aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2006-02-11 00:39:23 +0000
committerRobert Watson <rwatson@FreeBSD.org>2006-02-11 00:39:23 +0000
commitf4e380b0ce61bf1224efd31d7261e40f3a423af9 (patch)
tree2466057676bf82de8285107aedb42f759416805f
parent23bf6e2091d6f4eea4818bb19a867eb620f04d13 (diff)
downloadsrc-f4e380b0ce61bf1224efd31d7261e40f3a423af9.tar.gz
src-f4e380b0ce61bf1224efd31d7261e40f3a423af9.zip
CVS import OpenBSM 1.0 alpha 4:vendor/openbsm/1.0-ALPHA-4
- Remove "audit" user example from audit_user, as it's not present on most systems. - Add cannot_audit() function non-Darwin systems that wraps auditon(); required by OpenSSH BSM support. Convert Darwin cannot_audit() into a function rather than a macro. - Library build fixed on Darwin following include file tweaks. The native Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so for now we force bsm_wrappers.c to not perform a nested include of sys/audit.h. Obtained from: TrustedBSD Project
Notes
Notes: svn path=/vendor/openbsm/dist/; revision=155518 svn path=/vendor/openbsm/1.0-ALPHA-4/; revision=155520; tag=vendor/openbsm/1.0-ALPHA-4
-rw-r--r--contrib/openbsm/CHANGELOG14
-rw-r--r--contrib/openbsm/README3
-rw-r--r--contrib/openbsm/bin/audit/audit.c4
-rw-r--r--contrib/openbsm/bin/auditd/auditd.c4
-rw-r--r--contrib/openbsm/bsm/libbsm.h7
-rw-r--r--contrib/openbsm/etc/audit_user3
-rw-r--r--contrib/openbsm/libbsm/bsm_notify.c29
-rw-r--r--contrib/openbsm/libbsm/bsm_wrappers.c6
-rw-r--r--contrib/openbsm/man/Makefile5
-rw-r--r--contrib/openbsm/tools/audump.c4
10 files changed, 59 insertions, 20 deletions
diff --git a/contrib/openbsm/CHANGELOG b/contrib/openbsm/CHANGELOG
index d9fe34bf41c1..98561097db73 100644
--- a/contrib/openbsm/CHANGELOG
+++ b/contrib/openbsm/CHANGELOG
@@ -1,3 +1,15 @@
+OpenBSM 1.0 alpha 4
+
+- Remove "audit" user example from audit_user, as it's not present on most
+ systems.
+- Add cannot_audit() function non-Darwin systems that wraps auditon();
+ required by OpenSSH BSM support. Convert Darwin cannot_audit() into a
+ function rather than a macro.
+- Library build fixed on Darwin following include file tweaks. The native
+ Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so
+ for now we force bsm_wrappers.c to not perform a nested include of
+ sys/audit.h.
+
OpenBSM 1.0 alpha 3
- Man page formatting, cross reference, mlinks, and accuracy improvements.
@@ -82,4 +94,4 @@ OpenBSM 1.0 alpha 1
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
-$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#10 $
+$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#12 $
diff --git a/contrib/openbsm/README b/contrib/openbsm/README
index 8ea315dae272..1bfe84ed2d1d 100644
--- a/contrib/openbsm/README
+++ b/contrib/openbsm/README
@@ -64,6 +64,7 @@ to the development of OpenBSM:
Poul-Henning Kamp
Christian Brueffer
Olivier Houchard
+ Christian Peron
In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
Software's FlexeLint tool were used to identify a number of bugs in the
@@ -85,4 +86,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page:
http://www.TrustedBSD.org/
-$P4: //depot/projects/trustedbsd/openbsm/README#13 $
+$P4: //depot/projects/trustedbsd/openbsm/README#14 $
diff --git a/contrib/openbsm/bin/audit/audit.c b/contrib/openbsm/bin/audit/audit.c
index faf0a7e70f68..861e4e1073e6 100644
--- a/contrib/openbsm/bin/audit/audit.c
+++ b/contrib/openbsm/bin/audit/audit.c
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#4 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#5 $
*/
/*
* Program to trigger the audit daemon with a message that is either:
@@ -40,8 +40,8 @@
*
*/
-#include <sys/queue.h>
#include <sys/types.h>
+#include <sys/queue.h>
#include <sys/uio.h>
#include <bsm/audit.h>
diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c
index 893e97215490..09118692ccfa 100644
--- a/contrib/openbsm/bin/auditd/auditd.c
+++ b/contrib/openbsm/bin/auditd/auditd.c
@@ -30,14 +30,14 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#11 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#12 $
*/
+#include <sys/types.h>
#include <sys/dirent.h>
#include <sys/mman.h>
#include <sys/queue.h>
#include <sys/stat.h>
-#include <sys/types.h>
#include <sys/wait.h>
#include <bsm/audit.h>
diff --git a/contrib/openbsm/bsm/libbsm.h b/contrib/openbsm/bsm/libbsm.h
index baf9f1479d07..09233c0f1a56 100644
--- a/contrib/openbsm/bsm/libbsm.h
+++ b/contrib/openbsm/bsm/libbsm.h
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#14 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#16 $
*/
#ifndef _LIBBSM_H_
@@ -44,11 +44,12 @@
#include <sys/cdefs.h>
#include <sys/queue.h>
+#include <stdint.h> /* Required for audit.h. */
+
#include <bsm/audit.h>
#include <bsm/audit_record.h>
#include <stdio.h>
-#include <stdint.h>
#ifdef __APPLE__
#include <mach/mach.h> /* audit_token_t */
@@ -871,7 +872,7 @@ int au_get_state(void);
__END_DECLS
/* OpenSSH compatibility */
-#define cannot_audit(x) (!(au_get_state() == AUC_AUDITING))
+int cannot_audit(int);
__BEGIN_DECLS
/*
diff --git a/contrib/openbsm/etc/audit_user b/contrib/openbsm/etc/audit_user
index 925729c12c66..7b92f065b404 100644
--- a/contrib/openbsm/etc/audit_user
+++ b/contrib/openbsm/etc/audit_user
@@ -1,5 +1,4 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#2 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#3 $
#
root:lo:no
-audit:fc:no
diff --git a/contrib/openbsm/libbsm/bsm_notify.c b/contrib/openbsm/libbsm/bsm_notify.c
index 92f9b504d7fc..6741025bc33f 100644
--- a/contrib/openbsm/libbsm/bsm_notify.c
+++ b/contrib/openbsm/libbsm/bsm_notify.c
@@ -26,15 +26,12 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#8 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#9 $
*/
-#ifdef __APPLE__
-
/*
* Based on sample code from Marc Majka.
*/
-#include <notify.h>
#include <string.h> /* strerror() */
#include <sys/errno.h> /* errno */
#include <bsm/libbsm.h>
@@ -42,6 +39,8 @@
#include <syslog.h> /* syslog() */
#include <stdarg.h> /* syslog() */
+#ifdef __APPLE__
+#include <notify.h>
/* If 1, assumes a kernel that sends the right notification. */
#define AUDIT_NOTIFICATION_ENABLED 1
@@ -145,5 +144,25 @@ au_get_state(void)
return (AUC_AUDITING);
}
}
+#endif /* !__APPLE__ */
+
+int
+cannot_audit(int val __unused)
+{
+#ifdef __APPLE__
+ return (!(au_get_state() == AUC_AUDITING));
+#else
+ unsigned long au_cond;
-#endif /* !__APPLE__ */
+ if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+ if (errno != ENOSYS) {
+ syslog(LOG_ERR, "Audit status check failed (%s)",
+ strerror(errno));
+ }
+ return (1);
+ }
+ if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED)
+ return (1);
+ return (0);
+#endif /* !__APPLE__ */
+}
diff --git a/contrib/openbsm/libbsm/bsm_wrappers.c b/contrib/openbsm/libbsm/bsm_wrappers.c
index e7600e7f5ee2..492963e88ab3 100644
--- a/contrib/openbsm/libbsm/bsm_wrappers.c
+++ b/contrib/openbsm/libbsm/bsm_wrappers.c
@@ -26,9 +26,13 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#14 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#16 $
*/
+#ifdef __APPLE__
+#define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */
+#endif
+
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/sysctl.h>
diff --git a/contrib/openbsm/man/Makefile b/contrib/openbsm/man/Makefile
index fec665106ef0..1fbbc31f7afd 100644
--- a/contrib/openbsm/man/Makefile
+++ b/contrib/openbsm/man/Makefile
@@ -1,5 +1,5 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile#5 $
+# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile#7 $
#
MAN= audit.2 \
@@ -16,4 +16,7 @@ MAN= audit.2 \
audit_user.5 \
audit_warn.5
+MLINKS= getaudit.2 getaudit_addr.2 \
+ setaudit.2 setaudit_addr.2
+
.include <bsd.prog.mk>
diff --git a/contrib/openbsm/tools/audump.c b/contrib/openbsm/tools/audump.c
index f1429b599fef..82515a8ffdfe 100644
--- a/contrib/openbsm/tools/audump.c
+++ b/contrib/openbsm/tools/audump.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#4 $
+ * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#5 $
*/
#include <bsm/libbsm.h>
@@ -41,7 +41,7 @@ static void
usage(void)
{
- fprintf(stderr, "usage: dump [class|class_r|control|event|event_r|"
+ fprintf(stderr, "usage: audump [class|class_r|control|event|event_r|"
"user|user_r]\n");
exit(-1);
}