| bsm_audit.c (185573) | bsm_audit.c (186647) |
|---|---|
| 1/*- 2 * Copyright (c) 2004 Apple Inc. 3 * Copyright (c) 2005 SPARTA, Inc. 4 * All rights reserved. 5 * 6 * This code was developed in part by Robert N. M. Watson, Senior Principal 7 * Scientist, SPARTA, Inc. 8 * --- 16 unchanged lines hidden (view full) --- 25 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 30 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 * POSSIBILITY OF SUCH DAMAGE. 32 * | 1/*- 2 * Copyright (c) 2004 Apple Inc. 3 * Copyright (c) 2005 SPARTA, Inc. 4 * All rights reserved. 5 * 6 * This code was developed in part by Robert N. M. Watson, Senior Principal 7 * Scientist, SPARTA, Inc. 8 * --- 16 unchanged lines hidden (view full) --- 25 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 30 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 * POSSIBILITY OF SUCH DAMAGE. 32 * |
| 33 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#31 $ | 33 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#34 $ |
| 34 */ 35 36#include <sys/types.h> 37 38#include <config/config.h> 39#ifdef HAVE_FULL_QUEUE_H 40#include <sys/queue.h> 41#else 42#include <compat/queue.h> 43#endif 44 45#include <bsm/audit_internal.h> 46#include <bsm/libbsm.h> 47 48#include <netinet/in.h> 49 50#include <errno.h> | 34 */ 35 36#include <sys/types.h> 37 38#include <config/config.h> 39#ifdef HAVE_FULL_QUEUE_H 40#include <sys/queue.h> 41#else 42#include <compat/queue.h> 43#endif 44 45#include <bsm/audit_internal.h> 46#include <bsm/libbsm.h> 47 48#include <netinet/in.h> 49 50#include <errno.h> |
| 51#ifdef HAVE_PTHREAD_MUTEX_LOCK |
|
| 51#include <pthread.h> | 52#include <pthread.h> |
| 53#endif |
|
| 52#include <stdlib.h> 53#include <string.h> 54 55/* array of used descriptors */ 56static au_record_t *open_desc_table[MAX_AUDIT_RECORDS]; 57 58/* The current number of active record descriptors */ 59static int audit_rec_count = 0; 60 61/* 62 * Records that can be recycled are maintained in the list given below. The 63 * maximum number of elements that can be present in this list is bounded by 64 * MAX_AUDIT_RECORDS. Memory allocated for these records are never freed. 65 */ 66static LIST_HEAD(, au_record) audit_free_q; 67 | 54#include <stdlib.h> 55#include <string.h> 56 57/* array of used descriptors */ 58static au_record_t *open_desc_table[MAX_AUDIT_RECORDS]; 59 60/* The current number of active record descriptors */ 61static int audit_rec_count = 0; 62 63/* 64 * Records that can be recycled are maintained in the list given below. The 65 * maximum number of elements that can be present in this list is bounded by 66 * MAX_AUDIT_RECORDS. Memory allocated for these records are never freed. 67 */ 68static LIST_HEAD(, au_record) audit_free_q; 69 |
| 70#ifdef HAVE_PTHREAD_MUTEX_LOCK |
|
| 68static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; | 71static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; |
| 72#endif |
|
| 69 70/* 71 * This call frees a token_t and its internal data. 72 */ 73void 74au_free_token(token_t *tok) 75{ 76 --- 11 unchanged lines hidden (view full) --- 88 * tokens associated with this record. Descriptors are recyled once the 89 * records are added to the audit trail following au_close(). 90 */ 91int 92au_open(void) 93{ 94 au_record_t *rec = NULL; 95 | 73 74/* 75 * This call frees a token_t and its internal data. 76 */ 77void 78au_free_token(token_t *tok) 79{ 80 --- 11 unchanged lines hidden (view full) --- 92 * tokens associated with this record. Descriptors are recyled once the 93 * records are added to the audit trail following au_close(). 94 */ 95int 96au_open(void) 97{ 98 au_record_t *rec = NULL; 99 |
| 100#ifdef HAVE_PTHREAD_MUTEX_LOCK |
|
| 96 pthread_mutex_lock(&mutex); | 101 pthread_mutex_lock(&mutex); |
| 102#endif |
|
| 97 98 if (audit_rec_count == 0) 99 LIST_INIT(&audit_free_q); 100 101 /* 102 * Find an unused descriptor, remove it from the free list, mark as 103 * used. 104 */ 105 if (!LIST_EMPTY(&audit_free_q)) { 106 rec = LIST_FIRST(&audit_free_q); 107 rec->used = 1; 108 LIST_REMOVE(rec, au_rec_q); 109 } 110 | 103 104 if (audit_rec_count == 0) 105 LIST_INIT(&audit_free_q); 106 107 /* 108 * Find an unused descriptor, remove it from the free list, mark as 109 * used. 110 */ 111 if (!LIST_EMPTY(&audit_free_q)) { 112 rec = LIST_FIRST(&audit_free_q); 113 rec->used = 1; 114 LIST_REMOVE(rec, au_rec_q); 115 } 116 |
| 117#ifdef HAVE_PTHREAD_MUTEX_LOCK |
|
| 111 pthread_mutex_unlock(&mutex); | 118 pthread_mutex_unlock(&mutex); |
| 119#endif |
|
| 112 113 if (rec == NULL) { 114 /* 115 * Create a new au_record_t if no descriptors are available. 116 */ 117 rec = malloc (sizeof(au_record_t)); 118 if (rec == NULL) 119 return (-1); 120 121 rec->data = malloc (MAX_AUDIT_RECORD_SIZE * sizeof(u_char)); 122 if (rec->data == NULL) { 123 free(rec); 124 errno = ENOMEM; 125 return (-1); 126 } 127 | 120 121 if (rec == NULL) { 122 /* 123 * Create a new au_record_t if no descriptors are available. 124 */ 125 rec = malloc (sizeof(au_record_t)); 126 if (rec == NULL) 127 return (-1); 128 129 rec->data = malloc (MAX_AUDIT_RECORD_SIZE * sizeof(u_char)); 130 if (rec->data == NULL) { 131 free(rec); 132 errno = ENOMEM; 133 return (-1); 134 } 135 |
| 136#ifdef HAVE_PTHREAD_MUTEX_LOCK |
|
| 128 pthread_mutex_lock(&mutex); | 137 pthread_mutex_lock(&mutex); |
| 138#endif |
|
| 129 130 if (audit_rec_count == MAX_AUDIT_RECORDS) { | 139 140 if (audit_rec_count == MAX_AUDIT_RECORDS) { |
| 141#ifdef HAVE_PTHREAD_MUTEX_LOCK |
|
| 131 pthread_mutex_unlock(&mutex); | 142 pthread_mutex_unlock(&mutex); |
| 143#endif |
|
| 132 free(rec->data); 133 free(rec); 134 135 /* XXX We need to increase size of MAX_AUDIT_RECORDS */ 136 errno = ENOMEM; 137 return (-1); 138 } 139 rec->desc = audit_rec_count; 140 open_desc_table[audit_rec_count] = rec; 141 audit_rec_count++; 142 | 144 free(rec->data); 145 free(rec); 146 147 /* XXX We need to increase size of MAX_AUDIT_RECORDS */ 148 errno = ENOMEM; 149 return (-1); 150 } 151 rec->desc = audit_rec_count; 152 open_desc_table[audit_rec_count] = rec; 153 audit_rec_count++; 154 |
| 155#ifdef HAVE_PTHREAD_MUTEX_LOCK |
|
| 143 pthread_mutex_unlock(&mutex); | 156 pthread_mutex_unlock(&mutex); |
| 157#endif |
|
| 144 145 } 146 147 memset(rec->data, 0, MAX_AUDIT_RECORD_SIZE); 148 149 TAILQ_INIT(&rec->token_q); 150 rec->len = 0; 151 rec->used = 1; --- 64 unchanged lines hidden (view full) --- 216#ifdef HAVE_AUDIT_SYSCALLS 217 /* 218 * Grab the size of the address family stored in the kernel's audit 219 * state. 220 */ 221 aia.ai_termid.at_type = AU_IPv4; 222 aia.ai_termid.at_addr[0] = INADDR_ANY; 223 if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) { | 158 159 } 160 161 memset(rec->data, 0, MAX_AUDIT_RECORD_SIZE); 162 163 TAILQ_INIT(&rec->token_q); 164 rec->len = 0; 165 rec->used = 1; --- 64 unchanged lines hidden (view full) --- 230#ifdef HAVE_AUDIT_SYSCALLS 231 /* 232 * Grab the size of the address family stored in the kernel's audit 233 * state. 234 */ 235 aia.ai_termid.at_type = AU_IPv4; 236 aia.ai_termid.at_addr[0] = INADDR_ANY; 237 if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) { |
| 224 if (errno != ENOSYS) | 238 if (errno != ENOSYS && errno != EPERM) |
| 225 return (-1); 226#endif /* HAVE_AUDIT_SYSCALLS */ 227 tot_rec_size = rec->len + AUDIT_HEADER_SIZE + 228 AUDIT_TRAILER_SIZE; 229 header = au_to_header(tot_rec_size, event, 0); 230#ifdef HAVE_AUDIT_SYSCALLS 231 } else { 232 if (gettimeofday(&tm, NULL) < 0) --- 4 unchanged lines hidden (view full) --- 237 AUDIT_HEADER_SIZE : AUDIT_HEADER_EX_SIZE(&aia); 238 break; 239 case AU_IPv6: 240 aptr = (struct in6_addr *)&aia.ai_termid.at_addr[0]; 241 hdrsize = 242 (IN6_IS_ADDR_UNSPECIFIED(aptr)) ? 243 AUDIT_HEADER_SIZE : AUDIT_HEADER_EX_SIZE(&aia); 244 break; | 239 return (-1); 240#endif /* HAVE_AUDIT_SYSCALLS */ 241 tot_rec_size = rec->len + AUDIT_HEADER_SIZE + 242 AUDIT_TRAILER_SIZE; 243 header = au_to_header(tot_rec_size, event, 0); 244#ifdef HAVE_AUDIT_SYSCALLS 245 } else { 246 if (gettimeofday(&tm, NULL) < 0) --- 4 unchanged lines hidden (view full) --- 251 AUDIT_HEADER_SIZE : AUDIT_HEADER_EX_SIZE(&aia); 252 break; 253 case AU_IPv6: 254 aptr = (struct in6_addr *)&aia.ai_termid.at_addr[0]; 255 hdrsize = 256 (IN6_IS_ADDR_UNSPECIFIED(aptr)) ? 257 AUDIT_HEADER_SIZE : AUDIT_HEADER_EX_SIZE(&aia); 258 break; |
| 259 default: 260 return (-1); |
|
| 245 } 246 tot_rec_size = rec->len + hdrsize + AUDIT_TRAILER_SIZE; 247 /* 248 * A header size greater then AUDIT_HEADER_SIZE means 249 * that we are using an extended header. 250 */ 251 if (hdrsize > AUDIT_HEADER_SIZE) 252 header = au_to_header32_ex_tm(tot_rec_size, event, --- 41 unchanged lines hidden (view full) --- 294 TAILQ_REMOVE(&rec->token_q, tok, tokens); 295 free(tok->t_data); 296 free(tok); 297 } 298 299 rec->used = 0; 300 rec->len = 0; 301 | 261 } 262 tot_rec_size = rec->len + hdrsize + AUDIT_TRAILER_SIZE; 263 /* 264 * A header size greater then AUDIT_HEADER_SIZE means 265 * that we are using an extended header. 266 */ 267 if (hdrsize > AUDIT_HEADER_SIZE) 268 header = au_to_header32_ex_tm(tot_rec_size, event, --- 41 unchanged lines hidden (view full) --- 310 TAILQ_REMOVE(&rec->token_q, tok, tokens); 311 free(tok->t_data); 312 free(tok); 313 } 314 315 rec->used = 0; 316 rec->len = 0; 317 |
| 318#ifdef HAVE_PTHREAD_MUTEX_LOCK |
|
| 302 pthread_mutex_lock(&mutex); | 319 pthread_mutex_lock(&mutex); |
| 320#endif |
|
| 303 304 /* Add the record to the freelist tail */ 305 LIST_INSERT_HEAD(&audit_free_q, rec, au_rec_q); 306 | 321 322 /* Add the record to the freelist tail */ 323 LIST_INSERT_HEAD(&audit_free_q, rec, au_rec_q); 324 |
| 325#ifdef HAVE_PTHREAD_MUTEX_LOCK |
|
| 307 pthread_mutex_unlock(&mutex); | 326 pthread_mutex_unlock(&mutex); |
| 327#endif |
|
| 308} 309 310#ifdef HAVE_AUDIT_SYSCALLS 311/* 312 * Add the header token, identify any missing tokens. Write out the tokens to 313 * the record memory and finally, call audit. 314 */ 315int --- 113 unchanged lines hidden --- | 328} 329 330#ifdef HAVE_AUDIT_SYSCALLS 331/* 332 * Add the header token, identify any missing tokens. Write out the tokens to 333 * the record memory and finally, call audit. 334 */ 335int --- 113 unchanged lines hidden --- |