Merge OpenBSM alpha 5 from OpenBSM vendor branch to head, both

contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). Hook up bsm_domain.c and bsm_socket_type.c to the libbsm build along with man pages, add audit_bsm_domain.c and audit_bsm_socket_type.c to the kernel environment. OpenBSM history for imported revisions below for reference. MFC after: 1 month Sponsored by: Apple Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 alpha 5 - Stub libauditd(3) man page added. - All BSM error number constants with BSM_ERRNO_. - Interfaces to convert between local and BSM socket types and protocol families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3), au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions of constants in audit_domain.h and audit_socket_type.h. This improves interoperability by converting local constant spaces, which vary by OS, to and from Solaris constants (where available) or OpenBSM constants for protocol domains not present in Solaris (a fair number). These routines should be used when generating and interpreting extended socket tokens. - Fix build warnings with full gcc warnings enabled on most supported platforms. - Don't compile error strings into bsm_errno.c when building it in the kernel environment. - When started by launchd, use the label com.apple.auditd rather than org.trustedbsd.auditd.
saurindashadia · Jan 14, 2009 · decd722 · decd722
2 parents f2dfb73 + 77fa2b3
commit decd722
Show file tree

Hide file tree

Showing 106 changed files with 2,881 additions and 904 deletions.
diff --git a/contrib/openbsm/INSTALL b/contrib/openbsm/INSTALL
@@ -9,6 +9,12 @@ support are built conditionally.  Typically, build will be performed using:
     ./configure
     make
 
+If doing development work on OpenBSM with gcc, the following invocation of
+configure may be preferred in order to generate full compiler warnings and
+force the compile to fail if a warning is found:
+
+    CFLAGS="-Wall -Werror" ./configure
+
 To install, use:
 
     make install

diff --git a/contrib/openbsm/NEWS b/contrib/openbsm/NEWS
@@ -1,5 +1,24 @@
 OpenBSM Version History
 
+OpenBSM 1.1 alpha 5
+
+- Stub libauditd(3) man page added.
+- All BSM error number constants with BSM_ERRNO_.
+- Interfaces to convert between local and BSM socket types and protocol
+  families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3),
+  au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions
+  of constants in audit_domain.h and audit_socket_type.h.  This improves
+  interoperability by converting local constant spaces, which vary by OS, to
+  and from Solaris constants (where available) or OpenBSM constants for
+  protocol domains not present in Solaris (a fair number).  These routines
+  should be used when generating and interpreting extended socket tokens.
+- Fix build warnings with full gcc warnings enabled on most supported
+  platforms.
+- Don't compile error strings into bsm_errno.c when building it in the kernel
+  environment.
+- When started by launchd, use the label com.apple.auditd rather than
+  org.trustedbsd.auditd.
+
 OpenBSM 1.1 alpha 4
 
 - With the addition of BSM error number mapping, we also need to map the
@@ -393,4 +412,4 @@ OpenBSM 1.0 alpha 1
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/NEWS#21 $
+$P4: //depot/projects/trustedbsd/openbsm/NEWS#27 $
diff --git a/contrib/openbsm/VERSION b/contrib/openbsm/VERSION
@@ -1 +1 @@
-OPENBSM_1_1_ALPHA_4
+OPENBSM_1_1_ALPHA_5
diff --git a/contrib/openbsm/bin/auditd/auditd.8 b/contrib/openbsm/bin/auditd/auditd.8
@@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#16 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#17 $
 .\"
 .Dd December 11, 2008
 .Dt AUDITD 8
@@ -115,6 +115,7 @@ and are no longer available as arguments to
 .Nm .
 .Sh SEE ALSO
 .Xr asl 3 ,
+.Xr libauditd 3 ,
 .Xr audit 4 ,
 .Xr audit_class 5 ,
 .Xr audit_control 5 ,

diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#40 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#41 $
  */
 
 #include <sys/types.h>
@@ -252,7 +252,7 @@ do_trail_file(void)
 	 */
 	err = auditd_read_dirs(audit_warn_soft, audit_warn_hard);
 	if (err) {
-		auditd_log_err("auditd_read_dirs() %s: %m",
+		auditd_log_err("auditd_read_dirs(): %s",
 		    auditd_strerror(err));
 		if (err == ADE_HARDLIM)
 			audit_warn_allhard();

diff --git a/contrib/openbsm/bin/auditd/auditd_darwin.c b/contrib/openbsm/bin/auditd/auditd_darwin.c
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#2 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_darwin.c#3 $
  */
 
 #include <sys/types.h>
@@ -83,7 +83,7 @@ static int		max_idletime = 0;
 #endif /* __BSM_INTERNAL_NOTIFY_KEY */
 
 #ifndef	__AUDIT_LAUNCHD_LABEL
-#define	__AUDIT_LAUNCHD_LABEL		"org.trustedbsd.auditd"
+#define	__AUDIT_LAUNCHD_LABEL		"com.apple.auditd"
 #endif /* __AUDIT_LAUNCHD_LABEL */
 
 #define	MAX_MSG_SIZE	4096
@@ -100,7 +100,7 @@ auditd_openlog(int debug, gid_t gid)
 	if (debug)
 		opt = ASL_OPT_STDERR;
 
-	au_aslclient = asl_open("auditd", "org.trustedbsd.auditd", opt);
+	au_aslclient = asl_open("auditd", "com.apple.auditd", opt);
 	au_aslmsg = asl_new(ASL_TYPE_MSG); 
 
 #ifdef ASL_KEY_READ_UID

diff --git a/contrib/openbsm/bin/auditd/auditd_fbsd.c b/contrib/openbsm/bin/auditd/auditd_fbsd.c
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#1 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd_fbsd.c#2 $
  */
 
 #include <sys/types.h>
@@ -35,9 +35,11 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <stdarg.h>
 #include <signal.h>
+#include <string.h>
 #include <syslog.h>
-#include <stdarg.h>
+#include <unistd.h>
 
 #include <bsm/audit.h>
 #include <bsm/audit_uevents.h>

diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.c b/contrib/openbsm/bin/auditreduce/auditreduce.c
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#29 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#31 $
  */
 
 /* 
@@ -41,6 +41,9 @@
  */ 
 
 #include <config/config.h>
+
+#define	_GNU_SOURCE		/* Required for strptime() on glibc2. */
+
 #ifdef HAVE_FULL_QUEUE_H
 #include <sys/queue.h>
 #else

diff --git a/contrib/openbsm/bsm/auditd_lib.h b/contrib/openbsm/bsm/auditd_lib.h
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#2 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#3 $
  */
 
 #ifndef _BSM_AUDITD_LIB_H_
@@ -57,7 +57,7 @@
  * Path of auditd plist file for launchd.
  */ 
 #define	AUDITD_PLIST_FILE 	\
-	    "/System/Library/LaunchDaemons/org.trustedbsd.auditd.plist"
+	    "/System/Library/LaunchDaemons/com.apple.auditd.plist"
 
 /*
  * Error return codes for auditd_lib functions.

diff --git a/contrib/openbsm/bsm/libbsm.h b/contrib/openbsm/bsm/libbsm.h
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#40 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#41 $
  */
 
 #ifndef _LIBBSM_H_
@@ -821,14 +821,22 @@ void			 au_print_tok_xml(FILE *outfp, tokenstr_t *tok,
  */
 void			 au_print_xml_header(FILE *outfp);
 void			 au_print_xml_footer(FILE *outfp);
-__END_DECLS
 
 /*
- * Functions relating to BSM<->errno conversion.
+ * BSM library routines for converting between local and BSM constant spaces.
+ * (Note: some of these are replicated in audit_record.h for the benefit of
+ * the FreeBSD and Mac OS X kernels)
  */
-int			 au_bsm_to_errno(u_char bsm_error, int *errorp);
-u_char			 au_errno_to_bsm(int error);
-const char		*au_strerror(u_char bsm_error);
+int	 au_bsm_to_domain(u_short bsm_domain, int *local_domainp);
+int	 au_bsm_to_errno(u_char bsm_error, int *errorp);
+int	 au_bsm_to_socket_type(u_short bsm_socket_type,
+	    int *local_socket_typep);
+u_short	 au_domain_to_bsm(int local_domain);
+u_char	 au_errno_to_bsm(int local_errno);
+u_short	 au_socket_type_to_bsm(int local_socket_type);
+
+const char	 *au_strerror(u_char bsm_error);
+__END_DECLS
 
 /*
  * The remaining APIs are associated with Apple's BSM implementation, in

diff --git a/contrib/openbsm/configure b/contrib/openbsm/configure
@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#47 .
+# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#49 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for OpenBSM 1.1alpha4.
+# Generated by GNU Autoconf 2.61 for OpenBSM 1.1alpha5.
 #
 # Report bugs to <[email protected]>.
 #
@@ -729,8 +729,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 # Identity of this package.
 PACKAGE_NAME='OpenBSM'
 PACKAGE_TARNAME='openbsm'
-PACKAGE_VERSION='1.1alpha4'
-PACKAGE_STRING='OpenBSM 1.1alpha4'
+PACKAGE_VERSION='1.1alpha5'
+PACKAGE_STRING='OpenBSM 1.1alpha5'
 PACKAGE_BUGREPORT='[email protected]'
 
 ac_unique_file="bin/auditreduce/auditreduce.c"
@@ -1404,7 +1404,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures OpenBSM 1.1alpha4 to adapt to many kinds of systems.
+\`configure' configures OpenBSM 1.1alpha5 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1474,7 +1474,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of OpenBSM 1.1alpha4:";;
+     short | recursive ) echo "Configuration of OpenBSM 1.1alpha5:";;
    esac
   cat <<\_ACEOF
 
@@ -1580,7 +1580,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-OpenBSM configure 1.1alpha4
+OpenBSM configure 1.1alpha5
 generated by GNU Autoconf 2.61
 
 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1594,7 +1594,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by OpenBSM $as_me 1.1alpha4, which was
+It was created by OpenBSM $as_me 1.1alpha5, which was
 generated by GNU Autoconf 2.61.  Invocation command line was
 
   $ $0 $@
@@ -19076,7 +19076,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE=OpenBSM
- VERSION=1.1alpha4
+ VERSION=1.1alpha5
 
 
 cat >>confdefs.h <<_ACEOF
@@ -23584,7 +23584,7 @@ exec 6>&1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by OpenBSM $as_me 1.1alpha4, which was
+This file was extended by OpenBSM $as_me 1.1alpha5, which was
 generated by GNU Autoconf 2.61.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -23637,7 +23637,7 @@ Report bugs to <[email protected]>."
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-OpenBSM config.status 1.1alpha4
+OpenBSM config.status 1.1alpha5
 configured by $0, generated by GNU Autoconf 2.61,
   with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
 

diff --git a/contrib/openbsm/configure.ac b/contrib/openbsm/configure.ac
@@ -2,8 +2,8 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.59)
-AC_INIT([OpenBSM], [1.1alpha4], [[email protected]],[openbsm])
-AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#48 $])
+AC_INIT([OpenBSM], [1.1alpha5], [[email protected]],[openbsm])
+AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#49 $])
 AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_HEADER([config/config.h])

diff --git a/contrib/openbsm/libauditd/Makefile.am b/contrib/openbsm/libauditd/Makefile.am
@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/libauditd/Makefile.am#1 $
+# $P4: //depot/projects/trustedbsd/openbsm/libauditd/Makefile.am#2 $
 #
 
 if USE_NATIVE_INCLUDES
@@ -13,5 +13,5 @@ lib_LTLIBRARIES = libauditd.la
 libauditd_la_SOURCES =	\
 	auditd_lib.c
 
-#man3_MANS =		\
-#	libauditd.3
+man3_MANS =		\
+	libauditd.3