aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2006-06-05 10:52:12 +0000
committerRobert Watson <rwatson@FreeBSD.org>2006-06-05 10:52:12 +0000
commit506764c6f65f497f91be0d771f4ae9fb3b9131aa (patch)
tree2d2171f90c9151a544718a2e3551008dff00b9ed
parent3b97a967e1e992eaa2010e8a42f23f51760bc8cb (diff)
downloadsrc-506764c6f65f497f91be0d771f4ae9fb3b9131aa.tar.gz
src-506764c6f65f497f91be0d771f4ae9fb3b9131aa.zip
Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 6:
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close(); previously we used hard-coded 0 and 1 values. - Add man page for au_open(), au_write(), au_close(), and au_close_buffer(). - Support a more complete range of data types for the arbitrary data token: add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias to AUR_INT), add AUR_INT64. - Add au_close_token(), which allows writing a single token_t to a memory buffer. Not likely to be used much by applications, but useful for writing test tools. - Modify au_to_file() so that it accepts a timeval in user space, not just kernel -- this is not a Solaris BSM API so can be modified without causing compatibility issues. - Define a new API, au_to_header32_tm(), which adds a struct timeval argument to the ordinary au_to_header32(), which is now implemented by wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL the APIs that invoke gettimeofday(), rather than having a variable definition. Don't try to retrieve time zone information using gettimeofday(), as it's not needed, and introduces possible failure modes. - Don't perform byte order transformations on the addr/machine fields of the terminal ID that appears in the process32/subject32 tokens. These are assumed to be IP addresses, and as such, to be in network byte order. - Universally, APIs now assume that IP addresses and ports are provided in network byte order. APIs now generally provide these types in network byte order when decoding. - Beginnings of an OpenBSM test framework can now be found in openbsm/test. This code is not built or installed by default. - auditd now assigns more appropriate syslog levels to its debugging and error information. - Support for audit filters introduced: audit filters are dynamically loaded shared objects that run in the context of a new daemon, auditfilterd. The daemon reads from an audit pipe and feeds both BSM and parsed versions of records to shared objects using a module API. This will provide a framework for the writing of intrusion detection services. - New utility API, audit_submit(), added to capture common elements of audit record submission for many applications. Obtained from: TrustedBSD Project
Notes
Notes: svn path=/vendor/openbsm/dist/; revision=159248
-rw-r--r--contrib/openbsm/HISTORY43
-rw-r--r--contrib/openbsm/Makefile.am5
-rw-r--r--contrib/openbsm/Makefile.in5
-rw-r--r--contrib/openbsm/README4
-rw-r--r--contrib/openbsm/TODO6
-rw-r--r--contrib/openbsm/VERSION2
-rw-r--r--contrib/openbsm/bin/Makefile.am3
-rw-r--r--contrib/openbsm/bin/Makefile.in6
-rw-r--r--contrib/openbsm/bin/auditd/auditd.c182
-rw-r--r--contrib/openbsm/bin/auditfilterd/Makefile.am10
-rw-r--r--contrib/openbsm/bin/auditfilterd/Makefile.in508
-rw-r--r--contrib/openbsm/bin/auditfilterd/auditfilterd.877
-rw-r--r--contrib/openbsm/bin/auditfilterd/auditfilterd.c341
-rw-r--r--contrib/openbsm/bin/auditfilterd/auditfilterd.h79
-rw-r--r--contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c485
-rw-r--r--contrib/openbsm/bin/auditreduce/auditreduce.c7
-rw-r--r--contrib/openbsm/bsm/Makefile.am3
-rw-r--r--contrib/openbsm/bsm/Makefile.in3
-rw-r--r--contrib/openbsm/bsm/audit.h6
-rw-r--r--contrib/openbsm/bsm/audit_filter.h77
-rw-r--r--contrib/openbsm/bsm/audit_record.h36
-rw-r--r--contrib/openbsm/bsm/libbsm.h5
-rw-r--r--contrib/openbsm/config/config.h.in3
-rwxr-xr-xcontrib/openbsm/configure247
-rw-r--r--contrib/openbsm/configure.ac14
-rw-r--r--contrib/openbsm/etc/audit_filter5
-rw-r--r--contrib/openbsm/libbsm/Makefile.am3
-rw-r--r--contrib/openbsm/libbsm/Makefile.in3
-rw-r--r--contrib/openbsm/libbsm/au_open.3149
-rw-r--r--contrib/openbsm/libbsm/au_token.315
-rw-r--r--contrib/openbsm/libbsm/audit_submit.3126
-rw-r--r--contrib/openbsm/libbsm/bsm_audit.c26
-rw-r--r--contrib/openbsm/libbsm/bsm_io.c98
-rw-r--r--contrib/openbsm/libbsm/bsm_token.c87
-rw-r--r--contrib/openbsm/libbsm/bsm_wrappers.c127
-rw-r--r--contrib/openbsm/libbsm/libbsm.35
-rw-r--r--contrib/openbsm/man/auditctl.24
-rw-r--r--contrib/openbsm/modules/Makefile.am7
-rw-r--r--contrib/openbsm/modules/Makefile.in477
-rw-r--r--contrib/openbsm/modules/auditfilter_noop/Makefile.am10
-rw-r--r--contrib/openbsm/modules/auditfilter_noop/Makefile.in459
-rw-r--r--contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c73
-rw-r--r--contrib/openbsm/test/Makefile.am6
-rw-r--r--contrib/openbsm/test/Makefile.in477
-rw-r--r--contrib/openbsm/test/bsm/Makefile.am9
-rw-r--r--contrib/openbsm/test/bsm/Makefile.in453
-rw-r--r--contrib/openbsm/test/bsm/generate.c755
47 files changed, 5266 insertions, 265 deletions
diff --git a/contrib/openbsm/HISTORY b/contrib/openbsm/HISTORY
index 119ff6489be3..e1e691115922 100644
--- a/contrib/openbsm/HISTORY
+++ b/contrib/openbsm/HISTORY
@@ -1,3 +1,44 @@
+OpenBSM 1.0 alpha 6
+
+- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
+ previously we used hard-coded 0 and 1 values.
+- Add man page for au_open(), au_write(), au_close(), and
+ au_close_buffer().
+- Support a more complete range of data types for the arbitrary data token:
+ add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
+ to AUR_INT), add AUR_INT64.
+- Add au_close_token(), which allows writing a single token_t to a memory
+ buffer. Not likely to be used much by applications, but useful for
+ writing test tools.
+- Modify au_to_file() so that it accepts a timeval in user space, not just
+ kernel -- this is not a Solaris BSM API so can be modified without
+ causing compatibility issues.
+- Define a new API, au_to_header32_tm(), which adds a struct timeval
+ argument to the ordinary au_to_header32(), which is now implemented by
+ wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL
+ the APIs that invoke gettimeofday(), rather than having a variable
+ definition. Don't try to retrieve time zone information using
+ gettimeofday(), as it's not needed, and introduces possible failure
+ modes.
+- Don't perform byte order transformations on the addr/machine fields of
+ the terminal ID that appears in the process32/subject32 tokens. These
+ are assumed to be IP addresses, and as such, to be in network byte
+ order.
+- Universally, APIs now assume that IP addresses and ports are provided
+ in network byte order. APIs now generally provide these types in
+ network byte order when decoding.
+- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
+ This code is not built or installed by default.
+- auditd now assigns more appropriate syslog levels to its debugging and
+ error information.
+- Support for audit filters introduced: audit filters are dynamically
+ loaded shared objects that run in the context of a new daemon,
+ auditfilterd. The daemon reads from an audit pipe and feeds both BSM and
+ parsed versions of records to shared objects using a module API. This
+ will provide a framework for the writing of intrusion detection services.
+- New utility API, audit_submit(), added to capture common elements of audit
+ record submission for many applications.
+
OpenBSM 1.0 alpha 5
- Update install notes to indicate /etc files are to be installed manually.
@@ -124,4 +165,4 @@ OpenBSM 1.0 alpha 1
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#2 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#12 $
diff --git a/contrib/openbsm/Makefile.am b/contrib/openbsm/Makefile.am
index d1cfe6bfb27d..d3ca327d5f3d 100644
--- a/contrib/openbsm/Makefile.am
+++ b/contrib/openbsm/Makefile.am
@@ -1,12 +1,13 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/Makefile.am#1 $
+# $P4: //depot/projects/trustedbsd/openbsm/Makefile.am#2 $
#
SUBDIRS = \
bsm \
libbsm \
bin \
- man
+ man \
+ modules
EXTRA_DIST = \
CHANGELOG \
diff --git a/contrib/openbsm/Makefile.in b/contrib/openbsm/Makefile.in
index a34f60afb543..ce23ffd13c4f 100644
--- a/contrib/openbsm/Makefile.in
+++ b/contrib/openbsm/Makefile.in
@@ -15,7 +15,7 @@
@SET_MAKE@
#
-# $P4: //depot/projects/trustedbsd/openbsm/Makefile.in#3 $
+# $P4: //depot/projects/trustedbsd/openbsm/Makefile.in#4 $
#
srcdir = @srcdir@
top_srcdir = @top_srcdir@
@@ -181,7 +181,8 @@ SUBDIRS = \
bsm \
libbsm \
bin \
- man
+ man \
+ modules
EXTRA_DIST = \
CHANGELOG \
diff --git a/contrib/openbsm/README b/contrib/openbsm/README
index ee178c1f7173..a938d11d2331 100644
--- a/contrib/openbsm/README
+++ b/contrib/openbsm/README
@@ -27,7 +27,7 @@ POSIX-like systems.
OpenBSM is currently built using autoconf and automake, which should allow
for building on a range of operating systems, including FreeBSD, Mac OS X,
-and Linux. Depending on the availability of audit facailities in the
+and Linux. Depending on the availability of audit facilities in the
underlying operating system, some components that depend on kernel audit
support are built conditionally. Typically, build will be performed using
@@ -95,4 +95,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page:
http://www.TrustedBSD.org/
-$P4: //depot/projects/trustedbsd/openbsm/README#16 $
+$P4: //depot/projects/trustedbsd/openbsm/README#17 $
diff --git a/contrib/openbsm/TODO b/contrib/openbsm/TODO
index 2280a60b7529..d30c84131c14 100644
--- a/contrib/openbsm/TODO
+++ b/contrib/openbsm/TODO
@@ -13,5 +13,9 @@
- It might be desirable to be able to provide EOPNOTSUPP system call stubs
on systems that don't have the necessary audit system calls; that would
allow the full libbsm and tool set to build, just not run.
+- Teach praudit how to begin printing at any point in a token stream, not
+ just at the beginning of a record. This will make it easier to use
+ praudit in test suites processing single-token files without header and
+ trailer context.
-$P4: //depot/projects/trustedbsd/openbsm/TODO#5 $
+$P4: //depot/projects/trustedbsd/openbsm/TODO#6 $
diff --git a/contrib/openbsm/VERSION b/contrib/openbsm/VERSION
index ed079c08d60a..e2b0eb9fd41e 100644
--- a/contrib/openbsm/VERSION
+++ b/contrib/openbsm/VERSION
@@ -1 +1 @@
-OPENBSM_1_0_ALPHA_3
+OPENBSM_1_0_ALPHA_6
diff --git a/contrib/openbsm/bin/Makefile.am b/contrib/openbsm/bin/Makefile.am
index 7c2fee2321f1..735c241baf3a 100644
--- a/contrib/openbsm/bin/Makefile.am
+++ b/contrib/openbsm/bin/Makefile.am
@@ -1,8 +1,9 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.am#2 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.am#3 $
#
SUBDIRS = \
+ auditfilterd \
auditreduce \
praudit
diff --git a/contrib/openbsm/bin/Makefile.in b/contrib/openbsm/bin/Makefile.in
index e1d7fdd58d87..5646450c6eb1 100644
--- a/contrib/openbsm/bin/Makefile.in
+++ b/contrib/openbsm/bin/Makefile.in
@@ -15,7 +15,7 @@
@SET_MAKE@
#
-# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.in#3 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.in#4 $
#
srcdir = @srcdir@
top_srcdir = @top_srcdir@
@@ -62,7 +62,7 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
uninstall-recursive
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = auditreduce praudit audit auditd
+DIST_SUBDIRS = auditfilterd auditreduce praudit audit auditd
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMDEP_FALSE = @AMDEP_FALSE@
@@ -165,7 +165,7 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
-SUBDIRS = auditreduce praudit $(am__append_1)
+SUBDIRS = auditfilterd auditreduce praudit $(am__append_1)
all: all-recursive
.SUFFIXES:
diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c
index 471f4f67ebb2..edfe6c04085c 100644
--- a/contrib/openbsm/bin/auditd/auditd.c
+++ b/contrib/openbsm/bin/auditd/auditd.c
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#13 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 $
*/
#include <sys/types.h>
@@ -44,6 +44,7 @@
#include <bsm/audit_uevents.h>
#include <bsm/libbsm.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <grp.h>
@@ -63,6 +64,7 @@ static int ret, minval;
static char *lastfile = NULL;
static int allhardcount = 0;
static int triggerfd = 0;
+static int sigchlds, sigchlds_handled;
static int sighups, sighups_handled;
static int sigterms, sigterms_handled;
static long global_flags;
@@ -127,7 +129,7 @@ affixdir(char *name, struct dir_ent *dirent)
const char *sep = "/";
curdir = dirent->dirname;
- syslog(LOG_INFO, "dir = %s\n", dirent->dirname);
+ syslog(LOG_DEBUG, "dir = %s", dirent->dirname);
fn = malloc(strlen(curdir) + strlen(sep) + (2 * POSTFIX_LEN) + 1);
if (fn == NULL)
@@ -158,10 +160,10 @@ close_lastfile(char *TS)
*ptr = '.';
strcpy(ptr+1, TS);
if (rename(oldname, lastfile) != 0)
- syslog(LOG_ERR, "Could not rename %s to %s \n",
+ syslog(LOG_ERR, "Could not rename %s to %s",
oldname, lastfile);
else
- syslog(LOG_INFO, "renamed %s to %s \n",
+ syslog(LOG_INFO, "renamed %s to %s",
oldname, lastfile);
}
free(lastfile);
@@ -241,7 +243,7 @@ swap_audit_file(void)
/* Try until we succeed. */
while ((dirent = TAILQ_FIRST(&dir_q))) {
if ((fn = affixdir(timestr, dirent)) == NULL) {
- syslog(LOG_INFO, "Failed to swap log at time %s\n",
+ syslog(LOG_INFO, "Failed to swap log at time %s",
timestr);
return (-1);
}
@@ -250,7 +252,7 @@ swap_audit_file(void)
* Create and open the file; then close and pass to the
* kernel if all went well.
*/
- syslog(LOG_INFO, "New audit file is %s\n", fn);
+ syslog(LOG_INFO, "New audit file is %s", fn);
#ifdef AUDIT_REVIEW_GROUP
fd = open_trail(fn, uid, gid);
#else
@@ -262,7 +264,7 @@ swap_audit_file(void)
error = auditctl(fn);
if (error) {
syslog(LOG_ERR,
- "auditctl failed setting log file! : %s\n",
+ "auditctl failed setting log file! : %s",
strerror(errno));
close(fd);
} else {
@@ -284,7 +286,7 @@ swap_audit_file(void)
free(dirent->dirname);
free(dirent);
}
- syslog(LOG_INFO, "Log directories exhausted\n");
+ syslog(LOG_ERR, "Log directories exhausted\n");
return (-1);
}
@@ -326,7 +328,7 @@ read_control_file(void)
allhardcount = 0;
if (swap_audit_file() == -1) {
- syslog(LOG_ERR, "Could not swap audit file\n");
+ syslog(LOG_ERR, "Could not swap audit file");
/*
* XXX Faulty directory listing? - user should be given
* XXX an opportunity to change the audit_control file
@@ -341,16 +343,16 @@ read_control_file(void)
* XXX is generated here?
*/
if (0 == (ret = getacmin(&minval))) {
- syslog(LOG_INFO, "min free = %d\n", minval);
+ syslog(LOG_DEBUG, "min free = %d\n", minval);
if (auditon(A_GETQCTRL, &qctrl, sizeof(qctrl)) != 0) {
syslog(LOG_ERR,
- "could not get audit queue settings\n");
+ "could not get audit queue settings");
return (-1);
}
qctrl.aq_minfree = minval;
if (auditon(A_SETQCTRL, &qctrl, sizeof(qctrl)) != 0) {
syslog(LOG_ERR,
- "could not set audit queue settings\n");
+ "could not set audit queue settings");
return (-1);
}
}
@@ -372,20 +374,20 @@ close_all(void)
/* Generate an audit record. */
if ((aufd = au_open()) == -1)
- syslog(LOG_ERR, "Could not create audit shutdown event.\n");
+ syslog(LOG_ERR, "Could not create audit shutdown event.");
else {
if ((tok = au_to_text("auditd::Audit shutdown")) != NULL)
au_write(aufd, tok);
if (au_close(aufd, 1, AUE_audit_shutdown) == -1)
syslog(LOG_ERR,
- "Could not close audit shutdown event.\n");
+ "Could not close audit shutdown event.");
}
/* Flush contents. */
cond = AUC_DISABLED;
err_ret = auditon(A_SETCOND, &cond, sizeof(cond));
if (err_ret != 0) {
- syslog(LOG_ERR, "Disabling audit failed! : %s\n",
+ syslog(LOG_ERR, "Disabling audit failed! : %s",
strerror(errno));
err_ret = 1;
}
@@ -396,15 +398,15 @@ close_all(void)
free_dir_q();
if ((remove(AUDITD_PIDFILE) == -1) || err_ret) {
- syslog(LOG_ERR, "Could not unregister\n");
+ syslog(LOG_ERR, "Could not unregister");
audit_warn_postsigterm();
return (1);
}
endac();
if (close(triggerfd) != 0)
- syslog(LOG_ERR, "Error closing control file\n");
- syslog(LOG_INFO, "Finished.\n");
+ syslog(LOG_ERR, "Error closing control file");
+ syslog(LOG_INFO, "Finished");
return (0);
}
@@ -422,6 +424,8 @@ relay_signal(int signal)
sighups++;
if (signal == SIGTERM)
sigterms++;
+ if (signal == SIGCHLD)
+ sigchlds++;
}
/*
@@ -437,23 +441,22 @@ register_daemon(void)
/* Set up the signal hander. */
if (signal(SIGTERM, relay_signal) == SIG_ERR) {
syslog(LOG_ERR,
- "Could not set signal handler for SIGTERM\n");
+ "Could not set signal handler for SIGTERM");
fail_exit();
}
if (signal(SIGCHLD, relay_signal) == SIG_ERR) {
syslog(LOG_ERR,
- "Could not set signal handler for SIGCHLD\n");
+ "Could not set signal handler for SIGCHLD");
fail_exit();
}
if (signal(SIGHUP, relay_signal) == SIG_ERR) {
syslog(LOG_ERR,
- "Could not set signal handler for SIGHUP\n");
+ "Could not set signal handler for SIGHUP");
fail_exit();
}
if ((pidfile = fopen(AUDITD_PIDFILE, "a")) == NULL) {
- syslog(LOG_ERR,
- "Could not open PID file\n");
+ syslog(LOG_ERR, "Could not open PID file");
audit_warn_tmpfile();
return (-1);
}
@@ -462,7 +465,7 @@ register_daemon(void)
fd = fileno(pidfile);
if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
syslog(LOG_ERR,
- "PID file is locked (is another auditd running?).\n");
+ "PID file is locked (is another auditd running?).");
audit_warn_ebusy();
return (-1);
}
@@ -490,7 +493,6 @@ handle_audit_trigger(int trigger)
static int last_trigger;
static time_t last_time;
struct dir_ent *dirent;
- int rc;
/*
* Suppres duplicate messages from the kernel within the specified
@@ -516,7 +518,7 @@ handle_audit_trigger(int trigger)
switch(trigger) {
case AUDIT_TRIGGER_LOW_SPACE:
- syslog(LOG_INFO, "Got low space trigger\n");
+ syslog(LOG_INFO, "Got low space trigger");
if (dirent && (dirent->softlim != 1)) {
TAILQ_REMOVE(&dir_q, dirent, dirs);
/* Add this node to the end of the list. */
@@ -526,7 +528,7 @@ handle_audit_trigger(int trigger)
if (TAILQ_NEXT(TAILQ_FIRST(&dir_q), dirs) != NULL &&
swap_audit_file() == -1)
- syslog(LOG_ERR, "Error swapping audit file\n");
+ syslog(LOG_ERR, "Error swapping audit file");
/*
* Check if the next dir has already reached its soft
@@ -548,7 +550,7 @@ handle_audit_trigger(int trigger)
break;
case AUDIT_TRIGGER_NO_SPACE:
- syslog(LOG_INFO, "Got no space trigger\n");
+ syslog(LOG_INFO, "Got no space trigger");
/* Delete current dir, go on to next. */
TAILQ_REMOVE(&dir_q, dirent, dirs);
@@ -557,7 +559,7 @@ handle_audit_trigger(int trigger)
free(dirent);
if (swap_audit_file() == -1)
- syslog(LOG_ERR, "Error swapping audit file\n");
+ syslog(LOG_ERR, "Error swapping audit file");
/* We are out of log directories. */
audit_warn_allhard(++allhardcount);
@@ -568,21 +570,21 @@ handle_audit_trigger(int trigger)
* Create a new file and swap with the one being used in
* kernel
*/
- syslog(LOG_INFO, "Got open new trigger\n");
+ syslog(LOG_INFO, "Got open new trigger");
if (swap_audit_file() == -1)
- syslog(LOG_ERR, "Error swapping audit file\n");
+ syslog(LOG_ERR, "Error swapping audit file");
break;
case AUDIT_TRIGGER_READ_FILE:
- syslog(LOG_INFO, "Got read file trigger\n");
+ syslog(LOG_INFO, "Got read file trigger");
if (read_control_file() == -1)
- syslog(LOG_ERR, "Error in audit control file\n");
+ syslog(LOG_ERR, "Error in audit control file");
if (config_audit_controls() == -1)
- syslog(LOG_ERR, "Error setting audit controls\n");
+ syslog(LOG_ERR, "Error setting audit controls");
break;
default:
- syslog(LOG_ERR, "Got unknown trigger %d\n", trigger);
+ syslog(LOG_ERR, "Got unknown trigger %d", trigger);
break;
}
}
@@ -596,10 +598,38 @@ handle_sighup(void)
}
/*
- * Read the control file for triggers and handle appropriately.
+ * Reap our children.
+ */
+static void
+reap_children(void)
+{
+ pid_t child;
+ int wstatus;
+
+ while ((child = waitpid(-1, &wstatus, WNOHANG)) > 0) {
+ if (!wstatus)
+ continue;
+ syslog(LOG_INFO, "warn process [pid=%d] %s %d.", child,
+ ((WIFEXITED(wstatus)) ? "exited with non-zero status" :
+ "exited as a result of signal"),
+ ((WIFEXITED(wstatus)) ? WEXITSTATUS(wstatus) :
+ WTERMSIG(wstatus)));
+ }
+}
+
+static void
+handle_sigchld(void)
+{
+
+ sigchlds_handled = sigchlds;
+ reap_children();
+}
+
+/*
+ * Read the control file for triggers/signals and handle appropriately.
*/
static int
-wait_for_triggers(void)
+wait_for_events(void)
{
int num;
unsigned int trigger;
@@ -607,24 +637,28 @@ wait_for_triggers(void)
for (;;) {
num = read(triggerfd, &trigger, sizeof(trigger));
if ((num == -1) && (errno != EINTR)) {
- syslog(LOG_ERR, "%s: error %d\n", __FUNCTION__, errno);
+ syslog(LOG_ERR, "%s: error %d", __FUNCTION__, errno);
return (-1);
}
if (sigterms != sigterms_handled) {
- syslog(LOG_INFO, "%s: SIGTERM", __FUNCTION__);
+ syslog(LOG_DEBUG, "%s: SIGTERM", __FUNCTION__);
break;
}
+ if (sigchlds != sigchlds_handled) {
+ syslog(LOG_DEBUG, "%s: SIGCHLD", __FUNCTION__);
+ handle_sigchld();
+ }
if (sighups != sighups_handled) {
- syslog(LOG_INFO, "%s: SIGHUP", __FUNCTION__);
+ syslog(LOG_DEBUG, "%s: SIGHUP", __FUNCTION__);
handle_sighup();
}
if ((num == -1) && (errno == EINTR))
continue;
if (num == 0) {
- syslog(LOG_INFO, "%s: read EOF\n", __FUNCTION__);
+ syslog(LOG_ERR, "%s: read EOF", __FUNCTION__);
return (-1);
}
- syslog(LOG_INFO, "%s: read %d\n", __FUNCTION__, trigger);
+ syslog(LOG_DEBUG, "%s: read %d", __FUNCTION__, trigger);
if (trigger == AUDIT_TRIGGER_CLOSE_AND_DIE)
break;
else
@@ -634,26 +668,6 @@ wait_for_triggers(void)
}
/*
- * Reap our children.
- */
-static void
-reap_children(void)
-{
- pid_t child;
- int wstatus;
-
- while ((child = waitpid(-1, &wstatus, WNOHANG)) > 0) {
- if (!wstatus)
- continue;
- syslog(LOG_INFO, "warn process [pid=%d] %s %d.\n", child,
- ((WIFEXITED(wstatus)) ? "exited with non-zero status" :
- "exited as a result of signal"),
- ((WIFEXITED(wstatus)) ? WEXITSTATUS(wstatus) :
- WTERMSIG(wstatus)));
- }
-}
-
-/*
* Configure the audit controls in the kernel: the event to class mapping,
* kernel preselection mask, etc.
*/
@@ -700,7 +714,7 @@ config_audit_controls(void)
if (ctr == 0)
syslog(LOG_ERR, "No events to class mappings registered.");
else
- syslog(LOG_INFO, "Registered %d event to class mappings.",
+ syslog(LOG_DEBUG, "Registered %d event to class mappings.",
ctr);
/*
@@ -713,7 +727,7 @@ config_audit_controls(void)
syslog(LOG_ERR,
"Failed to register non-attributable event mask.");
else
- syslog(LOG_INFO,
+ syslog(LOG_DEBUG,
"Registered non-attributable event mask.");
} else
syslog(LOG_ERR,
@@ -731,35 +745,53 @@ config_audit_controls(void)
static void
setup(void)
{
+ auditinfo_t auinfo;
int aufd;
token_t *tok;
if ((triggerfd = open(AUDIT_TRIGGER_FILE, O_RDONLY, 0)) < 0) {
- syslog(LOG_ERR, "Error opening trigger file\n");
+ syslog(LOG_ERR, "Error opening trigger file");
+ fail_exit();
+ }
+
+ /*
+ * To provide event feedback cycles and avoid auditd becoming
+ * stalled if auditing is suspended, auditd and its children run
+ * without their events being audited. We allow the uid, tid, and
+ * mask fields to be implicitly set to zero, but do set the pid. We
+ * run this after opening the trigger device to avoid configuring
+ * audit state without audit present in the system.
+ *
+ * XXXRW: Is there more to it than this?
+ */
+ bzero(&auinfo, sizeof(auinfo));
+ auinfo.ai_asid = getpid();
+ if (setaudit(&auinfo) == -1) {
+ syslog(LOG_ERR, "Error setting audit stat");
fail_exit();
}
TAILQ_INIT(&dir_q);
if (read_control_file() == -1) {
- syslog(LOG_ERR, "Error reading control file\n");
+ syslog(LOG_ERR, "Error reading control file");
fail_exit();
}
/* Generate an audit record. */
if ((aufd = au_open()) == -1)
- syslog(LOG_ERR, "Could not create audit startup event.\n");
+ syslog(LOG_ERR, "Could not create audit startup event.");
else {
if ((tok = au_to_text("auditd::Audit startup")) != NULL)
au_write(aufd, tok);
if (au_close(aufd, 1, AUE_audit_startup) == -1)
syslog(LOG_ERR,
- "Could not close audit startup event.\n");
+ "Could not close audit startup event.");
}
if (config_audit_controls() == 0)
- syslog(LOG_INFO, "Audit controls init successful\n");
+ syslog(LOG_INFO, "Audit controls init successful");
else
- syslog(LOG_INFO, "Audit controls init failed\n");
+ syslog(LOG_ERR, "Audit controls init failed");
}
int
@@ -800,22 +832,22 @@ main(int argc, char **argv)
#else
openlog("auditd", LOG_CONS | LOG_PID, LOG_AUTH);
#endif
- syslog(LOG_INFO, "starting...\n");
+ syslog(LOG_INFO, "starting...");
if (debug == 0 && daemon(0, 0) == -1) {
- syslog(LOG_ERR, "Failed to daemonize\n");
+ syslog(LOG_ERR, "Failed to daemonize");
exit(1);
}
if (register_daemon() == -1) {
- syslog(LOG_ERR, "Could not register as daemon\n");
+ syslog(LOG_ERR, "Could not register as daemon");
exit(1);
}
setup();
- rc = wait_for_triggers();
- syslog(LOG_INFO, "auditd exiting.\n");
+ rc = wait_for_events();
+ syslog(LOG_INFO, "auditd exiting.");
exit(rc);
}
diff --git a/contrib/openbsm/bin/auditfilterd/Makefile.am b/contrib/openbsm/bin/auditfilterd/Makefile.am
new file mode 100644
index 000000000000..b8d96a48868b
--- /dev/null
+++ b/contrib/openbsm/bin/auditfilterd/Makefile.am
@@ -0,0 +1,10 @@
+#
+# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.am#1 $
+#
+
+INCLUDES = -I$(top_srcdir)
+
+sbin_PROGRAMS = auditfilterd
+auditfilterd_SOURCES = auditfilterd_conf.c auditfilterd.c
+auditfilterd_LDADD = $(top_builddir)/libbsm/libbsm.la
+man8_MANS = auditfilterd.8
diff --git a/contrib/openbsm/bin/auditfilterd/Makefile.in b/contrib/openbsm/bin/auditfilterd/Makefile.in
new file mode 100644
index 000000000000..85df64178e2e
--- /dev/null
+++ b/contrib/openbsm/bin/auditfilterd/Makefile.in
@@ -0,0 +1,508 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/Makefile.in#1 $
+#
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ../..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+sbin_PROGRAMS = auditfilterd$(EXEEXT)
+subdir = bin/auditfilterd
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
+sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(sbin_PROGRAMS)
+am_auditfilterd_OBJECTS = auditfilterd_conf.$(OBJEXT) \
+ auditfilterd.$(OBJEXT)
+auditfilterd_OBJECTS = $(am_auditfilterd_OBJECTS)
+auditfilterd_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/config
+depcomp = $(SHELL) $(top_srcdir)/config/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(auditfilterd_SOURCES)
+DIST_SOURCES = $(auditfilterd_SOURCES)
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man8_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+HAVE_AUDIT_SYSCALLS_FALSE = @HAVE_AUDIT_SYSCALLS_FALSE@
+HAVE_AUDIT_SYSCALLS_TRUE = @HAVE_AUDIT_SYSCALLS_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+INCLUDES = -I$(top_srcdir)
+auditfilterd_SOURCES = auditfilterd_conf.c auditfilterd.c
+auditfilterd_LDADD = $(top_builddir)/libbsm/libbsm.la
+man8_MANS = auditfilterd.8
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign bin/auditfilterd/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign bin/auditfilterd/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(sbindir)" || $(mkdir_p) "$(DESTDIR)$(sbindir)"
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(sbindir)/$$f"; \
+ done
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+auditfilterd$(EXEEXT): $(auditfilterd_OBJECTS) $(auditfilterd_DEPENDENCIES)
+ @rm -f auditfilterd$(EXEEXT)
+ $(LINK) $(auditfilterd_LDFLAGS) $(auditfilterd_OBJECTS) $(auditfilterd_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditfilterd.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditfilterd_conf.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS)
+installdirs:
+ for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(mkdir_p) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-exec-am: install-sbinPROGRAMS
+
+install-info: install-info-am
+
+install-man: install-man8
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am uninstall-man uninstall-sbinPROGRAMS
+
+uninstall-man: uninstall-man8
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-sbinPROGRAMS ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-exec \
+ install-exec-am install-info install-info-am install-man \
+ install-man8 install-sbinPROGRAMS install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-info-am uninstall-man \
+ uninstall-man8 uninstall-sbinPROGRAMS
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd.8 b/contrib/openbsm/bin/auditfilterd/auditfilterd.8
new file mode 100644
index 000000000000..0d9d2cbffb0f
--- /dev/null
+++ b/contrib/openbsm/bin/auditfilterd/auditfilterd.8
@@ -0,0 +1,77 @@
+.\"-
+.\" Copyright (c) 2006 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.8#2 $
+.\"
+.Dd March 27, 2006
+.Dt AUDITFILTERD 8
+.Os
+.Sh NAME
+.Nm auditfilterd
+.Nd audit filter daemon
+.Sh SYNOPSIS
+.Nm auditfilterd
+.Op Fl d
+.Op Fl c Ar conffile
+.Op Fl t Ar trailfile
+.Sh DESCRIPTION
+The
+.Nm
+daemon is an extensible audit event monitoring daemon, allowing pluggable
+modules to track audit events from a live audit source.
+It is configured using the
+.Xr audit_filter 5
+configuration file.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl d
+Starts the daemon in debug mode - it will not daemonize.
+.It Fl c Ar conffile
+Specify an alternative configuration file.
+.It Fl t Ar trailfile
+Specify an alternative source of audit event records.
+.El
+.Sh FILES
+.Bl -tag -width "/etc/security/audit_filterd" -compact
+.It Pa /etc/security/audit_filterd
+Default configuration file for
+.Nm .
+.It Pa /dev/auditpipe
+Default audit record source for
+.Nm .
+.El
+.Sh SEE ALSO
+.Xr audit 8 ,
+.Xr auditd 8
+.Sh AUTHORS
+The
+.Nm
+daemon and audit filter APIs were created by Robert Watson.
+.Sh HISTORY
+The OpenBSM implementation was created by McAfee Research, the security
+division of McAfee Inc., under contract to Apple Computer Inc. in 2004.
+It was subsequently adopted by the TrustedBSD Project as the foundation for
+the OpenBSM distribution.
diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd.c b/contrib/openbsm/bin/auditfilterd/auditfilterd.c
new file mode 100644
index 000000000000..5128af0c92cf
--- /dev/null
+++ b/contrib/openbsm/bin/auditfilterd/auditfilterd.c
@@ -0,0 +1,341 @@
+/*-
+ * Copyright (c) 2006 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#6 $
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+
+#include <config/config.h>
+#ifdef HAVE_FULL_QUEUE_H
+#include <sys/queue.h>
+#else
+#include <compat/queue.h>
+#endif
+
+#include <bsm/libbsm.h>
+#include <bsm/audit_filter.h>
+
+#include <err.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "auditfilterd.h"
+
+/*
+ * Global list of registered filters.
+ */
+struct auditfilter_module_list filter_list;
+
+/*
+ * Configuration and signal->main flags.
+ */
+int debug; /* Debugging mode requested, don't detach. */
+int reread_config; /* SIGHUP has been received. */
+int quit; /* SIGQUIT/TERM/INT has been received. */
+
+static void
+usage(void)
+{
+
+ fprintf(stderr, "auditfilterd [-c conffile] [-d] [-p pipefile]"
+ " [-t trailfile]\n");
+ fprintf(stderr, " -c Specify configuration file (default: %s)\n",
+ AUDITFILTERD_CONFFILE);
+ fprintf(stderr, " -d Debugging mode, don't daemonize\n");
+ fprintf(stderr, " -p Specify pipe file (default: %s)\n",
+ AUDITFILTERD_PIPEFILE);
+ fprintf(stderr, " -t Specify audit trail file (default: none)\n");
+ exit(-1);
+}
+
+static void
+auditfilterd_init(void)
+{
+
+ TAILQ_INIT(&filter_list);
+}
+
+static void
+signal_handler(int signum)
+{
+
+ switch (signum) {
+ case SIGHUP:
+ reread_config++;
+ break;
+
+ case SIGINT:
+ case SIGTERM:
+ case SIGQUIT:
+ quit++;
+ break;
+ }
+}
+
+/*
+ * Present raw BSM to a set of registered and interested filters.
+ */
+static void
+present_bsmrecord(struct timespec *ts, u_char *data, u_int len)
+{
+ struct auditfilter_module *am;
+
+ TAILQ_FOREACH(am, &filter_list, am_list) {
+ if (am->am_bsmrecord != NULL)
+ (am->am_bsmrecord)(am->am_instance, ts, data, len);
+ }
+}
+
+/*
+ * Parse the BSM into a set of tokens, which will be pased to registered
+ * and interested filters.
+ */
+#define MAX_TOKENS 128 /* Maximum tokens we handle per record. */
+static void
+present_tokens(struct timespec *ts, u_char *data, u_int len)
+{
+ struct auditfilter_module *am;
+ tokenstr_t tokens[MAX_TOKENS];
+ u_int bytesread;
+ int tokencount;
+
+ tokencount = 0;
+ while (bytesread < len) {
+ if (au_fetch_tok(&tokens[tokencount], data + bytesread,
+ len - bytesread) == -1)
+ break;
+ bytesread += tokens[tokencount].len;
+ tokencount++;
+ }
+
+ TAILQ_FOREACH(am, &filter_list, am_list) {
+ if (am->am_record != NULL)
+ (am->am_record)(am->am_instance, ts, tokencount,
+ tokens);
+ }
+}
+
+/*
+ * The main loop spins pulling records out of the record source and passing
+ * them to modules for processing.
+ */
+static void
+mainloop_file(const char *conffile, const char *trailfile, FILE *trail_fp)
+{
+ struct timespec ts;
+ FILE *conf_fp;
+ u_char *buf;
+ int reclen;
+
+ while (1) {
+ /*
+ * On SIGHUP, we reread the configuration file and reopen
+ * the trail file.
+ */
+ if (reread_config) {
+ reread_config = 0;
+ warnx("rereading configuration");
+ conf_fp = fopen(conffile, "r");
+ if (conf_fp == NULL)
+ err(-1, "%s", conffile);
+ auditfilterd_conf(conffile, conf_fp);
+ fclose(conf_fp);
+
+ fclose(trail_fp);
+ trail_fp = fopen(trailfile, "r");
+ if (trail_fp == NULL)
+ err(-1, "%s", trailfile);
+ }
+ if (quit) {
+ warnx("quitting");
+ break;
+ }
+
+ /*
+ * For now, be relatively unrobust about incomplete records,
+ * but in the future will want to do better. Need to look
+ * more at the right blocking and signal behavior here.
+ */
+ reclen = au_read_rec(trail_fp, &buf);
+ if (reclen == -1)
+ continue;
+ if (clock_gettime(CLOCK_REALTIME, &ts) < 0)
+ err(-1, "clock_gettime");
+ present_bsmrecord(&ts, buf, reclen);
+ present_tokens(&ts, buf, reclen);
+ free(buf);
+ }
+}
+
+/*
+ * The main loop spins pulling records out of the record source and passing
+ * them to modules for processing. This version of the function accepts
+ * discrete record input from a file descriptor, as opposed to buffered input
+ * from a file stream.
+ */
+static void
+mainloop_pipe(const char *conffile, const char *pipefile, int pipe_fd)
+{
+ u_char record[MAX_AUDIT_RECORD_SIZE];
+ struct timespec ts;
+ FILE *conf_fp;
+ int reclen;
+
+ while (1) {
+ /*
+ * On SIGHUP, we reread the configuration file. Unlike with
+ * a trail file, we don't reopen the pipe, as we don't want
+ * to miss records which will be flushed if we do.
+ */
+ if (reread_config) {
+ reread_config = 0;
+ warnx("rereading configuration");
+ conf_fp = fopen(conffile, "r");
+ if (conf_fp == NULL)
+ err(-1, "%s", conffile);
+ auditfilterd_conf(conffile, conf_fp);
+ fclose(conf_fp);
+ }
+ if (quit) {
+ warnx("quitting");
+ break;
+ }
+
+ /*
+ * For now, be relatively unrobust about incomplete records,
+ * but in the future will want to do better. Need to look
+ * more at the right blocking and signal behavior here.
+ */
+ reclen = read(pipe_fd, record, MAX_AUDIT_RECORD_SIZE);
+ if (reclen < 0)
+ continue;
+ if (clock_gettime(CLOCK_REALTIME, &ts) < 0)
+ err(-1, "clock_gettime");
+ present_bsmrecord(&ts, record, reclen);
+ present_tokens(&ts, record, reclen);
+ }
+}
+
+int
+main(int argc, char *argv[])
+{
+ const char *pipefile, *trailfile, *conffile;
+ FILE *trail_fp, *conf_fp;
+ struct stat sb;
+ int pipe_fd;
+ int ch;
+
+ conffile = AUDITFILTERD_CONFFILE;
+ trailfile = NULL;
+ pipefile = NULL;
+ while ((ch = getopt(argc, argv, "c:dp:t:")) != -1) {
+ switch (ch) {
+ case 'c':
+ conffile = optarg;
+ break;
+
+ case 'd':
+ debug++;
+ break;
+
+ case 't':
+ if (trailfile != NULL || pipefile != NULL)
+ usage();
+ trailfile = optarg;
+ break;
+
+ case 'p':
+ if (pipefile != NULL || trailfile != NULL)
+ usage();
+ pipefile = optarg;
+ break;
+
+ default:
+ usage();
+ }
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ if (argc != 0)
+ usage();
+
+ /*
+ * We allow only one of a pipe or a trail to be used. If none is
+ * specified, we provide a default pipe path.
+ */
+ if (pipefile == NULL && trailfile == NULL)
+ pipefile = AUDITFILTERD_PIPEFILE;
+
+ if (pipefile != NULL) {
+ pipe_fd = open(pipefile, O_RDONLY);
+ if (pipe_fd < 0)
+ err(-1, "open:%s", pipefile);
+ if (fstat(pipe_fd, &sb) < 0)
+ err(-1, "stat: %s", pipefile);
+ if (!S_ISCHR(sb.st_mode))
+ errx(-1, "fstat: %s not device", pipefile);
+ } else {
+ trail_fp = fopen(trailfile, "r");
+ if (trail_fp == NULL)
+ err(-1, "%s", trailfile);
+ }
+
+ conf_fp = fopen(conffile, "r");
+ if (conf_fp == NULL)
+ err(-1, "%s", conffile);
+
+ auditfilterd_init();
+ if (auditfilterd_conf(conffile, conf_fp) < 0)
+ exit(-1);
+ fclose(conf_fp);
+
+ if (!debug) {
+ if (daemon(0, 0) < 0)
+ err(-1, "daemon");
+ }
+
+ signal(SIGHUP, signal_handler);
+ signal(SIGINT, signal_handler);
+ signal(SIGQUIT, signal_handler);
+ signal(SIGTERM, signal_handler);
+
+ if (pipefile != NULL)
+ mainloop_pipe(conffile, pipefile, pipe_fd);
+ else
+ mainloop_file(conffile, trailfile, trail_fp);
+
+ auditfilterd_conf_shutdown();
+ return (0);
+}
diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd.h b/contrib/openbsm/bin/auditfilterd/auditfilterd.h
new file mode 100644
index 000000000000..189c21fa1f73
--- /dev/null
+++ b/contrib/openbsm/bin/auditfilterd/auditfilterd.h
@@ -0,0 +1,79 @@
+/*-
+ * Copyright (c) 2006 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.h#3 $
+ */
+
+#define AUDITFILTERD_CONFFILE "/etc/security/audit_filter"
+#define AUDITFILTERD_PIPEFILE "/dev/auditpipe"
+
+/*
+ * Limit on the number of arguments that can appear in an audit_filterd
+ * configuration line.
+ */
+#define AUDITFILTERD_CONF_MAXARGS 256
+
+/*
+ * Data structure description each instantiated module.
+ */
+struct auditfilter_module {
+ /*
+ * Fields from configuration file and dynamic linker.
+ */
+ char *am_modulename;
+ char *am_arg_buffer;
+ int am_argc;
+ char **am_argv;
+ void *am_dlhandle;
+
+ /*
+ * Fields provided by or extracted from the module.
+ */
+ void *am_instance;
+ audit_filter_attach_t am_attach;
+ audit_filter_reinit_t am_reinit;
+ audit_filter_record_t am_record;
+ audit_filter_bsmrecord_t am_bsmrecord;
+ audit_filter_detach_t am_detach;
+
+ /*
+ * Fields for maintaining the list of modules.
+ */
+ TAILQ_ENTRY(auditfilter_module) am_list;
+};
+TAILQ_HEAD(auditfilter_module_list, auditfilter_module);
+
+/*
+ * List of currently registered modules.
+ */
+extern struct auditfilter_module_list filter_list;
+
+/*
+ * Function definitions.
+ */
+int auditfilterd_conf(const char *filename, FILE *fp);
+void auditfilterd_conf_shutdown(void);
diff --git a/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c b/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c
new file mode 100644
index 000000000000..4e1759da958c
--- /dev/null
+++ b/contrib/openbsm/bin/auditfilterd/auditfilterd_conf.c
@@ -0,0 +1,485 @@
+/*-
+ * Copyright (c) 2006 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 $
+ */
+
+/*
+ * Configuration file parser for auditfilterd. The configuration file is a
+ * very simple format, similar to other BSM configuration files, consisting
+ * of configuration entries of one line each. The configuration function is
+ * aware of previous runs, and will update the current configuration as
+ * needed.
+ *
+ * Modules are in one of two states: attached, or detached. If attach fails,
+ * detach is not called because it was not attached. If a module is attached
+ * and a call to its reinit method fails, we will detach it.
+ */
+
+#include <sys/types.h>
+
+#include <config/config.h>
+#ifdef HAVE_FULL_QUEUE_H
+#include <sys/queue.h>
+#else
+#include <compat/queue.h>
+#endif
+
+#include <bsm/libbsm.h>
+#include <bsm/audit_filter.h>
+
+#include <dlfcn.h>
+#include <err.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "auditfilterd.h"
+
+/*
+ * Free an individual auditfilter_module structure. Will not shut down the
+ * module, just frees the memory. Does so conditional on pointers being
+ * non-NULL so that it can be used on partially allocated structures.
+ */
+static void
+auditfilter_module_free(struct auditfilter_module *am)
+{
+
+ if (am->am_modulename != NULL)
+ free(am->am_modulename);
+ if (am->am_arg_buffer != NULL)
+ free(am->am_arg_buffer);
+ if (am->am_argv != NULL)
+ free(am->am_argv);
+}
+
+/*
+ * Free all memory associated with an auditfilter_module list. Does not
+ * dlclose() or shut down the modules, just free the memory. Use
+ * auditfilter_module_list_detach() for that, if required.
+ */
+static void
+auditfilter_module_list_free(struct auditfilter_module_list *list)
+{
+ struct auditfilter_module *am;
+
+ while (!(TAILQ_EMPTY(list))) {
+ am = TAILQ_FIRST(list);
+ TAILQ_REMOVE(list, am, am_list);
+ auditfilter_module_free(am);
+ }
+}
+
+/*
+ * Detach an attached module from an auditfilter_module structure. Does not
+ * free the data structure itself.
+ */
+static void
+auditfilter_module_detach(struct auditfilter_module *am)
+{
+
+ if (am->am_detach != NULL)
+ am->am_detach(am->am_instance);
+ am->am_instance = NULL;
+ (void)dlclose(am->am_dlhandle);
+ am->am_dlhandle = NULL;
+}
+
+/*
+ * Walk an auditfilter_module list, detaching each module. Intended to be
+ * combined with auditfilter_module_list_free().
+ */
+static void
+auditfilter_module_list_detach(struct auditfilter_module_list *list)
+{
+ struct auditfilter_module *am;
+
+ TAILQ_FOREACH(am, list, am_list)
+ auditfilter_module_detach(am);
+}
+
+/*
+ * Given a filled out auditfilter_module, use dlopen() and dlsym() to attach
+ * the module. If we fail, leave fields in the state we found them.
+ *
+ * XXXRW: Need a better way to report errors.
+ */
+static int
+auditfilter_module_attach(struct auditfilter_module *am)
+{
+
+ am->am_dlhandle = dlopen(am->am_modulename, RTLD_NOW);
+ if (am->am_dlhandle == NULL) {
+ warnx("auditfilter_module_attach: %s: %s", am->am_modulename,
+ dlerror());
+ return (-1);
+ }
+
+ /*
+ * Not implementing these is not considered a failure condition,
+ * although we might want to consider warning if obvious stuff is
+ * not implemented, such as am_record.
+ */
+ am->am_attach = dlsym(am->am_dlhandle, AUDIT_FILTER_ATTACH_STRING);
+ am->am_reinit = dlsym(am->am_dlhandle, AUDIT_FILTER_REINIT_STRING);
+ am->am_record = dlsym(am->am_dlhandle, AUDIT_FILTER_RECORD_STRING);
+ am->am_bsmrecord = dlsym(am->am_dlhandle,
+ AUDIT_FILTER_BSMRECORD_STRING);
+ am->am_detach = dlsym(am->am_dlhandle, AUDIT_FILTER_DETACH_STRING);
+
+ if (am->am_attach != NULL) {
+ if (am->am_attach(&am->am_instance, am->am_argc, am->am_argv)
+ != AUDIT_FILTER_SUCCESS) {
+ warnx("auditfilter_module_attach: %s: failed",
+ am->am_modulename);
+ dlclose(am->am_dlhandle);
+ am->am_dlhandle = NULL;
+ am->am_attach = NULL;
+ am->am_reinit = NULL;
+ am->am_record = NULL;
+ am->am_bsmrecord = NULL;
+ am->am_detach = NULL;
+ return (-1);
+ }
+ }
+
+ return (0);
+}
+
+/*
+ * When the arguments for a module are changed, we notify the module through
+ * a call to its reinit method, if any. Return 0 on success, or -1 on
+ * failure.
+ */
+static int
+auditfilter_module_reinit(struct auditfilter_module *am)
+{
+
+ if (am->am_reinit == NULL)
+ return (0);
+
+ if (am->am_reinit(&am->am_instance, am->am_argc, am->am_argv) !=
+ AUDIT_FILTER_SUCCESS) {
+ warnx("auditfilter_module_reinit: %s: failed",
+ am->am_modulename);
+ return (-1);
+ }
+
+ return (0);
+}
+
+/*
+ * Given a configuration line, generate an auditfilter_module structure that
+ * describes it; caller will not pass comments in, so they are not looked
+ * for. Do not attempt to instantiate it. Will destroy the contents of
+ * 'buffer'.
+ *
+ * Configuration lines consist of two parts: the module name and arguments
+ * separated by a ':', and then a ','-delimited list of arguments.
+ *
+ * XXXRW: Need to decide where to send the warning output -- stderr for now.
+ */
+struct auditfilter_module *
+auditfilter_module_parse(const char *filename, int linenumber, char *buffer)
+{
+ char *arguments, *module, **ap;
+ struct auditfilter_module *am;
+
+ am = malloc(sizeof(*am));
+ if (am == NULL) {
+ warn("auditfilter_module_parse: %s:%d", filename, linenumber);
+ return (NULL);
+ }
+ bzero(am, sizeof(*am));
+
+ /*
+ * First, break out the module and arguments strings. We look for
+ * one extra argument to make sure there are no more :'s in the line.
+ * That way, we prevent modules from using argument strings that, in
+ * the future, may cause problems for adding additional columns.
+ */
+ arguments = buffer;
+ module = strsep(&arguments, ":");
+ if (module == NULL || arguments == NULL) {
+ warnx("auditfilter_module_parse: %s:%d: parse error",
+ filename, linenumber);
+ return (NULL);
+ }
+
+ am->am_modulename = strdup(module);
+ if (am->am_modulename == NULL) {
+ warn("auditfilter_module_parse: %s:%d", filename, linenumber);
+ auditfilter_module_free(am);
+ return (NULL);
+ }
+
+ am->am_arg_buffer = strdup(buffer);
+ if (am->am_arg_buffer == NULL) {
+ warn("auditfilter_module_parse: %s:%d", filename, linenumber);
+ auditfilter_module_free(am);
+ return (NULL);
+ }
+
+ /*
+ * Now, break out the arguments string into a series of arguments.
+ * This is a bit more complicated, and requires cleanup if things go
+ * wrong.
+ */
+ am->am_argv = malloc(sizeof(char *) * AUDITFILTERD_CONF_MAXARGS);
+ if (am->am_argv == NULL) {
+ warn("auditfilter_module_parse: %s:%d", filename, linenumber);
+ auditfilter_module_free(am);
+ return (NULL);
+ }
+ bzero(am->am_argv, sizeof(char *) * AUDITFILTERD_CONF_MAXARGS);
+ am->am_argc = 0;
+ for (ap = am->am_argv; (*ap = strsep(&arguments, " \t")) != NULL;) {
+ if (**ap != '\0') {
+ am->am_argc++;
+ if (++ap >= &am->am_argv[AUDITFILTERD_CONF_MAXARGS])
+ break;
+ }
+ }
+ if (ap >= &am->am_argv[AUDITFILTERD_CONF_MAXARGS]) {
+ warnx("auditfilter_module_parse: %s:%d: too many arguments",
+ filename, linenumber);
+ auditfilter_module_free(am);
+ return (NULL);
+ }
+
+ return (am);
+}
+
+/*
+ * Read a configuration file, and populate 'list' with the configuration
+ * lines. Does not attempt to instantiate the configuration, just read it
+ * into a useful set of data structures.
+ */
+static int
+auditfilterd_conf_read(const char *filename, FILE *fp,
+ struct auditfilter_module_list *list)
+{
+ int error, linenumber, syntaxerror;
+ struct auditfilter_module *am;
+ char buffer[LINE_MAX];
+
+ syntaxerror = 0;
+ linenumber = 0;
+ while (!feof(fp) && !ferror(fp)) {
+ if (fgets(buffer, LINE_MAX, fp) == NULL)
+ break;
+ linenumber++;
+ if (buffer[0] == '#' || strlen(buffer) < 1)
+ continue;
+ buffer[strlen(buffer)-1] = '\0';
+ am = auditfilter_module_parse(filename, linenumber, buffer);
+ if (am == NULL) {
+ syntaxerror = 1;
+ break;
+ }
+ TAILQ_INSERT_HEAD(list, am, am_list);
+ }
+
+ /*
+ * File I/O error.
+ */
+ if (ferror(fp)) {
+ error = errno;
+ auditfilter_module_list_free(list);
+ errno = error;
+ return (-1);
+ }
+
+ /*
+ * Syntax error.
+ */
+ if (syntaxerror) {
+ auditfilter_module_list_free(list);
+ errno = EINVAL;
+ return (-1);
+ }
+ return (0);
+}
+
+/*
+ * Apply changes necessary to bring a new configuration into force. The new
+ * configuration data is passed in, and the current configuration is updated
+ * to match it. The contents of 'list' are freed or otherwise disposed of
+ * before return.
+ *
+ * The algorithms here are not very efficient, but this is an infrequent
+ * operation on very short lists.
+ */
+static void
+auditfilterd_conf_apply(struct auditfilter_module_list *list)
+{
+ struct auditfilter_module *am1, *am2, *am_tmp;
+ int argc_tmp, found;
+ char **argv_tmp;
+
+ /*
+ * First, remove remove and detach any entries that appear in the
+ * current configuration, but not the new configuration.
+ */
+ TAILQ_FOREACH_SAFE(am1, &filter_list, am_list, am_tmp) {
+ found = 0;
+ TAILQ_FOREACH(am2, list, am_list) {
+ if (strcmp(am1->am_modulename, am2->am_modulename)
+ == 0) {
+ found = 1;
+ break;
+ }
+ }
+ if (found)
+ continue;
+
+ /*
+ * am1 appears in filter_list, but not the new list, detach
+ * and free the module.
+ */
+ warnx("detaching module %s", am1->am_modulename);
+ TAILQ_REMOVE(&filter_list, am1, am_list);
+ auditfilter_module_detach(am1);
+ auditfilter_module_free(am1);
+ }
+
+ /*
+ * Next, update the configuration of any modules that appear in both
+ * lists. We do this by swapping the two argc and argv values and
+ * freeing the new one, rather than detaching the old one and
+ * attaching the new one. That way module state is preserved.
+ */
+ TAILQ_FOREACH(am1, &filter_list, am_list) {
+ found = 0;
+ TAILQ_FOREACH(am2, list, am_list) {
+ if (strcmp(am1->am_modulename, am2->am_modulename)
+ == 0) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found)
+ continue;
+
+ /*
+ * Swap the arguments.
+ */
+ argc_tmp = am1->am_argc;
+ argv_tmp = am1->am_argv;
+ am1->am_argc = am2->am_argc;
+ am1->am_argv = am2->am_argv;
+ am2->am_argc = argc_tmp;
+ am2->am_argv = argv_tmp;
+
+ /*
+ * The reinit is a bit tricky: if reinit fails, we actually
+ * remove the old entry and detach that, as we don't allow
+ * running modules to be out of sync with the configuration
+ * file.
+ */
+ warnx("reiniting module %s", am1->am_modulename);
+ if (auditfilter_module_reinit(am1) != 0) {
+ warnx("reinit failed for module %s, detaching",
+ am1->am_modulename);
+ TAILQ_REMOVE(&filter_list, am1, am_list);
+ auditfilter_module_detach(am1);
+ auditfilter_module_free(am1);
+ }
+
+ /*
+ * Free the entry from the new list, which will discard the
+ * old arguments. No need to detach, as it was never
+ * attached in the first place.
+ */
+ TAILQ_REMOVE(list, am2, am_list);
+ auditfilter_module_free(am2);
+ }
+
+ /*
+ * Finally, attach any new entries that don't appear in the old
+ * configuration, and if they attach successfully, move them to the
+ * real configuration list.
+ */
+ TAILQ_FOREACH(am1, list, am_list) {
+ found = 0;
+ TAILQ_FOREACH(am2, &filter_list, am_list) {
+ if (strcmp(am1->am_modulename, am2->am_modulename)
+ == 0) {
+ found = 1;
+ break;
+ }
+ }
+ if (found)
+ continue;
+ /*
+ * Attach the entry. If it succeeds, add to filter_list,
+ * otherwise, free. No need to detach if attach failed.
+ */
+ warnx("attaching module %s", am1->am_modulename);
+ TAILQ_REMOVE(list, am1, am_list);
+ if (auditfilter_module_attach(am1) != 0) {
+ warnx("attaching module %s failed",
+ am1->am_modulename);
+ auditfilter_module_free(am1);
+ } else
+ TAILQ_INSERT_HEAD(&filter_list, am1, am_list);
+ }
+
+ if (TAILQ_FIRST(list) != NULL)
+ warnx("auditfilterd_conf_apply: new list not empty\n");
+}
+
+/*
+ * Read the new configuration file into a local list. If the configuration
+ * file is parsed OK, then apply the changes.
+ */
+int
+auditfilterd_conf(const char *filename, FILE *fp)
+{
+ struct auditfilter_module_list list;
+
+ TAILQ_INIT(&list);
+ if (auditfilterd_conf_read(filename, fp, &list) < 0)
+ return (-1);
+
+ auditfilterd_conf_apply(&list);
+
+ return (0);
+}
+
+/*
+ * Detach and free all active filter modules for daemon shutdown.
+ */
+void
+auditfilterd_conf_shutdown(void)
+{
+
+ auditfilter_module_list_detach(&filter_list);
+ auditfilter_module_list_free(&filter_list);
+}
diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.c b/contrib/openbsm/bin/auditreduce/auditreduce.c
index 63619b7b1216..25a14ff453a5 100644
--- a/contrib/openbsm/bin/auditreduce/auditreduce.c
+++ b/contrib/openbsm/bin/auditreduce/auditreduce.c
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#13 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#14 $
*/
/*
@@ -42,11 +42,12 @@
#include <bsm/libbsm.h>
+#include <err.h>
+#include <grp.h>
+#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sysexits.h>
-#include <grp.h>
-#include <pwd.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
diff --git a/contrib/openbsm/bsm/Makefile.am b/contrib/openbsm/bsm/Makefile.am
index 68c5d324a7c5..8287789bebd0 100644
--- a/contrib/openbsm/bsm/Makefile.am
+++ b/contrib/openbsm/bsm/Makefile.am
@@ -1,11 +1,12 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#1 $
+# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#2 $
#
openbsmdir = $(includedir)/bsm
openbsm_HEADERS = \
audit.h \
+ audit_filter.h \
audit_internal.h \
audit_kevents.h \
audit_record.h \
diff --git a/contrib/openbsm/bsm/Makefile.in b/contrib/openbsm/bsm/Makefile.in
index ae913bdfa417..c860974f6880 100644
--- a/contrib/openbsm/bsm/Makefile.in
+++ b/contrib/openbsm/bsm/Makefile.in
@@ -15,7 +15,7 @@
@SET_MAKE@
#
-# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.in#3 $
+# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.in#4 $
#
srcdir = @srcdir@
@@ -168,6 +168,7 @@ target_alias = @target_alias@
openbsmdir = $(includedir)/bsm
openbsm_HEADERS = \
audit.h \
+ audit_filter.h \
audit_internal.h \
audit_kevents.h \
audit_record.h \
diff --git a/contrib/openbsm/bsm/audit.h b/contrib/openbsm/bsm/audit.h
index 8739b2a0e55b..1d05625005a2 100644
--- a/contrib/openbsm/bsm/audit.h
+++ b/contrib/openbsm/bsm/audit.h
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#15 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#16 $
*/
#ifndef _BSM_AUDIT_H
@@ -264,11 +264,11 @@ struct audit_stat {
unsigned int as_version;
unsigned int as_numevent;
int as_generated;
- int as_nonattring;
+ int as_nonattrib;
int as_kernel;
int as_audit;
int as_auditctl;
- int as_enqueu;
+ int as_enqueue;
int as_written;
int as_wblocked;
int as_rblocked;
diff --git a/contrib/openbsm/bsm/audit_filter.h b/contrib/openbsm/bsm/audit_filter.h
new file mode 100644
index 000000000000..5b7dd4ffc27b
--- /dev/null
+++ b/contrib/openbsm/bsm/audit_filter.h
@@ -0,0 +1,77 @@
+/*-
+ * Copyright (c) 2006 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_filter.h#2 $
+ */
+
+#ifndef _BSM_AUDIT_FILTER_H_
+#define _BSM_AUDIT_FILTER_H_
+
+/*
+ * Module interface for audit filter modules.
+ *
+ * audit_filter_attach_t - filter module is being attached with arguments
+ * audit_filter_reinit_t - arguments to module have changed
+ * audit_filter_record_t - present parsed record to filter module, with
+ * receipt time
+ * audit_filter_bsmrecord_t - present bsm format record to filter module,
+ * with receipt time
+ * audit_filter_destach_t - filter module is being detached
+ *
+ * There may be many instances of the same filter, identified by the instance
+ * void pointer maintained by the filter instance.
+ */
+typedef int (*audit_filter_attach_t)(void **instance, int argc, char *argv[]);
+typedef int (*audit_filter_reinit_t)(void *instance, int argc, char *argv[]);
+typedef void (*audit_filter_record_t)(void *instance, struct timespec *ts,
+ int token_count, const tokenstr_t tok[]);
+typedef void (*audit_filter_bsmrecord_t)(void *instance, struct timespec *ts,
+ void *data, u_int len);
+typedef void (*audit_filter_detach_t)(void *instance);
+
+/*
+ * Values to be returned by audit_filter_init_t.
+ */
+#define AUDIT_FILTER_SUCCESS (0)
+#define AUDIT_FILTER_FAILURE (-1)
+
+/*
+ * Standard name for filter module initialization functions, which will be
+ * found using dlsym().
+ */
+#define AUDIT_FILTER_ATTACH audit_filter_attach
+#define AUDIT_FILTER_REINIT audit_filter_reinit
+#define AUDIT_FILTER_RECORD audit_filter_record
+#define AUDIT_FILTER_BSMRECORD audit_filter_bsmrecord
+#define AUDIT_FILTER_DETACH audit_filter_detach
+#define AUDIT_FILTER_ATTACH_STRING "audit_filter_attach"
+#define AUDIT_FILTER_REINIT_STRING "audit_filter_reinit"
+#define AUDIT_FILTER_RECORD_STRING "audit_filter_record"
+#define AUDIT_FILTER_BSMRECORD_STRING "audit_filter_bsmrecord"
+#define AUDIT_FILTER_DETACH_STRING "audit_filter_detach"
+
+#endif /* !_BSM_AUDIT_FILTER_H_ */
diff --git a/contrib/openbsm/bsm/audit_record.h b/contrib/openbsm/bsm/audit_record.h
index af9ba4d4e76c..9816112080d8 100644
--- a/contrib/openbsm/bsm/audit_record.h
+++ b/contrib/openbsm/bsm/audit_record.h
@@ -30,23 +30,15 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#14 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#17 $
*/
#ifndef _BSM_AUDIT_RECORD_H_
#define _BSM_AUDIT_RECORD_H_
-/* Various token id types */
-
/*
- * Values inside the comments are not documented in the BSM pages and
- * have been picked up from the header files
+ * Token type identifiers.
*/
-
-/*
- * Values marked as XXX do not have a value defined in the BSM header files
- */
-
#define AUT_INVALID 0x00
#define AUT_OTHER_FILE32 0x11
#define AUT_OHEADER 0x12
@@ -187,13 +179,19 @@
/* data-types for the arbitrary token */
#define AUR_BYTE 0
+#define AUR_CHAR AUR_BYTE
#define AUR_SHORT 1
-#define AUR_LONG 2
+#define AUR_INT32 2
+#define AUR_INT AUR_INT
+#define AUR_INT64 3
/* ... and their sizes */
#define AUR_BYTE_SIZE sizeof(u_char)
+#define AUR_CHAR_SIZE AUR_BYTE_SIZE
#define AUR_SHORT_SIZE sizeof(uint16_t)
-#define AUR_LONG_SIZE sizeof(uint32_t)
+#define AUR_INT32_SIZE sizeof(uint32_t)
+#define AUR_INT_SIZE AUR_INT32_SIZE
+#define AUR_INT64_SIZE sizeof(uint64_t)
/* Modifiers for the header token */
#define PAD_NOTATTR 0x4000 /* nonattributable event */
@@ -230,24 +228,18 @@ int au_open(void);
int au_write(int d, token_t *m);
int au_close(int d, int keep, short event);
int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen);
+int au_close_token(token_t *tok, u_char *buffer, size_t *buflen);
-#if defined(KERNEL) || defined(_KERNEL)
token_t *au_to_file(char *file, struct timeval tm);
-#else
-token_t *au_to_file(char *file);
-#endif
-#if defined(KERNEL) || defined(_KERNEL)
-token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod,
- struct timeval tm);
-token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod,
+token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
struct timeval tm);
-#else
+#if !defined(KERNEL) && !defined(_KERNEL)
token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
#endif
-token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_me(void);
token_t *au_to_arg(char n, char *text, uint32_t v);
token_t *au_to_arg32(char n, char *text, uint32_t v);
diff --git a/contrib/openbsm/bsm/libbsm.h b/contrib/openbsm/bsm/libbsm.h
index a6871118079e..45af63159e5d 100644
--- a/contrib/openbsm/bsm/libbsm.h
+++ b/contrib/openbsm/bsm/libbsm.h
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#18 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#20 $
*/
#ifndef _LIBBSM_H_
@@ -695,6 +695,9 @@ struct tokenstr {
typedef struct tokenstr tokenstr_t;
+int audit_submit(short au_event, au_id_t auid,
+ char status, int reterr, const char *fmt, ...);
+
/*
* Functions relating to querying audit class information.
*/
diff --git a/contrib/openbsm/config/config.h.in b/contrib/openbsm/config/config.h.in
index e5ceb86cadc7..59615b4cfd05 100644
--- a/contrib/openbsm/config/config.h.in
+++ b/contrib/openbsm/config/config.h.in
@@ -42,9 +42,6 @@
/* Define if ipc_perm.__seq instead of seq */
#undef HAVE_IPC_PERM___SEQ
-/* Define to 1 if you have the `bsm' library (-lbsm). */
-#undef HAVE_LIBBSM
-
/* Define to 1 if you have the <machine/endian.h> header file. */
#undef HAVE_MACHINE_ENDIAN_H
diff --git a/contrib/openbsm/configure b/contrib/openbsm/configure
index 5eaa5bc7eae2..06b326932298 100755
--- a/contrib/openbsm/configure
+++ b/contrib/openbsm/configure
@@ -1,7 +1,7 @@
#! /bin/sh
-# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#15 .
+# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#22 .
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a5.
+# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a6.
#
# Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
#
@@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='OpenBSM'
PACKAGE_TARNAME='openbsm'
-PACKAGE_VERSION='1.0a5'
-PACKAGE_STRING='OpenBSM 1.0a5'
+PACKAGE_VERSION='1.0a6'
+PACKAGE_STRING='OpenBSM 1.0a6'
PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
ac_unique_file="bin/auditreduce/auditreduce.c"
@@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures OpenBSM 1.0a5 to adapt to many kinds of systems.
+\`configure' configures OpenBSM 1.0a6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1021,7 +1021,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of OpenBSM 1.0a5:";;
+ short | recursive ) echo "Configuration of OpenBSM 1.0a6:";;
esac
cat <<\_ACEOF
@@ -1162,7 +1162,7 @@ fi
test -n "$ac_init_help" && exit 0
if $ac_init_version; then
cat <<\_ACEOF
-OpenBSM configure 1.0a5
+OpenBSM configure 1.0a6
generated by GNU Autoconf 2.59
Copyright (C) 2003 Free Software Foundation, Inc.
@@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by OpenBSM $as_me 1.0a5, which was
+It was created by OpenBSM $as_me 1.0a6, which was
generated by GNU Autoconf 2.59. Invocation command line was
$ $0 $@
@@ -19278,7 +19278,7 @@ fi
# Define the identity of the package.
PACKAGE=OpenBSM
- VERSION=1.0a5
+ VERSION=1.0a6
cat >>confdefs.h <<_ACEOF
@@ -19627,16 +19627,13 @@ fi
-# Checks for libraries.
-# FIXME: Replace `main' with a function in `-lbsm':
-
-echo "$as_me:$LINENO: checking for main in -lbsm" >&5
-echo $ECHO_N "checking for main in -lbsm... $ECHO_C" >&6
-if test "${ac_cv_lib_bsm_main+set}" = set; then
+echo "$as_me:$LINENO: checking for library containing dlsym" >&5
+echo $ECHO_N "checking for library containing dlsym... $ECHO_C" >&6
+if test "${ac_cv_search_dlsym+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lbsm $LIBS"
+ ac_func_search_save_LIBS=$LIBS
+ac_cv_search_dlsym=no
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
@@ -19644,11 +19641,72 @@ cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlsym ();
+int
+main ()
+{
+dlsym ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_dlsym="none required"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_dlsym" = no; then
+ for ac_lib in dl; do
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char dlsym ();
int
main ()
{
-main ();
+dlsym ();
;
return 0;
}
@@ -19675,25 +19733,149 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
- ac_cv_lib_bsm_main=yes
+ ac_cv_search_dlsym="-l$ac_lib"
+break
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-ac_cv_lib_bsm_main=no
fi
rm -f conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+ done
fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_bsm_main" >&5
-echo "${ECHO_T}$ac_cv_lib_bsm_main" >&6
-if test $ac_cv_lib_bsm_main = yes; then
- cat >>confdefs.h <<_ACEOF
-#define HAVE_LIBBSM 1
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_dlsym" >&5
+echo "${ECHO_T}$ac_cv_search_dlsym" >&6
+if test "$ac_cv_search_dlsym" != no; then
+ test "$ac_cv_search_dlsym" = "none required" || LIBS="$ac_cv_search_dlsym $LIBS"
+
+fi
+
+echo "$as_me:$LINENO: checking for library containing clock_gettime" >&5
+echo $ECHO_N "checking for library containing clock_gettime... $ECHO_C" >&6
+if test "${ac_cv_search_clock_gettime+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+ac_cv_search_clock_gettime=no
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char clock_gettime ();
+int
+main ()
+{
+clock_gettime ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_clock_gettime="none required"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_clock_gettime" = no; then
+ for ac_lib in rt; do
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char clock_gettime ();
+int
+main ()
+{
+clock_gettime ();
+ ;
+ return 0;
+}
_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_clock_gettime="-l$ac_lib"
+break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
- LIBS="-lbsm $LIBS"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_clock_gettime" >&5
+echo "${ECHO_T}$ac_cv_search_clock_gettime" >&6
+if test "$ac_cv_search_clock_gettime" != no; then
+ test "$ac_cv_search_clock_gettime" = "none required" || LIBS="$ac_cv_search_clock_gettime $LIBS"
fi
@@ -22895,7 +23077,7 @@ else
fi
- ac_config_files="$ac_config_files Makefile bin/Makefile bin/audit/Makefile bin/auditd/Makefile bin/auditreduce/Makefile bin/praudit/Makefile bsm/Makefile libbsm/Makefile man/Makefile tools/Makefile"
+ ac_config_files="$ac_config_files Makefile bin/Makefile bin/audit/Makefile bin/auditd/Makefile bin/auditfilterd/Makefile bin/auditreduce/Makefile bin/praudit/Makefile bsm/Makefile libbsm/Makefile modules/Makefile modules/auditfilter_noop/Makefile man/Makefile test/Makefile test/bsm/Makefile tools/Makefile"
cat >confcache <<\_ACEOF
@@ -23295,7 +23477,7 @@ _ASBOX
} >&5
cat >&5 <<_CSEOF
-This file was extended by OpenBSM $as_me 1.0a5, which was
+This file was extended by OpenBSM $as_me 1.0a6, which was
generated by GNU Autoconf 2.59. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -23358,7 +23540,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-OpenBSM config.status 1.0a5
+OpenBSM config.status 1.0a6
configured by $0, generated by GNU Autoconf 2.59,
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
@@ -23472,11 +23654,16 @@ do
"bin/Makefile" ) CONFIG_FILES="$CONFIG_FILES bin/Makefile" ;;
"bin/audit/Makefile" ) CONFIG_FILES="$CONFIG_FILES bin/audit/Makefile" ;;
"bin/auditd/Makefile" ) CONFIG_FILES="$CONFIG_FILES bin/auditd/Makefile" ;;
+ "bin/auditfilterd/Makefile" ) CONFIG_FILES="$CONFIG_FILES bin/auditfilterd/Makefile" ;;
"bin/auditreduce/Makefile" ) CONFIG_FILES="$CONFIG_FILES bin/auditreduce/Makefile" ;;
"bin/praudit/Makefile" ) CONFIG_FILES="$CONFIG_FILES bin/praudit/Makefile" ;;
"bsm/Makefile" ) CONFIG_FILES="$CONFIG_FILES bsm/Makefile" ;;
"libbsm/Makefile" ) CONFIG_FILES="$CONFIG_FILES libbsm/Makefile" ;;
+ "modules/Makefile" ) CONFIG_FILES="$CONFIG_FILES modules/Makefile" ;;
+ "modules/auditfilter_noop/Makefile" ) CONFIG_FILES="$CONFIG_FILES modules/auditfilter_noop/Makefile" ;;
"man/Makefile" ) CONFIG_FILES="$CONFIG_FILES man/Makefile" ;;
+ "test/Makefile" ) CONFIG_FILES="$CONFIG_FILES test/Makefile" ;;
+ "test/bsm/Makefile" ) CONFIG_FILES="$CONFIG_FILES test/bsm/Makefile" ;;
"tools/Makefile" ) CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
"depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
"config/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config/config.h" ;;
diff --git a/contrib/openbsm/configure.ac b/contrib/openbsm/configure.ac
index f27ddf1cc114..1fca5b74acc5 100644
--- a/contrib/openbsm/configure.ac
+++ b/contrib/openbsm/configure.ac
@@ -2,8 +2,8 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59)
-AC_INIT([OpenBSM], [1.0a5], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
-AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#16 $])
+AC_INIT([OpenBSM], [1.0a6], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
+AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#22 $])
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
AC_CONFIG_AUX_DIR(config)
AC_CONFIG_HEADER([config/config.h])
@@ -16,9 +16,8 @@ AC_PROG_LIBTOOL
AM_INIT_AUTOMAKE(AC_PACKAGE_NAME, AC_PACKAGE_VERSION)
-# Checks for libraries.
-# FIXME: Replace `main' with a function in `-lbsm':
-AC_CHECK_LIB([bsm], [main])
+AC_SEARCH_LIBS(dlsym, dl)
+AC_SEARCH_LIBS(clock_gettime, rt)
# Checks for header files.
AC_HEADER_STDC
@@ -99,11 +98,16 @@ AC_CONFIG_FILES([Makefile
bin/Makefile
bin/audit/Makefile
bin/auditd/Makefile
+ bin/auditfilterd/Makefile
bin/auditreduce/Makefile
bin/praudit/Makefile
bsm/Makefile
libbsm/Makefile
+ modules/Makefile
+ modules/auditfilter_noop/Makefile
man/Makefile
+ test/Makefile
+ test/bsm/Makefile
tools/Makefile])
AC_OUTPUT
diff --git a/contrib/openbsm/etc/audit_filter b/contrib/openbsm/etc/audit_filter
new file mode 100644
index 000000000000..64f5c0e04d94
--- /dev/null
+++ b/contrib/openbsm/etc/audit_filter
@@ -0,0 +1,5 @@
+#
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_filter#1 $
+#
+# modulename:various arguments here
+#
diff --git a/contrib/openbsm/libbsm/Makefile.am b/contrib/openbsm/libbsm/Makefile.am
index 09f4ae47874b..5e4a317d4e97 100644
--- a/contrib/openbsm/libbsm/Makefile.am
+++ b/contrib/openbsm/libbsm/Makefile.am
@@ -1,5 +1,5 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#2 $
+# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#3 $
#
INCLUDES = -I$(top_srcdir)
@@ -30,6 +30,7 @@ man3_MANS = \
au_free_token.3 \
au_io.3 \
au_mask.3 \
+ au_open.3 \
au_token.3 \
au_user.3 \
libbsm.3
diff --git a/contrib/openbsm/libbsm/Makefile.in b/contrib/openbsm/libbsm/Makefile.in
index de9530c5a8e5..fb9ef39598d7 100644
--- a/contrib/openbsm/libbsm/Makefile.in
+++ b/contrib/openbsm/libbsm/Makefile.in
@@ -15,7 +15,7 @@
@SET_MAKE@
#
-# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#3 $
+# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#4 $
#
srcdir = @srcdir@
@@ -204,6 +204,7 @@ man3_MANS = \
au_free_token.3 \
au_io.3 \
au_mask.3 \
+ au_open.3 \
au_token.3 \
au_user.3 \
libbsm.3
diff --git a/contrib/openbsm/libbsm/au_open.3 b/contrib/openbsm/libbsm/au_open.3
new file mode 100644
index 000000000000..569940e68061
--- /dev/null
+++ b/contrib/openbsm/libbsm/au_open.3
@@ -0,0 +1,149 @@
+.\"-
+.\" Copyright (c) 2006 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 $
+.\"
+.Dd March 4, 2006
+.Dt AU_OPEN 3
+.Os
+.Sh NAME
+.Nm au_open ,
+.Nm au_write ,
+.Nm au_close ,
+.Nm au_close_buffer
+.Nd "Create and commit audit records"
+.Sh LIBRARY
+.Lb libbsm
+.Sh SYNOPSIS
+.In libbsm.h
+.Ft int
+.Fn au_open "void"
+.Ft int
+.Fn au_write "int d" "token_t *tok"
+.Ft int
+.Fn au_close "int d" "int keep" "short event"
+.Ft int
+.Fn au_close_buffer "int d" "short event" "u_char *buffer" "size_t *buflen"
+.Ft int
+.Fn au_close_token "token_t *tok" "u_char *buffer" "size_t *buflen"
+.Sh DESCRIPTION
+These interfaces allow applications to allocate audit records, construct a
+record using a series of tokens, and commit the audit record to the system
+event log.
+An extension API is also provided to commit the record to an in-memory
+buffer rather than the system audit log.
+.Pp
+The
+.Fn au_open
+interface allocates a new audit record descriptor.
+.Pp
+The
+.Fn au_write
+interface adds a token to an allocated audit descriptor.
+When a token has been successfully added to a record, the caller no longer
+owns the token memory, and does not need to free it directly via a call to
+.Xr au_free_token 3 .
+.Pp
+The
+.Fn au_close
+function is used to commit an audit record to the system audit log, or
+abandon the record.
+In either cases, all resources associated with the record will be released.
+The
+.Va keep
+argument determines the behavior: a value of
+.Dv AU_TO_WRITE
+causes the record to be committed; a value of
+.Dv AU_TO_NO_WRITE
+causes it to be abandoned.
+When the audit record is committed, a BSM header will be inserted before
+tokens added to the record, using the event identifier passed via
+.Va event ,
+and a trailer added to the end.
+Committing a record to the system audit log requires privilege.
+.Pp
+The
+.Fn au_close_buffer
+function writes the resulting record to an in-memory buffer of size
+.Va *buflen ;
+it will write back the filled buffer length into the same variable.
+The argument
+.Va short
+is the event identifier to use in the record header.
+.Pp
+The
+.Fn au_close_token
+function generates the BSM stream output for a single token,
+.Va tok ,
+in the passed buffer
+.Va buffer .
+The initial buffer size and resulting data size are passed via
+.Va *buflen .
+.Fn au_close_token
+will free the token before returning.
+.Sh RETURN VALUES
+The function
+.Fn au_open
+returns a non-negative audit record descriptor number on success, or a
+negative value on failure, along with error information in
+.Va errno .
+.Pp
+The functions
+.Fn au_write ,
+.Fn au_close ,
+.Fn au_close_buffer ,
+and
+.Fn au_close_token
+return 0 on success, or a negative value on failure, along with error
+information in
+.Va errno .
+.Sh SEE ALSO
+.Xr libbsm 3
+.Sh AUTHORS
+This software was created by Robert Watson, Wayne Salamon, and Suresh
+Krishnaswamy for McAfee Research, the security research division of McAfee,
+Inc., under contract to Apple Computer, Inc.
+.Pp
+The Basic Security Module (BSM) interface to audit records and audit event
+stream format were defined by Sun Microsystems.
+.Sh HISTORY
+The OpenBSM implementation was created by McAfee Research, the security
+division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
+It was subsequently adopted by the TrustedBSD Project as the foundation for
+the OpenBSM distribution.
+.Sh BUGS
+Currently,
+.Fn au_open
+does not reserve kernel resources necessary to commit the record to the
+trail; on systems supporting
+.Fn au_close ,
+the call will block until resources are available to commit the record.
+However, this leads to the possibility of an action being permitted without
+the record being guaranteed to go to disk.
+Ideally,
+.Fn au_open
+would reserve resources necessary to commit any submitted record, releasing
+them on
+.Fn au_close .
diff --git a/contrib/openbsm/libbsm/au_token.3 b/contrib/openbsm/libbsm/au_token.3
index cdf871b84901..5b2ad301fd2c 100644
--- a/contrib/openbsm/libbsm/au_token.3
+++ b/contrib/openbsm/libbsm/au_token.3
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#7 $
.\"
.Dd April 19, 2005
.Dt AU_TOKEN 3
@@ -57,9 +57,6 @@
.Nm au_to_return64 ,
.Nm au_to_return ,
.Nm au_to_seq ,
-.Nm au_to_socket ,
-.Nm au_to_socket_ex_32 ,
-.Nm au_to_socket_ex_128 ,
.Nm au_to_sock_inet32 ,
.Nm au_to_sock_inet128 ,
.Nm au_to_sock_inet ,
@@ -116,9 +113,7 @@
.Ft token_t *
.Fn au_to_opaque "char *data" "u_int64_t bytes"
.Ft token_t *
-.Fn au_to_file "char *file"
-.Ft token_t *
-.Fn au_to_file "char *file"
+.Fn au_to_file "char *file" "struct timeval tm"
.Ft token_t *
.Fn au_to_text "char *text"
.Ft token_t *
@@ -140,12 +135,6 @@
.Ft token_t *
.Fn au_to_seq "long audit_count"
.Ft token_t *
-.Fn au_to_socket "struct socket *so"
-.Ft token_t *
-.Fn au_to_socket_ex_32 "struct socket *so"
-.Ft token_t *
-.Fn au_to_socket_ex_128 "struct socket *so"
-.Ft token_t *
.Fn au_to_sock_inet32 "struct sockaddr_in *so"
.Ft token_t *
.Fn au_to_sock_inet128 "struct sockaddr_in6 *so"
diff --git a/contrib/openbsm/libbsm/audit_submit.3 b/contrib/openbsm/libbsm/audit_submit.3
new file mode 100644
index 000000000000..9e4d23008dca
--- /dev/null
+++ b/contrib/openbsm/libbsm/audit_submit.3
@@ -0,0 +1,126 @@
+.\"
+.\" Copyright (c) 2006 Christian S.J. Peron
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+.\" its contributors may be used to endorse or promote products derived
+.\" from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
+.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#8 $
+.\"
+.Dd May 29, 2006
+.Dt audit_submit 3
+.Os
+.Sh NAME
+.Nm audit_submit
+.Nd general purpose audit record submission
+.Sh LIBRARY
+.Lb libbsm
+.Sh SYNOPSIS
+.In stdio.h
+.Ft int
+.Fn audit_submit "short au_event" "au_id_t auid" "char status" "int reterr" "const char * restrict format" ...
+.Sh DESCRIPTION
+The
+.Nm
+function provides a generic programming interface for audit record submission.
+This audit record will contain a header, subject token, an optional text token,
+return token, and a trailer.
+The header will contain the event class specified by
+.Fa au_event .
+The subject token will be generated based on
+.Fa au_ctx .
+The return token is dependant on the
+.Fa status
+and
+.Fa reterr
+arguments.
+Optionally, a text token will be created as a part of this record.
+.Pp
+Text token output is under the control of a
+.Fa format
+string that specifies how subsequent arguments (or arguments accessed via the
+variable-length argument facilities of
+.Xr stdarg 3 )
+are converted for output.
+If
+.Fa format
+is NULL, then no text token is created in the audit record.
+.Pp
+It should be noted that
+.Nm
+assumes that
+.Xr setaudit 2 ,
+or
+.Xr setaudit_addr 2
+has already been called.
+As a direct result, the terminal ID for the
+subject will be retrieved from the kernel via
+.Xr getaudit 2 ,
+or
+.Xr getaudit_addr 2 .
+.Sh EXAMPLES
+.Bd -literal -offset indent
+#include <bsm/audit.h>
+#include <bsm/libbsm.h>
+#include <bsm/audit_uevents.h>
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <errno.h>
+
+int
+audit_bad_su(char *from_login, char *to_login)
+{
+ int error;
+
+ error = audit_submit(AUE_su, getuid(), 1, EPERM,
+ "bad su from %s to %s", from_login, to_login);
+ return (error);
+}
+.Ed
+.Pp
+Will generate the following audit record:
+.Bd -literal -offset indent
+header,94,1,su(1),0,Mon Apr 17 23:23:59 2006, + 271 msec
+subject,root,root,wheel,root,wheel,652,652,0,0.0.0.0
+text,bad su from from csjp to root
+return,failure : Operation not permitted,1
+trailer,94
+.Ed
+.Sh SEE ALSO
+.Xr auditon 2 ,
+.Xr getaudit 2 ,
+.Xr libbsm 3 ,
+.Xr stdarg 3
+.Sh HISTORY
+The
+.Nm
+function first appeared in OpenBSM version 1.0.
+OpenBSM 1.0 was introduced in FreeBSD 7.0.
+.Sh AUTHORS
+The
+.Nm
+function was written by
+.An Christian S.J. Peron Aq csjp@FreeBSD.org .
diff --git a/contrib/openbsm/libbsm/bsm_audit.c b/contrib/openbsm/libbsm/bsm_audit.c
index 2e07fd888077..d959a30c4486 100644
--- a/contrib/openbsm/libbsm/bsm_audit.c
+++ b/contrib/openbsm/libbsm/bsm_audit.c
@@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#22 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#26 $
*/
#include <sys/types.h>
@@ -280,12 +280,11 @@ au_close(int d, int keep, short event)
return (-1); /* Invalid descriptor */
}
- if (!keep) {
+ if (keep == AU_TO_NO_WRITE) {
retval = 0;
goto cleanup;
}
-
tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
if (tot_rec_size > MAX_AUDIT_RECORD_SIZE) {
@@ -361,3 +360,24 @@ cleanup:
au_teardown(rec);
return (retval);
}
+
+/*
+ * au_close_token() returns the byte format of a token_t. This won't
+ * generally be used by applications, but is quite useful for writing test
+ * tools. Will free the token on either success or failure.
+ */
+int
+au_close_token(token_t *tok, u_char *buffer, size_t *buflen)
+{
+
+ if (tok->len > *buflen) {
+ au_free_token(tok);
+ errno = ENOMEM;
+ return (EINVAL);
+ }
+
+ memcpy(buffer, tok->t_data, tok->len);
+ *buflen = tok->len;
+ au_free_token(tok);
+ return (0);
+}
diff --git a/contrib/openbsm/libbsm/bsm_io.c b/contrib/openbsm/libbsm/bsm_io.c
index 364532e57386..5f678fb0433f 100644
--- a/contrib/openbsm/libbsm/bsm_io.c
+++ b/contrib/openbsm/libbsm/bsm_io.c
@@ -31,7 +31,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#34 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#37 $
*/
#include <sys/types.h>
@@ -893,6 +893,7 @@ fetch_arb_tok(tokenstr_t *tok, char *buf, int len)
*/
switch(tok->tt.arb.bu) {
case AUR_BYTE:
+ /* case AUR_CHAR: */
datasize = AUR_BYTE_SIZE;
break;
@@ -900,8 +901,13 @@ fetch_arb_tok(tokenstr_t *tok, char *buf, int len)
datasize = AUR_SHORT_SIZE;
break;
- case AUR_LONG:
- datasize = AUR_LONG_SIZE;
+ case AUR_INT32:
+ /* case AUR_INT: */
+ datasize = AUR_INT32_SIZE;
+ break;
+
+ case AUR_INT64:
+ datasize = AUR_INT64_SIZE;
break;
default:
@@ -962,6 +968,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_delim(fp, del);
switch(tok->tt.arb.bu) {
case AUR_BYTE:
+ /* case AUR_CHAR: */
str = "byte";
size = AUR_BYTE_SIZE;
print_string(fp, str, strlen(str));
@@ -979,23 +986,36 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_delim(fp, del);
print_1_byte(fp, tok->tt.arb.uc, "%u");
print_delim(fp, del);
- for (i = 0; i<tok->tt.arb.uc; i++)
+ for (i = 0; i < tok->tt.arb.uc; i++)
fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data +
(size * i))));
break;
- case AUR_LONG:
+ case AUR_INT32:
+ /* case AUR_INT: */
str = "int";
- size = AUR_LONG_SIZE;
+ size = AUR_INT32_SIZE;
print_string(fp, str, strlen(str));
print_delim(fp, del);
print_1_byte(fp, tok->tt.arb.uc, "%u");
print_delim(fp, del);
- for (i = 0; i<tok->tt.arb.uc; i++)
+ for (i = 0; i < tok->tt.arb.uc; i++)
fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data +
(size * i))));
break;
+ case AUR_INT64:
+ str = "int64";
+ size = AUR_INT64_SIZE;
+ print_string(fp, str, strlen(str));
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.arb.uc, "%u");
+ print_delim(fp, del);
+ for (i = 0; i < tok->tt.arb.uc; i++)
+ fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data +
+ (size * i))));
+ break;
+
default:
return;
}
@@ -1336,7 +1356,8 @@ fetch_inaddr_tok(tokenstr_t *tok, char *buf, int len)
{
int err = 0;
- READ_TOKEN_U_INT32(buf, len, tok->tt.inaddr.addr, tok->len, err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr.addr, sizeof(uint32_t),
+ tok->len, err);
if (err)
return (-1);
@@ -1410,15 +1431,18 @@ fetch_ip_tok(tokenstr_t *tok, char *buf, int len)
if (err)
return (-1);
- READ_TOKEN_U_INT16(buf, len, tok->tt.ip.len, tok->len, err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.ip.len, sizeof(uint16_t),
+ tok->len, err);
if (err)
return (-1);
- READ_TOKEN_U_INT16(buf, len, tok->tt.ip.id, tok->len, err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.ip.id, sizeof(uint16_t),
+ tok->len, err);
if (err)
return (-1);
- READ_TOKEN_U_INT16(buf, len, tok->tt.ip.offset, tok->len, err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.ip.offset, sizeof(uint16_t),
+ tok->len, err);
if (err)
return (-1);
@@ -1430,7 +1454,8 @@ fetch_ip_tok(tokenstr_t *tok, char *buf, int len)
if (err)
return (-1);
- READ_TOKEN_U_INT16(buf, len, tok->tt.ip.chksm, tok->len, err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.ip.chksm, sizeof(uint16_t),
+ tok->len, err);
if (err)
return (-1);
@@ -1458,17 +1483,17 @@ print_ip_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_delim(fp, del);
print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char));
print_delim(fp, del);
- print_2_bytes(fp, tok->tt.ip.len, "%u");
+ print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u");
print_delim(fp, del);
- print_2_bytes(fp, tok->tt.ip.id, "%u");
+ print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u");
print_delim(fp, del);
- print_2_bytes(fp, tok->tt.ip.offset, "%u");
+ print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u");
print_delim(fp, del);
print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char));
print_delim(fp, del);
print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char));
print_delim(fp, del);
- print_2_bytes(fp, tok->tt.ip.chksm, "%u");
+ print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u");
print_delim(fp, del);
print_ip_address(fp, tok->tt.ip.src);
print_delim(fp, del);
@@ -1582,7 +1607,8 @@ fetch_iport_tok(tokenstr_t *tok, char *buf, int len)
{
int err = 0;
- READ_TOKEN_U_INT16(buf, len, tok->tt.iport.port, tok->len, err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.iport.port, sizeof(uint16_t),
+ tok->len, err);
if (err)
return (-1);
@@ -1596,7 +1622,7 @@ print_iport_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_tok_type(fp, tok->id, "ip port", raw);
print_delim(fp, del);
- print_2_bytes(fp, tok->tt.iport.port, "%#x");
+ print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x");
}
/*
@@ -1712,7 +1738,8 @@ fetch_process32_tok(tokenstr_t *tok, char *buf, int len)
if (err)
return (-1);
- READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.tid.addr, tok->len, err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.proc32.tid.addr,
+ sizeof(tok->tt.proc32.tid.addr), tok->len, err);
if (err)
return (-1);
@@ -1931,7 +1958,8 @@ fetch_sock_inet32_tok(tokenstr_t *tok, char *buf, int len)
if (err)
return (-1);
- READ_TOKEN_U_INT16(buf, len, tok->tt.sockinet32.port, tok->len, err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet32.port,
+ sizeof(uint16_t), tok->len, err);
if (err)
return (-1);
@@ -1952,7 +1980,7 @@ print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_delim(fp, del);
print_2_bytes(fp, tok->tt.sockinet32.family, "%u");
print_delim(fp, del);
- print_2_bytes(fp, tok->tt.sockinet32.port, "%u");
+ print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u");
print_delim(fp, del);
print_ip_address(fp, tok->tt.sockinet32.addr);
}
@@ -1961,7 +1989,8 @@ print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
* socket family 2 bytes
* path 104 bytes
*/
-static int fetch_sock_unix_tok(tokenstr_t *tok, char *buf, int len)
+static int
+fetch_sock_unix_tok(tokenstr_t *tok, char *buf, int len)
{
int err = 0;
@@ -1997,7 +2026,8 @@ print_sock_unix_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
* remote port 2 bytes
* remote address 4 bytes
*/
-static int fetch_socket_tok(tokenstr_t *tok, char *buf, int len)
+static int
+fetch_socket_tok(tokenstr_t *tok, char *buf, int len)
{
int err = 0;
@@ -2005,7 +2035,8 @@ static int fetch_socket_tok(tokenstr_t *tok, char *buf, int len)
if (err)
return (-1);
- READ_TOKEN_U_INT16(buf, len, tok->tt.socket.l_port, tok->len, err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.socket.l_port, sizeof(uint16_t),
+ tok->len, err);
if (err)
return (-1);
@@ -2014,7 +2045,8 @@ static int fetch_socket_tok(tokenstr_t *tok, char *buf, int len)
if (err)
return (-1);
- READ_TOKEN_U_INT16(buf, len, tok->tt.socket.r_port, tok->len, err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.socket.r_port, sizeof(uint16_t),
+ tok->len, err);
if (err)
return (-1);
@@ -2035,11 +2067,11 @@ print_socket_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_delim(fp, del);
print_2_bytes(fp, tok->tt.socket.type, "%u");
print_delim(fp, del);
- print_2_bytes(fp, tok->tt.socket.l_port, "%u");
+ print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u");
print_delim(fp, del);
print_ip_address(fp, tok->tt.socket.l_addr);
print_delim(fp, del);
- print_2_bytes(fp, tok->tt.socket.r_port, "%u");
+ print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u");
print_delim(fp, del);
print_ip_address(fp, tok->tt.socket.r_addr);
}
@@ -2359,8 +2391,8 @@ fetch_socketex32_tok(tokenstr_t *tok, char *buf, int len)
if (err)
return (-1);
- READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.l_port, tok->len,
- err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.l_port,
+ sizeof(uint16_t), tok->len, err);
if (err)
return (-1);
@@ -2374,8 +2406,8 @@ fetch_socketex32_tok(tokenstr_t *tok, char *buf, int len)
if (err)
return (-1);
- READ_TOKEN_U_INT32(buf, len, tok->tt.socket_ex32.r_port, tok->len,
- err);
+ READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.r_port,
+ sizeof(uint16_t), tok->len, err);
if (err)
return (-1);
@@ -2401,11 +2433,11 @@ print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
print_delim(fp, del);
print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x");
print_delim(fp, del);
- print_2_bytes(fp, tok->tt.socket_ex32.l_port, "%#x");
+ print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x");
print_delim(fp, del);
print_ip_address(fp, tok->tt.socket_ex32.l_addr);
print_delim(fp, del);
- print_4_bytes(fp, tok->tt.socket_ex32.r_port, "%#x");
+ print_4_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x");
print_delim(fp, del);
print_ip_address(fp, tok->tt.socket_ex32.r_addr);
}
diff --git a/contrib/openbsm/libbsm/bsm_token.c b/contrib/openbsm/libbsm/bsm_token.c
index 880c7009bc88..98991adfe2f3 100644
--- a/contrib/openbsm/libbsm/bsm_token.c
+++ b/contrib/openbsm/libbsm/bsm_token.c
@@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#43 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#47 $
*/
#include <sys/types.h>
@@ -243,6 +243,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p)
/* Determine the size of the basic unit. */
switch (unit_type) {
case AUR_BYTE:
+ /* case AUR_CHAR: */
datasize = AUR_BYTE_SIZE;
break;
@@ -250,8 +251,13 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p)
datasize = AUR_SHORT_SIZE;
break;
- case AUR_LONG:
- datasize = AUR_LONG_SIZE;
+ case AUR_INT32:
+ /* case AUR_INT: */
+ datasize = AUR_INT32_SIZE;
+ break;
+
+ case AUR_INT64:
+ datasize = AUR_INT64_SIZE;
break;
default:
@@ -261,7 +267,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p)
totdata = datasize * unit_count;
- GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char));
+ GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata);
if (t == NULL)
return (NULL);
@@ -341,12 +347,12 @@ au_to_in_addr(struct in_addr *internet_addr)
token_t *t;
u_char *dptr = NULL;
- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t));
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t));
if (t == NULL)
return (NULL);
ADD_U_CHAR(dptr, AUT_IN_ADDR);
- ADD_U_INT32(dptr, internet_addr->s_addr);
+ ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t));
return (t);
}
@@ -363,13 +369,13 @@ au_to_in_addr_ex(struct in6_addr *internet_addr)
u_char *dptr = NULL;
u_int32_t type = AF_INET6;
- GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int32_t));
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t));
if (t == NULL)
return (NULL);
ADD_U_CHAR(dptr, AUT_IN_ADDR_EX);
ADD_U_INT32(dptr, type);
- ADD_MEM(dptr, internet_addr, sizeof(*internet_addr));
+ ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t));
return (t);
}
@@ -528,23 +534,12 @@ au_to_opaque(char *data, u_int16_t bytes)
* file pathname N bytes + 1 terminating NULL byte
*/
token_t *
-#if defined(KERNEL) || defined(_KERNEL)
au_to_file(char *file, struct timeval tm)
-#else
-au_to_file(char *file)
-#endif
{
token_t *t;
u_char *dptr = NULL;
u_int16_t filelen;
u_int32_t timems;
-#if !defined(KERNEL) && !defined(_KERNEL)
- struct timeval tm;
- struct timezone tzp;
-
- if (gettimeofday(&tm, &tzp) == -1)
- return (NULL);
-#endif
filelen = strlen(file);
filelen += 1;
@@ -650,7 +645,7 @@ au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
ADD_U_INT32(dptr, pid);
ADD_U_INT32(dptr, sid);
ADD_U_INT32(dptr, tid->port);
- ADD_U_INT32(dptr, tid->machine);
+ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
return (t);
}
@@ -837,21 +832,28 @@ au_to_sock_inet32(struct sockaddr_in *so)
{
token_t *t;
u_char *dptr = NULL;
+ uint16_t family;
- GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) +
- sizeof(u_int32_t));
+ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) +
+ sizeof(uint32_t));
if (t == NULL)
return (NULL);
ADD_U_CHAR(dptr, AUT_SOCKINET32);
/*
- * In Darwin, sin_family is one octet, but BSM defines the token
- * to store two. So we copy in a 0 first.
+ * BSM defines the family field as 16 bits, but many operating
+ * systems have an 8-bit sin_family field. Extend to 16 bits before
+ * writing into the token. Assume that both the port and the address
+ * in the sockaddr_in are already in network byte order, but family
+ * is in local byte order.
+ *
+ * XXXRW: Should a name space conversion be taking place on the value
+ * of sin_family?
*/
- ADD_U_CHAR(dptr, 0);
- ADD_U_CHAR(dptr, so->sin_family);
- ADD_U_INT16(dptr, so->sin_port);
- ADD_U_INT32(dptr, so->sin_addr.s_addr);
+ family = so->sin_family;
+ ADD_U_INT16(dptr, family);
+ ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t));
+ ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t));
return (t);
@@ -877,7 +879,7 @@ au_to_sock_inet128(struct sockaddr_in6 *so)
ADD_U_CHAR(dptr, so->sin6_family);
ADD_U_INT16(dptr, so->sin6_port);
- ADD_MEM(dptr, &so->sin6_addr, sizeof(so->sin6_addr));
+ ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t));
return (t);
@@ -923,7 +925,7 @@ au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
ADD_U_INT32(dptr, pid);
ADD_U_INT32(dptr, sid);
ADD_U_INT32(dptr, tid->port);
- ADD_U_INT32(dptr, tid->machine);
+ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
return (t);
}
@@ -1117,23 +1119,12 @@ au_to_exec_env(const char **env)
* milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value)
*/
token_t *
-#if defined(KERNEL) || defined(_KERNEL)
-au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod,
+au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
struct timeval tm)
-#else
-au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
-#endif
{
token_t *t;
u_char *dptr = NULL;
u_int32_t timems;
-#if !defined(KERNEL) && !defined(_KERNEL)
- struct timeval tm;
- struct timezone tzp;
-
- if (gettimeofday(&tm, &tzp) == -1)
- return (NULL);
-#endif
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t));
@@ -1154,6 +1145,17 @@ au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
return (t);
}
+#if !defined(KERNEL) && !defined(_KERNEL)
+token_t *
+au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
+{
+ struct timeval tm;
+
+ if (gettimeofday(&tm, NULL) == -1)
+ return (NULL);
+ return (au_to_header32_tm(rec_size, e_type, e_mod, tm));
+}
+
token_t *
au_to_header64(__unused int rec_size, __unused au_event_t e_type,
__unused au_emod_t e_mod)
@@ -1169,6 +1171,7 @@ au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod)
return (au_to_header32(rec_size, e_type, e_mod));
}
+#endif
/*
* token ID 1 byte
diff --git a/contrib/openbsm/libbsm/bsm_wrappers.c b/contrib/openbsm/libbsm/bsm_wrappers.c
index 72020ce073c0..98f286c66b86 100644
--- a/contrib/openbsm/libbsm/bsm_wrappers.c
+++ b/contrib/openbsm/libbsm/bsm_wrappers.c
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#18 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#23 $
*/
#ifdef __APPLE__
@@ -46,6 +46,7 @@
#include <unistd.h>
#include <syslog.h>
+#include <stdarg.h>
#include <string.h>
#include <errno.h>
@@ -53,6 +54,115 @@
int audit_set_terminal_port(dev_t *p);
int audit_set_terminal_host(uint32_t *m);
+/*
+ * General purpose audit submission mechanism for userspace.
+ */
+int
+audit_submit(short au_event, au_id_t auid, char status,
+ int reterr, const char *fmt, ...)
+{
+ char text[MAX_AUDITSTRING_LEN];
+ token_t *token;
+ long acond;
+ va_list ap;
+ pid_t pid;
+ int error, afd;
+ struct auditinfo ai;
+
+ if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) {
+ /*
+ * If auditon(2) returns ENOSYS, then audit has not been
+ * compiled into the kernel, so just return.
+ */
+ if (errno == ENOSYS)
+ return (0);
+ error = errno;
+ syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s",
+ strerror(errno));
+ errno = error;
+ return (-1);
+ }
+ if (acond == AUC_NOAUDIT)
+ return (0);
+ afd = au_open();
+ if (afd < 0) {
+ error = errno;
+ syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s",
+ strerror(errno));
+ errno = error;
+ return (-1);
+ }
+ if (getaudit(&ai) < 0) {
+ error = errno;
+ syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s",
+ strerror(errno));
+ errno = error;
+ return (-1);
+ }
+ pid = getpid();
+ token = au_to_subject32(auid, geteuid(), getegid(),
+ getuid(), getgid(), pid, pid, &ai.ai_termid);
+ if (token == NULL) {
+ syslog(LOG_AUTH | LOG_ERR,
+ "audit: unable to build subject token");
+ (void) au_close(afd, AU_TO_NO_WRITE, au_event);
+ errno = EPERM;
+ return (-1);
+ }
+ if (au_write(afd, token) < 0) {
+ error = errno;
+ syslog(LOG_AUTH | LOG_ERR,
+ "audit: au_write failed: %s", strerror(errno));
+ (void) au_close(afd, AU_TO_NO_WRITE, au_event);
+ errno = error;
+ return (-1);
+ }
+ if (fmt != NULL) {
+ va_start(ap, fmt);
+ (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap);
+ va_end(ap);
+ token = au_to_text(text);
+ if (token == NULL) {
+ syslog(LOG_AUTH | LOG_ERR,
+ "audit: failed to generate text token");
+ (void) au_close(afd, AU_TO_NO_WRITE, au_event);
+ errno = EPERM;
+ return (-1);
+ }
+ if (au_write(afd, token) < 0) {
+ error = errno;
+ syslog(LOG_AUTH | LOG_ERR,
+ "audit: au_write failed: %s", strerror(errno));
+ (void) au_close(afd, AU_TO_NO_WRITE, au_event);
+ errno = error;
+ return (-1);
+ }
+ }
+ token = au_to_return32(status, reterr);
+ if (token == NULL) {
+ syslog(LOG_AUTH | LOG_ERR,
+ "audit: enable to build return token");
+ (void) au_close(afd, AU_TO_NO_WRITE, au_event);
+ errno = EPERM;
+ return (-1);
+ }
+ if (au_write(afd, token) < 0) {
+ error = errno;
+ syslog(LOG_AUTH | LOG_ERR,
+ "audit: au_write failed: %s", strerror(errno));
+ (void) au_close(afd, AU_TO_NO_WRITE, au_event);
+ errno = error;
+ return (-1);
+ }
+ if (au_close(afd, AU_TO_WRITE, au_event) < 0) {
+ error = errno;
+ syslog(LOG_AUTH | LOG_ERR, "audit: record not committed");
+ errno = error;
+ return (-1);
+ }
+ return (0);
+}
+
int
audit_set_terminal_port(dev_t *p)
{
@@ -130,7 +240,7 @@ audit_set_terminal_id(au_tid_t *tid)
* tok = au_to_random_token_2(...);
* au_write(aufd, tok);
* ...
- * au_close(aufd, 1, AUE_your_event_type);
+ * au_close(aufd, AU_TO_WRITE, AUE_your_event_type);
*
* Assumes, like all wrapper calls, that the caller has previously checked
* that auditing is enabled via the audit_get_state() call.
@@ -156,7 +266,7 @@ audit_write(short event_code, token_t *subject, token_t *misctok, char retval,
if (subject && au_write(aufd, subject) == -1) {
au_free_token(subject);
au_free_token(misctok);
- (void)au_close(aufd, 0, event_code);
+ (void)au_close(aufd, AU_TO_WRITE, event_code);
syslog(LOG_ERR, "%s: write of subject failed", func);
return (kAUWriteSubjectTokErr);
}
@@ -164,31 +274,30 @@ audit_write(short event_code, token_t *subject, token_t *misctok, char retval,
/* Save the event-specific token. */
if (misctok && au_write(aufd, misctok) == -1) {
au_free_token(misctok);
- (void)au_close(aufd, 0, event_code);
+ (void)au_close(aufd, AU_TO_NO_WRITE, event_code);
syslog(LOG_ERR, "%s: write of caller token failed", func);
return (kAUWriteCallerTokErr);
}
/* Tokenize and save the return value. */
if ((rettok = au_to_return32(retval, errcode)) == NULL) {
- (void)au_close(aufd, 0, event_code);
+ (void)au_close(aufd, AU_TO_NO_WRITE, event_code);
syslog(LOG_ERR, "%s: au_to_return32() failed", func);
return (kAUMakeReturnTokErr);
}
if (au_write(aufd, rettok) == -1) {
au_free_token(rettok);
- (void)au_close(aufd, 0, event_code);
+ (void)au_close(aufd, AU_TO_NO_WRITE, event_code);
syslog(LOG_ERR, "%s: write of return code failed", func);
return (kAUWriteReturnTokErr);
}
/*
- * au_close()'s second argument is "keep": if keep == 0, the record is
- * discarded. We assume the caller wouldn't have bothered with this
+ * We assume the caller wouldn't have bothered with this
* function if it hadn't already decided to keep the record.
*/
- if (au_close(aufd, 1, event_code) < 0) {
+ if (au_close(aufd, AU_TO_WRITE, event_code) < 0) {
syslog(LOG_ERR, "%s: au_close() failed", func);
return (kAUCloseErr);
}
diff --git a/contrib/openbsm/libbsm/libbsm.3 b/contrib/openbsm/libbsm/libbsm.3
index c2ea877b3be3..df0c3c16e084 100644
--- a/contrib/openbsm/libbsm/libbsm.3
+++ b/contrib/openbsm/libbsm/libbsm.3
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#5 $
.\"
.Dd April 19, 2005
.Dt LIBBSM 3
@@ -158,9 +158,6 @@ representation.
.Xr au_to_return32 3 ,
.Xr au_to_return64 3 ,
.Xr au_to_seq 3 ,
-.Xr au_to_socket 3 ,
-.Xr au_to_socket_ex_32 3 ,
-.Xr au_to_socket_ex_128 3 ,
.Xr au_to_sock_inet 3 ,
.Xr au_to_sock_inet32 3 ,
.Xr au_to_sock_inet128 3 ,
diff --git a/contrib/openbsm/man/auditctl.2 b/contrib/openbsm/man/auditctl.2
index 48bec1cd2cbb..afda8e4b1335 100644
--- a/contrib/openbsm/man/auditctl.2
+++ b/contrib/openbsm/man/auditctl.2
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditctl.2#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditctl.2#5 $
.\"
.Dd April 19, 2005
.Dt AUDITCTL 2
@@ -34,7 +34,7 @@
.Sh SYNOPSIS
.In bsm/audit.h
.Ft int
-.Fn auditon "const char *path"
+.Fn auditctl "const char *path"
.Sh DESCRIPTION
The
.Fn auditctl
diff --git a/contrib/openbsm/modules/Makefile.am b/contrib/openbsm/modules/Makefile.am
new file mode 100644
index 000000000000..41f70f553ead
--- /dev/null
+++ b/contrib/openbsm/modules/Makefile.am
@@ -0,0 +1,7 @@
+#
+# $P4: //depot/projects/trustedbsd/openbsm/modules/Makefile.am#1 $
+#
+
+SUBDIRS = \
+ auditfilter_noop
+
diff --git a/contrib/openbsm/modules/Makefile.in b/contrib/openbsm/modules/Makefile.in
new file mode 100644
index 000000000000..b5cfd050ba10
--- /dev/null
+++ b/contrib/openbsm/modules/Makefile.in
@@ -0,0 +1,477 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# $P4: //depot/projects/trustedbsd/openbsm/modules/Makefile.in#1 $
+#
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = modules
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config/config.h
+CONFIG_CLEAN_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-exec-recursive install-info-recursive \
+ install-recursive installcheck-recursive installdirs-recursive \
+ pdf-recursive ps-recursive uninstall-info-recursive \
+ uninstall-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+HAVE_AUDIT_SYSCALLS_FALSE = @HAVE_AUDIT_SYSCALLS_FALSE@
+HAVE_AUDIT_SYSCALLS_TRUE = @HAVE_AUDIT_SYSCALLS_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+SUBDIRS = \
+ auditfilter_noop
+
+all: all-recursive
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign modules/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign modules/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+mostlyclean-recursive clean-recursive distclean-recursive \
+maintainer-clean-recursive:
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(mkdir_p) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool \
+ distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-recursive
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-info-am
+
+uninstall-info: uninstall-info-recursive
+
+.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am check check-am \
+ clean clean-generic clean-libtool clean-recursive ctags \
+ ctags-recursive distclean distclean-generic distclean-libtool \
+ distclean-recursive distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-exec install-exec-am install-info \
+ install-info-am install-man install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic maintainer-clean-recursive \
+ mostlyclean mostlyclean-generic mostlyclean-libtool \
+ mostlyclean-recursive pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/contrib/openbsm/modules/auditfilter_noop/Makefile.am b/contrib/openbsm/modules/auditfilter_noop/Makefile.am
new file mode 100644
index 000000000000..e4b7a5afd118
--- /dev/null
+++ b/contrib/openbsm/modules/auditfilter_noop/Makefile.am
@@ -0,0 +1,10 @@
+#
+# $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/Makefile.am#1 $
+#
+
+INCLUDES = -I$(top_srcdir)
+
+lib_LTLIBRARIES = auditfilter_noop.la
+
+auditfilter_noop_la_SOURCE = auditfilter_noop.c
+auditfilter_noop_la_LDFLAGS = -module
diff --git a/contrib/openbsm/modules/auditfilter_noop/Makefile.in b/contrib/openbsm/modules/auditfilter_noop/Makefile.in
new file mode 100644
index 000000000000..400739d7eff1
--- /dev/null
+++ b/contrib/openbsm/modules/auditfilter_noop/Makefile.in
@@ -0,0 +1,459 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/Makefile.in#1 $
+#
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ../..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = modules/auditfilter_noop
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+auditfilter_noop_la_LIBADD =
+auditfilter_noop_la_SOURCES = auditfilter_noop.c
+auditfilter_noop_la_OBJECTS = auditfilter_noop.lo
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/config
+depcomp = $(SHELL) $(top_srcdir)/config/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = auditfilter_noop.c
+DIST_SOURCES = auditfilter_noop.c
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+HAVE_AUDIT_SYSCALLS_FALSE = @HAVE_AUDIT_SYSCALLS_FALSE@
+HAVE_AUDIT_SYSCALLS_TRUE = @HAVE_AUDIT_SYSCALLS_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+INCLUDES = -I$(top_srcdir)
+lib_LTLIBRARIES = auditfilter_noop.la
+auditfilter_noop_la_SOURCE = auditfilter_noop.c
+auditfilter_noop_la_LDFLAGS = -module
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign modules/auditfilter_noop/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign modules/auditfilter_noop/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(mkdir_p) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @set -x; list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+auditfilter_noop.la: $(auditfilter_noop_la_OBJECTS) $(auditfilter_noop_la_DEPENDENCIES)
+ $(LINK) -rpath $(libdir) $(auditfilter_noop_la_LDFLAGS) $(auditfilter_noop_la_OBJECTS) $(auditfilter_noop_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditfilter_noop.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(mkdir_p) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am uninstall-libLTLIBRARIES
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-exec \
+ install-exec-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-info-am \
+ uninstall-libLTLIBRARIES
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c b/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c
new file mode 100644
index 000000000000..1bac0b3839e2
--- /dev/null
+++ b/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c
@@ -0,0 +1,73 @@
+/*-
+ * Copyright (c) 2006 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/auditfilter_noop.c#2 $
+ */
+
+/*
+ * Sample audit filter: no-op which sinks audit records in both BSM and
+ * parsed formats, but does nothing with them.
+ */
+
+#include <bsm/libbsm.h>
+
+#include <bsm/libbsm.h>
+#include <bsm/audit_filter.h>
+
+int
+AUDIT_FILTER_ATTACH(void **instance, int argc, char *argv[])
+{
+
+ return (0);
+}
+
+int
+AUDIT_FILTER_REINIT(void *instance, int argc, char *argv[])
+{
+
+ return (0);
+}
+
+void
+AUDIT_FILTER_RECORD(void *instance, struct timespec *ts, int token_count,
+ const tokenstr_t *tok[])
+{
+
+}
+
+void
+AUDIT_FILTER_BSMRECORD(void *instance, struct timespec *ts, u_char *data,
+ u_int len)
+{
+
+}
+
+void
+AUDIT_FILTER_DETACH(void *instance)
+{
+
+}
diff --git a/contrib/openbsm/test/Makefile.am b/contrib/openbsm/test/Makefile.am
new file mode 100644
index 000000000000..e52150cb1830
--- /dev/null
+++ b/contrib/openbsm/test/Makefile.am
@@ -0,0 +1,6 @@
+#
+# $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.am#1 $
+#
+
+SUBDIRS = \
+ bsm
diff --git a/contrib/openbsm/test/Makefile.in b/contrib/openbsm/test/Makefile.in
new file mode 100644
index 000000000000..3b98057d2ecf
--- /dev/null
+++ b/contrib/openbsm/test/Makefile.in
@@ -0,0 +1,477 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.in#1 $
+#
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = test
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config/config.h
+CONFIG_CLEAN_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-exec-recursive install-info-recursive \
+ install-recursive installcheck-recursive installdirs-recursive \
+ pdf-recursive ps-recursive uninstall-info-recursive \
+ uninstall-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+HAVE_AUDIT_SYSCALLS_FALSE = @HAVE_AUDIT_SYSCALLS_FALSE@
+HAVE_AUDIT_SYSCALLS_TRUE = @HAVE_AUDIT_SYSCALLS_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+SUBDIRS = \
+ bsm
+
+all: all-recursive
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign test/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign test/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+mostlyclean-recursive clean-recursive distclean-recursive \
+maintainer-clean-recursive:
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(mkdir_p) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool \
+ distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-recursive
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-info-am
+
+uninstall-info: uninstall-info-recursive
+
+.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am check check-am \
+ clean clean-generic clean-libtool clean-recursive ctags \
+ ctags-recursive distclean distclean-generic distclean-libtool \
+ distclean-recursive distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-exec install-exec-am install-info \
+ install-info-am install-man install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic maintainer-clean-recursive \
+ mostlyclean mostlyclean-generic mostlyclean-libtool \
+ mostlyclean-recursive pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/contrib/openbsm/test/bsm/Makefile.am b/contrib/openbsm/test/bsm/Makefile.am
new file mode 100644
index 000000000000..8aa7934ef521
--- /dev/null
+++ b/contrib/openbsm/test/bsm/Makefile.am
@@ -0,0 +1,9 @@
+#
+# $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.am#1 $
+#
+
+INCLUDES = -I$(top_srcdir)
+
+bin_PROGRAMS = generate
+generate_SOURCES = generate.c
+generate_LDADD = $(top_builddir)/libbsm/libbsm.la
diff --git a/contrib/openbsm/test/bsm/Makefile.in b/contrib/openbsm/test/bsm/Makefile.in
new file mode 100644
index 000000000000..5cfa13d410fd
--- /dev/null
+++ b/contrib/openbsm/test/bsm/Makefile.in
@@ -0,0 +1,453 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.in#1 $
+#
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ../..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+bin_PROGRAMS = generate$(EXEEXT)
+subdir = test/bsm
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS)
+am_generate_OBJECTS = generate.$(OBJEXT)
+generate_OBJECTS = $(am_generate_OBJECTS)
+generate_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/config
+depcomp = $(SHELL) $(top_srcdir)/config/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(generate_SOURCES)
+DIST_SOURCES = $(generate_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+HAVE_AUDIT_SYSCALLS_FALSE = @HAVE_AUDIT_SYSCALLS_FALSE@
+HAVE_AUDIT_SYSCALLS_TRUE = @HAVE_AUDIT_SYSCALLS_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+INCLUDES = -I$(top_srcdir)
+generate_SOURCES = generate.c
+generate_LDADD = $(top_builddir)/libbsm/libbsm.la
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign test/bsm/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign test/bsm/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+generate$(EXEEXT): $(generate_OBJECTS) $(generate_DEPENDENCIES)
+ @rm -f generate$(EXEEXT)
+ $(LINK) $(generate_LDFLAGS) $(generate_OBJECTS) $(generate_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generate.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)"; do \
+ test -z "$$dir" || $(mkdir_p) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am: install-binPROGRAMS
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-info-am
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
+ clean-generic clean-libtool ctags distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-binPROGRAMS install-data install-data-am install-exec \
+ install-exec-am install-info install-info-am install-man \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-binPROGRAMS uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/contrib/openbsm/test/bsm/generate.c b/contrib/openbsm/test/bsm/generate.c
new file mode 100644
index 000000000000..89449313b5b1
--- /dev/null
+++ b/contrib/openbsm/test/bsm/generate.c
@@ -0,0 +1,755 @@
+/*-
+ * Copyright (c) 2006 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#3 $
+ */
+
+/*
+ * Generate a series of BSM token samples in the requested directory.
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+
+#include <arpa/inet.h>
+
+#include <bsm/audit_kevents.h>
+#include <bsm/libbsm.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sysexits.h>
+#include <unistd.h>
+
+static int do_records, do_tokens;
+
+static void
+usage(void)
+{
+
+ fprintf(stderr, "generate [-rt] path\n");
+ exit(EX_USAGE);
+}
+
+static int
+open_file(const char *directory, const char *name)
+{
+ char pathname[PATH_MAX];
+ int fd;
+
+ snprintf(pathname, PATH_MAX, "%s/%s", directory, name);
+ (void)unlink(pathname);
+ fd = open(pathname, O_WRONLY | O_CREAT | O_EXCL, 0600);
+ if (fd < 0)
+ err(EX_CANTCREAT, "open: %s", name);
+ return (fd);
+}
+
+static void
+write_file(int fd, void *buffer, size_t buflen, const char *filename)
+{
+ ssize_t len;
+
+ len = write(fd, buffer, buflen);
+ if (len < 0)
+ err(EX_OSERR, "write_file: %s", filename);
+ if (len < buflen)
+ err(EX_OSERR, "write_file: short write: %s", filename);
+}
+
+/*
+ * Write a single token to a file.
+ */
+static void
+write_token(const char *directory, const char *filename, token_t *tok)
+{
+ u_char buffer[MAX_AUDIT_RECORD_SIZE];
+ size_t buflen;
+ int fd;
+
+ buflen = MAX_AUDIT_RECORD_SIZE;
+ if (au_close_token(tok, buffer, &buflen) < 0)
+ err(EX_UNAVAILABLE, "au_close_token");
+ fd = open_file(directory, filename);
+ write_file(fd, buffer, buflen, filename);
+ close(fd);
+}
+
+/*
+ * Write a token to a file, wrapped in audit record header and trailer.
+ */
+static void
+write_record(const char *directory, const char *filename, token_t *tok,
+ short event)
+{
+ u_char buffer[MAX_AUDIT_RECORD_SIZE];
+ size_t buflen;
+ int au, fd;
+
+ au = au_open();
+ if (au < 0)
+ err(EX_UNAVAILABLE, "au_open");
+ if (au_write(au, tok) < 0)
+ err(EX_UNAVAILABLE, "au_write");
+ buflen = MAX_AUDIT_RECORD_SIZE;
+ if (au_close_buffer(au, event, buffer, &buflen) < 0)
+ err(EX_UNAVAILABLE, "au_close_buffer");
+ fd = open_file(directory, filename);
+ write_file(fd, buffer, buflen, filename);
+ close(fd);
+}
+
+static struct timeval file_token_timeval = { 0x12345, 0x67890} ;
+
+static void
+generate_file_token(const char *directory, const char *token_filename)
+{
+ token_t *file_token;
+
+ file_token = au_to_file("test", file_token_timeval);
+ if (file_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_file");
+ write_token(directory, token_filename, file_token);
+}
+
+/*
+ * AUT_OHEADER
+ */
+
+static int trailer_token_len = 0x12345678;
+
+static void
+generate_trailer_token(const char *directory, const char *token_filename)
+{
+ token_t *trailer_token;
+
+ trailer_token = au_to_trailer(trailer_token_len);
+ if (trailer_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_trailer");
+ write_token(directory, token_filename, trailer_token);
+}
+
+static int header32_token_len = 0x12345678;
+static au_event_t header32_e_type = AUE_OPEN;
+static au_emod_t header32_e_mod = 0x4567;
+static struct timeval header32_tm = { 0x12345, 0x67890 };
+
+static void
+generate_header32_token(const char *directory, const char *token_filename)
+{
+ token_t *header32_token;
+
+ header32_token = au_to_header32_tm(header32_token_len,
+ header32_e_type, header32_e_mod, header32_tm);
+ if (header32_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_header32");
+ write_token(directory, token_filename, header32_token);
+}
+
+/*
+ * AUT_HEADER32_EX
+ */
+
+static char data_token_unit_print = AUP_STRING;
+static char data_token_unit_type = AUR_CHAR;
+static char *data_token_data = "SomeData";
+static char data_token_unit_count = sizeof("SomeData") + 1;
+
+static void
+generate_data_token(const char *directory, const char *token_filename)
+{
+ token_t *data_token;
+
+ data_token = au_to_data(data_token_unit_print, data_token_unit_type,
+ data_token_unit_count, data_token_data);
+ if (data_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_data");
+ write_token(directory, token_filename, data_token);
+}
+
+static void
+generate_data_record(const char *directory, const char *record_filename)
+{
+ token_t *data_token;
+
+ data_token = au_to_data(data_token_unit_print, data_token_unit_type,
+ data_token_unit_count, data_token_data);
+ if (data_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_data");
+ write_record(directory, record_filename, data_token, AUE_NULL);
+}
+
+static char ipc_type = AT_IPC_MSG;
+static int ipc_id = 0x12345678;
+
+static void
+generate_ipc_token(const char *directory, const char *token_filename)
+{
+ token_t *ipc_token;
+
+ ipc_token = au_to_ipc(ipc_type, ipc_id);
+ if (ipc_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_ipc");
+ write_token(directory, token_filename, ipc_token);
+}
+
+static void
+generate_ipc_record(const char *directory, const char *record_filename)
+{
+ token_t *ipc_token;
+
+ ipc_token = au_to_ipc(ipc_type, ipc_id);
+ if (ipc_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_ipc");
+ write_record(directory, record_filename, ipc_token, AUE_NULL);
+}
+
+static char *path_token_path = "/test/this/is/a/test";
+
+static void
+generate_path_token(const char *directory, const char *token_filename)
+{
+ token_t *path_token;
+
+ path_token = au_to_path(path_token_path);
+ if (path_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_path");
+ write_token(directory, token_filename, path_token);
+}
+
+static void
+generate_path_record(const char *directory, const char *record_filename)
+{
+ token_t *path_token;
+
+ path_token = au_to_path(path_token_path);
+ if (path_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_path");
+ write_record(directory, record_filename, path_token, AUE_NULL);
+}
+
+static au_id_t subject32_auid = 0x12345678;
+static uid_t subject32_euid = 0x01234567;
+static gid_t subject32_egid = 0x23456789;
+static uid_t subject32_ruid = 0x98765432;
+static gid_t subject32_rgid = 0x09876543;
+static pid_t subject32_pid = 0x13243546;
+static au_asid_t subject32_sid = 0x97867564;
+static au_tid_t subject32_tid = { 0x16593746 };
+
+static void
+generate_subject32_token(const char *directory, const char *token_filename)
+{
+ token_t *subject32_token;
+
+ subject32_tid.machine = inet_addr("127.0.0.1");
+
+ subject32_token = au_to_subject32(subject32_auid, subject32_euid,
+ subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
+ subject32_sid, &subject32_tid);
+ if (subject32_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_subject32");
+ write_token(directory, token_filename, subject32_token);
+}
+
+static void
+generate_subject32_record(const char *directory, const char *record_filename)
+{
+ token_t *subject32_token;
+
+ subject32_tid.machine = inet_addr("127.0.0.1");
+
+ subject32_token = au_to_subject32(subject32_auid, subject32_euid,
+ subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
+ subject32_sid, &subject32_tid);
+ if (subject32_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_subject32");
+ write_record(directory, record_filename, subject32_token, AUE_NULL);
+}
+
+static au_id_t process32_auid = 0x12345678;
+static uid_t process32_euid = 0x01234567;
+static gid_t process32_egid = 0x23456789;
+static uid_t process32_ruid = 0x98765432;
+static gid_t process32_rgid = 0x09876543;
+static pid_t process32_pid = 0x13243546;
+static au_asid_t process32_sid = 0x97867564;
+static au_tid_t process32_tid = { 0x16593746 };
+
+static void
+generate_process32_token(const char *directory, const char *token_filename)
+{
+ token_t *process32_token;
+
+ process32_tid.machine = inet_addr("127.0.0.1");
+
+ process32_token = au_to_process32(process32_auid, process32_euid,
+ process32_egid, process32_ruid, process32_rgid, process32_pid,
+ process32_sid, &process32_tid);
+ if (process32_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_process32");
+ write_token(directory, token_filename, process32_token);
+}
+
+static void
+generate_process32_record(const char *directory, const char *record_filename)
+{
+ token_t *process32_token;
+
+ process32_tid.machine = inet_addr("127.0.0.1");
+
+ process32_token = au_to_process32(process32_auid, process32_euid,
+ process32_egid, process32_ruid, process32_rgid, process32_pid,
+ process32_sid, &process32_tid);
+ if (process32_token == NULL)
+ err(EX_UNAVAILABLE, "au_ti_process32");
+ write_record(directory, record_filename, process32_token, AUE_NULL);
+}
+
+static char return32_status = 0xd7;
+static uint32_t return32_ret = 0x12345678;
+
+static void
+generate_return32_token(const char *directory, const char *token_filename)
+{
+ token_t *return32_token;
+
+ return32_token = au_to_return32(return32_status, return32_ret);
+ if (return32_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_return32");
+ write_token(directory, token_filename, return32_token);
+}
+
+static void
+generate_return32_record(const char *directory, const char *record_filename)
+{
+ token_t *return32_token;
+
+ return32_token = au_to_return32(return32_status, return32_ret);
+ if (return32_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_return32");
+ write_record(directory, record_filename, return32_token, AUE_NULL);
+}
+
+static char *text_token_text = "This is a test.";
+
+static void
+generate_text_token(const char *directory, const char *token_filename)
+{
+ token_t *text_token;
+
+ text_token = au_to_text(text_token_text);
+ if (text_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_text");
+ write_token(directory, token_filename, text_token);
+}
+
+static void
+generate_text_record(const char *directory, const char *record_filename)
+{
+ token_t *text_token;
+
+ text_token = au_to_text(text_token_text);
+ if (text_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_text");
+ write_record(directory, record_filename, text_token, AUE_NULL);
+}
+
+static char opaque_token_data[] = {0xaa, 0xbb, 0xcc, 0xdd};
+static int opaque_token_bytes = sizeof(opaque_token_data);
+
+static void
+generate_opaque_token(const char *directory, const char *token_filename)
+{
+ token_t *opaque_token;
+
+ opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes);
+ if (opaque_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_opaque");
+ write_token(directory, token_filename, opaque_token);
+}
+
+static void
+generate_opaque_record(const char *directory, const char *record_filename)
+{
+ token_t *opaque_token;
+
+ opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes);
+ if (opaque_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_opaque");
+ write_record(directory, record_filename, opaque_token, AUE_NULL);
+}
+
+static struct in_addr in_addr_token_addr;
+
+static void
+generate_in_addr_token(const char *directory, const char *token_filename)
+{
+ token_t *in_addr_token;
+
+ in_addr_token_addr.s_addr = inet_addr("192.168.100.15");
+
+ in_addr_token = au_to_in_addr(&in_addr_token_addr);
+ if (in_addr_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_in_addr");
+ write_token(directory, token_filename, in_addr_token);
+}
+
+static void
+generate_in_addr_record(const char *directory, const char *record_filename)
+{
+ token_t *in_addr_token;
+
+ in_addr_token_addr.s_addr = inet_addr("192.168.100.15");
+
+ in_addr_token = au_to_in_addr(&in_addr_token_addr);
+ if (in_addr_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_in_addr");
+ write_record(directory, record_filename, in_addr_token, AUE_NULL);
+}
+
+static struct ip ip_token_ip;
+static u_char ip_token_ip_v = 4;
+static uint16_t ip_token_ip_id = 0x5478;
+static u_char ip_token_ip_ttl = 64;
+static u_char ip_token_ip_p = IPPROTO_ICMP;
+static struct in_addr ip_token_ip_src;
+static struct in_addr ip_token_ip_dst;
+
+static void
+generate_ip_token(const char *directory, const char *token_filename)
+{
+ token_t *ip_token;
+
+ ip_token_ip_src.s_addr = inet_addr("192.168.100.155");
+ ip_token_ip_dst.s_addr = inet_addr("192.168.110.48");
+
+ memset(&ip_token_ip, 0, sizeof(ip_token_ip));
+ ip_token_ip.ip_v = ip_token_ip_v;
+ ip_token_ip.ip_len = htons(sizeof(ip_token_ip));
+ ip_token_ip.ip_id = htons(ip_token_ip_id);
+ ip_token_ip.ip_ttl = ip_token_ip_ttl;
+ ip_token_ip.ip_p = ip_token_ip_p;
+ ip_token_ip.ip_src = ip_token_ip_src;
+ ip_token_ip.ip_dst = ip_token_ip_dst;
+
+ ip_token = au_to_ip(&ip_token_ip);
+ if (ip_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_ip");
+ write_token(directory, token_filename, ip_token);
+}
+
+static void
+generate_ip_record(const char *directory, const char *record_filename)
+{
+ token_t *ip_token;
+
+ ip_token_ip_src.s_addr = inet_addr("192.168.100.155");
+ ip_token_ip_dst.s_addr = inet_addr("192.168.110.48");
+
+ memset(&ip_token_ip, 0, sizeof(ip_token_ip));
+ ip_token_ip.ip_v = ip_token_ip_v;
+ ip_token_ip.ip_len = htons(sizeof(ip_token_ip));
+ ip_token_ip.ip_id = htons(ip_token_ip_id);
+ ip_token_ip.ip_ttl = ip_token_ip_ttl;
+ ip_token_ip.ip_p = ip_token_ip_p;
+ ip_token_ip.ip_src = ip_token_ip_src;
+ ip_token_ip.ip_dst = ip_token_ip_dst;
+
+ ip_token = au_to_ip(&ip_token_ip);
+ if (ip_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_ip");
+ write_record(directory, record_filename, ip_token, AUE_NULL);
+}
+
+static u_int16_t iport_token_iport;
+
+static void
+generate_iport_token(const char *directory, const char *token_filename)
+{
+ token_t *iport_token;
+
+ iport_token_iport = htons(80);
+
+ iport_token = au_to_iport(iport_token_iport);
+ if (iport_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_iport");
+ write_token(directory, token_filename, iport_token);
+}
+
+static void
+generate_iport_record(const char *directory, const char *record_filename)
+{
+ token_t *iport_token;
+
+ iport_token_iport = htons(80);
+
+ iport_token = au_to_iport(iport_token_iport);
+ if (iport_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_iport");
+ write_record(directory, record_filename, iport_token, AUE_NULL);
+}
+
+static char arg32_token_n = 3;
+static char *arg32_token_text = "test_arg32_token";
+static uint32_t arg32_token_v = 0xabcdef00;
+
+static void
+generate_arg32_token(const char *directory, const char *token_filename)
+{
+ token_t *arg32_token;
+
+ arg32_token = au_to_arg32(arg32_token_n, arg32_token_text,
+ arg32_token_v);
+ if (arg32_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_arg32");
+ write_token(directory, token_filename, arg32_token);
+}
+
+static void
+generate_arg32_record(const char *directory, const char *record_filename)
+{
+ token_t *arg32_token;
+
+ arg32_token = au_to_arg32(arg32_token_n, arg32_token_text,
+ arg32_token_v);
+ if (arg32_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_arg32");
+ write_record(directory, record_filename, arg32_token, AUE_NULL);
+}
+
+static long seq_audit_count = 0x12345678;
+
+static void
+generate_seq_token(const char *directory, const char *token_filename)
+{
+ token_t *seq_token;
+
+ seq_token = au_to_seq(seq_audit_count);
+ if (seq_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_seq");
+ write_token(directory, token_filename, seq_token);
+}
+
+static void
+generate_seq_record(const char *directory, const char *record_filename)
+{
+ token_t *seq_token;
+
+ seq_token = au_to_seq(seq_audit_count);
+ if (seq_token == NULL)
+ err(EX_UNAVAILABLE, "au_to_seq");
+ write_record(directory, record_filename, seq_token, AUE_NULL);
+}
+
+/*
+ * AUT_ACL
+ */
+
+static void
+generate_attr_token(const char *directory, const char *token_filename)
+{
+ token_t *attr_token;
+
+}
+
+static void
+generate_attr_record(const char *directory, const char *record_filename)
+{
+ token_t *attr_token;
+
+}
+
+static void
+generate_ipc_perm_token(const char *directory, const char *token_filename)
+{
+ token_t *ipc_perm_token;
+
+}
+
+static void
+generate_ipc_perm_record(const char *directory, const char *record_filename)
+{
+ token_t *ipc_perm_token;
+
+}
+
+/*
+ * AUT_LABEL
+ */
+
+static void
+generate_groups_token(const char *directory, const char *token_filename)
+{
+ token_t *groups_token;
+
+}
+
+static void
+generate_groups_record(const char *directory, const char *record_filename)
+{
+ token_t *groups_token;
+
+}
+
+/*
+ * AUT_ILABEL
+ */
+
+/*
+ * AUT_SLABEL
+ */
+
+/*
+ * AUT_CLEAR
+ */
+
+/*
+ * AUT_PRIV
+ */
+
+/*
+ * AUT_UPRIV
+ */
+
+/*
+ * AUT_LIAISON
+ */
+
+/*
+ * AUT_NEWGROUPS
+ */
+
+/*
+ * AUT_EXEC_ARGS
+ */
+
+/*
+ * AUT_EXEC_ENV
+ */
+
+static void
+generate_attr32_token(const char *directory, const char *token_filename)
+{
+ token_t *attr32_token;
+
+}
+
+static void
+generate_attr32_record(const char *directory, const char *record_filename)
+{
+ token_t *attr32_token;
+
+}
+
+int
+main(int argc, char *argv[])
+{
+ const char *directory;
+ int ch;
+
+ while ((ch = getopt(argc, argv, "rt")) != -1) {
+ switch (ch) {
+ case 'r':
+ do_records++;
+ break;
+
+ case 't':
+ do_tokens++;
+ break;
+
+ default:
+ usage();
+ }
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ if (argc != 1)
+ usage();
+
+ directory = argv[0];
+
+ if (mkdir(directory, 0755) < 0 && errno != EEXIST)
+ err(EX_OSERR, "mkdir: %s", directory);
+
+ if (do_tokens) {
+ generate_file_token(directory, "file_token");
+ generate_trailer_token(directory, "trailer_token");
+ generate_header32_token(directory, "header32_token");
+ generate_data_token(directory, "data_token");
+ generate_ipc_token(directory, "ipc_token");
+ generate_path_token(directory, "path_token");
+ generate_subject32_token(directory, "subject32_token");
+ generate_process32_token(directory, "process32_token");
+ generate_return32_token(directory, "return32_token");
+ generate_text_token(directory, "text_token");
+ generate_opaque_token(directory, "opaque_token");
+ generate_in_addr_token(directory, "in_addr_token");
+ generate_ip_token(directory, "ip_token");
+ generate_iport_token(directory, "iport_token");
+ generate_arg32_token(directory, "arg32_token");
+ generate_seq_token(directory, "seq_token");
+ generate_attr_token(directory, "attr_token");
+ generate_ipc_perm_token(directory, "ipc_perm_token");
+ generate_groups_token(directory, "groups_token");
+ generate_attr32_token(directory, "attr32_token");
+ }
+
+ if (do_records) {
+ generate_file_token(directory, "file_token");
+ generate_trailer_token(directory, "trailer_token");
+ generate_header32_token(directory, "header32_token");
+ generate_data_token(directory, "data_record");
+ generate_ipc_token(directory, "ipc_record");
+ generate_path_token(directory, "path_record");
+ generate_subject32_token(directory, "subject32_record");
+ generate_process32_token(directory, "process32_record");
+ generate_return32_token(directory, "return32_record");
+ generate_text_token(directory, "text_record");
+ generate_opaque_token(directory, "opaque_record");
+ generate_in_addr_token(directory, "in_addr_record");
+ generate_ip_token(directory, "ip_record");
+ generate_iport_token(directory, "iport_record");
+ generate_arg32_token(directory, "arg32_record");
+ generate_seq_token(directory, "seq_record");
+ generate_attr_token(directory, "attr_record");
+ generate_ipc_perm_token(directory, "ipc_perm_record");
+ generate_groups_token(directory, "groups_record");
+ generate_attr32_token(directory, "attr32_record");
+ }
+
+ return (0);
+}