Merge OpenBSM 1.0 alpha 6 changes for BSM token creation to

src/sys/security/audit: - Clarify and clean up AUR_ types to match Solaris. - Clean up use of host vs. network byte order for IP addresses. - Remove combined user/kernel implementations of some token creation calls, such as au_to_file(), header calls, etc. Obtained from: TrustedBSD Project
2026-04-22 14:49:36 -04:00 · 2006-06-05 13:13:02 +00:00 · 2006-06-05 13:13:02 +00:00 · 4b6d6bcffd
commit 4b6d6bcffd
parent d3778141bf
2 changed files with 35 additions and 69 deletions
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@ -122,7 +122,7 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event)
 		/* Create the header token */
 		tm.tv_usec = ctime->tv_nsec / 1000;
 		tm.tv_sec = ctime->tv_sec;
-		hdr = au_to_header32(tot_rec_size, event, 0, tm);
+		hdr = au_to_header32_tm(tot_rec_size, event, 0, tm);
 		TAILQ_INSERT_HEAD(&rec->token_q, hdr, tokens);

 		trail = au_to_trailer(tot_rec_size);
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@ -30,12 +30,13 @@
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
- * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#9 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#15 $
 * $FreeBSD$
 */

 #include <sys/types.h>
 #include <sys/endian.h>
+#include <sys/queue.h>
 #include <sys/socket.h>
 #include <sys/time.h>

@ -208,6 +209,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p)
 	/* Determine the size of the basic unit. */
 	switch (unit_type) {
 	case AUR_BYTE:
+	/* case AUR_CHAR: */
 		datasize = AUR_BYTE_SIZE;
 		break;

@ -215,8 +217,13 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p)
 		datasize = AUR_SHORT_SIZE;
 		break;

-	case AUR_LONG:
-		datasize = AUR_LONG_SIZE;
+	case AUR_INT32:
+	/* case AUR_INT: */
+		datasize = AUR_INT32_SIZE;
+		break;
+
+	case AUR_INT64:
+		datasize = AUR_INT64_SIZE;
 		break;

 	default:
@ -225,7 +232,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p)

 	totdata = datasize * unit_count;

-	GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char));
+	GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata);

 	ADD_U_CHAR(dptr, AUT_DATA);
 	ADD_U_CHAR(dptr, unit_print);
@ -299,10 +306,10 @@ au_to_in_addr(struct in_addr *internet_addr)
 	token_t *t;
 	u_char *dptr = NULL;

-	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t));
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t));

 	ADD_U_CHAR(dptr, AUT_IN_ADDR);
-	ADD_U_INT32(dptr, internet_addr->s_addr);
+	ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t));

 	return (t);
 }
@ -319,11 +326,11 @@ au_to_in_addr_ex(struct in6_addr *internet_addr)
 	u_char *dptr = NULL;
 	u_int32_t type = AF_INET6;

-	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int32_t));
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t));

 	ADD_U_CHAR(dptr, AUT_IN_ADDR_EX);
 	ADD_U_INT32(dptr, type);
-	ADD_MEM(dptr, internet_addr, sizeof(*internet_addr));
+	ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t));

 	return (t);
 }
@ -463,24 +470,12 @@ au_to_opaque(char *data, u_int16_t bytes)
 * file pathname           N bytes + 1 terminating NULL byte
 */
 token_t *
-#if defined(KERNEL) || defined(_KERNEL)
 au_to_file(char *file, struct timeval tm)
-#else
-au_to_file(char *file)
-#endif
 {
 	token_t *t;
 	u_char *dptr = NULL;
 	u_int16_t filelen;
 	u_int32_t timems;
-#if !defined(KERNEL) && !defined(_KERNEL)
-	struct timeval tm;
-	struct timezone tzp;
-
-	if (gettimeofday(&tm, &tzp) == -1)
-		return (NULL);
-#endif
-	/* XXXRW: else ...? */

 	filelen = strlen(file);
 	filelen += 1;
@ -578,7 +573,7 @@ au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
 	ADD_U_INT32(dptr, pid);
 	ADD_U_INT32(dptr, sid);
 	ADD_U_INT32(dptr, tid->port);
-	ADD_U_INT32(dptr, tid->machine);
+	ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));

 	return (t);
 }
@ -822,19 +817,26 @@ au_to_sock_inet32(struct sockaddr_in *so)
 {
 	token_t *t;
 	u_char *dptr = NULL;
+	uint16_t family;

-	GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) +
-	    sizeof(u_int32_t));
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) +
+	    sizeof(uint32_t));

 	ADD_U_CHAR(dptr, AUT_SOCKINET32);
 	/*
-	 * In Darwin, sin_family is one octet, but BSM defines the token
- 	 * to store two. So we copy in a 0 first.
+	 * BSM defines the family field as 16 bits, but many operating
+	 * systems have an 8-bit sin_family field.  Extend to 16 bits before
+	 * writing into the token.  Assume that both the port and the address
+	 * in the sockaddr_in are already in network byte order, but family
+	 * is in local byte order.
+	 *
+	 * XXXRW: Should a name space conversion be taking place on the value
+	 * of sin_family?
 	 */
-	ADD_U_CHAR(dptr, 0);
-	ADD_U_CHAR(dptr, so->sin_family);
-	ADD_U_INT16(dptr, so->sin_port);
-	ADD_U_INT32(dptr, so->sin_addr.s_addr);
+	family = so->sin_family;
+	ADD_U_INT16(dptr, family);
+	ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t));
+	ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t));

 	return (t);

@ -858,7 +860,7 @@ au_to_sock_inet128(struct sockaddr_in6 *so)
 	ADD_U_CHAR(dptr, so->sin6_family);

 	ADD_U_INT16(dptr, so->sin6_port);
-	ADD_MEM(dptr, &so->sin6_addr, sizeof(so->sin6_addr));
+	ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t));

 	return (t);

@ -902,7 +904,7 @@ au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
 	ADD_U_INT32(dptr, pid);
 	ADD_U_INT32(dptr, sid);
 	ADD_U_INT32(dptr, tid->port);
-	ADD_U_INT32(dptr, tid->machine);
+	ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));

 	return (t);
 }
@ -1088,24 +1090,12 @@ au_to_exec_env(const char **env)
 * milliseconds of time    4 bytes/8 bytes (32-bit/64-bit value)
 */
 token_t *
-#if defined(KERNEL) || defined(_KERNEL)
-au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod,
+au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
    struct timeval tm)
-#else
-au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
-#endif
 {
 	token_t *t;
 	u_char *dptr = NULL;
 	u_int32_t timems;
-#if !defined(KERNEL) && !defined(_KERNEL)
-	struct timeval tm;
-	struct timezone tzp;
-
-	if (gettimeofday(&tm, &tzp) == -1)
-		return (NULL);
-#endif
-	/* XXXRW: else ...? */

 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
 	    sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t));
@ -1124,30 +1114,6 @@ au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
 	return (t);
 }

-token_t *
-au_to_header64(__unused int rec_size, __unused au_event_t e_type,
-    __unused au_emod_t e_mod)
-{
-
-	return (NULL);
-}
-
-token_t *
-#if defined(KERNEL) || defined(_KERNEL)
-au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod,
-	struct timeval tm)
-{
-
-	return (au_to_header32(rec_size, e_type, e_mod, tm));
-}
-#else
-au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod)
-{
-
-	return (au_to_header32(rec_size, e_type, e_mod));
-}
-#endif
-
 /*
 * token ID                1 byte
 * trailer magic number    2 bytes