filter module, * with receipt time * audit_filter_destach_t - filter module is being detached * * There may be many instances of the same filter, identified by the instance * void pointer maintained by the filter instance. */ typedef int (*audit_filter_attach_t)(void *instance, int argc, char *argv[]); typedef int (*audit_filter_reinit_t)(void *instance, int argc, char *argv[]); typedef void (*audit_filter_record_t)(void *instance, struct timespec *ts, int token_count, const tokenstr_t tok[]); typedef void (*audit_filter_rawrecord_t)(void *instance, struct timespec *ts, void *data, u_int len); typedef void (*audit_filter_detach_t)(void *instance); /* * APIs that may be called by audit filters. */ void audit_filter_getcookie(void *instance, void **cookie); void audit_filter_setcookie(void *instance, void *cookie); /* * Values to be returned by audit_filter_init_t. */ #define AUDIT_FILTER_SUCCESS (0) #define AUDIT_FILTER_FAILURE (-1) /* * Standard name for filter module initialization functions, which will be * found using dlsym(). */ #define AUDIT_FILTER_ATTACH audit_filter_attach #define AUDIT_FILTER_REINIT audit_filter_reinit #define AUDIT_FILTER_RECORD audit_filter_record #define AUDIT_FILTER_RAWRECORD audit_filter_rawrecord #define AUDIT_FILTER_DETACH audit_filter_detach #define AUDIT_FILTER_ATTACH_STRING "audit_filter_attach" #define AUDIT_FILTER_REINIT_STRING "audit_filter_reinit" #define AUDIT_FILTER_RECORD_STRING "audit_filter_record" #define AUDIT_FILTER_RAWRECORD_STRING "audit_filter_rawrecord" #define AUDIT_FILTER_DETACH_STRING "audit_filter_detach" #endif /* !_BSM_AUDIT_FILTER_H_ */ Index: head/contrib/openbsm/bsm/audit_uevents.h =================================================================== --- head/contrib/openbsm/bsm/audit_uevents.h (revision 292431) +++ head/contrib/openbsm/bsm/audit_uevents.h (revision 292432) @@ -1,143 +1,141 @@ /*- * Copyright (c) 2004-2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#11 $ */ #ifndef _BSM_AUDIT_UEVENTS_H_ #define _BSM_AUDIT_UEVENTS_H_ /* * Solaris userspace events. */ #define AUE_at_create 6144 #define AUE_at_delete 6145 #define AUE_at_perm 6146 #define AUE_cron_invoke 6147 #define AUE_crontab_create 6148 #define AUE_crontab_delete 6149 #define AUE_crontab_perm 6150 #define AUE_inetd_connect 6151 #define AUE_login 6152 #define AUE_logout 6153 #define AUE_telnet 6154 #define AUE_rlogin 6155 #define AUE_mountd_mount 6156 #define AUE_mountd_umount 6157 #define AUE_rshd 6158 #define AUE_su 6159 #define AUE_halt 6160 #define AUE_reboot 6161 #define AUE_rexecd 6162 #define AUE_passwd 6163 #define AUE_rexd 6164 #define AUE_ftpd 6165 #define AUE_init 6166 #define AUE_uadmin 6167 #define AUE_shutdown 6168 #define AUE_poweroff 6169 #define AUE_crontab_mod 6170 #define AUE_ftpd_logout 6171 #define AUE_ssh 6172 #define AUE_role_login 6173 #define AUE_prof_cmd 6180 #define AUE_filesystem_add 6181 #define AUE_filesystem_delete 6182 #define AUE_filesystem_modify 6183 #define AUE_allocate_succ 6200 #define AUE_allocate_fail 6201 #define AUE_deallocate_succ 6202 #define AUE_deallocate_fail 6203 #define AUE_listdevice_succ 6205 #define AUE_listdevice_fail 6206 #define AUE_create_user 6207 #define AUE_modify_user 6208 #define AUE_delete_user 6209 #define AUE_disable_user 6210 #define AUE_enable_user 6211 #define AUE_newgrp_login 6212 #define AUE_admin_authentication 6213 #define AUE_kadmind_auth 6214 #define AUE_kadmind_unauth 6215 #define AUE_krb5kdc_as_req 6216 #define AUE_krb5kdc_tgs_req 6217 #define AUE_krb5kdc_tgs_req_2ndtktmm 6218 #define AUE_krb5kdc_tgs_req_alt_tgt 6219 /* * Historic Darwin use of the low event numbering space, which collided with * the Solaris event space. Now obsoleted and new, higher, event numbers * assigned to make it easier to interpret Solaris events using the OpenBSM * tools. */ #define AUE_DARWIN_audit_startup 6171 #define AUE_DARWIN_audit_shutdown 6172 #define AUE_DARWIN_sudo 6300 #define AUE_DARWIN_modify_password 6501 #define AUE_DARWIN_create_group 6511 #define AUE_DARWIN_delete_group 6512 #define AUE_DARWIN_modify_group 6513 #define AUE_DARWIN_add_to_group 6514 #define AUE_DARWIN_remove_from_group 6515 #define AUE_DARWIN_revoke_obj 6521 #define AUE_DARWIN_lw_login 6600 #define AUE_DARWIN_lw_logout 6601 #define AUE_DARWIN_auth_user 7000 #define AUE_DARWIN_ssconn 7001 #define AUE_DARWIN_ssauthorize 7002 #define AUE_DARWIN_ssauthint 7003 /* * Historic/third-party appliation allocations of event idenfiers. */ #define AUE_openssh 32800 /* * OpenBSM-managed application event space. */ #define AUE_audit_startup 45000 /* Darwin-specific. */ #define AUE_audit_shutdown 45001 /* Darwin-specific. */ #define AUE_modify_password 45014 /* Darwin-specific. */ #define AUE_create_group 45015 /* Darwin-specific. */ #define AUE_delete_group 45016 /* Darwin-specific. */ #define AUE_modify_group 45017 /* Darwin-specific. */ #define AUE_add_to_group 45018 /* Darwin-specific. */ #define AUE_remove_from_group 45019 /* Darwin-specific. */ #define AUE_revoke_obj 45020 /* Darwin-specific. */ #define AUE_lw_login 45021 /* Darwin-specific. */ #define AUE_lw_logout 45022 /* Darwin-specific. */ #define AUE_auth_user 45023 /* Darwin-specific. */ #define AUE_ssconn 45024 /* Darwin-specific. */ #define AUE_ssauthorize 45025 /* Darwin-specific. */ #define AUE_ssauthint 45026 /* Darwin-specific. */ #define AUE_calife 45027 /* OpenBSM-allocated. */ #define AUE_sudo 45028 /* OpenBSM-allocated. */ #define AUE_audit_recovery 45029 /* OpenBSM-allocated. */ #define AUE_ssauthmech 45030 /* Darwin-specific. */ #endif /* !_BSM_AUDIT_UEVENTS_H_ */ Index: head/contrib/openbsm/bsm/auditd_lib.h =================================================================== --- head/contrib/openbsm/bsm/auditd_lib.h (revision 292431) +++ head/contrib/openbsm/bsm/auditd_lib.h (revision 292432) @@ -1,110 +1,108 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#5 $ */ #ifndef _BSM_AUDITD_LIB_H_ #define _BSM_AUDITD_LIB_H_ /* * Lengths for audit trail file components. */ #define NOT_TERMINATED "not_terminated" #define CRASH_RECOVERY "crash_recovery" #define PREFIX_LEN (sizeof("YYYYMMDDhhmmss") - 1) #define POSTFIX_LEN PREFIX_LEN #define FILENAME_LEN (PREFIX_LEN + 1 + POSTFIX_LEN) #define TIMESTAMP_LEN POSTFIX_LEN /* * Macro to generate the timestamp string for trail file. */ #define getTSstr(t, b, l) \ ( (((t) = time(0)) == (time_t)-1 ) || \ !strftime((b), (l), "%Y%m%d%H%M%S", gmtime(&(t)) ) ) ? -1 : 0 /* * The symbolic link to the currently active audit trail file. */ #define AUDIT_CURRENT_LINK "/var/audit/current" /* * Path of auditd plist file for launchd. */ #define AUDITD_PLIST_FILE \ "/System/Library/LaunchDaemons/com.apple.auditd.plist" /* * Error return codes for auditd_lib functions. */ #define ADE_NOERR 0 /* No Error or Success. */ #define ADE_PARSE -1 /* Error parsing audit_control(5). */ #define ADE_AUDITON -2 /* auditon(2) call failed. */ #define ADE_NOMEM -3 /* Error allocating memory. */ #define ADE_SOFTLIM -4 /* All audit log directories over soft limit. */ #define ADE_HARDLIM -5 /* All audit log directories over hard limit. */ #define ADE_STRERR -6 /* Error creating file name string. */ #define ADE_AU_OPEN -7 /* au_open(3) failed. */ #define ADE_AU_CLOSE -8 /* au_close(3) failed. */ #define ADE_SETAUDIT -9 /* setaudit(2) or setaudit_addr(2) failed. */ #define ADE_ACTL -10 /* "Soft" error with auditctl(2). */ #define ADE_ACTLERR -11 /* "Hard" error with auditctl(2). */ #define ADE_SWAPERR -12 /* The audit trail file could not be swap. */ #define ADE_RENAME -13 /* Error renaming crash recovery file. */ #define ADE_READLINK -14 /* Error reading 'current' link. */ #define ADE_SYMLINK -15 /* Error creating 'current' link. */ #define ADE_INVAL -16 /* Invalid argument. */ #define ADE_GETADDR -17 /* Error resolving address from hostname. */ #define ADE_ADDRFAM -18 /* Address family not supported. */ #define ADE_EXPIRE -19 /* Error expiring audit trail files. */ /* * auditd_lib functions. */ const char *auditd_strerror(int errcode); int auditd_set_minfree(void); int auditd_expire_trails(int (*warn_expired)(char *)); int auditd_read_dirs(int (*warn_soft)(char *), int (*warn_hard)(char *)); void auditd_close_dirs(void); int auditd_set_dist(void); int auditd_set_evcmap(void); int auditd_set_namask(void); int auditd_set_policy(void); int auditd_set_fsize(void); int auditd_set_host(void); int auditd_swap_trail(char *TS, char **newfile, gid_t gid, int (*warn_getacdir)(char *)); int auditd_prevent_audit(void); int auditd_gen_record(int event, char *path); int auditd_new_curlink(char *curfile); int auditd_rename(const char *fromname, const char *toname); int audit_quick_start(void); int audit_quick_stop(void); #endif /* !_BSM_AUDITD_LIB_H_ */ Index: head/contrib/openbsm/bsm/libbsm.h =================================================================== --- head/contrib/openbsm/bsm/libbsm.h (revision 292431) +++ head/contrib/openbsm/bsm/libbsm.h (revision 292432) @@ -1,1342 +1,1340 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#50 $ */ #ifndef _LIBBSM_H_ #define _LIBBSM_H_ /* * NB: definitions, etc., marked with "OpenSSH compatibility" were introduced * solely to allow OpenSSH to compile; Darwin/Apple code should not use them. */ #include #include #include /* Required for audit.h. */ #include /* Required for clock_t on Linux. */ #include #include #include #ifdef __APPLE__ #include /* audit_token_t */ #endif /* * Size parsed token vectors for execve(2) arguments and environmental * variables. Note: changing these sizes affects the ABI of the token * structure, and as the token structure is often placed in the caller stack, * this is undesirable. */ #define AUDIT_MAX_ARGS 128 #define AUDIT_MAX_ENV 128 /* * Arguments to au_preselect(3). */ #define AU_PRS_USECACHE 0 #define AU_PRS_REREAD 1 #define AU_PRS_SUCCESS 1 #define AU_PRS_FAILURE 2 #define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) #define AUDIT_EVENT_FILE "/etc/security/audit_event" #define AUDIT_CLASS_FILE "/etc/security/audit_class" #define AUDIT_CONTROL_FILE "/etc/security/audit_control" #define AUDIT_USER_FILE "/etc/security/audit_user" #define DIR_CONTROL_ENTRY "dir" #define DIST_CONTROL_ENTRY "dist" #define FILESZ_CONTROL_ENTRY "filesz" #define FLAGS_CONTROL_ENTRY "flags" #define HOST_CONTROL_ENTRY "host" #define MINFREE_CONTROL_ENTRY "minfree" #define NA_CONTROL_ENTRY "naflags" #define POLICY_CONTROL_ENTRY "policy" #define EXPIRE_AFTER_CONTROL_ENTRY "expire-after" #define AU_CLASS_NAME_MAX 8 #define AU_CLASS_DESC_MAX 72 #define AU_EVENT_NAME_MAX 30 #define AU_EVENT_DESC_MAX 50 #define AU_USER_NAME_MAX 50 #define AU_LINE_MAX 256 #define MAX_AUDITSTRING_LEN 256 #define BSM_TEXTBUFSZ MAX_AUDITSTRING_LEN /* OpenSSH compatibility */ /* * Arguments to au_close(3). */ #define AU_TO_NO_WRITE 0 /* Abandon audit record. */ #define AU_TO_WRITE 1 /* Commit audit record. */ /* * Output format flags for au_print_flags_tok(). */ #define AU_OFLAG_NONE 0x0000 /* Default form. */ #define AU_OFLAG_RAW 0x0001 /* Raw, numeric form. */ #define AU_OFLAG_SHORT 0x0002 /* Short form. */ #define AU_OFLAG_XML 0x0004 /* XML form. */ #define AU_OFLAG_NORESOLVE 0x0008 /* No user/group name resolution. */ __BEGIN_DECLS struct au_event_ent { au_event_t ae_number; char *ae_name; char *ae_desc; au_class_t ae_class; }; typedef struct au_event_ent au_event_ent_t; struct au_class_ent { char *ac_name; au_class_t ac_class; char *ac_desc; }; typedef struct au_class_ent au_class_ent_t; struct au_user_ent { char *au_name; au_mask_t au_always; au_mask_t au_never; }; typedef struct au_user_ent au_user_ent_t; __END_DECLS #define ADD_TO_MASK(m, c, sel) do { \ if (sel & AU_PRS_SUCCESS) \ (m)->am_success |= c; \ if (sel & AU_PRS_FAILURE) \ (m)->am_failure |= c; \ } while (0) #define SUB_FROM_MASK(m, c, sel) do { \ if (sel & AU_PRS_SUCCESS) \ (m)->am_success &= ((m)->am_success ^ c); \ if (sel & AU_PRS_FAILURE) \ (m)->am_failure &= ((m)->am_failure ^ c); \ } while (0) #define ADDMASK(m, v) do { \ (m)->am_success |= (v)->am_success; \ (m)->am_failure |= (v)->am_failure; \ } while(0) #define SUBMASK(m, v) do { \ (m)->am_success &= ((m)->am_success ^ (v)->am_success); \ (m)->am_failure &= ((m)->am_failure ^ (v)->am_failure); \ } while(0) __BEGIN_DECLS typedef struct au_tid32 { u_int32_t port; u_int32_t addr; } au_tid32_t; typedef struct au_tid64 { u_int64_t port; u_int32_t addr; } au_tid64_t; typedef struct au_tidaddr32 { u_int32_t port; u_int32_t type; u_int32_t addr[4]; } au_tidaddr32_t; typedef struct au_tidaddr64 { u_int64_t port; u_int32_t type; u_int32_t addr[4]; } au_tidaddr64_t; /* * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) * text length 2 bytes * text N bytes + 1 terminating NULL byte */ typedef struct { u_char no; u_int32_t val; u_int16_t len; char *text; } au_arg32_t; typedef struct { u_char no; u_int64_t val; u_int16_t len; char *text; } au_arg64_t; /* * how to print 1 byte * basic unit 1 byte * unit count 1 byte * data items (depends on basic unit) */ typedef struct { u_char howtopr; u_char bu; u_char uc; u_char *data; } au_arb_t; /* * file access mode 4 bytes * owner user ID 4 bytes * owner group ID 4 bytes * file system ID 4 bytes * node ID 8 bytes * device 4 bytes/8 bytes (32-bit/64-bit) */ typedef struct { u_int32_t mode; u_int32_t uid; u_int32_t gid; u_int32_t fsid; u_int64_t nid; u_int32_t dev; } au_attr32_t; typedef struct { u_int32_t mode; u_int32_t uid; u_int32_t gid; u_int32_t fsid; u_int64_t nid; u_int64_t dev; } au_attr64_t; /* * count 4 bytes * text count null-terminated string(s) */ typedef struct { u_int32_t count; char *text[AUDIT_MAX_ARGS]; } au_execarg_t; /* * count 4 bytes * text count null-terminated string(s) */ typedef struct { u_int32_t count; char *text[AUDIT_MAX_ENV]; } au_execenv_t; /* * status 4 bytes * return value 4 bytes */ typedef struct { u_int32_t status; u_int32_t ret; } au_exit_t; /* * seconds of time 4 bytes * milliseconds of time 4 bytes * file name length 2 bytes * file pathname N bytes + 1 terminating NULL byte */ typedef struct { u_int32_t s; u_int32_t ms; u_int16_t len; char *name; } au_file_t; /* * number groups 2 bytes * group list N * 4 bytes */ typedef struct { u_int16_t no; u_int32_t list[AUDIT_MAX_GROUPS]; } au_groups_t; /* * record byte count 4 bytes * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ typedef struct { u_int32_t size; u_char version; u_int16_t e_type; u_int16_t e_mod; u_int32_t s; u_int32_t ms; } au_header32_t; /* * record byte count 4 bytes * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes * address type/length 1 byte (XXX: actually, 4 bytes) * machine address 4 bytes/16 bytes (IPv4/IPv6 address) * seconds of time 4 bytes/8 bytes (32/64-bits) * nanoseconds of time 4 bytes/8 bytes (32/64-bits) */ typedef struct { u_int32_t size; u_char version; u_int16_t e_type; u_int16_t e_mod; u_int32_t ad_type; u_int32_t addr[4]; u_int32_t s; u_int32_t ms; } au_header32_ex_t; typedef struct { u_int32_t size; u_char version; u_int16_t e_type; u_int16_t e_mod; u_int64_t s; u_int64_t ms; } au_header64_t; typedef struct { u_int32_t size; u_char version; u_int16_t e_type; u_int16_t e_mod; u_int32_t ad_type; u_int32_t addr[4]; u_int64_t s; u_int64_t ms; } au_header64_ex_t; /* * internet address 4 bytes */ typedef struct { u_int32_t addr; } au_inaddr_t; /* * type 4 bytes * internet address 16 bytes */ typedef struct { u_int32_t type; u_int32_t addr[4]; } au_inaddr_ex_t; /* * version and ihl 1 byte * type of service 1 byte * length 2 bytes * id 2 bytes * offset 2 bytes * ttl 1 byte * protocol 1 byte * checksum 2 bytes * source address 4 bytes * destination address 4 bytes */ typedef struct { u_char version; u_char tos; u_int16_t len; u_int16_t id; u_int16_t offset; u_char ttl; u_char prot; u_int16_t chksm; u_int32_t src; u_int32_t dest; } au_ip_t; /* * object ID type 1 byte * object ID 4 bytes */ typedef struct { u_char type; u_int32_t id; } au_ipc_t; /* * owner user ID 4 bytes * owner group ID 4 bytes * creator user ID 4 bytes * creator group ID 4 bytes * access mode 4 bytes * slot sequence # 4 bytes * key 4 bytes */ typedef struct { u_int32_t uid; u_int32_t gid; u_int32_t puid; u_int32_t pgid; u_int32_t mode; u_int32_t seq; u_int32_t key; } au_ipcperm_t; /* * port IP address 2 bytes */ typedef struct { u_int16_t port; } au_iport_t; /* * length 2 bytes * data length bytes */ typedef struct { u_int16_t size; char *data; } au_opaque_t; /* * path length 2 bytes * path N bytes + 1 terminating NULL byte */ typedef struct { u_int16_t len; char *path; } au_path_t; /* * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * machine address 4 bytes */ typedef struct { u_int32_t auid; u_int32_t euid; u_int32_t egid; u_int32_t ruid; u_int32_t rgid; u_int32_t pid; u_int32_t sid; au_tid32_t tid; } au_proc32_t; typedef struct { u_int32_t auid; u_int32_t euid; u_int32_t egid; u_int32_t ruid; u_int32_t rgid; u_int32_t pid; u_int32_t sid; au_tid64_t tid; } au_proc64_t; /* * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * type 4 bytes * machine address 16 bytes */ typedef struct { u_int32_t auid; u_int32_t euid; u_int32_t egid; u_int32_t ruid; u_int32_t rgid; u_int32_t pid; u_int32_t sid; au_tidaddr32_t tid; } au_proc32ex_t; typedef struct { u_int32_t auid; u_int32_t euid; u_int32_t egid; u_int32_t ruid; u_int32_t rgid; u_int32_t pid; u_int32_t sid; au_tidaddr64_t tid; } au_proc64ex_t; /* * error status 1 byte * return value 4 bytes/8 bytes (32-bit/64-bit value) */ typedef struct { u_char status; u_int32_t ret; } au_ret32_t; typedef struct { u_char err; u_int64_t val; } au_ret64_t; /* * sequence number 4 bytes */ typedef struct { u_int32_t seqno; } au_seq_t; /* * socket type 2 bytes * local port 2 bytes * local Internet address 4 bytes * remote port 2 bytes * remote Internet address 4 bytes */ typedef struct { u_int16_t type; u_int16_t l_port; u_int32_t l_addr; u_int16_t r_port; u_int32_t r_addr; } au_socket_t; /* * socket type 2 bytes * local port 2 bytes * address type/length 4 bytes * local Internet address 4 bytes/16 bytes (IPv4/IPv6 address) * remote port 4 bytes * address type/length 4 bytes * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address) */ typedef struct { u_int16_t domain; u_int16_t type; u_int16_t atype; u_int16_t l_port; u_int32_t l_addr[4]; u_int32_t r_port; u_int32_t r_addr[4]; } au_socket_ex32_t; /* * socket family 2 bytes * local port 2 bytes * socket address 4 bytes/16 bytes (IPv4/IPv6 address) */ typedef struct { u_int16_t family; u_int16_t port; u_int32_t addr[4]; } au_socketinet_ex32_t; typedef struct { u_int16_t family; u_int16_t port; u_int32_t addr; } au_socketinet32_t; /* * socket family 2 bytes * path 104 bytes */ typedef struct { u_int16_t family; char path[104]; } au_socketunix_t; /* * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * machine address 4 bytes */ typedef struct { u_int32_t auid; u_int32_t euid; u_int32_t egid; u_int32_t ruid; u_int32_t rgid; u_int32_t pid; u_int32_t sid; au_tid32_t tid; } au_subject32_t; typedef struct { u_int32_t auid; u_int32_t euid; u_int32_t egid; u_int32_t ruid; u_int32_t rgid; u_int32_t pid; u_int32_t sid; au_tid64_t tid; } au_subject64_t; /* * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * type 4 bytes * machine address 16 bytes */ typedef struct { u_int32_t auid; u_int32_t euid; u_int32_t egid; u_int32_t ruid; u_int32_t rgid; u_int32_t pid; u_int32_t sid; au_tidaddr32_t tid; } au_subject32ex_t; typedef struct { u_int32_t auid; u_int32_t euid; u_int32_t egid; u_int32_t ruid; u_int32_t rgid; u_int32_t pid; u_int32_t sid; au_tidaddr64_t tid; } au_subject64ex_t; /* * text length 2 bytes * text N bytes + 1 terminating NULL byte */ typedef struct { u_int16_t len; char *text; } au_text_t; /* * upriv status 1 byte * privstr len 2 bytes * privstr N bytes + 1 (\0 byte) */ typedef struct { u_int8_t sorf; u_int16_t privstrlen; char *priv; } au_priv_t; /* * privset * privtstrlen 2 bytes * privtstr N Bytes + 1 * privstrlen 2 bytes * privstr N Bytes + 1 */ typedef struct { u_int16_t privtstrlen; char *privtstr; u_int16_t privstrlen; char *privstr; } au_privset_t; /* * zonename length 2 bytes * zonename text N bytes + 1 NULL terminator */ typedef struct { u_int16_t len; char *zonename; } au_zonename_t; typedef struct { u_int32_t ident; u_int16_t filter; u_int16_t flags; u_int32_t fflags; u_int32_t data; } au_kevent_t; typedef struct { u_int16_t length; char *data; } au_invalid_t; /* * trailer magic number 2 bytes * record byte count 4 bytes */ typedef struct { u_int16_t magic; u_int32_t count; } au_trailer_t; struct tokenstr { u_char id; u_char *data; size_t len; union { au_arg32_t arg32; au_arg64_t arg64; au_arb_t arb; au_attr32_t attr32; au_attr64_t attr64; au_execarg_t execarg; au_execenv_t execenv; au_exit_t exit; au_file_t file; au_groups_t grps; au_header32_t hdr32; au_header32_ex_t hdr32_ex; au_header64_t hdr64; au_header64_ex_t hdr64_ex; au_inaddr_t inaddr; au_inaddr_ex_t inaddr_ex; au_ip_t ip; au_ipc_t ipc; au_ipcperm_t ipcperm; au_iport_t iport; au_opaque_t opaque; au_path_t path; au_proc32_t proc32; au_proc32ex_t proc32_ex; au_proc64_t proc64; au_proc64ex_t proc64_ex; au_ret32_t ret32; au_ret64_t ret64; au_seq_t seq; au_socket_t socket; au_socket_ex32_t socket_ex32; au_socketinet_ex32_t sockinet_ex32; au_socketunix_t sockunix; au_subject32_t subj32; au_subject32ex_t subj32_ex; au_subject64_t subj64; au_subject64ex_t subj64_ex; au_text_t text; au_kevent_t kevent; au_invalid_t invalid; au_trailer_t trail; au_zonename_t zonename; au_priv_t priv; au_privset_t privset; } tt; /* The token is one of the above types */ }; typedef struct tokenstr tokenstr_t; int audit_submit(short au_event, au_id_t auid, char status, int reterr, const char *fmt, ...); /* * Functions relating to querying audit class information. */ void setauclass(void); void endauclass(void); struct au_class_ent *getauclassent(void); struct au_class_ent *getauclassent_r(au_class_ent_t *class_int); struct au_class_ent *getauclassnam(const char *name); struct au_class_ent *getauclassnam_r(au_class_ent_t *class_int, const char *name); struct au_class_ent *getauclassnum(au_class_t class_number); struct au_class_ent *getauclassnum_r(au_class_ent_t *class_int, au_class_t class_number); /* * Functions relating to querying audit control information. */ void setac(void); void endac(void); int getacdir(char *name, int len); int getacdist(void); int getacexpire(int *andflg, time_t *age, size_t *size); int getacfilesz(size_t *size_val); int getacflg(char *auditstr, int len); int getachost(char *auditstr, size_t len); int getacmin(int *min_val); int getacna(char *auditstr, int len); int getacpol(char *auditstr, size_t len); int getauditflagsbin(char *auditstr, au_mask_t *masks); int getauditflagschar(char *auditstr, au_mask_t *masks, int verbose); int au_preselect(au_event_t event, au_mask_t *mask_p, int sorf, int flag); ssize_t au_poltostr(int policy, size_t maxsize, char *buf); int au_strtopol(const char *polstr, int *policy); /* * Functions relating to querying audit event information. */ void setauevent(void); void endauevent(void); struct au_event_ent *getauevent(void); struct au_event_ent *getauevent_r(struct au_event_ent *e); struct au_event_ent *getauevnam(const char *name); struct au_event_ent *getauevnam_r(struct au_event_ent *e, const char *name); struct au_event_ent *getauevnum(au_event_t event_number); struct au_event_ent *getauevnum_r(struct au_event_ent *e, au_event_t event_number); au_event_t *getauevnonam(const char *event_name); au_event_t *getauevnonam_r(au_event_t *ev, const char *event_name); /* * Functions relating to querying audit user information. */ void setauuser(void); void endauuser(void); struct au_user_ent *getauuserent(void); struct au_user_ent *getauuserent_r(struct au_user_ent *u); struct au_user_ent *getauusernam(const char *name); struct au_user_ent *getauusernam_r(struct au_user_ent *u, const char *name); int au_user_mask(char *username, au_mask_t *mask_p); int getfauditflags(au_mask_t *usremask, au_mask_t *usrdmask, au_mask_t *lastmask); /* * Functions for reading and printing records and tokens from audit trails. */ int au_read_rec(FILE *fp, u_char **buf); int au_fetch_tok(tokenstr_t *tok, u_char *buf, int len); //XXX The following interface has different prototype from BSM void au_print_tok(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm); void au_print_flags_tok(FILE *outfp, tokenstr_t *tok, char *del, int oflags); void au_print_tok_xml(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm); /* * Functions relating to XML output. */ void au_print_xml_header(FILE *outfp); void au_print_xml_footer(FILE *outfp); /* * BSM library routines for converting between local and BSM constant spaces. * (Note: some of these are replicated in audit_record.h for the benefit of * the FreeBSD and Mac OS X kernels) */ int au_bsm_to_domain(u_short bsm_domain, int *local_domainp); int au_bsm_to_errno(u_char bsm_error, int *errorp); int au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp); int au_bsm_to_socket_type(u_short bsm_socket_type, int *local_socket_typep); u_short au_domain_to_bsm(int local_domain); u_char au_errno_to_bsm(int local_errno); u_short au_fcntl_cmd_to_bsm(int local_fcntl_command); u_short au_socket_type_to_bsm(int local_socket_type); const char *au_strerror(u_char bsm_error); __END_DECLS /* * The remaining APIs are associated with Apple's BSM implementation, in * particular as relates to Mach IPC auditing and triggers passed via Mach * IPC. */ #ifdef __APPLE__ #include /************************************************************************** ************************************************************************** ** The following definitions, functions, etc., are NOT officially ** supported: they may be changed or removed in the future. Do not use ** them unless you are prepared to cope with that eventuality. ************************************************************************** **************************************************************************/ #ifdef __APPLE_API_PRIVATE #define __BSM_INTERNAL_NOTIFY_KEY "com.apple.audit.change" #endif /* __APPLE_API_PRIVATE */ /* * au_get_state() return values * XXX use AUC_* values directly instead (); AUDIT_OFF and * AUDIT_ON are deprecated and WILL be removed. */ #ifdef __APPLE_API_PRIVATE #define AUDIT_OFF AUC_NOAUDIT #define AUDIT_ON AUC_AUDITING #endif /* __APPLE_API_PRIVATE */ #endif /* !__APPLE__ */ /* * Error return codes for audit_set_terminal_id(), audit_write() and its * brethren. We have 255 (not including kAUNoErr) to play with. * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ enum { kAUNoErr = 0, kAUBadParamErr = -66049, kAUStatErr, kAUSysctlErr, kAUOpenErr, kAUMakeSubjectTokErr, kAUWriteSubjectTokErr, kAUWriteCallerTokErr, kAUMakeReturnTokErr, kAUWriteReturnTokErr, kAUCloseErr, kAUMakeTextTokErr, kAULastErr }; #ifdef __APPLE__ /* * Error return codes for au_get_state() and/or its private support * functions. These codes are designed to be compatible with the * NOTIFY_STATUS_* codes defined in but non-overlapping. * Any changes to notify(3) may cause these values to change in future. * * AU_UNIMPL should never happen unless you've changed your system software * without rebooting. Shame on you. */ #ifdef __APPLE_API_PRIVATE #define AU_UNIMPL NOTIFY_STATUS_FAILED + 1 /* audit unimplemented */ #endif /* __APPLE_API_PRIVATE */ #endif /* !__APPLE__ */ __BEGIN_DECLS /* * XXX This prototype should be in audit_record.h * * au_free_token() * * @summary - au_free_token() deallocates a token_t created by any of * the au_to_*() BSM API functions. * * The BSM API generally manages deallocation of token_t objects. However, * if au_write() is passed a bad audit descriptor, the token_t * parameter * will be left untouched. In that case, the caller can deallocate the * token_t using au_free_token() if desired. This is, in fact, what * audit_write() does, in keeping with the existing memory management model * of the BSM API. * * @param tok - A token_t * generated by one of the au_to_*() BSM API * calls. For convenience, tok may be NULL, in which case * au_free_token() returns immediately. * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ void au_free_token(token_t *tok); /* * Lightweight check to determine if auditing is enabled. If a client * wants to use this to govern whether an entire series of audit calls * should be made--as in the common case of a caller building a set of * tokens, then writing them--it should cache the audit status in a local * variable. This call always returns the current state of auditing. * * @return - AUC_AUDITING or AUC_NOAUDIT if no error occurred. * Otherwise the function can return any of the errno values defined for * setaudit(2), or AU_UNIMPL if audit does not appear to be supported by * the system. * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ int au_get_state(void); /* * Initialize the audit notification. If it has not already been initialized * it will automatically on the first call of au_get_state(). */ uint32_t au_notify_initialize(void); /* * Cancel audit notification and free the resources associated with it. * Responsible code that no longer needs to use au_get_state() should call * this. */ int au_notify_terminate(void); __END_DECLS /* OpenSSH compatibility */ int cannot_audit(int); __BEGIN_DECLS /* * audit_set_terminal_id() * * @summary - audit_set_terminal_id() fills in an au_tid_t struct, which is * used in audit session initialization by processes like /usr/bin/login. * * @param tid - A pointer to an au_tid_t struct. * * @return - kAUNoErr on success; kAUBadParamErr if tid is NULL, kAUStatErr * or kAUSysctlErr if one of the underlying system calls fails (a message * is sent to the system log in those cases). * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ int audit_set_terminal_id(au_tid_t *tid); /* * BEGIN au_write() WRAPPERS * * The following calls all wrap the existing BSM API. They use the * provided subject information, if any, to construct the subject token * required for every log message. They use the provided return/error * value(s), if any, to construct the success/failure indication required * for every log message. They only permit one "miscellaneous" token, * which should contain the event-specific logging information mandated by * CAPP. * * All these calls assume the caller has previously determined that * auditing is enabled by calling au_get_state(). */ /* * audit_write() * * @summary - audit_write() is the basis for the other audit_write_*() * calls. Performs a basic write of an audit record (subject, additional * info, success/failure). Note that this call only permits logging one * caller-specified token; clients needing to log more flexibly must use * the existing BSM API (au_open(), et al.) directly. * * Note on memory management: audit_write() guarantees that the token_t *s * passed to it will be deallocated whether or not the underlying write to * the audit log succeeded. This addresses an inconsistency in the * underlying BSM API in which token_t *s are usually but not always * deallocated. * * @param event_code - The code for the event being logged. This should * be one of the AUE_ values in /usr/include/bsm/audit_uevents.h. * * @param subject - A token_t * generated by au_to_subject(), * au_to_subject32(), au_to_subject64(), or au_to_me(). If no subject is * required, subject should be NULL. * * @param misctok - A token_t * generated by one of the au_to_*() BSM API * calls. This should correspond to the additional information required by * CAPP for the event being audited. If no additional information is * required, misctok should be NULL. * * @param retval - The return value to be logged for this event. This * should be 0 (zero) for success, otherwise the value is event-specific. * * @param errcode - Any error code associated with the return value (e.g., * errno or h_errno). If there was no error, errcode should be 0 (zero). * * @return - The status of the call: 0 (zero) on success, else one of the * kAU*Err values defined above. * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ int audit_write(short event_code, token_t *subject, token_t *misctok, char retval, int errcode); /* * audit_write_success() * * @summary - audit_write_success() records an auditable event that did not * encounter an error. The interface is designed to require as little * direct use of the au_to_*() API as possible. It builds a subject token * from the information passed in and uses that to invoke audit_write(). * A subject, as defined by CAPP, is a process acting on the user's behalf. * * If the subject information is the same as the current process, use * au_write_success_self(). * * @param event_code - The code for the event being logged. This should * be one of the AUE_ values in /usr/include/bsm/audit_uevents.h. * * @param misctok - A token_t * generated by one of the au_to_*() BSM API * calls. This should correspond to the additional information required by * CAPP for the event being audited. If no additional information is * required, misctok should be NULL. * * @param auid - The subject's audit ID. * * @param euid - The subject's effective user ID. * * @param egid - The subject's effective group ID. * * @param ruid - The subject's real user ID. * * @param rgid - The subject's real group ID. * * @param pid - The subject's process ID. * * @param sid - The subject's session ID. * * @param tid - The subject's terminal ID. * * @return - The status of the call: 0 (zero) on success, else one of the * kAU*Err values defined above. * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ int audit_write_success(short event_code, token_t *misctok, au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); /* * audit_write_success_self() * * @summary - Similar to audit_write_success(), but used when the subject * (process) is owned and operated by the auditable user him/herself. * * @param event_code - The code for the event being logged. This should * be one of the AUE_ values in /usr/include/bsm/audit_uevents.h. * * @param misctok - A token_t * generated by one of the au_to_*() BSM API * calls. This should correspond to the additional information required by * CAPP for the event being audited. If no additional information is * required, misctok should be NULL. * * @return - The status of the call: 0 (zero) on success, else one of the * kAU*Err values defined above. * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ int audit_write_success_self(short event_code, token_t *misctok); /* * audit_write_failure() * * @summary - audit_write_failure() records an auditable event that * encountered an error. The interface is designed to require as little * direct use of the au_to_*() API as possible. It builds a subject token * from the information passed in and uses that to invoke audit_write(). * A subject, as defined by CAPP, is a process acting on the user's behalf. * * If the subject information is the same as the current process, use * au_write_failure_self(). * * @param event_code - The code for the event being logged. This should * be one of the AUE_ values in /usr/include/bsm/audit_uevents.h. * * @param errmsg - A text message providing additional information about * the event being audited. * * @param errret - A numerical value providing additional information about * the error. This is intended to store the value of errno or h_errno if * it's relevant. This can be 0 (zero) if no additional information is * available. * * @param auid - The subject's audit ID. * * @param euid - The subject's effective user ID. * * @param egid - The subject's effective group ID. * * @param ruid - The subject's real user ID. * * @param rgid - The subject's real group ID. * * @param pid - The subject's process ID. * * @param sid - The subject's session ID. * * @param tid - The subject's terminal ID. * * @return - The status of the call: 0 (zero) on success, else one of the * kAU*Err values defined above. * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ int audit_write_failure(short event_code, char *errmsg, int errret, au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); /* * audit_write_failure_self() * * @summary - Similar to audit_write_failure(), but used when the subject * (process) is owned and operated by the auditable user him/herself. * * @param event_code - The code for the event being logged. This should * be one of the AUE_ values in /usr/include/bsm/audit_uevents.h. * * @param errmsg - A text message providing additional information about * the event being audited. * * @param errret - A numerical value providing additional information about * the error. This is intended to store the value of errno or h_errno if * it's relevant. This can be 0 (zero) if no additional information is * available. * * @return - The status of the call: 0 (zero) on success, else one of the * kAU*Err values defined above. * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ int audit_write_failure_self(short event_code, char *errmsg, int errret); /* * audit_write_failure_na() * * @summary - audit_write_failure_na() records errors during login. Such * errors are implicitly non-attributable (i.e., not ascribable to any user). * * @param event_code - The code for the event being logged. This should * be one of the AUE_ values in /usr/include/bsm/audit_uevents.h. * * @param errmsg - A text message providing additional information about * the event being audited. * * @param errret - A numerical value providing additional information about * the error. This is intended to store the value of errno or h_errno if * it's relevant. This can be 0 (zero) if no additional information is * available. * * @param euid - The subject's effective user ID. * * @param egid - The subject's effective group ID. * * @param pid - The subject's process ID. * * @param tid - The subject's terminal ID. * * @return - The status of the call: 0 (zero) on success, else one of the * kAU*Err values defined above. * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ int audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid, gid_t egid, pid_t pid, au_tid_t *tid); /* END au_write() WRAPPERS */ #ifdef __APPLE__ /* * audit_token_to_au32() * * @summary - Extract information from an audit_token_t, used to identify * Mach tasks and senders of Mach messages as subjects to the audit system. * audit_tokent_to_au32() is the only method that should be used to parse * an audit_token_t, since its internal representation may change over * time. A pointer parameter may be NULL if that information is not * needed. * * @param atoken - the audit token containing the desired information * * @param auidp - Pointer to a uid_t; on return will be set to the task or * sender's audit user ID * * @param euidp - Pointer to a uid_t; on return will be set to the task or * sender's effective user ID * * @param egidp - Pointer to a gid_t; on return will be set to the task or * sender's effective group ID * * @param ruidp - Pointer to a uid_t; on return will be set to the task or * sender's real user ID * * @param rgidp - Pointer to a gid_t; on return will be set to the task or * sender's real group ID * * @param pidp - Pointer to a pid_t; on return will be set to the task or * sender's process ID * * @param asidp - Pointer to an au_asid_t; on return will be set to the * task or sender's audit session ID * * @param tidp - Pointer to an au_tid_t; on return will be set to the task * or sender's terminal ID * * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE. */ void audit_token_to_au32( audit_token_t atoken, uid_t *auidp, uid_t *euidp, gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp, au_tid_t *tidp); #endif /* !__APPLE__ */ /* * Wrapper functions to auditon(2). */ int audit_get_car(char *path, size_t sz); int audit_get_class(au_evclass_map_t *evc_map, size_t sz); int audit_set_class(au_evclass_map_t *evc_map, size_t sz); int audit_get_cond(int *cond); int audit_set_cond(int *cond); int audit_get_cwd(char *path, size_t sz); int audit_get_fsize(au_fstat_t *fstat, size_t sz); int audit_set_fsize(au_fstat_t *fstat, size_t sz); int audit_get_kmask(au_mask_t *kmask, size_t sz); int audit_set_kmask(au_mask_t *kmask, size_t sz); int audit_get_kaudit(auditinfo_addr_t *aia, size_t sz); int audit_set_kaudit(auditinfo_addr_t *aia, size_t sz); int audit_set_pmask(auditpinfo_t *api, size_t sz); int audit_get_pinfo(auditpinfo_t *api, size_t sz); int audit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz); int audit_get_policy(int *policy); int audit_set_policy(int *policy); int audit_get_qctrl(au_qctrl_t *qctrl, size_t sz); int audit_set_qctrl(au_qctrl_t *qctrl, size_t sz); int audit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz); int audit_get_stat(au_stat_t *stats, size_t sz); int audit_set_stat(au_stat_t *stats, size_t sz); int audit_send_trigger(int *trigger); __END_DECLS #endif /* !_LIBBSM_H_ */ Index: head/contrib/openbsm/compat/clock_gettime.h =================================================================== --- head/contrib/openbsm/compat/clock_gettime.h (revision 292431) +++ head/contrib/openbsm/compat/clock_gettime.h (revision 292432) @@ -1,54 +1,52 @@ /*- * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/compat/clock_gettime.h#3 $ */ /* * Compatibility routines for clock_gettime(CLOCK_REALTIME, ...) for systems * that don't have it. We don't use clockid_t in order to avoid conflicts * with the native OS if it has one but not clock_gettime(). We also assume * that the sys/time.h include has already happened at this point, so we have * access to gettimeofday(). */ #include #define CLOCK_REALTIME 0x2d4e1588 static inline int clock_gettime(int clock_id, struct timespec *ts) { struct timeval tv; if (clock_id != CLOCK_REALTIME) { errno = EINVAL; return (-1); } if (gettimeofday(&tv, NULL) < 0) return (-1); ts->tv_sec = tv.tv_sec; ts->tv_nsec = tv.tv_usec * 1000; return (0); } Index: head/contrib/openbsm/compat/closefrom.h =================================================================== --- head/contrib/openbsm/compat/closefrom.h (revision 292431) +++ head/contrib/openbsm/compat/closefrom.h (revision 292432) @@ -1,53 +1,51 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/compat/closefrom.h#1 $ */ #ifndef _CLOSEFROM_H_ #define _CLOSEFROM_H_ #include static void closefrom(int lowfd) { int error, fd, maxfd; error = errno; maxfd = sysconf(_SC_OPEN_MAX); if (maxfd < 0) maxfd = 16384; for (fd = lowfd; fd <= maxfd; fd++) (void)close(fd); errno = error; } #endif /* !_CLOSEFROM_H_ */ Index: head/contrib/openbsm/compat/compat.h =================================================================== --- head/contrib/openbsm/compat/compat.h (revision 292431) +++ head/contrib/openbsm/compat/compat.h (revision 292432) @@ -1,59 +1,57 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/compat/compat.h#1 $ */ #ifndef _COMPAT_H_ #define _COMPAT_H_ #include #include #ifndef MSG_NOSIGNAL #define MSG_NOSIGNAL 0 #endif #ifndef __unused #define __unused __attribute__((__unused__)) #endif #ifndef __packed #define __packed __attribute__((__packed__)) #endif #ifndef __dead2 #define __dead2 __attribute__((__noreturn__)) #endif #ifndef __printflike #define __printflike(fmtarg, firstvararg) \ __attribute__((__format__ (__printf__, fmtarg, firstvararg))) #endif #endif /* !_COMPAT_H_ */ Index: head/contrib/openbsm/compat/endian.h =================================================================== --- head/contrib/openbsm/compat/endian.h (revision 292431) +++ head/contrib/openbsm/compat/endian.h (revision 292432) @@ -1,156 +1,155 @@ /*- * Copyright (c) 2002 Thomas Moestl * Copyright (c) 2005 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * Derived from FreeBSD src/sys/sys/endian.h:1.6. - * $P4: //depot/projects/trustedbsd/openbsm/compat/endian.h#10 $ */ #ifndef _COMPAT_ENDIAN_H_ #define _COMPAT_ENDIAN_H_ /* * Some systems will have the uint/int types defined here already, others * will need stdint.h. */ #ifdef HAVE_STDINT_H #include #endif /* * Some operating systems do not yet have the more recent endian APIs that * permit encoding to and decoding from byte streams. For those systems, we * implement local non-optimized versions. */ static __inline uint16_t bswap16(uint16_t int16) { const unsigned char *from; unsigned char *to; uint16_t t; from = (const unsigned char *) &int16; to = (unsigned char *) &t; to[0] = from[1]; to[1] = from[0]; return (t); } static __inline uint32_t bswap32(uint32_t int32) { const unsigned char *from; unsigned char *to; uint32_t t; from = (const unsigned char *) &int32; to = (unsigned char *) &t; to[0] = from[3]; to[1] = from[2]; to[2] = from[1]; to[3] = from[0]; return (t); } static __inline uint64_t bswap64(uint64_t int64) { const unsigned char *from; unsigned char *to; uint64_t t; from = (const unsigned char *) &int64; to = (unsigned char *) &t; to[0] = from[7]; to[1] = from[6]; to[2] = from[5]; to[3] = from[4]; to[4] = from[3]; to[5] = from[2]; to[6] = from[1]; to[7] = from[0]; return (t); } #if defined(BYTE_ORDER) && !defined(_BYTE_ORDER) #define _BYTE_ORDER BYTE_ORDER #endif #if !defined(_BYTE_ORDER) #error "Neither BYTE_ORDER nor _BYTE_ORDER defined" #endif #if defined(BIG_ENDIAN) && !defined(_BIG_ENDIAN) #define _BIG_ENDIAN BIG_ENDIAN #endif #if defined(LITTLE_ENDIAN) && !defined(_LITTLE_ENDIAN) #define _LITTLE_ENDIAN LITTLE_ENDIAN #endif /* XXX: Hack. */ #ifndef htobe16 /* * Host to big endian, host to little endian, big endian to host, and little * endian to host byte order functions as detailed in byteorder(9). */ #if _BYTE_ORDER == _LITTLE_ENDIAN #define htobe16(x) bswap16((x)) #define htobe32(x) bswap32((x)) #define htobe64(x) bswap64((x)) #define htole16(x) ((uint16_t)(x)) #define htole32(x) ((uint32_t)(x)) #define htole64(x) ((uint64_t)(x)) #define be16toh(x) bswap16((x)) #define be32toh(x) bswap32((x)) #define be64toh(x) bswap64((x)) #define le16toh(x) ((uint16_t)(x)) #define le32toh(x) ((uint32_t)(x)) #define le64toh(x) ((uint64_t)(x)) #else /* _BYTE_ORDER != _LITTLE_ENDIAN */ #define htobe16(x) ((uint16_t)(x)) #define htobe32(x) ((uint32_t)(x)) #define htobe64(x) ((uint64_t)(x)) #define htole16(x) bswap16((x)) #define htole32(x) bswap32((x)) #define htole64(x) bswap64((x)) #define be16toh(x) ((uint16_t)(x)) #define be32toh(x) ((uint32_t)(x)) #define be64toh(x) ((uint64_t)(x)) #define le16toh(x) bswap16((x)) #define le32toh(x) bswap32((x)) #define le64toh(x) bswap64((x)) #endif /* _BYTE_ORDER == _LITTLE_ENDIAN */ #endif #endif /* _COMPAT_ENDIAN_H_ */ Index: head/contrib/openbsm/compat/endian_enc.h =================================================================== --- head/contrib/openbsm/compat/endian_enc.h (revision 292431) +++ head/contrib/openbsm/compat/endian_enc.h (revision 292432) @@ -1,150 +1,149 @@ /*- * Copyright (c) 2002 Thomas Moestl * Copyright (c) 2005 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * Derived from FreeBSD src/sys/sys/endian.h:1.6. - * $P4: //depot/projects/trustedbsd/openbsm/compat/endian_enc.h#1 $ */ #ifndef _COMPAT_ENDIAN_ENC_H_ #define _COMPAT_ENDIAN_ENC_H_ /* * Some systems will have the uint/int types defined here already, others * will need stdint.h. */ #ifdef HAVE_STDINT_H #include #endif /* Alignment-agnostic encode/decode bytestream to/from little/big endian. */ static __inline uint16_t be16dec(const void *pp) { unsigned char const *p = (unsigned char const *)pp; return ((p[0] << 8) | p[1]); } static __inline uint32_t be32dec(const void *pp) { unsigned char const *p = (unsigned char const *)pp; return ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); } static __inline uint64_t be64dec(const void *pp) { unsigned char const *p = (unsigned char const *)pp; return (((uint64_t)be32dec(p) << 32) | be32dec(p + 4)); } static __inline uint16_t le16dec(const void *pp) { unsigned char const *p = (unsigned char const *)pp; return ((p[1] << 8) | p[0]); } static __inline uint32_t le32dec(const void *pp) { unsigned char const *p = (unsigned char const *)pp; return ((p[3] << 24) | (p[2] << 16) | (p[1] << 8) | p[0]); } static __inline uint64_t le64dec(const void *pp) { unsigned char const *p = (unsigned char const *)pp; return (((uint64_t)le32dec(p + 4) << 32) | le32dec(p)); } static __inline void be16enc(void *pp, uint16_t u) { unsigned char *p = (unsigned char *)pp; p[0] = (u >> 8) & 0xff; p[1] = u & 0xff; } static __inline void be32enc(void *pp, uint32_t u) { unsigned char *p = (unsigned char *)pp; p[0] = (u >> 24) & 0xff; p[1] = (u >> 16) & 0xff; p[2] = (u >> 8) & 0xff; p[3] = u & 0xff; } static __inline void be64enc(void *pp, uint64_t u) { unsigned char *p = (unsigned char *)pp; be32enc(p, u >> 32); be32enc(p + 4, u & 0xffffffff); } static __inline void le16enc(void *pp, uint16_t u) { unsigned char *p = (unsigned char *)pp; p[0] = u & 0xff; p[1] = (u >> 8) & 0xff; } static __inline void le32enc(void *pp, uint32_t u) { unsigned char *p = (unsigned char *)pp; p[0] = u & 0xff; p[1] = (u >> 8) & 0xff; p[2] = (u >> 16) & 0xff; p[3] = (u >> 24) & 0xff; } static __inline void le64enc(void *pp, uint64_t u) { unsigned char *p = (unsigned char *)pp; le32enc(p, u & 0xffffffff); le32enc(p + 4, u >> 32); } #endif /* _COMPAT_ENDIAN_ENC_H_ */ Index: head/contrib/openbsm/compat/flopen.h =================================================================== --- head/contrib/openbsm/compat/flopen.h (revision 292431) +++ head/contrib/openbsm/compat/flopen.h (revision 292432) @@ -1,103 +1,102 @@ /*- * Copyright (c) 2007 Dag-Erling Coïdan Smørgrav * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer * in this position and unchanged. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * Derived from FreeBSD head/lib/libutil/flopen.c r193591 - * $P4: //depot/projects/trustedbsd/openbsm/compat/flopen.h#1 $ */ #include #include #include #include #include static int flopen(const char *path, int flags, ...) { int fd, operation, serrno, trunc; struct stat sb, fsb; mode_t mode; #ifdef O_EXLOCK flags &= ~O_EXLOCK; #endif mode = 0; if (flags & O_CREAT) { va_list ap; va_start(ap, flags); mode = (mode_t)va_arg(ap, int); /* mode_t promoted to int */ va_end(ap); } operation = LOCK_EX; if (flags & O_NONBLOCK) operation |= LOCK_NB; trunc = (flags & O_TRUNC); flags &= ~O_TRUNC; for (;;) { if ((fd = open(path, flags, mode)) == -1) /* non-existent or no access */ return (-1); if (flock(fd, operation) == -1) { /* unsupported or interrupted */ serrno = errno; (void)close(fd); errno = serrno; return (-1); } if (stat(path, &sb) == -1) { /* disappeared from under our feet */ (void)close(fd); continue; } if (fstat(fd, &fsb) == -1) { /* can't happen [tm] */ serrno = errno; (void)close(fd); errno = serrno; return (-1); } if (sb.st_dev != fsb.st_dev || sb.st_ino != fsb.st_ino) { /* changed under our feet */ (void)close(fd); continue; } if (trunc && ftruncate(fd, 0) != 0) { /* can't happen [tm] */ serrno = errno; (void)close(fd); errno = serrno; return (-1); } return (fd); } } Index: head/contrib/openbsm/compat/pidfile.h =================================================================== --- head/contrib/openbsm/compat/pidfile.h (revision 292431) +++ head/contrib/openbsm/compat/pidfile.h (revision 292432) @@ -1,293 +1,292 @@ /*- * Copyright (c) 2005 Pawel Jakub Dawidek * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * Derived from FreeBSD head/lib/libutil/pidfile.c r231938 - * $P4: //depot/projects/trustedbsd/openbsm/compat/pidfile.h#1 $ */ #include #include #include #include #include #include #include #include #include #include #include #include "flopen.h" struct pidfh { int pf_fd; char pf_path[MAXPATHLEN + 1]; dev_t pf_dev; ino_t pf_ino; }; static int _pidfile_remove(struct pidfh *pfh, int freeit); static int pidfile_verify(const struct pidfh *pfh) { struct stat sb; if (pfh == NULL || pfh->pf_fd == -1) return (EINVAL); /* * Check remembered descriptor. */ if (fstat(pfh->pf_fd, &sb) == -1) return (errno); if (sb.st_dev != pfh->pf_dev || sb.st_ino != pfh->pf_ino) return (EINVAL); return (0); } static int pidfile_read(const char *path, pid_t *pidptr) { char buf[16], *endptr; int error, fd, i; fd = open(path, O_RDONLY); if (fd == -1) return (errno); i = read(fd, buf, sizeof(buf) - 1); error = errno; /* Remember errno in case close() wants to change it. */ close(fd); if (i == -1) return (error); else if (i == 0) return (EAGAIN); buf[i] = '\0'; *pidptr = strtol(buf, &endptr, 10); if (endptr != &buf[i]) return (EINVAL); return (0); } static struct pidfh * pidfile_open(const char *path, mode_t mode, pid_t *pidptr) { struct pidfh *pfh; struct stat sb; int error, fd, len, count; struct timespec rqtp; if (pidptr != NULL) *pidptr = -1; if (path == NULL) return (NULL); pfh = malloc(sizeof(*pfh)); if (pfh == NULL) return (NULL); len = snprintf(pfh->pf_path, sizeof(pfh->pf_path), "%s", path); if (len >= (int)sizeof(pfh->pf_path)) { free(pfh); errno = ENAMETOOLONG; return (NULL); } /* * Open the PID file and obtain exclusive lock. * We truncate PID file here only to remove old PID immediatelly, * PID file will be truncated again in pidfile_write(), so * pidfile_write() can be called multiple times. */ fd = flopen(pfh->pf_path, #ifdef O_CLOEXEC O_WRONLY | O_CREAT | O_TRUNC | O_NONBLOCK | O_CLOEXEC, mode); #else O_WRONLY | O_CREAT | O_TRUNC | O_NONBLOCK, mode); #endif if (fd == -1) { if (errno == EWOULDBLOCK && pidptr != NULL) { count = 20; rqtp.tv_sec = 0; rqtp.tv_nsec = 5000000; for (;;) { errno = pidfile_read(pfh->pf_path, pidptr); if (errno != EAGAIN || --count == 0) break; nanosleep(&rqtp, 0); } if (errno == EAGAIN) *pidptr = -1; if (errno == 0 || errno == EAGAIN) errno = EEXIST; } free(pfh); return (NULL); } #ifndef O_CLOEXEC if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { error = errno; unlink(pfh->pf_path); close(fd); free(pfh); errno = error; return (NULL); } #endif /* * Remember file information, so in pidfile_write() we are sure we write * to the proper descriptor. */ if (fstat(fd, &sb) == -1) { error = errno; unlink(pfh->pf_path); close(fd); free(pfh); errno = error; return (NULL); } pfh->pf_fd = fd; pfh->pf_dev = sb.st_dev; pfh->pf_ino = sb.st_ino; return (pfh); } static int pidfile_write(struct pidfh *pfh) { char pidstr[16]; int error, fd; /* * Check remembered descriptor, so we don't overwrite some other * file if pidfile was closed and descriptor reused. */ errno = pidfile_verify(pfh); if (errno != 0) { /* * Don't close descriptor, because we are not sure if it's ours. */ return (-1); } fd = pfh->pf_fd; /* * Truncate PID file, so multiple calls of pidfile_write() are allowed. */ if (ftruncate(fd, 0) == -1) { error = errno; _pidfile_remove(pfh, 0); errno = error; return (-1); } snprintf(pidstr, sizeof(pidstr), "%u", getpid()); if (pwrite(fd, pidstr, strlen(pidstr), 0) != (ssize_t)strlen(pidstr)) { error = errno; _pidfile_remove(pfh, 0); errno = error; return (-1); } return (0); } static int pidfile_close(struct pidfh *pfh) { int error; error = pidfile_verify(pfh); if (error != 0) { errno = error; return (-1); } if (close(pfh->pf_fd) == -1) error = errno; free(pfh); if (error != 0) { errno = error; return (-1); } return (0); } static int _pidfile_remove(struct pidfh *pfh, int freeit) { int error; error = pidfile_verify(pfh); if (error != 0) { errno = error; return (-1); } if (unlink(pfh->pf_path) == -1) error = errno; if (close(pfh->pf_fd) == -1) { if (error == 0) error = errno; } if (freeit) free(pfh); else pfh->pf_fd = -1; if (error != 0) { errno = error; return (-1); } return (0); } static int pidfile_remove(struct pidfh *pfh) { return (_pidfile_remove(pfh, 1)); } #if 0 static int pidfile_fileno(const struct pidfh *pfh) { if (pfh == NULL || pfh->pf_fd == -1) { errno = EINVAL; return (-1); } return (pfh->pf_fd); } #endif Index: head/contrib/openbsm/compat/queue.h =================================================================== --- head/contrib/openbsm/compat/queue.h (revision 292431) +++ head/contrib/openbsm/compat/queue.h (revision 292432) @@ -1,542 +1,541 @@ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)queue.h 8.5 (Berkeley) 8/20/94 * * Derived from FreeBSD src/sys/sys/queue.h:1.63. - * $P4: //depot/projects/trustedbsd/openbsm/compat/queue.h#3 $ */ #ifndef _COMPAT_QUEUE_H_ #define _COMPAT_QUEUE_H_ #include /* * This file defines four types of data structures: singly-linked lists, * singly-linked tail queues, lists and tail queues. * * A singly-linked list is headed by a single forward pointer. The elements * are singly linked for minimum space and pointer manipulation overhead at * the expense of O(n) removal for arbitrary elements. New elements can be * added to the list after an existing element or at the head of the list. * Elements being removed from the head of the list should use the explicit * macro for this purpose for optimum efficiency. A singly-linked list may * only be traversed in the forward direction. Singly-linked lists are ideal * for applications with large datasets and few or no removals or for * implementing a LIFO queue. * * A singly-linked tail queue is headed by a pair of pointers, one to the * head of the list and the other to the tail of the list. The elements are * singly linked for minimum space and pointer manipulation overhead at the * expense of O(n) removal for arbitrary elements. New elements can be added * to the list after an existing element, at the head of the list, or at the * end of the list. Elements being removed from the head of the tail queue * should use the explicit macro for this purpose for optimum efficiency. * A singly-linked tail queue may only be traversed in the forward direction. * Singly-linked tail queues are ideal for applications with large datasets * and few or no removals or for implementing a FIFO queue. * * A list is headed by a single forward pointer (or an array of forward * pointers for a hash table header). The elements are doubly linked * so that an arbitrary element can be removed without a need to * traverse the list. New elements can be added to the list before * or after an existing element or at the head of the list. A list * may only be traversed in the forward direction. * * A tail queue is headed by a pair of pointers, one to the head of the * list and the other to the tail of the list. The elements are doubly * linked so that an arbitrary element can be removed without a need to * traverse the list. New elements can be added to the list before or * after an existing element, at the head of the list, or at the end of * the list. A tail queue may be traversed in either direction. * * For details on the use of these macros, see the queue(3) manual page. * * * SLIST LIST STAILQ TAILQ * _HEAD + + + + * _HEAD_INITIALIZER + + + + * _ENTRY + + + + * _INIT + + + + * _EMPTY + + + + * _FIRST + + + + * _NEXT + + + + * _PREV - - - + * _LAST - - + + * _FOREACH + + + + * _FOREACH_SAFE + + + + * _FOREACH_REVERSE - - - + * _FOREACH_REVERSE_SAFE - - - + * _INSERT_HEAD + + + + * _INSERT_BEFORE - + - + * _INSERT_AFTER + + + + * _INSERT_TAIL - - + + * _CONCAT - - + + * _REMOVE_HEAD + - + - * _REMOVE + + + + * */ #ifdef QUEUE_MACRO_DEBUG /* Store the last 2 places the queue element or head was altered */ struct qm_trace { char * lastfile; int lastline; char * prevfile; int prevline; }; #define TRACEBUF struct qm_trace trace; #define TRASHIT(x) do {(x) = (void *)-1;} while (0) #define QMD_TRACE_HEAD(head) do { \ (head)->trace.prevline = (head)->trace.lastline; \ (head)->trace.prevfile = (head)->trace.lastfile; \ (head)->trace.lastline = __LINE__; \ (head)->trace.lastfile = __FILE__; \ } while (0) #define QMD_TRACE_ELEM(elem) do { \ (elem)->trace.prevline = (elem)->trace.lastline; \ (elem)->trace.prevfile = (elem)->trace.lastfile; \ (elem)->trace.lastline = __LINE__; \ (elem)->trace.lastfile = __FILE__; \ } while (0) #else #define QMD_TRACE_ELEM(elem) #define QMD_TRACE_HEAD(head) #define TRACEBUF #define TRASHIT(x) #endif /* QUEUE_MACRO_DEBUG */ /* * Singly-linked List declarations. */ #define SLIST_HEAD(name, type) \ struct name { \ struct type *slh_first; /* first element */ \ } #define SLIST_HEAD_INITIALIZER(head) \ { NULL } #define SLIST_ENTRY(type) \ struct { \ struct type *sle_next; /* next element */ \ } /* * Singly-linked List functions. */ #define SLIST_EMPTY(head) ((head)->slh_first == NULL) #define SLIST_FIRST(head) ((head)->slh_first) #define SLIST_FOREACH(var, head, field) \ for ((var) = SLIST_FIRST((head)); \ (var); \ (var) = SLIST_NEXT((var), field)) #define SLIST_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = SLIST_FIRST((head)); \ (var) && ((tvar) = SLIST_NEXT((var), field), 1); \ (var) = (tvar)) #define SLIST_FOREACH_PREVPTR(var, varp, head, field) \ for ((varp) = &SLIST_FIRST((head)); \ ((var) = *(varp)) != NULL; \ (varp) = &SLIST_NEXT((var), field)) #define SLIST_INIT(head) do { \ SLIST_FIRST((head)) = NULL; \ } while (0) #define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ SLIST_NEXT((elm), field) = SLIST_NEXT((slistelm), field); \ SLIST_NEXT((slistelm), field) = (elm); \ } while (0) #define SLIST_INSERT_HEAD(head, elm, field) do { \ SLIST_NEXT((elm), field) = SLIST_FIRST((head)); \ SLIST_FIRST((head)) = (elm); \ } while (0) #define SLIST_NEXT(elm, field) ((elm)->field.sle_next) #define SLIST_REMOVE(head, elm, type, field) do { \ if (SLIST_FIRST((head)) == (elm)) { \ SLIST_REMOVE_HEAD((head), field); \ } \ else { \ struct type *curelm = SLIST_FIRST((head)); \ while (SLIST_NEXT(curelm, field) != (elm)) \ curelm = SLIST_NEXT(curelm, field); \ SLIST_NEXT(curelm, field) = \ SLIST_NEXT(SLIST_NEXT(curelm, field), field); \ } \ TRASHIT((elm)->field.sle_next); \ } while (0) #define SLIST_REMOVE_HEAD(head, field) do { \ SLIST_FIRST((head)) = SLIST_NEXT(SLIST_FIRST((head)), field); \ } while (0) /* * Singly-linked Tail queue declarations. */ #define STAILQ_HEAD(name, type) \ struct name { \ struct type *stqh_first;/* first element */ \ struct type **stqh_last;/* addr of last next element */ \ } #define STAILQ_HEAD_INITIALIZER(head) \ { NULL, &(head).stqh_first } #define STAILQ_ENTRY(type) \ struct { \ struct type *stqe_next; /* next element */ \ } /* * Singly-linked Tail queue functions. */ #define STAILQ_CONCAT(head1, head2) do { \ if (!STAILQ_EMPTY((head2))) { \ *(head1)->stqh_last = (head2)->stqh_first; \ (head1)->stqh_last = (head2)->stqh_last; \ STAILQ_INIT((head2)); \ } \ } while (0) #define STAILQ_EMPTY(head) ((head)->stqh_first == NULL) #define STAILQ_FIRST(head) ((head)->stqh_first) #define STAILQ_FOREACH(var, head, field) \ for((var) = STAILQ_FIRST((head)); \ (var); \ (var) = STAILQ_NEXT((var), field)) #define STAILQ_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = STAILQ_FIRST((head)); \ (var) && ((tvar) = STAILQ_NEXT((var), field), 1); \ (var) = (tvar)) #define STAILQ_INIT(head) do { \ STAILQ_FIRST((head)) = NULL; \ (head)->stqh_last = &STAILQ_FIRST((head)); \ } while (0) #define STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \ if ((STAILQ_NEXT((elm), field) = STAILQ_NEXT((tqelm), field)) == NULL)\ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ STAILQ_NEXT((tqelm), field) = (elm); \ } while (0) #define STAILQ_INSERT_HEAD(head, elm, field) do { \ if ((STAILQ_NEXT((elm), field) = STAILQ_FIRST((head))) == NULL) \ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ STAILQ_FIRST((head)) = (elm); \ } while (0) #define STAILQ_INSERT_TAIL(head, elm, field) do { \ STAILQ_NEXT((elm), field) = NULL; \ *(head)->stqh_last = (elm); \ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ } while (0) #define STAILQ_LAST(head, type, field) \ (STAILQ_EMPTY((head)) ? \ NULL : \ ((struct type *) \ ((char *)((head)->stqh_last) - __offsetof(struct type, field)))) #define STAILQ_NEXT(elm, field) ((elm)->field.stqe_next) #define STAILQ_REMOVE(head, elm, type, field) do { \ if (STAILQ_FIRST((head)) == (elm)) { \ STAILQ_REMOVE_HEAD((head), field); \ } \ else { \ struct type *curelm = STAILQ_FIRST((head)); \ while (STAILQ_NEXT(curelm, field) != (elm)) \ curelm = STAILQ_NEXT(curelm, field); \ if ((STAILQ_NEXT(curelm, field) = \ STAILQ_NEXT(STAILQ_NEXT(curelm, field), field)) == NULL)\ (head)->stqh_last = &STAILQ_NEXT((curelm), field);\ } \ TRASHIT((elm)->field.stqe_next); \ } while (0) #define STAILQ_REMOVE_HEAD(head, field) do { \ if ((STAILQ_FIRST((head)) = \ STAILQ_NEXT(STAILQ_FIRST((head)), field)) == NULL) \ (head)->stqh_last = &STAILQ_FIRST((head)); \ } while (0) #define STAILQ_REMOVE_HEAD_UNTIL(head, elm, field) do { \ if ((STAILQ_FIRST((head)) = STAILQ_NEXT((elm), field)) == NULL) \ (head)->stqh_last = &STAILQ_FIRST((head)); \ } while (0) /* * List declarations. */ #define LIST_HEAD(name, type) \ struct name { \ struct type *lh_first; /* first element */ \ } #define LIST_HEAD_INITIALIZER(head) \ { NULL } #define LIST_ENTRY(type) \ struct { \ struct type *le_next; /* next element */ \ struct type **le_prev; /* address of previous next element */ \ } /* * List functions. */ #if (defined(_KERNEL) && defined(INVARIANTS)) || defined(QUEUE_MACRO_DEBUG) #define QMD_LIST_CHECK_HEAD(head, field) do { \ if (LIST_FIRST((head)) != NULL && \ LIST_FIRST((head))->field.le_prev != \ &LIST_FIRST((head))) \ panic("Bad list head %p first->prev != head", (head)); \ } while (0) #define QMD_LIST_CHECK_NEXT(elm, field) do { \ if (LIST_NEXT((elm), field) != NULL && \ LIST_NEXT((elm), field)->field.le_prev != \ &((elm)->field.le_next)) \ panic("Bad link elm %p next->prev != elm", (elm)); \ } while (0) #define QMD_LIST_CHECK_PREV(elm, field) do { \ if (*(elm)->field.le_prev != (elm)) \ panic("Bad link elm %p prev->next != elm", (elm)); \ } while (0) #else #define QMD_LIST_CHECK_HEAD(head, field) #define QMD_LIST_CHECK_NEXT(elm, field) #define QMD_LIST_CHECK_PREV(elm, field) #endif /* (_KERNEL && INVARIANTS) || QUEUE_MACRO_DEBUG */ #define LIST_EMPTY(head) ((head)->lh_first == NULL) #define LIST_FIRST(head) ((head)->lh_first) #define LIST_FOREACH(var, head, field) \ for ((var) = LIST_FIRST((head)); \ (var); \ (var) = LIST_NEXT((var), field)) #define LIST_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = LIST_FIRST((head)); \ (var) && ((tvar) = LIST_NEXT((var), field), 1); \ (var) = (tvar)) #define LIST_INIT(head) do { \ LIST_FIRST((head)) = NULL; \ } while (0) #define LIST_INSERT_AFTER(listelm, elm, field) do { \ QMD_LIST_CHECK_NEXT(listelm, field); \ if ((LIST_NEXT((elm), field) = LIST_NEXT((listelm), field)) != NULL)\ LIST_NEXT((listelm), field)->field.le_prev = \ &LIST_NEXT((elm), field); \ LIST_NEXT((listelm), field) = (elm); \ (elm)->field.le_prev = &LIST_NEXT((listelm), field); \ } while (0) #define LIST_INSERT_BEFORE(listelm, elm, field) do { \ QMD_LIST_CHECK_PREV(listelm, field); \ (elm)->field.le_prev = (listelm)->field.le_prev; \ LIST_NEXT((elm), field) = (listelm); \ *(listelm)->field.le_prev = (elm); \ (listelm)->field.le_prev = &LIST_NEXT((elm), field); \ } while (0) #define LIST_INSERT_HEAD(head, elm, field) do { \ QMD_LIST_CHECK_HEAD((head), field); \ if ((LIST_NEXT((elm), field) = LIST_FIRST((head))) != NULL) \ LIST_FIRST((head))->field.le_prev = &LIST_NEXT((elm), field);\ LIST_FIRST((head)) = (elm); \ (elm)->field.le_prev = &LIST_FIRST((head)); \ } while (0) #define LIST_NEXT(elm, field) ((elm)->field.le_next) #define LIST_REMOVE(elm, field) do { \ QMD_LIST_CHECK_NEXT(elm, field); \ QMD_LIST_CHECK_PREV(elm, field); \ if (LIST_NEXT((elm), field) != NULL) \ LIST_NEXT((elm), field)->field.le_prev = \ (elm)->field.le_prev; \ *(elm)->field.le_prev = LIST_NEXT((elm), field); \ TRASHIT((elm)->field.le_next); \ TRASHIT((elm)->field.le_prev); \ } while (0) /* * Tail queue declarations. */ #define TAILQ_HEAD(name, type) \ struct name { \ struct type *tqh_first; /* first element */ \ struct type **tqh_last; /* addr of last next element */ \ TRACEBUF \ } #define TAILQ_HEAD_INITIALIZER(head) \ { NULL, &(head).tqh_first } #define TAILQ_ENTRY(type) \ struct { \ struct type *tqe_next; /* next element */ \ struct type **tqe_prev; /* address of previous next element */ \ TRACEBUF \ } /* * Tail queue functions. */ #define TAILQ_CONCAT(head1, head2, field) do { \ if (!TAILQ_EMPTY(head2)) { \ *(head1)->tqh_last = (head2)->tqh_first; \ (head2)->tqh_first->field.tqe_prev = (head1)->tqh_last; \ (head1)->tqh_last = (head2)->tqh_last; \ TAILQ_INIT((head2)); \ QMD_TRACE_HEAD(head1); \ QMD_TRACE_HEAD(head2); \ } \ } while (0) #define TAILQ_EMPTY(head) ((head)->tqh_first == NULL) #define TAILQ_FIRST(head) ((head)->tqh_first) #define TAILQ_FOREACH(var, head, field) \ for ((var) = TAILQ_FIRST((head)); \ (var); \ (var) = TAILQ_NEXT((var), field)) #define TAILQ_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = TAILQ_FIRST((head)); \ (var) && ((tvar) = TAILQ_NEXT((var), field), 1); \ (var) = (tvar)) #define TAILQ_FOREACH_REVERSE(var, head, headname, field) \ for ((var) = TAILQ_LAST((head), headname); \ (var); \ (var) = TAILQ_PREV((var), headname, field)) #define TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ for ((var) = TAILQ_LAST((head), headname); \ (var) && ((tvar) = TAILQ_PREV((var), headname, field), 1); \ (var) = (tvar)) #define TAILQ_INIT(head) do { \ TAILQ_FIRST((head)) = NULL; \ (head)->tqh_last = &TAILQ_FIRST((head)); \ QMD_TRACE_HEAD(head); \ } while (0) #define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ if ((TAILQ_NEXT((elm), field) = TAILQ_NEXT((listelm), field)) != NULL)\ TAILQ_NEXT((elm), field)->field.tqe_prev = \ &TAILQ_NEXT((elm), field); \ else { \ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ QMD_TRACE_HEAD(head); \ } \ TAILQ_NEXT((listelm), field) = (elm); \ (elm)->field.tqe_prev = &TAILQ_NEXT((listelm), field); \ QMD_TRACE_ELEM(&(elm)->field); \ QMD_TRACE_ELEM(&listelm->field); \ } while (0) #define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ TAILQ_NEXT((elm), field) = (listelm); \ *(listelm)->field.tqe_prev = (elm); \ (listelm)->field.tqe_prev = &TAILQ_NEXT((elm), field); \ QMD_TRACE_ELEM(&(elm)->field); \ QMD_TRACE_ELEM(&listelm->field); \ } while (0) #define TAILQ_INSERT_HEAD(head, elm, field) do { \ if ((TAILQ_NEXT((elm), field) = TAILQ_FIRST((head))) != NULL) \ TAILQ_FIRST((head))->field.tqe_prev = \ &TAILQ_NEXT((elm), field); \ else \ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ TAILQ_FIRST((head)) = (elm); \ (elm)->field.tqe_prev = &TAILQ_FIRST((head)); \ QMD_TRACE_HEAD(head); \ QMD_TRACE_ELEM(&(elm)->field); \ } while (0) #define TAILQ_INSERT_TAIL(head, elm, field) do { \ TAILQ_NEXT((elm), field) = NULL; \ (elm)->field.tqe_prev = (head)->tqh_last; \ *(head)->tqh_last = (elm); \ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ QMD_TRACE_HEAD(head); \ QMD_TRACE_ELEM(&(elm)->field); \ } while (0) #define TAILQ_LAST(head, headname) \ (*(((struct headname *)((head)->tqh_last))->tqh_last)) #define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) #define TAILQ_PREV(elm, headname, field) \ (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) #define TAILQ_REMOVE(head, elm, field) do { \ if ((TAILQ_NEXT((elm), field)) != NULL) \ TAILQ_NEXT((elm), field)->field.tqe_prev = \ (elm)->field.tqe_prev; \ else { \ (head)->tqh_last = (elm)->field.tqe_prev; \ QMD_TRACE_HEAD(head); \ } \ *(elm)->field.tqe_prev = TAILQ_NEXT((elm), field); \ TRASHIT((elm)->field.tqe_next); \ TRASHIT((elm)->field.tqe_prev); \ QMD_TRACE_ELEM(&(elm)->field); \ } while (0) #endif /* !_COMPAT_QUEUE_H_ */ Index: head/contrib/openbsm/compat/strlcat.h =================================================================== --- head/contrib/openbsm/compat/strlcat.h (revision 292431) +++ head/contrib/openbsm/compat/strlcat.h (revision 292432) @@ -1,67 +1,66 @@ /*- * Copyright (c) 1998 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * dollar OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp dollar - * $P4: //depot/projects/trustedbsd/openbsm/compat/strlcat.h#3 $ */ /* * Appends src to string dst of size siz (unlike strncat, siz is the * full size of dst, not space left). At most siz-1 characters * will be copied. Always NUL terminates (unless siz <= strlen(dst)). * Returns strlen(src) + MIN(siz, strlen(initial dst)). * If retval >= siz, truncation occurred. */ static size_t strlcat(dst, src, siz) char *dst; const char *src; size_t siz; { char *d = dst; const char *s = src; size_t n = siz; size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end */ while (n-- != 0 && *d != '\0') d++; dlen = d - dst; n = siz - dlen; if (n == 0) return(dlen + strlen(s)); while (*s != '\0') { if (n != 1) { *d++ = *s; n--; } s++; } *d = '\0'; return(dlen + (s - src)); /* count does not include NUL */ } Index: head/contrib/openbsm/compat/strlcpy.h =================================================================== --- head/contrib/openbsm/compat/strlcpy.h (revision 292431) +++ head/contrib/openbsm/compat/strlcpy.h (revision 292432) @@ -1,63 +1,62 @@ /* * Copyright (c) 1998 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * dollar OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp dollar - * $P4: //depot/projects/trustedbsd/openbsm/compat/strlcpy.h#1 $ */ /* * Copy src to string dst of size siz. At most siz-1 characters * will be copied. Always NUL terminates (unless siz == 0). * Returns strlen(src); if retval >= siz, truncation occurred. */ static size_t strlcpy(dst, src, siz) char *dst; const char *src; size_t siz; { char *d = dst; const char *s = src; size_t n = siz; /* Copy as many bytes as will fit */ if (n != 0 && --n != 0) { do { if ((*d++ = *s++) == 0) break; } while (--n != 0); } /* Not enough room in dst, add NUL and traverse rest of src */ if (n == 0) { if (siz != 0) *d = '\0'; /* NUL-terminate dst */ while (*s++) ; } return(s - src - 1); /* count does not include NUL */ } Index: head/contrib/openbsm/configure =================================================================== --- head/contrib/openbsm/configure (revision 292431) +++ head/contrib/openbsm/configure (revision 292432) @@ -1,16026 +1,16035 @@ #! /bin/sh -# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#65 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for OpenBSM 1.2-alpha3. +# Generated by GNU Autoconf 2.69 for OpenBSM 1.2-alpha4. # -# Report bugs to . +# Report bugs to . # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO PATH=/empty FPATH=/empty; export PATH FPATH test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and -$0: trustedbsd-audit@TrustesdBSD.org about your system, +$0: trustedbsd-audit@TrustedBSD.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" SHELL=${CONFIG_SHELL-/bin/sh} test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='OpenBSM' PACKAGE_TARNAME='openbsm' -PACKAGE_VERSION='1.2-alpha3' -PACKAGE_STRING='OpenBSM 1.2-alpha3' -PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org' +PACKAGE_VERSION='1.2-alpha4' +PACKAGE_STRING='OpenBSM 1.2-alpha4' +PACKAGE_BUGREPORT='trustedbsd-audit@TrustedBSD.org' PACKAGE_URL='' ac_unique_file="bin/auditreduce/auditreduce.c" # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_header_list= ac_func_list= ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS USE_MACH_IPC_FALSE USE_MACH_IPC_TRUE HAVE_AUDIT_SYSCALLS_FALSE HAVE_AUDIT_SYSCALLS_TRUE LIBOBJS am__fastdepCC_FALSE am__fastdepCC_TRUE CCDEPMODE am__nodep AMDEPBACKSLASH AMDEP_FALSE AMDEP_TRUE am__quote am__include DEPDIR am__untar am__tar AMTAR am__leading_dot SET_MAKE mkdir_p MKDIR_P INSTALL_STRIP_PROGRAM install_sh MAKEINFO AUTOHEADER AUTOMAKE AUTOCONF ACLOCAL VERSION PACKAGE CYGPATH_W am__isrc YFLAGS YACC CPP OTOOL64 OTOOL LIPO NMEDIT DSYMUTIL MANIFEST_TOOL AWK RANLIB STRIP ac_ct_AR AR DLLTOOL OBJDUMP LN_S NM ac_ct_DUMPBIN DUMPBIN LD FGREP EGREP GREP SED host_os host_vendor host_cpu host build_os build_vendor build_cpu build LIBTOOL LEXLIB LEX_OUTPUT_ROOT LEX INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC MIG USE_NATIVE_INCLUDES_FALSE USE_NATIVE_INCLUDES_TRUE MAINT MAINTAINER_MODE_FALSE MAINTAINER_MODE_TRUE target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_maintainer_mode with_native_includes enable_shared enable_static with_pic enable_fast_install with_gnu_ld with_sysroot enable_libtool_lock enable_dependency_tracking ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP YACC YFLAGS' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenBSM 1.2-alpha3 to adapt to many kinds of systems. +\`configure' configures OpenBSM 1.2-alpha4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/openbsm] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenBSM 1.2-alpha3:";; + short | recursive ) echo "Configuration of OpenBSM 1.2-alpha4:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-maintainer-mode enable make rules and dependencies not useful (and sometimes confusing) to the casual installer --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --enable-dependency-tracking do not reject slow dependency extractors --disable-dependency-tracking speeds up one-time build Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-native-includes Use the system native include files instead of those included with openbsm. --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot=DIR Search for dependent libraries within DIR (or the compiler's sysroot if not specified). Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor YACC The `Yet Another Compiler Compiler' implementation to use. Defaults to the first program found out of: `bison -y', `byacc', `yacc'. YFLAGS The list of arguments that will be passed by default to $YACC. This script will default YFLAGS to the empty string to avoid a default value of `-d' given by some make applications. Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. -Report bugs to . +Report bugs to . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -OpenBSM configure 1.2-alpha3 +OpenBSM configure 1.2-alpha4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $2 (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $2 /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me #endif int main () { return $2 (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using # the include files in INCLUDES and setting the cache variable VAR # accordingly. ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if eval \${$3+:} false; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 $as_echo_n "checking $2 usability... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_header_compiler=yes else ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 $as_echo_n "checking $2 presence... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$2> _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : ac_header_preproc=yes else ac_header_preproc=no fi rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( yes:no: ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; no:yes:* ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} -( $as_echo "## ----------------------------------------------- ## -## Report this to trustedbsd-audit@TrustesdBSD.org ## -## ----------------------------------------------- ##" +( $as_echo "## ---------------------------------------------- ## +## Report this to trustedbsd-audit@TrustedBSD.org ## +## ---------------------------------------------- ##" ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_mongrel # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache # variable VAR accordingly. ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof ($2)) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof (($2))) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- # Tries to find if the field MEMBER exists in type AGGR, after including # INCLUDES, setting cache variable VAR accordingly. ac_fn_c_check_member () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 $as_echo_n "checking for $2.$3... " >&6; } if eval \${$4+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (sizeof ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else eval "$4=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$4 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_member cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenBSM $as_me 1.2-alpha3, which was +It was created by OpenBSM $as_me 1.2-alpha4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi as_fn_append ac_header_list " sys/time.h" as_fn_append ac_header_list " unistd.h" as_fn_append ac_func_list " alarm" # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu - ac_aux_dir= for ac_dir in config "$srcdir"/config; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in config \"$srcdir\"/config" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. ac_config_headers="$ac_config_headers config/config.h" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5 $as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; } # Check whether --enable-maintainer-mode was given. if test "${enable_maintainer_mode+set}" = set; then : enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval else USE_MAINTAINER_MODE=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5 $as_echo "$USE_MAINTAINER_MODE" >&6; } if test $USE_MAINTAINER_MODE = yes; then MAINTAINER_MODE_TRUE= MAINTAINER_MODE_FALSE='#' else MAINTAINER_MODE_TRUE='#' MAINTAINER_MODE_FALSE= fi MAINT=$MAINTAINER_MODE_TRUE # --with-native-includes forces the use of the system bsm headers. # Check whether --with-native-includes was given. if test "${with_native_includes+set}" = set; then : withval=$with_native_includes; $as_echo "#define USE_NATIVE_INCLUDES /**/" >>confdefs.h use_native_includes=true else use_native_includes=false fi if $use_native_includes; then USE_NATIVE_INCLUDES_TRUE= USE_NATIVE_INCLUDES_FALSE='#' else USE_NATIVE_INCLUDES_TRUE='#' USE_NATIVE_INCLUDES_FALSE= fi for ac_prog in mig do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MIG+:} false; then : $as_echo_n "(cached) " >&6 else case $MIG in [\\/]* | ?:[\\/]*) ac_cv_path_MIG="$MIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi MIG=$ac_cv_path_MIG if test -n "$MIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MIG" >&5 $as_echo "$MIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$MIG" && break done # Checks for programs. ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if ${ac_cv_objext+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if ${ac_cv_c_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if ${ac_cv_prog_cc_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if ${ac_cv_path_install+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' for ac_prog in flex lex do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_LEX+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$LEX"; then ac_cv_prog_LEX="$LEX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_LEX="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi LEX=$ac_cv_prog_LEX if test -n "$LEX"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5 $as_echo "$LEX" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$LEX" && break done test -n "$LEX" || LEX=":" if test "x$LEX" != "x:"; then cat >conftest.l <<_ACEOF %% a { ECHO; } b { REJECT; } c { yymore (); } d { yyless (1); } e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */ yyless ((input () != 0)); } f { unput (yytext[0]); } . { BEGIN INITIAL; } %% #ifdef YYTEXT_POINTER extern char *yytext; #endif int main (void) { return ! yylex () + ! yywrap (); } _ACEOF { { ac_try="$LEX conftest.l" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$LEX conftest.l") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex output file root" >&5 $as_echo_n "checking lex output file root... " >&6; } if ${ac_cv_prog_lex_root+:} false; then : $as_echo_n "(cached) " >&6 else if test -f lex.yy.c; then ac_cv_prog_lex_root=lex.yy elif test -f lexyy.c; then ac_cv_prog_lex_root=lexyy else as_fn_error $? "cannot find output from $LEX; giving up" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5 $as_echo "$ac_cv_prog_lex_root" >&6; } LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root if test -z "${LEXLIB+set}"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex library" >&5 $as_echo_n "checking lex library... " >&6; } if ${ac_cv_lib_lex+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_LIBS=$LIBS ac_cv_lib_lex='none needed' for ac_lib in '' -lfl -ll; do LIBS="$ac_lib $ac_save_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ `cat $LEX_OUTPUT_ROOT.c` _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_lex=$ac_lib fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext test "$ac_cv_lib_lex" != 'none needed' && break done LIBS=$ac_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5 $as_echo "$ac_cv_lib_lex" >&6; } test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5 $as_echo_n "checking whether yytext is a pointer... " >&6; } if ${ac_cv_prog_lex_yytext_pointer+:} false; then : $as_echo_n "(cached) " >&6 else # POSIX says lex can declare yytext either as a pointer or an array; the # default is implementation-dependent. Figure out which it is, since # not all implementations provide the %pointer and %array declarations. ac_cv_prog_lex_yytext_pointer=no ac_save_LIBS=$LIBS LIBS="$LEXLIB $ac_save_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define YYTEXT_POINTER 1 `cat $LEX_OUTPUT_ROOT.c` _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_prog_lex_yytext_pointer=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5 $as_echo "$ac_cv_prog_lex_yytext_pointer" >&6; } if test $ac_cv_prog_lex_yytext_pointer = yes; then $as_echo "#define YYTEXT_POINTER 1" >>confdefs.h fi rm -f conftest.l $LEX_OUTPUT_ROOT.c fi case `pwd` in *\ * | *\ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 $as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; esac macro_version='2.4.2' macro_revision='1.3337' ltmain="$ac_aux_dir/ltmain.sh" # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } if ${ac_cv_build+:} false; then : $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } if ${ac_cv_host+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac # Backslashify metacharacters that are still active within # double-quoted strings. sed_quote_subst='s/\(["`$\\]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\(["`\\]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to delay expansion of an escaped single quote. delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 $as_echo_n "checking how to print strings... " >&6; } # Test print first, because it will be a builtin if present. if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='print -r --' elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='printf %s\n' else # Use this function as a fallback that always works. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $1 _LTECHO_EOF' } ECHO='func_fallback_echo' fi # func_echo_all arg... # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "" } case "$ECHO" in printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 $as_echo "printf" >&6; } ;; print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 $as_echo "print -r" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 $as_echo "cat" >&6; } ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } if ${ac_cv_path_SED+:} false; then : $as_echo_n "(cached) " >&6 else ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed { ac_script=; unset ac_script;} if test -z "$SED"; then ac_path_SED_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED case `"$ac_path_SED" --version 2>&1` in *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_SED_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_SED="$ac_path_SED" ac_path_SED_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_SED_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 $as_echo "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed test -z "$SED" && SED=sed Xsed="$SED -e 1s/^X//" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if ${ac_cv_path_EGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 $as_echo_n "checking for fgrep... " >&6; } if ${ac_cv_path_FGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 then ac_cv_path_FGREP="$GREP -F" else if test -z "$FGREP"; then ac_path_FGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in fgrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_FGREP" || continue # Check for GNU ac_path_FGREP and select it if it is found. # Check for GNU $ac_path_FGREP case `"$ac_path_FGREP" --version 2>&1` in *GNU*) ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'FGREP' >> "conftest.nl" "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_FGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_FGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_FGREP"; then as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_FGREP=$FGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 $as_echo "$ac_cv_path_FGREP" >&6; } FGREP="$ac_cv_path_FGREP" test -z "$GREP" && GREP=grep # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then : withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 $as_echo_n "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [\\/]* | ?:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the pathname of ld ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 $as_echo_n "checking for non-GNU ld... " >&6; } fi if ${lt_cv_path_LD+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &5 $as_echo "$LD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if ${lt_cv_prog_gnu_ld+:} false; then : $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 $as_echo "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 $as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } if ${lt_cv_path_NM+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM="$NM" else lt_nm_to_check="${ac_tool_prefix}nm" if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. tmp_nm="$ac_dir/$lt_tmp_nm" if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS="$lt_save_ifs" done : ${lt_cv_path_NM=no} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 $as_echo "$lt_cv_path_NM" >&6; } if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : # Let the user override the test. else if test -n "$ac_tool_prefix"; then for ac_prog in dumpbin "link -dump" do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DUMPBIN+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DUMPBIN"; then ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DUMPBIN=$ac_cv_prog_DUMPBIN if test -n "$DUMPBIN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 $as_echo "$DUMPBIN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$DUMPBIN" && break done fi if test -z "$DUMPBIN"; then ac_ct_DUMPBIN=$DUMPBIN for ac_prog in dumpbin "link -dump" do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DUMPBIN"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN if test -n "$ac_ct_DUMPBIN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 $as_echo "$ac_ct_DUMPBIN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_DUMPBIN" && break done if test "x$ac_ct_DUMPBIN" = x; then DUMPBIN=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DUMPBIN=$ac_ct_DUMPBIN fi fi case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols" ;; *) DUMPBIN=: ;; esac fi if test "$DUMPBIN" != ":"; then NM="$DUMPBIN" fi fi test -z "$NM" && NM=nm { $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 $as_echo_n "checking the name lister ($NM) interface... " >&6; } if ${lt_cv_nm_interface+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 (eval echo "\"\$as_me:$LINENO: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 $as_echo "$lt_cv_nm_interface" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi # find the maximum length of command line arguments { $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 $as_echo_n "checking the maximum length of command line arguments... " >&6; } if ${lt_cv_sys_max_cmd_len+:} false; then : $as_echo_n "(cached) " >&6 else i=0 teststring="ABCD" case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; mint*) # On MiNT this can take a long time and run out of memory. lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; os2*) # The test takes a long time on OS/2. lt_cv_sys_max_cmd_len=8192 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. for i in 1 2 3 4 5 6 7 8 ; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done # Only check the string length outside the loop. lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` teststring= # Add a significant safety factor because C++ compilers can tack on # massive amounts of additional arguments before passing them to the # linker. It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac fi if test -n $lt_cv_sys_max_cmd_len ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 $as_echo "$lt_cv_sys_max_cmd_len" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } fi max_cmd_len=$lt_cv_sys_max_cmd_len : ${CP="cp -f"} : ${MV="mv -f"} : ${RM="rm -f"} { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 $as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } # Try some XSI features xsi_shell=no ( _lt_dummy="a/b/c" test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ = c,a/b,b/c, \ && eval 'test $(( 1 + 1 )) -eq 2 \ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ && xsi_shell=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 $as_echo "$xsi_shell" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 $as_echo_n "checking whether the shell understands \"+=\"... " >&6; } lt_shell_append=no ( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ >/dev/null 2>&1 \ && lt_shell_append=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 $as_echo "$lt_shell_append" >&6; } if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false fi # test EBCDIC or ASCII case `echo X|tr X '\101'` in A) # ASCII based system # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr lt_SP2NL='tr \040 \012' lt_NL2SP='tr \015\012 \040\040' ;; *) # EBCDIC based system lt_SP2NL='tr \100 \n' lt_NL2SP='tr \r\n \100\100' ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 $as_echo_n "checking how to convert $build file names to $host format... " >&6; } if ${lt_cv_to_host_file_cmd+:} false; then : $as_echo_n "(cached) " >&6 else case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 ;; esac ;; *-*-cygwin* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_noop ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin ;; esac ;; * ) # unhandled hosts (and "normal" native builds) lt_cv_to_host_file_cmd=func_convert_file_noop ;; esac fi to_host_file_cmd=$lt_cv_to_host_file_cmd { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 $as_echo "$lt_cv_to_host_file_cmd" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 $as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } if ${lt_cv_to_tool_file_cmd+:} false; then : $as_echo_n "(cached) " >&6 else #assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 ;; esac ;; esac fi to_tool_file_cmd=$lt_cv_to_tool_file_cmd { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 $as_echo "$lt_cv_to_tool_file_cmd" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 $as_echo_n "checking for $LD option to reload object files... " >&6; } if ${lt_cv_ld_reload_flag+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_reload_flag='-r' fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 $as_echo "$lt_cv_ld_reload_flag" >&6; } reload_flag=$lt_cv_ld_reload_flag case $reload_flag in "" | " "*) ;; *) reload_flag=" $reload_flag" ;; esac reload_cmds='$LD$reload_flag -o $output$reload_objs' case $host_os in cygwin* | mingw* | pw32* | cegcc*) if test "$GCC" != yes; then reload_cmds=false fi ;; darwin*) if test "$GCC" = yes; then reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' else reload_cmds='$LD$reload_flag -o $output$reload_objs' fi ;; esac if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OBJDUMP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 $as_echo "$OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OBJDUMP"; then ac_ct_OBJDUMP=$OBJDUMP # Extract the first word of "objdump", so it can be a program name with args. set dummy objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OBJDUMP="objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 $as_echo "$ac_ct_OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OBJDUMP" = x; then OBJDUMP="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OBJDUMP=$ac_ct_OBJDUMP fi else OBJDUMP="$ac_cv_prog_OBJDUMP" fi test -z "$OBJDUMP" && OBJDUMP=objdump { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 $as_echo_n "checking how to recognize dependent libraries... " >&6; } if ${lt_cv_deplibs_check_method+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_file_magic_cmd='$MAGIC_CMD' lt_cv_file_magic_test_file= lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. # `unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path # which responds to the $file_magic_cmd with a given extended regex. # If you have `file' or equivalent on your system and you're not sure # whether `pass_all' will *always* work, you probably want this one. case $host_os in aix[4-9]*) lt_cv_deplibs_check_method=pass_all ;; beos*) lt_cv_deplibs_check_method=pass_all ;; bsdi[45]*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' lt_cv_file_magic_cmd='/usr/bin/file -L' lt_cv_file_magic_test_file=/shlib/libc.so ;; cygwin*) # func_win32_libid is a shell function defined in ltmain.sh lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' ;; mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; cegcc*) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; gnu*) lt_cv_deplibs_check_method=pass_all ;; haiku*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[3-9]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; *nto* | *qnx*) lt_cv_deplibs_check_method=pass_all ;; openbsd*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; tpf*) lt_cv_deplibs_check_method=pass_all ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 $as_echo "$lt_cv_deplibs_check_method" >&6; } file_magic_glob= want_nocaseglob=no if test "$build" = "$host"; then case $host_os in mingw* | pw32*) if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then want_nocaseglob=yes else file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` fi ;; esac fi file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. set dummy ${ac_tool_prefix}dlltool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DLLTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DLLTOOL"; then ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DLLTOOL=$ac_cv_prog_DLLTOOL if test -n "$DLLTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 $as_echo "$DLLTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_DLLTOOL"; then ac_ct_DLLTOOL=$DLLTOOL # Extract the first word of "dlltool", so it can be a program name with args. set dummy dlltool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DLLTOOL"; then ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DLLTOOL="dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL if test -n "$ac_ct_DLLTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 $as_echo "$ac_ct_DLLTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_DLLTOOL" = x; then DLLTOOL="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DLLTOOL=$ac_ct_DLLTOOL fi else DLLTOOL="$ac_cv_prog_DLLTOOL" fi test -z "$DLLTOOL" && DLLTOOL=dlltool { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 $as_echo_n "checking how to associate runtime and link libraries... " >&6; } if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in cygwin* | mingw* | pw32* | cegcc*) # two different shell functions defined in ltmain.sh # decide which to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib ;; *) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback ;; esac ;; *) # fallback: assume linklib IS sharedlib lt_cv_sharedlib_from_linklib_cmd="$ECHO" ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 $as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO if test -n "$ac_tool_prefix"; then for ac_prog in ar do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AR="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 $as_echo "$AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AR" && break done fi if test -z "$AR"; then ac_ct_AR=$AR for ac_prog in ar do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 $as_echo "$ac_ct_AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_AR" && break done if test "x$ac_ct_AR" = x; then AR="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR fi fi : ${AR=ar} : ${AR_FLAGS=cru} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 $as_echo_n "checking for archiver @FILE support... " >&6; } if ${lt_cv_ar_at_file+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ar_at_file=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test "$ac_status" -eq 0; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test "$ac_status" -ne 0; then lt_cv_ar_at_file=@ fi fi rm -f conftest.* libconftest.a fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 $as_echo "$lt_cv_ar_at_file" >&6; } if test "x$lt_cv_ar_at_file" = xno; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi test -z "$STRIP" && STRIP=: if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi test -z "$RANLIB" && RANLIB=: # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in darwin*) lock_old_archive_extraction=yes ;; *) lock_old_archive_extraction=no ;; esac for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Check for command to grab the raw symbol name followed by C symbol from nm. { $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 $as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } if ${lt_cv_sys_global_symbol_pipe+:} false; then : $as_echo_n "(cached) " >&6 else # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[BCDEGRST]' # Regexp to match symbols that can be accessed directly from C. sympat='\([_A-Za-z][_A-Za-z0-9]*\)' # Define system-specific variables. case $host_os in aix*) symcode='[BCDT]' ;; cygwin* | mingw* | pw32* | cegcc*) symcode='[ABCDGISTW]' ;; hpux*) if test "$host_cpu" = ia64; then symcode='[ABCDEGRST]' fi ;; irix* | nonstopux*) symcode='[BCDEGRST]' ;; osf*) symcode='[BCDEGQRST]' ;; solaris*) symcode='[BDRT]' ;; sco3.2v5*) symcode='[DT]' ;; sysv4.2uw2*) symcode='[DT]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[ABDT]' ;; sysv4) symcode='[DFNSTU]' ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[ABCDGIRSTW]' ;; esac # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'" lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'" # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function # and D for any global variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ " {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ " {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ " s[1]~/^[@?]/{print s[1], s[1]; next};"\ " s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; void nm_test_func(void); void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if $GREP ' nm_test_var$' "$nlist" >/dev/null; then if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST #elif defined(__osf__) /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else # define LT_DLSYM_CONST const #endif #ifdef __cplusplus extern "C" { #endif _LT_EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' cat <<_LT_EOF >> conftest.$ac_ext /* The mapping between symbol names and symbols. */ LT_DLSYM_CONST struct { const char *name; void *address; } lt__PROGRAM__LTX_preloaded_symbols[] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt__PROGRAM__LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif _LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS CFLAGS=$lt_globsym_save_CFLAGS else echo "cannot find nm_test_func in $nlist" >&5 fi else echo "cannot find nm_test_var in $nlist" >&5 fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 fi else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else lt_cv_sys_global_symbol_pipe= fi done fi if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 $as_echo "failed" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } fi # Response file support. if test "$lt_cv_nm_interface" = "MS dumpbin"; then nm_file_list_spec='@' elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then nm_file_list_spec='@' fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 $as_echo_n "checking for sysroot... " >&6; } # Check whether --with-sysroot was given. if test "${with_sysroot+set}" = set; then : withval=$with_sysroot; else with_sysroot=no fi lt_sysroot= case ${with_sysroot} in #( yes) if test "$GCC" = yes; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( /*) lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` ;; #( no|'') ;; #( *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${with_sysroot}" >&5 $as_echo "${with_sysroot}" >&6; } as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 $as_echo "${lt_sysroot:-no}" >&6; } # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then : enableval=$enable_libtool_lock; fi test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" ;; *ELF-64*) HPUX_IA64_MODE="64" ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out which ABI we are using. echo '#line '$LINENO' "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; ppc64-*linux*|powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; ppc*-*linux*|powerpc*-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 $as_echo_n "checking whether the C compiler needs -belf... " >&6; } if ${lt_cv_cc_needs_belf+:} false; then : $as_echo_n "(cached) " >&6 else ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_cc_needs_belf=yes else lt_cv_cc_needs_belf=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 $as_echo "$lt_cv_cc_needs_belf" >&6; } if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; *-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) case $host in i?86-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) LD="${LD-ld} -m elf64_sparc" ;; esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then LD="${LD-ld}_sol2" fi ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks="$enable_libtool_lock" if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. set dummy ${ac_tool_prefix}mt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$MANIFEST_TOOL"; then ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL if test -n "$MANIFEST_TOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 $as_echo "$MANIFEST_TOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_MANIFEST_TOOL"; then ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL # Extract the first word of "mt", so it can be a program name with args. set dummy mt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_MANIFEST_TOOL"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL if test -n "$ac_ct_MANIFEST_TOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 $as_echo "$ac_ct_MANIFEST_TOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_MANIFEST_TOOL" = x; then MANIFEST_TOOL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL fi else MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" fi test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 $as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } if ${lt_cv_path_mainfest_tool+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_path_mainfest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out cat conftest.err >&5 if $GREP 'Manifest Tool' conftest.out > /dev/null; then lt_cv_path_mainfest_tool=yes fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 $as_echo "$lt_cv_path_mainfest_tool" >&6; } if test "x$lt_cv_path_mainfest_tool" != xyes; then MANIFEST_TOOL=: fi case $host_os in rhapsody* | darwin*) if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DSYMUTIL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DSYMUTIL"; then ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 $as_echo "$DSYMUTIL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_DSYMUTIL"; then ac_ct_DSYMUTIL=$DSYMUTIL # Extract the first word of "dsymutil", so it can be a program name with args. set dummy dsymutil; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DSYMUTIL"; then ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 $as_echo "$ac_ct_DSYMUTIL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_DSYMUTIL" = x; then DSYMUTIL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DSYMUTIL=$ac_ct_DSYMUTIL fi else DSYMUTIL="$ac_cv_prog_DSYMUTIL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. set dummy ${ac_tool_prefix}nmedit; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_NMEDIT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$NMEDIT"; then ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 $as_echo "$NMEDIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_NMEDIT"; then ac_ct_NMEDIT=$NMEDIT # Extract the first word of "nmedit", so it can be a program name with args. set dummy nmedit; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_NMEDIT"; then ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_NMEDIT="nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 $as_echo "$ac_ct_NMEDIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_NMEDIT" = x; then NMEDIT=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac NMEDIT=$ac_ct_NMEDIT fi else NMEDIT="$ac_cv_prog_NMEDIT" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. set dummy ${ac_tool_prefix}lipo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_LIPO+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$LIPO"; then ac_cv_prog_LIPO="$LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_LIPO="${ac_tool_prefix}lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi LIPO=$ac_cv_prog_LIPO if test -n "$LIPO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 $as_echo "$LIPO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_LIPO"; then ac_ct_LIPO=$LIPO # Extract the first word of "lipo", so it can be a program name with args. set dummy lipo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_LIPO+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_LIPO"; then ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_LIPO="lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO if test -n "$ac_ct_LIPO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 $as_echo "$ac_ct_LIPO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_LIPO" = x; then LIPO=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac LIPO=$ac_ct_LIPO fi else LIPO="$ac_cv_prog_LIPO" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. set dummy ${ac_tool_prefix}otool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL"; then ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL="${ac_tool_prefix}otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OTOOL=$ac_cv_prog_OTOOL if test -n "$OTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 $as_echo "$OTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OTOOL"; then ac_ct_OTOOL=$OTOOL # Extract the first word of "otool", so it can be a program name with args. set dummy otool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL"; then ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL="otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL if test -n "$ac_ct_OTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 $as_echo "$ac_ct_OTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OTOOL" = x; then OTOOL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL=$ac_ct_OTOOL fi else OTOOL="$ac_cv_prog_OTOOL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. set dummy ${ac_tool_prefix}otool64; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OTOOL64+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL64"; then ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OTOOL64=$ac_cv_prog_OTOOL64 if test -n "$OTOOL64"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 $as_echo "$OTOOL64" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OTOOL64"; then ac_ct_OTOOL64=$OTOOL64 # Extract the first word of "otool64", so it can be a program name with args. set dummy otool64; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL64"; then ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL64="otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 if test -n "$ac_ct_OTOOL64"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 $as_echo "$ac_ct_OTOOL64" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OTOOL64" = x; then OTOOL64=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL64=$ac_ct_OTOOL64 fi else OTOOL64="$ac_cv_prog_OTOOL64" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 $as_echo_n "checking for -single_module linker flag... " >&6; } if ${lt_cv_apple_cc_single_mod+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_apple_cc_single_mod=no if test -z "${LT_MULTI_MODULE}"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. rm -rf libconftest.dylib* echo "int foo(void){return 1;}" > conftest.c echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c" >&5 $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? # If there is a non-empty error log, and "single_module" # appears in it, assume the flag caused a linker warning if test -s conftest.err && $GREP single_module conftest.err; then cat conftest.err >&5 # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&5 fi rm -rf libconftest.dylib* rm -f conftest.* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 $as_echo "$lt_cv_apple_cc_single_mod" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 $as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } if ${lt_cv_ld_exported_symbols_list+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_ld_exported_symbols_list=yes else lt_cv_ld_exported_symbols_list=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 $as_echo "$lt_cv_ld_exported_symbols_list" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 $as_echo_n "checking for -force_load linker flag... " >&6; } if ${lt_cv_ld_force_load+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 echo "$AR cru libconftest.a conftest.o" >&5 $AR cru libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF int main() { return 0;} _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&5 elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&5 fi rm -f conftest.err libconftest.a conftest conftest.c rm -rf conftest.dSYM fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 $as_echo "$lt_cv_ld_force_load" >&6; } case $host_os in rhapsody* | darwin1.[012]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[91]*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; 10.[012]*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test "$lt_cv_apple_cc_single_mod" = "yes"; then _lt_dar_single_mod='$single_module' fi if test "$lt_cv_ld_exported_symbols_list" = "yes"; then _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' fi if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= fi ;; esac ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in dlfcn.h do : ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default " if test "x$ac_cv_header_dlfcn_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_DLFCN_H 1 _ACEOF fi done # Set options enable_dlopen=no enable_win32_dll=no # Check whether --enable-shared was given. if test "${enable_shared+set}" = set; then : enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac else enable_shared=yes fi # Check whether --enable-static was given. if test "${enable_static+set}" = set; then : enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac else enable_static=yes fi # Check whether --with-pic was given. if test "${with_pic+set}" = set; then : withval=$with_pic; lt_p=${PACKAGE-default} case $withval in yes|no) pic_mode=$withval ;; *) pic_mode=default # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for lt_pkg in $withval; do IFS="$lt_save_ifs" if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done IFS="$lt_save_ifs" ;; esac else pic_mode=default fi test -z "$pic_mode" && pic_mode=default # Check whether --enable-fast-install was given. if test "${enable_fast_install+set}" = set; then : enableval=$enable_fast_install; p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$lt_save_ifs" ;; esac else enable_fast_install=yes fi # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ltmain" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' test -z "$LN_S" && LN_S="ln -s" if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 $as_echo_n "checking for objdir... " >&6; } if ${lt_cv_objdir+:} false; then : $as_echo_n "(cached) " >&6 else rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 $as_echo "$lt_cv_objdir" >&6; } objdir=$lt_cv_objdir cat >>confdefs.h <<_ACEOF #define LT_OBJDIR "$lt_cv_objdir/" _ACEOF case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Global variables: ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a with_gnu_ld="$lt_cv_prog_gnu_ld" old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` # Only perform the check for file, if the check method requires it test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 $as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } if ${lt_cv_path_MAGIC_CMD+:} false; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/${ac_tool_prefix}file; then lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 $as_echo_n "checking for file... " >&6; } if ${lt_cv_path_MAGIC_CMD+:} false; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/file; then lt_cv_path_MAGIC_CMD="$ac_dir/file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi else MAGIC_CMD=: fi fi fi ;; esac # Use C for the default configuration in the libtool script lt_save_CC="$CC" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o objext=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Save the default compiler, since it gets overwritten when the other # tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $RM conftest* ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* if test -n "$compiler"; then lt_prog_compiler_no_builtin_flag= if test "$GCC" = yes; then case $cc_basename in nvcc*) lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; *) lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 $as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-fno-rtti -fno-exceptions" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_rtti_exceptions=yes fi fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 $as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" else : fi fi lt_prog_compiler_wl= lt_prog_compiler_pic= lt_prog_compiler_static= if test "$GCC" = yes; then lt_prog_compiler_wl='-Wl,' lt_prog_compiler_static='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support lt_prog_compiler_pic='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic='-DDLL_EXPORT' ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files lt_prog_compiler_pic='-fno-common' ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. lt_prog_compiler_static= ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) # +Z the default ;; *) lt_prog_compiler_pic='-fPIC' ;; esac ;; interix[3-9]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. lt_prog_compiler_can_build_shared=no enable_shared=no ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. lt_prog_compiler_pic='-fPIC -shared' ;; sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic=-Kconform_pic fi ;; *) lt_prog_compiler_pic='-fPIC' ;; esac case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 lt_prog_compiler_wl='-Xlinker ' if test -n "$lt_prog_compiler_pic"; then lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" fi ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) lt_prog_compiler_wl='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' else lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' fi ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' ;; hpux9* | hpux10* | hpux11*) lt_prog_compiler_wl='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? lt_prog_compiler_static='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) lt_prog_compiler_wl='-Wl,' # PIC (with -KPIC) is the default. lt_prog_compiler_static='-non_shared' ;; linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' ;; # Lahey Fortran 8.1. lf95*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='--shared' lt_prog_compiler_static='--static' ;; nagfor*) # NAG Fortran compiler lt_prog_compiler_wl='-Wl,-Wl,,' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fpic' lt_prog_compiler_static='-Bstatic' ;; ccc*) lt_prog_compiler_wl='-Wl,' # All Alpha code is PIC. lt_prog_compiler_static='-non_shared' ;; xl* | bgxl* | bgf* | mpixl*) # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-qpic' lt_prog_compiler_static='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='' ;; *Sun\ F* | *Sun*Fortran*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Qoption ld ' ;; *Sun\ C*) # Sun C 5.9 lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Wl,' ;; *Intel*\ [CF]*Compiler*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' ;; *Portland\ Group*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fpic' lt_prog_compiler_static='-Bstatic' ;; esac ;; esac ;; newsos6) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. lt_prog_compiler_pic='-fPIC -shared' ;; osf3* | osf4* | osf5*) lt_prog_compiler_wl='-Wl,' # All OSF/1 code is PIC. lt_prog_compiler_static='-non_shared' ;; rdos*) lt_prog_compiler_static='-non_shared' ;; solaris*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' case $cc_basename in f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) lt_prog_compiler_wl='-Qoption ld ';; *) lt_prog_compiler_wl='-Wl,';; esac ;; sunos4*) lt_prog_compiler_wl='-Qoption ld ' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then lt_prog_compiler_pic='-Kconform_pic' lt_prog_compiler_static='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; unicos*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_can_build_shared=no ;; uts4*) lt_prog_compiler_pic='-pic' lt_prog_compiler_static='-Bstatic' ;; *) lt_prog_compiler_can_build_shared=no ;; esac fi case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic= ;; *) lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 $as_echo_n "checking for $compiler option to produce PIC... " >&6; } if ${lt_cv_prog_compiler_pic+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_pic=$lt_prog_compiler_pic fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 $as_echo "$lt_cv_prog_compiler_pic" >&6; } lt_prog_compiler_pic=$lt_cv_prog_compiler_pic # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 $as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } if ${lt_cv_prog_compiler_pic_works+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic -DPIC" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_pic_works=yes fi fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 $as_echo "$lt_cv_prog_compiler_pic_works" >&6; } if test x"$lt_cv_prog_compiler_pic_works" = xyes; then case $lt_prog_compiler_pic in "" | " "*) ;; *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; esac else lt_prog_compiler_pic= lt_prog_compiler_can_build_shared=no fi fi # # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 $as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } if ${lt_cv_prog_compiler_static_works+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_static_works=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_static_works=yes fi else lt_cv_prog_compiler_static_works=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 $as_echo "$lt_cv_prog_compiler_static_works" >&6; } if test x"$lt_cv_prog_compiler_static_works" = xyes; then : else lt_prog_compiler_static= fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } if ${lt_cv_prog_compiler_c_o+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } if ${lt_cv_prog_compiler_c_o+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } hard_links="nottested" if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 $as_echo_n "checking if we can lock with hard links... " >&6; } hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 $as_echo "$hard_links" >&6; } if test "$hard_links" = no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 $as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} need_locks=warn fi else need_locks=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 $as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } runpath_var= allow_undefined_flag= always_export_symbols=no archive_cmds= archive_expsym_cmds= compiler_needs_object=no enable_shared_with_static_runtimes=no export_dynamic_flag_spec= export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' hardcode_automatic=no hardcode_direct=no hardcode_direct_absolute=no hardcode_libdir_flag_spec= hardcode_libdir_separator= hardcode_minus_L=no hardcode_shlibpath_var=unsupported inherit_rpath=no link_all_deplibs=unknown module_cmds= module_expsym_cmds= old_archive_from_new_cmds= old_archive_from_expsyms_cmds= thread_safe_flag_spec= whole_archive_flag_spec= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list include_expsyms= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. extract_expsyms_cmds= case $host_os in cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac ld_shlibs=yes # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no if test "$with_gnu_ld" = yes; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility # with the native linker. However, as the warning in the GNU ld # block says, versions before 2.19.5* couldn't really create working # shared libraries, regardless of the interface used. case `$LD -v 2>&1` in *\ \(GNU\ Binutils\)\ 2.19.5*) ;; *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; *\ \(GNU\ Binutils\)\ [3-9]*) ;; *) lt_use_gnu_ld_interface=yes ;; esac ;; *) lt_use_gnu_ld_interface=yes ;; esac fi if test "$lt_use_gnu_ld_interface" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' export_dynamic_flag_spec='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else whole_archive_flag_spec= fi supports_anon_versioning=no case `$LD -v 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to install binutils *** 2.20 or above, or modify your PATH so that a non-GNU linker is found. *** You will then need to restart the configuration process. _LT_EOF fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; esac ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then allow_undefined_flag=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else ld_shlibs=no fi ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' export_dynamic_flag_spec='${wl}--export-all-symbols' allow_undefined_flag=unsupported always_export_symbols=no enable_shared_with_static_runtimes=yes export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs=no fi ;; haiku*) archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' link_all_deplibs=yes ;; interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' export_dynamic_flag_spec='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no if test "$host_os" = linux-dietlibc; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ && test "$tmp_diet" = no then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; lf95*) # Lahey Fortran 8.1 whole_archive_flag_spec= tmp_sharedflag='--shared' ;; xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' compiler_needs_object=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' compiler_needs_object=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi case $cc_basename in xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac else ld_shlibs=no fi ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac ;; sunos4*) archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= hardcode_direct=yes hardcode_shlibpath_var=no ;; *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac if test "$ld_shlibs" = no; then runpath_var= hardcode_libdir_flag_spec= export_dynamic_flag_spec= whole_archive_flag_spec= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) allow_undefined_flag=unsupported always_export_symbols=yes archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported fi ;; aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global # defined symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. archive_cmds='' hardcode_direct=yes hardcode_direct_absolute=yes hardcode_libdir_separator=':' link_all_deplibs=yes file_list_spec='${wl}-f,' if test "$GCC" = yes; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 hardcode_direct=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L=yes hardcode_libdir_flag_spec='-L$libdir' hardcode_libdir_separator= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi export_dynamic_flag_spec='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag='-berok' # Determine the default libpath from the value encoded in an # empty executable. if test "${lt_cv_aix_libpath+set}" = set; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }' lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_="/usr/lib:/lib" fi fi aix_libpath=$lt_cv_aix_libpath_ fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' allow_undefined_flag="-z nodefs" archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. if test "${lt_cv_aix_libpath+set}" = set; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }' lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_="/usr/lib:/lib" fi fi aix_libpath=$lt_cv_aix_libpath_ fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag=' ${wl}-bernotok' allow_undefined_flag=' ${wl}-berok' if test "$with_gnu_ld" = yes; then # We only use this code for GNU lds that support --whole-archive. whole_archive_flag_spec='${wl}--whole-archive$convenience ${wl}--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec='$convenience' fi archive_cmds_need_lc=yes # This is similar to how AIX traditionally builds its shared libraries. archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; esac ;; bsdi[45]*) export_dynamic_flag_spec=-rdynamic ;; cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in cl*) # Native MSVC hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported always_export_symbols=yes file_list_spec='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; else sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, )='true' enable_shared_with_static_runtimes=yes exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib old_postinstall_cmds='chmod 644 $oldlib' postlink_cmds='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile="$lt_outputfile.exe" lt_tool_outputfile="$lt_tool_outputfile.exe" ;; esac~ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # Assume MSVC wrapper hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. old_archive_from_new_cmds='true' # FIXME: Should let the user specify the lib program. old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' enable_shared_with_static_runtimes=yes ;; esac ;; darwin* | rhapsody*) archive_cmds_need_lc=no hardcode_direct=no hardcode_automatic=yes hardcode_shlibpath_var=unsupported if test "$lt_cv_ld_force_load" = "yes"; then whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' else whole_archive_flag_spec='' fi link_all_deplibs=yes allow_undefined_flag="$_lt_dar_allow_undefined" case $cc_basename in ifort*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac if test "$_lt_dar_can_shared" = "yes"; then output_verbose_link_cmd=func_echo_all archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" else ld_shlibs=no fi ;; dgux*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2.*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; hpux9*) if test "$GCC" = yes; then archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes export_dynamic_flag_spec='${wl}-E' ;; hpux10*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes hardcode_direct_absolute=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes fi ;; hpux11*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) # Older versions of the 11.00 compiler do not understand -b yet # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 $as_echo_n "checking if $CC understands -b... " >&6; } if ${lt_cv_prog_compiler__b+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler__b=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -b" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler__b=yes fi else lt_cv_prog_compiler__b=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 $as_echo "$lt_cv_prog_compiler__b" >&6; } if test x"$lt_cv_prog_compiler__b" = xyes; then archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi ;; esac fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: case $host_cpu in hppa*64*|ia64*) hardcode_direct=no hardcode_shlibpath_var=no ;; *) hardcode_direct=yes hardcode_direct_absolute=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 $as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } if ${lt_cv_irix_exported_symbol+:} false; then : $as_echo_n "(cached) " >&6 else save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo (void) { return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_irix_exported_symbol=yes else lt_cv_irix_exported_symbol=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 $as_echo "$lt_cv_irix_exported_symbol" >&6; } if test "$lt_cv_irix_exported_symbol" = yes; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' fi else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi archive_cmds_need_lc='no' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: inherit_rpath=yes link_all_deplibs=yes ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; newsos6) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: hardcode_shlibpath_var=no ;; *nto* | *qnx*) ;; openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes hardcode_shlibpath_var=no hardcode_direct_absolute=yes if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' hardcode_libdir_flag_spec='${wl}-rpath,$libdir' export_dynamic_flag_spec='${wl}-E' else case $host_os in openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-R$libdir' ;; *) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; esac fi else ld_shlibs=no fi ;; os2*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' fi archive_cmds_need_lc='no' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' fi archive_cmds_need_lc='no' hardcode_libdir_separator=: ;; solaris*) no_undefined_flag=' -z defs' if test "$GCC" = yes; then wlarc='${wl}' archive_cmds='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) wlarc='${wl}' archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi hardcode_libdir_flag_spec='-R$libdir' hardcode_shlibpath_var=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else whole_archive_flag_spec='-z allextract$convenience -z defaultextract' fi ;; esac link_all_deplibs=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi hardcode_libdir_flag_spec='-L$libdir' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; sysv4) case $host_vendor in sni) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' reload_cmds='$CC -r -o $output$reload_objs' hardcode_direct=no ;; motorola) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' hardcode_shlibpath_var=no ;; sysv4.3*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no export_dynamic_flag_spec='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes ld_shlibs=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) no_undefined_flag='${wl}-z,text' archive_cmds_need_lc=no hardcode_shlibpath_var=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. no_undefined_flag='${wl}-z,text' allow_undefined_flag='${wl}-z,nodefs' archive_cmds_need_lc=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='${wl}-R,$libdir' hardcode_libdir_separator=':' link_all_deplibs=yes export_dynamic_flag_spec='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; *) ld_shlibs=no ;; esac if test x$host_vendor = xsni; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) export_dynamic_flag_spec='${wl}-Blargedynsym' ;; esac fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 $as_echo "$ld_shlibs" >&6; } test "$ld_shlibs" = no && can_build_shared=no with_gnu_ld=$with_gnu_ld # # Do we need to explicitly link libc? # case "x$archive_cmds_need_lc" in x|xyes) # Assume -lc should be added archive_cmds_need_lc=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $archive_cmds in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 $as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } if ${lt_cv_archive_cmds_need_lc+:} false; then : $as_echo_n "(cached) " >&6 else $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$lt_prog_compiler_wl pic_flag=$lt_prog_compiler_pic compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$allow_undefined_flag allow_undefined_flag= if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then lt_cv_archive_cmds_need_lc=no else lt_cv_archive_cmds_need_lc=yes fi allow_undefined_flag=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 $as_echo "$lt_cv_archive_cmds_need_lc" >&6; } archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc ;; esac fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 $as_echo_n "checking dynamic linker characteristics... " >&6; } if test "$GCC" = yes; then case $host_os in darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac case $host_os in mingw* | cegcc*) lt_sed_strip_eq="s,=\([A-Za-z]:\),\1,g" ;; *) lt_sed_strip_eq="s,=/,/,g" ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in *\;*) # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` ;; *) lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` ;; esac # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path/$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" else test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo="/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[lt_foo]++; } if (lt_freq[lt_foo] == 1) { print lt_foo; } }'` # AWK program above erroneously prepends '/' to C:/dos/paths # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ $SED 's,/\([A-Za-z]:\),\1,g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[4-9]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) case $host_cpu in powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[45]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$cc_basename in yes,*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname~ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; esac dynamic_linker='Win32 ld.exe' ;; *,cl*) # Native MSVC libname_spec='$name' soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' library_names_spec='${libname}.dll.lib' case $build_os in mingw*) sys_lib_search_path_spec= lt_save_ifs=$IFS IFS=';' for lt_path in $LIB do IFS=$lt_save_ifs # Let DOS variable expansion print the short 8.3 style file name. lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" done IFS=$lt_save_ifs # Convert to MSYS style. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form # but this time dos style (no spaces!) so that the unix form looks # like /cygdrive/c/PROGRA~1:/cygdr... sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) sys_lib_search_path_spec="$LIB" if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # FIXME: find the short name or the path components, as spaces are # common. (e.g. "Program Files" -> "PROGRA~1") ;; esac # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes dynamic_linker='Win32 link.exe' ;; *) # Assume MSVC wrapper library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[23].*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; haiku*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=yes sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' # or fails outright, so override atomically: install_override_mode=555 ;; interix[3-9]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH if ${lt_cv_shlibpath_overrides_runpath+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : lt_cv_shlibpath_overrides_runpath=yes fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS libdir=$save_libdir fi shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; *nto* | *qnx*) version_type=qnx need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[89] | openbsd2.[89].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; uts4*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 $as_echo "$dynamic_linker" >&6; } test "$dynamic_linker" = no && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" fi if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 $as_echo_n "checking how to hardcode library paths into programs... " >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || test -n "$runpath_var" || test "X$hardcode_automatic" = "Xyes" ; then # We can hardcode non-existent directories. if test "$hardcode_direct" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no && test "$hardcode_minus_L" != no; then # Linking always hardcodes the temporary library directory. hardcode_action=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. hardcode_action=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. hardcode_action=unsupported fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 $as_echo "$hardcode_action" >&6; } if test "$hardcode_action" = relink || test "$inherit_rpath" = yes; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else lt_cv_dlopen="dyld" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes fi ;; *) ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" if test "x$ac_cv_func_shl_load" = xyes; then : lt_cv_dlopen="shl_load" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 $as_echo_n "checking for shl_load in -ldld... " >&6; } if ${ac_cv_lib_dld_shl_load+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char shl_load (); int main () { return shl_load (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_shl_load=yes else ac_cv_lib_dld_shl_load=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 $as_echo "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes; then : lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" else ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" if test "x$ac_cv_func_dlopen" = xyes; then : lt_cv_dlopen="dlopen" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 $as_echo_n "checking for dlopen in -lsvld... " >&6; } if ${ac_cv_lib_svld_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_svld_dlopen=yes else ac_cv_lib_svld_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 $as_echo "$ac_cv_lib_svld_dlopen" >&6; } if test "x$ac_cv_lib_svld_dlopen" = xyes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 $as_echo_n "checking for dld_link in -ldld... " >&6; } if ${ac_cv_lib_dld_dld_link+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dld_link (); int main () { return dld_link (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_dld_link=yes else ac_cv_lib_dld_dld_link=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 $as_echo "$ac_cv_lib_dld_dld_link" >&6; } if test "x$ac_cv_lib_dld_dld_link" = xyes; then : lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" fi fi fi fi fi fi ;; esac if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes else enable_dlopen=no fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS="$CPPFLAGS" test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS="$LDFLAGS" wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 $as_echo_n "checking whether a program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF #line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; } _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; esac else : # compilation failed lt_cv_dlopen_self=no fi fi rm -fr conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 $as_echo "$lt_cv_dlopen_self" >&6; } if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 $as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self_static+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF #line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; } _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; esac else : # compilation failed lt_cv_dlopen_self_static=no fi fi rm -fr conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 $as_echo "$lt_cv_dlopen_self_static" >&6; } fi CPPFLAGS="$save_CPPFLAGS" LDFLAGS="$save_LDFLAGS" LIBS="$save_LIBS" ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi striplib= old_striplib= { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 $as_echo_n "checking whether stripping libraries is possible... " >&6; } if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; esac fi # Report which library types will actually be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 $as_echo_n "checking if libtool supports shared libraries... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 $as_echo "$can_build_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 $as_echo_n "checking whether to build shared libraries... " >&6; } test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[4-9]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 $as_echo "$enable_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 $as_echo_n "checking whether to build static libraries... " >&6; } # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 $as_echo "$enable_static" >&6; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CC="$lt_save_CC" ac_config_commands="$ac_config_commands libtool" # Only expand once: +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi + for ac_prog in 'bison -y' byacc do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_YACC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_YACC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi YACC=$ac_cv_prog_YACC if test -n "$YACC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5 $as_echo "$YACC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$YACC" && break done test -n "$YACC" || YACC="yacc" am__api_version='1.12' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; esac # Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( am_has_slept=no for am_try in 1 2; do echo "timestamp, slept: $am_has_slept" > conftest.file set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi if test "$*" != "X $srcdir/configure conftest.file" \ && test "$*" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". as_fn_error $? "ls -t appears to fail. Make sure there is not a broken alias in your environment" "$LINENO" 5 fi if test "$2" = conftest.file || test $am_try -eq 2; then break fi # Just in case. sleep 1 am_has_slept=yes done test "$2" = conftest.file ) then # Ok. : else as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= if grep 'slept: no' conftest.file >/dev/null 2>&1; then ( sleep 1 ) & am_sleep_pid=$! fi rm -f conftest.file test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. # By default was `s,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi # Installed binaries are usually stripped using 'strip' when the user # run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the 'STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 $as_echo_n "checking for a thread-safe mkdir -p... " >&6; } if test -z "$MKDIR_P"; then if ${ac_cv_path_mkdir+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext break 3;; esac done done done IFS=$as_save_IFS fi test -d ./--version && rmdir ./--version if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else # As a last resort, use the slow shell script. Don't cache a # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. MKDIR_P="$ac_install_sh -d" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 $as_echo_n "checking for style of include used by $am_make... " >&6; } am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from 'make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 $as_echo "$_am_result" >&6; } rm -f confinc confmf # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then : enableval=$enable_dependency_tracking; fi if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' am__nodep='_no' fi if test "x$enable_dependency_tracking" != xno; then AMDEP_TRUE= AMDEP_FALSE='#' else AMDEP_TRUE='#' AMDEP_FALSE= fi if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE=OpenBSM - VERSION=1.2-alpha3 + VERSION=1.2-alpha4 cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF # Some tools Automake needs. ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: # # mkdir_p='$(MKDIR_P)' # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' depcc="$CC" am_compiler_list= { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 $as_echo_n "checking dependency style of $depcc... " >&6; } if ${am_cv_CC_dependencies_compiler_type+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named 'D' -- because '-MD' means "put the output # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_CC_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi am__universal=false case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with # Solaris 10 /bin/sh. echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle '-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # After this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_CC_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_CC_dependencies_compiler_type=none fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 $as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then am__fastdepCC_TRUE= am__fastdepCC_FALSE='#' else am__fastdepCC_TRUE='#' am__fastdepCC_FALSE= fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlsym" >&5 $as_echo_n "checking for library containing dlsym... " >&6; } if ${ac_cv_search_dlsym+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlsym (); int main () { return dlsym (); ; return 0; } _ACEOF for ac_lib in '' dl; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_dlsym=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_dlsym+:} false; then : break fi done if ${ac_cv_search_dlsym+:} false; then : else ac_cv_search_dlsym=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlsym" >&5 $as_echo "$ac_cv_search_dlsym" >&6; } ac_res=$ac_cv_search_dlsym if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pthread_create" >&5 $as_echo_n "checking for library containing pthread_create... " >&6; } if ${ac_cv_search_pthread_create+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pthread_create (); int main () { return pthread_create (); ; return 0; } _ACEOF for ac_lib in '' pthread; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_pthread_create=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_pthread_create+:} false; then : break fi done if ${ac_cv_search_pthread_create+:} false; then : else ac_cv_search_pthread_create=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_pthread_create" >&5 $as_echo "$ac_cv_search_pthread_create" >&6; } ac_res=$ac_cv_search_pthread_create if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 $as_echo_n "checking for library containing clock_gettime... " >&6; } if ${ac_cv_search_clock_gettime+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char clock_gettime (); int main () { return clock_gettime (); ; return 0; } _ACEOF for ac_lib in '' rt; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_clock_gettime=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_clock_gettime+:} false; then : break fi done if ${ac_cv_search_clock_gettime+:} false; then : else ac_cv_search_clock_gettime=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 $as_echo "$ac_cv_search_clock_gettime" >&6; } ac_res=$ac_cv_search_clock_gettime if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing SSL_connect" >&5 $as_echo_n "checking for library containing SSL_connect... " >&6; } if ${ac_cv_search_SSL_connect+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char SSL_connect (); int main () { return SSL_connect (); ; return 0; } _ACEOF for ac_lib in '' ssl; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_SSL_connect=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_SSL_connect+:} false; then : break fi done if ${ac_cv_search_SSL_connect+:} false; then : else ac_cv_search_SSL_connect=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_SSL_connect" >&5 $as_echo "$ac_cv_search_SSL_connect" >&6; } ac_res=$ac_cv_search_SSL_connect if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing humanize_number" >&5 $as_echo_n "checking for library containing humanize_number... " >&6; } if ${ac_cv_search_humanize_number+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char humanize_number (); int main () { return humanize_number (); ; return 0; } _ACEOF for ac_lib in '' util; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_humanize_number=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_humanize_number+:} false; then : break fi done if ${ac_cv_search_humanize_number+:} false; then : else ac_cv_search_humanize_number=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_humanize_number" >&5 $as_echo "$ac_cv_search_humanize_number" >&6; } ac_res=$ac_cv_search_humanize_number if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pidfile_open" >&5 $as_echo_n "checking for library containing pidfile_open... " >&6; } if ${ac_cv_search_pidfile_open+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pidfile_open (); int main () { return pidfile_open (); ; return 0; } _ACEOF for ac_lib in '' util; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_pidfile_open=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_pidfile_open+:} false; then : break fi done if ${ac_cv_search_pidfile_open+:} false; then : else ac_cv_search_pidfile_open=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_pidfile_open" >&5 $as_echo "$ac_cv_search_pidfile_open" >&6; } ac_res=$ac_cv_search_pidfile_open if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi # Checks for header files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys/wait.h that is POSIX.1 compatible" >&5 $as_echo_n "checking for sys/wait.h that is POSIX.1 compatible... " >&6; } if ${ac_cv_header_sys_wait_h+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #ifndef WEXITSTATUS # define WEXITSTATUS(stat_val) ((unsigned int) (stat_val) >> 8) #endif #ifndef WIFEXITED # define WIFEXITED(stat_val) (((stat_val) & 255) == 0) #endif int main () { int s; wait (&s); s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_sys_wait_h=yes else ac_cv_header_sys_wait_h=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_sys_wait_h" >&5 $as_echo "$ac_cv_header_sys_wait_h" >&6; } if test $ac_cv_header_sys_wait_h = yes; then $as_echo "#define HAVE_SYS_WAIT_H 1" >>confdefs.h fi for ac_header in mach/mach.h stdint.h pthread_np.h printf.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done $as_echo "#define _GNU_SOURCE /**/" >>confdefs.h # Checks for typedefs, structures, and compiler characteristics. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 $as_echo_n "checking for an ANSI C-conforming const... " >&6; } if ${ac_cv_c_const+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __cplusplus /* Ultrix mips cc rejects this sort of thing. */ typedef int charset[2]; const charset cs = { 0, 0 }; /* SunOS 4.1.1 cc rejects this. */ char const *const *pcpcc; char **ppc; /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; /* AIX XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ const char *g = "string"; pcpcc = &g + (g ? g-g : 0); /* HPUX 7.0 cc rejects these. */ ++pcpcc; ppc = (char**) pcpcc; pcpcc = (char const *const *) ppc; { /* SCO 3.2v4 cc rejects this sort of thing. */ char tx; char *t = &tx; char const *s = 0 ? (char *) 0 : (char const *) 0; *t++ = 0; if (s) return 0; } { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ int x[] = {25, 17}; const int *foo = &x[0]; ++foo; } { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ typedef const int *iptr; iptr p = 0; ++p; } { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; } bx; struct s *b = &bx; b->j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; if (!foo) return 0; } return !cs[0] && !zero.x; #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_const=yes else ac_cv_c_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 $as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then $as_echo "#define const /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 $as_echo_n "checking for uid_t in sys/types.h... " >&6; } if ${ac_cv_type_uid_t+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "uid_t" >/dev/null 2>&1; then : ac_cv_type_uid_t=yes else ac_cv_type_uid_t=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 $as_echo "$ac_cv_type_uid_t" >&6; } if test $ac_cv_type_uid_t = no; then $as_echo "#define uid_t int" >>confdefs.h $as_echo "#define gid_t int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" if test "x$ac_cv_type_pid_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define pid_t int _ACEOF fi ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi ac_fn_c_check_member "$LINENO" "struct stat" "st_rdev" "ac_cv_member_struct_stat_st_rdev" "$ac_includes_default" if test "x$ac_cv_member_struct_stat_st_rdev" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_STAT_ST_RDEV 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct ipc_perm" "__key" "ac_cv_member_struct_ipc_perm___key" " #include #include " if test "x$ac_cv_member_struct_ipc_perm___key" = xyes; then : $as_echo "#define HAVE_IPC_PERM___KEY /**/" >>confdefs.h fi ac_fn_c_check_member "$LINENO" "struct ipc_perm" "_key" "ac_cv_member_struct_ipc_perm__key" " #include #include " if test "x$ac_cv_member_struct_ipc_perm__key" = xyes; then : $as_echo "#define HAVE_IPC_PERM__KEY /**/" >>confdefs.h fi ac_fn_c_check_member "$LINENO" "struct ipc_perm" "__seq" "ac_cv_member_struct_ipc_perm___seq" " #include #include " if test "x$ac_cv_member_struct_ipc_perm___seq" = xyes; then : $as_echo "#define HAVE_IPC_PERM___SEQ /**/" >>confdefs.h fi ac_fn_c_check_member "$LINENO" "struct ipc_perm" "_seq" "ac_cv_member_struct_ipc_perm__seq" " #include #include " if test "x$ac_cv_member_struct_ipc_perm__seq" = xyes; then : $as_echo "#define HAVE_IPC_PERM__SEQ /**/" >>confdefs.h fi ac_fn_c_check_member "$LINENO" "struct sockaddr_storage" "ss_len" "ac_cv_member_struct_sockaddr_storage_ss_len" " #include #include " if test "x$ac_cv_member_struct_sockaddr_storage_ss_len" = xyes; then : $as_echo "#define HAVE_SOCKADDR_STORAGE_SS_LEN /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 $as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } if ${ac_cv_header_time+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { if ((struct tm *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_time=yes else ac_cv_header_time=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 $as_echo "$ac_cv_header_time" >&6; } if test $ac_cv_header_time = yes; then $as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5 $as_echo_n "checking whether struct tm is in sys/time.h or time.h... " >&6; } if ${ac_cv_struct_tm+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { struct tm tm; int *p = &tm.tm_sec; return !p; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_struct_tm=time.h else ac_cv_struct_tm=sys/time.h fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5 $as_echo "$ac_cv_struct_tm" >&6; } if test $ac_cv_struct_tm = sys/time.h; then $as_echo "#define TM_IN_SYS_TIME 1" >>confdefs.h fi # Checks for library functions. for ac_header in unistd.h do : ac_fn_c_check_header_mongrel "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default" if test "x$ac_cv_header_unistd_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UNISTD_H 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working chown" >&5 $as_echo_n "checking for working chown... " >&6; } if ${ac_cv_func_chown_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_chown_works=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default #include int main () { char *f = "conftest.chown"; struct stat before, after; if (creat (f, 0600) < 0) return 1; if (stat (f, &before) < 0) return 1; if (chown (f, (uid_t) -1, (gid_t) -1) == -1) return 1; if (stat (f, &after) < 0) return 1; return ! (before.st_uid == after.st_uid && before.st_gid == after.st_gid); ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_chown_works=yes else ac_cv_func_chown_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f conftest.chown fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_chown_works" >&5 $as_echo "$ac_cv_func_chown_works" >&6; } if test $ac_cv_func_chown_works = yes; then $as_echo "#define HAVE_CHOWN 1" >>confdefs.h fi for ac_header in vfork.h do : ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default" if test "x$ac_cv_header_vfork_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_VFORK_H 1 _ACEOF fi done for ac_func in fork vfork do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done if test "x$ac_cv_func_fork" = xyes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5 $as_echo_n "checking for working fork... " >&6; } if ${ac_cv_func_fork_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_fork_works=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { /* By Ruediger Kuhlmann. */ return fork () < 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_fork_works=yes else ac_cv_func_fork_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5 $as_echo "$ac_cv_func_fork_works" >&6; } else ac_cv_func_fork_works=$ac_cv_func_fork fi if test "x$ac_cv_func_fork_works" = xcross; then case $host in *-*-amigaos* | *-*-msdosdjgpp*) # Override, as these systems have only a dummy fork() stub ac_cv_func_fork_works=no ;; *) ac_cv_func_fork_works=yes ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5 $as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;} fi ac_cv_func_vfork_works=$ac_cv_func_vfork if test "x$ac_cv_func_vfork" = xyes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5 $as_echo_n "checking for working vfork... " >&6; } if ${ac_cv_func_vfork_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_vfork_works=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Thanks to Paul Eggert for this test. */ $ac_includes_default #include #ifdef HAVE_VFORK_H # include #endif /* On some sparc systems, changes by the child to local and incoming argument registers are propagated back to the parent. The compiler is told about this with #include , but some compilers (e.g. gcc -O) don't grok . Test for this by using a static variable whose address is put into a register that is clobbered by the vfork. */ static void #ifdef __cplusplus sparc_address_test (int arg) # else sparc_address_test (arg) int arg; #endif { static pid_t child; if (!child) { child = vfork (); if (child < 0) { perror ("vfork"); _exit(2); } if (!child) { arg = getpid(); write(-1, "", 0); _exit (arg); } } } int main () { pid_t parent = getpid (); pid_t child; sparc_address_test (0); child = vfork (); if (child == 0) { /* Here is another test for sparc vfork register problems. This test uses lots of local variables, at least as many local variables as main has allocated so far including compiler temporaries. 4 locals are enough for gcc 1.40.3 on a Solaris 4.1.3 sparc, but we use 8 to be safe. A buggy compiler should reuse the register of parent for one of the local variables, since it will think that parent can't possibly be used any more in this routine. Assigning to the local variable will thus munge parent in the parent process. */ pid_t p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(), p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid(); /* Convince the compiler that p..p7 are live; otherwise, it might use the same hardware register for all 8 local variables. */ if (p != p1 || p != p2 || p != p3 || p != p4 || p != p5 || p != p6 || p != p7) _exit(1); /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent from child file descriptors. If the child closes a descriptor before it execs or exits, this munges the parent's descriptor as well. Test for this by closing stdout in the child. */ _exit(close(fileno(stdout)) != 0); } else { int status; struct stat st; while (wait(&status) != child) ; return ( /* Was there some problem with vforking? */ child < 0 /* Did the child fail? (This shouldn't happen.) */ || status /* Did the vfork/compiler bug occur? */ || parent != getpid() /* Did the file descriptor bug occur? */ || fstat(fileno(stdout), &st) != 0 ); } } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_vfork_works=yes else ac_cv_func_vfork_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5 $as_echo "$ac_cv_func_vfork_works" >&6; } fi; if test "x$ac_cv_func_fork_works" = xcross; then ac_cv_func_vfork_works=$ac_cv_func_vfork { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5 $as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;} fi if test "x$ac_cv_func_vfork_works" = xyes; then $as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h else $as_echo "#define vfork fork" >>confdefs.h fi if test "x$ac_cv_func_fork_works" = xyes; then $as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h fi for ac_header in stdlib.h do : ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" if test "x$ac_cv_header_stdlib_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STDLIB_H 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 $as_echo_n "checking for GNU libc compatible malloc... " >&6; } if ${ac_cv_func_malloc_0_nonnull+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_malloc_0_nonnull=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #if defined STDC_HEADERS || defined HAVE_STDLIB_H # include #else char *malloc (); #endif int main () { return ! malloc (0); ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_malloc_0_nonnull=yes else ac_cv_func_malloc_0_nonnull=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 $as_echo "$ac_cv_func_malloc_0_nonnull" >&6; } if test $ac_cv_func_malloc_0_nonnull = yes; then : $as_echo "#define HAVE_MALLOC 1" >>confdefs.h else $as_echo "#define HAVE_MALLOC 0" >>confdefs.h case " $LIBOBJS " in *" malloc.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS malloc.$ac_objext" ;; esac $as_echo "#define malloc rpl_malloc" >>confdefs.h fi for ac_header in $ac_header_list do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in $ac_func_list do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working mktime" >&5 $as_echo_n "checking for working mktime... " >&6; } if ${ac_cv_func_working_mktime+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_working_mktime=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Test program from Paul Eggert and Tony Leneis. */ #ifdef TIME_WITH_SYS_TIME # include # include #else # ifdef HAVE_SYS_TIME_H # include # else # include # endif #endif #include #include #ifdef HAVE_UNISTD_H # include #endif #ifndef HAVE_ALARM # define alarm(X) /* empty */ #endif /* Work around redefinition to rpl_putenv by other config tests. */ #undef putenv static time_t time_t_max; static time_t time_t_min; /* Values we'll use to set the TZ environment variable. */ static const char *tz_strings[] = { (const char *) 0, "TZ=GMT0", "TZ=JST-9", "TZ=EST+3EDT+2,M10.1.0/00:00:00,M2.3.0/00:00:00" }; #define N_STRINGS (sizeof (tz_strings) / sizeof (tz_strings[0])) /* Return 0 if mktime fails to convert a date in the spring-forward gap. Based on a problem report from Andreas Jaeger. */ static int spring_forward_gap () { /* glibc (up to about 1998-10-07) failed this test. */ struct tm tm; /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0" instead of "TZ=America/Vancouver" in order to detect the bug even on systems that don't support the Olson extension, or don't have the full zoneinfo tables installed. */ putenv ((char*) "TZ=PST8PDT,M4.1.0,M10.5.0"); tm.tm_year = 98; tm.tm_mon = 3; tm.tm_mday = 5; tm.tm_hour = 2; tm.tm_min = 0; tm.tm_sec = 0; tm.tm_isdst = -1; return mktime (&tm) != (time_t) -1; } static int mktime_test1 (time_t now) { struct tm *lt; return ! (lt = localtime (&now)) || mktime (lt) == now; } static int mktime_test (time_t now) { return (mktime_test1 (now) && mktime_test1 ((time_t) (time_t_max - now)) && mktime_test1 ((time_t) (time_t_min + now))); } static int irix_6_4_bug () { /* Based on code from Ariel Faigon. */ struct tm tm; tm.tm_year = 96; tm.tm_mon = 3; tm.tm_mday = 0; tm.tm_hour = 0; tm.tm_min = 0; tm.tm_sec = 0; tm.tm_isdst = -1; mktime (&tm); return tm.tm_mon == 2 && tm.tm_mday == 31; } static int bigtime_test (int j) { struct tm tm; time_t now; tm.tm_year = tm.tm_mon = tm.tm_mday = tm.tm_hour = tm.tm_min = tm.tm_sec = j; now = mktime (&tm); if (now != (time_t) -1) { struct tm *lt = localtime (&now); if (! (lt && lt->tm_year == tm.tm_year && lt->tm_mon == tm.tm_mon && lt->tm_mday == tm.tm_mday && lt->tm_hour == tm.tm_hour && lt->tm_min == tm.tm_min && lt->tm_sec == tm.tm_sec && lt->tm_yday == tm.tm_yday && lt->tm_wday == tm.tm_wday && ((lt->tm_isdst < 0 ? -1 : 0 < lt->tm_isdst) == (tm.tm_isdst < 0 ? -1 : 0 < tm.tm_isdst)))) return 0; } return 1; } static int year_2050_test () { /* The correct answer for 2050-02-01 00:00:00 in Pacific time, ignoring leap seconds. */ unsigned long int answer = 2527315200UL; struct tm tm; time_t t; tm.tm_year = 2050 - 1900; tm.tm_mon = 2 - 1; tm.tm_mday = 1; tm.tm_hour = tm.tm_min = tm.tm_sec = 0; tm.tm_isdst = -1; /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0" instead of "TZ=America/Vancouver" in order to detect the bug even on systems that don't support the Olson extension, or don't have the full zoneinfo tables installed. */ putenv ((char*) "TZ=PST8PDT,M4.1.0,M10.5.0"); t = mktime (&tm); /* Check that the result is either a failure, or close enough to the correct answer that we can assume the discrepancy is due to leap seconds. */ return (t == (time_t) -1 || (0 < t && answer - 120 <= t && t <= answer + 120)); } int main () { time_t t, delta; int i, j; /* This test makes some buggy mktime implementations loop. Give up after 60 seconds; a mktime slower than that isn't worth using anyway. */ alarm (60); for (;;) { t = (time_t_max << 1) + 1; if (t <= time_t_max) break; time_t_max = t; } time_t_min = - ((time_t) ~ (time_t) 0 == (time_t) -1) - time_t_max; delta = time_t_max / 997; /* a suitable prime number */ for (i = 0; i < N_STRINGS; i++) { if (tz_strings[i]) putenv ((char*) tz_strings[i]); for (t = 0; t <= time_t_max - delta; t += delta) if (! mktime_test (t)) return 1; if (! (mktime_test ((time_t) 1) && mktime_test ((time_t) (60 * 60)) && mktime_test ((time_t) (60 * 60 * 24)))) return 1; for (j = 1; ; j <<= 1) if (! bigtime_test (j)) return 1; else if (INT_MAX / 2 < j) break; if (! bigtime_test (INT_MAX)) return 1; } return ! (irix_6_4_bug () && spring_forward_gap () && year_2050_test ()); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_working_mktime=yes else ac_cv_func_working_mktime=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_working_mktime" >&5 $as_echo "$ac_cv_func_working_mktime" >&6; } if test $ac_cv_func_working_mktime = no; then case " $LIBOBJS " in *" mktime.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS mktime.$ac_objext" ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 $as_echo_n "checking return type of signal handlers... " >&6; } if ${ac_cv_type_signal+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { return *(signal (0, 0)) (0) == 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_signal=int else ac_cv_type_signal=void fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 $as_echo "$ac_cv_type_signal" >&6; } cat >>confdefs.h <<_ACEOF #define RETSIGTYPE $ac_cv_type_signal _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lstat correctly handles trailing slash" >&5 $as_echo_n "checking whether lstat correctly handles trailing slash... " >&6; } if ${ac_cv_func_lstat_dereferences_slashed_symlink+:} false; then : $as_echo_n "(cached) " >&6 else rm -f conftest.sym conftest.file echo >conftest.file if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then if test "$cross_compiling" = yes; then : ac_cv_func_lstat_dereferences_slashed_symlink=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { struct stat sbuf; /* Linux will dereference the symlink and fail, as required by POSIX. That is better in the sense that it means we will not have to compile and use the lstat wrapper. */ return lstat ("conftest.sym/", &sbuf) == 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_lstat_dereferences_slashed_symlink=yes else ac_cv_func_lstat_dereferences_slashed_symlink=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi else # If the `ln -s' command failed, then we probably don't even # have an lstat function. ac_cv_func_lstat_dereferences_slashed_symlink=no fi rm -f conftest.sym conftest.file fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5 $as_echo "$ac_cv_func_lstat_dereferences_slashed_symlink" >&6; } test $ac_cv_func_lstat_dereferences_slashed_symlink = yes && cat >>confdefs.h <<_ACEOF #define LSTAT_FOLLOWS_SLASHED_SYMLINK 1 _ACEOF if test "x$ac_cv_func_lstat_dereferences_slashed_symlink" = xno; then case " $LIBOBJS " in *" lstat.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS lstat.$ac_objext" ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat accepts an empty string" >&5 $as_echo_n "checking whether stat accepts an empty string... " >&6; } if ${ac_cv_func_stat_empty_string_bug+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_stat_empty_string_bug=yes else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { struct stat sbuf; return stat ("", &sbuf) == 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_stat_empty_string_bug=no else ac_cv_func_stat_empty_string_bug=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_stat_empty_string_bug" >&5 $as_echo "$ac_cv_func_stat_empty_string_bug" >&6; } if test $ac_cv_func_stat_empty_string_bug = yes; then case " $LIBOBJS " in *" stat.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS stat.$ac_objext" ;; esac cat >>confdefs.h <<_ACEOF #define HAVE_STAT_EMPTY_STRING_BUG 1 _ACEOF fi for ac_func in strftime do : ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime" if test "x$ac_cv_func_strftime" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRFTIME 1 _ACEOF else # strftime is in -lintl on SCO UNIX. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5 $as_echo_n "checking for strftime in -lintl... " >&6; } if ${ac_cv_lib_intl_strftime+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lintl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char strftime (); int main () { return strftime (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_intl_strftime=yes else ac_cv_lib_intl_strftime=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5 $as_echo "$ac_cv_lib_intl_strftime" >&6; } if test "x$ac_cv_lib_intl_strftime" = xyes; then : $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h LIBS="-lintl $LIBS" fi fi done for ac_func in arc4random arc4random_buf bzero cap_enter clock_gettime closefrom faccessat fdopendir fstatat ftruncate getresgid getresuid gettimeofday inet_ntoa jail kqueue memset openat pthread_cond_timedwait_relative_np pthread_condattr_setclock pthread_mutex_lock renameat setproctitle sigtimedwait strchr strerror strlcat strlcpy strndup strrchr strstr strtol strtoul unlinkat vis do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done # sys/queue.h exists on most systems, but its capabilities vary a great deal. # test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in # all of them, and are necessary for OpenBSM. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { #ifndef LIST_FIRST #error LIST_FIRST missing #endif #ifndef TAILQ_FOREACH_SAFE #error TAILQ_FOREACH_SAFE #endif ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define HAVE_FULL_QUEUE_H /**/" >>confdefs.h fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext # Systems may not define key audit system calls, in which case libbsm cannot # depend on them or it will generate link-time or run-time errors. Test for # just one. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include extern int auditon(int, void *, int); int main () { int err; err = auditon(0, NULL, 0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define HAVE_AUDIT_SYSCALLS /**/" >>confdefs.h have_audit_syscalls=true else have_audit_syscalls=false fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if $have_audit_syscalls; then HAVE_AUDIT_SYSCALLS_TRUE= HAVE_AUDIT_SYSCALLS_FALSE='#' else HAVE_AUDIT_SYSCALLS_TRUE='#' HAVE_AUDIT_SYSCALLS_FALSE= fi # # We rely on the BSD be32toh() and be32enc()-style endian macros to perform # byte order conversions. Availability of these varies considerably -- in # general, a system might have neither, be32toh(), or be32toh() and be32enc(). # There is also variation in which headers are even present, and whether they # are macros or functions. Try to organise the world into some simpler cases. # The following macros may be set at the end: # # USE_ENDIAN_H # USE_SYS_ENDIAN_H # USE_MACHINE_ENDIAN_H # USE_COMPAT_ENDIAN_H # USE_COMPAT_ENDIAN_ENC_H # # First, decide which system endian.h to use. # for ac_header in endian.h do : ac_fn_c_check_header_mongrel "$LINENO" "endian.h" "ac_cv_header_endian_h" "$ac_includes_default" if test "x$ac_cv_header_endian_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_ENDIAN_H 1 _ACEOF have_endian_h=yes else have_endian_h=no fi done for ac_header in sys/endian.h do : ac_fn_c_check_header_mongrel "$LINENO" "sys/endian.h" "ac_cv_header_sys_endian_h" "$ac_includes_default" if test "x$ac_cv_header_sys_endian_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SYS_ENDIAN_H 1 _ACEOF have_sys_endian_h=yes else have_sys_endian_h=no fi done for ac_header in machine/endian.h do : ac_fn_c_check_header_mongrel "$LINENO" "machine/endian.h" "ac_cv_header_machine_endian_h" "$ac_includes_default" if test "x$ac_cv_header_machine_endian_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_MACHINE_ENDIAN_H 1 _ACEOF have_machine_endian_h=yes else have_machine_endian_h=no fi done if test $have_endian_h = yes; then $as_echo "#define USE_ENDIAN_H /**/" >>confdefs.h elif test $have_sys_endian_h = yes; then $as_echo "#define USE_SYS_ENDIAN_H /**/" >>confdefs.h elif test $have_machine_endian_h = yes; then $as_echo "#define USE_MACHINE_ENDIAN_H /**/" >>confdefs.h else as_fn_error $? "no endian.h" "$LINENO" 5 fi # # Next, decide if we need to supplement with compat headers. # cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef USE_ENDIAN_H #include #endif #ifdef USE_SYS_ENDIAN_H #include #endif #ifdef USE_MACHINE_ENDIAN_H #include #endif int main () { (void)be32toh(0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : else $as_echo "#define USE_COMPAT_ENDIAN_H /**/" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: using compat/endian.h" >&5 $as_echo "using compat/endian.h" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef USE_ENDIAN_H #include #endif #ifdef USE_SYS_ENDIAN_H #include #endif #ifdef USE_MACHINE_ENDIAN_H #include #endif #ifdef USE_COMPAT_ENDIAN_H #include "compat/endian.h" #endif #include int main () { int i; i = bswap16(0); i = bswap32(0); i = bswap64(0); be32enc(NULL, 0); i = htole64(0); i = le64toh(0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : else $as_echo "#define USE_COMPAT_ENDIAN_ENC_H /**/" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: using compat/endian_enc.h" >&5 $as_echo "using compat/endian_enc.h" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext # Check to see if Mach IPC is used for trigger messages. If so, use Mach IPC # instead of the default for sending trigger messages to the audit components. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /usr/include/mach/audit_triggers.defs" >&5 $as_echo_n "checking for /usr/include/mach/audit_triggers.defs... " >&6; } if ${ac_cv_file__usr_include_mach_audit_triggers_defs+:} false; then : $as_echo_n "(cached) " >&6 else test "$cross_compiling" = yes && as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r "/usr/include/mach/audit_triggers.defs"; then ac_cv_file__usr_include_mach_audit_triggers_defs=yes else ac_cv_file__usr_include_mach_audit_triggers_defs=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__usr_include_mach_audit_triggers_defs" >&5 $as_echo "$ac_cv_file__usr_include_mach_audit_triggers_defs" >&6; } if test "x$ac_cv_file__usr_include_mach_audit_triggers_defs" = xyes; then : $as_echo "#define USE_MACH_IPC /**/" >>confdefs.h use_mach_ipc=true else use_mach_ipc=false fi if $use_mach_ipc; then USE_MACH_IPC_TRUE= USE_MACH_IPC_FALSE='#' else USE_MACH_IPC_TRUE='#' USE_MACH_IPC_FALSE= fi ac_config_files="$ac_config_files Makefile bin/Makefile bin/audit/Makefile bin/auditd/Makefile bin/auditdistd/Makefile bin/auditfilterd/Makefile bin/auditreduce/Makefile bin/praudit/Makefile bsm/Makefile libauditd/Makefile libbsm/Makefile modules/Makefile modules/auditfilter_noop/Makefile man/Makefile sys/Makefile sys/bsm/Makefile test/Makefile test/bsm/Makefile tools/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_NATIVE_INCLUDES_TRUE}" && test -z "${USE_NATIVE_INCLUDES_FALSE}"; then as_fn_error $? "conditional \"USE_NATIVE_INCLUDES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 $as_echo_n "checking that generated files are newer than configure... " >&6; } if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 $as_echo "done" >&6; } if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then as_fn_error $? "conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then as_fn_error $? "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' else am__EXEEXT_TRUE='#' am__EXEEXT_FALSE= fi if test -z "${HAVE_AUDIT_SYSCALLS_TRUE}" && test -z "${HAVE_AUDIT_SYSCALLS_FALSE}"; then as_fn_error $? "conditional \"HAVE_AUDIT_SYSCALLS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MACH_IPC_TRUE}" && test -z "${USE_MACH_IPC_FALSE}"; then as_fn_error $? "conditional \"USE_MACH_IPC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by OpenBSM $as_me 1.2-alpha3, which was +This file was extended by OpenBSM $as_me 1.2-alpha4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands -Report bugs to ." +Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -OpenBSM config.status 1.2-alpha3 +OpenBSM config.status 1.2-alpha4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' MKDIR_P='$MKDIR_P' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # # INIT-COMMANDS # # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$1 _LTECHO_EOF' } # Quote evaled strings. for var in SHELL \ ECHO \ PATH_SEPARATOR \ SED \ GREP \ EGREP \ FGREP \ LD \ NM \ LN_S \ lt_SP2NL \ lt_NL2SP \ reload_flag \ OBJDUMP \ deplibs_check_method \ file_magic_cmd \ file_magic_glob \ want_nocaseglob \ DLLTOOL \ sharedlib_from_linklib_cmd \ AR \ AR_FLAGS \ archiver_list_spec \ STRIP \ RANLIB \ CC \ CFLAGS \ compiler \ lt_cv_sys_global_symbol_pipe \ lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_c_name_address \ lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ nm_file_list_spec \ lt_prog_compiler_no_builtin_flag \ lt_prog_compiler_pic \ lt_prog_compiler_wl \ lt_prog_compiler_static \ lt_cv_prog_compiler_c_o \ need_locks \ MANIFEST_TOOL \ DSYMUTIL \ NMEDIT \ LIPO \ OTOOL \ OTOOL64 \ shrext_cmds \ export_dynamic_flag_spec \ whole_archive_flag_spec \ compiler_needs_object \ with_gnu_ld \ allow_undefined_flag \ no_undefined_flag \ hardcode_libdir_flag_spec \ hardcode_libdir_separator \ exclude_expsyms \ include_expsyms \ file_list_spec \ variables_saved_for_relink \ libname_spec \ library_names_spec \ soname_spec \ install_override_mode \ finish_eval \ old_striplib \ striplib; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Double-quote double-evaled strings. for var in reload_cmds \ old_postinstall_cmds \ old_postuninstall_cmds \ old_archive_cmds \ extract_expsyms_cmds \ old_archive_from_new_cmds \ old_archive_from_expsyms_cmds \ archive_cmds \ archive_expsym_cmds \ module_cmds \ module_expsym_cmds \ export_symbols_cmds \ prelink_cmds \ postlink_cmds \ postinstall_cmds \ postuninstall_cmds \ finish_cmds \ sys_lib_search_path_spec \ sys_lib_dlsearch_path_spec; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done ac_aux_dir='$ac_aux_dir' xsi_shell='$xsi_shell' lt_shell_append='$lt_shell_append' # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes INIT. if test -n "\${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi PACKAGE='$PACKAGE' VERSION='$VERSION' TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile' AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "config/config.h") CONFIG_HEADERS="$CONFIG_HEADERS config/config.h" ;; "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "bin/Makefile") CONFIG_FILES="$CONFIG_FILES bin/Makefile" ;; "bin/audit/Makefile") CONFIG_FILES="$CONFIG_FILES bin/audit/Makefile" ;; "bin/auditd/Makefile") CONFIG_FILES="$CONFIG_FILES bin/auditd/Makefile" ;; "bin/auditdistd/Makefile") CONFIG_FILES="$CONFIG_FILES bin/auditdistd/Makefile" ;; "bin/auditfilterd/Makefile") CONFIG_FILES="$CONFIG_FILES bin/auditfilterd/Makefile" ;; "bin/auditreduce/Makefile") CONFIG_FILES="$CONFIG_FILES bin/auditreduce/Makefile" ;; "bin/praudit/Makefile") CONFIG_FILES="$CONFIG_FILES bin/praudit/Makefile" ;; "bsm/Makefile") CONFIG_FILES="$CONFIG_FILES bsm/Makefile" ;; "libauditd/Makefile") CONFIG_FILES="$CONFIG_FILES libauditd/Makefile" ;; "libbsm/Makefile") CONFIG_FILES="$CONFIG_FILES libbsm/Makefile" ;; "modules/Makefile") CONFIG_FILES="$CONFIG_FILES modules/Makefile" ;; "modules/auditfilter_noop/Makefile") CONFIG_FILES="$CONFIG_FILES modules/auditfilter_noop/Makefile" ;; "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; "sys/Makefile") CONFIG_FILES="$CONFIG_FILES sys/Makefile" ;; "sys/bsm/Makefile") CONFIG_FILES="$CONFIG_FILES sys/bsm/Makefile" ;; "test/Makefile") CONFIG_FILES="$CONFIG_FILES test/Makefile" ;; "test/bsm/Makefile") CONFIG_FILES="$CONFIG_FILES test/bsm/Makefile" ;; "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_tt=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_tt"; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac ac_MKDIR_P=$MKDIR_P case $MKDIR_P in [\\/$]* | ?:[\\/]* ) ;; */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi # Compute "$ac_file"'s index in $config_headers. _am_arg="$ac_file" _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || $as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$_am_arg" : 'X\(//\)[^/]' \| \ X"$_am_arg" : 'X\(//\)$' \| \ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$_am_arg" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'`/stamp-h$_am_stamp_count ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "libtool":C) # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi cfgfile="${ofile}T" trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL # `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. # # GNU Libtool is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, or # obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # The names of the tagged configurations supported by this script. available_tags="" # ### BEGIN LIBTOOL CONFIG # Which release of libtool.m4 was used? macro_version=$macro_version macro_revision=$macro_revision # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # Whether or not to build static libraries. build_old_libs=$enable_static # What type of objects to build. pic_mode=$pic_mode # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # An echo program that protects backslashes. ECHO=$lt_ECHO # The PATH separator for the build system. PATH_SEPARATOR=$lt_PATH_SEPARATOR # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # A sed program that does not truncate output. SED=$lt_SED # Sed that helps us avoid accidentally triggering echo(1) options like -n. Xsed="\$SED -e 1s/^X//" # A grep program that handles long lines. GREP=$lt_GREP # An ERE matcher. EGREP=$lt_EGREP # A literal string matcher. FGREP=$lt_FGREP # A BSD- or MS-compatible name lister. NM=$lt_NM # Whether we need soft or hard links. LN_S=$lt_LN_S # What is the maximum length of a command? max_cmd_len=$max_cmd_len # Object file suffix (normally "o"). objext=$ac_objext # Executable file suffix (normally ""). exeext=$exeext # whether the shell understands "unset". lt_unset=$lt_unset # turn spaces into newlines. SP2NL=$lt_lt_SP2NL # turn newlines into spaces. NL2SP=$lt_lt_NL2SP # convert \$build file names to \$host format. to_host_file_cmd=$lt_cv_to_host_file_cmd # convert \$build files to toolchain format. to_tool_file_cmd=$lt_cv_to_tool_file_cmd # An object symbol dumper. OBJDUMP=$lt_OBJDUMP # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method = "file_magic". file_magic_cmd=$lt_file_magic_cmd # How to find potential files when deplibs_check_method = "file_magic". file_magic_glob=$lt_file_magic_glob # Find potential files using nocaseglob when deplibs_check_method = "file_magic". want_nocaseglob=$lt_want_nocaseglob # DLL creation program. DLLTOOL=$lt_DLLTOOL # Command to associate shared and link libraries. sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd # The archiver. AR=$lt_AR # Flags to create an archive. AR_FLAGS=$lt_AR_FLAGS # How to feed a file listing to the archiver. archiver_list_spec=$lt_archiver_list_spec # A symbol stripping program. STRIP=$lt_STRIP # Commands used to install an old-style archive. RANLIB=$lt_RANLIB old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # Whether to use a lock for old archive extraction. lock_old_archive_extraction=$lock_old_archive_extraction # A C compiler. LTCC=$lt_CC # LTCC compiler flags. LTCFLAGS=$lt_CFLAGS # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration. global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm in a C name address pair. global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # Transform the output of nm in a C name address pair when lib prefix is needed. global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix # Specify filename containing input files for \$NM. nm_file_list_spec=$lt_nm_file_list_spec # The root where to search for dependent libraries,and in which our libraries should be installed. lt_sysroot=$lt_sysroot # The name of the directory that contains temporary libtool files. objdir=$objdir # Used to examine libraries when file_magic_cmd begins with "file". MAGIC_CMD=$MAGIC_CMD # Must we lock files when doing compilation? need_locks=$lt_need_locks # Manifest tool. MANIFEST_TOOL=$lt_MANIFEST_TOOL # Tool to manipulate archived DWARF debug symbol files on Mac OS X. DSYMUTIL=$lt_DSYMUTIL # Tool to change global to local symbols on Mac OS X. NMEDIT=$lt_NMEDIT # Tool to manipulate fat objects and archives on Mac OS X. LIPO=$lt_LIPO # ldd/readelf like tool for Mach-O binaries on Mac OS X. OTOOL=$lt_OTOOL # ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. OTOOL64=$lt_OTOOL64 # Old archive suffix (normally "a"). libext=$libext # Shared library suffix (normally ".so"). shrext_cmds=$lt_shrext_cmds # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Variables whose values should be saved in libtool wrapper scripts and # restored at link time. variables_saved_for_relink=$lt_variables_saved_for_relink # Do we need the "lib" prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Library versioning type. version_type=$version_type # Shared library runtime path variable. runpath_var=$runpath_var # Shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Permission mode override for installation of shared libraries. install_override_mode=$lt_install_override_mode # Command to use after installation of a shared archive. postinstall_cmds=$lt_postinstall_cmds # Command to use after uninstallation of a shared archive. postuninstall_cmds=$lt_postuninstall_cmds # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # As "finish_cmds", except a single script fragment to be evaled but # not shown. finish_eval=$lt_finish_eval # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries. sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # The linker used to build libraries. LD=$lt_LD # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # Commands used to build an old-style archive. old_archive_cmds=$lt_old_archive_cmds # A language specific compiler. CC=$lt_compiler # Is the compiler the GNU compiler? with_gcc=$GCC # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag # Additional compiler flags for building library objects. pic_flag=$lt_lt_prog_compiler_pic # How to pass a linker flag through the compiler. wl=$lt_lt_prog_compiler_wl # Compiler flag to prevent dynamic linking. link_static_flag=$lt_lt_prog_compiler_static # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_lt_cv_prog_compiler_c_o # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$archive_cmds_need_lc # Whether or not to disallow shared libs when runtime libs are static. allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_export_dynamic_flag_spec # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_whole_archive_flag_spec # Whether the compiler copes with passing no objects directly. compiler_needs_object=$lt_compiler_needs_object # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_old_archive_from_new_cmds # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds # Commands used to build a shared archive. archive_cmds=$lt_archive_cmds archive_expsym_cmds=$lt_archive_expsym_cmds # Commands used to build a loadable module if different from building # a shared archive. module_cmds=$lt_module_cmds module_expsym_cmds=$lt_module_expsym_cmds # Whether we are building with GNU ld or not. with_gnu_ld=$lt_with_gnu_ld # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_allow_undefined_flag # Flag that enforces no undefined symbols. no_undefined_flag=$lt_no_undefined_flag # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec # Whether we need a single "-rpath" flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator # Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes # DIR into the resulting binary. hardcode_direct=$hardcode_direct # Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes # DIR into the resulting binary and the resulting library dependency is # "absolute",i.e impossible to change by setting \${shlibpath_var} if the # library is relocated. hardcode_direct_absolute=$hardcode_direct_absolute # Set to "yes" if using the -LDIR flag during linking hardcodes DIR # into the resulting binary. hardcode_minus_L=$hardcode_minus_L # Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR # into the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var # Set to "yes" if building a shared library automatically hardcodes DIR # into the library and all subsequent libraries and executables linked # against it. hardcode_automatic=$hardcode_automatic # Set to yes if linker adds runtime paths of dependent libraries # to runtime path list. inherit_rpath=$inherit_rpath # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$link_all_deplibs # Set to "yes" if exported symbols are required. always_export_symbols=$always_export_symbols # The commands to list exported symbols. export_symbols_cmds=$lt_export_symbols_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_exclude_expsyms # Symbols that must always be exported. include_expsyms=$lt_include_expsyms # Commands necessary for linking programs (against libraries) with templates. prelink_cmds=$lt_prelink_cmds # Commands necessary for finishing linking programs. postlink_cmds=$lt_postlink_cmds # Specify filename containing input files. file_list_spec=$lt_file_list_spec # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action # ### END LIBTOOL CONFIG _LT_EOF case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi _LT_EOF ;; esac ltmain="$ac_aux_dir/ltmain.sh" # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) if test x"$xsi_shell" = xyes; then sed -e '/^func_dirname ()$/,/^} # func_dirname /c\ func_dirname ()\ {\ \ case ${1} in\ \ */*) func_dirname_result="${1%/*}${2}" ;;\ \ * ) func_dirname_result="${3}" ;;\ \ esac\ } # Extended-shell func_dirname implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_basename ()$/,/^} # func_basename /c\ func_basename ()\ {\ \ func_basename_result="${1##*/}"\ } # Extended-shell func_basename implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_dirname_and_basename ()$/,/^} # func_dirname_and_basename /c\ func_dirname_and_basename ()\ {\ \ case ${1} in\ \ */*) func_dirname_result="${1%/*}${2}" ;;\ \ * ) func_dirname_result="${3}" ;;\ \ esac\ \ func_basename_result="${1##*/}"\ } # Extended-shell func_dirname_and_basename implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_stripname ()$/,/^} # func_stripname /c\ func_stripname ()\ {\ \ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are\ \ # positional parameters, so assign one to ordinary parameter first.\ \ func_stripname_result=${3}\ \ func_stripname_result=${func_stripname_result#"${1}"}\ \ func_stripname_result=${func_stripname_result%"${2}"}\ } # Extended-shell func_stripname implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_split_long_opt ()$/,/^} # func_split_long_opt /c\ func_split_long_opt ()\ {\ \ func_split_long_opt_name=${1%%=*}\ \ func_split_long_opt_arg=${1#*=}\ } # Extended-shell func_split_long_opt implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_split_short_opt ()$/,/^} # func_split_short_opt /c\ func_split_short_opt ()\ {\ \ func_split_short_opt_arg=${1#??}\ \ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}\ } # Extended-shell func_split_short_opt implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_lo2o ()$/,/^} # func_lo2o /c\ func_lo2o ()\ {\ \ case ${1} in\ \ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;\ \ *) func_lo2o_result=${1} ;;\ \ esac\ } # Extended-shell func_lo2o implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_xform ()$/,/^} # func_xform /c\ func_xform ()\ {\ func_xform_result=${1%.*}.lo\ } # Extended-shell func_xform implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_arith ()$/,/^} # func_arith /c\ func_arith ()\ {\ func_arith_result=$(( $* ))\ } # Extended-shell func_arith implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_len ()$/,/^} # func_len /c\ func_len ()\ {\ func_len_result=${#1}\ } # Extended-shell func_len implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: fi if test x"$lt_shell_append" = xyes; then sed -e '/^func_append ()$/,/^} # func_append /c\ func_append ()\ {\ eval "${1}+=\\${2}"\ } # Extended-shell func_append implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_append_quoted ()$/,/^} # func_append_quoted /c\ func_append_quoted ()\ {\ \ func_quote_for_eval "${2}"\ \ eval "${1}+=\\\\ \\$func_quote_for_eval_result"\ } # Extended-shell func_append_quoted implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: # Save a `func_append' function call where possible by direct use of '+=' sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: else # Save a `func_append' function call even when '+=' is not available sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: fi if test x"$_lt_function_replace_fail" = x":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to substitute extended shell functions in $ofile" >&5 $as_echo "$as_me: WARNING: Unable to substitute extended shell functions in $ofile" >&2;} fi mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ;; "depfiles":C) test x"$AMDEP_TRUE" != x"" || { # Autoconf 2.62 quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named 'Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`$as_dirname -- "$mf" || $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$mf" : 'X\(//\)[^/]' \| \ X"$mf" : 'X\(//\)$' \| \ X"$mf" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running 'make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$file" : 'X\(//\)[^/]' \| \ X"$file" : 'X\(//\)$' \| \ X"$file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir=$dirpart/$fdir; as_fn_mkdir_p # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi Index: head/contrib/openbsm/configure.ac =================================================================== --- head/contrib/openbsm/configure.ac (revision 292431) +++ head/contrib/openbsm/configure.ac (revision 292432) @@ -1,263 +1,263 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([OpenBSM], [1.2-alpha3], [trustedbsd-audit@TrustesdBSD.org],[openbsm]) -AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#66 $]) +AC_INIT([OpenBSM], [1.2-alpha4], [trustedbsd-audit@TrustedBSD.org],[openbsm]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADER([config/config.h]) AM_MAINTAINER_MODE # --with-native-includes forces the use of the system bsm headers. AC_ARG_WITH([native-includes], [AS_HELP_STRING([--with-native-includes], [Use the system native include files instead of those included with openbsm.])], [ AC_DEFINE(USE_NATIVE_INCLUDES,, Define to use native include files) use_native_includes=true ], [use_native_includes=false]) AM_CONDITIONAL(USE_NATIVE_INCLUDES, $use_native_includes) AC_PATH_PROGS(MIG, mig) # Checks for programs. AC_PROG_CC AC_PROG_INSTALL AC_PROG_LEX AC_PROG_LIBTOOL +AC_PROG_LN_S AC_PROG_YACC AM_INIT_AUTOMAKE(AC_PACKAGE_NAME, AC_PACKAGE_VERSION) AC_SEARCH_LIBS(dlsym, dl) AC_SEARCH_LIBS(pthread_create, pthread) AC_SEARCH_LIBS(clock_gettime, rt) AC_SEARCH_LIBS(SSL_connect, ssl) AC_SEARCH_LIBS(humanize_number, util) AC_SEARCH_LIBS(pidfile_open, util) # Checks for header files. AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_CHECK_HEADERS([mach/mach.h stdint.h pthread_np.h printf.h]) AC_DEFINE([_GNU_SOURCE],,[Use extended API on platforms that require it]) # Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_TYPE_UID_T AC_TYPE_PID_T AC_TYPE_SIZE_T AC_CHECK_MEMBERS([struct stat.st_rdev]) AC_CHECK_MEMBER([struct ipc_perm.__key], [AC_DEFINE(HAVE_IPC_PERM___KEY,, Define if ipc_perm.__key instead of key)], [],[ #include #include ]) AC_CHECK_MEMBER([struct ipc_perm._key], [AC_DEFINE(HAVE_IPC_PERM__KEY,, Define if ipc_perm._key instead of key)], [],[ #include #include ]) AC_CHECK_MEMBER([struct ipc_perm.__seq], [AC_DEFINE(HAVE_IPC_PERM___SEQ,, Define if ipc_perm.__seq instead of seq)], [],[ #include #include ]) AC_CHECK_MEMBER([struct ipc_perm._seq], [AC_DEFINE(HAVE_IPC_PERM__SEQ,, Define if ipc_perm._seq instead of seq)], [],[ #include #include ]) AC_CHECK_MEMBER([struct sockaddr_storage.ss_len], [AC_DEFINE(HAVE_SOCKADDR_STORAGE_SS_LEN,, Define if sockaddr_storage.ss_len field exists)], [],[ #include #include ]) AC_HEADER_TIME AC_STRUCT_TM # Checks for library functions. AC_FUNC_CHOWN AC_FUNC_FORK AC_FUNC_MALLOC AC_FUNC_MKTIME AC_TYPE_SIGNAL AC_FUNC_STAT AC_FUNC_STRFTIME AC_CHECK_FUNCS([arc4random arc4random_buf bzero cap_enter clock_gettime closefrom faccessat fdopendir fstatat ftruncate getresgid getresuid gettimeofday inet_ntoa jail kqueue memset openat pthread_cond_timedwait_relative_np pthread_condattr_setclock pthread_mutex_lock renameat setproctitle sigtimedwait strchr strerror strlcat strlcpy strndup strrchr strstr strtol strtoul unlinkat vis]) # sys/queue.h exists on most systems, but its capabilities vary a great deal. # test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in # all of them, and are necessary for OpenBSM. AC_TRY_LINK([ #include ], [ #ifndef LIST_FIRST #error LIST_FIRST missing #endif #ifndef TAILQ_FOREACH_SAFE #error TAILQ_FOREACH_SAFE #endif ], [ AC_DEFINE(HAVE_FULL_QUEUE_H,, Define if queue.h includes LIST_FIRST) ]) # Systems may not define key audit system calls, in which case libbsm cannot # depend on them or it will generate link-time or run-time errors. Test for # just one. AC_TRY_LINK([ #include extern int auditon(int, void *, int); ], [ int err; err = auditon(0, NULL, 0); ], [ AC_DEFINE(HAVE_AUDIT_SYSCALLS,, Define if audit system calls present) have_audit_syscalls=true ], [ have_audit_syscalls=false ]) AM_CONDITIONAL(HAVE_AUDIT_SYSCALLS, $have_audit_syscalls) # # We rely on the BSD be32toh() and be32enc()-style endian macros to perform # byte order conversions. Availability of these varies considerably -- in # general, a system might have neither, be32toh(), or be32toh() and be32enc(). # There is also variation in which headers are even present, and whether they # are macros or functions. Try to organise the world into some simpler cases. # The following macros may be set at the end: # # USE_ENDIAN_H # USE_SYS_ENDIAN_H # USE_MACHINE_ENDIAN_H # USE_COMPAT_ENDIAN_H # USE_COMPAT_ENDIAN_ENC_H # # First, decide which system endian.h to use. # AC_CHECK_HEADERS([endian.h], [ have_endian_h=yes ], [ have_endian_h=no ]) AC_CHECK_HEADERS([sys/endian.h], [ have_sys_endian_h=yes ], [ have_sys_endian_h=no ]) AC_CHECK_HEADERS([machine/endian.h], [ have_machine_endian_h=yes ], [ have_machine_endian_h=no ]) if test $have_endian_h = yes; then AC_DEFINE(USE_ENDIAN_H,, Define if endian.h should be included) elif test $have_sys_endian_h = yes; then AC_DEFINE(USE_SYS_ENDIAN_H,, Define if sys/endian.h should be included) elif test $have_machine_endian_h = yes; then AC_DEFINE(USE_MACHINE_ENDIAN_H,, Define if machine/endian.h should be included) else AC_MSG_ERROR([no endian.h]) fi # # Next, decide if we need to supplement with compat headers. # AC_TRY_LINK([ #ifdef USE_ENDIAN_H #include #endif #ifdef USE_SYS_ENDIAN_H #include #endif #ifdef USE_MACHINE_ENDIAN_H #include #endif ], [ (void)be32toh(0); ], [], [ AC_DEFINE(USE_COMPAT_ENDIAN_H,, Define if compat/endian.h is required) AC_MSG_RESULT([using compat/endian.h]) ]) AC_TRY_LINK([ #ifdef USE_ENDIAN_H #include #endif #ifdef USE_SYS_ENDIAN_H #include #endif #ifdef USE_MACHINE_ENDIAN_H #include #endif #ifdef USE_COMPAT_ENDIAN_H #include "compat/endian.h" #endif #include ], [ int i; i = bswap16(0); i = bswap32(0); i = bswap64(0); be32enc(NULL, 0); i = htole64(0); i = le64toh(0); ], [], [ AC_DEFINE(USE_COMPAT_ENDIAN_ENC_H,, Define if compat/endian_enc.h is required) AC_MSG_RESULT([using compat/endian_enc.h]) ]) # Check to see if Mach IPC is used for trigger messages. If so, use Mach IPC # instead of the default for sending trigger messages to the audit components. AC_CHECK_FILE([/usr/include/mach/audit_triggers.defs], [ AC_DEFINE(USE_MACH_IPC,, Define if uses Mach IPC for Triggers messages) use_mach_ipc=true ], [ use_mach_ipc=false ]) AM_CONDITIONAL(USE_MACH_IPC, $use_mach_ipc) AC_CONFIG_FILES([Makefile bin/Makefile bin/audit/Makefile bin/auditd/Makefile bin/auditdistd/Makefile bin/auditfilterd/Makefile bin/auditreduce/Makefile bin/praudit/Makefile bsm/Makefile libauditd/Makefile libbsm/Makefile modules/Makefile modules/auditfilter_noop/Makefile man/Makefile sys/Makefile sys/bsm/Makefile test/Makefile test/bsm/Makefile tools/Makefile]) AC_OUTPUT Index: head/contrib/openbsm/etc/audit_class =================================================================== --- head/contrib/openbsm/etc/audit_class (revision 292431) +++ head/contrib/openbsm/etc/audit_class (revision 292432) @@ -1,24 +1,23 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#6 $ # $FreeBSD$ # 0x00000000:no:invalid class 0x00000001:fr:file read 0x00000002:fw:file write 0x00000004:fa:file attribute access 0x00000008:fm:file attribute modify 0x00000010:fc:file create 0x00000020:fd:file delete 0x00000040:cl:file close 0x00000080:pc:process 0x00000100:nt:network 0x00000200:ip:ipc 0x00000400:na:non attributable 0x00000800:ad:administrative 0x00001000:lo:login_logout 0x00002000:aa:authentication and authorization 0x00004000:ap:application 0x20000000:io:ioctl 0x40000000:ex:exec 0x80000000:ot:miscellaneous 0xffffffff:all:all flags set Index: head/contrib/openbsm/etc/audit_control =================================================================== --- head/contrib/openbsm/etc/audit_control (revision 292431) +++ head/contrib/openbsm/etc/audit_control (revision 292432) @@ -1,12 +1,11 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#9 $ # $FreeBSD$ # dir:/var/audit dist:off flags:lo,aa minfree:5 naflags:lo,aa policy:cnt,argv filesz:2M expire-after:10M Index: head/contrib/openbsm/etc/audit_event =================================================================== --- head/contrib/openbsm/etc/audit_event (revision 292431) +++ head/contrib/openbsm/etc/audit_event (revision 292432) @@ -1,676 +1,675 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#43 $ # $FreeBSD$ # # The mapping between event identifiers and values is also hard-coded in # audit_kevents.h and audit_uevents.h, so changes must occur in both places, # and programs, such as the kernel, may need to be recompiled to recognize # those changes. It is advisable not to change the numbering or naming of # kernel audit events. # # Allocation of BSM event identifier ranges: # # 0 Reserved and invalid # 1 - 2047 Reserved for Solaris kernel events # 2048 - 5999 Reserved and unallocated # 6000 - 9999 Reserved for Solaris user events # 10000 - 32767 Reserved and unallocated # 32768 - 65535 Available for third party applications # # Of the third party range, OpenBSM allocates from the following ranges: # # 43000 - 44999 Reserved for OpenBSM kernel events # 45000 - 46999 Reserved for OpenBSM application events # 0:AUE_NULL:indir system call:no 1:AUE_EXIT:exit(2):pc 2:AUE_FORK:fork(2):pc 3:AUE_OPEN:open(2) - attr only:fa 4:AUE_CREAT:creat(2):fc 5:AUE_LINK:link(2):fc 6:AUE_UNLINK:unlink(2):fd 7:AUE_EXEC:exec(2):pc,ex 8:AUE_CHDIR:chdir(2):pc 9:AUE_MKNOD:mknod(2):fc 10:AUE_CHMOD:chmod(2):fm 11:AUE_CHOWN:chown(2):fm 12:AUE_UMOUNT:umount(2) - old version:ad 13:AUE_JUNK:junk:no 14:AUE_ACCESS:access(2):fa 15:AUE_KILL:kill(2):pc 16:AUE_STAT:stat(2):fa 17:AUE_LSTAT:lstat(2):fa 18:AUE_ACCT:acct(2):ad 19:AUE_MCTL:mctl(2):no 20:AUE_REBOOT:reboot(2):ad 21:AUE_SYMLINK:symlink(2):fc 22:AUE_READLINK:readlink(2):fr 23:AUE_EXECVE:execve(2):pc,ex 24:AUE_CHROOT:chroot(2):pc 25:AUE_VFORK:vfork(2):pc 26:AUE_SETGROUPS:setgroups(2):pc 27:AUE_SETPGRP:setpgrp(2):pc 28:AUE_SWAPON:swapon(2):ad 29:AUE_SETHOSTNAME:sethostname(2):ad 30:AUE_FCNTL:fcntl(2):fm 31:AUE_SETPRIORITY:setpriority(2):pc 32:AUE_CONNECT:connect(2):nt 33:AUE_ACCEPT:accept(2):nt 34:AUE_BIND:bind(2):nt 35:AUE_SETSOCKOPT:setsockopt(2):nt 36:AUE_VTRACE:vtrace(2):pc 37:AUE_SETTIMEOFDAY:settimeofday(2):ad 38:AUE_FCHOWN:fchown(2):fm 39:AUE_FCHMOD:fchmod(2):fm 40:AUE_SETREUID:setreuid(2):pc 41:AUE_SETREGID:setregid(2):pc 42:AUE_RENAME:rename(2):fc,fd 43:AUE_TRUNCATE:truncate(2):fw 44:AUE_FTRUNCATE:ftruncate(2):fw 45:AUE_FLOCK:flock(2):fm 46:AUE_SHUTDOWN:shutdown(2):nt 47:AUE_MKDIR:mkdir(2):fc 48:AUE_RMDIR:rmdir(2):fd 49:AUE_UTIMES:utimes(2):fm 50:AUE_ADJTIME:adjtime(2):ad 51:AUE_SETRLIMIT:setrlimit(2):pc 52:AUE_KILLPG:killpg(2):pc 53:AUE_NFS_SVC:nfs_svc(2):ad 54:AUE_STATFS:statfs(2):fa 55:AUE_FSTATFS:fstatfs(2):fa 56:AUE_UNMOUNT:unmount(2):ad 57:AUE_ASYNC_DAEMON:async_daemon(2):ad 58:AUE_NFS_GETFH:nfs_getfh(2):ad 59:AUE_SETDOMAINNAME:setdomainname(2):ad 60:AUE_QUOTACTL:quotactl(2):ad 61:AUE_EXPORTFS:exportfs(2):ad 62:AUE_MOUNT:mount(2):ad 63:AUE_SEMSYS:semsys(2):ip 64:AUE_MSGSYS:msgsys(2):ip 65:AUE_SHMSYS:shmsys(2):ip 66:AUE_BSMSYS:bsmsys(2):ad 67:AUE_RFSSYS:rfssys(2):ad 68:AUE_FCHDIR:fchdir(2):pc 69:AUE_FCHROOT:fchroot(2):pc 70:AUE_VPIXSYS:vpixsys(2):no 71:AUE_PATHCONF:pathconf(2):fa 72:AUE_OPEN_R:open(2) - read:fr 73:AUE_OPEN_RC:open(2) - read,creat:fc,fr,fa,fm 74:AUE_OPEN_RT:open(2) - read,trunc:fd,fr,fa,fm 75:AUE_OPEN_RTC:open(2) - read,creat,trunc:fc,fd,fr,fa,fm 76:AUE_OPEN_W:open(2) - write:fw 77:AUE_OPEN_WC:open(2) - write,creat:fc,fw,fa,fm 78:AUE_OPEN_WT:open(2) - write,trunc:fd,fw,fa,fm 79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw,fa,fm 80:AUE_OPEN_RW:open(2) - read,write:fr,fw 81:AUE_OPEN_RWC:open(2) - read,write,creat:fc,fw,fr,fa,fm 82:AUE_OPEN_RWT:open(2) - read,write,trunc:fd,fr,fw,fa,fm 83:AUE_OPEN_RWTC:open(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm 84:AUE_MSGCTL:msgctl(2) - illegal command:ip 85:AUE_MSGCTL_RMID:msgctl(2) - IPC_RMID command:ip 86:AUE_MSGCTL_SET:msgctl(2) - IPC_SET command:ip 87:AUE_MSGCTL_STAT:msgctl(2) - IPC_STAT command:ip 88:AUE_MSGGET:msgget(2):ip 89:AUE_MSGRCV:msgrcv(2):ip 90:AUE_MSGSND:msgsnd(2):ip 91:AUE_SHMCTL:shmctl(2) - illegal command:ip 92:AUE_SHMCTL_RMID:shmctl(2) - IPC_RMID command:ip 93:AUE_SHMCTL_SET:shmctl(2) - IPC_SET command:ip 94:AUE_SHMCTL_STAT:shmctl(2) - IPC_STAT command:ip 95:AUE_SHMGET:shmget(2):ip 96:AUE_SHMAT:shmat(2):ip 97:AUE_SHMDT:shmdt(2):ip 98:AUE_SEMCTL:semctl(2) - illegal command:ip 99:AUE_SEMCTL_RMID:semctl(2) - IPC_RMID command:ip 100:AUE_SEMCTL_SET:semctl(2) - IPC_SET command:ip 101:AUE_SEMCTL_STAT:semctl(2) - IPC_STAT command:ip 102:AUE_SEMCTL_GETNCNT:semctl(2) - GETNCNT command:ip 103:AUE_SEMCTL_GETPID:semctl(2) - GETPID command:ip 104:AUE_SEMCTL_GETVAL:semctl(2) - GETVAL command:ip 105:AUE_SEMCTL_GETALL:semctl(2) - GETALL command:ip 106:AUE_SEMCTL_GETZCNT:semctl(2) - GETZCNT command:ip 107:AUE_SEMCTL_SETVAL:semctl(2) - SETVAL command:ip 108:AUE_SEMCTL_SETALL:semctl(2) - SETALL command:ip 109:AUE_SEMGET:semget(2):ip 110:AUE_SEMOP:semop(2):ip 111:AUE_CORE:process dumped core:fc 112:AUE_CLOSE:close(2):cl 113:AUE_SYSTEMBOOT:system booted:na 114:AUE_ASYNC_DAEMON_EXIT:async_daemon(2) exited:ad 115:AUE_NFSSVC_EXIT:nfssvc(2) exited:ad 128:AUE_WRITEL:writel(2):no 129:AUE_WRITEVL:writevl(2):no 130:AUE_GETAUID:getauid(2):ad 131:AUE_SETAUID:setauid(2):ad 132:AUE_GETAUDIT:getaudit(2):ad 133:AUE_SETAUDIT:setaudit(2):ad 134:AUE_GETUSERAUDIT:getuseraudit(2):ad 135:AUE_SETUSERAUDIT:setuseraudit(2):ad 136:AUE_AUDITSVC:auditsvc(2):ad 137:AUE_AUDITUSER:audituser(2):ad 138:AUE_AUDITON:auditon(2):ad 139:AUE_AUDITON_GTERMID:auditon(2) - GETTERMID command:ad 140:AUE_AUDITON_STERMID:auditon(2) - SETTERMID command:ad 141:AUE_AUDITON_GPOLICY:auditon(2) - GPOLICY command:ad 142:AUE_AUDITON_SPOLICY:auditon(2) - SPOLICY command:ad 143:AUE_AUDITON_GESTATE:auditon(2) - GESTATE command:ad 144:AUE_AUDITON_SESTATE:auditon(2) - SESTATE command:ad 145:AUE_AUDITON_GQCTRL:auditon(2) - GQCTRL command:ad 146:AUE_AUDITON_SQCTRL:auditon(2) - SQCTRL command:ad 147:AUE_GETKERNSTATE:getkernstate(2):ad 148:AUE_SETKERNSTATE:setkernstate(2):ad 149:AUE_GETPORTAUDIT:getportaudit(2):ad 150:AUE_AUDITSTAT:auditstat(2):ad 151:AUE_REVOKE:revoke(2):cl 152:AUE_MAC:Solaris AUE_MAC:no 153:AUE_ENTERPROM:enter prom:ad 154:AUE_EXITPROM:exit prom:ad 155:AUE_IFLOAT:Solaris AUE_IFLOAT:no 156:AUE_PFLOAT:Solaris AUE_PFLOAT:no 157:AUE_UPRIV:Solaris AUE_UPRIV:no 158:AUE_IOCTL:ioctl(2):io 173:AUE_ONESIDE:one-sided session record:nt 174:AUE_MSGGETL:msggetl(2):ip 175:AUE_MSGRCVL:msgrcvl(2):ip 176:AUE_MSGSNDL:msgsndl(2):ip 177:AUE_SEMGETL:semgetl(2):ip 178:AUE_SHMGETL:shmgetl(2):ip 183:AUE_SOCKET:socket(2):nt 184:AUE_SENDTO:sendto(2):nt 185:AUE_PIPE:pipe(2):ip 186:AUE_SOCKETPAIR:socketpair(2):nt 187:AUE_SEND:send(2):nt 188:AUE_SENDMSG:sendmsg(2):nt 189:AUE_RECV:recv(2):nt 190:AUE_RECVMSG:recvmsg(2):nt 191:AUE_RECVFROM:recvfrom(2):nt 192:AUE_READ:read(2):no 193:AUE_GETDENTS:getdents(2):no 194:AUE_LSEEK:lseek(2):no 195:AUE_WRITE:write(2):no 196:AUE_WRITEV:writev(2):no 197:AUE_NFS:nfs server:ad 198:AUE_READV:readv(2):no 199:AUE_OSTAT:Solaris old stat(2):fa 200:AUE_SETUID:setuid(2):pc 201:AUE_STIME:old stime(2):ad 202:AUE_UTIME:old utime(2):fm 203:AUE_NICE:old nice(2):pc 204:AUE_OSETPGRP:Solaris old setpgrp(2):pc 205:AUE_SETGID:setgid(2):pc 206:AUE_READL:readl(2):no 207:AUE_READVL:readvl(2):no 208:AUE_FSTAT:fstat(2):fa 209:AUE_DUP2:dup2(2):no 210:AUE_MMAP:mmap(2):no 211:AUE_AUDIT:audit(2):ot 212:AUE_PRIOCNTLSYS:Solaris priocntlsys(2):pc 213:AUE_MUNMAP:munmap(2):cl 214:AUE_SETEGID:setegid(2):pc 215:AUE_SETEUID:seteuid(2):pc 216:AUE_PUTMSG:putmsg(2):nt 217:AUE_GETMSG:getmsg(2):nt 218:AUE_PUTPMSG:putpmsg(2):nt 219:AUE_GETPMSG:getpmsg(2):nt 220:AUE_AUDITSYS:audit system calls place holder:no 221:AUE_AUDITON_GETKMASK:auditon(2) - get kernel mask:ad 222:AUE_AUDITON_SETKMASK:auditon(2) - set kernel mask:ad 223:AUE_AUDITON_GETCWD:auditon(2) - get cwd:ad 224:AUE_AUDITON_GETCAR:auditon(2) - get car:ad 225:AUE_AUDITON_GETSTAT:auditon(2) - get audit statistics:ad 226:AUE_AUDITON_SETSTAT:auditon(2) - reset audit statistics:ad 227:AUE_AUDITON_SETUMASK:auditon(2) - set mask per uid:ad 228:AUE_AUDITON_SETSMASK:auditon(2) - set mask per session ID:ad 229:AUE_AUDITON_GETCOND:auditon(2) - get audit state:ad 230:AUE_AUDITON_SETCOND:auditon(2) - set audit state:ad 231:AUE_AUDITON_GETCLASS:auditon(2) - get event class:ad 232:AUE_AUDITON_SETCLASS:auditon(2) - set event class:ad 233:AUE_UTSSYS:utssys(2) - fusers:ad 234:AUE_STATVFS:statvfs(2):fa 235:AUE_XSTAT:xstat(2):fa 236:AUE_LXSTAT:lxstat(2):fa 237:AUE_LCHOWN:lchown(2):fm 238:AUE_MEMCNTL:memcntl(2):ot 239:AUE_SYSINFO:sysinfo(2):ad 240:AUE_XMKNOD:xmknod(2):fc 241:AUE_FORK1:fork1(2):pc 242:AUE_MODCTL:modctl(2) system call place holder:no 243:AUE_MODLOAD:modctl(2) - load module:ad 244:AUE_MODUNLOAD:modctl(2) - unload module:ad 245:AUE_MODCONFIG:modctl(2) - configure module:ad 246:AUE_MODADDMAJ:modctl(2) - bind module:ad 247:AUE_SOCKACCEPT:getmsg-accept:nt 248:AUE_SOCKCONNECT:putmsg-connect:nt 249:AUE_SOCKSEND:putmsg-send:nt 250:AUE_SOCKRECEIVE:getmsg-receive:nt 251:AUE_ACLSET:acl(2) - SETACL comand:fm 252:AUE_FACLSET:facl(2) - SETACL command:fm 253:AUE_DOORFS:doorfs(2) - system call place holder:no 254:AUE_DOORFS_DOOR_CALL:doorfs(2) - DOOR_CALL:ip 255:AUE_DOORFS_DOOR_RETURN:doorfs(2) - DOOR_RETURN:ip 256:AUE_DOORFS_DOOR_CREATE:doorfs(2) - DOOR_CREATE:ip 257:AUE_DOORFS_DOOR_REVOKE:doorfs(2) - DOOR_REVOKE:ip 258:AUE_DOORFS_DOOR_INFO:doorfs(2) - DOOR_INFO:ip 259:AUE_DOORFS_DOOR_CRED:doorfs(2) - DOOR_CRED:ip 260:AUE_DOORFS_DOOR_BIND:doorfs(2) - DOOR_BIND:ip 261:AUE_DOORFS_DOOR_UNBIND:doorfs(2) - DOOR_UNBIND:ip 262:AUE_P_ONLINE:p_online(2):ad 263:AUE_PROCESSOR_BIND:processor_bind(2):ad 264:AUE_INST_SYNC:inst_sync(2):ad 265:AUE_SOCKCONFIG:configure socket:nt 266:AUE_SETAUDIT_ADDR:setaudit_addr(2):ad 267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad 268:AUE_UMOUNT2:Solaris umount(2):ad 269:AUE_FSAT:fsat(2) - place holder:no 270:AUE_OPENAT_R:openat(2) - read:fr 271:AUE_OPENAT_RC:openat(2) - read,creat:fc,fr,fa,fm 272:AUE_OPENAT_RT:openat(2) - read,trunc:fd,fr,fa,fm 273:AUE_OPENAT_RTC:openat(2) - read,creat,trunc:fc,fd,fr,fa,fm 274:AUE_OPENAT_W:openat(2) - write:fw 275:AUE_OPENAT_WC:openat(2) - write,creat:fc,fw,fa,fm 276:AUE_OPENAT_WT:openat(2) - write,trunc:fd,fw,fa,fm 277:AUE_OPENAT_WTC:openat(2) - write,creat,trunc:fc,fd,fw,fa,fm 278:AUE_OPENAT_RW:openat(2) - read,write:fr,fw 279:AUE_OPENAT_RWC:openat(2) - read,write,create:fc,fw,fr,fa,fm 280:AUE_OPENAT_RWT:openat(2) - read,write,trunc:fd,fw,fr,fa,fm 281:AUE_OPENAT_RWTC:openat(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm 282:AUE_RENAMEAT:renameat(2):fc,fd 283:AUE_FSTATAT:fstatat(2):fa 284:AUE_FCHOWNAT:fchownat(2):fm 285:AUE_FUTIMESAT:futimesat(2):fm 286:AUE_UNLINKAT:unlinkat(2):fd 287:AUE_CLOCK_SETTIME:clock_settime(2):ad 288:AUE_NTP_ADJTIME:ntp_adjtime(2):ad 289:AUE_SETPPRIV:setppriv(2):pc 290:AUE_MODDEVPLCY:modctl(2) - configure device policy:ad 291:AUE_MODADDPRIV:modctl(2) - configure additional privilege:ad 292:AUE_CRYPTOADM:kernel cryptographic framework:ad 293:AUE_CONFIGKSSL:configure kernel SSL:ad 294:AUE_BRANDSYS:brandsys(2):ot 295:AUE_PF_POLICY_ADDRULE:Add IPsec policy rule:ad 296:AUE_PF_POLICY_DELRULE:Delete IPsec policy rule:ad 297:AUE_PF_POLICY_CLONE:Clone IPsec policy:ad 298:AUE_PF_POLICY_FLIP:Flip IPsec policy:ad 299:AUE_PF_POLICY_FLUSH:Flush IPsec policy rules:ad 300:AUE_PF_POLICY_ALGS:Update IPsec algorithms:ad 301:AUE_PORTFS:portfs:fa # # What follows are deprecated Darwin event numbers that may soon^H^H^H^Hnow # conflict with Solaris events. # 301:AUE_DARWIN_GETFSSTAT:getfsstat(2):fa 302:AUE_DARWIN_PTRACE:ptrace(2):pc 303:AUE_DARWIN_CHFLAGS:chflags(2):fm 304:AUE_DARWIN_FCHFLAGS:fchflags(2):fm 305:AUE_DARWIN_PROFILE:profil(2):pc 306:AUE_DARWIN_KTRACE:ktrace(2):pc 307:AUE_DARWIN_SETLOGIN:setlogin(2):pc 308:AUE_DARWIN_REBOOT:reboot(2):ad 309:AUE_DARWIN_REVOKE:revoke(2):cl 310:AUE_DARWIN_UMASK:umask(2):pc 311:AUE_DARWIN_MPROTECT:mprotect(2):fm 312:AUE_DARWIN_SETPRIORITY:setpriority(2):pc,ot 313:AUE_DARWIN_SETTIMEOFDAY:settimeofday(2):ad 314:AUE_DARWIN_FLOCK:flock(2):fm 315:AUE_DARWIN_MKFIFO:mkfifo(2):fc 316:AUE_DARWIN_POLL:poll(2):no 317:AUE_DARWIN_SOCKETPAIR:socketpair(2):nt 318:AUE_DARWIN_FUTIMES:futimes(2):fm 319:AUE_DARWIN_SETSID:setsid(2):pc 320:AUE_DARWIN_SETPRIVEXEC:setprivexec(2):pc 321:AUE_DARWIN_NFSSVC:nfssvc(2):ad 322:AUE_DARWIN_GETFH:getfh(2):fa 323:AUE_DARWIN_QUOTACTL:quotactl(2):ad 324:AUE_DARWIN_ADDPROFILE:add_profil():pc 325:AUE_DARWIN_KDEBUGTRACE:kdebug_trace():pc 326:AUE_DARWIN_FSTAT:fstat(2):fa 327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa 328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):no 329:AUE_DARWIN_TRUNCATE:truncate(2):fw 330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw 331:AUE_DARWIN_SYSCTL:sysctl(3):ad 332:AUE_DARWIN_MLOCK:mlock(2):pc 333:AUE_DARWIN_MUNLOCK:munlock(2):pc 334:AUE_DARWIN_UNDELETE:undelete(2):fm 335:AUE_DARWIN_GETATTRLIST:getattrlist():fa 336:AUE_DARWIN_SETATTRLIST:setattrlist():fm 337:AUE_DARWIN_GETDIRENTRIESATTR:getdirentriesattr():fa 338:AUE_DARWIN_EXCHANGEDATA:exchangedata():fw 339:AUE_DARWIN_SEARCHFS:searchfs():fa 340:AUE_DARWIN_MINHERIT:minherit(2):pc 341:AUE_DARWIN_SEMCONFIG:semconfig():ip 342:AUE_DARWIN_SEMOPEN:sem_open(2):ip 343:AUE_DARWIN_SEMCLOSE:sem_close(2):ip 344:AUE_DARWIN_SEMUNLINK:sem_unlink(2):ip 345:AUE_DARWIN_SHMOPEN:shm_open(2):ip 346:AUE_DARWIN_SHMUNLINK:shm_unlink(2):ip 347:AUE_DARWIN_LOADSHFILE:load_shared_file():fr 348:AUE_DARWIN_RESETSHFILE:reset_shared_file():ot 349:AUE_DARWIN_NEWSYSTEMSHREG:new_system_share_regions():ot 350:AUE_DARWIN_PTHREADKILL:pthread_kill(2):pc 351:AUE_DARWIN_PTHREADSIGMASK:pthread_sigmask(2):pc 352:AUE_DARWIN_AUDITCTL:auditctl(2):ad 353:AUE_DARWIN_RFORK:rfork(2):pc 354:AUE_DARWIN_LCHMOD:lchmod(2):fm 355:AUE_DARWIN_SWAPOFF:swapoff(2):ad 356:AUE_DARWIN_INITPROCESS:init_process():pc 357:AUE_DARWIN_MAPFD:map_fd():fa 358:AUE_DARWIN_TASKFORPID:task_for_pid():pc 359:AUE_DARWIN_PIDFORTASK:pid_for_task():pc 360:AUE_DARWIN_SYSCTL_NONADMIN:sysctl() - non-admin:ot 361:AUE_DARWIN_COPYFILE:copyfile():fr,fw # # OpenBSM-specific kernel events. # 43001:AUE_GETFSSTAT:getfsstat(2):fa 43002:AUE_PTRACE:ptrace(2):pc 43003:AUE_CHFLAGS:chflags(2):fm 43004:AUE_FCHFLAGS:fchflags(2):fm 43005:AUE_PROFILE:profil(2):pc 43006:AUE_KTRACE:ktrace(2):pc 43007:AUE_SETLOGIN:setlogin(2):pc 43008:AUE_OPENBSM_REVOKE:revoke(2):cl 43009:AUE_UMASK:umask(2):pc 43010:AUE_MPROTECT:mprotect(2):fm 43011:AUE_MKFIFO:mkfifo(2):fc 43012:AUE_POLL:poll(2):no 43013:AUE_FUTIMES:futimes(2):fm 43014:AUE_SETSID:setsid(2):pc 43015:AUE_SETPRIVEXEC:setprivexec(2):pc 43016:AUE_ADDPROFILE:add_profil():pc 43017:AUE_KDEBUGTRACE:kdebug_trace():pc 43018:AUE_OPENBSM_FSTAT:fstat(2):fa 43019:AUE_FPATHCONF:fpathconf(2):fa 43020:AUE_GETDIRENTRIES:getdirentries(2):no 43021:AUE_SYSCTL:sysctl(3):ot 43022:AUE_MLOCK:mlock(2):pc 43023:AUE_MUNLOCK:munlock(2):pc 43024:AUE_UNDELETE:undelete(2):fm 43025:AUE_GETATTRLIST:getattrlist():fa 43026:AUE_SETATTRLIST:setattrlist():fm 43027:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa 43028:AUE_EXCHANGEDATA:exchangedata():fw 43029:AUE_SEARCHFS:searchfs():fa 43030:AUE_MINHERIT:minherit(2):pc 43031:AUE_SEMCONFIG:semconfig():ip 43032:AUE_SEMOPEN:sem_open(2):ip 43033:AUE_SEMCLOSE:sem_close(2):ip 43034:AUE_SEMUNLINK:sem_unlink(2):ip 43035:AUE_SHMOPEN:shm_open(2):ip 43036:AUE_SHMUNLINK:shm_unlink(2):ip 43037:AUE_LOADSHFILE:load_shared_file():fr 43038:AUE_RESETSHFILE:reset_shared_file():ot 43039:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot 43040:AUE_PTHREADKILL:pthread_kill(2):pc 43041:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc 43042:AUE_AUDITCTL:auditctl(2):ad 43043:AUE_RFORK:rfork(2):pc 43044:AUE_LCHMOD:lchmod(2):fm 43045:AUE_SWAPOFF:swapoff(2):ad 43046:AUE_INITPROCESS:init_process():pc 43047:AUE_MAPFD:map_fd():fa 43048:AUE_TASKFORPID:task_for_pid():pc 43049:AUE_PIDFORTASK:pid_for_task():pc 43050:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot 43051:AUE_COPYFILE:copyfile(2):fr,fw 43052:AUE_LUTIMES:lutimes(2):fm 43053:AUE_LCHFLAGS:lchflags(2):fm 43054:AUE_SENDFILE:sendfile(2):nt 43055:AUE_USELIB:uselib(2):fa 43056:AUE_GETRESUID:getresuid(2):pc 43057:AUE_SETRESUID:setresuid(2):pc 43058:AUE_GETRESGID:getresgid(2):pc 43059:AUE_SETRESGID:setresgid(2):pc 43060:AUE_WAIT4:wait4(2):pc 43061:AUE_LGETFH:lgetfh(2):fa 43062:AUE_FHSTATFS:fhstatfs(2):fa 43063:AUE_FHOPEN:fhopen(2):fa 43064:AUE_FHSTAT:fhstat(2):fa 43065:AUE_JAIL:jail(2):pc 43066:AUE_EACCESS:eaccess(2):fa 43067:AUE_KQUEUE:kqueue(2):no 43068:AUE_KEVENT:kevent(2):no 43069:AUE_FSYNC:fsync(2):fm 43070:AUE_NMOUNT:nmount(2):ad 43071:AUE_BDFLUSH:bdflush(2):ad 43072:AUE_SETFSUID:setfsuid(2):ot 43073:AUE_SETFSGID:setfsgid(2):ot 43074:AUE_PERSONALITY:personality(2):pc 43075:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad 43076:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad 43077:AUE_PRCTL:prctl(2):pc 43078:AUE_GETCWD:getcwd(2):pc 43079:AUE_CAPGET:capget(2):pc 43080:AUE_CAPSET:capset(2):pc 43081:AUE_PIVOT_ROOT:pivot_root(2):pc 43082:AUE_RTPRIO::rtprio(2):pc 43083:AUE_SCHED_GETPARAM:sched_getparam(2):ad 43084:AUE_SCHED_SETPARAM:sched_setparam(2):ad 43085:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad 43086:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad 43087:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad 43088:AUE_ACL_GET_FILE:acl_get_file(2):fa 43089:AUE_ACL_SET_FILE:acl_set_file(2):fm 43090:AUE_ACL_GET_FD:acl_get_fd(2):fa 43091:AUE_ACL_SET_FD:acl_set_fd(2):fm 43092:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm 43093:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm 43094:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa 43095:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa 43096:AUE_ACL_GET_LINK:acl_get_link(2):fa 43097:AUE_ACL_SET_LINK:acl_set_link(2):fm 43098:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm 43099:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa 43100:AUE_SYSARCH:sysarch(2):ot 43101:AUE_EXTATTRCTL:extattrctl(2):fm 43102:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa 43103:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm 43104:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa 43105:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm 43106:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa 43107:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm 43108:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa 43109:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm 43110:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa 43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm 43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa 43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm 43114:AUE_KENV:kenv(8):ad 43115:AUE_JAIL_ATTACH:jail_attach(2):ad 43116:AUE_SYSCTL_WRITE:sysctl(3):ad 43117:AUE_IOPERM:linux ioperm:ad 43118:AUE_READDIR:readdir(3):no 43119:AUE_IOPL:linux iopl:ad 43120:AUE_VM86:linux vm86:pc 43121:AUE_MAC_GET_PROC:mac_get_proc(2):pc 43122:AUE_MAC_SET_PROC:mac_set_proc(2):pc 43123:AUE_MAC_GET_FD:mac_get_fd(2):fa 43124:AUE_MAC_GET_FILE:mac_get_file(2):fa 43125:AUE_MAC_SET_FD:mac_set_fd(2):fm 43126:AUE_MAC_SET_FILE:mac_set_file(2):fm 43127:AUE_MAC_SYSCALL:mac_syscall(2):ad 43128:AUE_MAC_GET_PID:mac_get_pid(2):pc 43129:AUE_MAC_GET_LINK:mac_get_link(2):fa 43130:AUE_MAC_SET_LINK:mac_set_link(2):fm 43131:AUE_MAC_EXECVE:mac_execve(2):ex,pc 43132:AUE_GETPATH_FROMFD:getpath_fromfd(2):fa 43133:AUE_GETPATH_FROMADDR:getpath_fromaddr(2):fa 43134:AUE_MQ_OPEN:mq_open(2):ip 43135:AUE_MQ_SETATTR:mq_setattr(2):ip 43136:AUE_MQ_TIMEDRECEIVE:mq_timedreceive(2):ip 43137:AUE_MQ_TIMEDSEND:mq_timedsend(2):ip 43138:AUE_MQ_NOTIFY:mq_notify(2):ip 43139:AUE_MQ_UNLINK:mq_unlink(2):ip 43140:AUE_LISTEN:listen(2):nt 43141:AUE_MLOCKALL:mlockall(2):pc 43142:AUE_MUNLOCKALL:munlockall(2):pc 43143:AUE_CLOSEFROM:closefrom(2):cl 43144:AUE_FEXECVE:fexecve(2):pc,ex 43145:AUE_FACCESSAT:faccessat(2):fa 43146:AUE_FCHMODAT:fchmodat(2):fm 43147:AUE_LINKAT:linkat(2):fc 43148:AUE_MKDIRAT:mkdirat(2):fc 43149:AUE_MKFIFOAT:mkfifoat(2):fc 43150:AUE_MKNODAT:mknodat(2):fc 43151:AUE_READLINKAT:readlinkat(2):fr 43152:AUE_SYMLINKAT:symlinkat(2):fc 43153:AUE_MAC_GETFSSTAT:mac_getfsstat(2):fa 43154:AUE_MAC_GET_MOUNT:mac_get_mount(2):fa 43155:AUE_MAC_GET_LCID:mac_get_lcid(2):pc 43156:AUE_MAC_GET_LCTX:mac_get_lctx(2):pc 43157:AUE_MAC_SET_LCTX:mac_set_lctx(2):pc 43158:AUE_MAC_MOUNT:mac_mount(2):ad 43159:AUE_GETLCID:getlcid(2):pc 43160:AUE_SETLCID:setlcid(2):pc 43161:AUE_TASKNAMEFORPID:taskname_for_pid():pc 43162:AUE_ACCESS_EXTENDED:access_extended(2):fa 43163:AUE_CHMOD_EXTENDED:chmod_extended(2):fm 43164:AUE_FCHMOD_EXTENDED:fchmod_extended(2):fm 43165:AUE_FSTAT_EXTENDED:fstat_extended(2):fa 43166:AUE_LSTAT_EXTENDED:lstat_extended(2):fa 43167:AUE_MKDIR_EXTENDED:mkdir_extended(2):fc 43168:AUE_MKFIFO_EXTENDED:mkfifo_extended(2):fc 43169:AUE_OPEN_EXTENDED:open_extended(2) - attr only:fa 43170:AUE_OPEN_EXTENDED_R:open_extended(2) - read:fr 43171:AUE_OPEN_EXTENDED_RC:open_extended(2) - read,creat:fc,fr,fa,fm 43172:AUE_OPEN_EXTENDED_RT:open_extended(2) - read,trunc:fd,fr,fa,fm 43173:AUE_OPEN_EXTENDED_RTC:open_extended(2) - read,creat,trunc:fc,fd,fr,fa,fm 43174:AUE_OPEN_EXTENDED_W:open_extended(2) - write:fw 43175:AUE_OPEN_EXTENDED_WC:open_extended(2) - write,creat:fc,fw,fa,fm 43176:AUE_OPEN_EXTENDED_WT:open_extended(2) - write,trunc:fd,fw,fa,fm 43177:AUE_OPEN_EXTENDED_WTC:open_extended(2) - write,creat,trunc:fc,fd,fw,fa,fm 43178:AUE_OPEN_EXTENDED_RW:open_extended(2) - read,write:fr,fw 43179:AUE_OPEN_EXTENDED_RWC:open_extended(2) - read,write,creat:fc,fw,fr,fa,fm 43180:AUE_OPEN_EXTENDED_RWT:open_extended(2) - read,write,trunc:fd,fr,fw,fa,fm 43181:AUE_OPEN_EXTENDED_RWTC:open_extended(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm 43182:AUE_STAT_EXTENDED:stat_extended(2):fa 43183:AUE_UMASK_EXTENDED:umask_extended(2):pc 43184:AUE_OPENAT:openat(2) - attr only:fa 43185:AUE_POSIX_OPENPT:posix_openpt(2):ip 43186:AUE_CAP_NEW:cap_new(2):fm 43187:AUE_CAP_RIGHTS_GET:cap_rights_get(2):fm 43188:AUE_CAP_ENTER:cap_enter(2):pc 43189:AUE_CAP_GETMODE:cap_getmode(2):pc 43190:AUE_POSIX_SPAWN:posix_spawn(2):pc 43191:AUE_FSGETPATH:fsgetpath(2):ot 43192:AUE_PREAD:pread(2):no 43193:AUE_PWRITE:pwrite(2):no 43194:AUE_FSCTL:fsctl():fm 43195:AUE_FFSCTL:ffsctl():fm 43196:AUE_LPATHCONF:lpathconf(2):fa 43197:AUE_PDFORK:pdfork(2):pc 43198:AUE_PDKILL:pdkill(2):pc 43199:AUE_PDGETPID:pdgetpid(2):pc 43200:AUE_PDWAIT:pdwait(2):pc 43201:AUE_WAIT6:wait6(2):pc 43202:AUE_CAP_RIGHTS_LIMIT:cap_rights_limit(2):fm 43203:AUE_CAP_IOCTLS_LIMIT:cap_ioctls_limit(2):fm 43204:AUE_CAP_IOCTLS_GET:cap_ioctls_get(2):fm 43205:AUE_CAP_FCNTLS_LIMIT:cap_fcntls_limit(2):fm 43206:AUE_CAP_FCNTLS_GET:cap_fcntls_get(2):fm 43207:AUE_BINDAT:bindat(2):nt 43208:AUE_CONNECTAT:connectat(2):nt 43209:AUE_CHFLAGSAT:chflagsat(2):fm # # Solaris userspace events. # 6144:AUE_at_create:at-create atjob:ad 6145:AUE_at_delete:at-delete atjob (at or atrm):ad 6146:AUE_at_perm:at-permission:no 6147:AUE_cron_invoke:cron-invoke:ad 6148:AUE_crontab_create:crontab-crontab created:ad 6149:AUE_crontab_delete:crontab-crontab deleted:ad 6150:AUE_crontab_perm:crontab-permission:no 6151:AUE_inetd_connect:inetd connection:na 6152:AUE_login:login - local:lo 6153:AUE_logout:logout - local:lo 6154:AUE_telnet:login - telnet:lo 6155:AUE_rlogin:login - rlogin:lo 6156:AUE_mountd_mount:mount:na 6157:AUE_mountd_umount:unmount:na 6158:AUE_rshd:rsh access:lo 6159:AUE_su:su(1):lo 6160:AUE_halt:system halt:ad 6161:AUE_reboot:system reboot:ad 6162:AUE_rexecd:rexecd:lo 6163:AUE_passwd:passwd:lo 6164:AUE_rexd:rexd:lo 6165:AUE_ftpd:ftp access:lo 6166:AUE_init:init:lo 6167:AUE_uadmin:uadmin:no 6168:AUE_shutdown:system shutdown:ad 6168:AUE_poweroff:system poweroff:ad 6170:AUE_crontab_mod:crontab-modify:ad 6171:AUE_ftpd_logout:ftp logout:lo 6172:AUE_ssh:login - ssh:lo 6173:AUE_role_login:role login:lo 6180:AUE_prof_cmd: profile command:ad 6181:AUE_filesystem_add:add filesystem:ad 6182:AUE_filesystem_delete:delete filesystem:ad 6183:AUE_filesystem_modify:modify filesystem:ad 6200:AUE_allocate_succ:allocate-device success:ot 6201:AUE_allocate_fail:allocate-device failure:ot 6202:AUE_deallocate_succ:deallocate-device success:ot 6203:AUE_deallocate_fail:deallocate-device failure:ot 6204:AUE_listdevice_succ:allocate-list devices success:ot 6205:AUE_listdevice_fail:allocate-list devices failure:ot 6207:AUE_create_user:create user:ad 6208:AUE_modify_user:modify user:ad 6209:AUE_delete_user:delete user:ad 6210:AUE_disable_user:disable user:ad 6211:AUE_enable_user:enable users:ad 6212:AUE_newgrp_login:newgrp login:lo 6213:AUE_admin_authenticate:admin login:lo 6214:AUE_kadmind_auth:authenticated kadmind request:ua 6215:AUE_kadmind_unauth:unauthenticated kadmind req:ua 6216:AUE_krb5kdc_as_req:kdc authentication svc request:ap 6217:AUE_krb5kdc_tgs_req:kdc tkt-grant svc request:ap 6218:AUE_krb5kdc_tgs_req_2ndtktmm:kdc tgs 2ndtkt mismtch:ap 6219:AUE_krb5kdc_tgs_req_alt_tgt:kdc tgs issue alt tgt:ap # # Historic Darwin use of low event numbering space, which collided with the # Solaris event space. Now obsoleted and new, higher, event numbers assigned # to make it easier to interpret Solaris events using the OpenBSM tools. # 6171:AUE_DARWIN_audit_startup:audit startup:ad 6172:AUE_DARWIN_audit_shutdown:audit shutdown:ad 6300:AUE_DARWIN_sudo:sudo(1):ad 6501:AUE_DARWIN_modify_password:modify password:ad 6511:AUE_DARWIN_create_group:create group:ad 6512:AUE_DARWIN_delete_group:delete group:ad 6513:AUE_DARWIN_modify_group:modify group:ad 6514:AUE_DARWIN_add_to_group:add to group:ad 6515:AUE_DARWIN_remove_from_group:remove from group:ad 6521:AUE_DARWIN_revoke_obj:revoke object priv:fm 6600:AUE_DARWIN_lw_login:loginwindow login:lo 6601:AUE_DARWIN_lw_logout:loginwindow logout:lo 7000:AUE_DARWIN_auth_user:user authentication:aa 7001:AUE_DARWIN_ssconn:SecSrvr connection setup:aa 7002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:aa 7003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:aa # # Historic/third-party application allocations of event identifiers. # 32800:AUE_openssh:OpenSSH login:lo # # OpenBSM-managed application event space. # 45000:AUE_audit_startup:audit startup:ad 45001:AUE_audit_shutdown:audit shutdown:ad 45014:AUE_modify_password:modify password:ad 45015:AUE_create_group:create group:ad 45016:AUE_delete_group:delete group:ad 45017:AUE_modify_group:modify group:ad 45018:AUE_add_to_group:add to group:ad 45019:AUE_remove_from_group:remove from group:ad 45020:AUE_revoke_obj:revoke object priv:fm 45021:AUE_lw_login:loginwindow login:lo 45022:AUE_lw_logout:loginwindow logout:lo 45023:AUE_auth_user:user authentication:aa 45024:AUE_ssconn:SecSrvr connection setup:aa 45025:AUE_ssauthorize:SecSrvr AuthEngine:aa 45026:AUE_ssauthint:SecSrvr authinternal mech:aa 45027:AUE_calife:Calife:ad 45028:AUE_sudo:sudo(1):aa 45029:AUE_audit_recovery:audit crash recovery:ad 45030:AUE_ssauthmech:SecSrvr AuthMechanism:aa Index: head/contrib/openbsm/etc/audit_filter =================================================================== --- head/contrib/openbsm/etc/audit_filter (revision 292431) +++ head/contrib/openbsm/etc/audit_filter (revision 292432) @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_filter#1 $ +# $FreeBSD$ # # modulename:various arguments here # Index: head/contrib/openbsm/etc/audit_user =================================================================== --- head/contrib/openbsm/etc/audit_user (revision 292431) +++ head/contrib/openbsm/etc/audit_user (revision 292432) @@ -1,5 +1,4 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#3 $ # $FreeBSD$ # root:lo:no Index: head/contrib/openbsm/etc/audit_warn =================================================================== --- head/contrib/openbsm/etc/audit_warn (revision 292431) +++ head/contrib/openbsm/etc/audit_warn (revision 292432) @@ -1,6 +1,6 @@ #!/bin/sh # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_warn#3 $ # $FreeBSD$ # + logger -p security.warning "audit warning: $@" Index: head/contrib/openbsm/libauditd/Makefile.am =================================================================== --- head/contrib/openbsm/libauditd/Makefile.am (revision 292431) +++ head/contrib/openbsm/libauditd/Makefile.am (revision 292432) @@ -1,17 +1,13 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/libauditd/Makefile.am#3 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif lib_LTLIBRARIES = libauditd.la libauditd_la_SOURCES = \ auditd_lib.c man3_MANS = \ libauditd.3 Index: head/contrib/openbsm/libauditd/auditd_lib.c =================================================================== --- head/contrib/openbsm/libauditd/auditd_lib.c (revision 292431) +++ head/contrib/openbsm/libauditd/auditd_lib.c (revision 292432) @@ -1,1239 +1,1240 @@ /*- * Copyright (c) 2008-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#18 $ */ #include #include #include #ifdef HAVE_FULL_QUEUE_H #include #else /* !HAVE_FULL_QUEUE_H */ #include #endif /* !HAVE_FULL_QUEUE_H */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef __APPLE__ #include #ifndef __BSM_INTERNAL_NOTIFY_KEY #define __BSM_INTERNAL_NOTIFY_KEY "com.apple.audit.change" #endif /* __BSM_INTERNAL_NOTIFY_KEY */ #endif /* __APPLE__ */ /* * XXX This is temporary until this is moved to and shared with * the kernel. */ #ifndef AUDIT_HARD_LIMIT_FREE_BLOCKS #define AUDIT_HARD_LIMIT_FREE_BLOCKS 4 #endif /* * Number of seconds to January 1, 2000 */ #define JAN_01_2000 946598400 struct dir_ent { char *dirname; uint8_t softlim; uint8_t hardlim; TAILQ_ENTRY(dir_ent) dirs; }; static TAILQ_HEAD(, dir_ent) dir_q; struct audit_trail { time_t at_time; char *at_path; off_t at_size; TAILQ_ENTRY(audit_trail) at_trls; }; static int auditd_minval = -1; static int auditd_dist = 0; static char auditd_host[MAXHOSTNAMELEN]; static int auditd_hostlen = -1; static char *auditd_errmsg[] = { "no error", /* ADE_NOERR ( 0) */ "could not parse audit_control(5) file", /* ADE_PARSE ( 1) */ "auditon(2) failed", /* ADE_AUDITON ( 2) */ "malloc(3) failed", /* ADE_NOMEM ( 3) */ "all audit log directories over soft limit", /* ADE_SOFTLIM ( 4) */ "all audit log directories over hard limit", /* ADE_HARDLIM ( 5) */ "could not create file name string", /* ADE_STRERR ( 6) */ "could not open audit record", /* ADE_AU_OPEN ( 7) */ "could not close audit record", /* ADE_AU_CLOSE ( 8) */ "could not set active audit session state", /* ADE_SETAUDIT ( 9) */ "auditctl(2) failed (trail still swapped)", /* ADE_ACTL (10) */ "auditctl(2) failed (trail not swapped)", /* ADE_ACTLERR (11) */ "could not swap audit trail file", /* ADE_SWAPERR (12) */ "could not rename crash recovery file", /* ADE_RENAME (13) */ "could not read 'current' link file", /* ADE_READLINK (14) */ "could not create 'current' link file", /* ADE_SYMLINK (15) */ "invalid argument", /* ADE_INVAL (16) */ "could not resolve hostname to address", /* ADE_GETADDR (17) */ "address family not supported", /* ADE_ADDRFAM (18) */ "error expiring audit trail files", /* ADE_EXPIRE (19) */ }; #define MAXERRCODE (sizeof(auditd_errmsg) / sizeof(auditd_errmsg[0])) #define NA_EVENT_STR_SIZE 128 #define POL_STR_SIZE 128 /* * Look up and return the error string for the given audit error code. */ const char * auditd_strerror(int errcode) { int idx = -errcode; if (idx < 0 || idx > (int)MAXERRCODE) return ("Invalid auditd error code"); return (auditd_errmsg[idx]); } /* * Free our local list of directory names and init list. */ static void free_dir_q(void) { struct dir_ent *d1, *d2; d1 = TAILQ_FIRST(&dir_q); while (d1 != NULL) { d2 = TAILQ_NEXT(d1, dirs); free(d1->dirname); free(d1); d1 = d2; } TAILQ_INIT(&dir_q); } /* * Concat the directory name to the given file name. * XXX We should affix the hostname also */ static char * affixdir(char *name, struct dir_ent *dirent) { char *fn = NULL; /* * Sanity check on file name. */ if (strlen(name) != FILENAME_LEN) { errno = EINVAL; return (NULL); } /* * If the host is set then also add the hostname to the filename. */ if (auditd_hostlen != -1) asprintf(&fn, "%s/%s.%s", dirent->dirname, name, auditd_host); else asprintf(&fn, "%s/%s", dirent->dirname, name); return (fn); } /* * Insert the directory entry in the list by the way they are ordered in * audit_control(5). Move the entries that are over the soft and hard limits * toward the tail. */ static void insert_orderly(struct dir_ent *denew) { struct dir_ent *dep; TAILQ_FOREACH(dep, &dir_q, dirs) { if (dep->softlim == 1 && denew->softlim == 0) { TAILQ_INSERT_BEFORE(dep, denew, dirs); return; } if (dep->hardlim == 1 && denew->hardlim == 0) { TAILQ_INSERT_BEFORE(dep, denew, dirs); return; } } TAILQ_INSERT_TAIL(&dir_q, denew, dirs); } /* * Get the min percentage of free blocks from audit_control(5) and that * value in the kernel. Return: * ADE_NOERR on success, * ADE_PARSE error parsing audit_control(5), */ int auditd_set_dist(void) { int ret; ret = getacdist(); if (ret < 0) return (ADE_PARSE); auditd_dist = ret; return (ADE_NOERR); } /* * Get the host from audit_control(5) and set it in the audit kernel * information. Return: * ADE_NOERR on success. * ADE_PARSE error parsing audit_control(5). * ADE_AUDITON error getting/setting auditon(2) value. * ADE_GETADDR error getting address info for host. * ADE_ADDRFAM un-supported address family. */ int auditd_set_host(void) { struct sockaddr_in6 *sin6; struct sockaddr_in *sin; struct addrinfo *res; struct auditinfo_addr aia; int error, ret = ADE_NOERR; if (getachost(auditd_host, sizeof(auditd_host)) != 0) { ret = ADE_PARSE; /* * To maintain reverse compatability with older audit_control * files, simply drop a warning if the host parameter has not * been set. However, we will explicitly disable the * generation of extended audit header by passing in a zeroed * termid structure. */ bzero(&aia, sizeof(aia)); aia.ai_termid.at_type = AU_IPv4; error = audit_set_kaudit(&aia, sizeof(aia)); if (error < 0 && errno != ENOSYS) ret = ADE_AUDITON; return (ret); } auditd_hostlen = strlen(auditd_host); error = getaddrinfo(auditd_host, NULL, NULL, &res); if (error) return (ADE_GETADDR); switch (res->ai_family) { case PF_INET6: sin6 = (struct sockaddr_in6 *) res->ai_addr; bcopy(&sin6->sin6_addr.s6_addr, &aia.ai_termid.at_addr[0], sizeof(struct in6_addr)); aia.ai_termid.at_type = AU_IPv6; break; case PF_INET: sin = (struct sockaddr_in *) res->ai_addr; bcopy(&sin->sin_addr.s_addr, &aia.ai_termid.at_addr[0], sizeof(struct in_addr)); aia.ai_termid.at_type = AU_IPv4; break; default: /* Un-supported address family in host parameter. */ errno = EAFNOSUPPORT; return (ADE_ADDRFAM); } if (audit_set_kaudit(&aia, sizeof(aia)) < 0) ret = ADE_AUDITON; return (ret); } /* * Get the min percentage of free blocks from audit_control(5) and that * value in the kernel. Return: * ADE_NOERR on success, * ADE_PARSE error parsing audit_control(5), * ADE_AUDITON error getting/setting auditon(2) value. */ int auditd_set_minfree(void) { au_qctrl_t qctrl; if (getacmin(&auditd_minval) != 0) return (ADE_PARSE); if (audit_get_qctrl(&qctrl, sizeof(qctrl)) != 0) return (ADE_AUDITON); if (qctrl.aq_minfree != auditd_minval) { qctrl.aq_minfree = auditd_minval; if (audit_set_qctrl(&qctrl, sizeof(qctrl)) != 0) return (ADE_AUDITON); } return (0); } /* * Convert a trailname into a timestamp (seconds). Return 0 if the conversion * was successful. */ static int trailname_to_tstamp(char *fn, time_t *tstamp) { struct tm tm; char ts[TIMESTAMP_LEN + 1]; char *p; *tstamp = 0; /* * Get the ending time stamp. */ if ((p = strchr(fn, '.')) == NULL) return (1); strlcpy(ts, ++p, sizeof(ts)); if (strlen(ts) != POSTFIX_LEN) return (1); bzero(&tm, sizeof(tm)); /* seconds (0-60) */ p = ts + POSTFIX_LEN - 2; tm.tm_sec = atol(p); if (tm.tm_sec < 0 || tm.tm_sec > 60) return (1); /* minutes (0-59) */ *p = '\0'; p -= 2; tm.tm_min = atol(p); if (tm.tm_min < 0 || tm.tm_min > 59) return (1); /* hours (0 - 23) */ *p = '\0'; p -= 2; tm.tm_hour = atol(p); if (tm.tm_hour < 0 || tm.tm_hour > 23) return (1); /* day of month (1-31) */ *p = '\0'; p -= 2; tm.tm_mday = atol(p); if (tm.tm_mday < 1 || tm.tm_mday > 31) return (1); /* month (0 - 11) */ *p = '\0'; p -= 2; tm.tm_mon = atol(p) - 1; if (tm.tm_mon < 0 || tm.tm_mon > 11) return (1); /* year (year - 1900) */ *p = '\0'; p -= 4; tm.tm_year = atol(p) - 1900; if (tm.tm_year < 0) return (1); *tstamp = timegm(&tm); return (0); } /* * Remove audit trails files according to the expiration conditions. Returns: * ADE_NOERR on success or there is nothing to do. * ADE_PARSE if error parsing audit_control(5). * ADE_NOMEM if could not allocate memory. - * ADE_EXPIRE if there was an unespected error. + * ADE_READLINK if could not read link file. + * ADE_EXPIRE if there was an unexpected error. */ int auditd_expire_trails(int (*warn_expired)(char *)) { - int andflg, ret = ADE_NOERR; + int andflg, len, ret = ADE_NOERR; size_t expire_size, total_size = 0L; time_t expire_age, oldest_time, current_time = time(NULL); struct dir_ent *traildir; struct audit_trail *at; char *afnp, *pn; TAILQ_HEAD(au_trls_head, audit_trail) head = TAILQ_HEAD_INITIALIZER(head); struct stat stbuf; char activefn[MAXPATHLEN]; /* * Read the expiration conditions. If no conditions then return no * error. */ if (getacexpire(&andflg, &expire_age, &expire_size) < 0) return (ADE_PARSE); if (!expire_age && !expire_size) return (ADE_NOERR); /* * Read the 'current' trail file name. Trim off directory path. */ activefn[0] = '\0'; - readlink(AUDIT_CURRENT_LINK, activefn, MAXPATHLEN - 1); + len = readlink(AUDIT_CURRENT_LINK, activefn, MAXPATHLEN - 1); + if (len < 0) + return (ADE_READLINK); if ((afnp = strrchr(activefn, '/')) != NULL) afnp++; /* * Build tail queue of the trail files. */ TAILQ_FOREACH(traildir, &dir_q, dirs) { DIR *dirp; struct dirent *dp; dirp = opendir(traildir->dirname); while ((dp = readdir(dirp)) != NULL) { time_t tstamp = 0; struct audit_trail *new; /* * Quickly filter non-trail files. */ if (dp->d_namlen < FILENAME_LEN || dp->d_name[POSTFIX_LEN] != '.') continue; if (asprintf(&pn, "%s/%s", traildir->dirname, dp->d_name) < 0) { ret = ADE_NOMEM; break; } if (stat(pn, &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) { free(pn); continue; } total_size += stbuf.st_size; /* * If this is the 'current' audit trail then * don't add it to the tail queue. */ if (NULL != afnp && strcmp(dp->d_name, afnp) == 0) { free(pn); continue; } /* * Get the ending time stamp encoded in the trail * name. If we can't read it or if it is older * than Jan 1, 2000 then use the mtime. */ if (trailname_to_tstamp(dp->d_name, &tstamp) != 0 || tstamp < JAN_01_2000) tstamp = stbuf.st_mtime; /* * If the time stamp is older than Jan 1, 2000 then * update the mtime of the trail file to the current * time. This is so we don't prematurely remove a trail * file that was created while the system clock reset * to the * "beginning of time" but later the system * clock is set to the correct current time. */ if (current_time >= JAN_01_2000 && tstamp < JAN_01_2000) { struct timeval tv[2]; tstamp = stbuf.st_mtime = current_time; TIMESPEC_TO_TIMEVAL(&tv[0], &stbuf.st_atimespec); TIMESPEC_TO_TIMEVAL(&tv[1], &stbuf.st_mtimespec); utimes(pn, tv); } /* * Allocate and populate the new entry. */ new = malloc(sizeof(*new)); if (NULL == new) { free(pn); ret = ADE_NOMEM; break; } new->at_time = tstamp; new->at_size = stbuf.st_size; new->at_path = pn; /* * Check to see if we have a new head. Otherwise, * walk the tailq from the tail first and do a simple * insertion sort. */ if (TAILQ_EMPTY(&head) || new->at_time <= TAILQ_FIRST(&head)->at_time) { TAILQ_INSERT_HEAD(&head, new, at_trls); continue; } TAILQ_FOREACH_REVERSE(at, &head, au_trls_head, at_trls) if (new->at_time >= at->at_time) { TAILQ_INSERT_AFTER(&head, at, new, at_trls); break; } } closedir(dirp); } oldest_time = current_time - expire_age; /* * Expire trail files, oldest (mtime) first, if the given * conditions are met. */ at = TAILQ_FIRST(&head); while (NULL != at) { struct audit_trail *at_next = TAILQ_NEXT(at, at_trls); if (andflg) { if ((expire_size && total_size > expire_size) && (expire_age && at->at_time < oldest_time)) { if (warn_expired) (*warn_expired)(at->at_path); if (unlink(at->at_path) < 0) ret = ADE_EXPIRE; total_size -= at->at_size; } } else { if ((expire_size && total_size > expire_size) || (expire_age && at->at_time < oldest_time)) { if (warn_expired) (*warn_expired)(at->at_path); if (unlink(at->at_path) < 0) ret = ADE_EXPIRE; total_size -= at->at_size; } } free(at->at_path); free(at); at = at_next; } return (ret); } /* * Parses the "dir" entry in audit_control(5) into an ordered list. Also, will * set the minfree and host values if not already set. Arguments include * function pointers to audit_warn functions for soft and hard limits. Returns: * ADE_NOERR on success, * ADE_PARSE error parsing audit_control(5), * ADE_AUDITON error getting/setting auditon(2) value, * ADE_NOMEM error allocating memory, * ADE_SOFTLIM if all the directories are over the soft limit, * ADE_HARDLIM if all the directories are over the hard limit, */ int auditd_read_dirs(int (*warn_soft)(char *), int (*warn_hard)(char *)) { char cur_dir[MAXNAMLEN]; struct dir_ent *dirent; struct statfs sfs; int err; char soft, hard; int tcnt = 0; int scnt = 0; int hcnt = 0; if (auditd_minval == -1 && (err = auditd_set_minfree()) != 0) return (err); if (auditd_hostlen == -1) auditd_set_host(); /* * Init directory q. Force a re-read of the file the next time. */ free_dir_q(); endac(); /* * Read the list of directories into an ordered linked list * admin's preference, then those over soft limit and, finally, * those over the hard limit. * * XXX We should use the reentrant interfaces once they are * available. */ while (getacdir(cur_dir, MAXNAMLEN) >= 0) { if (statfs(cur_dir, &sfs) < 0) continue; /* XXX should warn */ soft = (sfs.f_bfree < (sfs.f_blocks * auditd_minval / 100 )) ? 1 : 0; hard = (sfs.f_bfree < AUDIT_HARD_LIMIT_FREE_BLOCKS) ? 1 : 0; if (soft) { if (warn_soft) (*warn_soft)(cur_dir); scnt++; } if (hard) { if (warn_hard) (*warn_hard)(cur_dir); hcnt++; } dirent = (struct dir_ent *) malloc(sizeof(struct dir_ent)); if (dirent == NULL) return (ADE_NOMEM); dirent->softlim = soft; dirent->hardlim = hard; dirent->dirname = (char *) malloc(MAXNAMLEN); if (dirent->dirname == NULL) { free(dirent); return (ADE_NOMEM); } strlcpy(dirent->dirname, cur_dir, MAXNAMLEN); insert_orderly(dirent); tcnt++; } if (hcnt == tcnt) return (ADE_HARDLIM); if (scnt == tcnt) return (ADE_SOFTLIM); return (0); } void auditd_close_dirs(void) { free_dir_q(); auditd_minval = -1; auditd_hostlen = -1; } /* * Process the audit event file, obtaining a class mapping for each event, and * set that mapping into the kernel. Return: * n number of event mappings that were successfully processed, * ADE_NOMEM if there was an error allocating memory. */ int auditd_set_evcmap(void) { au_event_ent_t ev, *evp; au_evclass_map_t evc_map; int ctr = 0; /* * XXX There's a risk here that the BSM library will return NULL * for an event when it can't properly map it to a class. In that * case, we will not process any events beyond the one that failed, * but should. We need a way to get a count of the events. */ ev.ae_name = (char *)malloc(AU_EVENT_NAME_MAX); ev.ae_desc = (char *)malloc(AU_EVENT_DESC_MAX); if (ev.ae_name == NULL || ev.ae_desc == NULL) { if (ev.ae_name != NULL) free(ev.ae_name); return (ADE_NOMEM); } /* * XXXRW: Currently we have no way to remove mappings from the kernel * when they are removed from the file-based mappings. */ evp = &ev; setauevent(); while ((evp = getauevent_r(evp)) != NULL) { evc_map.ec_number = evp->ae_number; evc_map.ec_class = evp->ae_class; if (audit_set_class(&evc_map, sizeof(evc_map)) == 0) ctr++; } endauevent(); free(ev.ae_name); free(ev.ae_desc); return (ctr); } /* * Get the non-attributable event string and set the kernel mask. Return: * ADE_NOERR on success, * ADE_PARSE error parsing audit_control(5), * ADE_AUDITON error setting the mask using auditon(2). */ int auditd_set_namask(void) { au_mask_t aumask; char naeventstr[NA_EVENT_STR_SIZE]; if (getacna(naeventstr, NA_EVENT_STR_SIZE) != 0 || getauditflagsbin(naeventstr, &aumask) != 0) return (ADE_PARSE); if (audit_set_kmask(&aumask, sizeof(aumask)) != 0) return (ADE_AUDITON); return (ADE_NOERR); } /* * Set the audit control policy if a policy is configured in audit_control(5), * implement the policy. However, if one isn't defined or if there is an error * parsing the control file, set AUDIT_CNT to avoid leaving the system in a * fragile state. Return: * ADE_NOERR on success, * ADE_PARSE error parsing audit_control(5), * ADE_AUDITON error setting policy using auditon(2). */ int auditd_set_policy(void) { int policy; char polstr[POL_STR_SIZE]; if (getacpol(polstr, POL_STR_SIZE) != 0 || au_strtopol(polstr, &policy) != 0) { policy = AUDIT_CNT; if (audit_set_policy(&policy) != 0) return (ADE_AUDITON); return (ADE_PARSE); } if (audit_set_policy(&policy) != 0) return (ADE_AUDITON); return (ADE_NOERR); } /* * Set trail rotation size. Return: * ADE_NOERR on success, * ADE_PARSE error parsing audit_control(5), * ADE_AUDITON error setting file size using auditon(2). */ int auditd_set_fsize(void) { size_t filesz; au_fstat_t au_fstat; /* * Set trail rotation size. */ if (getacfilesz(&filesz) != 0) return (ADE_PARSE); bzero(&au_fstat, sizeof(au_fstat)); au_fstat.af_filesz = filesz; if (audit_set_fsize(&au_fstat, sizeof(au_fstat)) != 0) return (ADE_AUDITON); return (ADE_NOERR); } static void inject_dist(const char *fromname, char *toname, size_t tonamesize) { char *ptr; ptr = strrchr(fromname, '/'); assert(ptr != NULL); assert(ptr - fromname < (ssize_t)tonamesize); strlcpy(toname, fromname, ptr - fromname + 1); strlcat(toname, "/dist/", tonamesize); strlcat(toname, ptr + 1, tonamesize); } static int auditdist_link(const char *filename) { char fname[MAXPATHLEN]; if (auditd_dist) { inject_dist(filename, fname, sizeof(fname)); /* Ignore errors. */ (void) link(filename, fname); } return (0); } int auditd_rename(const char *fromname, const char *toname) { char fname[MAXPATHLEN], tname[MAXPATHLEN]; if (auditd_dist) { inject_dist(fromname, fname, sizeof(fname)); inject_dist(toname, tname, sizeof(tname)); /* Ignore errors. */ (void) rename(fname, tname); } return (rename(fromname, toname)); } /* * Create the new audit file with appropriate permissions and ownership. * Call auditctl(2) for this file. * Try to clean up if something goes wrong. * *errorp is modified only on auditctl(2) failure. */ static int open_trail(char *fname, gid_t gid, int *errorp) { int fd; /* XXXPJD: What should we do if the file already exists? */ fd = open(fname, O_RDONLY | O_CREAT, S_IRUSR); if (fd < 0) return (-1); if (fchown(fd, -1, gid) < 0 || fchmod(fd, S_IRUSR | S_IRGRP) < 0) { (void) close(fd); (void) unlink(fname); return (-1); } (void) close(fd); if (auditctl(fname) < 0) { *errorp = errno; (void) unlink(fname); return (-1); } (void) auditdist_link(fname); return (0); } /* * Create the new audit trail file, swap with existing audit file. Arguments * include timestamp for the filename, a pointer to a string for returning the * new file name, GID for trail file, and audit_warn function pointer for * 'getacdir()' errors. Returns: * ADE_NOERR on success, * ADE_STRERR if the file name string could not be created, * ADE_SWAPERR if the audit trail file could not be swapped, * ADE_ACTL if the auditctl(2) call failed but file swap still * successful. * ADE_ACTLERR if the auditctl(2) call failed and file swap failed. * ADE_SYMLINK if symlink(2) failed updating the current link. */ int auditd_swap_trail(char *TS, char **newfile, gid_t gid, int (*warn_getacdir)(char *)) { char timestr[FILENAME_LEN + 1]; char *fn; struct dir_ent *dirent; int saverrno = 0; if (strlen(TS) != TIMESTAMP_LEN || snprintf(timestr, sizeof(timestr), "%s.%s", TS, NOT_TERMINATED) < 0) { errno = EINVAL; return (ADE_STRERR); } /* Try until we succeed. */ TAILQ_FOREACH(dirent, &dir_q, dirs) { if (dirent->hardlim) continue; if ((fn = affixdir(timestr, dirent)) == NULL) return (ADE_STRERR); /* * Create the file and pass to the kernel if all went well. */ if (open_trail(fn, gid, &saverrno) == 0) { /* Success. */ *newfile = fn; if (saverrno) { /* * auditctl() failed but still * successful. Return errno and "soft" * error. */ errno = saverrno; return (ADE_ACTL); } return (ADE_NOERR); } /* * auditctl failed setting log file. Try again. */ /* * Tell the administrator about lack of permissions for dir. */ if (warn_getacdir != NULL) (*warn_getacdir)(dirent->dirname); } if (saverrno) { errno = saverrno; return (ADE_ACTLERR); } else return (ADE_SWAPERR); } /* * Mask calling process from being audited. Returns: * ADE_NOERR on success, * ADE_SETAUDIT if setaudit(2) fails. */ #ifdef __APPLE__ int auditd_prevent_audit(void) { auditinfo_addr_t aia; /* * To prevent event feedback cycles and avoid audit becoming stalled if * auditing is suspended we mask this processes events from being * audited. We allow the uid, tid, and mask fields to be implicitly * set to zero, but do set the audit session ID to the PID. * * XXXRW: Is there more to it than this? */ bzero(&aia, sizeof(aia)); aia.ai_asid = AU_ASSIGN_ASID; aia.ai_termid.at_type = AU_IPv4; if (setaudit_addr(&aia, sizeof(aia)) != 0) return (ADE_SETAUDIT); return (ADE_NOERR); } #else int auditd_prevent_audit(void) { auditinfo_t ai; /* * To prevent event feedback cycles and avoid audit becoming stalled if * auditing is suspended we mask this processes events from being * audited. We allow the uid, tid, and mask fields to be implicitly * set to zero, but do set the audit session ID to the PID. * * XXXRW: Is there more to it than this? */ bzero(&ai, sizeof(ai)); ai.ai_asid = getpid(); if (setaudit(&ai) != 0) return (ADE_SETAUDIT); return (ADE_NOERR); } #endif /* !__APPLE__ */ /* * Generate and submit audit record for audit startup or shutdown. The event * argument can be AUE_audit_recovery, AUE_audit_startup or * AUE_audit_shutdown. The path argument will add a path token, if not NULL. * Returns: * AUE_NOERR on success, * ADE_NOMEM if memory allocation fails, * ADE_AU_OPEN if au_open(3) fails, * ADE_AU_CLOSE if au_close(3) fails. */ int auditd_gen_record(int event, char *path) { int aufd; uid_t uid; pid_t pid; char *autext = NULL; token_t *tok; struct auditinfo_addr aia; if (event == AUE_audit_startup) asprintf(&autext, "%s::Audit startup", getprogname()); else if (event == AUE_audit_shutdown) asprintf(&autext, "%s::Audit shutdown", getprogname()); else if (event == AUE_audit_recovery) asprintf(&autext, "%s::Audit recovery", getprogname()); else return (ADE_INVAL); if (autext == NULL) return (ADE_NOMEM); if ((aufd = au_open()) == -1) { free(autext); return (ADE_AU_OPEN); } bzero(&aia, sizeof(aia)); uid = getuid(); pid = getpid(); if ((tok = au_to_subject32_ex(uid, geteuid(), getegid(), uid, getgid(), pid, pid, &aia.ai_termid)) != NULL) au_write(aufd, tok); if ((tok = au_to_text(autext)) != NULL) au_write(aufd, tok); free(autext); if (path != NULL && (tok = au_to_path(path)) != NULL) au_write(aufd, tok); if ((tok = au_to_return32(0, 0)) != NULL) au_write(aufd, tok); if (au_close(aufd, 1, event) == -1) return (ADE_AU_CLOSE); return (ADE_NOERR); } /* * Check for a 'current' symlink and do crash recovery, if needed. Create a new * 'current' symlink. The argument 'curfile' is the file the 'current' symlink * should point to. Returns: * ADE_NOERR on success, * ADE_AU_OPEN if au_open(3) fails, * ADE_AU_CLOSE if au_close(3) fails. * ADE_RENAME if error renaming audit trail file, * ADE_READLINK if error reading the 'current' link, * ADE_SYMLINK if error creating 'current' link. */ int auditd_new_curlink(char *curfile) { int len, err; char *ptr; char *path = NULL; struct stat sb; char recoveredname[MAXPATHLEN]; char newname[MAXPATHLEN]; /* * Check to see if audit was shutdown properly. If not, clean up, * recover previous audit trail file, and generate audit record. */ len = readlink(AUDIT_CURRENT_LINK, recoveredname, sizeof(recoveredname) - 1); if (len > 0) { /* 'current' exist but is it pointing at a valid file? */ recoveredname[len++] = '\0'; if (stat(recoveredname, &sb) == 0) { /* Yes, rename it to a crash recovery file. */ strlcpy(newname, recoveredname, sizeof(newname)); if ((ptr = strstr(newname, NOT_TERMINATED)) != NULL) { memcpy(ptr, CRASH_RECOVERY, POSTFIX_LEN); if (auditd_rename(recoveredname, newname) != 0) return (ADE_RENAME); } else return (ADE_STRERR); path = newname; } /* 'current' symlink is (now) invalid so remove it. */ (void) unlink(AUDIT_CURRENT_LINK); /* Note the crash recovery in current audit trail */ err = auditd_gen_record(AUE_audit_recovery, path); if (err) return (err); } if (len < 0 && errno != ENOENT) return (ADE_READLINK); if (symlink(curfile, AUDIT_CURRENT_LINK) != 0) return (ADE_SYMLINK); return (0); } /* * Do just what we need to quickly start auditing. Assume no system logging or * notify. Return: * 0 on success, * -1 on failure. */ int audit_quick_start(void) { int err; char *newfile = NULL; time_t tt; char TS[TIMESTAMP_LEN + 1]; int ret = 0; /* * Mask auditing of this process. */ if (auditd_prevent_audit() != 0) return (-1); /* * Read audit_control and get log directories. */ err = auditd_read_dirs(NULL, NULL); if (err != ADE_NOERR && err != ADE_SOFTLIM) return (-1); /* * Setup trail file distribution. */ (void) auditd_set_dist(); /* * Create a new audit trail log. */ if (getTSstr(tt, TS, sizeof(TS)) != 0) return (-1); err = auditd_swap_trail(TS, &newfile, getgid(), NULL); if (err != ADE_NOERR && err != ADE_ACTL) { ret = -1; goto out; } /* * Add the current symlink and recover from crash, if needed. */ if (auditd_new_curlink(newfile) != 0) { ret = -1; goto out; } /* * At this point auditing has started so generate audit start-up record. */ if (auditd_gen_record(AUE_audit_startup, NULL) != 0) { ret = -1; goto out; } /* * Configure the audit controls. */ (void) auditd_set_evcmap(); (void) auditd_set_namask(); (void) auditd_set_policy(); (void) auditd_set_fsize(); (void) auditd_set_minfree(); (void) auditd_set_host(); out: if (newfile != NULL) free(newfile); return (ret); } /* * Shut down auditing quickly. Assumes that is only called on system shutdown. * Returns: * 0 on success, * -1 on failure. */ int audit_quick_stop(void) { int len; int cond; char *ptr; time_t tt; char oldname[MAXPATHLEN]; char newname[MAXPATHLEN]; char TS[TIMESTAMP_LEN + 1]; /* * Auditing already disabled? */ if (audit_get_cond(&cond) != 0) return (-1); if (cond == AUC_NOAUDIT) return (0); /* * Generate audit shutdown record. */ (void) auditd_gen_record(AUE_audit_shutdown, NULL); /* * Shutdown auditing in the kernel. */ cond = AUC_DISABLED; if (audit_set_cond(&cond) != 0) return (-1); #ifdef __BSM_INTERNAL_NOTIFY_KEY notify_post(__BSM_INTERNAL_NOTIFY_KEY); #endif /* * Rename last audit trail and remove 'current' link. */ len = readlink(AUDIT_CURRENT_LINK, oldname, sizeof(oldname) - 1); if (len < 0) return (-1); oldname[len++] = '\0'; if (getTSstr(tt, TS, sizeof(TS)) != 0) return (-1); strlcpy(newname, oldname, sizeof(newname)); if ((ptr = strstr(newname, NOT_TERMINATED)) != NULL) { memcpy(ptr, TS, POSTFIX_LEN); if (auditd_rename(oldname, newname) != 0) return (-1); } else return (-1); (void) unlink(AUDIT_CURRENT_LINK); return (0); } Index: head/contrib/openbsm/libauditd/libauditd.3 =================================================================== --- head/contrib/openbsm/libauditd/libauditd.3 (revision 292431) +++ head/contrib/openbsm/libauditd/libauditd.3 (revision 292432) @@ -1,60 +1,58 @@ .\"- .\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libauditd/libauditd.3#1 $ -.\" .Dd December 27, 2008 .Dt LIBAUDITD 3 .Os .Sh NAME .Nm libauditd .Nd "auditd support library" .Sh LIBRARY .Lb libauditd .Sh DESCRIPTION The .Nm library provides the internal implementation of .Xr auditd 8 . .Sh INTERFACES There are no public interfaces in .Nm . .Sh SEE ALSO -.Xr auditd 8 . +.Xr auditd 8 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by .An Stacey Son . .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/libbsm/Makefile.am =================================================================== --- head/contrib/openbsm/libbsm/Makefile.am (revision 292431) +++ head/contrib/openbsm/libbsm/Makefile.am (revision 292432) @@ -1,49 +1,157 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#10 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif lib_LTLIBRARIES = libbsm.la libbsm_la_SOURCES = \ bsm_audit.c \ bsm_class.c \ bsm_control.c \ bsm_domain.c \ bsm_errno.c \ bsm_event.c \ bsm_fcntl.c \ bsm_flags.c \ bsm_io.c \ bsm_mask.c \ bsm_socket_type.c \ bsm_token.c \ bsm_user.c if HAVE_AUDIT_SYSCALLS libbsm_la_SOURCES += \ bsm_notify.c \ bsm_wrappers.c endif man3_MANS = \ au_class.3 \ au_control.3 \ au_domain.3 \ au_errno.3 \ au_event.3 \ au_fcntl_cmd.3 \ au_free_token.3 \ au_io.3 \ au_mask.3 \ + au_notify.3 \ au_open.3 \ au_socket_type.3 \ au_token.3 \ au_user.3 \ libbsm.3 +install-exec-hook: + cd $(DESTDIR)$(mandir) && \ + $(LN_S) -f au_class.3 getauclassent.3 && \ + $(LN_S) -f au_class.3 getauclassent_r.3 && \ + $(LN_S) -f au_class.3 getauclassnam.3 && \ + $(LN_S) -f au_class.3 getauclassnam_r.3 && \ + $(LN_S) -f au_class.3 setauclass.3 && \ + $(LN_S) -f au_class.3 endauclass.3 && \ + $(LN_S) -f au_control.3 setac.3 && \ + $(LN_S) -f au_control.3 endac.3 && \ + $(LN_S) -f au_control.3 getacdir.3 && \ + $(LN_S) -f au_control.3 getacdist.3 && \ + $(LN_S) -f au_control.3 getacexpire.3 && \ + $(LN_S) -f au_control.3 getacfilesz.3 && \ + $(LN_S) -f au_control.3 getacflg.3 && \ + $(LN_S) -f au_control.3 getachost.3 && \ + $(LN_S) -f au_control.3 getacmin.3 && \ + $(LN_S) -f au_control.3 getacna.3 && \ + $(LN_S) -f au_control.3 getacpol.3 && \ + $(LN_S) -f au_control.3 au_poltostr.3 && \ + $(LN_S) -f au_control.3 ac_strtopol.3 && \ + $(LN_S) -f au_domain.3 au_bsm_to_domain.3 && \ + $(LN_S) -f au_domain.3 au_domain_to_bsm.3 && \ + $(LN_S) -f au_errno.3 au_bsm_to_errno.3 && \ + $(LN_S) -f au_errno.3 au_errno_to_bsm.3 && \ + $(LN_S) -f au_errno.3 au_strerror.3 && \ + $(LN_S) -f au_event.3 setauevent.3 && \ + $(LN_S) -f au_event.3 endauevent.3 && \ + $(LN_S) -f au_event.3 getauevent.3 && \ + $(LN_S) -f au_event.3 getauevent_r.3 && \ + $(LN_S) -f au_event.3 getauevnam.3 && \ + $(LN_S) -f au_event.3 getauevnam_r.3 && \ + $(LN_S) -f au_event.3 getauevnum.3 && \ + $(LN_S) -f au_event.3 getauevnum_r.3 && \ + $(LN_S) -f au_event.3 getauevnonam.3 && \ + $(LN_S) -f au_event.3 getauevnonam_r.3 && \ + $(LN_S) -f au_fcntl.3 au_bsm_to_fcntl_cmd.3 && \ + $(LN_S) -f au_fcntl.3 au_fcntl_cmd_to_bsm.3 && \ + $(LN_S) -f au_io.3 au_fetch_tok.3 && \ + $(LN_S) -f au_io.3 au_print_tok.3 && \ + $(LN_S) -f au_io.3 au_print_flags_tok.3 && \ + $(LN_S) -f au_io.3 au_read_rec.3 && \ + $(LN_S) -f au_mask.3 au_preselect.3 && \ + $(LN_S) -f au_mask.3 getauditflagsbin.3 && \ + $(LN_S) -f au_mask.3 getauditflagschar.3 && \ + $(LN_S) -f au_notify.3 au_get_state.3 && \ + $(LN_S) -f au_notify.3 au_notify_initialize.3 && \ + $(LN_S) -f au_notify.3 au_notify_terminate.3 && \ + $(LN_S) -f au_open.3 au_open.3 && \ + $(LN_S) -f au_open.3 au_write.3 && \ + $(LN_S) -f au_open.3 au_close.3 && \ + $(LN_S) -f au_open.3 au_close_buffer.3 && \ + $(LN_S) -f au_open.3 au_close_token.3 && \ + $(LN_S) -f au_socket_type.3 au_bsm_to_socket_type.3 && \ + $(LN_S) -f au_socket_type.3 au_socket_type_to_bsm.3 && \ + $(LN_S) -f au_token.3 au_to_arg32.3 && \ + $(LN_S) -f au_token.3 au_to_arg64.3 && \ + $(LN_S) -f au_token.3 au_to_arg.3 && \ + $(LN_S) -f au_token.3 au_to_attr64.3 && \ + $(LN_S) -f au_token.3 au_to_data.3 && \ + $(LN_S) -f au_token.3 au_to_exit.3 && \ + $(LN_S) -f au_token.3 au_to_groups.3 && \ + $(LN_S) -f au_token.3 au_to_newgroups.3 && \ + $(LN_S) -f au_token.3 au_to_in_addr.3 && \ + $(LN_S) -f au_token.3 au_to_in_addr_ex.3 && \ + $(LN_S) -f au_token.3 au_to_ip.3 && \ + $(LN_S) -f au_token.3 au_to_ipc.3 && \ + $(LN_S) -f au_token.3 au_to_ipc_perm.3 && \ + $(LN_S) -f au_token.3 au_to_iport.3 && \ + $(LN_S) -f au_token.3 au_to_opaque.3 && \ + $(LN_S) -f au_token.3 au_to_file.3 && \ + $(LN_S) -f au_token.3 au_to_text.3 && \ + $(LN_S) -f au_token.3 au_to_path.3 && \ + $(LN_S) -f au_token.3 au_to_process32.3 && \ + $(LN_S) -f au_token.3 au_to_process64.3 && \ + $(LN_S) -f au_token.3 au_to_process.3 && \ + $(LN_S) -f au_token.3 au_to_process32_ex.3 && \ + $(LN_S) -f au_token.3 au_to_process64_ex.3 && \ + $(LN_S) -f au_token.3 au_to_process_ex.3 && \ + $(LN_S) -f au_token.3 au_to_return32.3 && \ + $(LN_S) -f au_token.3 au_to_return64.3 && \ + $(LN_S) -f au_token.3 au_to_return.3 && \ + $(LN_S) -f au_token.3 au_to_seq.3 && \ + $(LN_S) -f au_token.3 au_to_sock_inet32.3 && \ + $(LN_S) -f au_token.3 au_to_sock_inet128.3 && \ + $(LN_S) -f au_token.3 au_to_sock_inet.3 && \ + $(LN_S) -f au_token.3 au_to_socket_ex.3 && \ + $(LN_S) -f au_token.3 au_to_subject32.3 && \ + $(LN_S) -f au_token.3 au_to_subject64.3 && \ + $(LN_S) -f au_token.3 au_to_subject.3 && \ + $(LN_S) -f au_token.3 au_to_subject32_ex.3 && \ + $(LN_S) -f au_token.3 au_to_subject64_ex.3 && \ + $(LN_S) -f au_token.3 au_to_subject_ex.3 && \ + $(LN_S) -f au_token.3 au_to_me.3 && \ + $(LN_S) -f au_token.3 au_to_exec_args.3 && \ + $(LN_S) -f au_token.3 au_to_exec_env.3 && \ + $(LN_S) -f au_token.3 au_to_header.3 && \ + $(LN_S) -f au_token.3 au_to_header32.3 && \ + $(LN_S) -f au_token.3 au_to_header64.3 && \ + $(LN_S) -f au_token.3 au_to_header_ex.3 && \ + $(LN_S) -f au_token.3 au_to_header32_ex.3 && \ + $(LN_S) -f au_token.3 au_to_trailer.3 && \ + $(LN_S) -f au_token.3 au_to_zonename.3 && \ + $(LN_S) -f au_user.3 setauuser.3 && \ + $(LN_S) -f au_user.3 endauuser.3 && \ + $(LN_S) -f au_user.3 getauuserent.3 && \ + $(LN_S) -f au_user.3 getauuserent_r.3 && \ + $(LN_S) -f au_user.3 getauusernam.3 && \ + $(LN_S) -f au_user.3 getauusernam_r.3 && \ + $(LN_S) -f au_user.3 au_user_mask.3 && \ + $(LN_S) -f au_user.3 getfauditflags.3 Index: head/contrib/openbsm/libbsm/Makefile.in =================================================================== --- head/contrib/openbsm/libbsm/Makefile.in (revision 292431) +++ head/contrib/openbsm/libbsm/Makefile.in (revision 292432) @@ -1,678 +1,792 @@ # Makefile.in generated by automake 1.12.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2012 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_AUDIT_SYSCALLS_TRUE@am__append_1 = \ @HAVE_AUDIT_SYSCALLS_TRUE@ bsm_notify.c \ @HAVE_AUDIT_SYSCALLS_TRUE@ bsm_wrappers.c subdir = libbsm DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(top_srcdir)/config/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" LTLIBRARIES = $(lib_LTLIBRARIES) libbsm_la_LIBADD = am__libbsm_la_SOURCES_DIST = bsm_audit.c bsm_class.c bsm_control.c \ bsm_domain.c bsm_errno.c bsm_event.c bsm_fcntl.c bsm_flags.c \ bsm_io.c bsm_mask.c bsm_socket_type.c bsm_token.c bsm_user.c \ bsm_notify.c bsm_wrappers.c @HAVE_AUDIT_SYSCALLS_TRUE@am__objects_1 = bsm_notify.lo \ @HAVE_AUDIT_SYSCALLS_TRUE@ bsm_wrappers.lo am_libbsm_la_OBJECTS = bsm_audit.lo bsm_class.lo bsm_control.lo \ bsm_domain.lo bsm_errno.lo bsm_event.lo bsm_fcntl.lo \ bsm_flags.lo bsm_io.lo bsm_mask.lo bsm_socket_type.lo \ bsm_token.lo bsm_user.lo $(am__objects_1) libbsm_la_OBJECTS = $(am_libbsm_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/config depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libbsm_la_SOURCES) DIST_SOURCES = $(am__libbsm_la_SOURCES_DIST) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac man3dir = $(mandir)/man3 NROFF = nroff MANS = $(man3_MANS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MIG = @MIG@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys @USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) lib_LTLIBRARIES = libbsm.la libbsm_la_SOURCES = bsm_audit.c bsm_class.c bsm_control.c bsm_domain.c \ bsm_errno.c bsm_event.c bsm_fcntl.c bsm_flags.c bsm_io.c \ bsm_mask.c bsm_socket_type.c bsm_token.c bsm_user.c \ $(am__append_1) man3_MANS = \ au_class.3 \ au_control.3 \ au_domain.3 \ au_errno.3 \ au_event.3 \ au_fcntl_cmd.3 \ au_free_token.3 \ au_io.3 \ au_mask.3 \ + au_notify.3 \ au_open.3 \ au_socket_type.3 \ au_token.3 \ au_user.3 \ libbsm.3 all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign libbsm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign libbsm/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } libbsm.la: $(libbsm_la_OBJECTS) $(libbsm_la_DEPENDENCIES) $(EXTRA_libbsm_la_DEPENDENCIES) $(LINK) -rpath $(libdir) $(libbsm_la_OBJECTS) $(libbsm_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_audit.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_class.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_control.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_domain.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_errno.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_event.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_fcntl.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_flags.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_io.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_mask.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_notify.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_socket_type.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_token.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_user.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsm_wrappers.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man3: $(man3_MANS) @$(NORMAL_INSTALL) @list1='$(man3_MANS)'; \ list2=''; \ test -n "$(man3dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man3dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man3dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.3[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ done; } uninstall-man3: @$(NORMAL_UNINSTALL) @list='$(man3_MANS)'; test -n "$(man3dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man3dir)'; $(am__uninstall_files_from_dir) ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: $(HEADERS) $(SOURCES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the 'missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically 'make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) installdirs: for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-libLTLIBRARIES - + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man3 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-libLTLIBRARIES uninstall-man uninstall-man: uninstall-man3 -.MAKE: install-am install-strip +.MAKE: install-am install-exec-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool cscopelist ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am \ + install-dvi-am install-exec install-exec-am install-exec-hook \ + install-html install-html-am install-info install-info-am \ install-libLTLIBRARIES install-man install-man3 install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-libLTLIBRARIES \ uninstall-man uninstall-man3 + +install-exec-hook: + cd $(DESTDIR)$(mandir) && \ + $(LN_S) -f au_class.3 getauclassent.3 && \ + $(LN_S) -f au_class.3 getauclassent_r.3 && \ + $(LN_S) -f au_class.3 getauclassnam.3 && \ + $(LN_S) -f au_class.3 getauclassnam_r.3 && \ + $(LN_S) -f au_class.3 setauclass.3 && \ + $(LN_S) -f au_class.3 endauclass.3 && \ + $(LN_S) -f au_control.3 setac.3 && \ + $(LN_S) -f au_control.3 endac.3 && \ + $(LN_S) -f au_control.3 getacdir.3 && \ + $(LN_S) -f au_control.3 getacdist.3 && \ + $(LN_S) -f au_control.3 getacexpire.3 && \ + $(LN_S) -f au_control.3 getacfilesz.3 && \ + $(LN_S) -f au_control.3 getacflg.3 && \ + $(LN_S) -f au_control.3 getachost.3 && \ + $(LN_S) -f au_control.3 getacmin.3 && \ + $(LN_S) -f au_control.3 getacna.3 && \ + $(LN_S) -f au_control.3 getacpol.3 && \ + $(LN_S) -f au_control.3 au_poltostr.3 && \ + $(LN_S) -f au_control.3 ac_strtopol.3 && \ + $(LN_S) -f au_domain.3 au_bsm_to_domain.3 && \ + $(LN_S) -f au_domain.3 au_domain_to_bsm.3 && \ + $(LN_S) -f au_errno.3 au_bsm_to_errno.3 && \ + $(LN_S) -f au_errno.3 au_errno_to_bsm.3 && \ + $(LN_S) -f au_errno.3 au_strerror.3 && \ + $(LN_S) -f au_event.3 setauevent.3 && \ + $(LN_S) -f au_event.3 endauevent.3 && \ + $(LN_S) -f au_event.3 getauevent.3 && \ + $(LN_S) -f au_event.3 getauevent_r.3 && \ + $(LN_S) -f au_event.3 getauevnam.3 && \ + $(LN_S) -f au_event.3 getauevnam_r.3 && \ + $(LN_S) -f au_event.3 getauevnum.3 && \ + $(LN_S) -f au_event.3 getauevnum_r.3 && \ + $(LN_S) -f au_event.3 getauevnonam.3 && \ + $(LN_S) -f au_event.3 getauevnonam_r.3 && \ + $(LN_S) -f au_fcntl.3 au_bsm_to_fcntl_cmd.3 && \ + $(LN_S) -f au_fcntl.3 au_fcntl_cmd_to_bsm.3 && \ + $(LN_S) -f au_io.3 au_fetch_tok.3 && \ + $(LN_S) -f au_io.3 au_print_tok.3 && \ + $(LN_S) -f au_io.3 au_print_flags_tok.3 && \ + $(LN_S) -f au_io.3 au_read_rec.3 && \ + $(LN_S) -f au_mask.3 au_preselect.3 && \ + $(LN_S) -f au_mask.3 getauditflagsbin.3 && \ + $(LN_S) -f au_mask.3 getauditflagschar.3 && \ + $(LN_S) -f au_notify.3 au_get_state.3 && \ + $(LN_S) -f au_notify.3 au_notify_initialize.3 && \ + $(LN_S) -f au_notify.3 au_notify_terminate.3 && \ + $(LN_S) -f au_open.3 au_open.3 && \ + $(LN_S) -f au_open.3 au_write.3 && \ + $(LN_S) -f au_open.3 au_close.3 && \ + $(LN_S) -f au_open.3 au_close_buffer.3 && \ + $(LN_S) -f au_open.3 au_close_token.3 && \ + $(LN_S) -f au_socket_type.3 au_bsm_to_socket_type.3 && \ + $(LN_S) -f au_socket_type.3 au_socket_type_to_bsm.3 && \ + $(LN_S) -f au_token.3 au_to_arg32.3 && \ + $(LN_S) -f au_token.3 au_to_arg64.3 && \ + $(LN_S) -f au_token.3 au_to_arg.3 && \ + $(LN_S) -f au_token.3 au_to_attr64.3 && \ + $(LN_S) -f au_token.3 au_to_data.3 && \ + $(LN_S) -f au_token.3 au_to_exit.3 && \ + $(LN_S) -f au_token.3 au_to_groups.3 && \ + $(LN_S) -f au_token.3 au_to_newgroups.3 && \ + $(LN_S) -f au_token.3 au_to_in_addr.3 && \ + $(LN_S) -f au_token.3 au_to_in_addr_ex.3 && \ + $(LN_S) -f au_token.3 au_to_ip.3 && \ + $(LN_S) -f au_token.3 au_to_ipc.3 && \ + $(LN_S) -f au_token.3 au_to_ipc_perm.3 && \ + $(LN_S) -f au_token.3 au_to_iport.3 && \ + $(LN_S) -f au_token.3 au_to_opaque.3 && \ + $(LN_S) -f au_token.3 au_to_file.3 && \ + $(LN_S) -f au_token.3 au_to_text.3 && \ + $(LN_S) -f au_token.3 au_to_path.3 && \ + $(LN_S) -f au_token.3 au_to_process32.3 && \ + $(LN_S) -f au_token.3 au_to_process64.3 && \ + $(LN_S) -f au_token.3 au_to_process.3 && \ + $(LN_S) -f au_token.3 au_to_process32_ex.3 && \ + $(LN_S) -f au_token.3 au_to_process64_ex.3 && \ + $(LN_S) -f au_token.3 au_to_process_ex.3 && \ + $(LN_S) -f au_token.3 au_to_return32.3 && \ + $(LN_S) -f au_token.3 au_to_return64.3 && \ + $(LN_S) -f au_token.3 au_to_return.3 && \ + $(LN_S) -f au_token.3 au_to_seq.3 && \ + $(LN_S) -f au_token.3 au_to_sock_inet32.3 && \ + $(LN_S) -f au_token.3 au_to_sock_inet128.3 && \ + $(LN_S) -f au_token.3 au_to_sock_inet.3 && \ + $(LN_S) -f au_token.3 au_to_socket_ex.3 && \ + $(LN_S) -f au_token.3 au_to_subject32.3 && \ + $(LN_S) -f au_token.3 au_to_subject64.3 && \ + $(LN_S) -f au_token.3 au_to_subject.3 && \ + $(LN_S) -f au_token.3 au_to_subject32_ex.3 && \ + $(LN_S) -f au_token.3 au_to_subject64_ex.3 && \ + $(LN_S) -f au_token.3 au_to_subject_ex.3 && \ + $(LN_S) -f au_token.3 au_to_me.3 && \ + $(LN_S) -f au_token.3 au_to_exec_args.3 && \ + $(LN_S) -f au_token.3 au_to_exec_env.3 && \ + $(LN_S) -f au_token.3 au_to_header.3 && \ + $(LN_S) -f au_token.3 au_to_header32.3 && \ + $(LN_S) -f au_token.3 au_to_header64.3 && \ + $(LN_S) -f au_token.3 au_to_header_ex.3 && \ + $(LN_S) -f au_token.3 au_to_header32_ex.3 && \ + $(LN_S) -f au_token.3 au_to_trailer.3 && \ + $(LN_S) -f au_token.3 au_to_zonename.3 && \ + $(LN_S) -f au_user.3 setauuser.3 && \ + $(LN_S) -f au_user.3 endauuser.3 && \ + $(LN_S) -f au_user.3 getauuserent.3 && \ + $(LN_S) -f au_user.3 getauuserent_r.3 && \ + $(LN_S) -f au_user.3 getauusernam.3 && \ + $(LN_S) -f au_user.3 getauusernam_r.3 && \ + $(LN_S) -f au_user.3 au_user_mask.3 && \ + $(LN_S) -f au_user.3 getfauditflags.3 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: Index: head/contrib/openbsm/libbsm/au_class.3 =================================================================== --- head/contrib/openbsm/libbsm/au_class.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_class.3 (revision 292432) @@ -1,120 +1,118 @@ .\"- .\" Copyright (c) 2005-2006 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_class.3#7 $ -.\" .Dd April 19, 2005 .Dt AU_CLASS 3 .Os .Sh NAME .Nm getauclassent , .Nm getauclassent_r , .Nm getauclassnam , .Nm getauclassnam_r , .Nm setauclass , .Nm endauclass .Nd "look up information from the audit_class database" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft "struct au_class_ent *" .Fn getauclassent void .Ft "struct au_class_ent *" .Fn getauclassent_r "struct au_class_ent *e" .Ft "struct au_class_ent *" .Fn getauclassnam "const char *name" .Ft "struct au_class_ent *" .Fn getauclassnam_r "struct au_class_ent *e" "const char *name" .Ft void .Fn setauclass void .Ft void .Fn endauclass void .Sh DESCRIPTION These interfaces may be used to look up information from the .Xr audit_class 5 database, which describes audit event classes. Audit event classes are described by .Vt "struct au_class_ent" . .Pp The .Fn getauclassent function will return the next class found in the .Xr audit_class 5 database, or the first if the function has not yet been called. .Dv NULL will be returned if no further records are available. .Pp The .Fn getauclassnam function looks up a class by name. .Dv NULL will be returned if no matching class can be found. .Pp The .Fn setauclass function resets the iterator through the .Xr audit_class 5 database, causing the next call to .Fn getauclassent to start again from the beginning of the file. .Pp The .Fn endauclass function closes the .Xr audit_class 5 database, if open. .Sh SEE ALSO .Xr libbsm 3 , .Xr audit_class 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by .An Robert Watson , .An Wayne Salamon , and .An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS These routines cannot currently distinguish between an entry not being found and an error accessing the database. The implementation should be changed to return an error via .Va errno when .Dv NULL is returned. Index: head/contrib/openbsm/libbsm/au_control.3 =================================================================== --- head/contrib/openbsm/libbsm/au_control.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_control.3 (revision 292432) @@ -1,260 +1,258 @@ .\"- .\" Copyright (c) 2005-2006 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#17 $ -.\" .Dd April 19, 2005 .Dt AU_CONTROL 3 .Os .Sh NAME .Nm setac , .Nm endac , .Nm getacdir , .Nm getacdist , .Nm getacexpire , .Nm getacfilesz , .Nm getacflg , .Nm getachost , .Nm getacmin , .Nm getacna , .Nm getacpol , .Nm au_poltostr , .Nm au_strtopol .Nd "look up information from the audit_control database" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft void .Fn setac void .Ft void .Fn endac void .Ft int .Fn getacdir "char *name" "int len" .Ft int .Fn getacdist "void" .Ft int -.Fn getacexpire "int *andflg, time_t *age, size_t *size" +.Fn getacexpire "int *andflg" "time_t *age" "size_t *size" .Ft int .Fn getacfilesz "size_t *size_val" .Ft int .Fn getacflg "char *auditstr" "int len" .Ft int .Fn getachost "char *auditstr" "int len" .Ft int .Fn getacmin "int *min_val" .Ft int .Fn getacna "char *auditstr" "int len" .Ft int .Fn getacpol "char *auditstr" "size_t len" .Ft ssize_t .Fn au_poltostr "int policy" "size_t maxsize" "char *buf" .Ft int .Fn au_strtopol "const char *polstr" "int *policy" .Sh DESCRIPTION These interfaces may be used to look up information from the .Xr audit_control 5 database, which contains various audit-related administrative parameters. .Pp The .Fn setac function resets the database iterator to the beginning of the database; see the .Sx BUGS section for more information. .Pp The .Fn endac function closes the .Xr audit_control 5 database. .Pp The .Fn getacdir function returns the name of the directory where log data is stored via the passed character buffer .Fa name of length .Fa len . .Pp The .Fn getacdist function returns a value that allows to decide if trail files distribution is turned on or off. .Pp The .Fn getacexpire function returns the audit trail file expiration parameters in the passed .Vt int buffer .Fa andflg , .Vt time_t buffer .Fa age and .Vt size_t buffer .Fa size . If the parameter is not specified in the .Xr audit_control 5 file it is set to zero. .Pp The .Fn getacfilesz function returns the audit trail rotation size in the passed .Vt size_t buffer .Fa size_val . .Pp The .Fn getacflg function returns the audit system flags via the the passed character buffer .Fa auditstr of length .Fa len . .Pp The .Fn getachost function returns the local systems's audit host information via the the passed character buffer .Fa auditstr of length .Fa len . .Pp The .Fn getacmin function returns the minimum free disk space for the audit log target file system via the passed .Fa min_val variable. .Pp The .Fn getacna function returns the non-attributable flags via the passed character buffer .Fa auditstr of length .Fa len . .Pp The .Fn getacpol function returns the audit policy flags via the passed character buffer .Fa auditstr of length .Fa len . .Pp The .Fn au_poltostr function converts a numeric audit policy mask, .Fa policy , to a string in the passed character buffer .Fa buf of lenth .Fa maxsize . .Pp The .Fn au_strtopol function converts an audit policy flags string, .Fa polstr , to a numeric audit policy mask returned via .Fa policy . .Sh RETURN VALULES The .Fn getacfilesz , .Fn getacdir , .Fn getacexpire , .Fn getacflg , .Fn getachost , .Fn getacmin , .Fn getacna , .Fn getacpol , and .Fn au_strtopol functions return 0 on success, or a negative value on failure, along with error information in .Va errno . .Pp The .Fn au_poltostr function returns a string length of 0 or more on success, or a negative value on if there is a failure. .Pp The .Fn getacdist function returns 1 if trail files distribution is turned on, 0 if it is turned off or negative value on failure. .Pp Functions that return a string value will return a failure if there is insufficient room in the passed character buffer for the full string. .Sh SEE ALSO .Xr libbsm 3 , .Xr audit_control 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by .An Robert Watson , .An Wayne Salamon , and .An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS These routines cannot currently distinguish between an entry not being found and an error accessing the database. The implementation should be changed to return an error via .Va errno when .Dv NULL is returned. .Pp There is no reason for the .Fn setac interface to be exposed as part of the public API, as it is called implicitly by other access functions and iteration is not supported. .Pp These interfaces inconsistently return various negative values depending on the failure mode, and do not always set .Va errno on failure. Index: head/contrib/openbsm/libbsm/au_domain.3 =================================================================== --- head/contrib/openbsm/libbsm/au_domain.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_domain.3 (revision 292432) @@ -1,88 +1,86 @@ .\"- .\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_domain.3#2 $ -.\" .Dd December 28, 2008 .Dt AU_BSM_TO_DOMAIN 3 .Os .Sh NAME .Nm au_bsm_to_domain , .Nm au_domain_to_bsm .Nd "convert between BSM and local protocol domains" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft int .Fn au_bsm_to_domain "u_short bsm_domain" "int *local_domainp" .Ft u_short .Fn au_domain_to_bsm "int local_domain" .Sh DESCRIPTION These interfaces may be used to convert between the local and BSM protocol domains. The .Fn au_bsm_to_domain function accepts a BSM domain, .Fa bsm_domain , and converts it to a local domain, such as those passed to .Xr socket 2 , that will be stored in the integer pointed to by .Fa local_domainp if successful. This call will fail if the BSM domain cannot be mapped into a local domain, which may occur if the socket token was generated on another operating system. .Pp The .Fn au_domain_to_bsm function accepts a local domain, and returns the BSM domain for it. This call cannot fail, and instead returns a BSM domain indicating to a later decoder that the domain could not be encoded. .Sh RETURN VALULES On success, .Fn au_bsm_to_domain returns 0 and a converted domain; on failure, it returns -1 but does not set .Xr errno 2 . .Sh SEE ALSO .Xr au_bsm_to_socket_type 3 , .Xr au_socket_type_to_bsm 3 , .Xr au_to_socket_ex 3 , .Xr libbsm 3 .Sh HISTORY .Fn au_bsm_to_domain and .Fn au_domain_to_bsm were introduced in OpenBSM 1.1. .Sh AUTHORS These functions were implemented by .An Robert Watson under contract to Apple Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/libbsm/au_errno.3 =================================================================== --- head/contrib/openbsm/libbsm/au_errno.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_errno.3 (revision 292432) @@ -1,112 +1,110 @@ .\"- .\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_errno.3#4 $ -.\" .Dd December 8, 2008 .Dt AU_BSM_TO_ERRNO 3 .Os .Sh NAME .Nm au_bsm_to_errno , .Nm au_errno_to_bsm , .Nm au_strerror .Nd "convert between BSM and local error numbers" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft int .Fn au_bsm_to_errno "u_char bsm_error" "int *errorp" .Ft u_char .Fn au_errno_to_bsm "int error" .Ft const char * .Fn au_strerror "int bsm_error" .Sh DESCRIPTION These interfaces may be used to convert between the local ( .Xr errno 2 ) and BSM error number spaces found in BSM return tokens. .Pp The .Fn au_bsm_to_errno function accepts a BSM error value, -.Fa bsm_error, +.Fa bsm_error , and converts it to an .Xr errno 2 that will be stored in the integer pointed to by .Fa errorp if successful. This call will fail if the BSM error cannot be mapped into a local error number, which may occur if the return token was generated on another operating system. .Pp The .Fn au_errno_to_bsm function accepts a local .Xr errno 2 value, and returns the BSM error number for it. This call cannot fail, and instead returns a BSM error number indicating to a later decoder that the error could not be encoded. .Pp The .Fn au_strerror function converts a BSM error value to a string, generally by converting first to a local error number and using the local .Xr strerror 3 function, but will also work for errors that are not locally defined. .Sh RETURN VALULES On success, .Fn au_bsm_to_errno returns 0 and a converted error value; on failure, it returns -1 but does not set .Xr errno 2 . .Pp On success, .Fn au_strerror returns a pointer to an error string; on failure it will return .Dv NULL . .Sh SEE ALSO .Xr au_to_return 3 , .Xr au_to_return32 3 , .Xr au_to_return64 3 , .Xr libbsm 3 .Sh HISTORY .Fn au_bsm_to_errno and .Fn au_errno_to_bsm were introduced in OpenBSM 1.1. .Sh AUTHORS These functions were implemented by .An Robert Watson under contract to Apple Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS .Nm au_strerror is unable to provide localized strings for errors not available in the local operating system. Index: head/contrib/openbsm/libbsm/au_event.3 =================================================================== --- head/contrib/openbsm/libbsm/au_event.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_event.3 (revision 292432) @@ -1,171 +1,169 @@ .\"- .\" Copyright (c) 2005-2006 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#8 $ -.\" .Dd April 19, 2005 .Dt AU_EVENT 3 .Os .Sh NAME .Nm free_au_event_ent , .Nm setauevent , .Nm endauevent , .Nm getauevent , .Nm getauevent_r , .Nm getauevnam , .Nm getauevnam_r , .Nm getauevnum , .Nm getauevnum_r , .Nm getauevnonam , .Nm getauevnonam_r .Nd "look up information from the audit_event database" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft void .Fn setauevent void .Ft void .Fn endauevent void .Ft "struct au_event_ent *" .Fn getauevent void .Ft "struct au_event_ent *" .Fn getauevent_r "struct au_event_ent *e" .Ft "struct au_event_ent *" .Fn getauevnam "const char *name" .Ft "struct au_event_ent *" .Fn getauevnam_r "struct au_event_ent *e" "const char *name" .Ft "struct au_event_ent *" .Fn getauevnum "au_event_t event_number" .Ft "struct au_event_ent *" .Fn getauevnum_r "struct au_event_ent *e" "au_event_t event_number" .Ft "au_event_t *" .Fn getauevnonam "const char *event_name" .Ft "au_event_t *" .Fn getauevnonam_r "au_event_t *ev" "const char *event_name" .Sh DESCRIPTION These interfaces may be used to look up information from the .Xr audit_event 5 database, which describes audit events. Entries in the database are described by .Vt "struct au_event_ent" entries, which are returned by calls to .Fn getauevent , .Fn getauevnam , or .Fn getauevnum . It is also possible to look up an event number via a call to .Fn getauevnonam . .Pp The .Fn setauevent function resets the database access session for .Xr audit_event 5 , so that the next call to .Fn getauevent will start with the first entry in the database. .Pp The .Fn endauevent function closes the .Xr audit_event 5 database session. .Pp The .Fn getauevent function returns a reference to the next entry in the .Xr audit_event 5 database. .Pp The .Fn getauevnam function returns a reference to the entry in the .Xr audit_event 5 database with a name of .Fa name . .Pp .Fn getauevnum returns a reference to the entry in the .Xr audit_event 5 database with an event number of .Fa event_number . .Pp The .Fn getauevnonam function returns a reference to an audit event number using the .Xr audit_event 5 database. .Sh RETURN VALUES Functions .Fn getauevent , .Fn getauevent_r , .Fn getauevnam , .Fn getauevnam_r , .Fn getauevnum , .Fn getauevnum_r , and .Fn getauevnonam will return a reference to a .Vt "struct au_event_ent" or .Vt au_event_t on success, or .Dv NULL on failure, with .Va errno set to provide further error information. .Sh SEE ALSO .Xr libbsm 3 , .Xr audit_event 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by .An Robert Watson , .An Wayne Salamon , and .An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS The .Va errno variable is not always properly set following a failure. .Pp These routines are thread-safe, but not re-entrant, so simultaneous or interleaved use of these functions will affect the iterator. Index: head/contrib/openbsm/libbsm/au_fcntl_cmd.3 =================================================================== --- head/contrib/openbsm/libbsm/au_fcntl_cmd.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_fcntl_cmd.3 (revision 292432) @@ -1,97 +1,95 @@ .\"- .\" Copyright (c) 2009 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_fcntl_cmd.3#2 $ -.\" .Dd March 5, 2009 .Dt AU_BSM_TO_FCNTL_CMD 3 .Os .Sh NAME .Nm au_bsm_to_fcntl_cmd , .Nm au_fcntl_cmd_to_bsm .Nd "convert between BSM and local fcntl(2) command values" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft int .Fn au_bsm_to_fcntl_cmd "u_short bsm_fcntl_cmd" "int *local_fcntl_cmdp" .Ft u_short .Fn au_fcntl_cmd_to_bsm "int local_fcntl_cmd" .Sh DESCRIPTION These interfaces may be used to convert between the local and BSM .Xr fcntl 2 command values. The .Fn au_bsm_to_fcntl_cmd function accepts a BSM command value, .Fa bsm_fcntl_cmd , and converts it to a local command value passed to .Xr fcntl 2 , that will be stored in the integer pointed to by .Fa local_fcntl_cmdp if successful. This call will fail if the BSM command value cannot be mapped into a local .Xr fcntl 2 command value which may occur if the command token was generated on another operating system. .Pp The .Fn au_fcntl_cmd_to_bsm function accepts a local .Xr fcntl 2 command value, and returns the BSM .Xr fcntl 2 command value for it. This call cannot fail, and instead returns a BSM command value indicating to a later decoder that the command value could not be encoded. .Sh RETURN VALUES On success, .Fn au_bsm_to_fcntl_cmd returns 0 and a converted command value; on failure, it returns -1 but does not set .Xr errno 2 . .Sh SEE ALSO .Xr fcntl 2 , .Xr au_bsm_to_domain 3 , -.Xr au_domain_to_bsm 3 , .Xr au_bsm_to_socket_type 3 , +.Xr au_domain_to_bsm 3 , .Xr au_socket_type_to_bsm 3 , .Xr libbsm 3 .Sh HISTORY .Fn au_bsm_to_domain and .Fn au_domain_to_bsm were introduced in OpenBSM 1.1. .Sh AUTHORS These functions were implemented by .An Stacey Son under contract to Apple Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/libbsm/au_free_token.3 =================================================================== --- head/contrib/openbsm/libbsm/au_free_token.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_free_token.3 (revision 292432) @@ -1,97 +1,95 @@ .\"- .\" Copyright (c) 2004 Apple Inc. .\" Copyright (c) 2005 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRING LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#7 $ -.\" .Dd April 19, 2005 .Dt AU_FREE_TOKEN 3 .Os .Sh NAME .Nm au_free_token .Nd "deallocate a token_t created by any of the au_to_*() BSM API functions" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft void .Fn au_free_token "token_t *tok" .Sh DESCRIPTION The BSM API generally manages deallocation of .Vt token_t objects. However, if .Xr au_write 3 is passed a bad audit descriptor, the .Vt "token_t *" parameter will be left untouched. In that case, the caller can deallocate the .Vt token_t using .Fn au_free_token if desired. .Pp The .Fa tok argument is a .Vt "token_t *" generated by one of the .Fn au_to_* BSM API calls. For convenience, .Fa tok may be .Dv NULL , in which case .Fn au_free_token returns immediately. .Sh IMPLEMENTATION NOTES This is, in fact, what .Xr audit_write 3 does, in keeping with the existing memory management model of the BSM API. .Sh SEE ALSO -.Xr audit_write 3 , .Xr au_write 3 , +.Xr audit_write 3 , .Xr libbsm 3 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by .An Robert Watson , .An Wayne Salamon , and .An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/libbsm/au_io.3 =================================================================== --- head/contrib/openbsm/libbsm/au_io.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_io.3 (revision 292432) @@ -1,175 +1,173 @@ .\"- .\" Copyright (c) 2009 Apple, Inc. .\" Copyright (c) 2005 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#9 $ -.\" .Dd August 4, 2009 .Dt AU_IO 3 .Os .Sh NAME .Nm au_fetch_tok , .Nm au_print_tok , .Nm au_print_flags_tok , .Nm au_read_rec .Nd "perform I/O involving an audit record" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft int .Fn au_fetch_tok "tokenstr_t *tok" "u_char *buf" "int len" .Ft void .Fo au_print_tok .Fa "FILE *outfp" "tokenstr_t *tok" "char *del" "char raw" "char sfrm" .Fc .Ft void .Fo au_print_flags_tok .Fa "FILE *outfp" "tokenstr_t *tok" "char *del" "int oflags" .Fc .Ft int .Fn au_read_rec "FILE *fp" "u_char **buf" .Sh DESCRIPTION These interfaces support input and output (I/O) involving audit records, internalizing an audit record from a byte stream, converting a token to either a raw or default string, and reading a single record from a file. .Pp The .Fn au_fetch_tok function reads a token from the passed buffer .Fa buf of length .Fa len bytes, and returns a pointer to the token via .Fa tok . .Pp The .Fn au_print_tok function prints a string form of the token .Fa tok to the file output stream .Fa outfp , either in default mode, or raw mode if .Fa raw is set non-zero. The delimiter .Fa del is used when printing. The .Fn au_print_flags_tok function is a replacement for .Fn au_print_tok . The .Fa oflags controls how the output should be formatted and is specified by or'ing the following flags: .Pp .Bl -tag -width AU_OFLAG_NORESOLVE -compact -offset indent .It Li AU_OFLAG_NONE Use the default form. .It Li AU_OFLAG_NORESOLVE Leave user and group IDs in their numeric form. .It Li AU_OFLAG_RAW Use the raw, numeric form. .It Li AU_OFLAG_SHORT Use the short form. .It Li AU_OFLAG_XML Use the XML form. .El .Pp The flags options AU_OFLAG_SHORT and AU_OFLAG_RAW are exclusive and should not be used together. .Pp The .Fn au_read_rec function reads an audit record from the file stream .Fa fp , and returns an allocated memory buffer containing the record via .Fa *buf , which must be freed by the caller using .Xr free 3 . .Pp A typical use of these routines might open a file with .Xr fopen 3 , then read records from the file sequentially by calling .Fn au_read_rec . Each record would be broken down into components tokens through sequential calls to .Fn au_fetch_tok on the buffer, and then invoking .Fn au_print_flags_tok to print each token to an output stream such as .Dv stdout . On completion of the processing of each record, a call to .Xr free 3 would be used to free the record buffer. Finally, the source stream would be closed by a call to .Xr fclose 3 . .Sh RETURN VALUES The .Fn au_fetch_tok and .Fn au_read_rec functions return 0 on success, or \-1 on failure along with additional error information returned via .Va errno . .Sh SEE ALSO .Xr free 3 , .Xr libbsm 3 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Pp The .Fn au_print_flags_tok function was added by Stacey Son as a replacement for the .Fn au_print_tok so new output formatting flags can be easily added without changing the API. The .Fn au_print_tok is obsolete but remains in the API to support legacy code. .Sh AUTHORS .An -nosplit This software was created by .An Robert Watson , .An Wayne Salamon , and .An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS The .Va errno variable may not always be properly set in the event of an error. Index: head/contrib/openbsm/libbsm/au_mask.3 =================================================================== --- head/contrib/openbsm/libbsm/au_mask.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_mask.3 (revision 292432) @@ -1,156 +1,154 @@ .\"- .\" Copyright (c) 2005 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#6 $ -.\" .Dd April 19, 2005 .Dt AU_MASK 3 .Os .Sh NAME .Nm au_preselect , .Nm getauditflagsbin , .Nm getauditflagschar .Nd "convert between string and numeric values of audit masks" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft int .Fn au_preselect "au_event_t event" "au_mask_t *mask_p" "int sorf" "int flag" .Ft int .Fn getauditflagsbin "char *auditstr" "au_mask_t *masks" .Ft int .Fn getauditflagschar "char *auditstr" "au_mask_t *masks" "int verbose" .Sh DESCRIPTION These interfaces support processing of an audit mask represented by type .Vt au_mask_t , including conversion between numeric and text formats, and computing whether or not an event is matched by a mask. .Pp The .Fn au_preselect function calculates whether or not the audit event passed via .Fa event is matched by the audit mask passed via .Fa mask_p . The .Fa sorf argument indicates whether or not to consider the event as a success, if the .Dv AU_PRS_SUCCESS flag is set, or failure, if the .Dv AU_PRS_FAILURE flag is set. The .Fa flag argument accepts additional arguments influencing the behavior of .Fn au_preselect , including .Dv AU_PRS_REREAD , which causes the event to be re-looked up rather than read from the cache, or .Dv AU_PRS_USECACHE which forces use of the cache. .Pp The .Fn getauditflagsbin function converts a string representation of an audit mask passed via a character string pointed to by .Fa auditstr , returning the resulting mask, if valid, via .Fa *masks . .Pp The .Fn getauditflagschar function converts the audit event mask passed via .Fa *masks and converts it to a character string in a buffer pointed to by .Fa auditstr . See the .Sx BUGS section for more information on how to provide a buffer of sufficient size. If the .Fa verbose flag is set, the class description string retrieved from .Xr audit_class 5 will be used; otherwise, the two-character class name. .Sh IMPLEMENTATION NOTES The .Fn au_preselect function makes implicit use of various audit database routines, and may influence the behavior of simultaneous or interleaved processing of those databases by other code. .Sh RETURN VALUES The .Fn au_preselect function returns 0 on success, or returns \-1 if there is a failure looking up the event type or other database access, in which case .Va errno will be set to indicate the error. It returns 1 if the event is matched; 0 if not. .Pp .Rv -std getauditflagsbin getauditflagschar .Sh SEE ALSO .Xr libbsm 3 , .Xr audit_class 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by .An Robert Watson , .An Wayne Salamon , and .An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS The .Va errno variable may not always be properly set in the event of an error. .Pp The .Fn getauditflagschar function does not provide a way to indicate how long the character buffer is, in order to detect overflow. As a result, the caller must always provide a buffer of sufficient length for any possible mask, which may be calculated as three times the number of non-zero bits in the mask argument in the event non-verbose class names are used, and is not trivially predictable for verbose class names. This API should be replaced with a more robust one. Index: head/contrib/openbsm/libbsm/au_notify.3 =================================================================== --- head/contrib/openbsm/libbsm/au_notify.3 (nonexistent) +++ head/contrib/openbsm/libbsm/au_notify.3 (revision 292432) @@ -0,0 +1,118 @@ +.\"- +.\" Copyright (c) 2004-2009 Apple Inc. +.\" Copyright (c) 2015 Christian Brueffer +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the author nor the names of +.\" its contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd July 29, 2015 +.Dt AU_NOTIFY 3 +.Os +.Sh NAME +.Nm au_get_state , +.Nm au_notify_initialize , +.Nm au_notify_terminate +.Nd "audit event notification" +.Sh LIBRARY +.Lb libbsm +.Sh SYNOPSIS +.In bsm/libbsm.h +.Ft int +.Fn au_get_state "void" +.Ft uint32_t +.Fn au_notify_initialize "void" +.Ft int +.Fn au_notify_terminate "void" +.Sh DESCRIPTION +The +.Nm au_notify +audit notification API tracks audit state in a form permitting efficient +update, avoiding frequent system calls to check the kernel audit state. +It is implemented only for Darwin/Mac OS X. +.Pp +The +.Fn au_get_state +function provides a lightweight way to check whether or not auditing is +enabled. +If a client wants to use this function to determine whether an entire +series of audit calls should be made -- as in the common case of a caller +building a set of tokens, then writing them -- it should cache the audit +status in a local variable. +This function always returns the current state of auditing. +If audit notification has not already been initialized by calling +.Fn au_notify_initialize +it will be automatically initialized on the first call of +this function. +.Pp +The +.Fn au_notify_initialize +function initializes audit notification. +.Pp +The +.Fn au_notify_terminate +function cancels audit notification and frees the resources associated with it. +Responsible code that no longer needs to use +.Fn au_get_state +should call this function. +.Sh RETURN VALUES +If no error occurred the +.Fn au_get_state +function returns +.Dv AUC_NOAUDIT +if auditing is disabled or suspended, and +.Dv AUC_AUDITING +if auditing is enabled and active. +Otherwise, the function can return any of the errno values defined for +.Xr setaudit 2 , +or +.Dv AU_UNIMPL +if audit does not appear to be supported by the system. +.Pp +The +.Fn au_notify_initialize +function returns 0 on success, +.Dv AU_UNIMPL +if audit does not appear to be supported by the system, +or one of the status codes defined in +.In notify.h +on Mac OS X to indicate the error. +.Pp +The +.Fn au_notify_terminate +function returns 0 on success, or \-1 on failure. +.Sh SEE ALSO +.Xr libbsm 3 , +.Xr notify 3 (Mac OS X) +.Sh HISTORY +The OpenBSM implementation was created by McAfee Research, the security +division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. +It was subsequently adopted by the TrustedBSD Project as the foundation for +the OpenBSM distribution. +.Sh AUTHORS +This software was created by +.An Apple Computer, Inc . +.Pp +The Basic Security Module (BSM) interface to audit records and audit event +stream format were defined by Sun Microsystems. Property changes on: head/contrib/openbsm/libbsm/au_notify.3 ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: head/contrib/openbsm/libbsm/au_open.3 =================================================================== --- head/contrib/openbsm/libbsm/au_open.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_open.3 (revision 292432) @@ -1,158 +1,156 @@ .\"- .\" Copyright (c) 2006 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#8 $ -.\" .Dd March 4, 2006 .Dt AU_OPEN 3 .Os .Sh NAME .Nm au_close , .Nm au_close_buffer , .Nm au_close_token , .Nm au_open , .Nm au_write .Nd "create and commit audit records" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft int .Fn au_open void .Ft int .Fn au_write "int d" "token_t *tok" .Ft int .Fn au_close "int d" "int keep" "short event" .Ft int .Fn au_close_buffer "int d" "short event" "u_char *buffer" "size_t *buflen" .Ft int .Fn au_close_token "token_t *tok" "u_char *buffer" "size_t *buflen" .Sh DESCRIPTION These interfaces allow applications to allocate audit records, construct a record using a series of tokens, and commit the audit record to the system event log. An extension API is also provided to commit the record to an in-memory buffer rather than the system audit log. .Pp The .Fn au_open interface allocates a new audit record descriptor. .Pp The .Fn au_write interface adds a token to an allocated audit descriptor. When a token has been successfully added to a record, the caller no longer owns the token memory, and does not need to free it directly via a call to .Xr au_free_token 3 . .Pp The .Fn au_close function is used to commit an audit record to the system audit log, or abandon the record. In either cases, all resources associated with the record will be released. The .Fa keep argument determines the behavior: a value of .Dv AU_TO_WRITE causes the record to be committed; a value of .Dv AU_TO_NO_WRITE causes it to be abandoned. When the audit record is committed, a BSM header will be inserted before tokens added to the record, using the event identifier passed via .Fa event , and a trailer added to the end. Committing a record to the system audit log requires privilege. .Pp The .Fn au_close_buffer function writes the resulting record to an in-memory buffer of size .Fa *buflen ; it will write back the filled buffer length into the same variable. The argument .Fa event is the event identifier to use in the record header. .Pp The .Fn au_close_token function generates the BSM stream output for a single token, .Fa tok , in the passed buffer .Fa buffer . The initial buffer size and resulting data size are passed via .Fa *buflen . The .Fn au_close_token function will free the token before returning. .Sh RETURN VALUES The function .Fn au_open returns a non-negative audit record descriptor number on success, or a negative value on failure, along with error information in .Va errno . .Pp The functions .Fn au_write , .Fn au_close , .Fn au_close_buffer , and .Fn au_close_token return 0 on success, or a negative value on failure, along with error information in .Va errno . .Sh SEE ALSO .Xr audit_submit 3 , .Xr libbsm 3 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by .An Robert Watson , .An Wayne Salamon , and .An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS Currently, .Fn au_open does not reserve kernel resources necessary to commit the record to the trail; on systems supporting .Fn au_close , the call will block until resources are available to commit the record. However, this leads to the possibility of an action being permitted without the record being guaranteed to go to disk. Ideally, .Fn au_open would reserve resources necessary to commit any submitted record, releasing them on .Fn au_close . Index: head/contrib/openbsm/libbsm/au_socket_type.3 =================================================================== --- head/contrib/openbsm/libbsm/au_socket_type.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_socket_type.3 (revision 292432) @@ -1,93 +1,91 @@ .\"- .\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_socket_type.3#1 $ -.\" .Dd December 28, 2008 .Dt AU_BSM_TO_SOCKET_TYPE 3 .Os .Sh NAME .Nm au_bsm_to_socket_type , .Nm au_socket_type_to_bsm .Nd "convert between BSM and local socket types" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft int .Fn au_bsm_to_socket_type "u_short bsm_socket_type" "int *local_socket_typep" .Ft u_short .Fn au_socket_type_to_bsm "int local_socket_type" .Sh DESCRIPTION These interfaces may be used to convert between the local and BSM socket types. The .Fn au_bsm_to_socket_type function accepts a BSM socket type, .Fa bsm_socket_type , and converts it to a local socket type, such as those passed to .Xr socket 2 , that will be stored in the integer pointed to by .Fa local_socket_typep if successful. This call will fail if the BSM socket type cannot be mapped into a local socket type, which may occur if the socket token was generated on another operating system. .Pp .Fn au_socket_type_to_bsm function accepts a local socket type, and returns the BSM socket type for it. This call cannot fail, and instead returns a BSM socket type indicating to a later decoder that the socket type could not be encoded. .Sh RETURN VALULES On success, .Fn au_bsm_to_socket_type returns 0 and a converted socket type; on failure, it returns -1 but does not set .Xr errno 2 . .Pp On success, .Fn au_strerror returns a pointer to an error string; on failure it will return .Dv NULL . .Sh SEE ALSO .Xr au_bsm_to_domain 3 , .Xr au_domain_to_bsm 3 , .Xr au_to_socket_ex 3 , .Xr libbsm 3 .Sh HISTORY .Fn au_bsm_to_socket_type and .Fn au_socket_type_to_bsm were introduced in OpenBSM 1.1. .Sh AUTHORS These functions were implemented by .An Robert Watson under contract to Apple Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/libbsm/au_token.3 =================================================================== --- head/contrib/openbsm/libbsm/au_token.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_token.3 (revision 292432) @@ -1,254 +1,252 @@ .\"- .\" Copyright (c) 2005-2007 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#17 $ -.\" .Dd April 19, 2005 .Dt AU_TOKEN 3 .Os .Sh NAME .Nm au_to_arg32 , .Nm au_to_arg64 , .Nm au_to_arg , .Nm au_to_attr64 , .Nm au_to_data , .Nm au_to_exit , .Nm au_to_groups , .Nm au_to_newgroups , .Nm au_to_in_addr , .Nm au_to_in_addr_ex , .Nm au_to_ip , .Nm au_to_ipc , .Nm au_to_ipc_perm , .Nm au_to_iport , .Nm au_to_opaque , .Nm au_to_file , .Nm au_to_text , .Nm au_to_path , .Nm au_to_process32 , .Nm au_to_process64 , .Nm au_to_process , .Nm au_to_process32_ex , .Nm au_to_process64_ex , .Nm au_to_process_ex , .Nm au_to_return32 , .Nm au_to_return64 , .Nm au_to_return , .Nm au_to_seq , .Nm au_to_sock_inet32 , .Nm au_to_sock_inet128 , .Nm au_to_sock_inet , .Nm au_to_socket_ex , .Nm au_to_subject32 , .Nm au_to_subject64 , .Nm au_to_subject , .Nm au_to_subject32_ex , .Nm au_to_subject64_ex , .Nm au_to_subject_ex , .Nm au_to_me , .Nm au_to_exec_args , .Nm au_to_exec_env , .Nm au_to_header , .Nm au_to_header32 , .Nm au_to_header64 , .Nm au_to_header_ex , .Nm au_to_header32_ex , .Nm au_to_trailer , .Nm au_to_zonename .Nd "routines for generating BSM audit tokens" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft "token_t *" .Fn au_to_arg32 "char n" "const char *text" "u_int32_t v" .Ft "token_t *" .Fn au_to_arg64 "char n" "const char *text" "u_int64_t v" .Ft "token_t *" .Fn au_to_arg "char n" "const char *text" "u_int32_t v" .Ft "token_t *" .Fn au_to_attr32 "struct vattr *attr" .Ft "token_t *" .Fn au_to_attr64 "struct vattr *attr" .Ft "token_t *" .Fn au_to_attr "struct vattr *attr" .Ft "token_t *" .Fn au_to_data "char unit_print" "char unit_type" "char unit_count" "const char *p" .Ft "token_t *" .Fn au_to_exit "int retval" "int err" .Ft "token_t *" .Fn au_to_groups "int *groups" .Ft "token_t *" .Fn au_to_newgroups "u_int16_t n" "gid_t *groups" .Ft "token_t *" .Fn au_to_in_addr "struct in_addr *internet_addr" .Ft "token_t *" .Fn au_to_in_addr_ex "struct in6_addr *internet_addr" .Ft "token_t *" .Fn au_to_ip "struct ip *ip" .Ft "token_t *" .Fn au_to_ipc "char type" "int id" .Ft "token_t *" .Fn au_to_ipc_perm "struct ipc_perm *perm" .Ft "token_t *" .Fn au_to_iport "u_int16_t iport" .Ft "token_t *" .Fn au_to_opaque "const char *data" "u_int16_t bytes" .Ft "token_t *" .Fn au_to_file "const char *file" "struct timeval tm" .Ft "token_t *" .Fn au_to_text "const char *text" .Ft "token_t *" .Fn au_to_path "const char *text" .Ft "token_t *" .Fo au_to_process32 .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" .Fc .Ft "token_t *" .Fo au_to_process64 .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" .Fc .Ft "token_t *" .Fo au_to_process32_ex .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" .Fc .Ft "token_t *" .Fo au_to_process64_ex .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" .Fc .Ft "token_t *" .Fn au_to_return32 "char status" "u_int32_t ret" .Ft "token_t *" .Fn au_to_return64 "char status" "u_int64_t ret" .Ft "token_t *" .Fn au_to_return "char status" "u_int32_t ret" .Ft "token_t *" .Fn au_to_seq "long audit_count" .Ft "token_t *" .Fn au_to_sock_inet32 "struct sockaddr_in *so" .Ft "token_t *" .Fn au_to_sock_inet128 "struct sockaddr_in6 *so" .Ft "token_t *" .Fn au_to_sock_int "struct sockaddr_in *so" .Ft "token_t *" .Fn au_to_socket_ex "u_short so_domain" "u_short so_type" "struct sockaddr *sa_local" "struct sockaddr *sa_remote" .Ft "token_t *" .Fo au_to_subject32 .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" .Fc .Ft "token_t *" .Fo au_to_subject64 .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" .Fc .Ft "token_t *" .Fo au_to_subject .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" .Fc .Ft "token_t *" .Fo au_to_subject32_ex .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" .Fc .Ft "token_t *" .Fo au_to_subject64_ex .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" .Fc .Ft "token_t *" .Fo au_to_subject_ex .Fa "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" .Fa "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" .Fc .Ft "token_t *" .Fn au_to_me void .Ft "token_t *" .Fn au_to_exec_args "char **argv" .Ft "token_t *" .Fn au_to_exec_env "char **envp" .Ft "token_t *" .Fn au_to_header "int rec_size" "au_event_t e_type" "au_emod_t emod" .Ft "token_t *" .Fn au_to_header32 "int rec_size" "au_event_t e_type" "au_emod_t emod" .Ft "token_t *" .Fn au_to_header64 "int rec_size" "au_event_t e_type" "au_emod_t e_mod" .Ft "token_t *" .Fn au_to_header_ex "int rec_size" "au_event_t e_type" "au_emod_t e_mod" .Ft "token_t *" .Fn au_to_header32_ex "int rec_size" "au_event_t e_type" "au_emod_t e_mod" .Ft "token_t *" .Fn au_to_trailer "int rec_size" .Ft "token_t *" .Fn au_to_zonename "const char *zonename" .Sh DESCRIPTION These interfaces support the allocation of BSM audit tokens, represented by .Vt token_t , for various data types. .Pp .Xr au_errno_to_bsm 3 must be used to convert local .Xr errno 2 errors to BSM error numbers before they are passed to .Fn au_to_return , .Fn au_to_return32 , and .Fn au_to_return64 . .Sh RETURN VALUES On success, a pointer to a .Vt token_t will be returned; the allocated .Vt token_t can be freed via a call to .Xr au_free_token 3 . On failure, .Dv NULL will be returned, and an error condition returned via .Va errno . .Sh SEE ALSO .Xr au_errno_to_bsm 3 , .Xr libbsm 3 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by .An Robert Watson , .An Wayne Salamon , and .An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/libbsm/au_user.3 =================================================================== --- head/contrib/openbsm/libbsm/au_user.3 (revision 292431) +++ head/contrib/openbsm/libbsm/au_user.3 (revision 292432) @@ -1,156 +1,154 @@ .\"- .\" Copyright (c) 2005-2006 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_user.3#10 $ -.\" .Dd April 19, 2005 .Dt AU_USER 3 .Os .Sh NAME .Nm setauuser , .Nm endauuser , .Nm getauuserent , .Nm getauuserent_r , .Nm getauusernam , .Nm getauusernam_r , .Nm au_user_mask , .Nm getfauditflags .Nd "look up information from the audit_user database" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft void .Fn setauuser void .Ft void .Fn endauuser void .Ft "struct au_user_ent *" .Fn getauuserent void .Ft "struct au_user_ent *" .Fn getauuserent_r "struct au_user_ent *u" .Ft "struct au_user_ent *" .Fn getauusernam "const char *name" .Ft "struct au_user_ent *" .Fn getauusernam_r "struct au_user_ent *u" "const char *name" .Ft int .Fn au_user_mask "char *username" "au_mask_t *mask_p" .Ft int .Fo getfauditflags .Fa "au_mask_t *usremask" "au_mask_t *usrdmask" "au_mask_t *lastmask" .Fc .Sh DESCRIPTION These interfaces may be used to look up information from the .Xr audit_user 5 database, which describes per-user audit configuration. Audit user entries are described by a .Vt au_user_ent , which stores the user's name in .Va au_name , events to always audit in .Va au_always , and events never to audit .Va au_never . .Pp The .Fn getauuserent function returns the next user found in the .Xr audit_user 5 database, or the first if the function has not yet been called. .Dv NULL will be returned if no further records are available. .Pp The .Fn getauusernam function looks up a user by name. .Dv NULL will be returned if no matching class can be found. .Pp The .Fn setauuser function resets the iterator through the .Xr audit_user 5 database, causing the next call to .Fn getauuserent to start again from the beginning of the file. .Pp The .Fn endauuser function closes the .Xr audit_user 5 database, if open. .Pp The .Fn au_user_mask function calculates a new session audit mask to be returned via .Fa mask_p for the user identified by .Fa username . If the user audit configuration is not found, the default system audit properties returned by .Xr getacflg 3 are used. The resulting mask may be set via a call to .Xr setaudit 2 or related variants. .Pp The .Fn getfauditflags function generates a new process audit state by combining the audit masks passed as parameters with the system audit masks. .Sh SEE ALSO .Xr setaudit 2 , .Xr getacflg 3 , .Xr libbsm 3 , .Xr audit_user 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by .An Robert Watson , .An Wayne Salamon , and .An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS These routines cannot currently distinguish between an entry not being found and an error accessing the database. The implementation should be changed to return an error via .Va errno when .Dv NULL is returned. Index: head/contrib/openbsm/libbsm/audit_submit.3 =================================================================== --- head/contrib/openbsm/libbsm/audit_submit.3 (revision 292431) +++ head/contrib/openbsm/libbsm/audit_submit.3 (revision 292432) @@ -1,153 +1,151 @@ .\" .\" Copyright (c) 2006 Christian S.J. Peron .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#19 $ -.\" .Dd January 18, 2008 .Dt AUDIT_SUBMIT 3 .Os .Sh NAME .Nm audit_submit .Nd "general purpose audit record submission" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Ft int .Fo audit_submit .Fa "short au_event" "au_id_t auid" "char status" .Fa "int reterr" "const char * restrict format" ... .Fc .Sh DESCRIPTION The .Fn audit_submit function provides a generic programming interface for audit record submission. This audit record will contain a header, subject token, an optional text token, return token, and a trailer. The header will contain the event class specified by .Fa au_event . The subject token will be generated based on .Fa auid . The return token is dependent on the .Fa status and .Fa reterr arguments; unlike the argument to .Xr au_to_return , .Fa reterr should be a local rather than BSM error number. Optionally, a text token will be created as a part of this record. .Pp Text token output is under the control of a .Fa format string that specifies how subsequent arguments (or arguments accessed via the variable-length argument facilities of .Xr stdarg 3 ) are converted for output. If .Fa format is .Dv NULL , then no text token is created in the audit record. .Pp It should be noted that .Fn audit_submit assumes that .Xr setaudit 2 , or .Xr setaudit_addr 2 has already been called. As a direct result, the terminal ID for the subject will be retrieved from the kernel via .Xr getaudit 2 , or .Xr getaudit_addr 2 . .Sh RETURN VALUES If successful, .Nm will return zero. Otherwise a -1 is returned and the global variable .Va errno is set to indicate the error. .Sh EXAMPLES .Bd -literal -offset indent #include #include #include #include #include #include void audit_bad_su(char *from_login, char *to_login) { struct auditinfo_addr aia; struct auditinfo ai; au_id_t aid; int error; error = getaudit_addr(&aia, sizeof(aia)); if (error < 0 && errno == ENOSYS) { error = getaudit(&ai); if (error < 0) err(1, "getaudit"); aid = ai.ai_auid; } else if (error < 0) err(1, "getaudit_addr"); else aid = aia.ai_auid; error = audit_submit(AUE_su, aid, EPERM, 1, "bad su from %s to %s", from_login, to_login); if (error != 0) err(1, "audit_submit"); } .Ed .Pp Will generate the following audit record: .Bd -literal -offset indent header,94,1,su(1),0,Mon Apr 17 23:23:59 2006, + 271 msec subject,root,root,wheel,root,wheel,652,652,0,0.0.0.0 text,bad su from from csjp to root return,failure : Operation not permitted,1 trailer,94 .Ed .Sh SEE ALSO .Xr auditon 2 , .Xr getaudit 2 , .Xr libbsm 3 , .Xr stdarg 3 .Sh HISTORY The .Fn audit_submit function first appeared in OpenBSM version 1.0. OpenBSM 1.0 was introduced in .Fx 7.0 . .Sh AUTHORS The .Fn audit_submit function was written by .An Christian S.J. Peron Aq csjp@FreeBSD.org . Index: head/contrib/openbsm/libbsm/bsm_audit.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_audit.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_audit.c (revision 292432) @@ -1,451 +1,449 @@ /*- * Copyright (c) 2004 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * * This code was developed in part by Robert N. M. Watson, Senior Principal * Scientist, SPARTA, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#37 $ */ #include #include #ifdef HAVE_FULL_QUEUE_H #include #else #include #endif #include #include #include #include #ifdef HAVE_PTHREAD_MUTEX_LOCK #include #endif #include #include /* array of used descriptors */ static au_record_t *open_desc_table[MAX_AUDIT_RECORDS]; /* The current number of active record descriptors */ static int audit_rec_count = 0; /* * Records that can be recycled are maintained in the list given below. The * maximum number of elements that can be present in this list is bounded by * MAX_AUDIT_RECORDS. Memory allocated for these records are never freed. */ static LIST_HEAD(, au_record) audit_free_q; #ifdef HAVE_PTHREAD_MUTEX_LOCK static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; #endif /* * This call frees a token_t and its internal data. */ void au_free_token(token_t *tok) { if (tok != NULL) { if (tok->t_data) free(tok->t_data); free(tok); } } /* * This call reserves memory for the audit record. Memory must be guaranteed * before any auditable event can be generated. The au_record_t structure * maintains a reference to the memory allocated above and also the list of * tokens associated with this record. Descriptors are recyled once the * records are added to the audit trail following au_close(). */ int au_open(void) { au_record_t *rec = NULL; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif if (audit_rec_count == 0) LIST_INIT(&audit_free_q); /* * Find an unused descriptor, remove it from the free list, mark as * used. */ if (!LIST_EMPTY(&audit_free_q)) { rec = LIST_FIRST(&audit_free_q); rec->used = 1; LIST_REMOVE(rec, au_rec_q); } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif if (rec == NULL) { /* * Create a new au_record_t if no descriptors are available. */ rec = malloc (sizeof(au_record_t)); if (rec == NULL) return (-1); rec->data = malloc (MAX_AUDIT_RECORD_SIZE * sizeof(u_char)); if (rec->data == NULL) { free(rec); errno = ENOMEM; return (-1); } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif if (audit_rec_count == MAX_AUDIT_RECORDS) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif free(rec->data); free(rec); /* XXX We need to increase size of MAX_AUDIT_RECORDS */ errno = ENOMEM; return (-1); } rec->desc = audit_rec_count; open_desc_table[audit_rec_count] = rec; audit_rec_count++; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif } memset(rec->data, 0, MAX_AUDIT_RECORD_SIZE); TAILQ_INIT(&rec->token_q); rec->len = 0; rec->used = 1; return (rec->desc); } /* * Store the token with the record descriptor. * * Don't permit writing more to the buffer than would let the trailer be * appended later. */ int au_write(int d, token_t *tok) { au_record_t *rec; if (tok == NULL) { errno = EINVAL; return (-1); /* Invalid Token */ } /* Write the token to the record descriptor */ rec = open_desc_table[d]; if ((rec == NULL) || (rec->used == 0)) { errno = EINVAL; return (-1); /* Invalid descriptor */ } if (rec->len + tok->len + AUDIT_TRAILER_SIZE > MAX_AUDIT_RECORD_SIZE) { errno = ENOMEM; return (-1); } /* Add the token to the tail */ /* * XXX Not locking here -- we should not be writing to * XXX the same descriptor from different threads */ TAILQ_INSERT_TAIL(&rec->token_q, tok, tokens); rec->len += tok->len; /* grow record length by token size bytes */ /* Token should not be available after this call */ tok = NULL; return (0); /* Success */ } /* * Assemble an audit record out of its tokens, including allocating header and * trailer tokens. Does not free the token chain, which must be done by the * caller if desirable. * * XXX: Assumes there is sufficient space for the header and trailer. */ static int au_assemble(au_record_t *rec, short event) { #ifdef HAVE_AUDIT_SYSCALLS struct in6_addr *aptr; struct auditinfo_addr aia; struct timeval tm; size_t hdrsize; #endif /* HAVE_AUDIT_SYSCALLS */ token_t *header, *tok, *trailer; size_t tot_rec_size; u_char *dptr; int error; #ifdef HAVE_AUDIT_SYSCALLS /* * Grab the size of the address family stored in the kernel's audit * state. */ aia.ai_termid.at_type = AU_IPv4; aia.ai_termid.at_addr[0] = INADDR_ANY; if (audit_get_kaudit(&aia, sizeof(aia)) != 0) { if (errno != ENOSYS && errno != EPERM) return (-1); #endif /* HAVE_AUDIT_SYSCALLS */ tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; header = au_to_header(tot_rec_size, event, 0); #ifdef HAVE_AUDIT_SYSCALLS } else { if (gettimeofday(&tm, NULL) < 0) return (-1); switch (aia.ai_termid.at_type) { case AU_IPv4: hdrsize = (aia.ai_termid.at_addr[0] == INADDR_ANY) ? AUDIT_HEADER_SIZE : AUDIT_HEADER_EX_SIZE(&aia); break; case AU_IPv6: aptr = (struct in6_addr *)&aia.ai_termid.at_addr[0]; hdrsize = (IN6_IS_ADDR_UNSPECIFIED(aptr)) ? AUDIT_HEADER_SIZE : AUDIT_HEADER_EX_SIZE(&aia); break; default: return (-1); } tot_rec_size = rec->len + hdrsize + AUDIT_TRAILER_SIZE; /* * A header size greater then AUDIT_HEADER_SIZE means * that we are using an extended header. */ if (hdrsize > AUDIT_HEADER_SIZE) header = au_to_header32_ex_tm(tot_rec_size, event, 0, tm, &aia); else header = au_to_header(tot_rec_size, event, 0); } #endif /* HAVE_AUDIT_SYSCALLS */ if (header == NULL) return (-1); trailer = au_to_trailer(tot_rec_size); if (trailer == NULL) { error = errno; au_free_token(header); errno = error; return (-1); } TAILQ_INSERT_HEAD(&rec->token_q, header, tokens); TAILQ_INSERT_TAIL(&rec->token_q, trailer, tokens); rec->len = tot_rec_size; dptr = rec->data; TAILQ_FOREACH(tok, &rec->token_q, tokens) { memcpy(dptr, tok->t_data, tok->len); dptr += tok->len; } return (0); } /* * Given a record that is no longer of interest, tear it down and convert to a * free record. */ static void au_teardown(au_record_t *rec) { token_t *tok; /* Free the token list */ while ((tok = TAILQ_FIRST(&rec->token_q)) != NULL) { TAILQ_REMOVE(&rec->token_q, tok, tokens); free(tok->t_data); free(tok); } rec->used = 0; rec->len = 0; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif /* Add the record to the freelist tail */ LIST_INSERT_HEAD(&audit_free_q, rec, au_rec_q); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif } #ifdef HAVE_AUDIT_SYSCALLS /* * Add the header token, identify any missing tokens. Write out the tokens to * the record memory and finally, call audit. */ int au_close(int d, int keep, short event) { au_record_t *rec; size_t tot_rec_size; int retval = 0; rec = open_desc_table[d]; if ((rec == NULL) || (rec->used == 0)) { errno = EINVAL; return (-1); /* Invalid descriptor */ } if (keep == AU_TO_NO_WRITE) { retval = 0; goto cleanup; } tot_rec_size = rec->len + MAX_AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; if (tot_rec_size > MAX_AUDIT_RECORD_SIZE) { /* * XXXRW: Since au_write() is supposed to prevent this, spew * an error here. */ fprintf(stderr, "au_close failed"); errno = ENOMEM; retval = -1; goto cleanup; } if (au_assemble(rec, event) < 0) { /* * XXXRW: This is also not supposed to happen, but might if we * are unable to allocate header and trailer memory. */ retval = -1; goto cleanup; } /* Call the kernel interface to audit */ retval = audit(rec->data, rec->len); cleanup: /* CLEANUP */ au_teardown(rec); return (retval); } #endif /* HAVE_AUDIT_SYSCALLS */ /* * au_close(), except onto an in-memory buffer. Buffer size as an argument, * record size returned via same argument on success. */ int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen) { size_t tot_rec_size; au_record_t *rec; int retval; rec = open_desc_table[d]; if ((rec == NULL) || (rec->used == 0)) { errno = EINVAL; return (-1); } retval = 0; tot_rec_size = rec->len + MAX_AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE; if ((tot_rec_size > MAX_AUDIT_RECORD_SIZE) || (tot_rec_size > *buflen)) { /* * XXXRW: See au_close() comment. */ fprintf(stderr, "au_close_buffer failed %zd", tot_rec_size); errno = ENOMEM; retval = -1; goto cleanup; } if (au_assemble(rec, event) < 0) { /* XXXRW: See au_close() comment. */ retval = -1; goto cleanup; } memcpy(buffer, rec->data, rec->len); *buflen = rec->len; cleanup: au_teardown(rec); return (retval); } /* * au_close_token() returns the byte format of a token_t. This won't * generally be used by applications, but is quite useful for writing test * tools. Will free the token on either success or failure. */ int au_close_token(token_t *tok, u_char *buffer, size_t *buflen) { if (tok->len > *buflen) { au_free_token(tok); errno = ENOMEM; return (EINVAL); } memcpy(buffer, tok->t_data, tok->len); *buflen = tok->len; au_free_token(tok); return (0); } Index: head/contrib/openbsm/libbsm/bsm_class.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_class.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_class.c (revision 292432) @@ -1,302 +1,300 @@ /*- * Copyright (c) 2004 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_class.c#16 $ */ #include #include #include #ifdef HAVE_PTHREAD_MUTEX_LOCK #include #endif #include #include #ifndef HAVE_STRLCPY #include #endif /* * Parse the contents of the audit_class file to return struct au_class_ent * entries. */ static FILE *fp = NULL; static char linestr[AU_LINE_MAX]; static const char *classdelim = ":"; #ifdef HAVE_PTHREAD_MUTEX_LOCK static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; #endif /* * Parse a single line from the audit_class file passed in str to the struct * au_class_ent elements; store the result in c. */ static struct au_class_ent * classfromstr(char *str, struct au_class_ent *c) { char *classname, *classdesc, *classflag; char *last; /* Each line contains flag:name:desc. */ classflag = strtok_r(str, classdelim, &last); classname = strtok_r(NULL, classdelim, &last); classdesc = strtok_r(NULL, classdelim, &last); if ((classflag == NULL) || (classname == NULL) || (classdesc == NULL)) return (NULL); /* * Check for very large classnames. */ if (strlen(classname) >= AU_CLASS_NAME_MAX) return (NULL); strlcpy(c->ac_name, classname, AU_CLASS_NAME_MAX); /* * Check for very large class description. */ if (strlen(classdesc) >= AU_CLASS_DESC_MAX) return (NULL); strlcpy(c->ac_desc, classdesc, AU_CLASS_DESC_MAX); c->ac_class = strtoul(classflag, (char **) NULL, 0); return (c); } /* * Return the next au_class_ent structure from the file setauclass should be * called before invoking this function for the first time. * * Must be called with mutex held. */ static struct au_class_ent * getauclassent_r_locked(struct au_class_ent *c) { char *tokptr, *nl; if ((fp == NULL) && ((fp = fopen(AUDIT_CLASS_FILE, "r")) == NULL)) return (NULL); /* * Read until next non-comment line is found, or EOF. */ while (1) { if (fgets(linestr, AU_LINE_MAX, fp) == NULL) return (NULL); /* Skip comments. */ if (linestr[0] == '#') continue; /* Remove trailing new line character. */ if ((nl = strrchr(linestr, '\n')) != NULL) *nl = '\0'; /* Parse tokptr to au_class_ent components. */ tokptr = linestr; if (classfromstr(tokptr, c) == NULL) return (NULL); break; } return (c); } struct au_class_ent * getauclassent_r(struct au_class_ent *c) { struct au_class_ent *cp; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif cp = getauclassent_r_locked(c); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (cp); } struct au_class_ent * getauclassent(void) { static char class_ent_name[AU_CLASS_NAME_MAX]; static char class_ent_desc[AU_CLASS_DESC_MAX]; static struct au_class_ent c, *cp; bzero(&c, sizeof(c)); bzero(class_ent_name, sizeof(class_ent_name)); bzero(class_ent_desc, sizeof(class_ent_desc)); c.ac_name = class_ent_name; c.ac_desc = class_ent_desc; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif cp = getauclassent_r_locked(&c); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (cp); } /* * Rewind to the beginning of the enumeration. * * Must be called with mutex held. */ static void setauclass_locked(void) { if (fp != NULL) fseek(fp, 0, SEEK_SET); } void setauclass(void) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setauclass_locked(); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif } /* * Return the next au_class_entry having the given class name. */ struct au_class_ent * getauclassnam_r(struct au_class_ent *c, const char *name) { struct au_class_ent *cp; if (name == NULL) return (NULL); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setauclass_locked(); while ((cp = getauclassent_r_locked(c)) != NULL) { if (strcmp(name, cp->ac_name) == 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (cp); } } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (NULL); } struct au_class_ent * getauclassnam(const char *name) { static char class_ent_name[AU_CLASS_NAME_MAX]; static char class_ent_desc[AU_CLASS_DESC_MAX]; static struct au_class_ent c; bzero(&c, sizeof(c)); bzero(class_ent_name, sizeof(class_ent_name)); bzero(class_ent_desc, sizeof(class_ent_desc)); c.ac_name = class_ent_name; c.ac_desc = class_ent_desc; return (getauclassnam_r(&c, name)); } /* * Return the next au_class_entry having the given class number. * * OpenBSM extension. */ struct au_class_ent * getauclassnum_r(struct au_class_ent *c, au_class_t class_number) { struct au_class_ent *cp; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setauclass_locked(); while ((cp = getauclassent_r_locked(c)) != NULL) { if (class_number == cp->ac_class) return (cp); } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (NULL); } struct au_class_ent * getauclassnum(au_class_t class_number) { static char class_ent_name[AU_CLASS_NAME_MAX]; static char class_ent_desc[AU_CLASS_DESC_MAX]; static struct au_class_ent c; bzero(&c, sizeof(c)); bzero(class_ent_name, sizeof(class_ent_name)); bzero(class_ent_desc, sizeof(class_ent_desc)); c.ac_name = class_ent_name; c.ac_desc = class_ent_desc; return (getauclassnum_r(&c, class_number)); } /* * audit_class processing is complete; close any open files. */ void endauclass(void) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif if (fp != NULL) { fclose(fp); fp = NULL; } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif } Index: head/contrib/openbsm/libbsm/bsm_control.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_control.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_control.c (revision 292432) @@ -1,710 +1,708 @@ /*- * Copyright (c) 2004, 2009 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#41 $ */ #include #include #include #include #include #include #ifdef HAVE_PTHREAD_MUTEX_LOCK #include #endif #include #include #ifndef HAVE_STRLCAT #include #endif #ifndef HAVE_STRLCPY #include #endif #include /* * Parse the contents of the audit_control file to return the audit control * parameters. These static fields are protected by 'mutex'. */ static FILE *fp = NULL; static char linestr[AU_LINE_MAX]; static char *delim = ":"; static char inacdir = 0; static char ptrmoved = 0; #ifdef HAVE_PTHREAD_MUTEX_LOCK static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; #endif /* * Audit policy string token table for au_poltostr() and au_strtopol(). */ struct audit_polstr { long ap_policy; const char *ap_str; }; static struct audit_polstr au_polstr[] = { { AUDIT_CNT, "cnt" }, { AUDIT_AHLT, "ahlt" }, { AUDIT_ARGV, "argv" }, { AUDIT_ARGE, "arge" }, { AUDIT_SEQ, "seq" }, { AUDIT_WINDATA, "windata" }, { AUDIT_USER, "user" }, { AUDIT_GROUP, "group" }, { AUDIT_TRAIL, "trail" }, { AUDIT_PATH, "path" }, { AUDIT_SCNT, "scnt" }, { AUDIT_PUBLIC, "public" }, { AUDIT_ZONENAME, "zonename" }, { AUDIT_PERZONE, "perzone" }, { -1, NULL } }; /* * Returns the string value corresponding to the given label from the * configuration file. * * Must be called with mutex held. */ static int getstrfromtype_locked(const char *name, char **str) { char *type, *nl; char *tokptr; char *last; *str = NULL; if ((fp == NULL) && ((fp = fopen(AUDIT_CONTROL_FILE, "r")) == NULL)) return (-1); /* Error */ while (1) { if (fgets(linestr, AU_LINE_MAX, fp) == NULL) { if (ferror(fp)) return (-1); return (0); /* EOF */ } if (linestr[0] == '#') continue; /* Remove trailing new line character and white space. */ nl = strchr(linestr, '\0') - 1; while (nl >= linestr && ('\n' == *nl || ' ' == *nl || '\t' == *nl)) { *nl = '\0'; nl--; } tokptr = linestr; if ((type = strtok_r(tokptr, delim, &last)) != NULL) { if (strcmp(name, type) == 0) { /* Found matching name. */ *str = strtok_r(NULL, delim, &last); if (*str == NULL) { errno = EINVAL; return (-1); /* Parse error in file */ } return (0); /* Success */ } } } } /* * Convert a given time value with a multiplier (seconds, hours, days, years) to * seconds. Return 0 on success. */ static int au_timetosec(time_t *seconds, u_long value, char mult) { if (NULL == seconds) return (-1); switch(mult) { case 's': /* seconds */ *seconds = (time_t)value; break; case 'h': /* hours */ *seconds = (time_t)value * 60 * 60; break; case 'd': /* days */ *seconds = (time_t)value * 60 * 60 * 24; break; case 'y': /* years. Add a day for each 4th (leap) year. */ *seconds = (time_t)value * 60 * 60 * 24 * 364 + ((time_t)value / 4) * 60 * 60 * 24; break; default: return (-1); } return (0); } /* * Convert a given disk space value with a multiplier (bytes, kilobytes, * megabytes, gigabytes) to bytes. Return 0 on success. */ static int au_spacetobytes(size_t *bytes, u_long value, char mult) { if (NULL == bytes) return (-1); switch(mult) { case 'B': case ' ': /* Bytes */ *bytes = (size_t)value; break; case 'K': /* Kilobytes */ *bytes = (size_t)value * 1024; break; case 'M': /* Megabytes */ *bytes = (size_t)value * 1024 * 1024; break; case 'G': /* Gigabytes */ *bytes = (size_t)value * 1024 * 1024 * 1024; break; default: return (-1); } return (0); } /* * Convert a policy to a string. Return -1 on failure, or >= 0 representing * the actual size of the string placed in the buffer (excluding terminating * nul). */ ssize_t au_poltostr(int policy, size_t maxsize, char *buf) { int first = 1; int i = 0; if (maxsize < 1) return (-1); buf[0] = '\0'; do { if (policy & au_polstr[i].ap_policy) { if (!first && strlcat(buf, ",", maxsize) >= maxsize) return (-1); if (strlcat(buf, au_polstr[i].ap_str, maxsize) >= maxsize) return (-1); first = 0; } } while (NULL != au_polstr[++i].ap_str); return (strlen(buf)); } /* * Convert a string to a policy. Return -1 on failure (with errno EINVAL, * ENOMEM) or 0 on success. */ int au_strtopol(const char *polstr, int *policy) { char *bufp, *string; char *buffer; int i, matched; *policy = 0; buffer = strdup(polstr); if (buffer == NULL) return (-1); bufp = buffer; while ((string = strsep(&bufp, ",")) != NULL) { matched = i = 0; do { if (strcmp(string, au_polstr[i].ap_str) == 0) { *policy |= au_polstr[i].ap_policy; matched = 1; break; } } while (NULL != au_polstr[++i].ap_str); if (!matched) { free(buffer); errno = EINVAL; return (-1); } } free(buffer); return (0); } /* * Rewind the file pointer to beginning. */ static void setac_locked(void) { static time_t lastctime = 0; struct stat sbuf; ptrmoved = 1; if (fp != NULL) { /* * Check to see if the file on disk has changed. If so, * force a re-read of the file by closing it. */ if (fstat(fileno(fp), &sbuf) < 0) goto closefp; if (lastctime != sbuf.st_ctime) { lastctime = sbuf.st_ctime; closefp: fclose(fp); fp = NULL; return; } fseek(fp, 0, SEEK_SET); } } void setac(void) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setac_locked(); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif } /* * Close the audit_control file. */ void endac(void) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif ptrmoved = 1; if (fp != NULL) { fclose(fp); fp = NULL; } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif } /* * Return audit directory information from the audit control file. */ int getacdir(char *name, int len) { char *dir; int ret = 0; /* * Check if another function was called between successive calls to * getacdir. */ #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif if (inacdir && ptrmoved) { ptrmoved = 0; if (fp != NULL) fseek(fp, 0, SEEK_SET); ret = 2; } if (getstrfromtype_locked(DIR_CONTROL_ENTRY, &dir) < 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-2); } if (dir == NULL) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } if (strlen(dir) >= (size_t)len) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-3); } strlcpy(name, dir, len); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (ret); } /* * Return 1 if dist value is set to 'yes' or 'on'. * Return 0 if dist value is set to something else. * Return negative value on error. */ int getacdist(void) { char *str; int ret; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setac_locked(); if (getstrfromtype_locked(DIST_CONTROL_ENTRY, &str) < 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-2); } if (str == NULL) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (0); } if (strcasecmp(str, "on") == 0 || strcasecmp(str, "yes") == 0) ret = 1; else ret = 0; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (ret); } /* * Return the minimum free diskspace value from the audit control file. */ int getacmin(int *min_val) { char *min; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setac_locked(); if (getstrfromtype_locked(MINFREE_CONTROL_ENTRY, &min) < 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-2); } if (min == NULL) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } *min_val = atoi(min); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (0); } /* * Return the desired trail rotation size from the audit control file. */ int getacfilesz(size_t *filesz_val) { char *str; size_t val; char mult; int nparsed; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setac_locked(); if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &str) < 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-2); } if (str == NULL) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif errno = EINVAL; return (-1); } /* Trim off any leading white space. */ while (*str == ' ' || *str == '\t') str++; nparsed = sscanf(str, "%ju%c", (uintmax_t *)&val, &mult); switch (nparsed) { case 1: /* If no multiplier then assume 'B' (bytes). */ mult = 'B'; /* fall through */ case 2: if (au_spacetobytes(filesz_val, val, mult) == 0) break; /* fall through */ default: errno = EINVAL; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } /* * The file size must either be 0 or >= MIN_AUDIT_FILE_SIZE. 0 * indicates no rotation size. */ if (*filesz_val < 0 || (*filesz_val > 0 && *filesz_val < MIN_AUDIT_FILE_SIZE)) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif filesz_val = 0L; errno = EINVAL; return (-1); } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (0); } static int getaccommon(const char *name, char *auditstr, int len) { char *str; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setac_locked(); if (getstrfromtype_locked(name, &str) < 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-2); } if (str == NULL) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } if (strlen(str) >= (size_t)len) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-3); } strlcpy(auditstr, str, len); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (0); } /* * Return the system audit value from the audit contol file. */ int getacflg(char *auditstr, int len) { return (getaccommon(FLAGS_CONTROL_ENTRY, auditstr, len)); } /* * Return the non attributable flags from the audit contol file. */ int getacna(char *auditstr, int len) { return (getaccommon(NA_CONTROL_ENTRY, auditstr, len)); } /* * Return the policy field from the audit control file. */ int getacpol(char *auditstr, size_t len) { return (getaccommon(POLICY_CONTROL_ENTRY, auditstr, len)); } int getachost(char *auditstr, size_t len) { return (getaccommon(HOST_CONTROL_ENTRY, auditstr, len)); } /* * Set expiration conditions. */ static int setexpirecond(time_t *age, size_t *size, u_long value, char mult) { if (isupper(mult) || ' ' == mult) return (au_spacetobytes(size, value, mult)); else return (au_timetosec(age, value, mult)); } /* * Return the expire-after field from the audit control file. */ int getacexpire(int *andflg, time_t *age, size_t *size) { char *str; int nparsed; u_long val1, val2; char mult1, mult2; char andor[AU_LINE_MAX]; *age = 0L; *size = 0LL; *andflg = 0; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setac_locked(); if (getstrfromtype_locked(EXPIRE_AFTER_CONTROL_ENTRY, &str) < 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-2); } if (str == NULL) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } /* First, trim off any leading white space. */ while (*str == ' ' || *str == '\t') str++; nparsed = sscanf(str, "%lu%c%[ \tadnorADNOR]%lu%c", &val1, &mult1, andor, &val2, &mult2); switch (nparsed) { case 1: /* If no multiplier then assume 'B' (Bytes). */ mult1 = 'B'; /* fall through */ case 2: /* One expiration condition. */ if (setexpirecond(age, size, val1, mult1) != 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } break; case 5: /* Two expiration conditions. */ if (setexpirecond(age, size, val1, mult1) != 0 || setexpirecond(age, size, val2, mult2) != 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } if (strcasestr(andor, "and") != NULL) *andflg = 1; else if (strcasestr(andor, "or") != NULL) *andflg = 0; else { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } break; default: #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (0); } Index: head/contrib/openbsm/libbsm/bsm_domain.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_domain.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_domain.c (revision 292432) @@ -1,492 +1,490 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#3 $ */ #include #include #include #include #include struct bsm_domain { u_short bd_bsm_domain; int bd_local_domain; }; #define PF_NO_LOCAL_MAPPING -600 static const struct bsm_domain bsm_domains[] = { { BSM_PF_UNSPEC, PF_UNSPEC }, { BSM_PF_LOCAL, PF_LOCAL }, { BSM_PF_INET, PF_INET }, { BSM_PF_IMPLINK, #ifdef PF_IMPLINK PF_IMPLINK #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_PUP, #ifdef PF_PUP PF_PUP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_CHAOS, #ifdef PF_CHAOS PF_CHAOS #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NS, #ifdef PF_NS PF_NS #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NBS, #ifdef PF_NBS PF_NBS #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ECMA, #ifdef PF_ECMA PF_ECMA #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_DATAKIT, #ifdef PF_DATAKIT PF_DATAKIT #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_CCITT, #ifdef PF_CCITT PF_CCITT #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_SNA, PF_SNA }, { BSM_PF_DECnet, PF_DECnet }, { BSM_PF_DLI, #ifdef PF_DLI PF_DLI #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_LAT, #ifdef PF_LAT PF_LAT #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_HYLINK, #ifdef PF_HYLINK PF_HYLINK #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_APPLETALK, PF_APPLETALK }, { BSM_PF_NIT, #ifdef PF_NIT PF_NIT #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_802, #ifdef PF_802 PF_802 #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_OSI, #ifdef PF_OSI PF_OSI #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_X25, #ifdef PF_X25 PF_X25 #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_OSINET, #ifdef PF_OSINET PF_OSINET #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_GOSIP, #ifdef PF_GOSIP PF_GOSIP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_IPX, PF_IPX }, { BSM_PF_ROUTE, PF_ROUTE }, { BSM_PF_LINK, #ifdef PF_LINK PF_LINK #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_INET6, PF_INET6 }, { BSM_PF_KEY, PF_KEY }, { BSM_PF_NCA, #ifdef PF_NCA PF_NCA #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_POLICY, #ifdef PF_POLICY PF_POLICY #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_INET_OFFLOAD, #ifdef PF_INET_OFFLOAD PF_INET_OFFLOAD #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NETBIOS, #ifdef PF_NETBIOS PF_NETBIOS #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ISO, #ifdef PF_ISO PF_ISO #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_XTP, #ifdef PF_XTP PF_XTP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_COIP, #ifdef PF_COIP PF_COIP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_CNT, #ifdef PF_CNT PF_CNT #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_RTIP, #ifdef PF_RTIP PF_RTIP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_SIP, #ifdef PF_SIP PF_SIP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_PIP, #ifdef PF_PIP PF_PIP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ISDN, #ifdef PF_ISDN PF_ISDN #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_E164, #ifdef PF_E164 PF_E164 #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NATM, #ifdef PF_NATM PF_NATM #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ATM, #ifdef PF_ATM PF_ATM #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NETGRAPH, #ifdef PF_NETGRAPH PF_NETGRAPH #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_SLOW, #ifdef PF_SLOW PF_SLOW #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_SCLUSTER, #ifdef PF_SCLUSTER PF_SCLUSTER #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ARP, #ifdef PF_ARP PF_ARP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_BLUETOOTH, #ifdef PF_BLUETOOTH PF_BLUETOOTH #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_AX25, #ifdef PF_AX25 PF_AX25 #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ROSE, #ifdef PF_ROSE PF_ROSE #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NETBEUI, #ifdef PF_NETBEUI PF_NETBEUI #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_SECURITY, #ifdef PF_SECURITY PF_SECURITY #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_PACKET, #ifdef PF_PACKET PF_PACKET #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ASH, #ifdef PF_ASH PF_ASH #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ECONET, #ifdef PF_ECONET PF_ECONET #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ATMSVC, #ifdef PF_ATMSVC PF_ATMSVC #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_IRDA, #ifdef PF_IRDA PF_IRDA #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_PPPOX, #ifdef PF_PPPOX PF_PPPOX #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_WANPIPE, #ifdef PF_WANPIPE PF_WANPIPE #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_LLC, #ifdef PF_LLC PF_LLC #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_CAN, #ifdef PF_CAN PF_CAN #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_TIPC, #ifdef PF_TIPC PF_TIPC #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_IUCV, #ifdef PF_IUCV PF_IUCV #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_RXRPC, #ifdef PF_RXRPC PF_RXRPC #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_PHONET, #ifdef PF_PHONET PF_PHONET #else PF_NO_LOCAL_MAPPING #endif }, }; static const int bsm_domains_count = sizeof(bsm_domains) / sizeof(bsm_domains[0]); static const struct bsm_domain * bsm_lookup_local_domain(int local_domain) { int i; for (i = 0; i < bsm_domains_count; i++) { if (bsm_domains[i].bd_local_domain == local_domain) return (&bsm_domains[i]); } return (NULL); } u_short au_domain_to_bsm(int local_domain) { const struct bsm_domain *bstp; bstp = bsm_lookup_local_domain(local_domain); if (bstp == NULL) return (BSM_PF_UNKNOWN); return (bstp->bd_bsm_domain); } static const struct bsm_domain * bsm_lookup_bsm_domain(u_short bsm_domain) { int i; for (i = 0; i < bsm_domains_count; i++) { if (bsm_domains[i].bd_bsm_domain == bsm_domain) return (&bsm_domains[i]); } return (NULL); } int au_bsm_to_domain(u_short bsm_domain, int *local_domainp) { const struct bsm_domain *bstp; bstp = bsm_lookup_bsm_domain(bsm_domain); if (bstp == NULL || bstp->bd_local_domain) return (-1); *local_domainp = bstp->bd_local_domain; return (0); } Index: head/contrib/openbsm/libbsm/bsm_errno.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_errno.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_errno.c (revision 292432) @@ -1,773 +1,771 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#22 $ */ #include #include #include #include #include #include /* * Different operating systems use different numeric constants for different * error numbers, and sometimes error numbers don't exist in more than one * operating system. These routines convert between BSM and local error * number spaces, subject to the above realities. BSM error numbers are * stored in a single 8-bit character, so don't have a byte order. * * Don't include string definitions when this code is compiled into a kernel. */ struct bsm_errno { int be_bsm_errno; int be_local_errno; #if !defined(KERNEL) && !defined(_KERNEL) const char *be_strerror; #endif }; #define ERRNO_NO_LOCAL_MAPPING -600 #if !defined(KERNEL) && !defined(_KERNEL) #define ES(x) x #else #define ES(x) #endif /* * Mapping table -- please maintain in numeric sorted order with respect to * the BSM constant. Today we do a linear lookup, but could switch to a * binary search if it makes sense. We only ifdef errors that aren't * generally available, but it does make the table a lot more ugly. * * XXXRW: It would be nice to have a similar ordered table mapping to BSM * constant from local constant, but the order of local constants varies by * OS. Really we need to build that table at compile-time but don't do that * yet. * * XXXRW: We currently embed English-language error strings here, but should * support catalogues; these are only used if the OS doesn't have an error * string using strerror(3). */ static const struct bsm_errno bsm_errnos[] = { { BSM_ERRNO_ESUCCESS, 0, ES("Success") }, { BSM_ERRNO_EPERM, EPERM, ES("Operation not permitted") }, { BSM_ERRNO_ENOENT, ENOENT, ES("No such file or directory") }, { BSM_ERRNO_ESRCH, ESRCH, ES("No such process") }, { BSM_ERRNO_EINTR, EINTR, ES("Interrupted system call") }, { BSM_ERRNO_EIO, EIO, ES("Input/output error") }, { BSM_ERRNO_ENXIO, ENXIO, ES("Device not configured") }, { BSM_ERRNO_E2BIG, E2BIG, ES("Argument list too long") }, { BSM_ERRNO_ENOEXEC, ENOEXEC, ES("Exec format error") }, { BSM_ERRNO_EBADF, EBADF, ES("Bad file descriptor") }, { BSM_ERRNO_ECHILD, ECHILD, ES("No child processes") }, { BSM_ERRNO_EAGAIN, EAGAIN, ES("Resource temporarily unavailable") }, { BSM_ERRNO_ENOMEM, ENOMEM, ES("Cannot allocate memory") }, { BSM_ERRNO_EACCES, EACCES, ES("Permission denied") }, { BSM_ERRNO_EFAULT, EFAULT, ES("Bad address") }, { BSM_ERRNO_ENOTBLK, ENOTBLK, ES("Block device required") }, { BSM_ERRNO_EBUSY, EBUSY, ES("Device busy") }, { BSM_ERRNO_EEXIST, EEXIST, ES("File exists") }, { BSM_ERRNO_EXDEV, EXDEV, ES("Cross-device link") }, { BSM_ERRNO_ENODEV, ENODEV, ES("Operation not supported by device") }, { BSM_ERRNO_ENOTDIR, ENOTDIR, ES("Not a directory") }, { BSM_ERRNO_EISDIR, EISDIR, ES("Is a directory") }, { BSM_ERRNO_EINVAL, EINVAL, ES("Invalid argument") }, { BSM_ERRNO_ENFILE, ENFILE, ES("Too many open files in system") }, { BSM_ERRNO_EMFILE, EMFILE, ES("Too many open files") }, { BSM_ERRNO_ENOTTY, ENOTTY, ES("Inappropriate ioctl for device") }, { BSM_ERRNO_ETXTBSY, ETXTBSY, ES("Text file busy") }, { BSM_ERRNO_EFBIG, EFBIG, ES("File too large") }, { BSM_ERRNO_ENOSPC, ENOSPC, ES("No space left on device") }, { BSM_ERRNO_ESPIPE, ESPIPE, ES("Illegal seek") }, { BSM_ERRNO_EROFS, EROFS, ES("Read-only file system") }, { BSM_ERRNO_EMLINK, EMLINK, ES("Too many links") }, { BSM_ERRNO_EPIPE, EPIPE, ES("Broken pipe") }, { BSM_ERRNO_EDOM, EDOM, ES("Numerical argument out of domain") }, { BSM_ERRNO_ERANGE, ERANGE, ES("Result too large") }, { BSM_ERRNO_ENOMSG, ENOMSG, ES("No message of desired type") }, { BSM_ERRNO_EIDRM, EIDRM, ES("Identifier removed") }, { BSM_ERRNO_ECHRNG, #ifdef ECHRNG ECHRNG, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Channel number out of range") }, { BSM_ERRNO_EL2NSYNC, #ifdef EL2NSYNC EL2NSYNC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Level 2 not synchronized") }, { BSM_ERRNO_EL3HLT, #ifdef EL3HLT EL3HLT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Level 3 halted") }, { BSM_ERRNO_EL3RST, #ifdef EL3RST EL3RST, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Level 3 reset") }, { BSM_ERRNO_ELNRNG, #ifdef ELNRNG ELNRNG, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Link number out of range") }, { BSM_ERRNO_EUNATCH, #ifdef EUNATCH EUNATCH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Protocol driver not attached") }, { BSM_ERRNO_ENOCSI, #ifdef ENOCSI ENOCSI, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("No CSI structure available") }, { BSM_ERRNO_EL2HLT, #ifdef EL2HLT EL2HLT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Level 2 halted") }, { BSM_ERRNO_EDEADLK, EDEADLK, ES("Resource deadlock avoided") }, { BSM_ERRNO_ENOLCK, ENOLCK, ES("No locks available") }, { BSM_ERRNO_ECANCELED, ECANCELED, ES("Operation canceled") }, { BSM_ERRNO_ENOTSUP, ENOTSUP, ES("Operation not supported") }, { BSM_ERRNO_EDQUOT, EDQUOT, ES("Disc quota exceeded") }, { BSM_ERRNO_EBADE, #ifdef EBADE EBADE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Invalid exchange") }, { BSM_ERRNO_EBADR, #ifdef EBADR EBADR, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Invalid request descriptor") }, { BSM_ERRNO_EXFULL, #ifdef EXFULL EXFULL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Exchange full") }, { BSM_ERRNO_ENOANO, #ifdef ENOANO ENOANO, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("No anode") }, { BSM_ERRNO_EBADRQC, #ifdef EBADRQC EBADRQC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Invalid request descriptor") }, { BSM_ERRNO_EBADSLT, #ifdef EBADSLT EBADSLT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Invalid slot") }, { BSM_ERRNO_EDEADLOCK, #ifdef EDEADLOCK EDEADLOCK, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Resource deadlock avoided") }, { BSM_ERRNO_EBFONT, #ifdef EBFONT EBFONT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad font file format") }, { BSM_ERRNO_EOWNERDEAD, #ifdef EOWNERDEAD EOWNERDEAD, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Process died with the lock") }, { BSM_ERRNO_ENOTRECOVERABLE, #ifdef ENOTRECOVERABLE ENOTRECOVERABLE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Lock is not recoverable") }, { BSM_ERRNO_ENOSTR, #ifdef ENOSTR ENOSTR, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Device not a stream") }, { BSM_ERRNO_ENONET, #ifdef ENONET ENONET, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Machine is not on the network") }, { BSM_ERRNO_ENOPKG, #ifdef ENOPKG ENOPKG, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Package not installed") }, { BSM_ERRNO_EREMOTE, EREMOTE, ES("Too many levels of remote in path") }, { BSM_ERRNO_ENOLINK, #ifdef ENOLINK ENOLINK, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Link has been severed") }, { BSM_ERRNO_EADV, #ifdef EADV EADV, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Advertise error") }, { BSM_ERRNO_ESRMNT, #ifdef ESRMNT ESRMNT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("srmount error") }, { BSM_ERRNO_ECOMM, #ifdef ECOMM ECOMM, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Communication error on send") }, { BSM_ERRNO_EPROTO, #ifdef EPROTO EPROTO, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Protocol error") }, { BSM_ERRNO_ELOCKUNMAPPED, #ifdef ELOCKUNMAPPED ELOCKUNMAPPED, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Locked lock was unmapped") }, { BSM_ERRNO_ENOTACTIVE, #ifdef ENOTACTIVE ENOTACTIVE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Facility is not active") }, { BSM_ERRNO_EMULTIHOP, #ifdef EMULTIHOP EMULTIHOP, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Multihop attempted") }, { BSM_ERRNO_EBADMSG, #ifdef EBADMSG EBADMSG, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad message") }, { BSM_ERRNO_ENAMETOOLONG, ENAMETOOLONG, ES("File name too long") }, { BSM_ERRNO_EOVERFLOW, EOVERFLOW, ES("Value too large to be stored in data type") }, { BSM_ERRNO_ENOTUNIQ, #ifdef ENOTUNIQ ENOTUNIQ, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Given log name not unique") }, { BSM_ERRNO_EBADFD, #ifdef EBADFD EBADFD, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Given f.d. invalid for this operation") }, { BSM_ERRNO_EREMCHG, #ifdef EREMCHG EREMCHG, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Remote address changed") }, { BSM_ERRNO_ELIBACC, #ifdef ELIBACC ELIBACC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Can't access a needed shared lib") }, { BSM_ERRNO_ELIBBAD, #ifdef ELIBBAD ELIBBAD, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Accessing a corrupted shared lib") }, { BSM_ERRNO_ELIBSCN, #ifdef ELIBSCN ELIBSCN, #else ERRNO_NO_LOCAL_MAPPING, #endif ES(".lib section in a.out corrupted") }, { BSM_ERRNO_ELIBMAX, #ifdef ELIBMAX ELIBMAX, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Attempting to link in too many libs") }, { BSM_ERRNO_ELIBEXEC, #ifdef ELIBEXEC ELIBEXEC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Attempting to exec a shared library") }, { BSM_ERRNO_EILSEQ, EILSEQ, ES("Illegal byte sequence") }, { BSM_ERRNO_ENOSYS, ENOSYS, ES("Function not implemented") }, { BSM_ERRNO_ELOOP, ELOOP, ES("Too many levels of symbolic links") }, { BSM_ERRNO_ERESTART, #ifdef ERESTART ERESTART, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Restart syscall") }, { BSM_ERRNO_ESTRPIPE, #ifdef ESTRPIPE ESTRPIPE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("If pipe/FIFO, don't sleep in stream head") }, { BSM_ERRNO_ENOTEMPTY, ENOTEMPTY, ES("Directory not empty") }, { BSM_ERRNO_EUSERS, EUSERS, ES("Too many users") }, { BSM_ERRNO_ENOTSOCK, ENOTSOCK, ES("Socket operation on non-socket") }, { BSM_ERRNO_EDESTADDRREQ, EDESTADDRREQ, ES("Destination address required") }, { BSM_ERRNO_EMSGSIZE, EMSGSIZE, ES("Message too long") }, { BSM_ERRNO_EPROTOTYPE, EPROTOTYPE, ES("Protocol wrong type for socket") }, { BSM_ERRNO_ENOPROTOOPT, ENOPROTOOPT, ES("Protocol not available") }, { BSM_ERRNO_EPROTONOSUPPORT, EPROTONOSUPPORT, ES("Protocol not supported") }, { BSM_ERRNO_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT, ES("Socket type not supported") }, { BSM_ERRNO_EOPNOTSUPP, EOPNOTSUPP, ES("Operation not supported") }, { BSM_ERRNO_EPFNOSUPPORT, EPFNOSUPPORT, ES("Protocol family not supported") }, { BSM_ERRNO_EAFNOSUPPORT, EAFNOSUPPORT, ES("Address family not supported by protocol family") }, { BSM_ERRNO_EADDRINUSE, EADDRINUSE, ES("Address already in use") }, { BSM_ERRNO_EADDRNOTAVAIL, EADDRNOTAVAIL, ES("Can't assign requested address") }, { BSM_ERRNO_ENETDOWN, ENETDOWN, ES("Network is down") }, { BSM_ERRNO_ENETRESET, ENETRESET, ES("Network dropped connection on reset") }, { BSM_ERRNO_ECONNABORTED, ECONNABORTED, ES("Software caused connection abort") }, { BSM_ERRNO_ECONNRESET, ECONNRESET, ES("Connection reset by peer") }, { BSM_ERRNO_ENOBUFS, ENOBUFS, ES("No buffer space available") }, { BSM_ERRNO_EISCONN, EISCONN, ES("Socket is already connected") }, { BSM_ERRNO_ENOTCONN, ENOTCONN, ES("Socket is not connected") }, { BSM_ERRNO_ESHUTDOWN, ESHUTDOWN, ES("Can't send after socket shutdown") }, { BSM_ERRNO_ETOOMANYREFS, ETOOMANYREFS, ES("Too many references: can't splice") }, { BSM_ERRNO_ETIMEDOUT, ETIMEDOUT, ES("Operation timed out") }, { BSM_ERRNO_ECONNREFUSED, ECONNREFUSED, ES("Connection refused") }, { BSM_ERRNO_EHOSTDOWN, EHOSTDOWN, ES("Host is down") }, { BSM_ERRNO_EHOSTUNREACH, EHOSTUNREACH, ES("No route to host") }, { BSM_ERRNO_EALREADY, EALREADY, ES("Operation already in progress") }, { BSM_ERRNO_EINPROGRESS, EINPROGRESS, ES("Operation now in progress") }, { BSM_ERRNO_ESTALE, ESTALE, ES("Stale NFS file handle") }, { BSM_ERRNO_EPROCLIM, #ifdef EPROCLIM EPROCLIM, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Too many processes") }, { BSM_ERRNO_EBADRPC, #ifdef EBADRPC EBADRPC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("RPC struct is bad") }, { BSM_ERRNO_ERPCMISMATCH, #ifdef ERPCMISMATCH ERPCMISMATCH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("RPC version wrong") }, { BSM_ERRNO_EPROGUNAVAIL, #ifdef EPROGUNAVAIL EPROGUNAVAIL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("RPC prog. not avail") }, { BSM_ERRNO_EPROGMISMATCH, #ifdef EPROGMISMATCH EPROGMISMATCH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("RPC version wrong") }, { BSM_ERRNO_EPROCUNAVAIL, #ifdef EPROCUNAVAIL EPROCUNAVAIL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad procedure for program") }, { BSM_ERRNO_EFTYPE, #ifdef EFTYPE EFTYPE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Inappropriate file type or format") }, { BSM_ERRNO_EAUTH, #ifdef EAUTH EAUTH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Authenticateion error") }, { BSM_ERRNO_ENEEDAUTH, #ifdef ENEEDAUTH ENEEDAUTH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Need authenticator") }, { BSM_ERRNO_ENOATTR, #ifdef ENOATTR ENOATTR, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Attribute not found") }, { BSM_ERRNO_EDOOFUS, #ifdef EDOOFUS EDOOFUS, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Programming error") }, { BSM_ERRNO_EJUSTRETURN, #ifdef EJUSTRETURN EJUSTRETURN, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Just return") }, { BSM_ERRNO_ENOIOCTL, #ifdef ENOIOCTL ENOIOCTL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("ioctl not handled by this layer") }, { BSM_ERRNO_EDIRIOCTL, #ifdef EDIRIOCTL EDIRIOCTL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("do direct ioctl in GEOM") }, { BSM_ERRNO_EPWROFF, #ifdef EPWROFF EPWROFF, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Device power is off") }, { BSM_ERRNO_EDEVERR, #ifdef EDEVERR EDEVERR, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Device error") }, { BSM_ERRNO_EBADEXEC, #ifdef EBADEXEC EBADEXEC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad executable") }, { BSM_ERRNO_EBADARCH, #ifdef EBADARCH EBADARCH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad CPU type in executable") }, { BSM_ERRNO_ESHLIBVERS, #ifdef ESHLIBVERS ESHLIBVERS, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Shared library version mismatch") }, { BSM_ERRNO_EBADMACHO, #ifdef EBADMACHO EBADMACHO, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Malformed Macho file") }, { BSM_ERRNO_EPOLICY, #ifdef EPOLICY EPOLICY, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Operation failed by policy") }, { BSM_ERRNO_EDOTDOT, #ifdef EDOTDOT EDOTDOT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("RFS specific error") }, { BSM_ERRNO_EUCLEAN, #ifdef EUCLEAN EUCLEAN, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Structure needs cleaning") }, { BSM_ERRNO_ENOTNAM, #ifdef ENOTNAM ENOTNAM, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Not a XENIX named type file") }, { BSM_ERRNO_ENAVAIL, #ifdef ENAVAIL ENAVAIL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("No XENIX semaphores available") }, { BSM_ERRNO_EISNAM, #ifdef EISNAM EISNAM, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Is a named type file") }, { BSM_ERRNO_EREMOTEIO, #ifdef EREMOTEIO EREMOTEIO, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Remote I/O error") }, { BSM_ERRNO_ENOMEDIUM, #ifdef ENOMEDIUM ENOMEDIUM, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("No medium found") }, { BSM_ERRNO_EMEDIUMTYPE, #ifdef EMEDIUMTYPE EMEDIUMTYPE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Wrong medium type") }, { BSM_ERRNO_ENOKEY, #ifdef ENOKEY ENOKEY, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Required key not available") }, { BSM_ERRNO_EKEYEXPIRED, #ifdef EKEYEXPIRED EKEYEXPIRED, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Key has expired") }, { BSM_ERRNO_EKEYREVOKED, #ifdef EKEYREVOKED EKEYREVOKED, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Key has been revoked") }, { BSM_ERRNO_EKEYREJECTED, #ifdef EKEYREJECTED EKEYREJECTED, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Key was rejected by service") }, { BSM_ERRNO_ENOTCAPABLE, #ifdef ENOTCAPABLE ENOTCAPABLE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Capabilities insufficient") }, { BSM_ERRNO_ECAPMODE, #ifdef ECAPMODE ECAPMODE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Not permitted in capability mode") }, }; static const int bsm_errnos_count = sizeof(bsm_errnos) / sizeof(bsm_errnos[0]); static const struct bsm_errno * bsm_lookup_errno_local(int local_errno) { int i; for (i = 0; i < bsm_errnos_count; i++) { if (bsm_errnos[i].be_local_errno == local_errno) return (&bsm_errnos[i]); } return (NULL); } /* * Conversion to the BSM errno space isn't allowed to fail; we simply map to * BSM_ERRNO_UNKNOWN and let the remote endpoint deal with it. */ u_char au_errno_to_bsm(int local_errno) { const struct bsm_errno *bsme; bsme = bsm_lookup_errno_local(local_errno); if (bsme == NULL) return (BSM_ERRNO_UNKNOWN); return (bsme->be_bsm_errno); } static const struct bsm_errno * bsm_lookup_errno_bsm(u_char bsm_errno) { int i; for (i = 0; i < bsm_errnos_count; i++) { if (bsm_errnos[i].be_bsm_errno == bsm_errno) return (&bsm_errnos[i]); } return (NULL); } /* * Converstion from a BSM error to a local error number may fail if either * OpenBSM doesn't recognize the error on the wire, or because there is no * appropriate local mapping. */ int au_bsm_to_errno(u_char bsm_errno, int *errorp) { const struct bsm_errno *bsme; bsme = bsm_lookup_errno_bsm(bsm_errno); if (bsme == NULL || bsme->be_local_errno == ERRNO_NO_LOCAL_MAPPING) return (-1); *errorp = bsme->be_local_errno; return (0); } #if !defined(KERNEL) && !defined(_KERNEL) const char * au_strerror(u_char bsm_errno) { const struct bsm_errno *bsme; bsme = bsm_lookup_errno_bsm(bsm_errno); if (bsme == NULL) return ("Unrecognized BSM error"); if (bsme->be_local_errno != ERRNO_NO_LOCAL_MAPPING) return (strerror(bsme->be_local_errno)); return (bsme->be_strerror); } #endif Index: head/contrib/openbsm/libbsm/bsm_event.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_event.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_event.c (revision 292432) @@ -1,363 +1,361 @@ /*- * Copyright (c) 2004 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_event.c#17 $ */ #include #include #include #ifdef HAVE_PTHREAD_MUTEX_LOCK #include #endif #include #include #ifndef HAVE_STRLCPY #include #endif /* * Parse the contents of the audit_event file to return * au_event_ent entries */ static FILE *fp = NULL; static char linestr[AU_LINE_MAX]; static const char *eventdelim = ":"; #ifdef HAVE_PTHREAD_MUTEX_LOCK static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; #endif /* * Parse one line from the audit_event file into the au_event_ent structure. */ static struct au_event_ent * eventfromstr(char *str, struct au_event_ent *e) { char *evno, *evname, *evdesc, *evclass; struct au_mask evmask; char *last; evno = strtok_r(str, eventdelim, &last); evname = strtok_r(NULL, eventdelim, &last); evdesc = strtok_r(NULL, eventdelim, &last); evclass = strtok_r(NULL, eventdelim, &last); if ((evno == NULL) || (evname == NULL)) return (NULL); if (strlen(evname) >= AU_EVENT_NAME_MAX) return (NULL); strlcpy(e->ae_name, evname, AU_EVENT_NAME_MAX); if (evdesc != NULL) { if (strlen(evdesc) >= AU_EVENT_DESC_MAX) return (NULL); strlcpy(e->ae_desc, evdesc, AU_EVENT_DESC_MAX); } else strlcpy(e->ae_desc, "", AU_EVENT_DESC_MAX); e->ae_number = atoi(evno); /* * Find out the mask that corresponds to the given list of classes. */ if (evclass != NULL) { if (getauditflagsbin(evclass, &evmask) != 0) e->ae_class = 0; else e->ae_class = evmask.am_success; } else e->ae_class = 0; return (e); } /* * Rewind the audit_event file. */ static void setauevent_locked(void) { if (fp != NULL) fseek(fp, 0, SEEK_SET); } void setauevent(void) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setauevent_locked(); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif } /* * Close the open file pointers. */ void endauevent(void) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif if (fp != NULL) { fclose(fp); fp = NULL; } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif } /* * Enumerate the au_event_ent entries. */ static struct au_event_ent * getauevent_r_locked(struct au_event_ent *e) { char *nl; if ((fp == NULL) && ((fp = fopen(AUDIT_EVENT_FILE, "r")) == NULL)) return (NULL); while (1) { if (fgets(linestr, AU_LINE_MAX, fp) == NULL) return (NULL); /* Remove new lines. */ if ((nl = strrchr(linestr, '\n')) != NULL) *nl = '\0'; /* Skip comments. */ if (linestr[0] == '#') continue; /* Get the next event structure. */ if (eventfromstr(linestr, e) == NULL) return (NULL); break; } return (e); } struct au_event_ent * getauevent_r(struct au_event_ent *e) { struct au_event_ent *ep; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif ep = getauevent_r_locked(e); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (ep); } struct au_event_ent * getauevent(void) { static char event_ent_name[AU_EVENT_NAME_MAX]; static char event_ent_desc[AU_EVENT_DESC_MAX]; static struct au_event_ent e; bzero(&e, sizeof(e)); bzero(event_ent_name, sizeof(event_ent_name)); bzero(event_ent_desc, sizeof(event_ent_desc)); e.ae_name = event_ent_name; e.ae_desc = event_ent_desc; return (getauevent_r(&e)); } /* * Search for an audit event structure having the given event name. * * XXXRW: Why accept NULL name? */ static struct au_event_ent * getauevnam_r_locked(struct au_event_ent *e, const char *name) { char *nl; if (name == NULL) return (NULL); /* Rewind to beginning of the file. */ setauevent_locked(); if ((fp == NULL) && ((fp = fopen(AUDIT_EVENT_FILE, "r")) == NULL)) return (NULL); while (fgets(linestr, AU_LINE_MAX, fp) != NULL) { /* Remove new lines. */ if ((nl = strrchr(linestr, '\n')) != NULL) *nl = '\0'; if (eventfromstr(linestr, e) != NULL) { if (strcmp(name, e->ae_name) == 0) return (e); } } return (NULL); } struct au_event_ent * getauevnam_r(struct au_event_ent *e, const char *name) { struct au_event_ent *ep; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif ep = getauevnam_r_locked(e, name); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (ep); } struct au_event_ent * getauevnam(const char *name) { static char event_ent_name[AU_EVENT_NAME_MAX]; static char event_ent_desc[AU_EVENT_DESC_MAX]; static struct au_event_ent e; bzero(&e, sizeof(e)); bzero(event_ent_name, sizeof(event_ent_name)); bzero(event_ent_desc, sizeof(event_ent_desc)); e.ae_name = event_ent_name; e.ae_desc = event_ent_desc; return (getauevnam_r(&e, name)); } /* * Search for an audit event structure having the given event number. */ static struct au_event_ent * getauevnum_r_locked(struct au_event_ent *e, au_event_t event_number) { char *nl; /* Rewind to beginning of the file. */ setauevent_locked(); if ((fp == NULL) && ((fp = fopen(AUDIT_EVENT_FILE, "r")) == NULL)) return (NULL); while (fgets(linestr, AU_LINE_MAX, fp) != NULL) { /* Remove new lines. */ if ((nl = strrchr(linestr, '\n')) != NULL) *nl = '\0'; if (eventfromstr(linestr, e) != NULL) { if (event_number == e->ae_number) return (e); } } return (NULL); } struct au_event_ent * getauevnum_r(struct au_event_ent *e, au_event_t event_number) { struct au_event_ent *ep; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif ep = getauevnum_r_locked(e, event_number); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (ep); } struct au_event_ent * getauevnum(au_event_t event_number) { static char event_ent_name[AU_EVENT_NAME_MAX]; static char event_ent_desc[AU_EVENT_DESC_MAX]; static struct au_event_ent e; bzero(&e, sizeof(e)); bzero(event_ent_name, sizeof(event_ent_name)); bzero(event_ent_desc, sizeof(event_ent_desc)); e.ae_name = event_ent_name; e.ae_desc = event_ent_desc; return (getauevnum_r(&e, event_number)); } /* * Search for an audit_event entry with a given event_name and returns the * corresponding event number. */ au_event_t * getauevnonam_r(au_event_t *ev, const char *event_name) { static char event_ent_name[AU_EVENT_NAME_MAX]; static char event_ent_desc[AU_EVENT_DESC_MAX]; static struct au_event_ent e, *ep; bzero(event_ent_name, sizeof(event_ent_name)); bzero(event_ent_desc, sizeof(event_ent_desc)); bzero(&e, sizeof(e)); e.ae_name = event_ent_name; e.ae_desc = event_ent_desc; ep = getauevnam_r(&e, event_name); if (ep == NULL) return (NULL); *ev = e.ae_number; return (ev); } au_event_t * getauevnonam(const char *event_name) { static au_event_t event; return (getauevnonam_r(&event, event_name)); } Index: head/contrib/openbsm/libbsm/bsm_fcntl.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_fcntl.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_fcntl.c (revision 292432) @@ -1,289 +1,287 @@ /*- * Copyright (c) 2008-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_fcntl.c#2 $ */ #include #include #include #include #include struct bsm_fcntl_cmd { u_short bfc_bsm_fcntl_cmd; int bfc_local_fcntl_cmd; }; typedef struct bsm_fcntl_cmd bsm_fcntl_cmd_t; static const bsm_fcntl_cmd_t bsm_fcntl_cmdtab[] = { { BSM_F_DUPFD, F_DUPFD }, { BSM_F_GETFD, F_GETFD }, { BSM_F_SETFD, F_SETFD }, { BSM_F_GETFL, F_GETFL }, { BSM_F_SETFL, F_SETFL }, #ifdef F_O_GETLK { BSM_F_O_GETLK, F_O_GETLK }, #endif { BSM_F_SETLK, F_SETLK }, { BSM_F_SETLKW, F_SETLK }, #ifdef F_CHFL { BSM_F_CHKFL, F_CHKFL }, #endif #ifdef F_DUP2FD { BSM_F_DUP2FD, F_DUP2FD }, #endif #ifdef F_ALLOCSP { BSM_F_ALLOCSP, F_ALLOCSP }, #endif #ifdef F_FREESP { BSM_F_FREESP, F_FREESP }, #endif #ifdef F_ISSTREAM { BSM_F_ISSTREAM, F_ISSTREAM}, #endif { BSM_F_GETLK, F_GETLK }, #ifdef F_PRIV { BSM_F_PRIV, F_PRIV }, #endif #ifdef F_NPRIV { BSM_F_NPRIV, F_NPRIV }, #endif #ifdef F_QUOTACTL { BSM_F_QUOTACTL, F_QUOTACTL }, #endif #ifdef F_BLOCKS { BSM_F_BLOCKS, F_BLOCKS }, #endif #ifdef F_BLKSIZE { BSM_F_BLKSIZE, F_BLKSIZE }, #endif { BSM_F_GETOWN, F_GETOWN }, { BSM_F_SETOWN, F_SETOWN }, #ifdef F_REVOKE { BSM_F_REVOKE, F_REVOKE }, #endif #ifdef F_HASREMOTEBLOCKS { BSM_F_HASREMOTEBLOCKS, F_HASREMOTEBLOCKS }, #endif #ifdef F_FREESP { BSM_F_FREESP, F_FREESP }, #endif #ifdef F_ALLOCSP { BSM_F_ALLOCSP, F_ALLOCSP }, #endif #ifdef F_FREESP64 { BSM_F_FREESP64, F_FREESP64 }, #endif #ifdef F_ALLOCSP64 { BSM_F_ALLOCSP64, F_ALLOCSP64 }, #endif #ifdef F_GETLK64 { BSM_F_GETLK64, F_GETLK64 }, #endif #ifdef F_SETLK64 { BSM_F_SETLK64, F_SETLK64 }, #endif #ifdef F_SETLKW64 { BSM_F_SETLKW64, F_SETLKW64 }, #endif #ifdef F_SHARE { BSM_F_SHARE, F_SHARE }, #endif #ifdef F_UNSHARE { BSM_F_UNSHARE, F_UNSHARE }, #endif #ifdef F_SETLK_NBMAND { BSM_F_SETLK_NBMAND, F_SETLK_NBMAND }, #endif #ifdef F_SHARE_NBMAND { BSM_F_SHARE_NBMAND, F_SHARE_NBMAND }, #endif #ifdef F_SETLK64_NBMAND { BSM_F_SETLK64_NBMAND, F_SETLK64_NBMAND }, #endif #ifdef F_GETXFL { BSM_F_GETXFL, F_GETXFL }, #endif #ifdef F_BADFD { BSM_F_BADFD, F_BADFD }, #endif #ifdef F_OGETLK { BSM_F_OGETLK, F_OGETLK }, #endif #ifdef F_OSETLK { BSM_F_OSETLK, F_OSETLK }, #endif #ifdef F_OSETLKW { BSM_F_OSETLKW, F_OSETLKW }, #endif #ifdef F_SETLK_REMOTE { BSM_F_SETLK_REMOTE, F_SETLK_REMOTE }, #endif #ifdef F_SETSIG { BSM_F_SETSIG, F_SETSIG }, #endif #ifdef F_GETSIG { BSM_F_GETSIG, F_GETSIG }, #endif #ifdef F_CHKCLEAN { BSM_F_CHKCLEAN, F_CHKCLEAN }, #endif #ifdef F_PREALLOCATE { BSM_F_PREALLOCATE, F_PREALLOCATE }, #endif #ifdef F_SETSIZE { BSM_F_SETSIZE, F_SETSIZE }, #endif #ifdef F_RDADVISE { BSM_F_RDADVISE, F_RDADVISE }, #endif #ifdef F_RDAHEAD { BSM_F_RDAHEAD, F_RDAHEAD }, #endif #ifdef F_READBOOTSTRAP { BSM_F_READBOOTSTRAP, F_READBOOTSTRAP }, #endif #ifdef F_WRITEBOOTSTRAP { BSM_F_WRITEBOOTSTRAP, F_WRITEBOOTSTRAP }, #endif #ifdef F_NOCACHE { BSM_F_NOCACHE, F_NOCACHE }, #endif #ifdef F_LOG2PHYS { BSM_F_LOG2PHYS, F_LOG2PHYS }, #endif #ifdef F_GETPATH { BSM_F_GETPATH, F_GETPATH }, #endif #ifdef F_FULLFSYNC { BSM_F_FULLFSYNC, F_FULLFSYNC }, #endif #ifdef F_PATHPKG_CHECK { BSM_F_PATHPKG_CHECK, F_PATHPKG_CHECK }, #endif #ifdef F_FREEZE_FS { BSM_F_FREEZE_FS, F_FREEZE_FS }, #endif #ifdef F_THAW_FS { BSM_F_THAW_FS, F_THAW_FS }, #endif #ifdef F_GLOBAL_NOCACHE { BSM_F_GLOBAL_NOCACHE, F_GLOBAL_NOCACHE }, #endif #ifdef F_OPENFROM { BSM_F_OPENFROM, F_OPENFROM }, #endif #ifdef F_UNLINKFROM { BSM_F_UNLINKFROM, F_UNLINKFROM }, #endif #ifdef F_CHECK_OPENEVT { BSM_F_CHECK_OPENEVT, F_CHECK_OPENEVT }, #endif #ifdef F_ADDSIGS { BSM_F_ADDSIGS, F_ADDSIGS }, #endif #ifdef F_MARKDEPENDENCY { BSM_F_MARKDEPENDENCY, F_MARKDEPENDENCY }, #endif #ifdef FCNTL_FS_SPECIFIC_BASE { BSM_F_FS_SPECIFIC_0, FCNTL_FS_SPECIFIC_BASE}, { BSM_F_FS_SPECIFIC_1, FCNTL_FS_SPECIFIC_BASE + 1}, { BSM_F_FS_SPECIFIC_2, FCNTL_FS_SPECIFIC_BASE + 2}, { BSM_F_FS_SPECIFIC_3, FCNTL_FS_SPECIFIC_BASE + 3}, { BSM_F_FS_SPECIFIC_4, FCNTL_FS_SPECIFIC_BASE + 4}, { BSM_F_FS_SPECIFIC_5, FCNTL_FS_SPECIFIC_BASE + 5}, { BSM_F_FS_SPECIFIC_6, FCNTL_FS_SPECIFIC_BASE + 6}, { BSM_F_FS_SPECIFIC_7, FCNTL_FS_SPECIFIC_BASE + 7}, { BSM_F_FS_SPECIFIC_8, FCNTL_FS_SPECIFIC_BASE + 8}, { BSM_F_FS_SPECIFIC_9, FCNTL_FS_SPECIFIC_BASE + 9}, { BSM_F_FS_SPECIFIC_10, FCNTL_FS_SPECIFIC_BASE + 10}, { BSM_F_FS_SPECIFIC_11, FCNTL_FS_SPECIFIC_BASE + 11}, { BSM_F_FS_SPECIFIC_12, FCNTL_FS_SPECIFIC_BASE + 12}, { BSM_F_FS_SPECIFIC_13, FCNTL_FS_SPECIFIC_BASE + 13}, { BSM_F_FS_SPECIFIC_14, FCNTL_FS_SPECIFIC_BASE + 14}, { BSM_F_FS_SPECIFIC_15, FCNTL_FS_SPECIFIC_BASE + 15}, #endif /* FCNTL_FS_SPECIFIC_BASE */ }; static const int bsm_fcntl_cmd_count = sizeof(bsm_fcntl_cmdtab) / sizeof(bsm_fcntl_cmdtab[0]); static const bsm_fcntl_cmd_t * bsm_lookup_local_fcntl_cmd(int local_fcntl_cmd) { int i; for (i = 0; i < bsm_fcntl_cmd_count; i++) { if (bsm_fcntl_cmdtab[i].bfc_local_fcntl_cmd == local_fcntl_cmd) return (&bsm_fcntl_cmdtab[i]); } return (NULL); } u_short au_fcntl_cmd_to_bsm(int local_fcntl_cmd) { const bsm_fcntl_cmd_t *bfcp; bfcp = bsm_lookup_local_fcntl_cmd(local_fcntl_cmd); if (bfcp == NULL) return (BSM_F_UNKNOWN); return (bfcp->bfc_bsm_fcntl_cmd); } static const bsm_fcntl_cmd_t * bsm_lookup_bsm_fcntl_cmd(u_short bsm_fcntl_cmd) { int i; for (i = 0; i < bsm_fcntl_cmd_count; i++) { if (bsm_fcntl_cmdtab[i].bfc_bsm_fcntl_cmd == bsm_fcntl_cmd) return (&bsm_fcntl_cmdtab[i]); } return (NULL); } int au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp) { const bsm_fcntl_cmd_t *bfcp; bfcp = bsm_lookup_bsm_fcntl_cmd(bsm_fcntl_cmd); if (bfcp == NULL || bfcp->bfc_local_fcntl_cmd) return (-1); *local_fcntl_cmdp = bfcp->bfc_local_fcntl_cmd; return (0); } Index: head/contrib/openbsm/libbsm/bsm_flags.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_flags.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_flags.c (revision 292432) @@ -1,182 +1,180 @@ /*- * Copyright (c) 2004 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_flags.c#16 $ */ #include #include #include #include #include #ifndef HAVE_STRLCPY #include #endif static const char *flagdelim = ","; /* * Convert the character representation of audit values into the au_mask_t * field. */ int getauditflagsbin(char *auditstr, au_mask_t *masks) { char class_ent_name[AU_CLASS_NAME_MAX]; char class_ent_desc[AU_CLASS_DESC_MAX]; struct au_class_ent c; char *tok; char sel, sub; char *last; bzero(&c, sizeof(c)); bzero(class_ent_name, sizeof(class_ent_name)); bzero(class_ent_desc, sizeof(class_ent_desc)); c.ac_name = class_ent_name; c.ac_desc = class_ent_desc; masks->am_success = 0; masks->am_failure = 0; tok = strtok_r(auditstr, flagdelim, &last); while (tok != NULL) { /* Check for the events that should not be audited. */ if (tok[0] == '^') { sub = 1; tok++; } else sub = 0; /* Check for the events to be audited for success. */ if (tok[0] == '+') { sel = AU_PRS_SUCCESS; tok++; } else if (tok[0] == '-') { sel = AU_PRS_FAILURE; tok++; } else sel = AU_PRS_BOTH; if ((getauclassnam_r(&c, tok)) != NULL) { if (sub) SUB_FROM_MASK(masks, c.ac_class, sel); else ADD_TO_MASK(masks, c.ac_class, sel); } else { errno = EINVAL; return (-1); } /* Get the next class. */ tok = strtok_r(NULL, flagdelim, &last); } return (0); } /* * Convert the au_mask_t fields into a string value. If verbose is non-zero * the long flag names are used else the short (2-character)flag names are * used. * * XXXRW: If bits are specified that are not matched by any class, they are * omitted rather than rejected with EINVAL. * * XXXRW: This is not thread-safe as it relies on atomicity between * setauclass() and sequential calls to getauclassent(). This could be * fixed by iterating through the bitmask fields rather than iterating * through the classes. */ int getauditflagschar(char *auditstr, au_mask_t *masks, int verbose) { char class_ent_name[AU_CLASS_NAME_MAX]; char class_ent_desc[AU_CLASS_DESC_MAX]; struct au_class_ent c; char *strptr = auditstr; u_char sel; bzero(&c, sizeof(c)); bzero(class_ent_name, sizeof(class_ent_name)); bzero(class_ent_desc, sizeof(class_ent_desc)); c.ac_name = class_ent_name; c.ac_desc = class_ent_desc; /* * Enumerate the class entries, check if each is selected in either * the success or failure masks. */ setauclass(); while ((getauclassent_r(&c)) != NULL) { sel = 0; /* Dont do anything for class = no. */ if (c.ac_class == 0) continue; sel |= ((c.ac_class & masks->am_success) == c.ac_class) ? AU_PRS_SUCCESS : 0; sel |= ((c.ac_class & masks->am_failure) == c.ac_class) ? AU_PRS_FAILURE : 0; /* * No prefix should be attached if both success and failure * are selected. */ if ((sel & AU_PRS_BOTH) == 0) { if ((sel & AU_PRS_SUCCESS) != 0) { *strptr = '+'; strptr = strptr + 1; } else if ((sel & AU_PRS_FAILURE) != 0) { *strptr = '-'; strptr = strptr + 1; } } if (sel != 0) { if (verbose) { strlcpy(strptr, c.ac_desc, AU_CLASS_DESC_MAX); strptr += strlen(c.ac_desc); } else { strlcpy(strptr, c.ac_name, AU_CLASS_NAME_MAX); strptr += strlen(c.ac_name); } *strptr = ','; /* delimiter */ strptr = strptr + 1; } } /* Overwrite the last delimiter with the string terminator. */ if (strptr != auditstr) *(strptr-1) = '\0'; return (0); } Index: head/contrib/openbsm/libbsm/bsm_io.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_io.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_io.c (revision 292432) @@ -1,4613 +1,4612 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * Copyright (c) 2006 Robert N. M. Watson * Copyright (c) 2006 Martin Voros * All rights reserved. * * This code was developed in part by Robert N. M. Watson, Senior Principal * Scientist, SPARTA, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#75 $ */ #include #include #ifdef USE_ENDIAN_H #include #endif #ifdef USE_SYS_ENDIAN_H #include #endif #ifdef USE_MACHINE_ENDIAN_H #include #endif #ifdef USE_COMPAT_ENDIAN_H #include #endif #ifdef USE_COMPAT_ENDIAN_ENC_H #include #endif #ifdef HAVE_FULL_QUEUE_H #include #else /* !HAVE_FULL_QUEUE_H */ #include #endif /* !HAVE_FULL_QUEUE_H */ #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_VIS #include #else #include #endif #include #define READ_TOKEN_BYTES(buf, len, dest, size, bytesread, err) do { \ if ((bytesread) + (size) > (u_int32_t)(len)) { \ (err) = 1; \ } else { \ memcpy((dest), (buf) + (bytesread), (size)); \ bytesread += size; \ } \ } while (0) #define READ_TOKEN_U_CHAR(buf, len, dest, bytesread, err) do { \ if ((bytesread) + sizeof(u_char) <= (u_int32_t)(len)) { \ (dest) = buf[(bytesread)]; \ (bytesread) += sizeof(u_char); \ } else \ (err) = 1; \ } while (0) #define READ_TOKEN_U_INT16(buf, len, dest, bytesread, err) do { \ if ((bytesread) + sizeof(u_int16_t) <= (u_int32_t)(len)) { \ (dest) = be16dec((buf) + (bytesread)); \ (bytesread) += sizeof(u_int16_t); \ } else \ (err) = 1; \ } while (0) #define READ_TOKEN_U_INT32(buf, len, dest, bytesread, err) do { \ if ((bytesread) + sizeof(u_int32_t) <= (u_int32_t)(len)) { \ (dest) = be32dec((buf) + (bytesread)); \ (bytesread) += sizeof(u_int32_t); \ } else \ (err) = 1; \ } while (0) #define READ_TOKEN_U_INT64(buf, len, dest, bytesread, err) do { \ if ((bytesread) + sizeof(u_int64_t) <= (u_int32_t)(len)) { \ dest = be64dec((buf) + (bytesread)); \ (bytesread) += sizeof(u_int64_t); \ } else \ (err) = 1; \ } while (0) #define SET_PTR(buf, len, ptr, size, bytesread, err) do { \ if ((bytesread) + (size) > (u_int32_t)(len)) \ (err) = 1; \ else { \ (ptr) = (buf) + (bytesread); \ (bytesread) += (size); \ } \ } while (0) /* * XML option. */ #define AU_PLAIN 0 #define AU_XML 1 /* * Prints the delimiter string. */ static void print_delim(FILE *fp, const char *del) { fprintf(fp, "%s", del); } /* * Prints a single byte in the given format. */ static void print_1_byte(FILE *fp, u_char val, const char *format) { fprintf(fp, format, val); } /* * Print 2 bytes in the given format. */ static void print_2_bytes(FILE *fp, u_int16_t val, const char *format) { fprintf(fp, format, val); } /* * Prints 4 bytes in the given format. */ static void print_4_bytes(FILE *fp, u_int32_t val, const char *format) { fprintf(fp, format, val); } /* * Prints 8 bytes in the given format. */ static void print_8_bytes(FILE *fp, u_int64_t val, const char *format) { fprintf(fp, format, val); } /* * Prints the given size of data bytes in hex. */ static void print_mem(FILE *fp, u_char *data, size_t len) { u_int32_t i; if (len > 0) { fprintf(fp, "0x"); for (i = 0; i < len; i++) fprintf(fp, "%02x", data[i]); } } /* * Prints the given data bytes as a string. */ static void print_string(FILE *fp, const char *str, size_t len) { u_int32_t i; if (len > 0) { for (i = 0; i < len; i++) { if (str[i] != '\0') fprintf(fp, "%c", str[i]); } } } /* * Prints the given data bytes as an XML-sanitized string. */ static void print_xml_string(FILE *fp, const char *str, size_t len) { u_int32_t i; char visbuf[5]; if (len == 0) return; for (i = 0; i < len; i++) { switch (str[i]) { case '\0': return; case '&': (void) fprintf(fp, "&"); break; case '<': (void) fprintf(fp, "<"); break; case '>': (void) fprintf(fp, ">"); break; case '\"': (void) fprintf(fp, """); break; case '\'': (void) fprintf(fp, "'"); break; default: (void) vis(visbuf, str[i], VIS_CSTYLE, 0); (void) fprintf(fp, "%s", visbuf); break; } } } /* - * Prints the beggining of attribute. + * Prints the beginning of an attribute. */ static void open_attr(FILE *fp, const char *str) { fprintf(fp,"%s=\"", str); } /* - * Prints the end of attribute. + * Prints the end of an attribute. */ static void close_attr(FILE *fp) { fprintf(fp,"\" "); } /* - * Prints the end of tag. + * Prints the end of a tag. */ static void close_tag(FILE *fp, u_char type) { switch(type) { case AUT_HEADER32: fprintf(fp, ">"); break; case AUT_HEADER32_EX: fprintf(fp, ">"); break; case AUT_HEADER64: fprintf(fp, ">"); break; case AUT_HEADER64_EX: fprintf(fp, ">"); break; case AUT_ARG32: fprintf(fp, "/>"); break; case AUT_ARG64: fprintf(fp, "/>"); break; case AUT_ATTR32: fprintf(fp, "/>"); break; case AUT_ATTR64: fprintf(fp, "/>"); break; case AUT_EXIT: fprintf(fp, "/>"); break; case AUT_EXEC_ARGS: fprintf(fp, ""); break; case AUT_EXEC_ENV: fprintf(fp, ""); break; case AUT_OTHER_FILE32: fprintf(fp, ""); break; case AUT_NEWGROUPS: fprintf(fp, ""); break; case AUT_IN_ADDR: fprintf(fp, ""); break; case AUT_IN_ADDR_EX: fprintf(fp, ""); break; case AUT_IP: fprintf(fp, "/>"); break; case AUT_IPC: fprintf(fp, "/>"); break; case AUT_IPC_PERM: fprintf(fp, "/>"); break; case AUT_IPORT: fprintf(fp, ""); break; case AUT_OPAQUE: fprintf(fp, ""); break; case AUT_PATH: fprintf(fp, ""); break; case AUT_PROCESS32: fprintf(fp, "/>"); break; case AUT_PROCESS32_EX: fprintf(fp, "/>"); break; case AUT_PROCESS64: fprintf(fp, "/>"); break; case AUT_PROCESS64_EX: fprintf(fp, "/>"); break; case AUT_RETURN32: fprintf(fp, "/>"); break; case AUT_RETURN64: fprintf(fp, "/>"); break; case AUT_SEQ: fprintf(fp, "/>"); break; case AUT_SOCKET: fprintf(fp, "/>"); break; case AUT_SOCKINET32: fprintf(fp, "/>"); break; case AUT_SOCKUNIX: fprintf(fp, "/>"); break; case AUT_SOCKINET128: fprintf(fp, "/>"); break; case AUT_SUBJECT32: fprintf(fp, "/>"); break; case AUT_SUBJECT64: fprintf(fp, "/>"); break; case AUT_SUBJECT32_EX: fprintf(fp, "/>"); break; case AUT_SUBJECT64_EX: fprintf(fp, "/>"); break; case AUT_TEXT: fprintf(fp, ""); break; case AUT_SOCKET_EX: fprintf(fp, "/>"); break; case AUT_DATA: fprintf(fp, ""); break; case AUT_ZONENAME: fprintf(fp, "/>"); break; } } /* * Prints the token type in either the raw or the default form. */ static void print_tok_type(FILE *fp, u_char type, const char *tokname, int oflags) { if (oflags & AU_OFLAG_XML) { switch(type) { case AUT_HEADER32: fprintf(fp, ""); break; case AUT_ARG32: fprintf(fp, ""); break; case AUT_EXEC_ENV: fprintf(fp, ""); break; case AUT_OTHER_FILE32: fprintf(fp, ""); break; case AUT_IN_ADDR: fprintf(fp, ""); break; case AUT_IN_ADDR_EX: fprintf(fp, ""); break; case AUT_IP: fprintf(fp, ""); break; case AUT_OPAQUE: fprintf(fp, ""); break; case AUT_PATH: fprintf(fp, ""); break; case AUT_PROCESS32: fprintf(fp, ""); break; case AUT_SOCKET_EX: fprintf(fp, "pw_name); else fprintf(fp, "%d", usr); } } /* * Prints a group value. */ static void print_group(FILE *fp, u_int32_t grp, int oflags) { struct group *grpent; if (oflags & AU_OFLAG_RAW) fprintf(fp, "%d", grp); else { grpent = getgrgid(grp); if (grpent != NULL) fprintf(fp, "%s", grpent->gr_name); else fprintf(fp, "%d", grp); } } /* * Prints the event from the header token in either the short, default or raw * form. */ static void print_event(FILE *fp, u_int16_t ev, int oflags) { char event_ent_name[AU_EVENT_NAME_MAX]; char event_ent_desc[AU_EVENT_DESC_MAX]; struct au_event_ent e, *ep; bzero(&e, sizeof(e)); bzero(event_ent_name, sizeof(event_ent_name)); bzero(event_ent_desc, sizeof(event_ent_desc)); e.ae_name = event_ent_name; e.ae_desc = event_ent_desc; ep = getauevnum_r(&e, ev); if (ep == NULL) { fprintf(fp, "%u", ev); return; } if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", ev); else if (oflags & AU_OFLAG_SHORT) fprintf(fp, "%s", e.ae_name); else fprintf(fp, "%s", e.ae_desc); } /* * Prints the event modifier from the header token in either the default or * raw form. */ static void print_evmod(FILE *fp, u_int16_t evmod, int oflags) { if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", evmod); else fprintf(fp, "%u", evmod); } /* * Prints seconds in the ctime format. */ static void print_sec32(FILE *fp, u_int32_t sec, int oflags) { time_t timestamp; char timestr[26]; if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", sec); else { timestamp = (time_t)sec; ctime_r(×tamp, timestr); timestr[24] = '\0'; /* No new line */ fprintf(fp, "%s", timestr); } } /* * XXXRW: 64-bit token streams make use of 64-bit time stamps; since we * assume a 32-bit time_t, we simply truncate for now. */ static void print_sec64(FILE *fp, u_int64_t sec, int oflags) { time_t timestamp; char timestr[26]; if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", (u_int32_t)sec); else { timestamp = (time_t)sec; ctime_r(×tamp, timestr); timestr[24] = '\0'; /* No new line */ fprintf(fp, "%s", timestr); } } /* * Prints the excess milliseconds. */ static void print_msec32(FILE *fp, u_int32_t msec, int oflags) { if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", msec); else fprintf(fp, " + %u msec", msec); } /* * XXXRW: 64-bit token streams make use of 64-bit time stamps; since we assume * a 32-bit msec, we simply truncate for now. */ static void print_msec64(FILE *fp, u_int64_t msec, int oflags) { msec &= 0xffffffff; if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", (u_int32_t)msec); else fprintf(fp, " + %u msec", (u_int32_t)msec); } /* * Prints a dotted form for the IP address. */ static void print_ip_address(FILE *fp, u_int32_t ip) { struct in_addr ipaddr; ipaddr.s_addr = ip; fprintf(fp, "%s", inet_ntoa(ipaddr)); } /* * Prints a string value for the given ip address. */ static void print_ip_ex_address(FILE *fp, u_int32_t type, u_int32_t *ipaddr) { struct in_addr ipv4; struct in6_addr ipv6; char dst[INET6_ADDRSTRLEN]; switch (type) { case AU_IPv4: ipv4.s_addr = (in_addr_t)(ipaddr[0]); fprintf(fp, "%s", inet_ntop(AF_INET, &ipv4, dst, INET6_ADDRSTRLEN)); break; case AU_IPv6: bcopy(ipaddr, &ipv6, sizeof(ipv6)); fprintf(fp, "%s", inet_ntop(AF_INET6, &ipv6, dst, INET6_ADDRSTRLEN)); break; default: fprintf(fp, "invalid"); } } /* * Prints return value as success or failure. */ static void print_retval(FILE *fp, u_char status, int oflags) { int error; if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", status); else { /* * Convert to a local error number and print the OS's version * of the error string if possible. We may want to provide * an au_strerror(3) in the future so that we can print * strings for non-local errors. */ if (au_bsm_to_errno(status, &error) == 0) { if (error == 0) fprintf(fp, "success"); else fprintf(fp, "failure : %s", strerror(error)); } else fprintf(fp, "failure: Unknown error: %d", status); } } /* * Prints the exit value. */ static void print_errval(FILE *fp, u_int32_t val) { fprintf(fp, "Error %u", val); } /* * Prints IPC type. */ static void print_ipctype(FILE *fp, u_char type, int oflags) { if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", type); else { if (type == AT_IPC_MSG) fprintf(fp, "Message IPC"); else if (type == AT_IPC_SEM) fprintf(fp, "Semaphore IPC"); else if (type == AT_IPC_SHM) fprintf(fp, "Shared Memory IPC"); else fprintf(fp, "%u", type); } } /* * Print XML header. */ void au_print_xml_header(FILE *outfp) { fprintf(outfp, "\n"); fprintf(outfp, "\n"); } /* * Print XML footer. */ void au_print_xml_footer(FILE *outfp) { fprintf(outfp, "\n"); } /* * record byte count 4 bytes * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ static int fetch_header32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32.size, tok->len, err); if (err) return (-1); READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32.version, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.hdr32.e_type, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.hdr32.e_mod, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32.s, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32.ms, tok->len, err); if (err) return (-1); return (0); } static void print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "header", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "version"); print_1_byte(fp, tok->tt.hdr32.version, "%u"); close_attr(fp); open_attr(fp, "event"); print_event(fp, tok->tt.hdr32.e_type, oflags); close_attr(fp); open_attr(fp, "modifier"); print_evmod(fp, tok->tt.hdr32.e_mod, oflags); close_attr(fp); open_attr(fp, "time"); print_sec32(fp, tok->tt.hdr32.s, oflags); close_attr(fp); open_attr(fp, "msec"); print_msec32(fp, tok->tt.hdr32.ms, oflags); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_4_bytes(fp, tok->tt.hdr32.size, "%u"); print_delim(fp, del); print_1_byte(fp, tok->tt.hdr32.version, "%u"); print_delim(fp, del); print_event(fp, tok->tt.hdr32.e_type, oflags); print_delim(fp, del); print_evmod(fp, tok->tt.hdr32.e_mod, oflags); print_delim(fp, del); print_sec32(fp, tok->tt.hdr32.s, oflags); print_delim(fp, del); print_msec32(fp, tok->tt.hdr32.ms, oflags); } } /* * The Solaris specifications for AUE_HEADER32_EX seem to differ a bit * depending on the bit of the specifications found. The OpenSolaris source * code uses a 4-byte address length, followed by some number of bytes of * address data. This contrasts with the Solaris audit.log.5 man page, which * specifies a 1-byte length field. We use the Solaris 10 definition so that * we can parse audit trails from that system. * * record byte count 4 bytes * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes * address type/length 4 bytes * [ Solaris man page: address type/length 1 byte] * machine address 4 bytes/16 bytes (IPv4/IPv6 address) * seconds of time 4 bytes/8 bytes (32/64-bits) * nanoseconds of time 4 bytes/8 bytes (32/64-bits) */ static int fetch_header32_ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.size, tok->len, err); if (err) return (-1); READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32_ex.version, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.hdr32_ex.e_type, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.hdr32_ex.e_mod, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.ad_type, tok->len, err); if (err) return (-1); bzero(tok->tt.hdr32_ex.addr, sizeof(tok->tt.hdr32_ex.addr)); switch (tok->tt.hdr32_ex.ad_type) { case AU_IPv4: READ_TOKEN_BYTES(buf, len, &tok->tt.hdr32_ex.addr[0], sizeof(tok->tt.hdr32_ex.addr[0]), tok->len, err); if (err) return (-1); break; case AU_IPv6: READ_TOKEN_BYTES(buf, len, tok->tt.hdr32_ex.addr, sizeof(tok->tt.hdr32_ex.addr), tok->len, err); break; } READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.s, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.ms, tok->len, err); if (err) return (-1); return (0); } static void print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "header_ex", oflags); if (oflags & AU_OFLAG_RAW) { open_attr(fp, "version"); print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); close_attr(fp); open_attr(fp, "event"); print_event(fp, tok->tt.hdr32_ex.e_type, oflags); close_attr(fp); open_attr(fp, "modifier"); print_evmod(fp, tok->tt.hdr32_ex.e_mod, oflags); close_attr(fp); open_attr(fp, "host"); print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, tok->tt.hdr32_ex.addr); close_attr(fp); open_attr(fp, "time"); print_sec32(fp, tok->tt.hdr32_ex.s, oflags); close_attr(fp); open_attr(fp, "msec"); print_msec32(fp, tok->tt.hdr32_ex.ms, oflags); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_4_bytes(fp, tok->tt.hdr32_ex.size, "%u"); print_delim(fp, del); print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); print_delim(fp, del); print_event(fp, tok->tt.hdr32_ex.e_type, oflags); print_delim(fp, del); print_evmod(fp, tok->tt.hdr32_ex.e_mod, oflags); print_delim(fp, del); print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, tok->tt.hdr32_ex.addr); print_delim(fp, del); print_sec32(fp, tok->tt.hdr32_ex.s, oflags); print_delim(fp, del); print_msec32(fp, tok->tt.hdr32_ex.ms, oflags); } } /* * record byte count 4 bytes * event type 2 bytes * event modifier 2 bytes * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) * version # */ static int fetch_header64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.hdr64.size, tok->len, err); if (err) return (-1); READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr64.version, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.hdr64.e_type, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.hdr64.e_mod, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64.s, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64.ms, tok->len, err); if (err) return (-1); return (0); } static void print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "header", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "version"); print_1_byte(fp, tok->tt.hdr64.version, "%u"); close_attr(fp); open_attr(fp, "event"); print_event(fp, tok->tt.hdr64.e_type, oflags); close_attr(fp); open_attr(fp, "modifier"); print_evmod(fp, tok->tt.hdr64.e_mod, oflags); close_attr(fp); open_attr(fp, "time"); print_sec64(fp, tok->tt.hdr64.s, oflags); close_attr(fp); open_attr(fp, "msec"); print_msec64(fp, tok->tt.hdr64.ms, oflags); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_4_bytes(fp, tok->tt.hdr64.size, "%u"); print_delim(fp, del); print_1_byte(fp, tok->tt.hdr64.version, "%u"); print_delim(fp, del); print_event(fp, tok->tt.hdr64.e_type, oflags); print_delim(fp, del); print_evmod(fp, tok->tt.hdr64.e_mod, oflags); print_delim(fp, del); print_sec64(fp, tok->tt.hdr64.s, oflags); print_delim(fp, del); print_msec64(fp, tok->tt.hdr64.ms, oflags); } } /* * record byte count 4 bytes * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes * address type/length 4 bytes * [ Solaris man page: address type/length 1 byte] * machine address 4 bytes/16 bytes (IPv4/IPv6 address) * seconds of time 4 bytes/8 bytes (32/64-bits) * nanoseconds of time 4 bytes/8 bytes (32/64-bits) * * XXXAUDIT: See comment by fetch_header32_ex_tok() for details on the * accuracy of the BSM spec. */ static int fetch_header64_ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.hdr64_ex.size, tok->len, err); if (err) return (-1); READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr64_ex.version, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.hdr64_ex.e_type, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.hdr64_ex.e_mod, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.hdr64_ex.ad_type, tok->len, err); if (err) return (-1); bzero(tok->tt.hdr64_ex.addr, sizeof(tok->tt.hdr64_ex.addr)); switch (tok->tt.hdr64_ex.ad_type) { case AU_IPv4: READ_TOKEN_BYTES(buf, len, &tok->tt.hdr64_ex.addr[0], sizeof(tok->tt.hdr64_ex.addr[0]), tok->len, err); if (err) return (-1); break; case AU_IPv6: READ_TOKEN_BYTES(buf, len, tok->tt.hdr64_ex.addr, sizeof(tok->tt.hdr64_ex.addr), tok->len, err); break; } READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64_ex.s, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64_ex.ms, tok->len, err); if (err) return (-1); return (0); } static void print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "header_ex", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "version"); print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); close_attr(fp); open_attr(fp, "event"); print_event(fp, tok->tt.hdr64_ex.e_type, oflags); close_attr(fp); open_attr(fp, "modifier"); print_evmod(fp, tok->tt.hdr64_ex.e_mod, oflags); close_attr(fp); open_attr(fp, "host"); print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, tok->tt.hdr64_ex.addr); close_attr(fp); open_attr(fp, "time"); print_sec64(fp, tok->tt.hdr64_ex.s, oflags); close_attr(fp); open_attr(fp, "msec"); print_msec64(fp, tok->tt.hdr64_ex.ms, oflags); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_4_bytes(fp, tok->tt.hdr64_ex.size, "%u"); print_delim(fp, del); print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); print_delim(fp, del); print_event(fp, tok->tt.hdr64_ex.e_type, oflags); print_delim(fp, del); print_evmod(fp, tok->tt.hdr64_ex.e_mod, oflags); print_delim(fp, del); print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, tok->tt.hdr64_ex.addr); print_delim(fp, del); print_sec64(fp, tok->tt.hdr64_ex.s, oflags); print_delim(fp, del); print_msec64(fp, tok->tt.hdr64_ex.ms, oflags); } } /* * trailer magic 2 bytes * record size 4 bytes */ static int fetch_trailer_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.trail.magic, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.trail.count, tok->len, err); if (err) return (-1); return (0); } static void print_trailer_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "trailer", oflags); if (!(oflags & AU_OFLAG_XML)) { print_delim(fp, del); print_4_bytes(fp, tok->tt.trail.count, "%u"); } } /* * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) * text length 2 bytes * text N bytes + 1 terminating NULL byte */ static int fetch_arg32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_CHAR(buf, len, tok->tt.arg32.no, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.arg32.val, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.arg32.len, tok->len, err); if (err) return (-1); SET_PTR((char*)buf, len, tok->tt.arg32.text, tok->tt.arg32.len, tok->len, err); if (err) return (-1); return (0); } static void print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "argument", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "arg-num"); print_1_byte(fp, tok->tt.arg32.no, "%u"); close_attr(fp); open_attr(fp, "value"); print_4_bytes(fp, tok->tt.arg32.val, "0x%x"); close_attr(fp); open_attr(fp, "desc"); print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_1_byte(fp, tok->tt.arg32.no, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.arg32.val, "0x%x"); print_delim(fp, del); print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len); } } static int fetch_arg64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_CHAR(buf, len, tok->tt.arg64.no, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.arg64.val, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.arg64.len, tok->len, err); if (err) return (-1); SET_PTR((char*)buf, len, tok->tt.arg64.text, tok->tt.arg64.len, tok->len, err); if (err) return (-1); return (0); } static void print_arg64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "argument", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "arg-num"); print_1_byte(fp, tok->tt.arg64.no, "%u"); close_attr(fp); open_attr(fp, "value"); print_8_bytes(fp, tok->tt.arg64.val, "0x%llx"); close_attr(fp); open_attr(fp, "desc"); print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_1_byte(fp, tok->tt.arg64.no, "%u"); print_delim(fp, del); print_8_bytes(fp, tok->tt.arg64.val, "0x%llx"); print_delim(fp, del); print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len); } } /* * how to print 1 byte * basic unit 1 byte * unit count 1 byte * data items (depends on basic unit) */ static int fetch_arb_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; int datasize; READ_TOKEN_U_CHAR(buf, len, tok->tt.arb.howtopr, tok->len, err); if (err) return (-1); READ_TOKEN_U_CHAR(buf, len, tok->tt.arb.bu, tok->len, err); if (err) return (-1); READ_TOKEN_U_CHAR(buf, len, tok->tt.arb.uc, tok->len, err); if (err) return (-1); /* * Determine the size of the basic unit. */ switch(tok->tt.arb.bu) { case AUR_BYTE: /* case AUR_CHAR: */ datasize = AUR_BYTE_SIZE; break; case AUR_SHORT: datasize = AUR_SHORT_SIZE; break; case AUR_INT32: /* case AUR_INT: */ datasize = AUR_INT32_SIZE; break; case AUR_INT64: datasize = AUR_INT64_SIZE; break; default: return (-1); } SET_PTR(buf, len, tok->tt.arb.data, datasize * tok->tt.arb.uc, tok->len, err); if (err) return (-1); return (0); } static void print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { char *str; char *format; size_t size; int i; print_tok_type(fp, tok->id, "arbitrary", oflags); if (!(oflags & AU_OFLAG_XML)) print_delim(fp, del); switch(tok->tt.arb.howtopr) { case AUP_BINARY: str = "binary"; format = " %c"; break; case AUP_OCTAL: str = "octal"; format = " %o"; break; case AUP_DECIMAL: str = "decimal"; format = " %d"; break; case AUP_HEX: str = "hex"; format = " %x"; break; case AUP_STRING: str = "string"; format = "%c"; break; default: return; } if (oflags & AU_OFLAG_XML) { open_attr(fp, "print"); fprintf(fp, "%s",str); close_attr(fp); } else { print_string(fp, str, strlen(str)); print_delim(fp, del); } switch(tok->tt.arb.bu) { case AUR_BYTE: /* case AUR_CHAR: */ str = "byte"; size = AUR_BYTE_SIZE; if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); fprintf(fp, "%zu", size); close_attr(fp); open_attr(fp, "count"); print_1_byte(fp, tok->tt.arb.uc, "%u"); close_attr(fp); fprintf(fp, ">"); for (i = 0; itt.arb.uc; i++) fprintf(fp, format, *(tok->tt.arb.data + (size * i))); close_tag(fp, tok->id); } else { print_string(fp, str, strlen(str)); print_delim(fp, del); print_1_byte(fp, tok->tt.arb.uc, "%u"); print_delim(fp, del); for (i = 0; itt.arb.uc; i++) fprintf(fp, format, *(tok->tt.arb.data + (size * i))); } break; case AUR_SHORT: str = "short"; size = AUR_SHORT_SIZE; if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); fprintf(fp, "%zu", size); close_attr(fp); open_attr(fp, "count"); print_1_byte(fp, tok->tt.arb.uc, "%u"); close_attr(fp); fprintf(fp, ">"); for (i = 0; i < tok->tt.arb.uc; i++) fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data + (size * i)))); close_tag(fp, tok->id); } else { print_string(fp, str, strlen(str)); print_delim(fp, del); print_1_byte(fp, tok->tt.arb.uc, "%u"); print_delim(fp, del); for (i = 0; i < tok->tt.arb.uc; i++) fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data + (size * i)))); } break; case AUR_INT32: /* case AUR_INT: */ str = "int"; size = AUR_INT32_SIZE; if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); fprintf(fp, "%zu", size); close_attr(fp); open_attr(fp, "count"); print_1_byte(fp, tok->tt.arb.uc, "%u"); close_attr(fp); fprintf(fp, ">"); for (i = 0; i < tok->tt.arb.uc; i++) fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data + (size * i)))); close_tag(fp, tok->id); } else { print_string(fp, str, strlen(str)); print_delim(fp, del); print_1_byte(fp, tok->tt.arb.uc, "%u"); print_delim(fp, del); for (i = 0; i < tok->tt.arb.uc; i++) fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data + (size * i)))); } break; case AUR_INT64: str = "int64"; size = AUR_INT64_SIZE; if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); fprintf(fp, "%zu", size); close_attr(fp); open_attr(fp, "count"); print_1_byte(fp, tok->tt.arb.uc, "%u"); close_attr(fp); fprintf(fp, ">"); for (i = 0; i < tok->tt.arb.uc; i++) fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data + (size * i)))); close_tag(fp, tok->id); } else { print_string(fp, str, strlen(str)); print_delim(fp, del); print_1_byte(fp, tok->tt.arb.uc, "%u"); print_delim(fp, del); for (i = 0; i < tok->tt.arb.uc; i++) fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data + (size * i)))); } break; default: return; } } /* * file access mode 4 bytes * owner user ID 4 bytes * owner group ID 4 bytes * file system ID 4 bytes * node ID 8 bytes * device 4 bytes/8 bytes (32-bit/64-bit) */ static int fetch_attr32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.attr32.mode, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.attr32.uid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.attr32.gid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.attr32.fsid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.attr32.nid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.attr32.dev, tok->len, err); if (err) return (-1); return (0); } static void print_attr32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "attribute", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "mode"); print_4_bytes(fp, tok->tt.attr32.mode, "%o"); close_attr(fp); open_attr(fp, "uid"); print_user(fp, tok->tt.attr32.uid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.attr32.gid, oflags); close_attr(fp); open_attr(fp, "fsid"); print_4_bytes(fp, tok->tt.attr32.fsid, "%u"); close_attr(fp); open_attr(fp, "nodeid"); print_8_bytes(fp, tok->tt.attr32.nid, "%lld"); close_attr(fp); open_attr(fp, "device"); print_4_bytes(fp, tok->tt.attr32.dev, "%u"); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_4_bytes(fp, tok->tt.attr32.mode, "%o"); print_delim(fp, del); print_user(fp, tok->tt.attr32.uid, oflags); print_delim(fp, del); print_group(fp, tok->tt.attr32.gid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.attr32.fsid, "%u"); print_delim(fp, del); print_8_bytes(fp, tok->tt.attr32.nid, "%lld"); print_delim(fp, del); print_4_bytes(fp, tok->tt.attr32.dev, "%u"); } } /* * file access mode 4 bytes * owner user ID 4 bytes * owner group ID 4 bytes * file system ID 4 bytes * node ID 8 bytes * device 4 bytes/8 bytes (32-bit/64-bit) */ static int fetch_attr64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.mode, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.uid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.gid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.fsid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.attr64.nid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.attr64.dev, tok->len, err); if (err) return (-1); return (0); } static void print_attr64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "attribute", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "mode"); print_4_bytes(fp, tok->tt.attr64.mode, "%o"); close_attr(fp); open_attr(fp, "uid"); print_user(fp, tok->tt.attr64.uid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.attr64.gid, oflags); close_attr(fp); open_attr(fp, "fsid"); print_4_bytes(fp, tok->tt.attr64.fsid, "%u"); close_attr(fp); open_attr(fp, "nodeid"); print_8_bytes(fp, tok->tt.attr64.nid, "%lld"); close_attr(fp); open_attr(fp, "device"); print_8_bytes(fp, tok->tt.attr64.dev, "%llu"); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_4_bytes(fp, tok->tt.attr64.mode, "%o"); print_delim(fp, del); print_user(fp, tok->tt.attr64.uid, oflags); print_delim(fp, del); print_group(fp, tok->tt.attr64.gid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.attr64.fsid, "%u"); print_delim(fp, del); print_8_bytes(fp, tok->tt.attr64.nid, "%lld"); print_delim(fp, del); print_8_bytes(fp, tok->tt.attr64.dev, "%llu"); } } /* * status 4 bytes * return value 4 bytes */ static int fetch_exit_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.exit.status, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.exit.ret, tok->len, err); if (err) return (-1); return (0); } static void print_exit_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "exit", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "errval"); print_errval(fp, tok->tt.exit.status); close_attr(fp); open_attr(fp, "retval"); print_4_bytes(fp, tok->tt.exit.ret, "%u"); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_errval(fp, tok->tt.exit.status); print_delim(fp, del); print_4_bytes(fp, tok->tt.exit.ret, "%u"); } } /* * count 4 bytes * text count null-terminated string(s) */ static int fetch_execarg_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; u_int32_t i; u_char *bptr; READ_TOKEN_U_INT32(buf, len, tok->tt.execarg.count, tok->len, err); if (err) return (-1); for (i = 0; i < tok->tt.execarg.count; i++) { bptr = buf + tok->len; if (i < AUDIT_MAX_ARGS) tok->tt.execarg.text[i] = (char*)bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { if (++tok->len >= (u_int32_t)len) return (-1); bptr = buf + tok->len; } if (!bptr) return (-1); tok->len++; /* \0 character */ } if (tok->tt.execarg.count > AUDIT_MAX_ARGS) tok->tt.execarg.count = AUDIT_MAX_ARGS; return (0); } static void print_execarg_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { u_int32_t i; print_tok_type(fp, tok->id, "exec arg", oflags); for (i = 0; i < tok->tt.execarg.count; i++) { if (oflags & AU_OFLAG_XML) { fprintf(fp, ""); print_xml_string(fp, tok->tt.execarg.text[i], strlen(tok->tt.execarg.text[i])); fprintf(fp, ""); } else { print_delim(fp, del); print_string(fp, tok->tt.execarg.text[i], strlen(tok->tt.execarg.text[i])); } } if (oflags & AU_OFLAG_XML) close_tag(fp, tok->id); } /* * count 4 bytes * text count null-terminated string(s) */ static int fetch_execenv_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; u_int32_t i; u_char *bptr; READ_TOKEN_U_INT32(buf, len, tok->tt.execenv.count, tok->len, err); if (err) return (-1); for (i = 0; i < tok->tt.execenv.count; i++) { bptr = buf + tok->len; if (i < AUDIT_MAX_ENV) tok->tt.execenv.text[i] = (char*)bptr; /* Look for a null terminated string. */ while (bptr && (*bptr != '\0')) { if (++tok->len >= (u_int32_t)len) return (-1); bptr = buf + tok->len; } if (!bptr) return (-1); tok->len++; /* \0 character */ } if (tok->tt.execenv.count > AUDIT_MAX_ENV) tok->tt.execenv.count = AUDIT_MAX_ENV; return (0); } static void print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { u_int32_t i; print_tok_type(fp, tok->id, "exec env", oflags); for (i = 0; i< tok->tt.execenv.count; i++) { if (oflags & AU_OFLAG_XML) { fprintf(fp, ""); print_xml_string(fp, tok->tt.execenv.text[i], strlen(tok->tt.execenv.text[i])); fprintf(fp, ""); } else { print_delim(fp, del); print_string(fp, tok->tt.execenv.text[i], strlen(tok->tt.execenv.text[i])); } } if (oflags & AU_OFLAG_XML) close_tag(fp, tok->id); } /* * seconds of time 4 bytes * milliseconds of time 4 bytes * file name len 2 bytes * file pathname N bytes + 1 terminating NULL byte */ static int fetch_file_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.file.s, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.file.ms, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.file.len, tok->len, err); if (err) return (-1); SET_PTR((char*)buf, len, tok->tt.file.name, tok->tt.file.len, tok->len, err); if (err) return (-1); return (0); } static void print_file_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "file", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "time"); print_sec32(fp, tok->tt.file.s, oflags); close_attr(fp); open_attr(fp, "msec"); print_msec32(fp, tok->tt.file.ms, oflags); close_attr(fp); fprintf(fp, ">"); print_string(fp, tok->tt.file.name, tok->tt.file.len); close_tag(fp, tok->id); } else { print_delim(fp, del); print_sec32(fp, tok->tt.file.s, oflags); print_delim(fp, del); print_msec32(fp, tok->tt.file.ms, oflags); print_delim(fp, del); print_string(fp, tok->tt.file.name, tok->tt.file.len); } } /* * number groups 2 bytes * group list count * 4 bytes */ static int fetch_newgroups_tok(tokenstr_t *tok, u_char *buf, int len) { int i; int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.grps.no, tok->len, err); if (err) return (-1); for (i = 0; itt.grps.no; i++) { READ_TOKEN_U_INT32(buf, len, tok->tt.grps.list[i], tok->len, err); if (err) return (-1); } return (0); } static void print_newgroups_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { int i; print_tok_type(fp, tok->id, "group", oflags); for (i = 0; i < tok->tt.grps.no; i++) { if (oflags & AU_OFLAG_XML) { fprintf(fp, ""); print_group(fp, tok->tt.grps.list[i], oflags); fprintf(fp, ""); close_tag(fp, tok->id); } else { print_delim(fp, del); print_group(fp, tok->tt.grps.list[i], oflags); } } } /* * Internet addr 4 bytes */ static int fetch_inaddr_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr.addr, sizeof(uint32_t), tok->len, err); if (err) return (-1); return (0); } static void print_inaddr_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "ip addr", oflags); if (oflags & AU_OFLAG_XML) { print_ip_address(fp, tok->tt.inaddr.addr); close_tag(fp, tok->id); } else { print_delim(fp, del); print_ip_address(fp, tok->tt.inaddr.addr); } } /* * type 4 bytes * address 16 bytes */ static int fetch_inaddr_ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.inaddr_ex.type, tok->len, err); if (err) return (-1); if (tok->tt.inaddr_ex.type == AU_IPv4) { READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr_ex.addr[0], sizeof(tok->tt.inaddr_ex.addr[0]), tok->len, err); if (err) return (-1); } else if (tok->tt.inaddr_ex.type == AU_IPv6) { READ_TOKEN_BYTES(buf, len, tok->tt.inaddr_ex.addr, sizeof(tok->tt.inaddr_ex.addr), tok->len, err); if (err) return (-1); } else return (-1); return (0); } static void print_inaddr_ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "ip addr ex", oflags); if (oflags & AU_OFLAG_XML) { print_ip_ex_address(fp, tok->tt.inaddr_ex.type, tok->tt.inaddr_ex.addr); close_tag(fp, tok->id); } else { print_delim(fp, del); print_ip_ex_address(fp, tok->tt.inaddr_ex.type, tok->tt.inaddr_ex.addr); } } /* * ip header 20 bytes */ static int fetch_ip_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_CHAR(buf, len, tok->tt.ip.version, tok->len, err); if (err) return (-1); READ_TOKEN_U_CHAR(buf, len, tok->tt.ip.tos, tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.ip.len, sizeof(uint16_t), tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.ip.id, sizeof(uint16_t), tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.ip.offset, sizeof(uint16_t), tok->len, err); if (err) return (-1); READ_TOKEN_U_CHAR(buf, len, tok->tt.ip.ttl, tok->len, err); if (err) return (-1); READ_TOKEN_U_CHAR(buf, len, tok->tt.ip.prot, tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.ip.chksm, sizeof(uint16_t), tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.ip.src, sizeof(tok->tt.ip.src), tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.ip.dest, sizeof(tok->tt.ip.dest), tok->len, err); if (err) return (-1); return (0); } static void print_ip_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "ip", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "version"); print_mem(fp, (u_char *)(&tok->tt.ip.version), sizeof(u_char)); close_attr(fp); open_attr(fp, "service_type"); print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char)); close_attr(fp); open_attr(fp, "len"); print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u"); close_attr(fp); open_attr(fp, "id"); print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u"); close_attr(fp); open_attr(fp, "offset"); print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u"); close_attr(fp); open_attr(fp, "time_to_live"); print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char)); close_attr(fp); open_attr(fp, "protocol"); print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char)); close_attr(fp); open_attr(fp, "cksum"); print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u"); close_attr(fp); open_attr(fp, "src_addr"); print_ip_address(fp, tok->tt.ip.src); close_attr(fp); open_attr(fp, "dest_addr"); print_ip_address(fp, tok->tt.ip.dest); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_mem(fp, (u_char *)(&tok->tt.ip.version), sizeof(u_char)); print_delim(fp, del); print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char)); print_delim(fp, del); print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u"); print_delim(fp, del); print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u"); print_delim(fp, del); print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u"); print_delim(fp, del); print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char)); print_delim(fp, del); print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char)); print_delim(fp, del); print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u"); print_delim(fp, del); print_ip_address(fp, tok->tt.ip.src); print_delim(fp, del); print_ip_address(fp, tok->tt.ip.dest); } } /* * object ID type 1 byte * Object ID 4 bytes */ static int fetch_ipc_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_CHAR(buf, len, tok->tt.ipc.type, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.ipc.id, tok->len, err); if (err) return (-1); return (0); } static void print_ipc_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "IPC", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "ipc-type"); print_ipctype(fp, tok->tt.ipc.type, oflags); close_attr(fp); open_attr(fp, "ipc-id"); print_4_bytes(fp, tok->tt.ipc.id, "%u"); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_ipctype(fp, tok->tt.ipc.type, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.ipc.id, "%u"); } } /* * owner user id 4 bytes * owner group id 4 bytes * creator user id 4 bytes * creator group id 4 bytes * access mode 4 bytes * slot seq 4 bytes * key 4 bytes */ static int fetch_ipcperm_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.uid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.gid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.puid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.pgid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.mode, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.seq, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.key, tok->len, err); if (err) return (-1); return (0); } static void print_ipcperm_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "IPC perm", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "uid"); print_user(fp, tok->tt.ipcperm.uid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.ipcperm.gid, oflags); close_attr(fp); open_attr(fp, "creator-uid"); print_user(fp, tok->tt.ipcperm.puid, oflags); close_attr(fp); open_attr(fp, "creator-gid"); print_group(fp, tok->tt.ipcperm.pgid, oflags); close_attr(fp); open_attr(fp, "mode"); print_4_bytes(fp, tok->tt.ipcperm.mode, "%o"); close_attr(fp); open_attr(fp, "seq"); print_4_bytes(fp, tok->tt.ipcperm.seq, "%u"); close_attr(fp); open_attr(fp, "key"); print_4_bytes(fp, tok->tt.ipcperm.key, "%u"); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_user(fp, tok->tt.ipcperm.uid, oflags); print_delim(fp, del); print_group(fp, tok->tt.ipcperm.gid, oflags); print_delim(fp, del); print_user(fp, tok->tt.ipcperm.puid, oflags); print_delim(fp, del); print_group(fp, tok->tt.ipcperm.pgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.ipcperm.mode, "%o"); print_delim(fp, del); print_4_bytes(fp, tok->tt.ipcperm.seq, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.ipcperm.key, "%u"); } } /* * port Ip address 2 bytes */ static int fetch_iport_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_BYTES(buf, len, &tok->tt.iport.port, sizeof(uint16_t), tok->len, err); if (err) return (-1); return (0); } static void print_iport_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "ip port", oflags); if (oflags & AU_OFLAG_XML) { print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x"); close_tag(fp, tok->id); } else { print_delim(fp, del); print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x"); } } /* * size 2 bytes * data size bytes */ static int fetch_opaque_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.opaque.size, tok->len, err); if (err) return (-1); SET_PTR((char*)buf, len, tok->tt.opaque.data, tok->tt.opaque.size, tok->len, err); if (err) return (-1); return (0); } static void print_opaque_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "opaque", oflags); if (oflags & AU_OFLAG_XML) { print_mem(fp, (u_char*)tok->tt.opaque.data, tok->tt.opaque.size); close_tag(fp, tok->id); } else { print_delim(fp, del); print_2_bytes(fp, tok->tt.opaque.size, "%u"); print_delim(fp, del); print_mem(fp, (u_char*)tok->tt.opaque.data, tok->tt.opaque.size); } } /* * size 2 bytes * data size bytes */ static int fetch_path_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.path.len, tok->len, err); if (err) return (-1); SET_PTR((char*)buf, len, tok->tt.path.path, tok->tt.path.len, tok->len, err); if (err) return (-1); return (0); } static void print_path_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "path", oflags); if (oflags & AU_OFLAG_XML) { print_string(fp, tok->tt.path.path, tok->tt.path.len); close_tag(fp, tok->id); } else { print_delim(fp, del); print_string(fp, tok->tt.path.path, tok->tt.path.len); } } /* * token ID 1 byte * audit ID 4 bytes * euid 4 bytes * egid 4 bytes * ruid 4 bytes * rgid 4 bytes * pid 4 bytes * sessid 4 bytes * terminal ID * portid 4 bytes * machine id 4 bytes */ static int fetch_process32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.auid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.euid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.egid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.ruid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.rgid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.pid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.sid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.tid.port, tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.proc32.tid.addr, sizeof(tok->tt.proc32.tid.addr), tok->len, err); if (err) return (-1); return (0); } static void print_process32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "process", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); print_user(fp, tok->tt.proc32.auid, oflags); close_attr(fp); open_attr(fp, "uid"); print_user(fp, tok->tt.proc32.euid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.proc32.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); print_user(fp, tok->tt.proc32.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); print_group(fp, tok->tt.proc32.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.proc32.pid, "%u"); close_attr(fp); open_attr(fp, "sid"); print_4_bytes(fp, tok->tt.proc32.sid, "%u"); close_attr(fp); open_attr(fp, "tid"); print_4_bytes(fp, tok->tt.proc32.tid.port, "%u"); print_ip_address(fp, tok->tt.proc32.tid.addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_user(fp, tok->tt.proc32.auid, oflags); print_delim(fp, del); print_user(fp, tok->tt.proc32.euid, oflags); print_delim(fp, del); print_group(fp, tok->tt.proc32.egid, oflags); print_delim(fp, del); print_user(fp, tok->tt.proc32.ruid, oflags); print_delim(fp, del); print_group(fp, tok->tt.proc32.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc32.pid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc32.sid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc32.tid.port, "%u"); print_delim(fp, del); print_ip_address(fp, tok->tt.proc32.tid.addr); } } /* * token ID 1 byte * audit ID 4 bytes * euid 4 bytes * egid 4 bytes * ruid 4 bytes * rgid 4 bytes * pid 4 bytes * sessid 4 bytes * terminal ID * portid 8 bytes * machine id 4 bytes */ static int fetch_process64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.auid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.euid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.egid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.ruid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.rgid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.pid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.sid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.proc64.tid.port, tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.proc64.tid.addr, sizeof(tok->tt.proc64.tid.addr), tok->len, err); if (err) return (-1); return (0); } static void print_process64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "process", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); print_user(fp, tok->tt.proc64.auid, oflags); close_attr(fp); open_attr(fp, "uid"); print_user(fp, tok->tt.proc64.euid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.proc64.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); print_user(fp, tok->tt.proc64.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); print_group(fp, tok->tt.proc64.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.proc64.pid, "%u"); close_attr(fp); open_attr(fp, "sid"); print_4_bytes(fp, tok->tt.proc64.sid, "%u"); close_attr(fp); open_attr(fp, "tid"); print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu"); print_ip_address(fp, tok->tt.proc64.tid.addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_user(fp, tok->tt.proc64.auid, oflags); print_delim(fp, del); print_user(fp, tok->tt.proc64.euid, oflags); print_delim(fp, del); print_group(fp, tok->tt.proc64.egid, oflags); print_delim(fp, del); print_user(fp, tok->tt.proc64.ruid, oflags); print_delim(fp, del); print_group(fp, tok->tt.proc64.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc64.pid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc64.sid, "%u"); print_delim(fp, del); print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu"); print_delim(fp, del); print_ip_address(fp, tok->tt.proc64.tid.addr); } } /* * token ID 1 byte * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes * address type-len 4 bytes * machine address 16 bytes */ static int fetch_process32ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.auid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.euid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.egid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.ruid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.rgid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.pid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.sid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.tid.port, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.tid.type, tok->len, err); if (err) return (-1); if (tok->tt.proc32_ex.tid.type == AU_IPv4) { READ_TOKEN_BYTES(buf, len, &tok->tt.proc32_ex.tid.addr[0], sizeof(tok->tt.proc32_ex.tid.addr[0]), tok->len, err); if (err) return (-1); } else if (tok->tt.proc32_ex.tid.type == AU_IPv6) { READ_TOKEN_BYTES(buf, len, tok->tt.proc32_ex.tid.addr, sizeof(tok->tt.proc32_ex.tid.addr), tok->len, err); if (err) return (-1); } else return (-1); return (0); } static void print_process32ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "process_ex", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); print_user(fp, tok->tt.proc32_ex.auid, oflags); close_attr(fp); open_attr(fp, "uid"); print_user(fp, tok->tt.proc32_ex.euid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.proc32_ex.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); print_user(fp, tok->tt.proc32_ex.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); print_group(fp, tok->tt.proc32_ex.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u"); close_attr(fp); open_attr(fp, "sid"); print_4_bytes(fp, tok->tt.proc32_ex.sid, "%u"); close_attr(fp); open_attr(fp, "tid"); print_4_bytes(fp, tok->tt.proc32_ex.tid.port, "%u"); print_ip_ex_address(fp, tok->tt.proc32_ex.tid.type, tok->tt.proc32_ex.tid.addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_user(fp, tok->tt.proc32_ex.auid, oflags); print_delim(fp, del); print_user(fp, tok->tt.proc32_ex.euid, oflags); print_delim(fp, del); print_group(fp, tok->tt.proc32_ex.egid, oflags); print_delim(fp, del); print_user(fp, tok->tt.proc32_ex.ruid, oflags); print_delim(fp, del); print_group(fp, tok->tt.proc32_ex.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc32_ex.sid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc32_ex.tid.port, "%u"); print_delim(fp, del); print_ip_ex_address(fp, tok->tt.proc32_ex.tid.type, tok->tt.proc32_ex.tid.addr); } } /* * token ID 1 byte * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 8 bytes * address type-len 4 bytes * machine address 16 bytes */ static int fetch_process64ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.auid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.euid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.egid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.ruid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.rgid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.pid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.sid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.proc64_ex.tid.port, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.tid.type, tok->len, err); if (err) return (-1); if (tok->tt.proc64_ex.tid.type == AU_IPv4) { READ_TOKEN_BYTES(buf, len, &tok->tt.proc64_ex.tid.addr[0], sizeof(tok->tt.proc64_ex.tid.addr[0]), tok->len, err); if (err) return (-1); } else if (tok->tt.proc64_ex.tid.type == AU_IPv6) { READ_TOKEN_BYTES(buf, len, tok->tt.proc64_ex.tid.addr, sizeof(tok->tt.proc64_ex.tid.addr), tok->len, err); if (err) return (-1); } else return (-1); return (0); } static void print_process64ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "process_ex", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); print_user(fp, tok->tt.proc64_ex.auid, oflags); close_attr(fp); open_attr(fp, "uid"); print_user(fp, tok->tt.proc64_ex.euid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.proc64_ex.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); print_user(fp, tok->tt.proc64_ex.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); print_group(fp, tok->tt.proc64_ex.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u"); close_attr(fp); open_attr(fp, "sid"); print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u"); close_attr(fp); open_attr(fp, "tid"); print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu"); print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type, tok->tt.proc64_ex.tid.addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_user(fp, tok->tt.proc64_ex.auid, oflags); print_delim(fp, del); print_user(fp, tok->tt.proc64_ex.euid, oflags); print_delim(fp, del); print_group(fp, tok->tt.proc64_ex.egid, oflags); print_delim(fp, del); print_user(fp, tok->tt.proc64_ex.ruid, oflags); print_delim(fp, del); print_group(fp, tok->tt.proc64_ex.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u"); print_delim(fp, del); print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu"); print_delim(fp, del); print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type, tok->tt.proc64_ex.tid.addr); } } /* * errno 1 byte * return value 4 bytes */ static int fetch_return32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_CHAR(buf, len, tok->tt.ret32.status, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.ret32.ret, tok->len, err); if (err) return (-1); return (0); } static void print_return32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "return", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp ,"errval"); print_retval(fp, tok->tt.ret32.status, oflags); close_attr(fp); open_attr(fp, "retval"); print_4_bytes(fp, tok->tt.ret32.ret, "%u"); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_retval(fp, tok->tt.ret32.status, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.ret32.ret, "%u"); } } static int fetch_return64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_CHAR(buf, len, tok->tt.ret64.err, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.ret64.val, tok->len, err); if (err) return (-1); return (0); } static void print_return64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "return", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "errval"); print_retval(fp, tok->tt.ret64.err, oflags); close_attr(fp); open_attr(fp, "retval"); print_8_bytes(fp, tok->tt.ret64.val, "%lld"); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_retval(fp, tok->tt.ret64.err, oflags); print_delim(fp, del); print_8_bytes(fp, tok->tt.ret64.val, "%lld"); } } /* * seq 4 bytes */ static int fetch_seq_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.seq.seqno, tok->len, err); if (err) return (-1); return (0); } static void print_seq_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "sequence", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "seq-num"); print_4_bytes(fp, tok->tt.seq.seqno, "%u"); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_4_bytes(fp, tok->tt.seq.seqno, "%u"); } } /* * socket family 2 bytes * local port 2 bytes * socket address 4 bytes */ static int fetch_sock_inet32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.sockinet_ex32.family, tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet_ex32.port, sizeof(uint16_t), tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet_ex32.addr, sizeof(tok->tt.sockinet_ex32.addr[0]), tok->len, err); if (err) return (-1); return (0); } static void print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "socket-inet", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u"); close_attr(fp); open_attr(fp, "port"); print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u"); close_attr(fp); open_attr(fp, "addr"); print_ip_address(fp, tok->tt.sockinet_ex32.addr[0]); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u"); print_delim(fp, del); print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u"); print_delim(fp, del); print_ip_address(fp, tok->tt.sockinet_ex32.addr[0]); } } /* * socket family 2 bytes * local port 2 bytes * socket address 16 bytes */ static int fetch_sock_inet128_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.sockinet_ex32.family, tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet_ex32.port, sizeof(uint16_t), tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet_ex32.addr, sizeof(tok->tt.sockinet_ex32.addr), tok->len, err); if (err) return (-1); return (0); } static void print_sock_inet128_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "socket-inet6", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u"); close_attr(fp); open_attr(fp, "port"); print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u"); close_attr(fp); open_attr(fp, "addr"); print_ip_ex_address(fp, AU_IPv6, tok->tt.sockinet_ex32.addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u"); print_delim(fp, del); print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u"); print_delim(fp, del); print_ip_ex_address(fp, AU_IPv6, tok->tt.sockinet_ex32.addr); } } /* * socket family 2 bytes * path (up to) 104 bytes + NULL (NULL terminated string). */ static int fetch_sock_unix_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; u_char *p; int slen; READ_TOKEN_U_INT16(buf, len, tok->tt.sockunix.family, tok->len, err); if (err) return (-1); /* slen = strnlen((buf + tok->len), 104) + 1; */ p = (u_char *)memchr((const void *)(buf + tok->len), '\0', 104); slen = (p ? (int)(p - (buf + tok->len)) : 104) + 1; READ_TOKEN_BYTES(buf, len, tok->tt.sockunix.path, slen, tok->len, err); if (err) return (-1); return (0); } static void print_sock_unix_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "socket-unix", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); print_2_bytes(fp, tok->tt.sockunix.family, "%u"); close_attr(fp); open_attr(fp, "port"); close_attr(fp); open_attr(fp, "addr"); print_string(fp, tok->tt.sockunix.path, strlen(tok->tt.sockunix.path)); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_2_bytes(fp, tok->tt.sockunix.family, "%u"); print_delim(fp, del); print_string(fp, tok->tt.sockunix.path, strlen(tok->tt.sockunix.path)); } } /* * socket type 2 bytes * local port 2 bytes * local address 4 bytes * remote port 2 bytes * remote address 4 bytes */ static int fetch_socket_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.socket.type, tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.socket.l_port, sizeof(uint16_t), tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.socket.l_addr, sizeof(tok->tt.socket.l_addr), tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.socket.r_port, sizeof(uint16_t), tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.socket.l_addr, sizeof(tok->tt.socket.r_addr), tok->len, err); if (err) return (-1); return (0); } static void print_socket_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "socket", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "sock_type"); print_2_bytes(fp, tok->tt.socket.type, "%u"); close_attr(fp); open_attr(fp, "lport"); print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u"); close_attr(fp); open_attr(fp, "laddr"); print_ip_address(fp, tok->tt.socket.l_addr); close_attr(fp); open_attr(fp, "fport"); print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u"); close_attr(fp); open_attr(fp, "faddr"); print_ip_address(fp, tok->tt.socket.r_addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_2_bytes(fp, tok->tt.socket.type, "%u"); print_delim(fp, del); print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u"); print_delim(fp, del); print_ip_address(fp, tok->tt.socket.l_addr); print_delim(fp, del); print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u"); print_delim(fp, del); print_ip_address(fp, tok->tt.socket.r_addr); } } /* * audit ID 4 bytes * euid 4 bytes * egid 4 bytes * ruid 4 bytes * rgid 4 bytes * pid 4 bytes * sessid 4 bytes * terminal ID * portid 4 bytes/8 bytes (32-bit/64-bit value) * machine id 4 bytes */ static int fetch_subject32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.auid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.euid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.egid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.ruid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.rgid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.pid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.sid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.tid.port, tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.subj32.tid.addr, sizeof(tok->tt.subj32.tid.addr), tok->len, err); if (err) return (-1); return (0); } static void print_subject32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "subject", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); print_user(fp, tok->tt.subj32.auid, oflags); close_attr(fp); open_attr(fp, "uid"); print_user(fp, tok->tt.subj32.euid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.subj32.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); print_user(fp, tok->tt.subj32.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); print_group(fp, tok->tt.subj32.rgid, oflags); close_attr(fp); open_attr(fp,"pid"); print_4_bytes(fp, tok->tt.subj32.pid, "%u"); close_attr(fp); open_attr(fp,"sid"); print_4_bytes(fp, tok->tt.subj32.sid, "%u"); close_attr(fp); open_attr(fp,"tid"); print_4_bytes(fp, tok->tt.subj32.tid.port, "%u "); print_ip_address(fp, tok->tt.subj32.tid.addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_user(fp, tok->tt.subj32.auid, oflags); print_delim(fp, del); print_user(fp, tok->tt.subj32.euid, oflags); print_delim(fp, del); print_group(fp, tok->tt.subj32.egid, oflags); print_delim(fp, del); print_user(fp, tok->tt.subj32.ruid, oflags); print_delim(fp, del); print_group(fp, tok->tt.subj32.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj32.pid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj32.sid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj32.tid.port, "%u"); print_delim(fp, del); print_ip_address(fp, tok->tt.subj32.tid.addr); } } static void print_upriv_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "use of privilege", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "status"); if (tok->tt.priv.sorf) (void) fprintf(fp, "successful use of priv"); else (void) fprintf(fp, "failed use of priv"); close_attr(fp); open_attr(fp, "name"); print_string(fp, tok->tt.priv.priv, tok->tt.priv.privstrlen); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); if (tok->tt.priv.sorf) (void) fprintf(fp, "successful use of priv"); else (void) fprintf(fp, "failed use of priv"); print_delim(fp, del); print_string(fp, tok->tt.priv.priv, tok->tt.priv.privstrlen); } } /* * status 1 byte * privstrlen 2 bytes * priv N bytes + 1 (\0 byte) */ static int fetch_priv_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_CHAR(buf, len, tok->tt.priv.sorf, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.priv.privstrlen, tok->len, err); if (err) return (-1); SET_PTR((char *)buf, len, tok->tt.priv.priv, tok->tt.priv.privstrlen, tok->len, err); if (err) return (-1); return (0); } /* * privtstrlen 1 byte * privtstr N bytes + 1 * privstrlen 1 byte * privstr N bytes + 1 */ static int fetch_privset_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.privset.privtstrlen, tok->len, err); if (err) return (-1); SET_PTR((char *)buf, len, tok->tt.privset.privtstr, tok->tt.privset.privtstrlen, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.privset.privstrlen, tok->len, err); if (err) return (-1); SET_PTR((char *)buf, len, tok->tt.privset.privstr, tok->tt.privset.privstrlen, tok->len, err); if (err) return (-1); return (0); } static void print_privset_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "privilege", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); print_string(fp, tok->tt.privset.privtstr, tok->tt.privset.privtstrlen); close_attr(fp); open_attr(fp, "priv"); print_string(fp, tok->tt.privset.privstr, tok->tt.privset.privstrlen); close_attr(fp); } else { print_delim(fp, del); print_string(fp, tok->tt.privset.privtstr, tok->tt.privset.privtstrlen); print_delim(fp, del); print_string(fp, tok->tt.privset.privstr, tok->tt.privset.privstrlen); } } /* * audit ID 4 bytes * euid 4 bytes * egid 4 bytes * ruid 4 bytes * rgid 4 bytes * pid 4 bytes * sessid 4 bytes * terminal ID * portid 4 bytes/8 bytes (32-bit/64-bit value) * machine id 4 bytes */ static int fetch_subject64_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.auid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.euid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.egid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.ruid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.rgid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.pid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.sid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.subj64.tid.port, tok->len, err); if (err) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.subj64.tid.addr, sizeof(tok->tt.subj64.tid.addr), tok->len, err); if (err) return (-1); return (0); } static void print_subject64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "subject", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); print_user(fp, tok->tt.subj64.auid, oflags); close_attr(fp); open_attr(fp, "uid"); print_user(fp, tok->tt.subj64.euid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.subj64.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); print_user(fp, tok->tt.subj64.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); print_group(fp, tok->tt.subj64.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.subj64.pid, "%u"); close_attr(fp); open_attr(fp, "sid"); print_4_bytes(fp, tok->tt.subj64.sid, "%u"); close_attr(fp); open_attr(fp, "tid"); print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu"); print_ip_address(fp, tok->tt.subj64.tid.addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_user(fp, tok->tt.subj64.auid, oflags); print_delim(fp, del); print_user(fp, tok->tt.subj64.euid, oflags); print_delim(fp, del); print_group(fp, tok->tt.subj64.egid, oflags); print_delim(fp, del); print_user(fp, tok->tt.subj64.ruid, oflags); print_delim(fp, del); print_group(fp, tok->tt.subj64.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj64.pid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj64.sid, "%u"); print_delim(fp, del); print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu"); print_delim(fp, del); print_ip_address(fp, tok->tt.subj64.tid.addr); } } /* * audit ID 4 bytes * euid 4 bytes * egid 4 bytes * ruid 4 bytes * rgid 4 bytes * pid 4 bytes * sessid 4 bytes * terminal ID * portid 4 bytes * type 4 bytes * machine id 16 bytes */ static int fetch_subject32ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.auid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.euid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.egid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.ruid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.rgid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.pid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.sid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.tid.port, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.tid.type, tok->len, err); if (err) return (-1); if (tok->tt.subj32_ex.tid.type == AU_IPv4) { READ_TOKEN_BYTES(buf, len, &tok->tt.subj32_ex.tid.addr[0], sizeof(tok->tt.subj32_ex.tid.addr[0]), tok->len, err); if (err) return (-1); } else if (tok->tt.subj32_ex.tid.type == AU_IPv6) { READ_TOKEN_BYTES(buf, len, tok->tt.subj32_ex.tid.addr, sizeof(tok->tt.subj32_ex.tid.addr), tok->len, err); if (err) return (-1); } else return (-1); return (0); } static void print_subject32ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "subject_ex", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); print_user(fp, tok->tt.subj32_ex.auid, oflags); close_attr(fp); open_attr(fp, "uid"); print_user(fp, tok->tt.subj32_ex.euid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.subj32_ex.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); print_user(fp, tok->tt.subj32_ex.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); print_group(fp, tok->tt.subj32_ex.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u"); close_attr(fp); open_attr(fp, "sid"); print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u"); close_attr(fp); open_attr(fp, "tid"); print_4_bytes(fp, tok->tt.subj32_ex.tid.port, "%u"); print_ip_ex_address(fp, tok->tt.subj32_ex.tid.type, tok->tt.subj32_ex.tid.addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_user(fp, tok->tt.subj32_ex.auid, oflags); print_delim(fp, del); print_user(fp, tok->tt.subj32_ex.euid, oflags); print_delim(fp, del); print_group(fp, tok->tt.subj32_ex.egid, oflags); print_delim(fp, del); print_user(fp, tok->tt.subj32_ex.ruid, oflags); print_delim(fp, del); print_group(fp, tok->tt.subj32_ex.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj32_ex.tid.port, "%u"); print_delim(fp, del); print_ip_ex_address(fp, tok->tt.subj32_ex.tid.type, tok->tt.subj32_ex.tid.addr); } } /* * audit ID 4 bytes * euid 4 bytes * egid 4 bytes * ruid 4 bytes * rgid 4 bytes * pid 4 bytes * sessid 4 bytes * terminal ID * portid 8 bytes * type 4 bytes * machine id 16 bytes */ static int fetch_subject64ex_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.auid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.euid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.egid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.ruid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.rgid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.pid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.sid, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT64(buf, len, tok->tt.subj64_ex.tid.port, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.tid.type, tok->len, err); if (err) return (-1); if (tok->tt.subj64_ex.tid.type == AU_IPv4) { READ_TOKEN_BYTES(buf, len, &tok->tt.subj64_ex.tid.addr[0], sizeof(tok->tt.subj64_ex.tid.addr[0]), tok->len, err); if (err) return (-1); } else if (tok->tt.subj64_ex.tid.type == AU_IPv6) { READ_TOKEN_BYTES(buf, len, tok->tt.subj64_ex.tid.addr, sizeof(tok->tt.subj64_ex.tid.addr), tok->len, err); if (err) return (-1); } else return (-1); return (0); } static void print_subject64ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "subject_ex", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); print_user(fp, tok->tt.subj64_ex.auid, oflags); close_attr(fp); open_attr(fp, "uid"); print_user(fp, tok->tt.subj64_ex.euid, oflags); close_attr(fp); open_attr(fp, "gid"); print_group(fp, tok->tt.subj64_ex.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); print_user(fp, tok->tt.subj64_ex.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); print_group(fp, tok->tt.subj64_ex.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); close_attr(fp); open_attr(fp, "sid"); print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u"); close_attr(fp); open_attr(fp, "tid"); print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu"); print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type, tok->tt.subj64_ex.tid.addr); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_user(fp, tok->tt.subj64_ex.auid, oflags); print_delim(fp, del); print_user(fp, tok->tt.subj64_ex.euid, oflags); print_delim(fp, del); print_group(fp, tok->tt.subj64_ex.egid, oflags); print_delim(fp, del); print_user(fp, tok->tt.subj64_ex.ruid, oflags); print_delim(fp, del); print_group(fp, tok->tt.subj64_ex.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u"); print_delim(fp, del); print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu"); print_delim(fp, del); print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type, tok->tt.subj64_ex.tid.addr); } } /* * size 2 bytes * data size bytes */ static int fetch_text_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.text.len, tok->len, err); if (err) return (-1); SET_PTR((char*)buf, len, tok->tt.text.text, tok->tt.text.len, tok->len, err); if (err) return (-1); return (0); } static void print_text_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "text", oflags); if (oflags & AU_OFLAG_XML) { print_string(fp, tok->tt.text.text, tok->tt.text.len); close_tag(fp, tok->id); } else { print_delim(fp, del); print_string(fp, tok->tt.text.text, tok->tt.text.len); } } /* * socket domain 2 bytes * socket type 2 bytes * address type 2 bytes * local port 2 bytes * local Internet address 4/16 bytes * remote port 2 bytes * remote Internet address 4/16 bytes */ static int fetch_socketex32_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.domain, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.type, tok->len, err); if (err) return (-1); READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.atype, tok->len, err); if (err) return (-1); if (tok->tt.socket_ex32.atype != AU_IPv4 && tok->tt.socket_ex32.atype != AU_IPv6) return (-1); READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.l_port, sizeof(uint16_t), tok->len, err); if (err) return (-1); if (tok->tt.socket_ex32.atype == AU_IPv4) { READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.l_addr, sizeof(tok->tt.socket_ex32.l_addr[0]), tok->len, err); if (err) return (-1); } else { READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.l_addr, sizeof(tok->tt.socket_ex32.l_addr), tok->len, err); if (err) return (-1); } READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.r_port, sizeof(uint16_t), tok->len, err); if (err) return (-1); if (tok->tt.socket_ex32.atype == AU_IPv4) { READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.r_addr, sizeof(tok->tt.socket_ex32.r_addr[0]), tok->len, err); if (err) return (-1); } else { READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.r_addr, sizeof(tok->tt.socket_ex32.r_addr), tok->len, err); if (err) return (-1); } return (0); } static void print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { /* * This print routine prints BSM constant space domains and socket * types rather than converting them. If we add string printers for * these constants in the future, we may want to call conversion * routines. */ print_tok_type(fp, tok->id, "socket", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "sock_dom"); print_2_bytes(fp, tok->tt.socket_ex32.domain, "%#x"); close_attr(fp); open_attr(fp, "sock_type"); print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x"); close_attr(fp); open_attr(fp, "lport"); print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x"); close_attr(fp); open_attr(fp, "laddr"); print_ip_ex_address(fp, tok->tt.socket_ex32.atype, tok->tt.socket_ex32.l_addr); close_attr(fp); open_attr(fp, "faddr"); print_ip_ex_address(fp, tok->tt.socket_ex32.atype, tok->tt.socket_ex32.r_addr); close_attr(fp); open_attr(fp, "fport"); print_2_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x"); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_2_bytes(fp, tok->tt.socket_ex32.domain, "%#x"); print_delim(fp, del); print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x"); print_delim(fp, del); print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x"); print_delim(fp, del); print_ip_ex_address(fp, tok->tt.socket_ex32.atype, tok->tt.socket_ex32.l_addr); print_delim(fp, del); print_4_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x"); print_delim(fp, del); print_ip_ex_address(fp, tok->tt.socket_ex32.atype, tok->tt.socket_ex32.r_addr); } } static int fetch_invalid_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; int recoversize; recoversize = len - (tok->len + AUDIT_TRAILER_SIZE); if (recoversize <= 0) return (-1); tok->tt.invalid.length = recoversize; SET_PTR((char*)buf, len, tok->tt.invalid.data, recoversize, tok->len, err); if (err) return (-1); return (0); } static void print_invalid_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { if (!(oflags & AU_OFLAG_XML)) { print_tok_type(fp, tok->id, "unknown", oflags); print_delim(fp, del); print_mem(fp, (u_char*)tok->tt.invalid.data, tok->tt.invalid.length); } } /* * size 2 bytes; * zonename size bytes; */ static int fetch_zonename_tok(tokenstr_t *tok, u_char *buf, int len) { int err = 0; READ_TOKEN_U_INT16(buf, len, tok->tt.zonename.len, tok->len, err); if (err) return (-1); SET_PTR((char *)buf, len, tok->tt.zonename.zonename, tok->tt.zonename.len, tok->len, err); if (err) return (-1); return (0); } static void print_zonename_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { print_tok_type(fp, tok->id, "zone", oflags); if (oflags & AU_OFLAG_XML) { open_attr(fp, "name"); print_string(fp, tok->tt.zonename.zonename, tok->tt.zonename.len); close_attr(fp); close_tag(fp, tok->id); } else { print_delim(fp, del); print_string(fp, tok->tt.zonename.zonename, tok->tt.zonename.len); } } /* * Reads the token beginning at buf into tok. */ int au_fetch_tok(tokenstr_t *tok, u_char *buf, int len) { if (len <= 0) return (-1); tok->len = 1; tok->data = buf; tok->id = *buf; switch(tok->id) { case AUT_HEADER32: return (fetch_header32_tok(tok, buf, len)); case AUT_HEADER32_EX: return (fetch_header32_ex_tok(tok, buf, len)); case AUT_HEADER64: return (fetch_header64_tok(tok, buf, len)); case AUT_HEADER64_EX: return (fetch_header64_ex_tok(tok, buf, len)); case AUT_TRAILER: return (fetch_trailer_tok(tok, buf, len)); case AUT_ARG32: return (fetch_arg32_tok(tok, buf, len)); case AUT_ARG64: return (fetch_arg64_tok(tok, buf, len)); case AUT_ATTR32: return (fetch_attr32_tok(tok, buf, len)); case AUT_ATTR64: return (fetch_attr64_tok(tok, buf, len)); case AUT_EXIT: return (fetch_exit_tok(tok, buf, len)); case AUT_EXEC_ARGS: return (fetch_execarg_tok(tok, buf, len)); case AUT_EXEC_ENV: return (fetch_execenv_tok(tok, buf, len)); case AUT_OTHER_FILE32: return (fetch_file_tok(tok, buf, len)); case AUT_NEWGROUPS: return (fetch_newgroups_tok(tok, buf, len)); case AUT_IN_ADDR: return (fetch_inaddr_tok(tok, buf, len)); case AUT_IN_ADDR_EX: return (fetch_inaddr_ex_tok(tok, buf, len)); case AUT_IP: return (fetch_ip_tok(tok, buf, len)); case AUT_IPC: return (fetch_ipc_tok(tok, buf, len)); case AUT_IPC_PERM: return (fetch_ipcperm_tok(tok, buf, len)); case AUT_IPORT: return (fetch_iport_tok(tok, buf, len)); case AUT_OPAQUE: return (fetch_opaque_tok(tok, buf, len)); case AUT_PATH: return (fetch_path_tok(tok, buf, len)); case AUT_PROCESS32: return (fetch_process32_tok(tok, buf, len)); case AUT_PROCESS32_EX: return (fetch_process32ex_tok(tok, buf, len)); case AUT_PROCESS64: return (fetch_process64_tok(tok, buf, len)); case AUT_PROCESS64_EX: return (fetch_process64ex_tok(tok, buf, len)); case AUT_RETURN32: return (fetch_return32_tok(tok, buf, len)); case AUT_RETURN64: return (fetch_return64_tok(tok, buf, len)); case AUT_SEQ: return (fetch_seq_tok(tok, buf, len)); case AUT_SOCKET: return (fetch_socket_tok(tok, buf, len)); case AUT_SOCKINET32: return (fetch_sock_inet32_tok(tok, buf, len)); case AUT_SOCKUNIX: return (fetch_sock_unix_tok(tok, buf, len)); case AUT_SOCKINET128: return (fetch_sock_inet128_tok(tok, buf, len)); case AUT_SUBJECT32: return (fetch_subject32_tok(tok, buf, len)); case AUT_SUBJECT32_EX: return (fetch_subject32ex_tok(tok, buf, len)); case AUT_SUBJECT64: return (fetch_subject64_tok(tok, buf, len)); case AUT_SUBJECT64_EX: return (fetch_subject64ex_tok(tok, buf, len)); case AUT_TEXT: return (fetch_text_tok(tok, buf, len)); case AUT_SOCKET_EX: return (fetch_socketex32_tok(tok, buf, len)); case AUT_DATA: return (fetch_arb_tok(tok, buf, len)); case AUT_ZONENAME: return (fetch_zonename_tok(tok, buf, len)); case AUT_UPRIV: return (fetch_priv_tok(tok, buf, len)); case AUT_PRIV: return (fetch_privset_tok(tok, buf, len)); default: return (fetch_invalid_tok(tok, buf, len)); } } void au_print_flags_tok(FILE *outfp, tokenstr_t *tok, char *del, int oflags) { switch(tok->id) { case AUT_HEADER32: print_header32_tok(outfp, tok, del, oflags); return; case AUT_HEADER32_EX: print_header32_ex_tok(outfp, tok, del, oflags); return; case AUT_HEADER64: print_header64_tok(outfp, tok, del, oflags); return; case AUT_HEADER64_EX: print_header64_ex_tok(outfp, tok, del, oflags); return; case AUT_TRAILER: print_trailer_tok(outfp, tok, del, oflags); return; case AUT_ARG32: print_arg32_tok(outfp, tok, del, oflags); return; case AUT_ARG64: print_arg64_tok(outfp, tok, del, oflags); return; case AUT_DATA: print_arb_tok(outfp, tok, del, oflags); return; case AUT_ATTR32: print_attr32_tok(outfp, tok, del, oflags); return; case AUT_ATTR64: print_attr64_tok(outfp, tok, del, oflags); return; case AUT_EXIT: print_exit_tok(outfp, tok, del, oflags); return; case AUT_EXEC_ARGS: print_execarg_tok(outfp, tok, del, oflags); return; case AUT_EXEC_ENV: print_execenv_tok(outfp, tok, del, oflags); return; case AUT_OTHER_FILE32: print_file_tok(outfp, tok, del, oflags); return; case AUT_NEWGROUPS: print_newgroups_tok(outfp, tok, del, oflags); return; case AUT_IN_ADDR: print_inaddr_tok(outfp, tok, del, oflags); return; case AUT_IN_ADDR_EX: print_inaddr_ex_tok(outfp, tok, del, oflags); return; case AUT_IP: print_ip_tok(outfp, tok, del, oflags); return; case AUT_IPC: print_ipc_tok(outfp, tok, del, oflags); return; case AUT_IPC_PERM: print_ipcperm_tok(outfp, tok, del, oflags); return; case AUT_IPORT: print_iport_tok(outfp, tok, del, oflags); return; case AUT_OPAQUE: print_opaque_tok(outfp, tok, del, oflags); return; case AUT_PATH: print_path_tok(outfp, tok, del, oflags); return; case AUT_PROCESS32: print_process32_tok(outfp, tok, del, oflags); return; case AUT_PROCESS32_EX: print_process32ex_tok(outfp, tok, del, oflags); return; case AUT_PROCESS64: print_process64_tok(outfp, tok, del, oflags); return; case AUT_PROCESS64_EX: print_process64ex_tok(outfp, tok, del, oflags); return; case AUT_RETURN32: print_return32_tok(outfp, tok, del, oflags); return; case AUT_RETURN64: print_return64_tok(outfp, tok, del, oflags); return; case AUT_SEQ: print_seq_tok(outfp, tok, del, oflags); return; case AUT_SOCKET: print_socket_tok(outfp, tok, del, oflags); return; case AUT_SOCKINET32: print_sock_inet32_tok(outfp, tok, del, oflags); return; case AUT_SOCKUNIX: print_sock_unix_tok(outfp, tok, del, oflags); return; case AUT_SOCKINET128: print_sock_inet128_tok(outfp, tok, del, oflags); return; case AUT_SUBJECT32: print_subject32_tok(outfp, tok, del, oflags); return; case AUT_SUBJECT64: print_subject64_tok(outfp, tok, del, oflags); return; case AUT_SUBJECT32_EX: print_subject32ex_tok(outfp, tok, del, oflags); return; case AUT_SUBJECT64_EX: print_subject64ex_tok(outfp, tok, del, oflags); return; case AUT_TEXT: print_text_tok(outfp, tok, del, oflags); return; case AUT_SOCKET_EX: print_socketex32_tok(outfp, tok, del, oflags); return; case AUT_ZONENAME: print_zonename_tok(outfp, tok, del, oflags); return; case AUT_UPRIV: print_upriv_tok(outfp, tok, del, oflags); return; case AUT_PRIV: print_privset_tok(outfp, tok, del, oflags); return; default: print_invalid_tok(outfp, tok, del, oflags); } } /* * 'prints' the token out to outfp. */ void au_print_tok(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm) { int oflags = AU_OFLAG_NONE; if (raw) oflags |= AU_OFLAG_RAW; if (sfrm) oflags |= AU_OFLAG_SHORT; au_print_flags_tok(outfp, tok, del, oflags); } /* * 'prints' the token out to outfp in XML format. */ void au_print_tok_xml(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm) { int oflags = AU_OFLAG_XML; if (raw) oflags |= AU_OFLAG_RAW; if (sfrm) oflags |= AU_OFLAG_SHORT; au_print_flags_tok(outfp, tok, del, oflags); } /* * Read a record from the file pointer, store data in buf memory for buf is * also allocated in this function and has to be free'd outside this call. * * au_read_rec() handles two possibilities: a stand-alone file token, or a * complete audit record. * * XXXRW: Note that if we hit an error, we leave the stream in an unusable * state, because it will be partly offset into a record. We should rewind * or do something more intelligent. Particularly interesting is the case * where we perform a partial read of a record from a non-blockable file * descriptor. We should return the partial read and continue...? */ int au_read_rec(FILE *fp, u_char **buf) { u_char *bptr; u_int32_t recsize; u_int32_t bytestoread; u_char type; u_int32_t sec, msec; u_int16_t filenamelen; type = fgetc(fp); switch (type) { case AUT_HEADER32: case AUT_HEADER32_EX: case AUT_HEADER64: case AUT_HEADER64_EX: /* read the record size from the token */ if (fread(&recsize, 1, sizeof(u_int32_t), fp) < sizeof(u_int32_t)) { errno = EINVAL; return (-1); } recsize = be32toh(recsize); /* Check for recsize sanity */ if (recsize < (sizeof(u_int32_t) + sizeof(u_char))) { errno = EINVAL; return (-1); } *buf = calloc(recsize, sizeof(u_char)); if (*buf == NULL) return (-1); bptr = *buf; /* store the token contents already read, back to the buffer*/ *bptr = type; bptr++; be32enc(bptr, recsize); bptr += sizeof(u_int32_t); /* now read remaining record bytes */ bytestoread = recsize - (sizeof(u_int32_t) + sizeof(u_char)); if (fread(bptr, 1, bytestoread, fp) < bytestoread) { free(*buf); errno = EINVAL; return (-1); } break; case AUT_OTHER_FILE32: /* * The file token is variable-length, as it includes a * pathname. As a result, we have to read incrementally * until we know the total length, then allocate space and * read the rest. */ if (fread(&sec, 1, sizeof(sec), fp) < sizeof(sec)) { errno = EINVAL; return (-1); } if (fread(&msec, 1, sizeof(msec), fp) < sizeof(msec)) { errno = EINVAL; return (-1); } if (fread(&filenamelen, 1, sizeof(filenamelen), fp) < sizeof(filenamelen)) { errno = EINVAL; return (-1); } recsize = sizeof(type) + sizeof(sec) + sizeof(msec) + sizeof(filenamelen) + ntohs(filenamelen); *buf = malloc(recsize); if (*buf == NULL) return (-1); bptr = *buf; bcopy(&type, bptr, sizeof(type)); bptr += sizeof(type); bcopy(&sec, bptr, sizeof(sec)); bptr += sizeof(sec); bcopy(&msec, bptr, sizeof(msec)); bptr += sizeof(msec); bcopy(&filenamelen, bptr, sizeof(filenamelen)); bptr += sizeof(filenamelen); if (fread(bptr, 1, ntohs(filenamelen), fp) < ntohs(filenamelen)) { free(buf); errno = EINVAL; return (-1); } break; default: errno = EINVAL; return (-1); } return (recsize); } Index: head/contrib/openbsm/libbsm/bsm_mask.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_mask.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_mask.c (revision 292432) @@ -1,214 +1,212 @@ /*- * Copyright (c) 2004 Apple Inc. * Copyright (c) 2005 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_mask.c#15 $ */ #include #include #ifdef HAVE_FULL_QUEUE_H #include #else /* !HAVE_FULL_QUEUE_H */ #include #endif /* !HAVE_FULL_QUEUE_H */ #include #ifdef HAVE_PTHREAD_MUTEX_LOCK #include #endif #include #include /* MT-Safe */ #ifdef HAVE_PTHREAD_MUTEX_LOCK static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; #endif static int firsttime = 1; /* * XXX ev_cache, once created, sticks around until the calling program exits. * This may or may not be a problem as far as absolute memory usage goes, but * at least there don't appear to be any leaks in using the cache. * * XXXRW: Note that despite (mutex), load_event_table() could race with * other consumers of the getauevents() API. */ struct audit_event_map { char ev_name[AU_EVENT_NAME_MAX]; char ev_desc[AU_EVENT_DESC_MAX]; struct au_event_ent ev; LIST_ENTRY(audit_event_map) ev_list; }; static LIST_HEAD(, audit_event_map) ev_cache; static struct audit_event_map * audit_event_map_alloc(void) { struct audit_event_map *aemp; aemp = malloc(sizeof(*aemp)); if (aemp == NULL) return (aemp); bzero(aemp, sizeof(*aemp)); aemp->ev.ae_name = aemp->ev_name; aemp->ev.ae_desc = aemp->ev_desc; return (aemp); } static void audit_event_map_free(struct audit_event_map *aemp) { free(aemp); } /* * When reading into the cache fails, we need to flush the entire cache to * prevent it from containing some but not all records. */ static void flush_cache(void) { struct audit_event_map *aemp; /* XXX: Would assert 'mutex'. */ while ((aemp = LIST_FIRST(&ev_cache)) != NULL) { LIST_REMOVE(aemp, ev_list); audit_event_map_free(aemp); } } static int load_event_table(void) { struct audit_event_map *aemp; struct au_event_ent *ep; /* * XXX: Would assert 'mutex'. * Loading of the cache happens only once; dont check if cache is * already loaded. */ LIST_INIT(&ev_cache); setauevent(); /* Rewind to beginning of entries. */ do { aemp = audit_event_map_alloc(); if (aemp == NULL) { flush_cache(); return (-1); } ep = getauevent_r(&aemp->ev); if (ep != NULL) LIST_INSERT_HEAD(&ev_cache, aemp, ev_list); else audit_event_map_free(aemp); } while (ep != NULL); return (1); } /* * Read the event with the matching event number from the cache. */ static struct au_event_ent * read_from_cache(au_event_t event) { struct audit_event_map *elem; /* XXX: Would assert 'mutex'. */ LIST_FOREACH(elem, &ev_cache, ev_list) { if (elem->ev.ae_number == event) return (&elem->ev); } return (NULL); } /* * Check if the audit event is preselected against the preselection mask. */ int au_preselect(au_event_t event, au_mask_t *mask_p, int sorf, int flag) { struct au_event_ent *ev; au_class_t effmask = 0; if (mask_p == NULL) return (-1); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif if (firsttime) { firsttime = 0; if ( -1 == load_event_table()) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } } switch (flag) { case AU_PRS_REREAD: flush_cache(); if (load_event_table() == -1) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } ev = read_from_cache(event); break; case AU_PRS_USECACHE: ev = read_from_cache(event); break; default: ev = NULL; } if (ev == NULL) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (-1); } if (sorf & AU_PRS_SUCCESS) effmask |= (mask_p->am_success & ev->ae_class); if (sorf & AU_PRS_FAILURE) effmask |= (mask_p->am_failure & ev->ae_class); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif if (effmask != 0) return (1); return (0); } Index: head/contrib/openbsm/libbsm/bsm_notify.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_notify.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_notify.c (revision 292432) @@ -1,181 +1,179 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#17 $ */ /* * Based on sample code from Marc Majka. */ #include #include #ifdef HAVE_FULL_QUEUE_H #include #else /* !HAVE_FULL_QUEUE_H */ #include #endif /* !HAVE_FULL_QUEUE_H */ #include #include #include #include #include #include #include #ifdef __APPLE__ #include /* If 1, assumes a kernel that sends the right notification. */ #define AUDIT_NOTIFICATION_ENABLED 1 #if AUDIT_NOTIFICATION_ENABLED static int token = 0; #endif /* AUDIT_NOTIFICATION_ENABLED */ static int au_cond = AUC_UNSET; /* */ uint32_t au_notify_initialize(void) { #if AUDIT_NOTIFICATION_ENABLED uint32_t status; int ignore_first; status = notify_register_check(__BSM_INTERNAL_NOTIFY_KEY, &token); if (status != NOTIFY_STATUS_OK) return (status); status = notify_check(token, &ignore_first); if (status != NOTIFY_STATUS_OK) return (status); #endif if (audit_get_cond(&au_cond) != 0) { syslog(LOG_ERR, "Initial audit status check failed (%s)", strerror(errno)); if (errno == ENOSYS) /* auditon() unimplemented. */ return (AU_UNIMPL); return (NOTIFY_STATUS_FAILED); /* Is there a better code? */ } return (NOTIFY_STATUS_OK); } int au_notify_terminate(void) { #if AUDIT_NOTIFICATION_ENABLED return ((notify_cancel(token) == NOTIFY_STATUS_OK) ? 0 : -1); #else return (0); #endif } /* * On error of any notify(3) call, reset 'au_cond' to ensure we re-run * au_notify_initialize() next time 'round--but assume auditing is on. This * is a slight performance hit if auditing is off, but at least the system * will behave correctly. The notification calls are unlikely to fail, * anyway. */ int au_get_state(void) { #if AUDIT_NOTIFICATION_ENABLED int did_notify; #endif int status; /* * Don't make the client initialize this set of routines, but take the * slight performance hit by checking ourselves every time. */ if (au_cond == AUC_UNSET) { status = au_notify_initialize(); if (status != NOTIFY_STATUS_OK) { if (status == AU_UNIMPL) return (AU_UNIMPL); return (AUC_AUDITING); } else return (au_cond); } #if AUDIT_NOTIFICATION_ENABLED status = notify_check(token, &did_notify); if (status != NOTIFY_STATUS_OK) { au_cond = AUC_UNSET; return (AUC_AUDITING); } if (did_notify == 0) return (au_cond); #endif if (audit_get_cond(&au_cond) != 0) { /* XXX Reset au_cond to AUC_UNSET? */ syslog(LOG_ERR, "Audit status check failed (%s)", strerror(errno)); if (errno == ENOSYS) /* Function unimplemented. */ return (AU_UNIMPL); return (errno); } switch (au_cond) { case AUC_NOAUDIT: /* Auditing suspended. */ case AUC_DISABLED: /* Auditing shut off. */ return (AUC_NOAUDIT); case AUC_UNSET: /* Uninitialized; shouldn't get here. */ case AUC_AUDITING: /* Audit on. */ default: return (AUC_AUDITING); } } #endif /* !__APPLE__ */ int cannot_audit(int val __unused) { #ifdef __APPLE__ return (!(au_get_state() == AUC_AUDITING)); #else int cond; if (audit_get_cond(&cond) != 0) { if (errno != ENOSYS) { syslog(LOG_ERR, "Audit status check failed (%s)", strerror(errno)); } return (1); } if (cond == AUC_NOAUDIT || cond == AUC_DISABLED) return (1); return (0); #endif /* !__APPLE__ */ } Index: head/contrib/openbsm/libbsm/bsm_socket_type.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_socket_type.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_socket_type.c (revision 292432) @@ -1,104 +1,102 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_socket_type.c#1 $ */ #include #include #include #include #include struct bsm_socket_type { u_short bst_bsm_socket_type; int bst_local_socket_type; }; #define ST_NO_LOCAL_MAPPING -600 static const struct bsm_socket_type bsm_socket_types[] = { { BSM_SOCK_DGRAM, SOCK_DGRAM }, { BSM_SOCK_STREAM, SOCK_STREAM }, { BSM_SOCK_RAW, SOCK_RAW }, { BSM_SOCK_RDM, SOCK_RDM }, { BSM_SOCK_SEQPACKET, SOCK_SEQPACKET }, }; static const int bsm_socket_types_count = sizeof(bsm_socket_types) / sizeof(bsm_socket_types[0]); static const struct bsm_socket_type * bsm_lookup_local_socket_type(int local_socket_type) { int i; for (i = 0; i < bsm_socket_types_count; i++) { if (bsm_socket_types[i].bst_local_socket_type == local_socket_type) return (&bsm_socket_types[i]); } return (NULL); } u_short au_socket_type_to_bsm(int local_socket_type) { const struct bsm_socket_type *bstp; bstp = bsm_lookup_local_socket_type(local_socket_type); if (bstp == NULL) return (BSM_SOCK_UNKNOWN); return (bstp->bst_bsm_socket_type); } static const struct bsm_socket_type * bsm_lookup_bsm_socket_type(u_short bsm_socket_type) { int i; for (i = 0; i < bsm_socket_types_count; i++) { if (bsm_socket_types[i].bst_bsm_socket_type == bsm_socket_type) return (&bsm_socket_types[i]); } return (NULL); } int au_bsm_to_socket_type(u_short bsm_socket_type, int *local_socket_typep) { const struct bsm_socket_type *bstp; bstp = bsm_lookup_bsm_socket_type(bsm_socket_type); if (bstp == NULL || bstp->bst_local_socket_type) return (-1); *local_socket_typep = bstp->bst_local_socket_type; return (0); } Index: head/contrib/openbsm/libbsm/bsm_token.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_token.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_token.c (revision 292432) @@ -1,1647 +1,1645 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * * This code was developed in part by Robert N. M. Watson, Senior Principal * Scientist, SPARTA, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99 $ */ #include #include #ifdef USE_ENDIAN_H #include #endif #ifdef USE_SYS_ENDIAN_H #include #endif #ifdef USE_MACHINE_ENDIAN_H #include #endif #ifdef USE_COMPAT_ENDIAN_H #include #endif #ifdef USE_COMPAT_ENDIAN_ENC_H #include #endif #ifdef HAVE_FULL_QUEUE_H #include #else /* !HAVE_FULL_QUEUE_H */ #include #endif /* !HAVE_FULL_QUEUE_H */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define GET_TOKEN_AREA(t, dptr, length) do { \ (t) = malloc(sizeof(token_t)); \ if ((t) != NULL) { \ (t)->len = (length); \ (dptr) = (t->t_data) = calloc((length), sizeof(u_char)); \ if ((dptr) == NULL) { \ free(t); \ (t) = NULL; \ } \ } else \ (dptr) = NULL; \ assert((t) == NULL || (dptr) != NULL); \ } while (0) /* * token ID 1 byte * success/failure 1 byte * privstrlen 2 bytes * privstr N bytes + 1 (\0 byte) */ token_t * au_to_upriv(char sorf, char *priv) { u_int16_t textlen; u_char *dptr; token_t *t; textlen = strlen(priv) + 1; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) + sizeof(u_int16_t) + textlen); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_UPRIV); ADD_U_CHAR(dptr, sorf); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, priv, textlen); return (t); } /* * token ID 1 byte * privtstrlen 2 bytes * privtstr N bytes + 1 * privstrlen 2 bytes * privstr N bytes + 1 */ token_t * au_to_privset(char *privtypestr, char *privstr) { u_int16_t type_len, priv_len; u_char *dptr; token_t *t; type_len = strlen(privtypestr) + 1; priv_len = strlen(privstr) + 1; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + sizeof(u_int16_t) + type_len + priv_len); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_PRIV); ADD_U_INT16(dptr, type_len); ADD_STRING(dptr, privtypestr, type_len); ADD_U_INT16(dptr, priv_len); ADD_STRING(dptr, privstr, priv_len); return (t); } /* * token ID 1 byte * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) * text length 2 bytes * text N bytes + 1 terminating NULL byte */ token_t * au_to_arg32(char n, const char *text, u_int32_t v) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; textlen = strlen(text); textlen += 1; GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_int16_t) + textlen); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_ARG32); ADD_U_CHAR(dptr, n); ADD_U_INT32(dptr, v); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); return (t); } token_t * au_to_arg64(char n, const char *text, u_int64_t v) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; textlen = strlen(text); textlen += 1; GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t) + sizeof(u_int16_t) + textlen); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_ARG64); ADD_U_CHAR(dptr, n); ADD_U_INT64(dptr, v); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); return (t); } token_t * au_to_arg(char n, const char *text, u_int32_t v) { return (au_to_arg32(n, text, v)); } #if defined(_KERNEL) || defined(KERNEL) /* * token ID 1 byte * file access mode 4 bytes * owner user ID 4 bytes * owner group ID 4 bytes * file system ID 4 bytes * node ID 8 bytes * device 4 bytes/8 bytes (32-bit/64-bit) */ token_t * au_to_attr32(struct vnode_au_info *vni) { token_t *t; u_char *dptr = NULL; u_int16_t pad0_16 = 0; u_int32_t pad0_32 = 0; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_ATTR32); /* * BSD defines the size for the file mode as 2 bytes; BSM defines 4 * so pad with 0. * * XXXRW: Possibly should be conditionally compiled. * * XXXRW: Should any conversions take place on the mode? */ ADD_U_INT16(dptr, pad0_16); ADD_U_INT16(dptr, vni->vn_mode); ADD_U_INT32(dptr, vni->vn_uid); ADD_U_INT32(dptr, vni->vn_gid); ADD_U_INT32(dptr, vni->vn_fsid); /* * Some systems use 32-bit file ID's, others use 64-bit file IDs. * Attempt to handle both, and let the compiler sort it out. If we * could pick this out at compile-time, it would be better, so as to * avoid the else case below. */ if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { ADD_U_INT32(dptr, pad0_32); ADD_U_INT32(dptr, vni->vn_fileid); } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) ADD_U_INT64(dptr, vni->vn_fileid); else ADD_U_INT64(dptr, 0LL); ADD_U_INT32(dptr, vni->vn_dev); return (t); } token_t * au_to_attr64(struct vnode_au_info *vni) { token_t *t; u_char *dptr = NULL; u_int16_t pad0_16 = 0; u_int32_t pad0_32 = 0; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_ATTR64); /* * BSD defines the size for the file mode as 2 bytes; BSM defines 4 * so pad with 0. * * XXXRW: Possibly should be conditionally compiled. * * XXXRW: Should any conversions take place on the mode? */ ADD_U_INT16(dptr, pad0_16); ADD_U_INT16(dptr, vni->vn_mode); ADD_U_INT32(dptr, vni->vn_uid); ADD_U_INT32(dptr, vni->vn_gid); ADD_U_INT32(dptr, vni->vn_fsid); /* * Some systems use 32-bit file ID's, other's use 64-bit file IDs. * Attempt to handle both, and let the compiler sort it out. If we * could pick this out at compile-time, it would be better, so as to * avoid the else case below. */ if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { ADD_U_INT32(dptr, pad0_32); ADD_U_INT32(dptr, vni->vn_fileid); } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) ADD_U_INT64(dptr, vni->vn_fileid); else ADD_U_INT64(dptr, 0LL); ADD_U_INT64(dptr, vni->vn_dev); return (t); } token_t * au_to_attr(struct vnode_au_info *vni) { return (au_to_attr32(vni)); } #endif /* !(defined(_KERNEL) || defined(KERNEL) */ /* * token ID 1 byte * how to print 1 byte * basic unit 1 byte * unit count 1 byte * data items (depends on basic unit) */ token_t * au_to_data(char unit_print, char unit_type, char unit_count, const char *p) { token_t *t; u_char *dptr = NULL; size_t datasize, totdata; /* Determine the size of the basic unit. */ switch (unit_type) { case AUR_BYTE: /* case AUR_CHAR: */ datasize = AUR_BYTE_SIZE; break; case AUR_SHORT: datasize = AUR_SHORT_SIZE; break; case AUR_INT32: /* case AUR_INT: */ datasize = AUR_INT32_SIZE; break; case AUR_INT64: datasize = AUR_INT64_SIZE; break; default: errno = EINVAL; return (NULL); } totdata = datasize * unit_count; GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); if (t == NULL) return (NULL); /* * XXXRW: We should be byte-swapping each data item for multi-byte * types. */ ADD_U_CHAR(dptr, AUT_DATA); ADD_U_CHAR(dptr, unit_print); ADD_U_CHAR(dptr, unit_type); ADD_U_CHAR(dptr, unit_count); ADD_MEM(dptr, p, totdata); return (t); } /* * token ID 1 byte * status 4 bytes * return value 4 bytes */ token_t * au_to_exit(int retval, int err) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_EXIT); ADD_U_INT32(dptr, err); ADD_U_INT32(dptr, retval); return (t); } /* */ token_t * au_to_groups(int *groups) { return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t *)groups)); } /* * token ID 1 byte * number groups 2 bytes * group list count * 4 bytes */ token_t * au_to_newgroups(u_int16_t n, gid_t *groups) { token_t *t; u_char *dptr = NULL; int i; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + n * sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_NEWGROUPS); ADD_U_INT16(dptr, n); for (i = 0; i < n; i++) ADD_U_INT32(dptr, groups[i]); return (t); } /* * token ID 1 byte * internet address 4 bytes */ token_t * au_to_in_addr(struct in_addr *internet_addr) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_IN_ADDR); ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); return (t); } /* * token ID 1 byte * address type/length 4 bytes * address 16 bytes */ token_t * au_to_in_addr_ex(struct in6_addr *internet_addr) { token_t *t; u_char *dptr = NULL; u_int32_t type = AU_IPv6; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); ADD_U_INT32(dptr, type); ADD_MEM(dptr, internet_addr, 4 * sizeof(uint32_t)); return (t); } /* * token ID 1 byte * ip header 20 bytes * * The IP header should be submitted in network byte order. */ token_t * au_to_ip(struct ip *ip) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_IP); ADD_MEM(dptr, ip, sizeof(struct ip)); return (t); } /* * token ID 1 byte * object ID type 1 byte * object ID 4 bytes */ token_t * au_to_ipc(char type, int id) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_IPC); ADD_U_CHAR(dptr, type); ADD_U_INT32(dptr, id); return (t); } /* * token ID 1 byte * owner user ID 4 bytes * owner group ID 4 bytes * creator user ID 4 bytes * creator group ID 4 bytes * access mode 4 bytes * slot sequence # 4 bytes * key 4 bytes */ token_t * au_to_ipc_perm(struct ipc_perm *perm) { token_t *t; u_char *dptr = NULL; u_int16_t pad0 = 0; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 12 * sizeof(u_int16_t) + sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_IPC_PERM); /* * Systems vary significantly in what types they use in struct * ipc_perm; at least a few still use 16-bit uid's and gid's, so * allow for that, as BSM define 32-bit values here. * Some systems define the sizes for ipc_perm members as 2 bytes; * BSM defines 4 so pad with 0. * * XXXRW: Possibly shoulid be conditionally compiled, and more cases * need to be handled. */ if (sizeof(perm->uid) != sizeof(u_int32_t)) { ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->uid); ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->gid); ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->cuid); ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->cgid); } else { ADD_U_INT32(dptr, perm->uid); ADD_U_INT32(dptr, perm->gid); ADD_U_INT32(dptr, perm->cuid); ADD_U_INT32(dptr, perm->cgid); } ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->mode); ADD_U_INT16(dptr, pad0); #ifdef HAVE_IPC_PERM___SEQ ADD_U_INT16(dptr, perm->__seq); #else /* HAVE_IPC_PERM___SEQ */ #ifdef HAVE_IPC_PERM__SEQ ADD_U_INT16(dptr, perm->_seq); #else /* HAVE_IPC_PERM__SEQ */ ADD_U_INT16(dptr, perm->seq); #endif /* HAVE_IPC_PERM__SEQ */ #endif /* HAVE_IPC_PERM___SEQ */ #ifdef HAVE_IPC_PERM___KEY ADD_U_INT32(dptr, perm->__key); #else /* HAVE_IPC_PERM___KEY */ #ifdef HAVE_IPC_PERM__KEY ADD_U_INT32(dptr, perm->_key); #else /* HAVE_IPC_PERM__KEY */ ADD_U_INT32(dptr, perm->key); #endif /* HAVE_IPC_PERM__KEY */ #endif /* HAVE_IPC_PERM___KEY */ return (t); } /* * token ID 1 byte * port IP address 2 bytes */ token_t * au_to_iport(u_int16_t iport) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_IPORT); ADD_U_INT16(dptr, iport); return (t); } /* * token ID 1 byte * size 2 bytes * data size bytes */ token_t * au_to_opaque(const char *data, u_int16_t bytes) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + bytes); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_OPAQUE); ADD_U_INT16(dptr, bytes); ADD_MEM(dptr, data, bytes); return (t); } /* * token ID 1 byte * seconds of time 4 bytes * milliseconds of time 4 bytes * file name len 2 bytes * file pathname N bytes + 1 terminating NULL byte */ token_t * au_to_file(const char *file, struct timeval tm) { token_t *t; u_char *dptr = NULL; u_int16_t filelen; u_int32_t timems; filelen = strlen(file); filelen += 1; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t) + sizeof(u_int16_t) + filelen); if (t == NULL) return (NULL); timems = tm.tv_usec/1000; ADD_U_CHAR(dptr, AUT_OTHER_FILE32); ADD_U_INT32(dptr, tm.tv_sec); ADD_U_INT32(dptr, timems); /* We need time in ms. */ ADD_U_INT16(dptr, filelen); ADD_STRING(dptr, file, filelen); return (t); } /* * token ID 1 byte * text length 2 bytes * text N bytes + 1 terminating NULL byte */ token_t * au_to_text(const char *text) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; textlen = strlen(text); textlen += 1; /* XXXRW: Should validate length against token size limit. */ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_TEXT); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); return (t); } /* * token ID 1 byte * path length 2 bytes * path N bytes + 1 terminating NULL byte */ token_t * au_to_path(const char *text) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; textlen = strlen(text); textlen += 1; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_PATH); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); return (t); } /* * token ID 1 byte * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * machine address 4 bytes */ token_t * au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_PROCESS32); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); /* * Note: Solaris will write out IPv6 addresses here as a 32-bit * address type and 16 bytes of address, but for IPv4 addresses it * simply writes the 4-byte address directly. We support only IPv4 * addresses for process32 tokens. */ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } token_t * au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) + sizeof(u_int64_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_PROCESS64); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT64(dptr, tid->port); /* * Note: Solaris will write out IPv6 addresses here as a 32-bit * address type and 16 bytes of address, but for IPv4 addresses it * simply writes the 4-byte address directly. We support only IPv4 * addresses for process64 tokens. */ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } token_t * au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { return (au_to_process32(auid, euid, egid, ruid, rgid, pid, sid, tid)); } /* * token ID 1 byte * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * address type-len 4 bytes * machine address 16 bytes */ token_t * au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { token_t *t; u_char *dptr = NULL; if (tid->at_type == AU_IPv4) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * sizeof(u_int32_t)); else if (tid->at_type == AU_IPv6) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t)); else { errno = EINVAL; return (NULL); } if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_PROCESS32_EX); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); if (tid->at_type == AU_IPv6) { ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); } return (t); } token_t * au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { token_t *t; u_char *dptr = NULL; if (tid->at_type == AU_IPv4) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 2 * sizeof(u_int32_t)); else if (tid->at_type == AU_IPv6) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 5 * sizeof(u_int32_t)); else { errno = EINVAL; return (NULL); } if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_PROCESS64_EX); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT64(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); if (tid->at_type == AU_IPv6) { ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); } return (t); } token_t * au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { return (au_to_process32_ex(auid, euid, egid, ruid, rgid, pid, sid, tid)); } /* * token ID 1 byte * error status 1 byte * return value 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * au_to_return32(char status, u_int32_t ret) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_RETURN32); ADD_U_CHAR(dptr, status); ADD_U_INT32(dptr, ret); return (t); } token_t * au_to_return64(char status, u_int64_t ret) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_RETURN64); ADD_U_CHAR(dptr, status); ADD_U_INT64(dptr, ret); return (t); } token_t * au_to_return(char status, u_int32_t ret) { return (au_to_return32(status, ret)); } /* * token ID 1 byte * sequence number 4 bytes */ token_t * au_to_seq(long audit_count) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_SEQ); ADD_U_INT32(dptr, audit_count); return (t); } /* * token ID 1 byte * socket domain 2 bytes * socket type 2 bytes * address type 2 byte * local port 2 bytes * local address 4 bytes/16 bytes (IPv4/IPv6 address) * remote port 2 bytes * remote address 4 bytes/16 bytes (IPv4/IPv6 address) * * Domain and type arguments to this routine are assumed to already have been * converted to the BSM constant space, so we don't do that here. */ token_t * au_to_socket_ex(u_short so_domain, u_short so_type, struct sockaddr *sa_local, struct sockaddr *sa_remote) { token_t *t; u_char *dptr = NULL; struct sockaddr_in *sin; struct sockaddr_in6 *sin6; if (so_domain == AF_INET) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); else if (so_domain == AF_INET6) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int16_t) + 8 * sizeof(u_int32_t)); else { errno = EINVAL; return (NULL); } if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_SOCKET_EX); ADD_U_INT16(dptr, au_domain_to_bsm(so_domain)); ADD_U_INT16(dptr, au_socket_type_to_bsm(so_type)); if (so_domain == AF_INET) { ADD_U_INT16(dptr, AU_IPv4); sin = (struct sockaddr_in *)sa_local; ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t)); ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t)); sin = (struct sockaddr_in *)sa_remote; ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t)); ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t)); } else { ADD_U_INT16(dptr, AU_IPv6); sin6 = (struct sockaddr_in6 *)sa_local; ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t)); ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t)); sin6 = (struct sockaddr_in6 *)sa_remote; ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t)); ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t)); } return (t); } /* * token ID 1 byte * socket family 2 bytes * path (up to) 104 bytes + NULL (NULL terminated string) */ token_t * au_to_sock_unix(struct sockaddr_un *so) { token_t *t; u_char *dptr; GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + strlen(so->sun_path) + 1); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_SOCKUNIX); /* BSM token has two bytes for family */ ADD_U_CHAR(dptr, 0); ADD_U_CHAR(dptr, so->sun_family); ADD_STRING(dptr, so->sun_path, strlen(so->sun_path) + 1); return (t); } /* * token ID 1 byte * socket family 2 bytes * local port 2 bytes * socket address 4 bytes */ token_t * au_to_sock_inet32(struct sockaddr_in *so) { token_t *t; u_char *dptr = NULL; uint16_t family; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + sizeof(uint32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_SOCKINET32); /* * BSM defines the family field as 16 bits, but many operating * systems have an 8-bit sin_family field. Extend to 16 bits before * writing into the token. Assume that both the port and the address * in the sockaddr_in are already in network byte order, but family * is in local byte order. * * XXXRW: Should a name space conversion be taking place on the value * of sin_family? */ family = so->sin_family; ADD_U_INT16(dptr, family); ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); return (t); } token_t * au_to_sock_inet128(struct sockaddr_in6 *so) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + 4 * sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_SOCKINET128); /* * In BSD, sin6_family is one octet, but BSM defines the token to * store two. So we copy in a 0 first. XXXRW: Possibly should be * conditionally compiled. */ ADD_U_CHAR(dptr, 0); ADD_U_CHAR(dptr, so->sin6_family); ADD_U_INT16(dptr, so->sin6_port); ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); return (t); } token_t * au_to_sock_inet(struct sockaddr_in *so) { return (au_to_sock_inet32(so)); } /* * token ID 1 byte * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * machine address 4 bytes */ token_t * au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_SUBJECT32); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } token_t * au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_SUBJECT64); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT64(dptr, tid->port); ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } token_t * au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid)); } /* * token ID 1 byte * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * address type/length 4 bytes * machine address 16 bytes */ token_t * au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { token_t *t; u_char *dptr = NULL; if (tid->at_type == AU_IPv4) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * sizeof(u_int32_t)); else if (tid->at_type == AU_IPv6) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t)); else { errno = EINVAL; return (NULL); } if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_SUBJECT32_EX); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); if (tid->at_type == AU_IPv6) ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); else ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); return (t); } token_t * au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { token_t *t; u_char *dptr = NULL; if (tid->at_type == AU_IPv4) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 2 * sizeof(u_int32_t)); else if (tid->at_type == AU_IPv6) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 5 * sizeof(u_int32_t)); else { errno = EINVAL; return (NULL); } if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_SUBJECT64_EX); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT64(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); if (tid->at_type == AU_IPv6) ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); else ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); return (t); } token_t * au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid, tid)); } #if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) /* * Collects audit information for the current process and creates a subject * token from it. */ token_t * au_to_me(void) { auditinfo_t auinfo; auditinfo_addr_t aia; /* * Try to use getaudit_addr(2) first. If this kernel does not support * it, then fall back on to getaudit(2). */ if (getaudit_addr(&aia, sizeof(aia)) != 0) { if (errno == ENOSYS) { if (getaudit(&auinfo) != 0) return (NULL); return (au_to_subject32(auinfo.ai_auid, geteuid(), getegid(), getuid(), getgid(), getpid(), auinfo.ai_asid, &auinfo.ai_termid)); } else { /* getaudit_addr(2) failed for some other reason. */ return (NULL); } } return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); } #endif /* * token ID 1 byte * count 4 bytes * text count null-terminated strings */ token_t * au_to_exec_args(char **argv) { token_t *t; u_char *dptr = NULL; const char *nextarg; int i, count = 0; size_t totlen = 0; nextarg = *argv; while (nextarg != NULL) { int nextlen; nextlen = strlen(nextarg); totlen += nextlen + 1; count++; nextarg = *(argv + count); } GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_EXEC_ARGS); ADD_U_INT32(dptr, count); for (i = 0; i < count; i++) { nextarg = *(argv + i); ADD_MEM(dptr, nextarg, strlen(nextarg) + 1); } return (t); } /* * token ID 1 byte * count 4 bytes * text count null-terminated strings */ token_t * au_to_exec_env(char **envp) { token_t *t; u_char *dptr = NULL; int i, count = 0; size_t totlen = 0; const char *nextenv; nextenv = *envp; while (nextenv != NULL) { int nextlen; nextlen = strlen(nextenv); totlen += nextlen + 1; count++; nextenv = *(envp + count); } GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_EXEC_ENV); ADD_U_INT32(dptr, count); for (i = 0; i < count; i++) { nextenv = *(envp + i); ADD_MEM(dptr, nextenv, strlen(nextenv) + 1); } return (t); } /* * token ID 1 byte * zonename length 2 bytes * zonename N bytes + 1 terminating NULL byte */ token_t * au_to_zonename(const char *zonename) { u_char *dptr = NULL; u_int16_t textlen; token_t *t; textlen = strlen(zonename) + 1; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_ZONENAME); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, zonename, textlen); return (t); } /* * token ID 1 byte * record byte count 4 bytes * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm) { token_t *t; u_char *dptr = NULL; u_int32_t timems; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_HEADER32); ADD_U_INT32(dptr, rec_size); ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); ADD_U_INT16(dptr, e_type); ADD_U_INT16(dptr, e_mod); timems = tm.tv_usec/1000; /* Add the timestamp */ ADD_U_INT32(dptr, tm.tv_sec); ADD_U_INT32(dptr, timems); /* We need time in ms. */ return (t); } /* * token ID 1 byte * record byte count 4 bytes * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes * address type/length 4 bytes * machine address 4 bytes/16 bytes (IPv4/IPv6 address) * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm, struct auditinfo_addr *aia) { token_t *t; u_char *dptr = NULL; u_int32_t timems; au_tid_addr_t *tid; tid = &aia->ai_termid; if (tid->at_type != AU_IPv4 && tid->at_type != AU_IPv6) return (NULL); GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * sizeof(u_int32_t) + tid->at_type); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_HEADER32_EX); ADD_U_INT32(dptr, rec_size); ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); ADD_U_INT16(dptr, e_type); ADD_U_INT16(dptr, e_mod); ADD_U_INT32(dptr, tid->at_type); if (tid->at_type == AU_IPv6) ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); else ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); timems = tm.tv_usec/1000; /* Add the timestamp */ ADD_U_INT32(dptr, tm.tv_sec); ADD_U_INT32(dptr, timems); /* We need time in ms. */ return (t); } token_t * au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm) { token_t *t; u_char *dptr = NULL; u_int32_t timems; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_HEADER64); ADD_U_INT32(dptr, rec_size); ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); ADD_U_INT16(dptr, e_type); ADD_U_INT16(dptr, e_mod); timems = tm.tv_usec/1000; /* Add the timestamp */ ADD_U_INT64(dptr, tm.tv_sec); ADD_U_INT64(dptr, timems); /* We need time in ms. */ return (t); } #if !defined(KERNEL) && !defined(_KERNEL) #ifdef HAVE_AUDIT_SYSCALLS token_t * au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) { struct timeval tm; struct auditinfo_addr aia; if (gettimeofday(&tm, NULL) == -1) return (NULL); if (audit_get_kaudit(&aia, sizeof(aia)) != 0) { if (errno != ENOSYS) return (NULL); return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); } return (au_to_header32_ex_tm(rec_size, e_type, e_mod, tm, &aia)); } #endif /* HAVE_AUDIT_SYSCALLS */ token_t * au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) { struct timeval tm; if (gettimeofday(&tm, NULL) == -1) return (NULL); return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); } token_t * au_to_header64(__unused int rec_size, __unused au_event_t e_type, __unused au_emod_t e_mod) { struct timeval tm; if (gettimeofday(&tm, NULL) == -1) return (NULL); return (au_to_header64_tm(rec_size, e_type, e_mod, tm)); } token_t * au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) { return (au_to_header32(rec_size, e_type, e_mod)); } #ifdef HAVE_AUDIT_SYSCALLS token_t * au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) { return (au_to_header32_ex(rec_size, e_type, e_mod)); } #endif /* HAVE_AUDIT_SYSCALLS */ #endif /* !defined(KERNEL) && !defined(_KERNEL) */ /* * token ID 1 byte * trailer magic number 2 bytes * record byte count 4 bytes */ token_t * au_to_trailer(int rec_size) { token_t *t; u_char *dptr = NULL; u_int16_t magic = AUT_TRAILER_MAGIC; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + sizeof(u_int32_t)); if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_TRAILER); ADD_U_INT16(dptr, magic); ADD_U_INT32(dptr, rec_size); return (t); } Index: head/contrib/openbsm/libbsm/bsm_user.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_user.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_user.c (revision 292432) @@ -1,296 +1,294 @@ /*- * Copyright (c) 2004 Apple Inc. * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#20 $ */ #include #include #include #ifdef HAVE_PTHREAD_MUTEX_LOCK #include #endif #include #include #ifndef HAVE_STRLCPY #include #endif /* * Parse the contents of the audit_user file into au_user_ent structures. */ static FILE *fp = NULL; static char linestr[AU_LINE_MAX]; static const char *user_delim = ":"; #ifdef HAVE_PTHREAD_MUTEX_LOCK static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; #endif /* * Parse one line from the audit_user file into the au_user_ent structure. */ static struct au_user_ent * userfromstr(char *str, struct au_user_ent *u) { char *username, *always, *never; char *last; username = strtok_r(str, user_delim, &last); always = strtok_r(NULL, user_delim, &last); never = strtok_r(NULL, user_delim, &last); if ((username == NULL) || (always == NULL) || (never == NULL)) return (NULL); if (strlen(username) >= AU_USER_NAME_MAX) return (NULL); strlcpy(u->au_name, username, AU_USER_NAME_MAX); if (getauditflagsbin(always, &(u->au_always)) == -1) return (NULL); if (getauditflagsbin(never, &(u->au_never)) == -1) return (NULL); return (u); } /* * Rewind to beginning of the file */ static void setauuser_locked(void) { if (fp != NULL) fseek(fp, 0, SEEK_SET); } void setauuser(void) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setauuser_locked(); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif } /* * Close the file descriptor */ void endauuser(void) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif if (fp != NULL) { fclose(fp); fp = NULL; } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif } /* * Enumerate the au_user_ent structures from the file */ static struct au_user_ent * getauuserent_r_locked(struct au_user_ent *u) { char *nl; if ((fp == NULL) && ((fp = fopen(AUDIT_USER_FILE, "r")) == NULL)) return (NULL); while (1) { if (fgets(linestr, AU_LINE_MAX, fp) == NULL) return (NULL); /* Remove new lines. */ if ((nl = strrchr(linestr, '\n')) != NULL) *nl = '\0'; /* Skip comments. */ if (linestr[0] == '#') continue; /* Get the next structure. */ if (userfromstr(linestr, u) == NULL) return (NULL); break; } return (u); } struct au_user_ent * getauuserent_r(struct au_user_ent *u) { struct au_user_ent *up; #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif up = getauuserent_r_locked(u); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (up); } struct au_user_ent * getauuserent(void) { static char user_ent_name[AU_USER_NAME_MAX]; static struct au_user_ent u; bzero(&u, sizeof(u)); bzero(user_ent_name, sizeof(user_ent_name)); u.au_name = user_ent_name; return (getauuserent_r(&u)); } /* * Find a au_user_ent structure matching the given user name. */ struct au_user_ent * getauusernam_r(struct au_user_ent *u, const char *name) { struct au_user_ent *up; if (name == NULL) return (NULL); #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_lock(&mutex); #endif setauuser_locked(); while ((up = getauuserent_r_locked(u)) != NULL) { if (strcmp(name, u->au_name) == 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (up); } } #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif return (NULL); } struct au_user_ent * getauusernam(const char *name) { static char user_ent_name[AU_USER_NAME_MAX]; static struct au_user_ent u; bzero(&u, sizeof(u)); bzero(user_ent_name, sizeof(user_ent_name)); u.au_name = user_ent_name; return (getauusernam_r(&u, name)); } /* * Read the default system wide audit classes from audit_control, combine with * the per-user audit class and update the binary preselection mask. */ int au_user_mask(char *username, au_mask_t *mask_p) { char auditstring[MAX_AUDITSTRING_LEN + 1]; char user_ent_name[AU_USER_NAME_MAX]; struct au_user_ent u, *up; bzero(&u, sizeof(u)); bzero(user_ent_name, sizeof(user_ent_name)); u.au_name = user_ent_name; /* Get user mask. */ if ((up = getauusernam_r(&u, username)) != NULL) { if (-1 == getfauditflags(&up->au_always, &up->au_never, mask_p)) return (-1); return (0); } /* Read the default system mask. */ if (getacflg(auditstring, MAX_AUDITSTRING_LEN) == 0) { if (-1 == getauditflagsbin(auditstring, mask_p)) return (-1); return (0); } /* No masks defined. */ return (-1); } /* * Generate the process audit state by combining the audit masks passed as * parameters with the system audit masks. */ int getfauditflags(au_mask_t *usremask, au_mask_t *usrdmask, au_mask_t *lastmask) { char auditstring[MAX_AUDITSTRING_LEN + 1]; if ((usremask == NULL) || (usrdmask == NULL) || (lastmask == NULL)) return (-1); lastmask->am_success = 0; lastmask->am_failure = 0; /* Get the system mask. */ if (getacflg(auditstring, MAX_AUDITSTRING_LEN) == 0) { if (getauditflagsbin(auditstring, lastmask) != 0) return (-1); } ADDMASK(lastmask, usremask); SUBMASK(lastmask, usrdmask); return (0); } Index: head/contrib/openbsm/libbsm/bsm_wrappers.c =================================================================== --- head/contrib/openbsm/libbsm/bsm_wrappers.c (revision 292431) +++ head/contrib/openbsm/libbsm/bsm_wrappers.c (revision 292432) @@ -1,823 +1,821 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#32 $ */ #ifdef __APPLE__ #define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */ #endif #include #include #ifdef __APPLE__ #include /* Our bsm/audit.h doesn't include queue.h. */ #endif #include #include #include #include #include #include #include /* These are not advertised in libbsm.h */ int audit_set_terminal_port(dev_t *p); int audit_set_terminal_host(uint32_t *m); /* * General purpose audit submission mechanism for userspace. */ int audit_submit(short au_event, au_id_t auid, char status, int reterr, const char *fmt, ...) { char text[MAX_AUDITSTRING_LEN]; token_t *token; int acond; va_list ap; pid_t pid; int error, afd, subj_ex; struct auditinfo ai; struct auditinfo_addr aia; au_tid_t atid; if (audit_get_cond(&acond) != 0) { /* * If auditon(2) returns ENOSYS, then audit has not been * compiled into the kernel, so just return. */ if (errno == ENOSYS) return (0); error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", strerror(errno)); errno = error; return (-1); } if (acond == AUC_NOAUDIT) return (0); afd = au_open(); if (afd < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", strerror(errno)); errno = error; return (-1); } /* * Try to use getaudit_addr(2) first. If this kernel does not support * it, then fall back on to getaudit(2). */ subj_ex = 0; error = getaudit_addr(&aia, sizeof(aia)); if (error < 0 && errno == ENOSYS) { error = getaudit(&ai); if (error < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", strerror(errno)); errno = error; return (-1); } /* * Convert this auditinfo_t to an auditinfo_addr_t to make the * following code less complicated wrt to preselection and * subject token generation. */ aia.ai_auid = ai.ai_auid; aia.ai_mask = ai.ai_mask; aia.ai_asid = ai.ai_asid; aia.ai_termid.at_type = AU_IPv4; aia.ai_termid.at_addr[0] = ai.ai_termid.machine; aia.ai_termid.at_port = ai.ai_termid.port; } else if (error < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s", strerror(errno)); errno = error; return (-1); } /* * NB: We should be performing pre-selection here now that we have the * masks for this process. */ if (aia.ai_termid.at_type == AU_IPv6) subj_ex = 1; pid = getpid(); if (subj_ex == 0) { atid.port = aia.ai_termid.at_port; atid.machine = aia.ai_termid.at_addr[0]; token = au_to_subject32(auid, geteuid(), getegid(), getuid(), getgid(), pid, pid, &atid); } else token = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), getgid(), pid, pid, &aia.ai_termid); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: unable to build subject token"); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = EPERM; return (-1); } if (au_write(afd, token) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_write failed: %s", strerror(errno)); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = error; return (-1); } if (fmt != NULL) { va_start(ap, fmt); (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); va_end(ap); token = au_to_text(text); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: failed to generate text token"); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = EPERM; return (-1); } if (au_write(afd, token) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_write failed: %s", strerror(errno)); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = error; return (-1); } } token = au_to_return32(au_errno_to_bsm(status), reterr); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: unable to build return token"); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = EPERM; return (-1); } if (au_write(afd, token) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_write failed: %s", strerror(errno)); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = error; return (-1); } if (au_close(afd, AU_TO_WRITE, au_event) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); errno = error; return (-1); } return (0); } int audit_set_terminal_port(dev_t *p) { struct stat st; if (p == NULL) return (kAUBadParamErr); #ifdef NODEV *p = NODEV; #else *p = -1; #endif /* for /usr/bin/login, try fstat() first */ if (fstat(STDIN_FILENO, &st) != 0) { if (errno != EBADF) { syslog(LOG_ERR, "fstat() failed (%s)", strerror(errno)); return (kAUStatErr); } if (stat("/dev/console", &st) != 0) { syslog(LOG_ERR, "stat() failed (%s)", strerror(errno)); return (kAUStatErr); } } *p = st.st_rdev; return (kAUNoErr); } int audit_set_terminal_host(uint32_t *m) { #ifdef KERN_HOSTID int name[2] = { CTL_KERN, KERN_HOSTID }; size_t len; if (m == NULL) return (kAUBadParamErr); *m = 0; len = sizeof(*m); if (sysctl(name, 2, m, &len, NULL, 0) != 0) { syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno)); return (kAUSysctlErr); } return (kAUNoErr); #else *m = -1; return (kAUNoErr); #endif } int audit_set_terminal_id(au_tid_t *tid) { int ret; if (tid == NULL) return (kAUBadParamErr); if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr) return (ret); return (audit_set_terminal_host(&tid->machine)); } /* * This is OK for those callers who have only one token to write. If you have * multiple tokens that logically form part of the same audit record, you need * to use the existing au_open()/au_write()/au_close() API: * * aufd = au_open(); * tok = au_to_random_token_1(...); * au_write(aufd, tok); * tok = au_to_random_token_2(...); * au_write(aufd, tok); * ... * au_close(aufd, AU_TO_WRITE, AUE_your_event_type); * * Assumes, like all wrapper calls, that the caller has previously checked * that auditing is enabled via the audit_get_state() call. * * XXX: Should be more robust against bad arguments. */ int audit_write(short event_code, token_t *subject, token_t *misctok, char retval, int errcode) { int aufd; char *func = "audit_write()"; token_t *rettok; if ((aufd = au_open()) == -1) { au_free_token(subject); au_free_token(misctok); syslog(LOG_ERR, "%s: au_open() failed", func); return (kAUOpenErr); } /* Save subject. */ if (subject && au_write(aufd, subject) == -1) { au_free_token(subject); au_free_token(misctok); (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: write of subject failed", func); return (kAUWriteSubjectTokErr); } /* Save the event-specific token. */ if (misctok && au_write(aufd, misctok) == -1) { au_free_token(misctok); (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: write of caller token failed", func); return (kAUWriteCallerTokErr); } /* Tokenize and save the return value. */ if ((rettok = au_to_return32(retval, errcode)) == NULL) { (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: au_to_return32() failed", func); return (kAUMakeReturnTokErr); } if (au_write(aufd, rettok) == -1) { au_free_token(rettok); (void)au_close(aufd, AU_TO_NO_WRITE, event_code); syslog(LOG_ERR, "%s: write of return code failed", func); return (kAUWriteReturnTokErr); } /* * We assume the caller wouldn't have bothered with this * function if it hadn't already decided to keep the record. */ if (au_close(aufd, AU_TO_WRITE, event_code) < 0) { syslog(LOG_ERR, "%s: au_close() failed", func); return (kAUCloseErr); } return (kAUNoErr); } /* * Same caveats as audit_write(). In addition, this function explicitly * assumes success; use audit_write_failure() on error. */ int audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { char *func = "audit_write_success()"; token_t *subject = NULL; /* Tokenize and save subject. */ subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); if (subject == NULL) { syslog(LOG_ERR, "%s: au_to_subject32() failed", func); return kAUMakeSubjectTokErr; } return (audit_write(event_code, subject, tok, 0, 0)); } /* * Same caveats as audit_write(). In addition, this function explicitly * assumes success; use audit_write_failure_self() on error. */ int audit_write_success_self(short event_code, token_t *tok) { token_t *subject; char *func = "audit_write_success_self()"; if ((subject = au_to_me()) == NULL) { syslog(LOG_ERR, "%s: au_to_me() failed", func); return (kAUMakeSubjectTokErr); } return (audit_write(event_code, subject, tok, 0, 0)); } /* * Same caveats as audit_write(). In addition, this function explicitly * assumes failure; use audit_write_success() otherwise. * * XXX This should let the caller pass an error return value rather than * hard-coding -1. */ int audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { char *func = "audit_write_failure()"; token_t *subject, *errtok; subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); if (subject == NULL) { syslog(LOG_ERR, "%s: au_to_subject32() failed", func); return (kAUMakeSubjectTokErr); } /* tokenize and save the error message */ if ((errtok = au_to_text(errmsg)) == NULL) { au_free_token(subject); syslog(LOG_ERR, "%s: au_to_text() failed", func); return (kAUMakeTextTokErr); } return (audit_write(event_code, subject, errtok, -1, errcode)); } /* * Same caveats as audit_write(). In addition, this function explicitly * assumes failure; use audit_write_success_self() otherwise. * * XXX This should let the caller pass an error return value rather than * hard-coding -1. */ int audit_write_failure_self(short event_code, char *errmsg, int errret) { char *func = "audit_write_failure_self()"; token_t *subject, *errtok; if ((subject = au_to_me()) == NULL) { syslog(LOG_ERR, "%s: au_to_me() failed", func); return (kAUMakeSubjectTokErr); } /* tokenize and save the error message */ if ((errtok = au_to_text(errmsg)) == NULL) { au_free_token(subject); syslog(LOG_ERR, "%s: au_to_text() failed", func); return (kAUMakeTextTokErr); } return (audit_write(event_code, subject, errtok, -1, errret)); } /* * For auditing errors during login. Such errors are implicitly * non-attributable (i.e., not ascribable to any user). * * Assumes, like all wrapper calls, that the caller has previously checked * that auditing is enabled via the audit_get_state() call. */ int audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid, uid_t egid, pid_t pid, au_tid_t *tid) { return (audit_write_failure(event_code, errmsg, errret, -1, euid, egid, -1, -1, pid, -1, tid)); } /* END OF au_write() WRAPPERS */ #ifdef __APPLE__ void audit_token_to_au32(audit_token_t atoken, uid_t *auidp, uid_t *euidp, gid_t *egidp, uid_t *ruidp, gid_t *rgidp, pid_t *pidp, au_asid_t *asidp, au_tid_t *tidp) { if (auidp != NULL) *auidp = (uid_t)atoken.val[0]; if (euidp != NULL) *euidp = (uid_t)atoken.val[1]; if (egidp != NULL) *egidp = (gid_t)atoken.val[2]; if (ruidp != NULL) *ruidp = (uid_t)atoken.val[3]; if (rgidp != NULL) *rgidp = (gid_t)atoken.val[4]; if (pidp != NULL) *pidp = (pid_t)atoken.val[5]; if (asidp != NULL) *asidp = (au_asid_t)atoken.val[6]; if (tidp != NULL) { audit_set_terminal_host(&tidp->machine); tidp->port = (dev_t)atoken.val[7]; } } #endif /* !__APPLE__ */ int audit_get_cond(int *cond) { int ret; ret = auditon(A_GETCOND, cond, sizeof(*cond)); #ifdef A_OLDGETCOND if ((0 != ret) && EINVAL == errno) { long lcond = *cond; ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond)); *cond = (int)lcond; } #endif return (ret); } int audit_set_cond(int *cond) { int ret; ret = auditon(A_SETCOND, cond, sizeof(*cond)); #ifdef A_OLDSETCOND if ((0 != ret) && (EINVAL == errno)) { long lcond = (long)*cond; ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond)); *cond = (int)lcond; } #endif return (ret); } int audit_get_policy(int *policy) { int ret; ret = auditon(A_GETPOLICY, policy, sizeof(*policy)); #ifdef A_OLDGETPOLICY if ((0 != ret) && (EINVAL == errno)){ long lpolicy = (long)*policy; ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy)); *policy = (int)lpolicy; } #endif return (ret); } int audit_set_policy(int *policy) { int ret; ret = auditon(A_SETPOLICY, policy, sizeof(*policy)); #ifdef A_OLDSETPOLICY if ((0 != ret) && (EINVAL == errno)){ long lpolicy = (long)*policy; ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy)); *policy = (int)lpolicy; } #endif return (ret); } int audit_get_qctrl(au_qctrl_t *qctrl, size_t sz) { int ret; if (sizeof(*qctrl) != sz) { errno = EINVAL; return (-1); } ret = auditon(A_GETQCTRL, qctrl, sizeof(*qctrl)); #ifdef A_OLDGETQCTRL if ((0 != ret) && (EINVAL == errno)){ struct old_qctrl { size_t oq_hiwater; size_t oq_lowater; size_t oq_bufsz; clock_t oq_delay; int oq_minfree; } oq; oq.oq_hiwater = (size_t)qctrl->aq_hiwater; oq.oq_lowater = (size_t)qctrl->aq_lowater; oq.oq_bufsz = (size_t)qctrl->aq_bufsz; oq.oq_delay = (clock_t)qctrl->aq_delay; oq.oq_minfree = qctrl->aq_minfree; ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq)); qctrl->aq_hiwater = (int)oq.oq_hiwater; qctrl->aq_lowater = (int)oq.oq_lowater; qctrl->aq_bufsz = (int)oq.oq_bufsz; qctrl->aq_delay = (int)oq.oq_delay; qctrl->aq_minfree = oq.oq_minfree; } #endif /* A_OLDGETQCTRL */ return (ret); } int audit_set_qctrl(au_qctrl_t *qctrl, size_t sz) { int ret; if (sizeof(*qctrl) != sz) { errno = EINVAL; return (-1); } ret = auditon(A_SETQCTRL, qctrl, sz); #ifdef A_OLDSETQCTRL if ((0 != ret) && (EINVAL == errno)) { struct old_qctrl { size_t oq_hiwater; size_t oq_lowater; size_t oq_bufsz; clock_t oq_delay; int oq_minfree; } oq; oq.oq_hiwater = (size_t)qctrl->aq_hiwater; oq.oq_lowater = (size_t)qctrl->aq_lowater; oq.oq_bufsz = (size_t)qctrl->aq_bufsz; oq.oq_delay = (clock_t)qctrl->aq_delay; oq.oq_minfree = qctrl->aq_minfree; ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq)); qctrl->aq_hiwater = (int)oq.oq_hiwater; qctrl->aq_lowater = (int)oq.oq_lowater; qctrl->aq_bufsz = (int)oq.oq_bufsz; qctrl->aq_delay = (int)oq.oq_delay; qctrl->aq_minfree = oq.oq_minfree; } #endif /* A_OLDSETQCTRL */ return (ret); } int audit_send_trigger(int *trigger) { return (auditon(A_SENDTRIGGER, trigger, sizeof(*trigger))); } int audit_get_kaudit(auditinfo_addr_t *aia, size_t sz) { if (sizeof(*aia) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETKAUDIT, aia, sz)); } int audit_set_kaudit(auditinfo_addr_t *aia, size_t sz) { if (sizeof(*aia) != sz) { errno = EINVAL; return (-1); } return (auditon(A_SETKAUDIT, aia, sz)); } int audit_get_class(au_evclass_map_t *evc_map, size_t sz) { if (sizeof(*evc_map) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETCLASS, evc_map, sz)); } int audit_set_class(au_evclass_map_t *evc_map, size_t sz) { if (sizeof(*evc_map) != sz) { errno = EINVAL; return (-1); } return (auditon(A_SETCLASS, evc_map, sz)); } int audit_get_kmask(au_mask_t *kmask, size_t sz) { if (sizeof(*kmask) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETKMASK, kmask, sz)); } int audit_set_kmask(au_mask_t *kmask, size_t sz) { if (sizeof(*kmask) != sz) { errno = EINVAL; return (-1); } return (auditon(A_SETKMASK, kmask, sz)); } int audit_get_fsize(au_fstat_t *fstat, size_t sz) { if (sizeof(*fstat) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETFSIZE, fstat, sz)); } int audit_set_fsize(au_fstat_t *fstat, size_t sz) { if (sizeof(*fstat) != sz) { errno = EINVAL; return (-1); } return (auditon(A_SETFSIZE, fstat, sz)); } int audit_set_pmask(auditpinfo_t *api, size_t sz) { if (sizeof(*api) != sz) { errno = EINVAL; return (-1); } return (auditon(A_SETPMASK, api, sz)); } int audit_get_pinfo(auditpinfo_t *api, size_t sz) { if (sizeof(*api) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETPINFO, api, sz)); } int audit_get_pinfo_addr(auditpinfo_addr_t *apia, size_t sz) { if (sizeof(*apia) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETPINFO_ADDR, apia, sz)); } int audit_get_sinfo_addr(auditinfo_addr_t *aia, size_t sz) { if (sizeof(*aia) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETSINFO_ADDR, aia, sz)); } int audit_get_stat(au_stat_t *stats, size_t sz) { if (sizeof(*stats) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETSTAT, stats, sz)); } int audit_set_stat(au_stat_t *stats, size_t sz) { if (sizeof(*stats) != sz) { errno = EINVAL; return (-1); } return (auditon(A_GETSTAT, stats, sz)); } int audit_get_cwd(char *path, size_t sz) { return (auditon(A_GETCWD, path, sz)); } int audit_get_car(char *path, size_t sz) { return (auditon(A_GETCAR, path, sz)); } Index: head/contrib/openbsm/libbsm/libbsm.3 =================================================================== --- head/contrib/openbsm/libbsm/libbsm.3 (revision 292431) +++ head/contrib/openbsm/libbsm/libbsm.3 (revision 292432) @@ -1,250 +1,248 @@ .\"- .\" Copyright (c) 2005-2007 Robert N. M. Watson .\" Copyright (c) 2008-2009 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#17 $ -.\" .Dd March 5, 2009 .Dt LIBBSM 3 .Os .Sh NAME .Nm libbsm .Nd "Basic Security Module (BSM) Audit API" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In bsm/libbsm.h .Sh DESCRIPTION The .Nm library routines provide an interface to BSM audit record streams, allowing both the parsing of existing audit streams, as well as the creation of new audit records and streams. .Sh INTERFACES The .Nm library provides a large number of Audit programming interfaces in several classes: event stream interfaces, class interfaces, control interfaces, event interfaces, I/O interfaces, mask interfaces, notification interfaces, token interfaces, and user interfaces. These are described respectively in the .Xr au_class 3 , .Xr au_control 3 , .Xr au_event 3 , .Xr au_mask 3 , .Xr au_notify 3 , .Xr au_stream 3 , .Xr au_token 3 , and .Xr au_user 3 manual pages. .Ss Audit Event Stream Interfaces Audit event stream interfaces support interaction with file-backed audit event streams: .Xr au_close 3 , .Xr au_close_buffer 3 , .Xr au_free_token 3 , .Xr au_open 3 , .Xr au_write 3 , .Xr audit_submit 3 . .Ss Audit Class Interfaces Audit class interfaces support the look up of information from the .Xr audit_class 5 database: .Xr endauclass 3 , .Xr getauclassent 3 , .Xr getauclassent_r 3 , .Xr getauclassnam 3 , .Xr getauclassnam_r 3 , .Xr setauclass 3 . .Ss Audit Control Interfaces Audit control interfaces support the look up of information from the .Xr audit_control 5 database: .Xr endac 3 , .Xr setac 3 , .Xr getacdir 3 , .Xr getacfilesz 3 , .Xr getacflg 3 , .Xr getacmin 3 , .Xr getacna 3 , .Xr getacpol 3 , .Xr au_poltostr 3 , .Xr au_strtopol 3 . .Ss Audit Event Interfaces Audit event interfaces support the look up of information from the .Xr audit_event 5 database: .Xr endauevent 3 , .Xr setauevent 3 , .Xr getauevent 3 , .Xr getauevent_r 3 , .Xr getauevnam 3 , .Xr getauevnam_r 3 , .Xr getauevnonam 3 , .Xr getauevnonam_r 3 , .Xr getauevnum 3 , .Xr getauevnum_r 3 . .Ss Audit I/O Interfaces Audit I/O interfaces support the processing and printing of tokens, as well as the reading of audit records: .Xr au_fetch_tok 3 , .Xr au_print_tok 3 , .Xr au_read_rec 3 . .Ss Audit Mask Interfaces Audit mask interfaces convert support the conversion between strings and .Vt au_mask_t values. They may also be used to determine if a particular audit event is matched by a mask: .Xr au_preselect 3 , .Xr getauditflagsbin 3 , .Xr getauditflagschar 3 . .Ss Audit Notification Interfaces Audit notification routines track audit state in a form permitting efficient update, avoiding frequent system calls to check the kernel audit state: .Xr au_get_state 3 , .Xr au_notify_initialize 3 , .Xr au_notify_terminate 3 . These interfaces are implemented only for Darwin/Mac OS X. .Ss Audit Token Interface Audit token interfaces permit the creation of tokens for use in creating audit records for submission to event streams. Each interface converts a C type to its .Vt token_t representation: .Xr au_to_arg 3 , .Xr au_to_arg32 3 , .Xr au_to_arg64 3 , .Xr au_to_attr64 3 , .Xr au_to_data 3 , .Xr au_to_exec_args 3 , .Xr au_to_exec_env 3 , .Xr au_to_exit 3 , .Xr au_to_file 3 , .Xr au_to_groups 3 , .Xr au_to_header32 3 , .Xr au_to_header64 3 , .Xr au_to_in_addr 3 , .Xr au_to_in_addr_ex 3 , .Xr au_to_ip 3 , .Xr au_to_ipc 3 , .Xr au_to_ipc_perm 3 , .Xr au_to_iport 3 , .Xr au_to_me 3 , .Xr au_to_newgroups 3 , .Xr au_to_opaque 3 , .Xr au_to_path 3 , .Xr au_to_process 3 , .Xr au_to_process32 3 , .Xr au_to_process64 3 , .Xr au_to_process_ex 3 , .Xr au_to_process32_ex 3 , .Xr au_to_process64_ex 3 , .Xr au_to_return 3 , .Xr au_to_return32 3 , .Xr au_to_return64 3 , .Xr au_to_seq 3 , .Xr au_to_sock_inet 3 , .Xr au_to_sock_inet32 3 , .Xr au_to_sock_inet128 3 , .Xr au_to_socket_ex 3 , .Xr au_to_subject 3 , .Xr au_to_subject32 3 , .Xr au_to_subject64 3 , .Xr au_to_subject_ex 3 , .Xr au_to_subject32_ex 3 , .Xr au_to_subject64_ex 3 , .Xr au_to_text 3 , .Xr au_to_trailer 3 , .Xr au_to_zonename 3 . .Ss Audit User Interfaces Audit user interfaces support the look up of information from the .Xr audit_user 5 database: .Xr au_user_mask 3 , .Xr endauuser 3 , .Xr setauuser 3 , .Xr getauuserent 3 , .Xr getauuserent_r 3 , .Xr getauusernam 3 , .Xr getauusernam_r 3 , .Xr getfauditflags 3 . .Ss Audit Constant Conversion Interfaces These functions convert between BSM and local constants, including the .Xr errno 2 number, socket type, and protocol famil spaces, and must be used to generate and interpret BSM return and extended socket tokens: .Xr au_bsm_to_domain 3 , .Xr au_bsm_to_errno 3 , .Xr au_bsm_to_fcntl_cmd 3 , .Xr au_bsm_to_socket_type 3 , .Xr au_domain_to_bsm 3 , .Xr au_errno_to_bsm 3 , .Xr au_fcntl_cmd_to_bsm 3 , .Xr au_socket_type_to_bsm 3 . .Sh SEE ALSO .Xr au_class 3 , .Xr au_domain 3 , .Xr au_errno 3 , .Xr au_mask 3 , .Xr au_notify 3 , .Xr au_socket_type 3 , .Xr au_stream 3 , .Xr au_token 3 , .Xr au_user 3 , .Xr audit_submit 3 , .Xr audit_class 5 , .Xr audit_control 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by .An Robert Watson , .An Wayne Salamon , and .An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS Bugs would not be unlikely. .Pp The .Nm library implementations are generally thread-safe, but not reentrant. .Pp The assignment of routines to classes could use some work, as it is decidely ad hoc. For example, .Fn au_read_rec should probably be considered a stream routine. Index: head/contrib/openbsm/man/Makefile.am =================================================================== --- head/contrib/openbsm/man/Makefile.am (revision 292431) +++ head/contrib/openbsm/man/Makefile.am (revision 292432) @@ -1,24 +1,21 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/man/Makefile.am#2 $ -## - man2_MANS = \ audit.2 \ auditctl.2 \ auditon.2 \ getaudit.2 \ getauid.2 \ setaudit.2 \ setauid.2 man5_MANS = \ audit.log.5 \ audit_class.5 \ audit_control.5 \ audit_event.5 \ audit_user.5 \ audit_warn.5 -# How to do MLINKS in automake? -# MLINKS= getaudit.2 getaudit_addr.2 \ -# setaudit.2 setaudit_addr.2 +install-exec-hook: + cd $(DESTDIR)$(mandir) && \ + $(LN_S) -f getaudit.2 getaudit_addr.2 && \ + $(LN_S) -f setaudit.2 setaudit_addr.2 Index: head/contrib/openbsm/man/Makefile.in =================================================================== --- head/contrib/openbsm/man/Makefile.in (revision 292431) +++ head/contrib/openbsm/man/Makefile.in (revision 292432) @@ -1,539 +1,541 @@ # Makefile.in generated by automake 1.12.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2012 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__make_dryrun = \ { \ am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ *) \ for am__flg in $$MAKEFLAGS; do \ case $$am__flg in \ *=*|--*) ;; \ *n*) am__dry=yes; break;; \ esac; \ done;; \ esac; \ test $$am__dry = yes; \ } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = man DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man2dir = $(mandir)/man2 am__installdirs = "$(DESTDIR)$(man2dir)" "$(DESTDIR)$(man5dir)" man5dir = $(mandir)/man5 NROFF = nroff MANS = $(man2_MANS) $(man5_MANS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MIG = @MIG@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ man2_MANS = \ audit.2 \ auditctl.2 \ auditon.2 \ getaudit.2 \ getauid.2 \ setaudit.2 \ setauid.2 man5_MANS = \ audit.log.5 \ audit_class.5 \ audit_control.5 \ audit_event.5 \ audit_user.5 \ audit_warn.5 all: all-am .SUFFIXES: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign man/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man2: $(man2_MANS) @$(NORMAL_INSTALL) @list1='$(man2_MANS)'; \ list2=''; \ test -n "$(man2dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man2dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man2dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.2[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^2][0-9a-z]*$$,2,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man2dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man2dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man2dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man2dir)" || exit $$?; }; \ done; } uninstall-man2: @$(NORMAL_UNINSTALL) @list='$(man2_MANS)'; test -n "$(man2dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^2][0-9a-z]*$$,2,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man2dir)'; $(am__uninstall_files_from_dir) install-man5: $(man5_MANS) @$(NORMAL_INSTALL) @list1='$(man5_MANS)'; \ list2=''; \ test -n "$(man5dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.5[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list='$(man5_MANS)'; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) tags: TAGS TAGS: ctags: CTAGS CTAGS: cscope cscopelist: distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the 'missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically 'make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man2dir)" "$(DESTDIR)$(man5dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: - + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man2 install-man5 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man2 uninstall-man5 -.MAKE: install-am install-strip +.MAKE: install-am install-exec-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-man2 \ - install-man5 install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am uninstall uninstall-am uninstall-man uninstall-man2 \ - uninstall-man5 + install-exec install-exec-am install-exec-hook install-html \ + install-html-am install-info install-info-am install-man \ + install-man2 install-man5 install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \ + uninstall-man uninstall-man2 uninstall-man5 -# How to do MLINKS in automake? -# MLINKS= getaudit.2 getaudit_addr.2 \ -# setaudit.2 setaudit_addr.2 +install-exec-hook: + cd $(DESTDIR)$(mandir) && \ + $(LN_S) -f getaudit.2 getaudit_addr.2 && \ + $(LN_S) -f setaudit.2 setaudit_addr.2 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: Index: head/contrib/openbsm/man/audit.2 =================================================================== --- head/contrib/openbsm/man/audit.2 (revision 292431) +++ head/contrib/openbsm/man/audit.2 (revision 292432) @@ -1,104 +1,102 @@ .\"- .\" Copyright (c) 2005 Tom Rhodes .\" Copyright (c) 2005 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.2#9 $ -.\" .Dd April 19, 2005 .Dt AUDIT 2 .Os .Sh NAME .Nm audit .Nd "commit BSM audit record to audit log" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn audit "const char *record" "u_int length" .Sh DESCRIPTION The .Fn audit system call submits a completed BSM audit record to the system audit log. .Pp The .Fa record argument is a pointer to the specific event to be recorded and .Fa length is the size in bytes of the data to be written. .Sh RETURN VALUES .Rv -std .Sh ERRORS The .Fn audit system call will fail and the data never written if: .Bl -tag -width Er .It Bq Er EFAULT The .Fa record argument is beyond the allocated address space of the process. .It Bq Er EINVAL The token ID is invalid or .Va length is larger than .Dv MAXAUDITDATA . .It Bq Er EPERM The process does not have sufficient permission to complete the operation. .El .Sh SEE ALSO .Xr auditon 2 , .Xr getaudit 2 , .Xr getaudit_addr 2 , .Xr getauid 2 , .Xr setaudit 2 , .Xr setaudit_addr 2 , .Xr setauid 2 , .Xr libbsm 3 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Pp This manual page was written by .An Tom Rhodes Aq trhodes@FreeBSD.org . .Sh BUGS The .Fx kernel does not fully validate that the argument passed is syntactically valid BSM. Submitting invalid audit records may corrupt the audit log. Index: head/contrib/openbsm/man/audit.log.5 =================================================================== --- head/contrib/openbsm/man/audit.log.5 (revision 292431) +++ head/contrib/openbsm/man/audit.log.5 (revision 292432) @@ -1,672 +1,670 @@ .\"- .\" Copyright (c) 2005-2006 Robert N. M. Watson .\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#26 $ -.\" .Dd November 5, 2006 .Dt AUDIT.LOG 5 .Os .Sh NAME .Nm audit .Nd "Basic Security Module (BSM) file format" .Sh DESCRIPTION The .Nm file format is based on Sun's Basic Security Module (BSM) file format, a token-based record stream to represent system audit data. This file format is both flexible and extensible, able to describe a broad range of data types, and easily extended to describe new data types in a moderately backward and forward compatible way. .Pp BSM token streams typically begin and end with a .Dq file token, which provides time stamp and file name information for the stream; when processing a BSM token stream from a stream as opposed to a single file source, file tokens may be seen at any point between ordinary records identifying when particular parts of the stream begin and end. All other tokens will appear in the context of a complete BSM audit record, which begins with a .Dq header token, and ends with a .Dq trailer token, which describe the audit record. Between these two tokens will appear a variety of data tokens, such as process information, file path names, IPC object information, MAC labels, socket information, and so on. .Pp The BSM file format defines specific token orders for each record event type; however, some variation may occur depending on the operating system in use, what system options, such as mandatory access control, are present. .Pp This manual page documents the common token types and their binary format, and is intended for reference purposes only. It is recommended that application programmers use the .Xr libbsm 3 interface to read and write tokens, rather than parsing or constructing records by hand. .Ss File Token The .Dq file token is used at the beginning and end of an audit log file to indicate when the audit log begins and ends. It includes a pathname so that, if concatenated together, original file boundaries are still observable, and gaps in the audit log can be identified. A .Dq file token can be created using .Xr au_to_file 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Seconds 4 bytes File time stamp" .It "Microseconds 4 bytes File time stamp" .It "File name length 2 bytes File name of audit trail" .It "File pathname N bytes + 1 NUL File name of audit trail" .El .Ss Header Token The .Dq header token is used to mark the beginning of a complete audit record, and includes the length of the total record in bytes, a version number for the record layout, the event type and subtype, and the time at which the event occurred. A 32-bit .Dq header token can be created using .Xr au_to_header32 3 ; a 64-bit .Dq header token can be created using .Xr au_to_header64 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Record Byte Count 4 bytes Number of bytes in record" .It "Version Number 2 bytes Record version number" .It "Event Type 2 bytes Event type" .It "Event Modifier 2 bytes Event sub-type" .It "Seconds 4/8 bytes Record time stamp (32/64-bits)" .It "Nanoseconds 4/8 bytes Record time stamp (32/64-bits)" .El .Ss Expanded Header Token The .Dq expanded header token is an expanded version of the .Dq header token, with the addition of a machine IPv4 or IPv6 address. A 32-bit extended .Dq header token can be created using .Xr au_to_header32_ex 3 ; a 64-bit extended .Dq header token can be created using .Xr au_to_header64_ex 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Record Byte Count 4 bytes Number of bytes in record" .It "Version Number 2 bytes Record version number" .It "Event Type 2 bytes Event type" .It "Event Modifier 2 bytes Event sub-type" .It "Address Type/Length 1 byte Host address type and length" .It "Machine Address 4/16 bytes IPv4 or IPv6 address" .It "Seconds 4/8 bytes Record time stamp (32/64-bits)" .It "Nanoseconds 4/8 bytes Record time stamp (32/64-bits)" .El .Ss Trailer Token The .Dq trailer terminates a BSM audit record, and contains a magic number, .Dv AUT_TRAILER_MAGIC and length that can be used to validate that the record was read properly. A .Dq trailer token can be created using .Xr au_to_trailer 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Trailer Magic 2 bytes Trailer magic number" .It "Record Byte Count 4 bytes Number of bytes in record" .El .Ss Arbitrary Data Token The .Dq arbitrary data token contains a byte stream of opaque (untyped) data. The size of the data is calculated as the size of each unit of data multiplied by the number of units of data. A .Dq How to print field is present to specify how to print the data, but interpretation of that field is not currently defined. An .Dq arbitrary data token can be created using .Xr au_to_data 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "How to Print 1 byte User-defined printing information" .It "Basic Unit 1 byte Size of a unit in bytes" .It "Unit Count 1 byte Number of units of data present" .It "Data Items Variable User data" .El .Ss in_addr Token The .Dq in_addr token holds a network byte order IPv4 address. An .Dq in_addr token can be created using .Xr au_to_in_addr 3 for an IPv4 address. .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "IP Address 4 bytes IPv4 address" .El .Ss Expanded in_addr Token The .Dq in_addr_ex token holds a network byte order IPv4 or IPv6 address. An .Dq in_addr_ex token can be created using .Xr au_to_in_addr_ex 3 for an IPv6 address. .Pp See the .Sx BUGS section for information on the storage of this token. .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "IP Address Type 1 byte Type of address" .It "IP Address 4/16 bytes IPv4 or IPv6 address" .El .Ss ip Token The .Dq ip token contains an IP packet header in network byte order. An .Dq ip token can be created using .Xr au_to_ip 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Version and IHL 1 byte Version and IP header length" .It "Type of Service 1 byte IP TOS field" .It "Length 2 bytes IP packet length in network byte order" .It "ID 2 bytes IP header ID for reassembly" .It "Offset 2 bytes IP fragment offset and flags, network byte order" .It "TTL 1 byte IP Time-to-Live" .It "Protocol 1 byte IP protocol number" .It "Checksum 2 bytes IP header checksum, network byte order" .It "Source Address 4 bytes IPv4 source address" .It "Destination Address 4 bytes IPv4 destination address" .El .Ss iport Token The .Dq iport token stores an IP port number in network byte order. An .Dq iport token can be created using .Xr au_to_iport 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Port Number 2 bytes Port number in network byte order" .El .Ss Path Token The .Dq path token contains a pathname. A .Dq path token can be created using .Xr au_to_path 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Path Length 2 bytes Length of path in bytes" .It "Path N bytes + 1 NUL Path name" .El .Ss path_attr Token The .Dq path_attr token contains a set of NUL-terminated path names. The .Xr libbsm 3 API cannot currently create a .Dq path_attr token. .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Count 2 bytes Number of NUL-terminated string(s) in token" .It "Path Variable count NUL-terminated string(s)" .El .Ss Process Token The .Dq process token contains a description of the security properties of a process involved as the target of an auditable event, such as the destination for signal delivery. It should not be confused with the .Dq subject token, which describes the subject performing an auditable event. This includes both the traditional .Ux security properties, such as user IDs and group IDs, but also audit information such as the audit user ID and session. A .Dq process token can be created using .Xr au_to_process32 3 or .Xr au_to_process64 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Audit ID 4 bytes Audit user ID" .It "Effective User ID 4 bytes Effective user ID" .It "Effective Group ID 4 bytes Effective group ID" .It "Real User ID 4 bytes Real user ID" .It "Real Group ID 4 bytes Real group ID" .It "Process ID 4 bytes Process ID" .It "Session ID 4 bytes Audit session ID" .It "Terminal Port ID 4/8 bytes Terminal port ID (32/64-bits)" .It "Terminal Machine Address 4 bytes IP address of machine" .El .Ss Expanded Process Token The .Dq expanded process token contains the contents of the .Dq process token, with the addition of a machine address type and variable length address storage capable of containing IPv6 addresses. An .Dq expanded process token can be created using .Xr au_to_process32_ex 3 or .Xr au_to_process64_ex 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Audit ID 4 bytes Audit user ID" .It "Effective User ID 4 bytes Effective user ID" .It "Effective Group ID 4 bytes Effective group ID" .It "Real User ID 4 bytes Real user ID" .It "Real Group ID 4 bytes Real group ID" .It "Process ID 4 bytes Process ID" .It "Session ID 4 bytes Audit session ID" .It "Terminal Port ID 4/8 bytes Terminal port ID (32/64-bits)" .It "Terminal Address Type/Length 1 byte Length of machine address" .It "Terminal Machine Address 4 bytes IPv4 or IPv6 address of machine" .El .Ss Return Token The .Dq return token contains a system call or library function return condition, including return value and error number associated with the global variable .Er errno . A .Dq return token can be created using .Xr au_to_return32 3 or .Xr au_to_return64 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Error Number 1 byte Errno value, or 0 if undefined" .It "Return Value 4/8 bytes Return value (32/64-bits)" .El .Ss Subject Token The .Dq subject token contains information on the subject performing the operation described by an audit record, and includes similar information to that found in the .Dq process and .Dq expanded process tokens. However, those tokens are used where the process being described is the target of the operation, not the authorizing party. A .Dq subject token can be created using .Xr au_to_subject32 3 and .Xr au_to_subject64 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Audit ID 4 bytes Audit user ID" .It "Effective User ID 4 bytes Effective user ID" .It "Effective Group ID 4 bytes Effective group ID" .It "Real User ID 4 bytes Real user ID" .It "Real Group ID 4 bytes Real group ID" .It "Process ID 4 bytes Process ID" .It "Session ID 4 bytes Audit session ID" .It "Terminal Port ID 4/8 bytes Terminal port ID (32/64-bits)" .It "Terminal Machine Address 4 bytes IP address of machine" .El .Ss Expanded Subject Token The .Dq expanded subject token consists of the same elements as the .Dq subject token, with the addition of type/length and variable size machine address information in the terminal ID. An .Dq expanded subject token can be created using .Xr au_to_subject32_ex 3 or .Xr au_to_subject64_ex 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Audit ID 4 bytes Audit user ID" .It "Effective User ID 4 bytes Effective user ID" .It "Effective Group ID 4 bytes Effective group ID" .It "Real User ID 4 bytes Real user ID" .It "Real Group ID 4 bytes Real group ID" .It "Process ID 4 bytes Process ID" .It "Session ID 4 bytes Audit session ID" .It "Terminal Port ID 4/8 bytes Terminal port ID (32/64-bits)" .It "Terminal Address Type/Length 1 byte Length of machine address" .It "Terminal Machine Address 4 bytes IPv4 or IPv6 address of machine" .El .Ss System V IPC Token The .Dq System V IPC token contains the System V IPC message handle, semaphore handle or shared memory handle. A System V IPC token may be created using +.Xr au_to_ipc 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Object ID type 1 byte Object ID" .It "Object ID 4 bytes Object ID" .El .Ss Text Token The .Dq text token contains a single NUL-terminated text string. A .Dq text token may be created using .Xr au_to_text 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Text Length 2 bytes Length of text string including NUL" .It "Text N bytes + 1 NUL Text string including NUL" .El .Ss Attribute Token The .Dq attribute token describes the attributes of a file associated with the audit event. As files may be identified by 0, 1, or many path names, a path name is not included with the attribute block for a file; optional .Dq path tokens may also be present in an audit record indicating which path, if any, was used to reach the object. An .Dq attribute token can be created using .Xr au_to_attr32 3 or .Xr au_to_attr64 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "File Access Mode 1 byte mode_t associated with file" .It "Owner User ID 4 bytes uid_t associated with file" .It "Owner Group ID 4 bytes gid_t associated with file" .It "File System ID 4 bytes fsid_t associated with file" .It "File System Node ID 8 bytes ino_t associated with file" .It "Device 4/8 bytes Device major/minor number (32/64-bit)" .El .Ss Groups Token The .Dq groups token contains a list of group IDs associated with the audit event. A .Dq groups token can be created using .Xr au_to_groups 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Number of Groups 2 bytes Number of groups in token" .It "Group List N * 4 bytes List of N group IDs" .El .Ss System V IPC Permission Token The .Dq System V IPC permission token contains a System V IPC access permissions. A System V IPC permission token may be created using .Xr au_to_ipc_perm 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It Li "Owner user ID" Ta "4 bytes" Ta "User ID of IPC owner" .It Li "Owner group ID" Ta "4 bytes" Ta "Group ID of IPC owner" .It Li "Creator user ID" Ta "4 bytes" Ta "User ID of IPC creator" .It Li "Creator group ID" Ta "4 bytes" Ta "Group ID of IPC creator" .It Li "Access mode" Ta "4 bytes" Ta "Access mode" .It Li "Sequence number" Ta "4 bytes" Ta "Sequence number" .It Li "Key" Ta "4 bytes" Ta "IPC key" .El .Ss Arg Token The .Dq arg token contains information about arguments of the system call. Depending on the size of the desired argument value, an Arg token may be created using .Xr au_to_arg32 3 or .Xr au_to_arg64 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It Li "Argument ID" Ta "1 byte" Ta "Argument ID" .It Li "Argument value" Ta "4/8 bytes" Ta "Argument value" .It Li "Length" Ta "2 bytes" Ta "Length of the text" .It Li "Text" Ta "N bytes + 1 nul" Ta "The string including nul" .El .Ss exec_args Token The .Dq exec_args token contains information about arguments of the exec() system call. An exec_args token may be created using .Xr au_to_exec_args 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It Li "Count" Ta "4 bytes" Ta "Number of arguments" .It Li "Text" Ta "* bytes" Ta "Count nul-terminated strings" .El .Ss exec_env Token The .Dq exec_env token contains current environment variables to an exec() system call. An exec_args token may be created using .Xr au_to_exec_env 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It Li "Count ID" Ta "4 bytes" Ta "Number of variables" .It Li "Text" Ta "* bytes" Ta "Count nul-terminated strings" .El .Ss Exit Token The .Dq exit token contains process exit/return code information. An .Dq exit token can be created using .Xr au_to_exit 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Status 4 bytes Process status on exit" .It "Return Value 4 bytes Process return value on exit" .El .Ss Socket Token The .Dq socket token contains information about UNIX domain and Internet sockets. Each token has four or eight fields. Depending on the type of socket, a socket token may be created using .Xr au_to_sock_unix 3 , .Xr au_to_sock_inet32 3 or .Xr au_to_sock_inet128 3 . .Bl -column -offset 3n ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" .It Sy "Field" Ta Sy Bytes Ta Sy Description .It Li "Token ID" Ta "1 byte" Ta "Token ID" .It Li "Socket family" Ta "2 bytes" Ta "Socket family" .It Li "Local port" Ta "2 bytes" Ta "Local port" .It Li "Socket address" Ta "4 bytes" Ta "Socket address" .El .Ss Expanded Socket Token The .Dq expanded socket token contains information about IPv4 and IPv6 sockets. A .Dq expanded socket token can be created using .Xr au_to_socket_ex 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It Li "Token ID" Ta "1 byte" Ta "Token ID" .It Li "Socket domain" Ta "2 bytes" Ta "Socket domain" .It Li "Socket type" Ta "2 bytes" Ta "Socket type" .It Li "Address type" Ta "2 byte" Ta "Address type (IPv4/IPv6)" .It Li "Local port" Ta "2 bytes" Ta "Local port" .It Li "Local IP address" Ta "4/16 bytes" Ta "Local IP address" .It Li "Remote port" Ta "2 bytes" Ta "Remote port" .It Li "Remote IP address" Ta "4/16 bytes" Ta "Remote IP address" .El .Ss Seq Token The .Dq seq token contains a unique and monotonically increasing audit event sequence ID. Due to the limited range of 32 bits, serial number arithmetic and caution should be used when comparing sequence numbers. .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Sequence Number 4 bytes Audit event sequence number" .El .Ss privilege Token The .Dq privilege token ... .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .El .Ss Use-of-auth Token The .Dq use-of-auth token ... .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .El .Ss Command Token The .Dq command token ... .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .El .Ss ACL Token The .Dq ACL token ... .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .El .Ss Zonename Token The .Dq zonename token holds a NUL-terminated string with the name of the zone or jail from which the record originated. A .Dq zonename token can be created using .Xr au_to_zonename 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" .It "Zonename length 2 bytes Length of zonename string including NUL" .It "Zonename N bytes + 1 NUL Zonename string including NUL" .El .Sh SEE ALSO .Xr auditreduce 1 , .Xr praudit 1 , .Xr libbsm 3 , .Xr audit 4 , .Xr auditpipe 4 , .Xr audit 8 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Pp This manual page was written by .An Robert Watson Aq rwatson@FreeBSD.org . .Sh BUGS The .Dq How to print field in the .Dq arbitrary data token has undefined values. .Pp The .Dq in_addr and .Dq in_addr_ex token layout documented here appears to be in conflict with the .Xr libbsm 3 implementation of .Xr au_to_in_addr_ex 3 . Index: head/contrib/openbsm/man/audit_class.5 =================================================================== --- head/contrib/openbsm/man/audit_class.5 (revision 292431) +++ head/contrib/openbsm/man/audit_class.5 (revision 292432) @@ -1,80 +1,78 @@ .\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#11 $ -.\" .Dd January 24, 2004 .Dt AUDIT_CLASS 5 .Os .Sh NAME .Nm audit_class .Nd "audit event class descriptions" .Sh DESCRIPTION The .Nm file contains descriptions of the auditable event classes on the system. Each auditable event is a member of an event class. Each line maps an audit event mask (bitmap) to a class and a description. Entries are of the form: .Pp .D1 Ar classmask Ns : Ns Ar eventclass Ns : Ns Ar description .Pp Example entries in this file are: .Bd -literal -offset indent 0x00000000:no:invalid class 0x00000001:fr:file read 0x00000002:fw:file write 0x00000004:fa:file attribute access 0x00000080:pc:process 0xffffffff:all:all flags set .Ed .Sh FILES .Bl -tag -width ".Pa /etc/security/audit_class" -compact .It Pa /etc/security/audit_class .El .Sh SEE ALSO .Xr audit 4 , .Xr audit_control 5 , .Xr audit_event 5 , .Xr audit_user 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/man/audit_control.5 =================================================================== --- head/contrib/openbsm/man/audit_control.5 (revision 292431) +++ head/contrib/openbsm/man/audit_control.5 (revision 292432) @@ -1,297 +1,295 @@ .\" Copyright (c) 2004-2009 Apple Inc. .\" Copyright (c) 2006 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#26 $ -.\" .Dd May 14, 2009 .Dt AUDIT_CONTROL 5 .Os .Sh NAME .Nm audit_control .Nd "audit system parameters" .Sh DESCRIPTION The .Nm file contains several audit system parameters. Each line of this file is of the form: .Pp .D1 Ar parameter Ns : Ns Ar value .Pp The parameters are: .Bl -tag -width indent .It Va dir The directory where audit log files are stored. There may be more than one of these entries. Changes to this entry can only be enacted by restarting the audit system. See .Xr audit 8 for a description of how to restart the audit system. .It Va dist When set to .Va on or .Va yes , .Xr auditd 8 will be creating hardlinks to all trail files in .Pa /var/audit/dist directory. Those hardlinks will be consumed by the .Xr auditdistd 8 daemon. .It Va flags Specifies which audit event classes are audited for all users. .Xr audit_user 5 describes how to audit events for individual users. See the information below for the format of the audit flags. .It Va host Specify the hostname or IP address to be used when setting the local systems's audit host information. This hostname will be converted into an IP or IPv6 address and will be included in the header of each audit record. Due to the possibility of transient errors coupled with the security issues in the DNS protocol itself, the use of DNS should be avoided. Instead, it is strongly recommended that the hostname be specified in the /etc/hosts file. For more information see .Xr hosts 5 . .It Va naflags Contains the audit flags that define what classes of events are audited when an action cannot be attributed to a specific user. .It Va minfree The minimum free space required on the file system audit logs are being written to. When the free space falls below this limit a warning will be issued. If no value for the minimum free space is set, the default of 20 percent is applied by the kernel. .It Va policy A list of global audit policy flags specifying various behaviors, such as fail stop, auditing of paths and arguments, etc. .It Va filesz Maximum trail size in bytes; if set to a non-0 value, the audit daemon will rotate the audit trail file at around this size. Sizes less than the minimum trail size (default of 512K) will be rejected as invalid. If 0, trail files will not be automatically rotated based on file size. For convenience, the trail size may be expressed with suffix letters: B (Bytes), K (Kilobytes), M (Megabytes), or G (Gigabytes). For example, 2M is the same as 2097152. .It Va expire-after Specifies when audit log files will expire and be removed. This may be after a time period has passed since the file was last written to or when the aggregate of all the trail files have reached a specified size or a combination of both. If no expire-after parameter is given then audit log files will not expire and be removed by the audit control system. See the information below for the format of the expiration specification. .El .Sh AUDIT FLAGS Audit flags are a comma-delimited list of audit classes as defined in the .Xr audit_class 5 file. Event classes may be preceded by a prefix which changes their interpretation. The following prefixes may be used for each class: .Pp .Bl -tag -width indent -compact -offset indent .It (none) Record both successful and failed events. .It Li + Record successful events. .It Li - Record failed events. .It Li ^ Record neither successful nor failed events. .It Li ^+ Do not record successful events. .It Li ^- Do not record failed events. .El .Sh AUDIT POLICY FLAGS The policy flags field is a comma-delimited list of policy flags from the following list: .Pp .Bl -tag -width ".Cm zonename" -compact -offset indent .It Cm cnt Allow processes to continue running even though events are not being audited. If not set, processes will be suspended when the audit store space is exhausted. Currently, this is not a recoverable state. .It Cm ahlt Fail stop the system if unable to audit an event\[em]this consists of first draining pending records to disk, and then halting the operating system. .It Cm argv Audit command line arguments to .Xr execve 2 . .It Cm arge Audit environmental variable arguments to .Xr execve 2 . .It Cm seq Include a unique audit sequence number token in generated audit records (not implemented on .Fx or Darwin). .It Cm group Include supplementary groups list in generated audit records (not implemented on .Fx or Darwin; supplementary groups are never included in records on these systems). .It Cm trail Append a trailer token to each audit record (not implemented on .Fx or Darwin; trailers are always included in records on these systems). .It Cm path Include secondary file paths in audit records (not implemented on .Fx or Darwin; secondary paths are never included in records on these systems). .It Cm zonename Include a zone ID token with each audit record (not implemented on .Fx or Darwin; .Fx audit records do not currently include the jail ID or name). .It Cm perzone Enable auditing for each local zone (not implemented on .Fx or Darwin; on .Fx , audit records are collected from all jails and placed in a single global trail, and only limited audit controls are permitted within a jail). .El .Pp It is recommended that installations set the .Cm cnt flag but not .Cm ahlt flag unless it is intended that audit logs exceeding available disk space halt the system. .Sh AUDIT LOG EXPIRATION SPECIFICATION The expiration specification can be one value or two values with the logical conjunction of AND/OR between them. Values for the audit log file age are numbers with the following suffixes: .Pp .Bl -tag -width "(space) or" -compact -offset indent .It Li s Log file age in seconds. .It Li h Log file age in hours. .It Li d Log file age in days. .It Li y Log file age in years. .El .Pp Values for the disk space used are numbers with the following suffixes: .Pp .Bl -tag -width "(space) or" -compact -offset indent .It (space) or .It Li B Disk space used in Bytes. .It Li K Disk space used in Kilobytes. .It Li M Disk space used in Megabytes. .It Li G Disk space used in Gigabytes. .El .Pp The suffixes on the values are case sensitive. If both an age and disk space value are used they are separated by AND or OR and both values are used to determine when audit log files expire. In the case of AND, both the age and disk space conditions must be met before the log file is removed. In the case of OR, either condition may expire the log file. For example: .Bd -literal -offset indent expire-after: 60d AND 1G .Ed .Pp will expire files that are older than 60 days but only if 1 gigabyte of disk space total is being used by the audit logs. .Sh DEFAULT The following settings appear in the default .Nm file: .Bd -literal -offset indent dir:/var/audit flags:lo,aa minfree:5 naflags:lo,aa policy:cnt,argv filesz:2M expire-after:10M .Ed .Pp The .Va flags parameter above specifies the system-wide mask corresponding to login/logout as well as authentication and authorization events. The .Va policy parameter specifies that the system should neither fail stop nor suspend processes when the audit store fills and that command line arguments should be audited for .Dv AUE_EXECVE events. The trail file will be automatically rotated by the audit daemon when the file size reaches approximately 2MB. Trail files will expire when their aggregate size exceeds 10MB. .Sh FILES .Bl -tag -width ".Pa /etc/security/audit_control" -compact .It Pa /etc/security/audit_control .El .Sh SEE ALSO .Xr auditon 2 , .Xr audit 4 , .Xr audit_class 5 , .Xr audit_event 5 , .Xr audit_user 5 , .Xr audit 8 , .Xr auditd 8 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/man/audit_event.5 =================================================================== --- head/contrib/openbsm/man/audit_event.5 (revision 292431) +++ head/contrib/openbsm/man/audit_event.5 (revision 292432) @@ -1,84 +1,82 @@ .\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#12 $ -.\" .Dd January 24, 2004 .Dt AUDIT_EVENT 5 .Os .Sh NAME .Nm audit_event .Nd "audit event descriptions" .Sh DESCRIPTION The .Nm file contains descriptions of the auditable events on the system. Each line maps an audit event number to a name, a description, and a class. Entries are of the form: .Pp .Sm off .D1 Ar eventnum : eventname : description : eventclass .Sm on .Pp Each .Ar eventclass should have a corresponding entry in the .Xr audit_class 5 file. .Pp Example entries in this file are: .Bd -literal -offset indent 0:AUE_NULL:indir system call:no 1:AUE_EXIT:exit(2):pc 2:AUE_FORK:fork(2):pc 3:AUE_OPEN:open(2):fa .Ed .Sh FILES .Bl -tag -width ".Pa /etc/security/audit_event" -compact .It Pa /etc/security/audit_event .El .Sh SEE ALSO .Xr audit 4 , .Xr audit_class 5 , .Xr audit_control 5 , .Xr audit_user 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/man/audit_user.5 =================================================================== --- head/contrib/openbsm/man/audit_user.5 (revision 292431) +++ head/contrib/openbsm/man/audit_user.5 (revision 292432) @@ -1,120 +1,118 @@ .\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#14 $ -.\" .Dd January 4, 2008 .Dt AUDIT_USER 5 .Os .Sh NAME .Nm audit_user .Nd "events to be audited for given users" .Sh DESCRIPTION The .Nm file specifies which audit event classes are to be audited for the given users. If specified, these flags are combined with the system-wide audit flags in the .Xr audit_control 5 file to determine which classes of events to audit for that user. These settings take effect when the user logs in. .Pp Each line maps a user name to a list of classes that should be audited and a list of classes that should not be audited. Entries are of the form: .Pp .D1 Ar username Ns : Ns Ar alwaysaudit Ns : Ns Ar neveraudit .Pp In the format above, .Ar alwaysaudit is a set of event classes that are always audited, and .Ar neveraudit is a set of event classes that should not be audited. These sets can indicate the inclusion or exclusion of multiple classes, and whether to audit successful or failed events. See .Xr audit_control 5 for more information about audit flags. .Pp Example entries in this file are: .Bd -literal -offset indent root:lo,ad:no jdoe:-fc,ad:+fw .Ed .Pp These settings would cause login/logout and administrative events that are performed on behalf of user .Dq Li root to be audited. No failure events are audited. For the user .Dq Li jdoe , failed file creation events are audited, administrative events are audited, and successful file write events are never audited. .Sh IMPLEMENTATION NOTES Per-user and global audit preselection configuration are evaluated at time of login, so users must log out and back in again for audit changes relating to preselection to take effect. .Pp Audit record preselection occurs with respect to the audit identifier associated with a process, rather than with respect to the UNIX user or group ID. The audit identifier is set as part of the user credential context as part of login, and typically does not change as a result of running setuid or setgid applications, such as .Xr su 1 . This has the advantage that events that occur after running .Xr su 1 can be audited to the original authenticated user, as required by CAPP, but may be surprising if not expected. .Sh FILES .Bl -tag -width ".Pa /etc/security/audit_user" -compact .It Pa /etc/security/audit_user .El .Sh SEE ALSO .Xr login 1 , .Xr su 1 , .Xr audit 4 , .Xr audit_class 5 , .Xr audit_control 5 , .Xr audit_event 5 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/man/audit_warn.5 =================================================================== --- head/contrib/openbsm/man/audit_warn.5 (revision 292431) +++ head/contrib/openbsm/man/audit_warn.5 (revision 292432) @@ -1,76 +1,74 @@ .\" Copyright (c) 2004 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of Apple Inc. ("Apple") nor the names of .\" its contributors may be used to endorse or promote products derived .\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR .\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_warn.5#10 $ -.\" .Dd March 17, 2004 .Dt AUDIT_WARN 5 .Os .Sh NAME .Nm audit_warn .Nd "alert when audit daemon issues warnings" .Sh DESCRIPTION The .Nm script runs when .Xr auditd 8 generates warning messages. .Pp The default .Nm is a script whose first parameter is the type of warning; the script appends its arguments to .Pa /etc/security/audit_messages . Administrators may replace this script: a more comprehensive one would take different actions based on the type of warning. For example, a low-space warning could result in an email message being sent to the administrator. .Sh FILES .Bl -tag -width ".Pa /etc/security/audit_messages" -compact .It Pa /etc/security/audit_warn .It Pa /etc/security/audit_messages .El .Sh SEE ALSO .Xr audit 4 , .Xr auditd 8 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. Index: head/contrib/openbsm/man/auditctl.2 =================================================================== --- head/contrib/openbsm/man/auditctl.2 (revision 292431) +++ head/contrib/openbsm/man/auditctl.2 (revision 292432) @@ -1,85 +1,83 @@ .\"- .\" Copyright (c) 2005-2006 Robert N. M. Watson .\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditctl.2#9 $ -.\" .Dd April 19, 2005 .Dt AUDITCTL 2 .Os .Sh NAME .Nm auditctl .Nd "configure system audit parameters" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn auditctl "const char *path" .Sh DESCRIPTION The .Fn auditctl system call directs the kernel to open a new audit trail log file. It requires an appropriate privilege. The .Fn auditctl system call opens new files, but .Xr auditon 2 is used to disable the audit log. .Sh RETURN VALUES .Rv -std .Sh ERRORS The .Fn auditctl system call will fail if: .Bl -tag -width Er .It Bq Er EINVAL The path is invalid. .It Bq Er EPERM The process does not have sufficient permission to complete the operation. .El .Sh SEE ALSO .Xr auditon 2 , .Xr libbsm 3 , .Xr auditd 8 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Pp This manual page was written by .An Robert Watson Aq rwatson@FreeBSD.org . Index: head/contrib/openbsm/man/auditon.2 =================================================================== --- head/contrib/openbsm/man/auditon.2 (revision 292431) +++ head/contrib/openbsm/man/auditon.2 (revision 292432) @@ -1,506 +1,504 @@ .\"- .\" Copyright (c) 2008-2009 Apple Inc. .\" Copyright (c) 2005 Robert N. M. Watson .\" Copyright (c) 2005 Tom Rhodes .\" Copyright (c) 2005 Wayne J. Salamon .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#18 $ -.\" .Dd January 29, 2009 .Dt AUDITON 2 .Os .Sh NAME .Nm auditon .Nd "configure system audit parameters" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn auditon "int cmd" "void *data" "u_int length" .Sh DESCRIPTION The .Fn auditon system call is used to manipulate various audit control operations. The .Fa data argument should point to a structure whose type depends on the command. The .Fa length argument specifies the size of .Fa *data in bytes. The .Fa cmd argument may be any of the following: .Bl -tag -width ".It Dv A_GETPINFO_ADDR" .It Dv A_SETPOLICY Set audit policy flags. The .Fa data argument must point to a .Vt int value set to one or more the following audit policy control values bitwise OR'ed together: .Dv AUDIT_CNT , .Dv AUDIT_AHLT , .Dv AUDIT_ARGV , and .Dv AUDIT_ARGE . If .Dv AUDIT_CNT is set, the system will continue even if it becomes low on space and discontinue logging events until the low space condition is remedied. If it is not set, audited events will block until the low space condition is remedied. Unaudited events, however, are unaffected. If .Dv AUDIT_AHLT is set, a .Xr panic 9 if it cannot write an event to the global audit log file. If .Dv AUDIT_ARGV is set, then the argument list passed to the .Xr execve 2 system call will be audited. If .Dv AUDIT_ARGE is set, then the environment variables passed to the .Xr execve 2 system call will be audited. The default policy is none of the audit policy control flags set. .It Dv A_SETKAUDIT Set the host information. The .Fa data argument must point to a .Vt auditinfo_addr_t structure containing the host IP address information. After setting, audit records that are created as a result of kernel events will contain this information. .It Dv A_SETKMASK Set the kernel preselection masks (success and failure). The .Fa data argument must point to a .Vt au_mask_t structure containing the mask values as defined in .In bsm/audit.h . These masks are used for non-attributable audit event preselection. The field .Fa am_success specifies which classes of successful audit events are to be logged to the audit trail. The field .Fa am_failure specifies which classes of failed audit events are to be logged. The value of both fields is the bitwise OR'ing of the audit event classes specified in .Fa bsm/audit.h . The various audit classes are described more fully in .Xr audit_class 5 . .It Dv A_SETQCTRL Set kernel audit queue parameters. The .Fa data argument must point to a .Vt au_qctrl_t structure (defined in .In bsm/audit.h ) containing the kernel audit queue control settings: .Fa aq_hiwater , .Fa aq_lowater , .Fa aq_bufsz , .Fa aq_delay , and .Fa aq_minfree . The field .Fa aq_hiwater defines the maximum number of audit record entries in the queue used to store the audit records ready for delivery to disk. New records are inserted at the tail of the queue and removed from the head. For new records which would exceed the high water mark, the calling thread is inserted into the wait queue, waiting for the audit queue to have enough space available as defined with the field .Fa aq_lowater . The field .Fa aq_bufsz defines the maximum length of the audit record that can be supplied with .Xr audit 2 . The field .Fa aq_delay is unused. The field .Fa aq_minfree specifies the minimum amount of free blocks on the disk device used to store audit records. If the value of free blocks falls below the configured minimum amount, the kernel informs the audit daemon about low disk space. The value is to be specified in percent of free file system blocks. A value of 0 results in a disabling of the check. The default and maximum values (default/maximum) for the audit queue control parameters are: .Pp .Bl -column aq_hiwater -offset indent -compact .It aq_hiwater Ta 100/10000 (audit records) .It aq_lowater Ta 10/aq_hiwater (audit records) .It aq_bufsz Ta 32767/1048576 (bytes) .It aq_delay Ta (Not currently used.) .El .It Dv A_SETSTAT Return .Er ENOSYS . (Not implemented.) .It Dv A_SETUMASK Return .Er ENOSYS . (Not implemented.) .It Dv A_SETSMASK Return .Er ENOSYS . (Not implemented.) .It Dv A_SETCOND Set the current auditing condition. The .Fa data argument must point to a .Vt int value containing the new audit condition, one of .Dv AUC_AUDITING , .Dv AUC_NOAUDIT , or .Dv AUC_DISABLED . If .Dv AUC_NOAUDIT is set, then auditing is temporarily suspended. If .Dv AUC_AUDITING is set, auditing is resumed. If .Dv AUC_DISABLED is set, the auditing system will shutdown, draining all audit records and closing out the audit trail file. .It Dv A_SETCLASS Set the event class preselection mask for an audit event. The .Fa data argument must point to a .Vt au_evclass_map_t structure containing the audit event and mask. The field .Fa ec_number is the audit event and .Fa ec_class is the audit class mask. See .Xr audit_event 5 for more information on audit event to class mapping. .It Dv A_SETPMASK Set the preselection masks for a process. The .Fa data argument must point to a .Vt auditpinfo_t structure that contains the given process's audit preselection masks for both success and failure. The field .Fa ap_pid is the process id of the target process. The field .Fa ap_mask must point to a .Fa au_mask_t structure which holds the preselection masks as described in the .Dv A_SETKMASK section above. .It Dv A_SETFSIZE Set the maximum size of the audit log file. The .Fa data argument must point to a .Vt au_fstat_t structure with the .Va af_filesz field set to the maximum audit log file size. A value of 0 indicates no limit to the size. .It Dv A_GETCLASS Return the event to class mapping for the designated audit event. The .Fa data argument must point to a .Vt au_evclass_map_t structure. See the .Dv A_SETCLASS section above for more information. .It Dv A_GETKAUDIT Get the current host information. The .Fa data argument must point to a .Vt auditinfo_addr_t structure. .It Dv A_GETPINFO Return the audit settings for a process. The .Fa data argument must point to a .Vt auditpinfo_t structure which will be set to contain .Fa ap_auid (the audit ID), .Fa ap_mask (the preselection mask), .Fa ap_termid (the terminal ID), and .Fa ap_asid (the audit session ID) of the given target process. The process ID of the target process is passed into the kernel using the .Fa ap_pid field. See the section .Dv A_SETPMASK above and .Xr getaudit 2 for more information. .It Dv A_GETPINFO_ADDR Return the extended audit settings for a process. The .Fa data argument must point to a .Vt auditpinfo_addr_t structure which is similar to the .Vt auditpinfo_addr_t structure described above. The exception is the .Fa ap_termid (the terminal ID) field which points to a .Vt au_tid_addr_t structure can hold much a larger terminal address and an address type. The process ID of the target process is passed into the kernel using the .Fa ap_pid field. See the section .Dv A_SETPMASK above and .Xr getaudit 2 for more information. .It Dv A_GETSINFO_ADDR Return the extended audit settings for a session. The .Fa data argument must point to a .Vt auditinfo_addr_t structure. The audit session ID of the target session is passed into the kernel using the .Fa ai_asid field. See .Xr getaudit_addr 2 for more information about the .Vt auditinfo_addr_t structure. .It Dv A_GETKMASK Return the current kernel preselection masks. The .Fa data argument must point to a .Vt au_mask_t structure which will be set to the current kernel preselection masks for non-attributable events. .It Dv A_GETPOLICY Return the current audit policy setting. The .Fa data argument must point to a .Vt int value which will be set to one of the current audit policy flags. The audit policy flags are described in the .Dv A_SETPOLICY section above. .It Dv A_GETQCTRL Return the current kernel audit queue control parameters. The .Fa data argument must point to a .Vt au_qctrl_t structure which will be set to the current kernel audit queue control parameters. See the .Dv A_SETQCTL section above for more information. .It Dv A_GETFSIZE Returns the maximum size of the audit log file. The .Fa data argument must point to a .Vt au_fstat_t structure. The .Va af_filesz field will be set to the maximum audit log file size. A value of 0 indicates no limit to the size. The .Va af_currsz field will be set to the current audit log file size. .It Dv A_GETCWD .\" [COMMENTED OUT]: Valid description, not yet implemented. .\" Return the current working directory as stored in the audit subsystem. Return .Er ENOSYS . (Not implemented.) .It Dv A_GETCAR .\" [COMMENTED OUT]: Valid description, not yet implemented. .\"Stores and returns the current active root as stored in the audit .\"subsystem. Return .Er ENOSYS . (Not implemented.) .It Dv A_GETSTAT .\" [COMMENTED OUT]: Valid description, not yet implemented. .\"Return the statistics stored in the audit system. Return .Er ENOSYS . (Not implemented.) .It Dv A_GETCOND Return the current auditing condition. The .Fa data argument must point to a .Vt int value which will be set to the current audit condition, one of .Dv AUC_AUDITING , .Dv AUC_NOAUDIT or .Dv AUC_DISABLED . See the .Dv A_SETCOND section above for more information. .It Dv A_SENDTRIGGER Send a trigger to the audit daemon. The .Fa data argument must point to a .Vt int value set to one of the acceptable trigger values: .Dv AUDIT_TRIGGER_LOW_SPACE (low disk space where the audit log resides), .Dv AUDIT_TRIGGER_OPEN_NEW (open a new audit log file), .Dv AUDIT_TRIGGER_READ_FILE (read the .Pa audit_control file), .Dv AUDIT_TRIGGER_CLOSE_AND_DIE (close the current log file and exit), .Dv AUDIT_TRIGGER_NO_SPACE (no disk space left for audit log file). .Dv AUDIT_TRIGGER_ROTATE_USER (request audit log file rotation). .Dv AUDIT_TRIGGER_INITIALIZE (initialize audit subsystem for Mac OS X only). or .Dv AUDIT_TRIGGER_EXPIRE_TRAILS (request audit log file expiration). .El .Sh RETURN VALUES .Rv -std .Sh ERRORS The .Fn auditon function will fail if: .Bl -tag -width Er .It Bq Er ENOSYS Returned by options not yet implemented. .It Bq Er EFAULT A failure occurred while data transferred to or from the kernel failed. .It Bq Er EINVAL Illegal argument was passed by a system call. .It Bq Er EPERM The process does not have sufficient permission to complete the operation. .El .Pp The .Dv A_SENDTRIGGER command is specific to the .Fx and Mac OS X implementations, and is not present in Solaris. .Sh SEE ALSO .Xr audit 2 , .Xr auditctl 2 , .Xr getaudit 2 , .Xr getaudit_addr 2 , .Xr getauid 2 , .Xr setaudit 2 , .Xr setaudit_addr 2 , .Xr setauid 2 , .Xr libbsm 3 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Pp This manual page was written by .An Tom Rhodes Aq trhodes@FreeBSD.org , .An Robert Watson Aq rwatson@FreeBSD.org , and .An Wayne Salamon Aq wsalamon@FreeBSD.org . Index: head/contrib/openbsm/man/getaudit.2 =================================================================== --- head/contrib/openbsm/man/getaudit.2 (revision 292431) +++ head/contrib/openbsm/man/getaudit.2 (revision 292432) @@ -1,188 +1,186 @@ .\"- .\" Copyright (c) 2005 Robert N. M. Watson .\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#11 $ -.\" .Dd October 19, 2008 .Dt GETAUDIT 2 .Os .Sh NAME .Nm getaudit , .Nm getaudit_addr .Nd "retrieve audit session state" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn getaudit "auditinfo_t *auditinfo" .Ft int .Fn getaudit_addr "auditinfo_addr_t *auditinfo_addr" "u_int length" .Sh DESCRIPTION The .Fn getaudit system call retrieves the active audit session state for the current process via the .Vt auditinfo_t pointed to by .Fa auditinfo . The .Fn getaudit_addr system call retrieves extended state via .Fa auditinfo_addr and .Fa length . .Pp The .Fa auditinfo_t data structure is defined as follows: .Bd -literal -offset indent struct auditinfo { au_id_t ai_auid; /* Audit user ID */ au_mask_t ai_mask; /* Audit masks */ au_tid_t ai_termid; /* Terminal ID */ au_asid_t ai_asid; /* Audit session ID */ }; typedef struct auditinfo auditinfo_t; .Ed .Pp The .Fa ai_auid variable contains the audit identifier which is recorded in the audit log for each event the process caused. .Pp The .Fa au_mask_t data structure defines the bit mask for auditing successful and failed events out of the predefined list of event classes. It is defined as follows: .Bd -literal -offset indent struct au_mask { unsigned int am_success; /* success bits */ unsigned int am_failure; /* failure bits */ }; typedef struct au_mask au_mask_t; .Ed .Pp The .Fa au_termid_t data structure defines the Terminal ID recorded with every event caused by the process. It is defined as follows: .Bd -literal -offset indent struct au_tid { dev_t port; u_int32_t machine; }; typedef struct au_tid au_tid_t; .Ed .Pp The .Fa ai_asid variable contains the audit session ID which is recorded with every event caused by the process. .Pp The .Fn getaudit_addr system call uses the expanded .Fa auditinfo_addr_t data structure and supports Terminal IDs with larger addresses such as those used in IP version 6. It is defined as follows: .Bd -literal -offset indent struct auditinfo_addr { au_id_t ai_auid; /* Audit user ID. */ au_mask_t ai_mask; /* Audit masks. */ au_tid_addr_t ai_termid; /* Terminal ID. */ au_asid_t ai_asid; /* Audit session ID. */ }; typedef struct auditinfo_addr auditinfo_addr_t; .Ed .Pp The .Fa au_tid_addr_t data structure which includes a larger address storage field and an additional field with the type of address stored: .Bd -literal -offset indent struct au_tid_addr { dev_t at_port; u_int32_t at_type; u_int32_t at_addr[4]; }; typedef struct au_tid_addr au_tid_addr_t; .Ed .Pp These system calls require an appropriate privilege to complete. .Sh RETURN VALUES .Rv -std getaudit getaudit_addr .Sh ERRORS The .Fn getaudit function will fail if: .Bl -tag -width Er .It Bq Er EFAULT A failure occurred while data transferred to or from the kernel failed. .It Bq Er EINVAL Illegal argument was passed by a system call. .It Bq Er EPERM The process does not have sufficient permission to complete the operation. .It Bq Er EOVERFLOW The .Fa length argument indicates an overflow condition will occur. .It Bq Er E2BIG The address is too big and, therefore, .Fn getaudit_addr should be used instead. .El .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , .Xr getauid 2 , .Xr setaudit 2 , .Xr setauid 2 , .Xr libbsm 3 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Pp This manual page was written by .An Robert Watson Aq rwatson@FreeBSD.org . Index: head/contrib/openbsm/man/getauid.2 =================================================================== --- head/contrib/openbsm/man/getauid.2 (revision 292431) +++ head/contrib/openbsm/man/getauid.2 (revision 292432) @@ -1,90 +1,88 @@ .\"- .\" Copyright (c) 2005 Robert N. M. Watson .\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#9 $ -.\" .Dd April 19, 2005 .Dt GETAUID 2 .Os .Sh NAME .Nm getauid .Nd "retrieve audit session ID" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn getauid "au_id_t *auid" .Sh DESCRIPTION The .Fn getauid system call retrieves the active audit session ID for the current process via the .Vt au_id_t pointed to by .Fa auid . .Pp This system call requires an appropriate privilege to complete. .Sh RETURN VALUES .Rv -std .Sh ERRORS The .Fn getauid function will fail if: .Bl -tag -width Er .It Bq Er EFAULT A failure occurred while data transferred from the kernel failed. .It Bq Er EPERM The process does not have sufficient permission to complete the operation. .El .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , .Xr getaudit 2 , .Xr getaudit_addr 2 , .Xr setaudit 2 , .Xr setaudit_addr 2 , .Xr setauid 2 , .Xr libbsm 3 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Pp This manual page was written by .An Robert Watson Aq rwatson@FreeBSD.org . Index: head/contrib/openbsm/man/setaudit.2 =================================================================== --- head/contrib/openbsm/man/setaudit.2 (revision 292431) +++ head/contrib/openbsm/man/setaudit.2 (revision 292432) @@ -1,174 +1,172 @@ .\"- .\" Copyright (c) 2005 Robert N. M. Watson .\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#12 $ -.\" .Dd April 19, 2005 .Dt SETAUDIT 2 .Os .Sh NAME .Nm setaudit , .Nm setaudit_addr .Nd "set audit session state" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn setaudit "auditinfo_t *auditinfo" .Ft int .Fn setaudit_addr "auditinfo_addr_t *auditinfo_addr" "u_int length" .Sh DESCRIPTION The .Fn setaudit system call sets the active audit session state for the current process via the .Vt auditinfo_t pointed to by .Fa auditinfo . The .Fn setaudit_addr system call sets extended state via .Fa auditinfo_addr and .Fa length . .Pp The .Fa auditinfo_t data structure is defined as follows: .Bd -literal -offset 4n struct auditinfo { au_id_t ai_auid; /* Audit user ID */ au_mask_t ai_mask; /* Audit masks */ au_tid_t ai_termid; /* Terminal ID */ au_asid_t ai_asid; /* Audit session ID */ }; typedef struct auditinfo auditinfo_t; .Ed .Pp The .Fa ai_auid variable contains the audit identifier which is recorded in the audit log for each event the process caused. .Pp The .Fa au_mask_t data structure defines the bit mask for auditing successful and failed events out of the predefined list of event classes. It is defined as follows: .Bd -literal -offset 4n struct au_mask { unsigned int am_success; /* success bits */ unsigned int am_failure; /* failure bits */ }; typedef struct au_mask au_mask_t; .Ed .Pp The .Fa au_termid_t data structure defines the Terminal ID recorded with every event caused by the process. It is defined as follows: .Bd -literal -offset 4n struct au_tid { dev_t port; u_int32_t machine; }; typedef struct au_tid au_tid_t; .Ed .Pp The .Fa ai_asid variable contains the audit session ID which is recorded with every event caused by the process. .Pp The .Fn setaudit_addr system call uses the expanded .Fa auditinfo_addr_t data structure supports Terminal IDs with larger addresses such as those used in IP version 6. It is defined as follows: .Bd -literal -offset 4n struct auditinfo_addr { au_id_t ai_auid; /* Audit user ID. */ au_mask_t ai_mask; /* Audit masks. */ au_tid_addr_t ai_termid; /* Terminal ID. */ au_asid_t ai_asid; /* Audit session ID. */ }; typedef struct auditinfo_addr auditinfo_addr_t; .Ed .Pp The .Fa au_tid_addr_t data structure which includes a larger address storage field and an additional field with the type of address stored: .Bd -literal -offset 4n struct au_tid_addr { dev_t at_port; u_int32_t at_type; u_int32_t at_addr[4]; }; typedef struct au_tid_addr au_tid_addr_t; .Ed .Pp These system calls require an appropriate privilege to complete. .Sh RETURN VALUES .Rv -std setaudit setaudit_addr .Sh ERRORS .Bl -tag -width Er .It Bq Er EFAULT A failure occurred while data transferred to or from the kernel failed. .It Bq Er EINVAL Illegal argument was passed by a system call. .It Bq Er EPERM The process does not have sufficient permission to complete the operation. .El .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , .Xr getaudit 2 , .Xr getauid 2 , .Xr setauid 2 , .Xr libbsm 3 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Pp This manual page was written by .An Robert Watson Aq rwatson@FreeBSD.org . Index: head/contrib/openbsm/man/setauid.2 =================================================================== --- head/contrib/openbsm/man/setauid.2 (revision 292431) +++ head/contrib/openbsm/man/setauid.2 (revision 292432) @@ -1,90 +1,88 @@ .\"- .\" Copyright (c) 2005 Robert N. M. Watson .\" Copyright (c) 2008 Apple Inc. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#9 $ -.\" .Dd April 19, 2005 .Dt SETAUID 2 .Os .Sh NAME .Nm setauid .Nd "set audit session ID" .Sh SYNOPSIS .In bsm/audit.h .Ft int .Fn setauid "au_id_t *auid" .Sh DESCRIPTION The .Fn setauid system call sets the active audit session ID for the current process from the .Vt au_id_t pointed to by .Fa auid . .Pp This system call requires an appropriate privilege to complete. .Sh RETURN VALUES .Rv -std .Sh ERRORS The .Fn setauid function will fail if: .Bl -tag -width Er .It Bq Er EFAULT A failure occurred while data transferred to the kernel failed. .It Bq Er EPERM The process does not have sufficient permission to complete the operation. .El .Sh SEE ALSO .Xr audit 2 , .Xr auditon 2 , .Xr getaudit 2 , .Xr getaudit_addr 2 , .Xr getauid 2 , .Xr setaudit 2 , .Xr setaudit_addr 2 , .Xr libbsm 3 .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS .An -nosplit This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Additional authors include .An Wayne Salamon , .An Robert Watson , and SPARTA Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Pp This manual page was written by .An Robert Watson Aq rwatson@FreeBSD.org . Index: head/contrib/openbsm/modules/Makefile.am =================================================================== --- head/contrib/openbsm/modules/Makefile.am (revision 292431) +++ head/contrib/openbsm/modules/Makefile.am (revision 292432) @@ -1,7 +1,3 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/modules/Makefile.am#2 $ -## - SUBDIRS = \ auditfilter_noop Index: head/contrib/openbsm/modules/auditfilter_noop/Makefile.am =================================================================== --- head/contrib/openbsm/modules/auditfilter_noop/Makefile.am (revision 292431) +++ head/contrib/openbsm/modules/auditfilter_noop/Makefile.am (revision 292432) @@ -1,14 +1,10 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/Makefile.am#4 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif lib_LTLIBRARIES = auditfilter_noop.la auditfilter_noop_la_SOURCE = auditfilter_noop.c auditfilter_noop_la_LDFLAGS = -module Index: head/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c =================================================================== --- head/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c (revision 292431) +++ head/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c (revision 292432) @@ -1,79 +1,77 @@ /*- * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/auditfilter_noop.c#6 $ */ /* * Sample audit filter: no-op which sinks audit records in both BSM and * parsed formats, but does nothing with them. */ #include #include #include #ifndef __unused #define __unused #endif int AUDIT_FILTER_ATTACH(void *instance __unused, int argc __unused, char *argv[] __unused) { return (0); } int AUDIT_FILTER_REINIT(void *instance __unused, int argc __unused, char *argv[] __unused) { return (0); } void AUDIT_FILTER_RECORD(void *instance __unused, struct timespec *ts __unused, int token_count __unused, const tokenstr_t *tok[] __unused) { } void AUDIT_FILTER_RAWRECORD(void *instance __unused, struct timespec *ts __unused, u_char *data __unused, u_int len __unused) { } void AUDIT_FILTER_DETACH(void *instance __unused) { } Index: head/contrib/openbsm/sys/Makefile.am =================================================================== --- head/contrib/openbsm/sys/Makefile.am (revision 292431) +++ head/contrib/openbsm/sys/Makefile.am (revision 292432) @@ -1,7 +1,3 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/sys/Makefile.am#2 $ -## - SUBDIRS = \ bsm Index: head/contrib/openbsm/sys/bsm/Makefile.am =================================================================== --- head/contrib/openbsm/sys/bsm/Makefile.am (revision 292431) +++ head/contrib/openbsm/sys/bsm/Makefile.am (revision 292432) @@ -1,18 +1,13 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#5 $ -## - - if ! USE_NATIVE_INCLUDES openbsmdir = $(includedir)/bsm openbsm_HEADERS = \ audit.h \ audit_domain.h \ audit_errno.h \ audit_fcntl.h \ audit_internal.h \ audit_kevents.h \ audit_record.h \ audit_socket_type.h endif Index: head/contrib/openbsm/sys/bsm/audit.h =================================================================== --- head/contrib/openbsm/sys/bsm/audit.h (revision 292431) +++ head/contrib/openbsm/sys/bsm/audit.h (revision 292432) @@ -1,327 +1,325 @@ /*- * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#10 $ */ #ifndef _BSM_AUDIT_H #define _BSM_AUDIT_H #include #include #define AUDIT_RECORD_MAGIC 0x828a0f1b #define MAX_AUDIT_RECORDS 20 #define MAXAUDITDATA (0x8000 - 1) #define MAX_AUDIT_RECORD_SIZE MAXAUDITDATA #define MIN_AUDIT_FILE_SIZE (512 * 1024) /* * Minimum noumber of free blocks on the filesystem containing the audit * log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0 * as the kernel does an unsigned compare, plus we want to leave a few blocks * free so userspace can terminate the log, etc. */ #define AUDIT_HARD_LIMIT_FREE_BLOCKS 4 /* * Triggers for the audit daemon. */ #define AUDIT_TRIGGER_MIN 1 #define AUDIT_TRIGGER_LOW_SPACE 1 /* Below low watermark. */ #define AUDIT_TRIGGER_ROTATE_KERNEL 2 /* Kernel requests rotate. */ #define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */ #define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */ #define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */ #define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests rotate. */ #define AUDIT_TRIGGER_INITIALIZE 7 /* User initialize of auditd. */ #define AUDIT_TRIGGER_EXPIRE_TRAILS 8 /* User expiration of trails. */ #define AUDIT_TRIGGER_MAX 8 /* * The special device filename (FreeBSD). */ #define AUDITDEV_FILENAME "audit" #define AUDIT_TRIGGER_FILE ("/dev/" AUDITDEV_FILENAME) /* * Pre-defined audit IDs */ #define AU_DEFAUDITID (uid_t)(-1) #define AU_DEFAUDITSID 0 #define AU_ASSIGN_ASID -1 /* * IPC types. */ #define AT_IPC_MSG ((u_char)1) /* Message IPC id. */ #define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */ #define AT_IPC_SHM ((u_char)3) /* Shared mem IPC id. */ /* * Audit conditions. */ #define AUC_UNSET 0 #define AUC_AUDITING 1 #define AUC_NOAUDIT 2 #define AUC_DISABLED -1 /* * auditon(2) commands. */ #define A_OLDGETPOLICY 2 #define A_OLDSETPOLICY 3 #define A_GETKMASK 4 #define A_SETKMASK 5 #define A_OLDGETQCTRL 6 #define A_OLDSETQCTRL 7 #define A_GETCWD 8 #define A_GETCAR 9 #define A_GETSTAT 12 #define A_SETSTAT 13 #define A_SETUMASK 14 #define A_SETSMASK 15 #define A_OLDGETCOND 20 #define A_OLDSETCOND 21 #define A_GETCLASS 22 #define A_SETCLASS 23 #define A_GETPINFO 24 #define A_SETPMASK 25 #define A_SETFSIZE 26 #define A_GETFSIZE 27 #define A_GETPINFO_ADDR 28 #define A_GETKAUDIT 29 #define A_SETKAUDIT 30 #define A_SENDTRIGGER 31 #define A_GETSINFO_ADDR 32 #define A_GETPOLICY 33 #define A_SETPOLICY 34 #define A_GETQCTRL 35 #define A_SETQCTRL 36 #define A_GETCOND 37 #define A_SETCOND 38 /* * Audit policy controls. */ #define AUDIT_CNT 0x0001 #define AUDIT_AHLT 0x0002 #define AUDIT_ARGV 0x0004 #define AUDIT_ARGE 0x0008 #define AUDIT_SEQ 0x0010 #define AUDIT_WINDATA 0x0020 #define AUDIT_USER 0x0040 #define AUDIT_GROUP 0x0080 #define AUDIT_TRAIL 0x0100 #define AUDIT_PATH 0x0200 #define AUDIT_SCNT 0x0400 #define AUDIT_PUBLIC 0x0800 #define AUDIT_ZONENAME 0x1000 #define AUDIT_PERZONE 0x2000 /* * Default audit queue control parameters. */ #define AQ_HIWATER 100 #define AQ_MAXHIGH 10000 #define AQ_LOWATER 10 #define AQ_BUFSZ MAXAUDITDATA #define AQ_MAXBUFSZ 1048576 /* * Default minimum percentage free space on file system. */ #define AU_FS_MINFREE 20 /* * Type definitions used indicating the length of variable length addresses * in tokens containing addresses, such as header fields. */ #define AU_IPv4 4 #define AU_IPv6 16 __BEGIN_DECLS typedef uid_t au_id_t; typedef pid_t au_asid_t; typedef u_int16_t au_event_t; typedef u_int16_t au_emod_t; typedef u_int32_t au_class_t; typedef u_int64_t au_asflgs_t __attribute__ ((aligned (8))); struct au_tid { dev_t port; u_int32_t machine; }; typedef struct au_tid au_tid_t; struct au_tid_addr { dev_t at_port; u_int32_t at_type; u_int32_t at_addr[4]; }; typedef struct au_tid_addr au_tid_addr_t; struct au_mask { unsigned int am_success; /* Success bits. */ unsigned int am_failure; /* Failure bits. */ }; typedef struct au_mask au_mask_t; struct auditinfo { au_id_t ai_auid; /* Audit user ID. */ au_mask_t ai_mask; /* Audit masks. */ au_tid_t ai_termid; /* Terminal ID. */ au_asid_t ai_asid; /* Audit session ID. */ }; typedef struct auditinfo auditinfo_t; struct auditinfo_addr { au_id_t ai_auid; /* Audit user ID. */ au_mask_t ai_mask; /* Audit masks. */ au_tid_addr_t ai_termid; /* Terminal ID. */ au_asid_t ai_asid; /* Audit session ID. */ au_asflgs_t ai_flags; /* Audit session flags. */ }; typedef struct auditinfo_addr auditinfo_addr_t; struct auditpinfo { pid_t ap_pid; /* ID of target process. */ au_id_t ap_auid; /* Audit user ID. */ au_mask_t ap_mask; /* Audit masks. */ au_tid_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ }; typedef struct auditpinfo auditpinfo_t; struct auditpinfo_addr { pid_t ap_pid; /* ID of target process. */ au_id_t ap_auid; /* Audit user ID. */ au_mask_t ap_mask; /* Audit masks. */ au_tid_addr_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ au_asflgs_t ap_flags; /* Audit session flags. */ }; typedef struct auditpinfo_addr auditpinfo_addr_t; struct au_session { auditinfo_addr_t *as_aia_p; /* Ptr to full audit info. */ au_mask_t as_mask; /* Process Audit Masks. */ }; typedef struct au_session au_session_t; /* * Contents of token_t are opaque outside of libbsm. */ typedef struct au_token token_t; /* * Kernel audit queue control parameters: * Default: Maximum: * aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000) * aq_lowater: AQ_LOWATER (10) mach_port_name_t audit_session_self(void); au_asid_t audit_session_join(mach_port_name_t port); #endif /* __APPLE_API_PRIVATE */ #endif /* defined(_KERNEL) || defined(KERNEL) */ __END_DECLS #endif /* !_BSM_AUDIT_H */ Index: head/contrib/openbsm/sys/bsm/audit_domain.h =================================================================== --- head/contrib/openbsm/sys/bsm/audit_domain.h (revision 292431) +++ head/contrib/openbsm/sys/bsm/audit_domain.h (revision 292432) @@ -1,114 +1,112 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_domain.h#2 $ */ #ifndef _BSM_AUDIT_DOMAIN_H_ #define _BSM_AUDIT_DOMAIN_H_ /* * BSM protocol domain constants - protocol domains defined in Solaris. */ #define BSM_PF_UNSPEC 0 #define BSM_PF_LOCAL 1 #define BSM_PF_INET 2 #define BSM_PF_IMPLINK 3 #define BSM_PF_PUP 4 #define BSM_PF_CHAOS 5 #define BSM_PF_NS 6 #define BSM_PF_NBS 7 /* Solaris-specific. */ #define BSM_PF_ECMA 8 #define BSM_PF_DATAKIT 9 #define BSM_PF_CCITT 10 #define BSM_PF_SNA 11 #define BSM_PF_DECnet 12 #define BSM_PF_DLI 13 #define BSM_PF_LAT 14 #define BSM_PF_HYLINK 15 #define BSM_PF_APPLETALK 16 #define BSM_PF_NIT 17 /* Solaris-specific. */ #define BSM_PF_802 18 /* Solaris-specific. */ #define BSM_PF_OSI 19 #define BSM_PF_X25 20 /* Solaris/Linux-specific. */ #define BSM_PF_OSINET 21 /* Solaris-specific. */ #define BSM_PF_GOSIP 22 /* Solaris-specific. */ #define BSM_PF_IPX 23 #define BSM_PF_ROUTE 24 #define BSM_PF_LINK 25 #define BSM_PF_INET6 26 #define BSM_PF_KEY 27 #define BSM_PF_NCA 28 /* Solaris-specific. */ #define BSM_PF_POLICY 29 /* Solaris-specific. */ #define BSM_PF_INET_OFFLOAD 30 /* Solaris-specific. */ /* * BSM protocol domain constants - protocol domains not defined in Solaris. */ #define BSM_PF_NETBIOS 500 /* FreeBSD/Darwin-specific. */ #define BSM_PF_ISO 501 /* FreeBSD/Darwin-specific. */ #define BSM_PF_XTP 502 /* FreeBSD/Darwin-specific. */ #define BSM_PF_COIP 503 /* FreeBSD/Darwin-specific. */ #define BSM_PF_CNT 504 /* FreeBSD/Darwin-specific. */ #define BSM_PF_RTIP 505 /* FreeBSD/Darwin-specific. */ #define BSM_PF_SIP 506 /* FreeBSD/Darwin-specific. */ #define BSM_PF_PIP 507 /* FreeBSD/Darwin-specific. */ #define BSM_PF_ISDN 508 /* FreeBSD/Darwin-specific. */ #define BSM_PF_E164 509 /* FreeBSD/Darwin-specific. */ #define BSM_PF_NATM 510 /* FreeBSD/Darwin-specific. */ #define BSM_PF_ATM 511 /* FreeBSD/Darwin-specific. */ #define BSM_PF_NETGRAPH 512 /* FreeBSD/Darwin-specific. */ #define BSM_PF_SLOW 513 /* FreeBSD-specific. */ #define BSM_PF_SCLUSTER 514 /* FreeBSD-specific. */ #define BSM_PF_ARP 515 /* FreeBSD-specific. */ #define BSM_PF_BLUETOOTH 516 /* FreeBSD-specific. */ /* 517: unallocated. */ #define BSM_PF_AX25 518 /* Linux-specific. */ #define BSM_PF_ROSE 519 /* Linux-specific. */ #define BSM_PF_NETBEUI 520 /* Linux-specific. */ #define BSM_PF_SECURITY 521 /* Linux-specific. */ #define BSM_PF_PACKET 522 /* Linux-specific. */ #define BSM_PF_ASH 523 /* Linux-specific. */ #define BSM_PF_ECONET 524 /* Linux-specific. */ #define BSM_PF_ATMSVC 525 /* Linux-specific. */ #define BSM_PF_IRDA 526 /* Linux-specific. */ #define BSM_PF_PPPOX 527 /* Linux-specific. */ #define BSM_PF_WANPIPE 528 /* Linux-specific. */ #define BSM_PF_LLC 529 /* Linux-specific. */ #define BSM_PF_CAN 530 /* Linux-specific. */ #define BSM_PF_TIPC 531 /* Linux-specific. */ #define BSM_PF_IUCV 532 /* Linux-specific. */ #define BSM_PF_RXRPC 533 /* Linux-specific. */ #define BSM_PF_PHONET 534 /* Linux-specific. */ /* * Used when there is no mapping from a local to BSM protocol domain. */ #define BSM_PF_UNKNOWN 700 /* OpenBSM-specific. */ #endif /* !_BSM_AUDIT_DOMAIN_H_ */ Index: head/contrib/openbsm/sys/bsm/audit_errno.h =================================================================== --- head/contrib/openbsm/sys/bsm/audit_errno.h (revision 292431) +++ head/contrib/openbsm/sys/bsm/audit_errno.h (revision 292432) @@ -1,216 +1,214 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#7 $ */ #ifndef _BSM_AUDIT_ERRNO_H_ #define _BSM_AUDIT_ERRNO_H_ /* * For the purposes of portable encoding, we convert between local error * numbers and Solaris error numbers (as well as some extensions for error * numbers that don't exist in Solaris). Although the first 35 or so * constants are the same across all OS's, we don't handle that in any * special way. * * When adding constants here, also add them to bsm_errno.c. */ #define BSM_ERRNO_ESUCCESS 0 #define BSM_ERRNO_EPERM 1 #define BSM_ERRNO_ENOENT 2 #define BSM_ERRNO_ESRCH 3 #define BSM_ERRNO_EINTR 4 #define BSM_ERRNO_EIO 5 #define BSM_ERRNO_ENXIO 6 #define BSM_ERRNO_E2BIG 7 #define BSM_ERRNO_ENOEXEC 8 #define BSM_ERRNO_EBADF 9 #define BSM_ERRNO_ECHILD 10 #define BSM_ERRNO_EAGAIN 11 #define BSM_ERRNO_ENOMEM 12 #define BSM_ERRNO_EACCES 13 #define BSM_ERRNO_EFAULT 14 #define BSM_ERRNO_ENOTBLK 15 #define BSM_ERRNO_EBUSY 16 #define BSM_ERRNO_EEXIST 17 #define BSM_ERRNO_EXDEV 18 #define BSM_ERRNO_ENODEV 19 #define BSM_ERRNO_ENOTDIR 20 #define BSM_ERRNO_EISDIR 21 #define BSM_ERRNO_EINVAL 22 #define BSM_ERRNO_ENFILE 23 #define BSM_ERRNO_EMFILE 24 #define BSM_ERRNO_ENOTTY 25 #define BSM_ERRNO_ETXTBSY 26 #define BSM_ERRNO_EFBIG 27 #define BSM_ERRNO_ENOSPC 28 #define BSM_ERRNO_ESPIPE 29 #define BSM_ERRNO_EROFS 30 #define BSM_ERRNO_EMLINK 31 #define BSM_ERRNO_EPIPE 32 #define BSM_ERRNO_EDOM 33 #define BSM_ERRNO_ERANGE 34 #define BSM_ERRNO_ENOMSG 35 #define BSM_ERRNO_EIDRM 36 #define BSM_ERRNO_ECHRNG 37 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EL2NSYNC 38 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EL3HLT 39 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EL3RST 40 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELNRNG 41 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EUNATCH 42 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOCSI 43 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EL2HLT 44 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EDEADLK 45 #define BSM_ERRNO_ENOLCK 46 #define BSM_ERRNO_ECANCELED 47 #define BSM_ERRNO_ENOTSUP 48 #define BSM_ERRNO_EDQUOT 49 #define BSM_ERRNO_EBADE 50 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EBADR 51 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EXFULL 52 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOANO 53 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EBADRQC 54 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EBADSLT 55 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EDEADLOCK 56 /* Solaris-specific. */ #define BSM_ERRNO_EBFONT 57 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EOWNERDEAD 58 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOTRECOVERABLE 59 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOSTR 60 /* Solaris/Darwin/Linux-specific. */ #define BSM_ERRNO_ENODATA 61 /* Solaris/Darwin/Linux-specific. */ #define BSM_ERRNO_ETIME 62 /* Solaris/Darwin/Linux-specific. */ #define BSM_ERRNO_ENOSR 63 /* Solaris/Darwin/Linux-specific. */ #define BSM_ERRNO_ENONET 64 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOPKG 65 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EREMOTE 66 #define BSM_ERRNO_ENOLINK 67 #define BSM_ERRNO_EADV 68 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ESRMNT 69 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ECOMM 70 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EPROTO 71 #define BSM_ERRNO_ELOCKUNMAPPED 72 /* Solaris-specific. */ #define BSM_ERRNO_ENOTACTIVE 73 /* Solaris-specific. */ #define BSM_ERRNO_EMULTIHOP 74 #define BSM_ERRNO_EBADMSG 77 #define BSM_ERRNO_ENAMETOOLONG 78 #define BSM_ERRNO_EOVERFLOW 79 #define BSM_ERRNO_ENOTUNIQ 80 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EBADFD 81 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EREMCHG 82 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELIBACC 83 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELIBBAD 84 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELIBSCN 85 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELIBMAX 86 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELIBEXEC 87 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EILSEQ 88 #define BSM_ERRNO_ENOSYS 89 #define BSM_ERRNO_ELOOP 90 #define BSM_ERRNO_ERESTART 91 #define BSM_ERRNO_ESTRPIPE 92 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOTEMPTY 93 #define BSM_ERRNO_EUSERS 94 #define BSM_ERRNO_ENOTSOCK 95 #define BSM_ERRNO_EDESTADDRREQ 96 #define BSM_ERRNO_EMSGSIZE 97 #define BSM_ERRNO_EPROTOTYPE 98 #define BSM_ERRNO_ENOPROTOOPT 99 #define BSM_ERRNO_EPROTONOSUPPORT 120 #define BSM_ERRNO_ESOCKTNOSUPPORT 121 #define BSM_ERRNO_EOPNOTSUPP 122 #define BSM_ERRNO_EPFNOSUPPORT 123 #define BSM_ERRNO_EAFNOSUPPORT 124 #define BSM_ERRNO_EADDRINUSE 125 #define BSM_ERRNO_EADDRNOTAVAIL 126 #define BSM_ERRNO_ENETDOWN 127 #define BSM_ERRNO_ENETUNREACH 128 #define BSM_ERRNO_ENETRESET 129 #define BSM_ERRNO_ECONNABORTED 130 #define BSM_ERRNO_ECONNRESET 131 #define BSM_ERRNO_ENOBUFS 132 #define BSM_ERRNO_EISCONN 133 #define BSM_ERRNO_ENOTCONN 134 #define BSM_ERRNO_ESHUTDOWN 143 #define BSM_ERRNO_ETOOMANYREFS 144 #define BSM_ERRNO_ETIMEDOUT 145 #define BSM_ERRNO_ECONNREFUSED 146 #define BSM_ERRNO_EHOSTDOWN 147 #define BSM_ERRNO_EHOSTUNREACH 148 #define BSM_ERRNO_EALREADY 149 #define BSM_ERRNO_EINPROGRESS 150 #define BSM_ERRNO_ESTALE 151 /* * OpenBSM constants for error numbers not defined in Solaris. In the event * that these errors are added to Solaris, we will deprecate the OpenBSM * numbers in the same way we do for audit event constants. * * ELAST doesn't get a constant in the BSM space. */ #define BSM_ERRNO_EPROCLIM 190 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EBADRPC 191 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_ERPCMISMATCH 192 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EPROGUNAVAIL 193 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EPROGMISMATCH 194 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EPROCUNAVAIL 195 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EFTYPE 196 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EAUTH 197 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_ENEEDAUTH 198 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_ENOATTR 199 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EDOOFUS 200 /* FreeBSD-specific. */ #define BSM_ERRNO_EJUSTRETURN 201 /* FreeBSD-specific. */ #define BSM_ERRNO_ENOIOCTL 202 /* FreeBSD-specific. */ #define BSM_ERRNO_EDIRIOCTL 203 /* FreeBSD-specific. */ #define BSM_ERRNO_EPWROFF 204 /* Darwin-specific. */ #define BSM_ERRNO_EDEVERR 205 /* Darwin-specific. */ #define BSM_ERRNO_EBADEXEC 206 /* Darwin-specific. */ #define BSM_ERRNO_EBADARCH 207 /* Darwin-specific. */ #define BSM_ERRNO_ESHLIBVERS 208 /* Darwin-specific. */ #define BSM_ERRNO_EBADMACHO 209 /* Darwin-specific. */ #define BSM_ERRNO_EPOLICY 210 /* Darwin-specific. */ #define BSM_ERRNO_EDOTDOT 211 /* Linux-specific. */ #define BSM_ERRNO_EUCLEAN 212 /* Linux-specific. */ #define BSM_ERRNO_ENOTNAM 213 /* Linux(Xenix?)-specific. */ #define BSM_ERRNO_ENAVAIL 214 /* Linux(Xenix?)-specific. */ #define BSM_ERRNO_EISNAM 215 /* Linux(Xenix?)-specific. */ #define BSM_ERRNO_EREMOTEIO 216 /* Linux-specific. */ #define BSM_ERRNO_ENOMEDIUM 217 /* Linux-specific. */ #define BSM_ERRNO_EMEDIUMTYPE 218 /* Linux-specific. */ #define BSM_ERRNO_ENOKEY 219 /* Linux-specific. */ #define BSM_ERRNO_EKEYEXPIRED 220 /* Linux-specific. */ #define BSM_ERRNO_EKEYREVOKED 221 /* Linux-specific. */ #define BSM_ERRNO_EKEYREJECTED 222 /* Linux-specific. */ #define BSM_ERRNO_ENOTCAPABLE 223 /* FreeBSD-specific. */ #define BSM_ERRNO_ECAPMODE 224 /* FreeBSD-specific. */ /* * In the event that OpenBSM doesn't have a file representation of a local * error number, use this. */ #define BSM_ERRNO_UNKNOWN 250 /* OpenBSM-specific. */ #endif /* !_BSM_AUDIT_ERRNO_H_ */ Index: head/contrib/openbsm/sys/bsm/audit_fcntl.h =================================================================== --- head/contrib/openbsm/sys/bsm/audit_fcntl.h (revision 292431) +++ head/contrib/openbsm/sys/bsm/audit_fcntl.h (revision 292432) @@ -1,140 +1,138 @@ /*- * Copyright (c) 2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_fcntl.h#2 $ */ #ifndef _BSM_AUDIT_FCNTL_H_ #define _BSM_AUDIT_FCNTL_H_ /* * Shared and Solaris-specific: (0-99). */ #define BSM_F_DUPFD 0 #define BSM_F_GETFD 1 #define BSM_F_SETFD 2 #define BSM_F_GETFL 3 #define BSM_F_SETFL 4 #define BSM_F_O_GETLK 5 /* Solaris-specific. */ #define BSM_F_SETLK 6 #define BSM_F_SETLKW 7 #define BSM_F_CHKFL 8 /* Solaris-specific. */ #define BSM_F_DUP2FD 9 /* FreeBSD/Solaris-specific. */ #define BSM_F_ALLOCSP 10 /* Solaris-specific. */ #define BSM_F_FREESP 11 /* Solaris-specific. */ #define BSM_F_ISSTREAM 13 /* Solaris-specific. */ #define BSM_F_GETLK 14 #define BSM_F_PRIV 15 /* Solaris-specific. */ #define BSM_F_NPRIV 16 /* Solaris-specific. */ #define BSM_F_QUOTACTL 17 /* Solaris-specific. */ #define BSM_F_BLOCKS 18 /* Solaris-specific. */ #define BSM_F_BLKSIZE 19 /* Solaris-specific. */ #define BSM_F_GETOWN 23 #define BSM_F_SETOWN 24 #define BSM_F_REVOKE 25 /* Solaris-specific. */ #define BSM_F_HASREMOTELOCKS 26 /* Solaris-specific. */ #define BSM_F_FREESP64 27 /* Solaris-specific. */ #define BSM_F_ALLOCSP64 28 /* Solaris-specific. */ #define BSM_F_GETLK64 33 /* Solaris-specific. */ #define BSM_F_SETLK64 34 /* Solaris-specific. */ #define BSM_F_SETLKW64 35 /* Solaris-specific. */ #define BSM_F_SHARE 40 /* Solaris-specific. */ #define BSM_F_UNSHARE 41 /* Solaris-specific. */ #define BSM_F_SETLK_NBMAND 42 /* Solaris-specific. */ #define BSM_F_SHARE_NBMAND 43 /* Solaris-specific. */ #define BSM_F_SETLK64_NBMAND 44 /* Solaris-specific. */ #define BSM_F_GETXFL 45 /* Solaris-specific. */ #define BSM_F_BADFD 46 /* Solaris-specific. */ /* * FreeBSD-specific (100-199). */ #define BSM_F_OGETLK 107 /* FreeBSD-specific. */ #define BSM_F_OSETLK 108 /* FreeBSD-specific. */ #define BSM_F_OSETLKW 109 /* FreeBSD-specific. */ #define BSM_F_SETLK_REMOTE 114 /* FreeBSD-specific. */ /* * Linux-specific (200-299). */ #define BSM_F_SETSIG 210 /* Linux-specific. */ #define BSM_F_GETSIG 211 /* Linux-specific. */ /* * Darwin-specific (300-399). */ #define BSM_F_CHKCLEAN 341 /* Darwin-specific. */ #define BSM_F_PREALLOCATE 342 /* Darwin-specific. */ #define BSM_F_SETSIZE 343 /* Darwin-specific. */ #define BSM_F_RDADVISE 344 /* Darwin-specific. */ #define BSM_F_RDAHEAD 345 /* Darwin-specific. */ #define BSM_F_READBOOTSTRAP 346 /* Darwin-specific. */ #define BSM_F_WRITEBOOTSTRAP 347 /* Darwin-specific. */ #define BSM_F_NOCACHE 348 /* Darwin-specific. */ #define BSM_F_LOG2PHYS 349 /* Darwin-specific. */ #define BSM_F_GETPATH 350 /* Darwin-specific. */ #define BSM_F_FULLFSYNC 351 /* Darwin-specific. */ #define BSM_F_PATHPKG_CHECK 352 /* Darwin-specific. */ #define BSM_F_FREEZE_FS 353 /* Darwin-specific. */ #define BSM_F_THAW_FS 354 /* Darwin-specific. */ #define BSM_F_GLOBAL_NOCACHE 355 /* Darwin-specific. */ #define BSM_F_OPENFROM 356 /* Darwin-specific. */ #define BSM_F_UNLINKFROM 357 /* Darwin-specific. */ #define BSM_F_CHECK_OPENEVT 358 /* Darwin-specific. */ #define BSM_F_ADDSIGS 359 /* Darwin-specific. */ #define BSM_F_MARKDEPENDENCY 360 /* Darwin-specific. */ /* * Darwin file system specific (400-499). */ #define BSM_F_FS_SPECIFIC_0 400 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_1 401 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_2 402 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_3 403 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_4 404 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_5 405 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_6 406 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_7 407 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_8 408 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_9 409 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_10 410 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_11 411 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_12 412 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_13 413 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_14 414 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_15 415 /* Darwin-fs-specific. */ #define BSM_F_UNKNOWN 0xFFFF #endif /* !_BSM_AUDIT_FCNTL_H_ */ Index: head/contrib/openbsm/sys/bsm/audit_internal.h =================================================================== --- head/contrib/openbsm/sys/bsm/audit_internal.h (revision 292431) +++ head/contrib/openbsm/sys/bsm/audit_internal.h (revision 292432) @@ -1,117 +1,115 @@ /*- * Copyright (c) 2005-2008 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * * This code was developed in part by Robert N. M. Watson, Senior Principal * Scientist, SPARTA, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#6 $ */ #ifndef _AUDIT_INTERNAL_H #define _AUDIT_INTERNAL_H #if defined(__linux__) && !defined(__unused) #define __unused #endif /* * audit_internal.h contains private interfaces that are shared by user space * and the kernel for the purposes of assembling audit records. Applications * should not include this file or use the APIs found within, or it may be * broken with future releases of OpenBSM, which may delete, modify, or * otherwise break these interfaces or the assumptions they rely on. */ struct au_token { u_char *t_data; size_t len; TAILQ_ENTRY(au_token) tokens; }; struct au_record { char used; /* Record currently in use? */ int desc; /* Descriptor for record. */ TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ u_char *data; size_t len; LIST_ENTRY(au_record) au_rec_q; }; typedef struct au_record au_record_t; /* * We could determined the header and trailer sizes by defining appropriate * structures. We hold off that approach until we have a consistent way of * using structures for all tokens. This is not straightforward since these * token structures may contain pointers of whose contents we do not know the * size (e.g text tokens). */ #define AUDIT_HEADER_EX_SIZE(a) ((a)->ai_termid.at_type+18+sizeof(u_int32_t)) #define AUDIT_HEADER_SIZE 18 #define MAX_AUDIT_HEADER_SIZE (5*sizeof(u_int32_t)+18) #define AUDIT_TRAILER_SIZE 7 /* * BSM token streams store fields in big endian byte order, so as to be * portable; when encoding and decoding, we must convert byte orders for * typed values. */ #define ADD_U_CHAR(loc, val) \ do { \ *(loc) = (val); \ (loc) += sizeof(u_char); \ } while(0) #define ADD_U_INT16(loc, val) \ do { \ be16enc((loc), (val)); \ (loc) += sizeof(u_int16_t); \ } while(0) #define ADD_U_INT32(loc, val) \ do { \ be32enc((loc), (val)); \ (loc) += sizeof(u_int32_t); \ } while(0) #define ADD_U_INT64(loc, val) \ do { \ be64enc((loc), (val)); \ (loc) += sizeof(u_int64_t); \ } while(0) #define ADD_MEM(loc, data, size) \ do { \ memcpy((loc), (data), (size)); \ (loc) += size; \ } while(0) #define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size) #endif /* !_AUDIT_INTERNAL_H_ */ Index: head/contrib/openbsm/sys/bsm/audit_kevents.h =================================================================== --- head/contrib/openbsm/sys/bsm/audit_kevents.h (revision 292431) +++ head/contrib/openbsm/sys/bsm/audit_kevents.h (revision 292432) @@ -1,799 +1,806 @@ /*- * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#10 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ #define _BSM_AUDIT_KEVENTS_H_ /* - * The reserved event numbers for kernel events are 1...2047 and 43001..44900. + * The reserved event numbers for kernel events are 1...2047 and 43001..44999. */ -#define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \ - ((e) > 43000 && (e) < 45000)) +#define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \ + ((e) > 43000 && (e) < 45000)) /* * Values marked as AUE_NULL are not required to be audited as per CAPP. * * Some conflicts exist in the assignment of name to event number mappings * between BSM implementations. In general, we prefer the OpenSolaris * definition as we consider Solaris BSM to be authoritative. _DARWIN_ has * been inserted for the Darwin variants. If necessary, other tags will be * added in the future. */ #define AUE_NULL 0 #define AUE_EXIT 1 #define AUE_FORK 2 #define AUE_FORKALL AUE_FORK /* Solaris-specific. */ #define AUE_OPEN 3 #define AUE_CREAT 4 #define AUE_LINK 5 #define AUE_UNLINK 6 #define AUE_DELETE AUE_UNLINK /* Darwin-specific. */ #define AUE_EXEC 7 #define AUE_CHDIR 8 #define AUE_MKNOD 9 #define AUE_CHMOD 10 #define AUE_CHOWN 11 #define AUE_UMOUNT 12 #define AUE_JUNK 13 /* Solaris-specific. */ #define AUE_ACCESS 14 #define AUE_KILL 15 #define AUE_STAT 16 #define AUE_LSTAT 17 #define AUE_ACCT 18 #define AUE_MCTL 19 /* Solaris-specific. */ #define AUE_REBOOT 20 /* XXX: Darwin conflict. */ #define AUE_SYMLINK 21 #define AUE_READLINK 22 #define AUE_EXECVE 23 #define AUE_CHROOT 24 #define AUE_VFORK 25 #define AUE_SETGROUPS 26 #define AUE_SETPGRP 27 #define AUE_SWAPON 28 #define AUE_SETHOSTNAME 29 /* XXX: Darwin conflict. */ #define AUE_FCNTL 30 #define AUE_SETPRIORITY 31 /* XXX: Darwin conflict. */ #define AUE_CONNECT 32 #define AUE_ACCEPT 33 #define AUE_BIND 34 #define AUE_SETSOCKOPT 35 #define AUE_VTRACE 36 /* Solaris-specific. */ #define AUE_SETTIMEOFDAY 37 /* XXX: Darwin conflict. */ #define AUE_FCHOWN 38 #define AUE_FCHMOD 39 #define AUE_SETREUID 40 #define AUE_SETREGID 41 #define AUE_RENAME 42 #define AUE_TRUNCATE 43 /* XXX: Darwin conflict. */ #define AUE_FTRUNCATE 44 /* XXX: Darwin conflict. */ #define AUE_FLOCK 45 /* XXX: Darwin conflict. */ #define AUE_SHUTDOWN 46 #define AUE_MKDIR 47 #define AUE_RMDIR 48 #define AUE_UTIMES 49 #define AUE_ADJTIME 50 #define AUE_SETRLIMIT 51 #define AUE_KILLPG 52 #define AUE_NFS_SVC 53 /* XXX: Darwin conflict. */ #define AUE_STATFS 54 #define AUE_FSTATFS 55 #define AUE_UNMOUNT 56 /* XXX: Darwin conflict. */ #define AUE_ASYNC_DAEMON 57 #define AUE_NFS_GETFH 58 /* XXX: Darwin conflict. */ #define AUE_SETDOMAINNAME 59 #define AUE_QUOTACTL 60 /* XXX: Darwin conflict. */ #define AUE_EXPORTFS 61 #define AUE_MOUNT 62 #define AUE_SEMSYS 63 #define AUE_MSGSYS 64 #define AUE_SHMSYS 65 #define AUE_BSMSYS 66 /* Solaris-specific. */ #define AUE_RFSSYS 67 /* Solaris-specific. */ #define AUE_FCHDIR 68 #define AUE_FCHROOT 69 #define AUE_VPIXSYS 70 /* Solaris-specific. */ #define AUE_PATHCONF 71 #define AUE_OPEN_R 72 #define AUE_OPEN_RC 73 #define AUE_OPEN_RT 74 #define AUE_OPEN_RTC 75 #define AUE_OPEN_W 76 #define AUE_OPEN_WC 77 #define AUE_OPEN_WT 78 #define AUE_OPEN_WTC 79 #define AUE_OPEN_RW 80 #define AUE_OPEN_RWC 81 #define AUE_OPEN_RWT 82 #define AUE_OPEN_RWTC 83 #define AUE_MSGCTL 84 #define AUE_MSGCTL_RMID 85 #define AUE_MSGCTL_SET 86 #define AUE_MSGCTL_STAT 87 #define AUE_MSGGET 88 #define AUE_MSGRCV 89 #define AUE_MSGSND 90 #define AUE_SHMCTL 91 #define AUE_SHMCTL_RMID 92 #define AUE_SHMCTL_SET 93 #define AUE_SHMCTL_STAT 94 #define AUE_SHMGET 95 #define AUE_SHMAT 96 #define AUE_SHMDT 97 #define AUE_SEMCTL 98 #define AUE_SEMCTL_RMID 99 #define AUE_SEMCTL_SET 100 #define AUE_SEMCTL_STAT 101 #define AUE_SEMCTL_GETNCNT 102 #define AUE_SEMCTL_GETPID 103 #define AUE_SEMCTL_GETVAL 104 #define AUE_SEMCTL_GETALL 105 #define AUE_SEMCTL_GETZCNT 106 #define AUE_SEMCTL_SETVAL 107 #define AUE_SEMCTL_SETALL 108 #define AUE_SEMGET 109 #define AUE_SEMOP 110 #define AUE_CORE 111 /* Solaris-specific, currently. */ #define AUE_CLOSE 112 #define AUE_SYSTEMBOOT 113 /* Solaris-specific. */ #define AUE_ASYNC_DAEMON_EXIT 114 /* Solaris-specific. */ #define AUE_NFSSVC_EXIT 115 /* Solaris-specific. */ #define AUE_WRITEL 128 /* Solaris-specific. */ #define AUE_WRITEVL 129 /* Solaris-specific. */ #define AUE_GETAUID 130 #define AUE_SETAUID 131 #define AUE_GETAUDIT 132 #define AUE_SETAUDIT 133 #define AUE_GETUSERAUDIT 134 /* Solaris-specific. */ #define AUE_SETUSERAUDIT 135 /* Solaris-specific. */ #define AUE_AUDITSVC 136 /* Solaris-specific. */ #define AUE_AUDITUSER 137 /* Solaris-specific. */ #define AUE_AUDITON 138 #define AUE_AUDITON_GTERMID 139 /* Solaris-specific. */ #define AUE_AUDITON_STERMID 140 /* Solaris-specific. */ #define AUE_AUDITON_GPOLICY 141 #define AUE_AUDITON_SPOLICY 142 #define AUE_AUDITON_GQCTRL 145 #define AUE_AUDITON_SQCTRL 146 #define AUE_GETKERNSTATE 147 /* Solaris-specific. */ #define AUE_SETKERNSTATE 148 /* Solaris-specific. */ #define AUE_GETPORTAUDIT 149 /* Solaris-specific. */ #define AUE_AUDITSTAT 150 /* Solaris-specific. */ #define AUE_REVOKE 151 #define AUE_MAC 152 /* Solaris-specific. */ #define AUE_ENTERPROM 153 /* Solaris-specific. */ #define AUE_EXITPROM 154 /* Solaris-specific. */ #define AUE_IFLOAT 155 /* Solaris-specific. */ #define AUE_PFLOAT 156 /* Solaris-specific. */ #define AUE_UPRIV 157 /* Solaris-specific. */ #define AUE_IOCTL 158 #define AUE_SOCKET 183 #define AUE_SENDTO 184 #define AUE_PIPE 185 #define AUE_SOCKETPAIR 186 /* XXX: Darwin conflict. */ #define AUE_SEND 187 #define AUE_SENDMSG 188 #define AUE_RECV 189 #define AUE_RECVMSG 190 #define AUE_RECVFROM 191 #define AUE_READ 192 #define AUE_GETDENTS 193 #define AUE_LSEEK 194 #define AUE_WRITE 195 #define AUE_WRITEV 196 #define AUE_NFS 197 /* Solaris-specific. */ #define AUE_READV 198 #define AUE_OSTAT 199 /* Solaris-specific. */ #define AUE_SETUID 200 /* XXXRW: Solaris old setuid? */ #define AUE_STIME 201 /* XXXRW: Solaris old stime? */ #define AUE_UTIME 202 /* XXXRW: Solaris old utime? */ #define AUE_NICE 203 /* XXXRW: Solaris old nice? */ #define AUE_OSETPGRP 204 /* Solaris-specific. */ #define AUE_SETGID 205 #define AUE_READL 206 /* Solaris-specific. */ #define AUE_READVL 207 /* Solaris-specific. */ #define AUE_FSTAT 208 #define AUE_DUP2 209 #define AUE_MMAP 210 #define AUE_AUDIT 211 #define AUE_PRIOCNTLSYS 212 /* Solaris-specific. */ #define AUE_MUNMAP 213 #define AUE_SETEGID 214 #define AUE_SETEUID 215 #define AUE_PUTMSG 216 /* Solaris-specific. */ #define AUE_GETMSG 217 /* Solaris-specific. */ #define AUE_PUTPMSG 218 /* Solaris-specific. */ #define AUE_GETPMSG 219 /* Solaris-specific. */ #define AUE_AUDITSYS 220 /* Solaris-specific. */ #define AUE_AUDITON_GETKMASK 221 #define AUE_AUDITON_SETKMASK 222 #define AUE_AUDITON_GETCWD 223 #define AUE_AUDITON_GETCAR 224 #define AUE_AUDITON_GETSTAT 225 #define AUE_AUDITON_SETSTAT 226 #define AUE_AUDITON_SETUMASK 227 #define AUE_AUDITON_SETSMASK 228 #define AUE_AUDITON_GETCOND 229 #define AUE_AUDITON_SETCOND 230 #define AUE_AUDITON_GETCLASS 231 #define AUE_AUDITON_SETCLASS 232 #define AUE_FUSERS 233 /* Solaris-specific; also UTSSYS? */ #define AUE_STATVFS 234 #define AUE_XSTAT 235 /* Solaris-specific. */ #define AUE_LXSTAT 236 /* Solaris-specific. */ #define AUE_LCHOWN 237 #define AUE_MEMCNTL 238 /* Solaris-specific. */ #define AUE_SYSINFO 239 /* Solaris-specific. */ #define AUE_XMKNOD 240 /* Solaris-specific. */ #define AUE_FORK1 241 #define AUE_MODCTL 242 /* Solaris-specific. */ #define AUE_MODLOAD 243 #define AUE_MODUNLOAD 244 #define AUE_MODCONFIG 245 /* Solaris-specific. */ #define AUE_MODADDMAJ 246 /* Solaris-specific. */ #define AUE_SOCKACCEPT 247 /* Solaris-specific. */ #define AUE_SOCKCONNECT 248 /* Solaris-specific. */ #define AUE_SOCKSEND 249 /* Solaris-specific. */ #define AUE_SOCKRECEIVE 250 /* Solaris-specific. */ #define AUE_ACLSET 251 #define AUE_FACLSET 252 #define AUE_DOORFS 253 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_CALL 254 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_RETURN 255 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_CREATE 256 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_REVOKE 257 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_INFO 258 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_CRED 259 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_BIND 260 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_UNBIND 261 /* Solaris-specific. */ #define AUE_P_ONLINE 262 /* Solaris-specific. */ #define AUE_PROCESSOR_BIND 263 /* Solaris-specific. */ #define AUE_INST_SYNC 264 /* Solaris-specific. */ #define AUE_SOCKCONFIG 265 /* Solaris-specific. */ #define AUE_SETAUDIT_ADDR 266 #define AUE_GETAUDIT_ADDR 267 #define AUE_UMOUNT2 268 /* Solaris-specific. */ #define AUE_FSAT 269 /* Solaris-specific. */ #define AUE_OPENAT_R 270 #define AUE_OPENAT_RC 271 #define AUE_OPENAT_RT 272 #define AUE_OPENAT_RTC 273 #define AUE_OPENAT_W 274 #define AUE_OPENAT_WC 275 #define AUE_OPENAT_WT 276 #define AUE_OPENAT_WTC 277 #define AUE_OPENAT_RW 278 #define AUE_OPENAT_RWC 279 #define AUE_OPENAT_RWT 280 #define AUE_OPENAT_RWTC 281 #define AUE_RENAMEAT 282 #define AUE_FSTATAT 283 #define AUE_FCHOWNAT 284 #define AUE_FUTIMESAT 285 #define AUE_UNLINKAT 286 #define AUE_CLOCK_SETTIME 287 #define AUE_NTP_ADJTIME 288 #define AUE_SETPPRIV 289 /* Solaris-specific. */ #define AUE_MODDEVPLCY 290 /* Solaris-specific. */ #define AUE_MODADDPRIV 291 /* Solaris-specific. */ #define AUE_CRYPTOADM 292 /* Solaris-specific. */ #define AUE_CONFIGKSSL 293 /* Solaris-specific. */ #define AUE_BRANDSYS 294 /* Solaris-specific. */ #define AUE_PF_POLICY_ADDRULE 295 /* Solaris-specific. */ #define AUE_PF_POLICY_DELRULE 296 /* Solaris-specific. */ #define AUE_PF_POLICY_CLONE 297 /* Solaris-specific. */ #define AUE_PF_POLICY_FLIP 298 /* Solaris-specific. */ #define AUE_PF_POLICY_FLUSH 299 /* Solaris-specific. */ #define AUE_PF_POLICY_ALGS 300 /* Solaris-specific. */ #define AUE_PORTFS 301 /* Solaris-specific. */ /* * Events added for Apple Darwin that potentially collide with future Solaris * BSM events. These are assigned AUE_DARWIN prefixes, and are deprecated in * new trails. Systems generating these events should switch to the new * identifiers that avoid colliding with the Solaris identifier space. */ #define AUE_DARWIN_GETFSSTAT 301 #define AUE_DARWIN_PTRACE 302 #define AUE_DARWIN_CHFLAGS 303 #define AUE_DARWIN_FCHFLAGS 304 #define AUE_DARWIN_PROFILE 305 #define AUE_DARWIN_KTRACE 306 #define AUE_DARWIN_SETLOGIN 307 #define AUE_DARWIN_REBOOT 308 #define AUE_DARWIN_REVOKE 309 #define AUE_DARWIN_UMASK 310 #define AUE_DARWIN_MPROTECT 311 #define AUE_DARWIN_SETPRIORITY 312 #define AUE_DARWIN_SETTIMEOFDAY 313 #define AUE_DARWIN_FLOCK 314 #define AUE_DARWIN_MKFIFO 315 #define AUE_DARWIN_POLL 316 #define AUE_DARWIN_SOCKETPAIR 317 #define AUE_DARWIN_FUTIMES 318 #define AUE_DARWIN_SETSID 319 #define AUE_DARWIN_SETPRIVEXEC 320 /* Darwin-specific. */ #define AUE_DARWIN_NFSSVC 321 #define AUE_DARWIN_GETFH 322 #define AUE_DARWIN_QUOTACTL 323 #define AUE_DARWIN_ADDPROFILE 324 /* Darwin-specific. */ #define AUE_DARWIN_KDEBUGTRACE 325 /* Darwin-specific. */ #define AUE_DARWIN_KDBUGTRACE AUE_KDEBUGTRACE #define AUE_DARWIN_FSTAT 326 #define AUE_DARWIN_FPATHCONF 327 #define AUE_DARWIN_GETDIRENTRIES 328 #define AUE_DARWIN_TRUNCATE 329 #define AUE_DARWIN_FTRUNCATE 330 #define AUE_DARWIN_SYSCTL 331 #define AUE_DARWIN_MLOCK 332 #define AUE_DARWIN_MUNLOCK 333 #define AUE_DARWIN_UNDELETE 334 #define AUE_DARWIN_GETATTRLIST 335 /* Darwin-specific. */ #define AUE_DARWIN_SETATTRLIST 336 /* Darwin-specific. */ #define AUE_DARWIN_GETDIRENTRIESATTR 337 /* Darwin-specific. */ #define AUE_DARWIN_EXCHANGEDATA 338 /* Darwin-specific. */ #define AUE_DARWIN_SEARCHFS 339 /* Darwin-specific. */ #define AUE_DARWIN_MINHERIT 340 #define AUE_DARWIN_SEMCONFIG 341 #define AUE_DARWIN_SEMOPEN 342 #define AUE_DARWIN_SEMCLOSE 343 #define AUE_DARWIN_SEMUNLINK 344 #define AUE_DARWIN_SHMOPEN 345 #define AUE_DARWIN_SHMUNLINK 346 #define AUE_DARWIN_LOADSHFILE 347 /* Darwin-specific. */ #define AUE_DARWIN_RESETSHFILE 348 /* Darwin-specific. */ #define AUE_DARWIN_NEWSYSTEMSHREG 349 /* Darwin-specific. */ #define AUE_DARWIN_PTHREADKILL 350 /* Darwin-specific. */ #define AUE_DARWIN_PTHREADSIGMASK 351 /* Darwin-specific. */ #define AUE_DARWIN_AUDITCTL 352 #define AUE_DARWIN_RFORK 353 #define AUE_DARWIN_LCHMOD 354 #define AUE_DARWIN_SWAPOFF 355 #define AUE_DARWIN_INITPROCESS 356 /* Darwin-specific. */ #define AUE_DARWIN_MAPFD 357 /* Darwin-specific. */ #define AUE_DARWIN_TASKFORPID 358 /* Darwin-specific. */ #define AUE_DARWIN_PIDFORTASK 359 /* Darwin-specific. */ #define AUE_DARWIN_SYSCTL_NONADMIN 360 #define AUE_DARWIN_COPYFILE 361 /* Darwin-specific. */ /* * Audit event identifiers added as part of OpenBSM, generally corresponding * to events in FreeBSD, Darwin, and Linux that were not present in Solaris. * These often duplicate events added to the Solaris set by Darwin, but use * event identifiers in a higher range in order to avoid colliding with * future Solaris additions. * * If an event in this section is later added to Solaris, we prefer the * Solaris event identifier, and add _OPENBSM_ to the OpenBSM-specific * identifier so that old trails can still be processed, but new trails use * the Solaris identifier. */ #define AUE_GETFSSTAT 43001 #define AUE_PTRACE 43002 #define AUE_CHFLAGS 43003 #define AUE_FCHFLAGS 43004 #define AUE_PROFILE 43005 #define AUE_KTRACE 43006 #define AUE_SETLOGIN 43007 #define AUE_OPENBSM_REVOKE 43008 /* Solaris event now preferred. */ #define AUE_UMASK 43009 #define AUE_MPROTECT 43010 #define AUE_MKFIFO 43011 #define AUE_POLL 43012 #define AUE_FUTIMES 43013 #define AUE_SETSID 43014 #define AUE_SETPRIVEXEC 43015 /* Darwin-specific. */ #define AUE_ADDPROFILE 43016 /* Darwin-specific. */ #define AUE_KDEBUGTRACE 43017 /* Darwin-specific. */ #define AUE_KDBUGTRACE AUE_KDEBUGTRACE #define AUE_OPENBSM_FSTAT 43018 /* Solaris event now preferred. */ #define AUE_FPATHCONF 43019 #define AUE_GETDIRENTRIES 43020 #define AUE_SYSCTL 43021 #define AUE_MLOCK 43022 #define AUE_MUNLOCK 43023 #define AUE_UNDELETE 43024 #define AUE_GETATTRLIST 43025 /* Darwin-specific. */ #define AUE_SETATTRLIST 43026 /* Darwin-specific. */ #define AUE_GETDIRENTRIESATTR 43027 /* Darwin-specific. */ #define AUE_EXCHANGEDATA 43028 /* Darwin-specific. */ #define AUE_SEARCHFS 43029 /* Darwin-specific. */ #define AUE_MINHERIT 43030 #define AUE_SEMCONFIG 43031 #define AUE_SEMOPEN 43032 #define AUE_SEMCLOSE 43033 #define AUE_SEMUNLINK 43034 #define AUE_SHMOPEN 43035 #define AUE_SHMUNLINK 43036 #define AUE_LOADSHFILE 43037 /* Darwin-specific. */ #define AUE_RESETSHFILE 43038 /* Darwin-specific. */ #define AUE_NEWSYSTEMSHREG 43039 /* Darwin-specific. */ #define AUE_PTHREADKILL 43040 /* Darwin-specific. */ #define AUE_PTHREADSIGMASK 43041 /* Darwin-specific. */ #define AUE_AUDITCTL 43042 #define AUE_RFORK 43043 #define AUE_LCHMOD 43044 #define AUE_SWAPOFF 43045 #define AUE_INITPROCESS 43046 /* Darwin-specific. */ #define AUE_MAPFD 43047 /* Darwin-specific. */ #define AUE_TASKFORPID 43048 /* Darwin-specific. */ #define AUE_PIDFORTASK 43049 /* Darwin-specific. */ #define AUE_SYSCTL_NONADMIN 43050 #define AUE_COPYFILE 43051 /* Darwin-specific. */ /* * Events added to OpenBSM for FreeBSD and Linux; may also be used by Darwin * in the future. */ #define AUE_LUTIMES 43052 #define AUE_LCHFLAGS 43053 /* FreeBSD-specific. */ #define AUE_SENDFILE 43054 /* BSD/Linux-specific. */ #define AUE_USELIB 43055 /* Linux-specific. */ #define AUE_GETRESUID 43056 #define AUE_SETRESUID 43057 #define AUE_GETRESGID 43058 #define AUE_SETRESGID 43059 #define AUE_WAIT4 43060 /* FreeBSD-specific. */ #define AUE_LGETFH 43061 /* FreeBSD-specific. */ #define AUE_FHSTATFS 43062 /* FreeBSD-specific. */ #define AUE_FHOPEN 43063 /* FreeBSD-specific. */ #define AUE_FHSTAT 43064 /* FreeBSD-specific. */ #define AUE_JAIL 43065 /* FreeBSD-specific. */ #define AUE_EACCESS 43066 /* FreeBSD-specific. */ #define AUE_KQUEUE 43067 /* FreeBSD-specific. */ #define AUE_KEVENT 43068 /* FreeBSD-specific. */ #define AUE_FSYNC 43069 #define AUE_NMOUNT 43070 /* FreeBSD-specific. */ #define AUE_BDFLUSH 43071 /* Linux-specific. */ #define AUE_SETFSUID 43072 /* Linux-specific. */ #define AUE_SETFSGID 43073 /* Linux-specific. */ #define AUE_PERSONALITY 43074 /* Linux-specific. */ #define AUE_SCHED_GETSCHEDULER 43075 /* POSIX.1b. */ #define AUE_SCHED_SETSCHEDULER 43076 /* POSIX.1b. */ #define AUE_PRCTL 43077 /* Linux-specific. */ #define AUE_GETCWD 43078 /* FreeBSD/Linux-specific. */ #define AUE_CAPGET 43079 /* Linux-specific. */ #define AUE_CAPSET 43080 /* Linux-specific. */ #define AUE_PIVOT_ROOT 43081 /* Linux-specific. */ #define AUE_RTPRIO 43082 /* FreeBSD-specific. */ #define AUE_SCHED_GETPARAM 43083 /* POSIX.1b. */ #define AUE_SCHED_SETPARAM 43084 /* POSIX.1b. */ #define AUE_SCHED_GET_PRIORITY_MAX 43085 /* POSIX.1b. */ #define AUE_SCHED_GET_PRIORITY_MIN 43086 /* POSIX.1b. */ #define AUE_SCHED_RR_GET_INTERVAL 43087 /* POSIX.1b. */ #define AUE_ACL_GET_FILE 43088 /* FreeBSD. */ #define AUE_ACL_SET_FILE 43089 /* FreeBSD. */ #define AUE_ACL_GET_FD 43090 /* FreeBSD. */ #define AUE_ACL_SET_FD 43091 /* FreeBSD. */ #define AUE_ACL_DELETE_FILE 43092 /* FreeBSD. */ #define AUE_ACL_DELETE_FD 43093 /* FreeBSD. */ #define AUE_ACL_CHECK_FILE 43094 /* FreeBSD. */ #define AUE_ACL_CHECK_FD 43095 /* FreeBSD. */ #define AUE_ACL_GET_LINK 43096 /* FreeBSD. */ #define AUE_ACL_SET_LINK 43097 /* FreeBSD. */ #define AUE_ACL_DELETE_LINK 43098 /* FreeBSD. */ #define AUE_ACL_CHECK_LINK 43099 /* FreeBSD. */ #define AUE_SYSARCH 43100 /* FreeBSD. */ #define AUE_EXTATTRCTL 43101 /* FreeBSD. */ #define AUE_EXTATTR_GET_FILE 43102 /* FreeBSD. */ #define AUE_EXTATTR_SET_FILE 43103 /* FreeBSD. */ #define AUE_EXTATTR_LIST_FILE 43104 /* FreeBSD. */ #define AUE_EXTATTR_DELETE_FILE 43105 /* FreeBSD. */ #define AUE_EXTATTR_GET_FD 43106 /* FreeBSD. */ #define AUE_EXTATTR_SET_FD 43107 /* FreeBSD. */ #define AUE_EXTATTR_LIST_FD 43108 /* FreeBSD. */ #define AUE_EXTATTR_DELETE_FD 43109 /* FreeBSD. */ #define AUE_EXTATTR_GET_LINK 43110 /* FreeBSD. */ #define AUE_EXTATTR_SET_LINK 43111 /* FreeBSD. */ #define AUE_EXTATTR_LIST_LINK 43112 /* FreeBSD. */ #define AUE_EXTATTR_DELETE_LINK 43113 /* FreeBSD. */ #define AUE_KENV 43114 /* FreeBSD. */ #define AUE_JAIL_ATTACH 43115 /* FreeBSD. */ #define AUE_SYSCTL_WRITE 43116 /* FreeBSD. */ #define AUE_IOPERM 43117 /* Linux. */ #define AUE_READDIR 43118 /* Linux. */ #define AUE_IOPL 43119 /* Linux. */ #define AUE_VM86 43120 /* Linux. */ #define AUE_MAC_GET_PROC 43121 /* FreeBSD/Darwin. */ #define AUE_MAC_SET_PROC 43122 /* FreeBSD/Darwin. */ #define AUE_MAC_GET_FD 43123 /* FreeBSD/Darwin. */ #define AUE_MAC_GET_FILE 43124 /* FreeBSD/Darwin. */ #define AUE_MAC_SET_FD 43125 /* FreeBSD/Darwin. */ #define AUE_MAC_SET_FILE 43126 /* FreeBSD/Darwin. */ #define AUE_MAC_SYSCALL 43127 /* FreeBSD. */ #define AUE_MAC_GET_PID 43128 /* FreeBSD/Darwin. */ #define AUE_MAC_GET_LINK 43129 /* FreeBSD/Darwin. */ #define AUE_MAC_SET_LINK 43130 /* FreeBSD/Darwin. */ #define AUE_MAC_EXECVE 43131 /* FreeBSD/Darwin. */ #define AUE_GETPATH_FROMFD 43132 /* FreeBSD. */ #define AUE_GETPATH_FROMADDR 43133 /* FreeBSD. */ #define AUE_MQ_OPEN 43134 /* FreeBSD. */ #define AUE_MQ_SETATTR 43135 /* FreeBSD. */ #define AUE_MQ_TIMEDRECEIVE 43136 /* FreeBSD. */ #define AUE_MQ_TIMEDSEND 43137 /* FreeBSD. */ #define AUE_MQ_NOTIFY 43138 /* FreeBSD. */ #define AUE_MQ_UNLINK 43139 /* FreeBSD. */ #define AUE_LISTEN 43140 /* FreeBSD/Darwin/Linux. */ #define AUE_MLOCKALL 43141 /* FreeBSD. */ #define AUE_MUNLOCKALL 43142 /* FreeBSD. */ #define AUE_CLOSEFROM 43143 /* FreeBSD. */ #define AUE_FEXECVE 43144 /* FreeBSD. */ #define AUE_FACCESSAT 43145 /* FreeBSD. */ #define AUE_FCHMODAT 43146 /* FreeBSD. */ #define AUE_LINKAT 43147 /* FreeBSD. */ #define AUE_MKDIRAT 43148 /* FreeBSD. */ #define AUE_MKFIFOAT 43149 /* FreeBSD. */ #define AUE_MKNODAT 43150 /* FreeBSD. */ #define AUE_READLINKAT 43151 /* FreeBSD. */ #define AUE_SYMLINKAT 43152 /* FreeBSD. */ #define AUE_MAC_GETFSSTAT 43153 /* Darwin. */ #define AUE_MAC_GET_MOUNT 43154 /* Darwin. */ #define AUE_MAC_GET_LCID 43155 /* Darwin. */ #define AUE_MAC_GET_LCTX 43156 /* Darwin. */ #define AUE_MAC_SET_LCTX 43157 /* Darwin. */ #define AUE_MAC_MOUNT 43158 /* Darwin. */ #define AUE_GETLCID 43159 /* Darwin. */ #define AUE_SETLCID 43160 /* Darwin. */ #define AUE_TASKNAMEFORPID 43161 /* Darwin. */ #define AUE_ACCESS_EXTENDED 43162 /* Darwin. */ #define AUE_CHMOD_EXTENDED 43163 /* Darwin. */ #define AUE_FCHMOD_EXTENDED 43164 /* Darwin. */ #define AUE_FSTAT_EXTENDED 43165 /* Darwin. */ #define AUE_LSTAT_EXTENDED 43166 /* Darwin. */ #define AUE_MKDIR_EXTENDED 43167 /* Darwin. */ #define AUE_MKFIFO_EXTENDED 43168 /* Darwin. */ #define AUE_OPEN_EXTENDED 43169 /* Darwin. */ #define AUE_OPEN_EXTENDED_R 43170 /* Darwin. */ #define AUE_OPEN_EXTENDED_RC 43171 /* Darwin. */ #define AUE_OPEN_EXTENDED_RT 43172 /* Darwin. */ #define AUE_OPEN_EXTENDED_RTC 43173 /* Darwin. */ #define AUE_OPEN_EXTENDED_W 43174 /* Darwin. */ #define AUE_OPEN_EXTENDED_WC 43175 /* Darwin. */ #define AUE_OPEN_EXTENDED_WT 43176 /* Darwin. */ #define AUE_OPEN_EXTENDED_WTC 43177 /* Darwin. */ #define AUE_OPEN_EXTENDED_RW 43178 /* Darwin. */ #define AUE_OPEN_EXTENDED_RWC 43179 /* Darwin. */ #define AUE_OPEN_EXTENDED_RWT 43180 /* Darwin. */ #define AUE_OPEN_EXTENDED_RWTC 43181 /* Darwin. */ #define AUE_STAT_EXTENDED 43182 /* Darwin. */ #define AUE_UMASK_EXTENDED 43183 /* Darwin. */ #define AUE_OPENAT 43184 /* FreeBSD. */ #define AUE_POSIX_OPENPT 43185 /* FreeBSD. */ #define AUE_CAP_NEW 43186 /* TrustedBSD. */ -#define AUE_CAP_GETRIGHTS 43187 /* TrustedBSD. */ +#define AUE_CAP_RIGHTS_GET 43187 /* TrustedBSD. */ +#define AUE_CAP_GETRIGHTS AUE_CAP_RIGHTS_GET #define AUE_CAP_ENTER 43188 /* TrustedBSD. */ #define AUE_CAP_GETMODE 43189 /* TrustedBSD. */ #define AUE_POSIX_SPAWN 43190 /* Darwin. */ #define AUE_FSGETPATH 43191 /* Darwin. */ #define AUE_PREAD 43192 /* Darwin/FreeBSD. */ #define AUE_PWRITE 43193 /* Darwin/FreeBSD. */ #define AUE_FSCTL 43194 /* Darwin. */ #define AUE_FFSCTL 43195 /* Darwin. */ #define AUE_LPATHCONF 43196 /* FreeBSD. */ #define AUE_PDFORK 43197 /* FreeBSD. */ #define AUE_PDKILL 43198 /* FreeBSD. */ #define AUE_PDGETPID 43199 /* FreeBSD. */ #define AUE_PDWAIT 43200 /* FreeBSD. */ #define AUE_WAIT6 43201 /* FreeBSD. */ +#define AUE_CAP_RIGHTS_LIMIT 43202 /* TrustedBSD. */ +#define AUE_CAP_IOCTLS_LIMIT 43203 /* TrustedBSD. */ +#define AUE_CAP_IOCTLS_GET 43204 /* TrustedBSD. */ +#define AUE_CAP_FCNTLS_LIMIT 43205 /* TrustedBSD. */ +#define AUE_CAP_FCNTLS_GET 43206 /* TrustedBSD. */ +#define AUE_BINDAT 43207 /* TrustedBSD. */ +#define AUE_CONNECTAT 43208 /* TrustedBSD. */ +#define AUE_CHFLAGSAT 43209 /* FreeBSD-specific. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the * normal Solaris BSM identifiers. _O_ refers to it being an old, or compat * interface. In most cases, Darwin has never implemented these system calls * but picked up the fields in their system call table from their FreeBSD * import. Happily, these have different names than the AUE_O* definitions * in Solaris BSM. */ #define AUE_O_CREAT AUE_OPEN_RWTC /* Darwin */ #define AUE_O_EXECVE AUE_NULL /* Darwin */ #define AUE_O_SBREAK AUE_NULL /* Darwin */ #define AUE_O_LSEEK AUE_NULL /* Darwin */ #define AUE_O_MOUNT AUE_NULL /* Darwin */ #define AUE_O_UMOUNT AUE_NULL /* Darwin */ #define AUE_O_STAT AUE_STAT /* Darwin */ #define AUE_O_LSTAT AUE_LSTAT /* Darwin */ #define AUE_O_FSTAT AUE_FSTAT /* Darwin */ #define AUE_O_GETPAGESIZE AUE_NULL /* Darwin */ #define AUE_O_VREAD AUE_NULL /* Darwin */ #define AUE_O_VWRITE AUE_NULL /* Darwin */ #define AUE_O_MMAP AUE_MMAP /* Darwin */ #define AUE_O_VADVISE AUE_NULL /* Darwin */ #define AUE_O_VHANGUP AUE_NULL /* Darwin */ #define AUE_O_VLIMIT AUE_NULL /* Darwin */ #define AUE_O_WAIT AUE_NULL /* Darwin */ #define AUE_O_GETHOSTNAME AUE_NULL /* Darwin */ #define AUE_O_SETHOSTNAME AUE_SYSCTL /* Darwin */ #define AUE_O_GETDOPT AUE_NULL /* Darwin */ #define AUE_O_SETDOPT AUE_NULL /* Darwin */ #define AUE_O_ACCEPT AUE_NULL /* Darwin */ #define AUE_O_SEND AUE_SENDMSG /* Darwin */ #define AUE_O_RECV AUE_RECVMSG /* Darwin */ #define AUE_O_VTIMES AUE_NULL /* Darwin */ #define AUE_O_SIGVEC AUE_NULL /* Darwin */ #define AUE_O_SIGBLOCK AUE_NULL /* Darwin */ #define AUE_O_SIGSETMASK AUE_NULL /* Darwin */ #define AUE_O_SIGSTACK AUE_NULL /* Darwin */ #define AUE_O_RECVMSG AUE_RECVMSG /* Darwin */ #define AUE_O_SENDMSG AUE_SENDMSG /* Darwin */ #define AUE_O_VTRACE AUE_NULL /* Darwin */ #define AUE_O_RESUBA AUE_NULL /* Darwin */ #define AUE_O_RECVFROM AUE_RECVFROM /* Darwin */ #define AUE_O_SETREUID AUE_SETREUID /* Darwin */ #define AUE_O_SETREGID AUE_SETREGID /* Darwin */ #define AUE_O_GETDIRENTRIES AUE_GETDIRENTRIES /* Darwin */ #define AUE_O_TRUNCATE AUE_TRUNCATE /* Darwin */ #define AUE_O_FTRUNCATE AUE_FTRUNCATE /* Darwin */ #define AUE_O_GETPEERNAME AUE_NULL /* Darwin */ #define AUE_O_GETHOSTID AUE_NULL /* Darwin */ #define AUE_O_SETHOSTID AUE_NULL /* Darwin */ #define AUE_O_GETRLIMIT AUE_NULL /* Darwin */ #define AUE_O_SETRLIMIT AUE_SETRLIMIT /* Darwin */ #define AUE_O_KILLPG AUE_KILL /* Darwin */ #define AUE_O_SETQUOTA AUE_NULL /* Darwin */ #define AUE_O_QUOTA AUE_NULL /* Darwin */ #define AUE_O_GETSOCKNAME AUE_NULL /* Darwin */ #define AUE_O_GETDIREENTRIES AUE_GETDIREENTRIES /* Darwin */ #define AUE_O_ASYNCDAEMON AUE_NULL /* Darwin */ #define AUE_O_GETDOMAINNAME AUE_NULL /* Darwin */ #define AUE_O_SETDOMAINNAME AUE_SYSCTL /* Darwin */ #define AUE_O_PCFS_MOUNT AUE_NULL /* Darwin */ #define AUE_O_EXPORTFS AUE_NULL /* Darwin */ #define AUE_O_USTATE AUE_NULL /* Darwin */ #define AUE_O_WAIT3 AUE_NULL /* Darwin */ #define AUE_O_RPAUSE AUE_NULL /* Darwin */ #define AUE_O_GETDENTS AUE_NULL /* Darwin */ /* * Possible desired future values based on review of BSD/Darwin system calls. */ #define AUE_ATGETMSG AUE_NULL #define AUE_ATPUTMSG AUE_NULL #define AUE_ATSOCKET AUE_NULL #define AUE_ATPGETREQ AUE_NULL #define AUE_ATPGETRSP AUE_NULL #define AUE_ATPSNDREQ AUE_NULL #define AUE_ATPSNDRSP AUE_NULL #define AUE_BSDTHREADCREATE AUE_NULL #define AUE_BSDTHREADTERMINATE AUE_NULL #define AUE_BSDTHREADREGISTER AUE_NULL #define AUE_CHUD AUE_NULL #define AUE_CSOPS AUE_NULL #define AUE_DUP AUE_NULL #define AUE_FDATASYNC AUE_NULL #define AUE_FGETATTRLIST AUE_NULL #define AUE_FGETXATTR AUE_NULL #define AUE_FLISTXATTR AUE_NULL #define AUE_FREMOVEXATTR AUE_NULL #define AUE_FSETATTRLIST AUE_NULL #define AUE_FSETXATTR AUE_NULL #define AUE_FSTATFS64 AUE_NULL #define AUE_FSTATV AUE_NULL #define AUE_FSTAT64 AUE_NULL #define AUE_FSTAT64_EXTENDED AUE_NULL #define AUE_GCCONTROL AUE_NULL #define AUE_GETDIRENTRIES64 AUE_NULL #define AUE_GETDTABLESIZE AUE_NULL #define AUE_GETEGID AUE_NULL #define AUE_GETEUID AUE_NULL #define AUE_GETFSSTAT64 AUE_NULL #define AUE_GETGID AUE_NULL #define AUE_GETGROUPS AUE_NULL #define AUE_GETITIMER AUE_NULL #define AUE_GETLOGIN AUE_NULL #define AUE_GETPEERNAME AUE_NULL #define AUE_GETPGID AUE_NULL #define AUE_GETPGRP AUE_NULL #define AUE_GETPID AUE_NULL #define AUE_GETPPID AUE_NULL #define AUE_GETPRIORITY AUE_NULL #define AUE_GETRLIMIT AUE_NULL #define AUE_GETRUSAGE AUE_NULL #define AUE_GETSGROUPS AUE_NULL #define AUE_GETSID AUE_NULL #define AUE_GETSOCKNAME AUE_NULL #define AUE_GETTIMEOFDAY AUE_NULL #define AUE_GETTID AUE_NULL #define AUE_GETUID AUE_NULL #define AUE_GETSOCKOPT AUE_NULL #define AUE_GETWGROUPS AUE_NULL #define AUE_GETXATTR AUE_NULL #define AUE_IDENTITYSVC AUE_NULL #define AUE_INITGROUPS AUE_NULL #define AUE_IOPOLICYSYS AUE_NULL #define AUE_ISSETUGID AUE_NULL #define AUE_LIOLISTIO AUE_NULL #define AUE_LISTXATTR AUE_NULL #define AUE_LSTATV AUE_NULL #define AUE_LSTAT64 AUE_NULL #define AUE_LSTAT64_EXTENDED AUE_NULL #define AUE_MADVISE AUE_NULL #define AUE_MINCORE AUE_NULL #define AUE_MKCOMPLEX AUE_NULL #define AUE_MODWATCH AUE_NULL #define AUE_MSGCL AUE_NULL #define AUE_MSYNC AUE_NULL #define AUE_PREADV AUE_NULL #define AUE_PROCINFO AUE_NULL #define AUE_PTHREADCANCELED AUE_NULL #define AUE_PTHREADCHDIR AUE_NULL #define AUE_PTHREADCONDBROADCAST AUE_NULL #define AUE_PTHREADCONDDESTORY AUE_NULL #define AUE_PTHREADCONDINIT AUE_NULL #define AUE_PTHREADCONDSIGNAL AUE_NULL #define AUE_PTHREADCONDWAIT AUE_NULL #define AUE_PTHREADFCHDIR AUE_NULL #define AUE_PTHREADMARK AUE_NULL #define AUE_PTHREADMUTEXDESTROY AUE_NULL #define AUE_PTHREADMUTEXINIT AUE_NULL #define AUE_PTHREADMUTEXTRYLOCK AUE_NULL #define AUE_PTHREADMUTEXUNLOCK AUE_NULL #define AUE_PWRITEV AUE_NULL #define AUE_REMOVEXATTR AUE_NULL #define AUE_SBRK AUE_NULL #define AUE_SELECT AUE_NULL #define AUE_SEMDESTROY AUE_NULL #define AUE_SEMGETVALUE AUE_NULL #define AUE_SEMINIT AUE_NULL #define AUE_SEMPOST AUE_NULL #define AUE_SEMTRYWAIT AUE_NULL #define AUE_SEMWAIT AUE_NULL #define AUE_SEMWAITSIGNAL AUE_NULL #define AUE_SETITIMER AUE_NULL #define AUE_SETSGROUPS AUE_NULL #define AUE_SETTID AUE_NULL #define AUE_SETTIDWITHPID AUE_NULL #define AUE_SETWGROUPS AUE_NULL #define AUE_SETXATTR AUE_NULL #define AUE_SHAREDREGIONCHECK AUE_NULL #define AUE_SHAREDREGIONMAP AUE_NULL #define AUE_SIGACTION AUE_NULL #define AUE_SIGALTSTACK AUE_NULL #define AUE_SIGPENDING AUE_NULL #define AUE_SIGPROCMASK AUE_NULL #define AUE_SIGRETURN AUE_NULL #define AUE_SIGSUSPEND AUE_NULL #define AUE_SIGWAIT AUE_NULL #define AUE_SSTK AUE_NULL #define AUE_STACKSNAPSHOT AUE_NULL #define AUE_STATFS64 AUE_NULL #define AUE_STATV AUE_NULL #define AUE_STAT64 AUE_NULL #define AUE_STAT64_EXTENDED AUE_NULL #define AUE_SYNC AUE_NULL #define AUE_SYSCALL AUE_NULL #define AUE_TABLE AUE_NULL #define AUE_VMPRESSUREMONITOR AUE_NULL #define AUE_WAITEVENT AUE_NULL #define AUE_WAITID AUE_NULL #define AUE_WATCHEVENT AUE_NULL #define AUE_WORKQOPEN AUE_NULL #define AUE_WORKQOPS AUE_NULL #endif /* !_BSM_AUDIT_KEVENTS_H_ */ Index: head/contrib/openbsm/sys/bsm/audit_record.h =================================================================== --- head/contrib/openbsm/sys/bsm/audit_record.h (revision 292431) +++ head/contrib/openbsm/sys/bsm/audit_record.h (revision 292432) @@ -1,300 +1,298 @@ /*- * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#12 $ */ #ifndef _BSM_AUDIT_RECORD_H_ #define _BSM_AUDIT_RECORD_H_ #include /* struct timeval */ /* * Token type identifiers. */ #define AUT_INVALID 0x00 #define AUT_OTHER_FILE32 0x11 #define AUT_OHEADER 0x12 #define AUT_TRAILER 0x13 #define AUT_HEADER32 0x14 #define AUT_HEADER32_EX 0x15 #define AUT_DATA 0x21 #define AUT_IPC 0x22 #define AUT_PATH 0x23 #define AUT_SUBJECT32 0x24 #define AUT_XATPATH 0x25 #define AUT_PROCESS32 0x26 #define AUT_RETURN32 0x27 #define AUT_TEXT 0x28 #define AUT_OPAQUE 0x29 #define AUT_IN_ADDR 0x2a #define AUT_IP 0x2b #define AUT_IPORT 0x2c #define AUT_ARG32 0x2d #define AUT_SOCKET 0x2e #define AUT_SEQ 0x2f #define AUT_ACL 0x30 #define AUT_ATTR 0x31 #define AUT_IPC_PERM 0x32 #define AUT_LABEL 0x33 #define AUT_GROUPS 0x34 #define AUT_ACE 0x35 #define AUT_PRIV 0x38 #define AUT_UPRIV 0x39 #define AUT_LIAISON 0x3a #define AUT_NEWGROUPS 0x3b #define AUT_EXEC_ARGS 0x3c #define AUT_EXEC_ENV 0x3d #define AUT_ATTR32 0x3e #define AUT_UNAUTH 0x3f #define AUT_XATOM 0x40 #define AUT_XOBJ 0x41 #define AUT_XPROTO 0x42 #define AUT_XSELECT 0x43 #define AUT_XCOLORMAP 0x44 #define AUT_XCURSOR 0x45 #define AUT_XFONT 0x46 #define AUT_XGC 0x47 #define AUT_XPIXMAP 0x48 #define AUT_XPROPERTY 0x49 #define AUT_XWINDOW 0x4a #define AUT_XCLIENT 0x4b #define AUT_CMD 0x51 #define AUT_EXIT 0x52 #define AUT_ZONENAME 0x60 #define AUT_HOST 0x70 #define AUT_ARG64 0x71 #define AUT_RETURN64 0x72 #define AUT_ATTR64 0x73 #define AUT_HEADER64 0x74 #define AUT_SUBJECT64 0x75 #define AUT_PROCESS64 0x77 #define AUT_OTHER_FILE64 0x78 #define AUT_HEADER64_EX 0x79 #define AUT_SUBJECT32_EX 0x7a #define AUT_PROCESS32_EX 0x7b #define AUT_SUBJECT64_EX 0x7c #define AUT_PROCESS64_EX 0x7d #define AUT_IN_ADDR_EX 0x7e #define AUT_SOCKET_EX 0x7f /* * Pre-64-bit BSM, 32-bit tokens weren't explicitly named as '32'. We have * compatibility defines. */ #define AUT_HEADER AUT_HEADER32 #define AUT_ARG AUT_ARG32 #define AUT_RETURN AUT_RETURN32 #define AUT_SUBJECT AUT_SUBJECT32 #define AUT_PROCESS AUT_PROCESS32 #define AUT_OTHER_FILE AUT_OTHER_FILE32 /* * The values for the following token ids are not defined by BSM. * * XXXRW: Not sure how to handle these in OpenBSM yet, but I'll give them * names more consistent with Sun's BSM. These originally came from Apple's * BSM. */ #define AUT_SOCKINET32 0x80 /* XXX */ #define AUT_SOCKINET128 0x81 /* XXX */ #define AUT_SOCKUNIX 0x82 /* XXX */ /* print values for the arbitrary token */ #define AUP_BINARY 0 #define AUP_OCTAL 1 #define AUP_DECIMAL 2 #define AUP_HEX 3 #define AUP_STRING 4 /* data-types for the arbitrary token */ #define AUR_BYTE 0 #define AUR_CHAR AUR_BYTE #define AUR_SHORT 1 #define AUR_INT32 2 #define AUR_INT AUR_INT32 #define AUR_INT64 3 /* ... and their sizes */ #define AUR_BYTE_SIZE sizeof(u_char) #define AUR_CHAR_SIZE AUR_BYTE_SIZE #define AUR_SHORT_SIZE sizeof(uint16_t) #define AUR_INT32_SIZE sizeof(uint32_t) #define AUR_INT_SIZE AUR_INT32_SIZE #define AUR_INT64_SIZE sizeof(uint64_t) /* Modifiers for the header token */ #define PAD_NOTATTR 0x4000 /* nonattributable event */ #define PAD_FAILURE 0x8000 /* fail audit event */ #define AUDIT_MAX_GROUPS 16 /* * A number of BSM versions are floating around and defined. Here are * constants for them. OpenBSM uses the same token types, etc, used in the * Solaris BSM version, but has a separate version number in order to * identify a potentially different event identifier name space. */ #define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */ #define AUDIT_HEADER_VERSION_SOLARIS 2 #define AUDIT_HEADER_VERSION_TSOL25 3 #define AUDIT_HEADER_VERSION_TSOL 4 #define AUDIT_HEADER_VERSION_OPENBSM10 10 #define AUDIT_HEADER_VERSION_OPENBSM11 11 #define AUDIT_HEADER_VERSION_OPENBSM AUDIT_HEADER_VERSION_OPENBSM11 #define AUT_TRAILER_MAGIC 0xb105 /* BSM library calls */ __BEGIN_DECLS struct in_addr; struct in6_addr; struct ip; struct ipc_perm; struct kevent; struct sockaddr; struct sockaddr_in; struct sockaddr_in6; struct sockaddr_un; #if defined(_KERNEL) || defined(KERNEL) struct vnode_au_info; #endif int au_open(void); int au_write(int d, token_t *m); int au_close(int d, int keep, short event); int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen); int au_close_token(token_t *tok, u_char *buffer, size_t *buflen); token_t *au_to_file(const char *file, struct timeval tm); token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm); token_t *au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm, struct auditinfo_addr *aia); token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm); #if !defined(KERNEL) && !defined(_KERNEL) token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod); #endif token_t *au_to_me(void); token_t *au_to_arg(char n, const char *text, uint32_t v); token_t *au_to_arg32(char n, const char *text, uint32_t v); token_t *au_to_arg64(char n, const char *text, uint64_t v); #if defined(_KERNEL) || defined(KERNEL) token_t *au_to_attr(struct vnode_au_info *vni); token_t *au_to_attr32(struct vnode_au_info *vni); token_t *au_to_attr64(struct vnode_au_info *vni); #endif token_t *au_to_data(char unit_print, char unit_type, char unit_count, const char *p); token_t *au_to_exit(int retval, int err); token_t *au_to_groups(int *groups); token_t *au_to_newgroups(uint16_t n, gid_t *groups); token_t *au_to_in_addr(struct in_addr *internet_addr); token_t *au_to_in_addr_ex(struct in6_addr *internet_addr); token_t *au_to_ip(struct ip *ip); token_t *au_to_ipc(char type, int id); token_t *au_to_ipc_perm(struct ipc_perm *perm); token_t *au_to_iport(uint16_t iport); token_t *au_to_opaque(const char *data, uint16_t bytes); token_t *au_to_path(const char *path); token_t *au_to_privset(char *privtypestr, char *privstr); token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_return(char status, uint32_t ret); token_t *au_to_return32(char status, uint32_t ret); token_t *au_to_return64(char status, uint64_t ret); token_t *au_to_seq(long audit_count); token_t *au_to_socket_ex(u_short so_domain, u_short so_type, struct sockaddr *sa_local, struct sockaddr *sa_remote); token_t *au_to_sock_inet(struct sockaddr_in *so); token_t *au_to_sock_inet32(struct sockaddr_in *so); token_t *au_to_sock_inet128(struct sockaddr_in6 *so); token_t *au_to_sock_unix(struct sockaddr_un *so); token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); #if defined(_KERNEL) || defined(KERNEL) token_t *au_to_exec_args(char *args, int argc); token_t *au_to_exec_env(char *envs, int envc); #else token_t *au_to_exec_args(char **argv); token_t *au_to_exec_env(char **envp); #endif token_t *au_to_text(const char *text); token_t *au_to_kevent(struct kevent *kev); token_t *au_to_trailer(int rec_size); token_t *au_to_upriv(char sorf, char *priv); token_t *au_to_zonename(const char *zonename); /* * BSM library routines for converting between local and BSM constant spaces. */ int au_bsm_to_domain(u_short bsm_domain, int *local_domainp); int au_bsm_to_errno(u_char bsm_error, int *errorp); int au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp); int au_bsm_to_socket_type(u_short bsm_socket_type, int *local_socket_typep); u_short au_domain_to_bsm(int local_domain); u_char au_errno_to_bsm(int local_errno); u_short au_fcntl_cmd_to_bsm(int local_fcntl_command); u_short au_socket_type_to_bsm(int local_socket_type); __END_DECLS #endif /* ! _BSM_AUDIT_RECORD_H_ */ Index: head/contrib/openbsm/sys/bsm/audit_socket_type.h =================================================================== --- head/contrib/openbsm/sys/bsm/audit_socket_type.h (revision 292431) +++ head/contrib/openbsm/sys/bsm/audit_socket_type.h (revision 292432) @@ -1,46 +1,44 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_socket_type.h#1 $ */ #ifndef _BSM_AUDIT_SOCKET_TYPE_H_ #define _BSM_AUDIT_SOCKET_TYPE_H_ /* * BSM socket type constants. */ #define BSM_SOCK_DGRAM 1 #define BSM_SOCK_STREAM 2 #define BSM_SOCK_RAW 4 #define BSM_SOCK_RDM 5 #define BSM_SOCK_SEQPACKET 6 #define BSM_SOCK_UNKNOWN 500 #endif /* !_BSM_AUDIT_SOCKET_TYPE_H_ */ Index: head/contrib/openbsm/test/Makefile.am =================================================================== --- head/contrib/openbsm/test/Makefile.am (revision 292431) +++ head/contrib/openbsm/test/Makefile.am (revision 292432) @@ -1,6 +1,2 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.am#3 $ -## - SUBDIRS = \ bsm Index: head/contrib/openbsm/test/bsm/Makefile.am =================================================================== --- head/contrib/openbsm/test/bsm/Makefile.am (revision 292431) +++ head/contrib/openbsm/test/bsm/Makefile.am (revision 292432) @@ -1,13 +1,9 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.am#4 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif bin_PROGRAMS = generate generate_SOURCES = generate.c generate_LDADD = $(top_builddir)/libbsm/libbsm.la Index: head/contrib/openbsm/test/bsm/generate.c =================================================================== --- head/contrib/openbsm/test/bsm/generate.c (revision 292431) +++ head/contrib/openbsm/test/bsm/generate.c (revision 292432) @@ -1,1157 +1,1155 @@ /*- * Copyright (c) 2006-2007 Robert N. M. Watson * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#14 $ */ /* * Generate a series of BSM token samples in the requested directory. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static int do_records, do_tokens; static void usage(void) { fprintf(stderr, "generate [-rt] path\n"); exit(EX_USAGE); } static int open_file(const char *directory, const char *name) { char pathname[PATH_MAX]; int fd; snprintf(pathname, PATH_MAX, "%s/%s", directory, name); (void)unlink(pathname); fd = open(pathname, O_WRONLY | O_CREAT | O_EXCL, 0600); if (fd < 0) err(EX_CANTCREAT, "open: %s", name); return (fd); } static void write_file(int fd, void *buffer, size_t buflen, const char *filename) { ssize_t len; len = write(fd, buffer, buflen); if (len < 0) err(EX_OSERR, "write_file: %s", filename); if (len < buflen) err(EX_OSERR, "write_file: short write: %s", filename); } /* * Write a single token to a file. */ static void write_token(const char *directory, const char *filename, token_t *tok) { u_char buffer[MAX_AUDIT_RECORD_SIZE]; size_t buflen; int fd; buflen = MAX_AUDIT_RECORD_SIZE; if (au_close_token(tok, buffer, &buflen) < 0) err(EX_UNAVAILABLE, "au_close_token"); fd = open_file(directory, filename); write_file(fd, buffer, buflen, filename); close(fd); } /* * Write a token to a file, wrapped in audit record header and trailer. */ static void write_record(const char *directory, const char *filename, token_t *tok, short event) { u_char buffer[MAX_AUDIT_RECORD_SIZE]; size_t buflen; int au, fd; au = au_open(); if (au < 0) err(EX_UNAVAILABLE, "au_open"); if (au_write(au, tok) < 0) err(EX_UNAVAILABLE, "au_write"); buflen = MAX_AUDIT_RECORD_SIZE; if (au_close_buffer(au, event, buffer, &buflen) < 0) err(EX_UNAVAILABLE, "au_close_buffer"); fd = open_file(directory, filename); write_file(fd, buffer, buflen, filename); close(fd); } static struct timeval file_token_timeval = { 0x12345, 0x67890} ; static void generate_file_token(const char *directory, const char *token_filename) { token_t *file_token; file_token = au_to_file("test", file_token_timeval); if (file_token == NULL) err(EX_UNAVAILABLE, "au_to_file"); write_token(directory, token_filename, file_token); } static void generate_file_record(const char *directory, const char *record_filename) { token_t *file_token; file_token = au_to_file("test", file_token_timeval); if (file_token == NULL) err(EX_UNAVAILABLE, "au_to_file"); write_record(directory, record_filename, file_token, AUE_NULL); } /* * AUT_OHEADER */ static int trailer_token_len = 0x12345678; static void generate_trailer_token(const char *directory, const char *token_filename) { token_t *trailer_token; trailer_token = au_to_trailer(trailer_token_len); if (trailer_token == NULL) err(EX_UNAVAILABLE, "au_to_trailer"); write_token(directory, token_filename, trailer_token); } static int header32_token_len = 0x12345678; static au_event_t header32_e_type = AUE_OPEN; static au_emod_t header32_e_mod = 0x4567; static struct timeval header32_tm = { 0x12345, 0x67890 }; static void generate_header32_token(const char *directory, const char *token_filename) { token_t *header32_token; header32_token = au_to_header32_tm(header32_token_len, header32_e_type, header32_e_mod, header32_tm); if (header32_token == NULL) err(EX_UNAVAILABLE, "au_to_header32"); write_token(directory, token_filename, header32_token); } /* * AUT_HEADER32_EX */ static char data_token_unit_print = AUP_STRING; static char data_token_unit_type = AUR_CHAR; static char *data_token_data = "SomeData"; static char data_token_unit_count = sizeof("SomeData") + 1; static void generate_data_token(const char *directory, const char *token_filename) { token_t *data_token; data_token = au_to_data(data_token_unit_print, data_token_unit_type, data_token_unit_count, data_token_data); if (data_token == NULL) err(EX_UNAVAILABLE, "au_to_data"); write_token(directory, token_filename, data_token); } static void generate_data_record(const char *directory, const char *record_filename) { token_t *data_token; data_token = au_to_data(data_token_unit_print, data_token_unit_type, data_token_unit_count, data_token_data); if (data_token == NULL) err(EX_UNAVAILABLE, "au_to_data"); write_record(directory, record_filename, data_token, AUE_NULL); } static char ipc_type = AT_IPC_MSG; static int ipc_id = 0x12345678; static void generate_ipc_token(const char *directory, const char *token_filename) { token_t *ipc_token; ipc_token = au_to_ipc(ipc_type, ipc_id); if (ipc_token == NULL) err(EX_UNAVAILABLE, "au_to_ipc"); write_token(directory, token_filename, ipc_token); } static void generate_ipc_record(const char *directory, const char *record_filename) { token_t *ipc_token; ipc_token = au_to_ipc(ipc_type, ipc_id); if (ipc_token == NULL) err(EX_UNAVAILABLE, "au_to_ipc"); write_record(directory, record_filename, ipc_token, AUE_NULL); } static char *path_token_path = "/test/this/is/a/test"; static void generate_path_token(const char *directory, const char *token_filename) { token_t *path_token; path_token = au_to_path(path_token_path); if (path_token == NULL) err(EX_UNAVAILABLE, "au_to_path"); write_token(directory, token_filename, path_token); } static void generate_path_record(const char *directory, const char *record_filename) { token_t *path_token; path_token = au_to_path(path_token_path); if (path_token == NULL) err(EX_UNAVAILABLE, "au_to_path"); write_record(directory, record_filename, path_token, AUE_NULL); } static au_id_t subject32_auid = 0x12345678; static uid_t subject32_euid = 0x01234567; static gid_t subject32_egid = 0x23456789; static uid_t subject32_ruid = 0x98765432; static gid_t subject32_rgid = 0x09876543; static pid_t subject32_pid = 0x13243546; static au_asid_t subject32_sid = 0x97867564; static au_tid_t subject32_tid = { 0x16593746 }; static au_tid_addr_t subject32_tid_addr = { 0x16593746 }; static void generate_subject32_token(const char *directory, const char *token_filename) { token_t *subject32_token; subject32_tid.machine = inet_addr("127.0.0.1"); subject32_token = au_to_subject32(subject32_auid, subject32_euid, subject32_egid, subject32_ruid, subject32_rgid, subject32_pid, subject32_sid, &subject32_tid); if (subject32_token == NULL) err(EX_UNAVAILABLE, "au_to_subject32"); write_token(directory, token_filename, subject32_token); } static void generate_subject32_record(const char *directory, const char *record_filename) { token_t *subject32_token; subject32_tid.machine = inet_addr("127.0.0.1"); subject32_token = au_to_subject32(subject32_auid, subject32_euid, subject32_egid, subject32_ruid, subject32_rgid, subject32_pid, subject32_sid, &subject32_tid); if (subject32_token == NULL) err(EX_UNAVAILABLE, "au_to_subject32"); write_record(directory, record_filename, subject32_token, AUE_NULL); } static void generate_subject32ex_token(const char *directory, const char *token_filename, u_int32_t type) { token_t *subject32ex_token; char *buf; buf = (char *)malloc(strlen(token_filename) + 6); if (type == AU_IPv6) { inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr); subject32_tid_addr.at_type = AU_IPv6; sprintf(buf, "%s%s", token_filename, "-IPv6"); } else { subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); subject32_tid_addr.at_type = AU_IPv4; sprintf(buf, "%s%s", token_filename, "-IPv4"); } subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid, subject32_egid, subject32_ruid, subject32_rgid, subject32_pid, subject32_sid, &subject32_tid_addr); if (subject32ex_token == NULL) err(EX_UNAVAILABLE, "au_to_subject32_ex"); write_token(directory, buf, subject32ex_token); free(buf); } static void generate_subject32ex_record(const char *directory, const char *record_filename, u_int32_t type) { token_t *subject32ex_token; char *buf; buf = (char *)malloc(strlen(record_filename) + 6); if (type == AU_IPv6) { inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr); subject32_tid_addr.at_type = AU_IPv6; sprintf(buf, "%s%s", record_filename, "-IPv6"); } else { subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); subject32_tid_addr.at_type = AU_IPv4; sprintf(buf, "%s%s", record_filename, "-IPv4"); } subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid, subject32_egid, subject32_ruid, subject32_rgid, subject32_pid, subject32_sid, &subject32_tid_addr); if (subject32ex_token == NULL) err(EX_UNAVAILABLE, "au_to_subject32_ex"); write_record(directory, record_filename, subject32ex_token, AUE_NULL); free(buf); } static au_id_t process32_auid = 0x12345678; static uid_t process32_euid = 0x01234567; static gid_t process32_egid = 0x23456789; static uid_t process32_ruid = 0x98765432; static gid_t process32_rgid = 0x09876543; static pid_t process32_pid = 0x13243546; static au_asid_t process32_sid = 0x97867564; static au_tid_t process32_tid = { 0x16593746 }; static au_tid_addr_t process32_tid_addr = { 0x16593746 }; static void generate_process32_token(const char *directory, const char *token_filename) { token_t *process32_token; process32_tid.machine = inet_addr("127.0.0.1"); process32_token = au_to_process32(process32_auid, process32_euid, process32_egid, process32_ruid, process32_rgid, process32_pid, process32_sid, &process32_tid); if (process32_token == NULL) err(EX_UNAVAILABLE, "au_to_process32"); write_token(directory, token_filename, process32_token); } static void generate_process32_record(const char *directory, const char *record_filename) { token_t *process32_token; process32_tid.machine = inet_addr("127.0.0.1"); process32_token = au_to_process32(process32_auid, process32_euid, process32_egid, process32_ruid, process32_rgid, process32_pid, process32_sid, &process32_tid); if (process32_token == NULL) err(EX_UNAVAILABLE, "au_ti_process32"); write_record(directory, record_filename, process32_token, AUE_NULL); } static void generate_process32ex_token(const char *directory, const char *token_filename, u_int32_t type) { token_t *process32ex_token; char *buf; buf = (char *)malloc(strlen(token_filename) + 6); if (type == AU_IPv6) { inet_pton(AF_INET6, "fe80::1", process32_tid_addr.at_addr); process32_tid_addr.at_type = AU_IPv6; sprintf(buf, "%s%s", token_filename, "-IPv6"); } else { process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); process32_tid_addr.at_type = AU_IPv4; sprintf(buf, "%s%s", token_filename, "-IPv4"); } process32ex_token = au_to_process32_ex(process32_auid, process32_euid, process32_egid, process32_ruid, process32_rgid, process32_pid, process32_sid, &process32_tid_addr); if (process32ex_token == NULL) err(EX_UNAVAILABLE, "au_to_process32_ex"); write_token(directory, buf, process32ex_token); free(buf); } static void generate_process32ex_record(const char *directory, const char *record_filename, u_int32_t type) { token_t *process32ex_token; char *buf; buf = (char *)malloc(strlen(record_filename) + 6); if (type == AU_IPv6) { inet_pton(AF_INET6, "fe80::1", process32_tid_addr.at_addr); process32_tid_addr.at_type = AU_IPv6; sprintf(buf, "%s%s", record_filename, "-IPv6"); } else { process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); process32_tid_addr.at_type = AU_IPv4; sprintf(buf, "%s%s", record_filename, "-IPv4"); } process32ex_token = au_to_process32_ex(process32_auid, process32_euid, process32_egid, process32_ruid, process32_rgid, process32_pid, process32_sid, &process32_tid_addr); if (process32ex_token == NULL) err(EX_UNAVAILABLE, "au_to_process32_ex"); write_record(directory, buf, process32ex_token, AUE_NULL); free(buf); } static au_id_t process64_auid = 0x12345678; static uid_t process64_euid = 0x01234567; static gid_t process64_egid = 0x23456789; static uid_t process64_ruid = 0x98765432; static gid_t process64_rgid = 0x09876543; static pid_t process64_pid = 0x13243546; static au_asid_t process64_sid = 0x97867564; static au_tid_t process64_tid = { 0x16593746 }; static au_tid_addr_t process64_tid_addr = { 0x16593746 }; static void generate_process64_token(const char *directory, const char *token_filename) { token_t *process64_token; process64_tid.machine = inet_addr("127.0.0.1"); process64_token = au_to_process64(process64_auid, process64_euid, process64_egid, process64_ruid, process64_rgid, process64_pid, process64_sid, &process64_tid); if (process64_token == NULL) err(EX_UNAVAILABLE, "au_to_process64"); write_token(directory, token_filename, process64_token); } static void generate_process64_record(const char *directory, const char *record_filename) { token_t *process64_token; process64_tid.machine = inet_addr("127.0.0.1"); process64_token = au_to_process64(process64_auid, process64_euid, process64_egid, process64_ruid, process64_rgid, process64_pid, process64_sid, &process64_tid); if (process64_token == NULL) err(EX_UNAVAILABLE, "au_ti_process64"); write_record(directory, record_filename, process64_token, AUE_NULL); } static void generate_process64ex_token(const char *directory, const char *token_filename, u_int32_t type) { token_t *process64ex_token; char *buf; buf = (char *)malloc(strlen(token_filename) + 6); if (type == AU_IPv6) { inet_pton(AF_INET6, "fe80::1", process64_tid_addr.at_addr); process64_tid_addr.at_type = AU_IPv6; sprintf(buf, "%s%s", token_filename, "-IPv6"); } else { process64_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); process64_tid_addr.at_type = AU_IPv4; sprintf(buf, "%s%s", token_filename, "-IPv4"); } process64ex_token = au_to_process64_ex(process64_auid, process64_euid, process64_egid, process64_ruid, process64_rgid, process64_pid, process64_sid, &process64_tid_addr); if (process64ex_token == NULL) err(EX_UNAVAILABLE, "au_to_process64_ex"); write_token(directory, buf, process64ex_token); free(buf); } static void generate_process64ex_record(const char *directory, const char *record_filename, u_int32_t type) { token_t *process64ex_token; char *buf; buf = (char *)malloc(strlen(record_filename) + 6); if (type == AU_IPv6) { inet_pton(AF_INET6, "fe80::1", process64_tid_addr.at_addr); process64_tid_addr.at_type = AU_IPv6; sprintf(buf, "%s%s", record_filename, "-IPv6"); } else { process64_tid_addr.at_addr[0] = inet_addr("127.0.0.1"); process64_tid_addr.at_type = AU_IPv4; sprintf(buf, "%s%s", record_filename, "-IPv4"); } process64ex_token = au_to_process64_ex(process64_auid, process64_euid, process64_egid, process64_ruid, process64_rgid, process64_pid, process64_sid, &process64_tid_addr); if (process64ex_token == NULL) err(EX_UNAVAILABLE, "au_to_process64_ex"); write_record(directory, buf, process64ex_token, AUE_NULL); free(buf); } static char return32_status = EINVAL; static uint32_t return32_ret = 0x12345678; static void generate_return32_token(const char *directory, const char *token_filename) { token_t *return32_token; return32_token = au_to_return32(au_errno_to_bsm(return32_status), return32_ret); if (return32_token == NULL) err(EX_UNAVAILABLE, "au_to_return32"); write_token(directory, token_filename, return32_token); } static void generate_return32_record(const char *directory, const char *record_filename) { token_t *return32_token; return32_token = au_to_return32(au_errno_to_bsm(return32_status), return32_ret); if (return32_token == NULL) err(EX_UNAVAILABLE, "au_to_return32"); write_record(directory, record_filename, return32_token, AUE_NULL); } static char *text_token_text = "This is a test."; static void generate_text_token(const char *directory, const char *token_filename) { token_t *text_token; text_token = au_to_text(text_token_text); if (text_token == NULL) err(EX_UNAVAILABLE, "au_to_text"); write_token(directory, token_filename, text_token); } static void generate_text_record(const char *directory, const char *record_filename) { token_t *text_token; text_token = au_to_text(text_token_text); if (text_token == NULL) err(EX_UNAVAILABLE, "au_to_text"); write_record(directory, record_filename, text_token, AUE_NULL); } static char opaque_token_data[] = {0xaa, 0xbb, 0xcc, 0xdd}; static int opaque_token_bytes = sizeof(opaque_token_data); static void generate_opaque_token(const char *directory, const char *token_filename) { token_t *opaque_token; opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes); if (opaque_token == NULL) err(EX_UNAVAILABLE, "au_to_opaque"); write_token(directory, token_filename, opaque_token); } static void generate_opaque_record(const char *directory, const char *record_filename) { token_t *opaque_token; opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes); if (opaque_token == NULL) err(EX_UNAVAILABLE, "au_to_opaque"); write_record(directory, record_filename, opaque_token, AUE_NULL); } static struct in_addr in_addr_token_addr; static void generate_in_addr_token(const char *directory, const char *token_filename) { token_t *in_addr_token; in_addr_token_addr.s_addr = inet_addr("192.168.100.15"); in_addr_token = au_to_in_addr(&in_addr_token_addr); if (in_addr_token == NULL) err(EX_UNAVAILABLE, "au_to_in_addr"); write_token(directory, token_filename, in_addr_token); } static void generate_in_addr_record(const char *directory, const char *record_filename) { token_t *in_addr_token; in_addr_token_addr.s_addr = inet_addr("192.168.100.15"); in_addr_token = au_to_in_addr(&in_addr_token_addr); if (in_addr_token == NULL) err(EX_UNAVAILABLE, "au_to_in_addr"); write_record(directory, record_filename, in_addr_token, AUE_NULL); } static struct ip ip_token_ip; static u_char ip_token_ip_v = 4; static uint16_t ip_token_ip_id = 0x5478; static u_char ip_token_ip_ttl = 64; static u_char ip_token_ip_p = IPPROTO_ICMP; static struct in_addr ip_token_ip_src; static struct in_addr ip_token_ip_dst; static void generate_ip_token(const char *directory, const char *token_filename) { token_t *ip_token; ip_token_ip_src.s_addr = inet_addr("192.168.100.155"); ip_token_ip_dst.s_addr = inet_addr("192.168.110.48"); memset(&ip_token_ip, 0, sizeof(ip_token_ip)); ip_token_ip.ip_v = ip_token_ip_v; ip_token_ip.ip_len = htons(sizeof(ip_token_ip)); ip_token_ip.ip_id = htons(ip_token_ip_id); ip_token_ip.ip_ttl = ip_token_ip_ttl; ip_token_ip.ip_p = ip_token_ip_p; ip_token_ip.ip_src = ip_token_ip_src; ip_token_ip.ip_dst = ip_token_ip_dst; ip_token = au_to_ip(&ip_token_ip); if (ip_token == NULL) err(EX_UNAVAILABLE, "au_to_ip"); write_token(directory, token_filename, ip_token); } static void generate_ip_record(const char *directory, const char *record_filename) { token_t *ip_token; ip_token_ip_src.s_addr = inet_addr("192.168.100.155"); ip_token_ip_dst.s_addr = inet_addr("192.168.110.48"); memset(&ip_token_ip, 0, sizeof(ip_token_ip)); ip_token_ip.ip_v = ip_token_ip_v; ip_token_ip.ip_len = htons(sizeof(ip_token_ip)); ip_token_ip.ip_id = htons(ip_token_ip_id); ip_token_ip.ip_ttl = ip_token_ip_ttl; ip_token_ip.ip_p = ip_token_ip_p; ip_token_ip.ip_src = ip_token_ip_src; ip_token_ip.ip_dst = ip_token_ip_dst; ip_token = au_to_ip(&ip_token_ip); if (ip_token == NULL) err(EX_UNAVAILABLE, "au_to_ip"); write_record(directory, record_filename, ip_token, AUE_NULL); } static u_int16_t iport_token_iport; static void generate_iport_token(const char *directory, const char *token_filename) { token_t *iport_token; iport_token_iport = htons(80); iport_token = au_to_iport(iport_token_iport); if (iport_token == NULL) err(EX_UNAVAILABLE, "au_to_iport"); write_token(directory, token_filename, iport_token); } static void generate_iport_record(const char *directory, const char *record_filename) { token_t *iport_token; iport_token_iport = htons(80); iport_token = au_to_iport(iport_token_iport); if (iport_token == NULL) err(EX_UNAVAILABLE, "au_to_iport"); write_record(directory, record_filename, iport_token, AUE_NULL); } static char arg32_token_n = 3; static char *arg32_token_text = "test_arg32_token"; static uint32_t arg32_token_v = 0xabcdef00; static void generate_arg32_token(const char *directory, const char *token_filename) { token_t *arg32_token; arg32_token = au_to_arg32(arg32_token_n, arg32_token_text, arg32_token_v); if (arg32_token == NULL) err(EX_UNAVAILABLE, "au_to_arg32"); write_token(directory, token_filename, arg32_token); } static void generate_arg32_record(const char *directory, const char *record_filename) { token_t *arg32_token; arg32_token = au_to_arg32(arg32_token_n, arg32_token_text, arg32_token_v); if (arg32_token == NULL) err(EX_UNAVAILABLE, "au_to_arg32"); write_record(directory, record_filename, arg32_token, AUE_NULL); } static long seq_audit_count = 0x12345678; static void generate_seq_token(const char *directory, const char *token_filename) { token_t *seq_token; seq_token = au_to_seq(seq_audit_count); if (seq_token == NULL) err(EX_UNAVAILABLE, "au_to_seq"); write_token(directory, token_filename, seq_token); } static void generate_seq_record(const char *directory, const char *record_filename) { token_t *seq_token; seq_token = au_to_seq(seq_audit_count); if (seq_token == NULL) err(EX_UNAVAILABLE, "au_to_seq"); write_record(directory, record_filename, seq_token, AUE_NULL); } #if 0 /* * AUT_ACL */ static void generate_attr_token(const char *directory, const char *token_filename) { token_t *attr_token; } static void generate_attr_record(const char *directory, const char *record_filename) { token_t *attr_token; } static void generate_ipc_perm_token(const char *directory, const char *token_filename) { token_t *ipc_perm_token; } static void generate_ipc_perm_record(const char *directory, const char *record_filename) { token_t *ipc_perm_token; } #endif #if 0 /* * AUT_LABEL */ static void generate_groups_token(const char *directory, const char *token_filename) { token_t *groups_token; } static void generate_groups_record(const char *directory, const char *record_filename) { token_t *groups_token; } #endif /* * AUT_ILABEL */ /* * AUT_SLABEL */ /* * AUT_CLEAR */ /* * AUT_PRIV */ /* * AUT_UPRIV */ /* * AUT_LIAISON */ /* * AUT_NEWGROUPS */ /* * AUT_EXEC_ARGS */ /* * AUT_EXEC_ENV */ #if 0 static void generate_attr32_token(const char *directory, const char *token_filename) { token_t *attr32_token; } static void generate_attr32_record(const char *directory, const char *record_filename) { token_t *attr32_token; } #endif static char *zonename_sample = "testzone"; static void generate_zonename_token(const char *directory, const char *token_filename) { token_t *zonename_token; zonename_token = au_to_zonename(zonename_sample); if (zonename_token == NULL) err(EX_UNAVAILABLE, "au_to_zonename"); write_token(directory, token_filename, zonename_token); } static void generate_zonename_record(const char *directory, const char *record_filename) { token_t *zonename_token; zonename_token = au_to_zonename(zonename_sample); if (zonename_token == NULL) err(EX_UNAVAILABLE, "au_to_zonename"); write_record(directory, record_filename, zonename_token, AUE_NULL); } static u_short socketex_domain = PF_INET; static u_short socketex_type = SOCK_STREAM; static struct sockaddr_in socketex_laddr, socketex_raddr; static void generate_socketex_token(const char *directory, const char *token_filename) { token_t *socketex_token; bzero(&socketex_laddr, sizeof(socketex_laddr)); socketex_laddr.sin_family = AF_INET; socketex_laddr.sin_len = sizeof(socketex_laddr); socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); bzero(&socketex_raddr, sizeof(socketex_raddr)); socketex_raddr.sin_family = AF_INET; socketex_raddr.sin_len = sizeof(socketex_raddr); socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); socketex_token = au_to_socket_ex(au_domain_to_bsm(socketex_domain), au_socket_type_to_bsm(socketex_type), (struct sockaddr *)&socketex_laddr, (struct sockaddr *)&socketex_raddr); if (socketex_token == NULL) err(EX_UNAVAILABLE, "au_to_socket_ex"); write_token(directory, token_filename, socketex_token); } static void generate_socketex_record(const char *directory, const char *record_filename) { token_t *socketex_token; bzero(&socketex_laddr, sizeof(socketex_laddr)); socketex_laddr.sin_family = AF_INET; socketex_laddr.sin_len = sizeof(socketex_laddr); socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); bzero(&socketex_raddr, sizeof(socketex_raddr)); socketex_raddr.sin_family = AF_INET; socketex_raddr.sin_len = sizeof(socketex_raddr); socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); socketex_token = au_to_socket_ex(au_domain_to_bsm(socketex_domain), au_socket_type_to_bsm(socketex_type), (struct sockaddr *)&socketex_laddr, (struct sockaddr *)&socketex_raddr); if (socketex_token == NULL) err(EX_UNAVAILABLE, "au_to_socket_ex"); write_record(directory, record_filename, socketex_token, AUE_NULL); } /* * Generate a series of error-number specific return tokens in records. */ static void generate_error_record(const char *directory, const char *filename, int error) { char pathname[PATH_MAX]; token_t *return32_token; return32_token = au_to_return32(au_errno_to_bsm(error), -1); if (return32_token == NULL) err(EX_UNAVAILABLE, "au_to_return32"); (void)snprintf(pathname, PATH_MAX, "%s_record", filename); write_record(directory, pathname, return32_token, AUE_NULL); } /* * Not all the error numbers, just a few present on all platforms for now. */ const struct { int error_number; const char *error_name; } error_list[] = { { EPERM, "EPERM" }, { ENOENT, "ENOENT" }, { ESRCH, "ESRCH" }, { EINTR, "EINTR" }, { EIO, "EIO" }, { ENXIO, "ENXIO" }, { E2BIG, "E2BIG" }, { ENOEXEC, "ENOEXEC" }, { EBADF, "EBADF" }, { ECHILD, "ECHILD" }, { EDEADLK, "EDEADLK" }, { ENOMEM, "ENOMEM" }, { EACCES, "EACCES" }, { EFAULT, "EFAULT" }, { ENOTBLK, "ENOTBLK" }, { EBUSY, "EBUSY" }, { EEXIST, "EEXIST" }, { EXDEV, "EXDEV" }, { ENODEV, "ENODEV" }, { ENOTDIR, "ENOTDIR" }, { EISDIR, "EISDIR" }, { EINVAL, "EINVAL" }, { ENFILE, "ENFILE" }, { EMFILE, "EMFILE" }, { ENOTTY, "ENOTTY" }, { ETXTBSY, "ETXTBSY" }, { EFBIG, "EFBIG" }, { ENOSPC, "ENOSPC" }, { ESPIPE, "ESPIPE" }, { EROFS, "EROFS" }, { EMLINK, "EMLINK" }, { EPIPE, "EPIPE" } }; const int error_list_count = sizeof(error_list)/sizeof(error_list[0]); static void do_error_records(const char *directory) { int i; for (i = 0; i < error_list_count; i++) generate_error_record(directory, error_list[i].error_name, error_list[i].error_number); } int main(int argc, char *argv[]) { const char *directory; int ch; while ((ch = getopt(argc, argv, "rt")) != -1) { switch (ch) { case 'r': do_records++; break; case 't': do_tokens++; break; default: usage(); } } argc -= optind; argv += optind; if (argc != 1) usage(); directory = argv[0]; if (mkdir(directory, 0755) < 0 && errno != EEXIST) err(EX_OSERR, "mkdir: %s", directory); if (do_tokens) { generate_file_token(directory, "file_token"); generate_trailer_token(directory, "trailer_token"); generate_header32_token(directory, "header32_token"); generate_data_token(directory, "data_token"); generate_ipc_token(directory, "ipc_token"); generate_path_token(directory, "path_token"); generate_subject32_token(directory, "subject32_token"); generate_subject32ex_token(directory, "subject32ex_token", AU_IPv4); generate_subject32ex_token(directory, "subject32ex_token", AU_IPv6); generate_process32_token(directory, "process32_token"); generate_process32ex_token(directory, "process32ex_token", AU_IPv4); generate_process32ex_token(directory, "process32ex_token", AU_IPv6); generate_process64_token(directory, "process64_token"); generate_process64ex_token(directory, "process64ex_token", AU_IPv4); generate_process64ex_token(directory, "process64ex_token", AU_IPv6); generate_return32_token(directory, "return32_token"); generate_text_token(directory, "text_token"); generate_opaque_token(directory, "opaque_token"); generate_in_addr_token(directory, "in_addr_token"); generate_ip_token(directory, "ip_token"); generate_iport_token(directory, "iport_token"); generate_arg32_token(directory, "arg32_token"); generate_seq_token(directory, "seq_token"); #if 0 generate_attr_token(directory, "attr_token"); generate_ipc_perm_token(directory, "ipc_perm_token"); generate_groups_token(directory, "groups_token"); generate_attr32_token(directory, "attr32_token"); #endif generate_zonename_token(directory, "zonename_token"); generate_socketex_token(directory, "socketex_token"); } if (do_records) { generate_file_record(directory, "file_record"); generate_data_record(directory, "data_record"); generate_ipc_record(directory, "ipc_record"); generate_path_record(directory, "path_record"); generate_subject32_record(directory, "subject32_record"); generate_subject32ex_record(directory, "subject32ex_record", AU_IPv4); generate_subject32ex_record(directory, "subject32ex_record", AU_IPv6); generate_process32_record(directory, "process32_record"); generate_process32ex_record(directory, "process32ex_record", AU_IPv4); generate_process32ex_record(directory, "process32ex_record", AU_IPv6); generate_process64_record(directory, "process64_record"); generate_process64ex_record(directory, "process64ex_record", AU_IPv4); generate_process64ex_record(directory, "process64ex_record", AU_IPv6); generate_return32_record(directory, "return32_record"); generate_text_record(directory, "text_record"); generate_opaque_record(directory, "opaque_record"); generate_in_addr_record(directory, "in_addr_record"); generate_ip_record(directory, "ip_record"); generate_iport_record(directory, "iport_record"); generate_arg32_record(directory, "arg32_record"); generate_seq_record(directory, "seq_record"); #if 0 generate_attr_record(directory, "attr_record"); generate_ipc_perm_record(directory, "ipc_perm_record"); generate_groups_record(directory, "groups_record"); generate_attr32_record(directory, "attr32_record"); #endif generate_zonename_record(directory, "zonename_record"); generate_socketex_record(directory, "socketex_record"); do_error_records(directory); } return (0); } Index: head/contrib/openbsm/tools/Makefile.am =================================================================== --- head/contrib/openbsm/tools/Makefile.am (revision 292431) +++ head/contrib/openbsm/tools/Makefile.am (revision 292432) @@ -1,13 +1,9 @@ -## -## $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.am#5 $ -## - if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) else INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys endif bin_PROGRAMS = audump audump_SOURCES = audump.c audump_LDADD = $(top_builddir)/libbsm/libbsm.la Index: head/contrib/openbsm/tools/audump.c =================================================================== --- head/contrib/openbsm/tools/audump.c (revision 292431) +++ head/contrib/openbsm/tools/audump.c (revision 292432) @@ -1,272 +1,270 @@ /*- * Copyright (c) 2005-2009 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#9 $ */ #include #include #include #include #include #include /* * Simple tool to dump various /etc/security databases using the defined APIs. */ static void usage(void) { fprintf(stderr, "usage: audump [class|class_r|control|event|event_r|" "user|user_r]\n"); exit(-1); } static void audump_class(void) { au_class_ent_t *cp; while ((cp = getauclassent()) != NULL) printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name, cp->ac_desc); } static void audump_class_r(void) { char class_ent_name[AU_CLASS_NAME_MAX]; char class_ent_desc[AU_CLASS_DESC_MAX]; au_class_ent_t c, *cp; bzero(&c, sizeof(c)); bzero(class_ent_name, sizeof(class_ent_name)); bzero(class_ent_desc, sizeof(class_ent_desc)); c.ac_name = class_ent_name; c.ac_desc = class_ent_desc; while ((cp = getauclassent_r(&c)) != NULL) printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name, cp->ac_desc); } static void audump_control(void) { char string[PATH_MAX], string2[PATH_MAX]; int ret, val; long policy; time_t age; size_t size; ret = getacflg(string, PATH_MAX); if (ret == -2) err(-1, "getacflg"); if (ret != 0) errx(-1, "getacflg: %d", ret); printf("flags:%s\n", string); ret = getacmin(&val); if (ret == -2) err(-1, "getacmin"); if (ret != 0) errx(-1, "getacmin: %d", ret); printf("min:%d\n", val); ret = getacna(string, PATH_MAX); if (ret == -2) err(-1, "getacna"); if (ret != 0) errx(-1, "getacna: %d", ret); printf("naflags:%s\n", string); setac(); do { ret = getacdir(string, PATH_MAX); if (ret == -1) break; if (ret == -2) err(-1, "getacdir"); if (ret != 0) errx(-1, "getacdir: %d", ret); printf("dir:%s\n", string); } while (ret == 0); ret = getacpol(string, PATH_MAX); if (ret != 0) err(-1, "getacpol"); if (au_strtopol(string, &policy) < 0) err(-1, "au_strtopol"); if (au_poltostr(policy, PATH_MAX, string2) < 0) err(-1, "au_poltostr"); printf("policy:%s\n", string2); ret = getacfilesz(&size); if (ret == -2) err(-1, "getacfilesz"); if (ret != 0) err(-1, "getacfilesz: %d", ret); printf("filesz:%ldB\n", size); ret = getachost(string, PATH_MAX); if (ret == -2) err(-1, "getachost"); if (ret == -3) err(-1, "getachost: %d", ret); if (ret == 0 && ret != 1) printf("host:%s\n", string); ret = getacexpire(&val, &age, &size); if (ret == -2) err(-1, "getacexpire"); if (ret == -1) err(-1, "getacexpire: %d", ret); if (ret == 0 && ret != 1) printf("expire-after:%ldB %s %lds\n", size, val ? "AND" : "OR", age); } static void printf_classmask(au_class_t classmask) { au_class_ent_t *c; u_int32_t i; int first; first = 1; for (i = 0; i < 32; i++) { if (classmask & (1 << i)) { if (first) first = 0; else printf(","); c = getauclassnum(1 << i); if (c != NULL) printf("%s", c->ac_name); else printf("0x%x", 1 << i); } } } static void audump_event(void) { au_event_ent_t *ep; while ((ep = getauevent()) != NULL) { printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc); printf_classmask(ep->ae_class); printf("\n"); } } static void audump_event_r(void) { char event_ent_name[AU_EVENT_NAME_MAX]; char event_ent_desc[AU_EVENT_DESC_MAX]; au_event_ent_t e, *ep; bzero(&e, sizeof(e)); bzero(event_ent_name, sizeof(event_ent_name)); bzero(event_ent_desc, sizeof(event_ent_desc)); e.ae_name = event_ent_name; e.ae_desc = event_ent_desc; while ((ep = getauevent_r(&e)) != NULL) { printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc); printf_classmask(ep->ae_class); printf("\n"); } } static void audump_user(void) { au_user_ent_t *up; while ((up = getauuserent()) != NULL) { printf("%s:", up->au_name); // printf_classmask(up->au_always); printf(":"); // printf_classmask(up->au_never); printf("\n"); } } static void audump_user_r(void) { char user_ent_name[AU_USER_NAME_MAX]; au_user_ent_t u, *up; bzero(&u, sizeof(u)); bzero(user_ent_name, sizeof(user_ent_name)); u.au_name = user_ent_name; while ((up = getauuserent_r(&u)) != NULL) { printf("%s:", up->au_name); // printf_classmask(up->au_always); printf(":"); // printf_classmask(up->au_never); printf("\n"); } } int main(int argc, char *argv[]) { if (argc != 2) usage(); if (strcmp(argv[1], "class") == 0) audump_class(); else if (strcmp(argv[1], "class_r") == 0) audump_class_r(); else if (strcmp(argv[1], "control") == 0) audump_control(); else if (strcmp(argv[1], "event") == 0) audump_event(); else if (strcmp(argv[1], "event_r") == 0) audump_event_r(); else if (strcmp(argv[1], "user") == 0) audump_user(); else if (strcmp(argv[1], "user_r") == 0) audump_user_r(); else usage(); return (0); } Index: head/contrib/openbsm =================================================================== --- head/contrib/openbsm (revision 292431) +++ head/contrib/openbsm (revision 292432) Property changes on: head/contrib/openbsm ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /vendor/openbsm/dist:r292016