diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2012-11-30 23:50:07 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2012-11-30 23:50:07 +0000 |
| commit | c5119f5dec6ac1aac7c290cbe194ca9d2cadad99 (patch) | |
| tree | db25de3501c3aa5685ae51cf5eb281142b0c88be /libbsm | |
| parent | d4b6ea31f692ff2a72000eb92e0507dafcff8268 (diff) | |
| download | src-c5119f5dec6ac1aac7c290cbe194ca9d2cadad99.tar.gz src-c5119f5dec6ac1aac7c290cbe194ca9d2cadad99.zip | |
Notes
Diffstat (limited to 'libbsm')
| -rw-r--r-- | libbsm/Makefile.am | 6 | ||||
| -rw-r--r-- | libbsm/Makefile.in | 320 | ||||
| -rw-r--r-- | libbsm/au_control.3 | 53 | ||||
| -rw-r--r-- | libbsm/au_fcntl_cmd.3 | 12 | ||||
| -rw-r--r-- | libbsm/au_io.3 | 45 | ||||
| -rw-r--r-- | libbsm/audit_submit.3 | 18 | ||||
| -rw-r--r-- | libbsm/bsm_control.c | 166 | ||||
| -rw-r--r-- | libbsm/bsm_errno.c | 20 | ||||
| -rw-r--r-- | libbsm/bsm_io.c | 1133 | ||||
| -rw-r--r-- | libbsm/bsm_token.c | 95 | ||||
| -rw-r--r-- | libbsm/bsm_user.c | 4 | ||||
| -rw-r--r-- | libbsm/bsm_wrappers.c | 4 |
12 files changed, 1036 insertions, 840 deletions
diff --git a/libbsm/Makefile.am b/libbsm/Makefile.am index 2400a59ec4c9..bfad93b5a735 100644 --- a/libbsm/Makefile.am +++ b/libbsm/Makefile.am @@ -1,6 +1,6 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#9 $ -# +## +## $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#10 $ +## if USE_NATIVE_INCLUDES INCLUDES = -I$(top_builddir) -I$(top_srcdir) diff --git a/libbsm/Makefile.in b/libbsm/Makefile.in index e395f0fd40cd..956d66f7787d 100644 --- a/libbsm/Makefile.in +++ b/libbsm/Makefile.in @@ -1,8 +1,8 @@ -# Makefile.in generated by automake 1.10.1 from Makefile.am. +# Makefile.in generated by automake 1.12.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,14 +14,28 @@ @SET_MAKE@ -# -# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#15 $ -# - VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -41,7 +55,8 @@ host_triplet = @host@ @HAVE_AUDIT_SYSCALLS_TRUE@ bsm_wrappers.c subdir = libbsm -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/config/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ @@ -49,14 +64,35 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) libbsm_la_LIBADD = am__libbsm_la_SOURCES_DIST = bsm_audit.c bsm_class.c bsm_control.c \ @@ -73,6 +109,7 @@ libbsm_la_OBJECTS = $(am_libbsm_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/config depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -84,6 +121,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libbsm_la_SOURCES) DIST_SOURCES = $(am__libbsm_la_SOURCES_DIST) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac man3dir = $(mandir)/man3 NROFF = nroff MANS = $(man3_MANS) @@ -102,45 +144,52 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXDEPMODE = @CXXDEPMODE@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ -ECHO = @ECHO@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MIG = @MIG@ MKDIR_P = @MKDIR_P@ +NM = @NM@ NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RANLIB = @RANLIB@ @@ -149,13 +198,15 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -232,14 +283,14 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign libbsm/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign libbsm/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign libbsm/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign libbsm/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -257,34 +308,42 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -libbsm.la: $(libbsm_la_OBJECTS) $(libbsm_la_DEPENDENCIES) + @list='$(lib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +libbsm.la: $(libbsm_la_OBJECTS) $(libbsm_la_DEPENDENCIES) $(EXTRA_libbsm_la_DEPENDENCIES) $(LINK) -rpath $(libdir) $(libbsm_la_OBJECTS) $(libbsm_la_LIBADD) $(LIBS) mostlyclean-compile: @@ -311,21 +370,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -335,65 +394,61 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man3: $(man3_MANS) $(man_MANS) +install-man3: $(man3_MANS) @$(NORMAL_INSTALL) - test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ + @list1='$(man3_MANS)'; \ + list2=''; \ + test -n "$(man3dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man3dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man3dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.3[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ + done; } + uninstall-man3: @$(NORMAL_UNINSTALL) - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ - done + @list='$(man3_MANS)'; test -n "$(man3dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man3dir)'; $(am__uninstall_files_from_dir) ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -401,34 +456,66 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +cscopelist: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the 'missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically 'make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -444,13 +531,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -471,16 +562,22 @@ install-am: all-am installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -502,6 +599,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -510,18 +609,28 @@ install-data-am: install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libLTLIBRARIES install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man3 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -549,7 +658,7 @@ uninstall-man: uninstall-man3 .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags distclean \ + clean-libLTLIBRARIES clean-libtool cscopelist ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ @@ -563,6 +672,7 @@ uninstall-man: uninstall-man3 tags uninstall uninstall-am uninstall-libLTLIBRARIES \ uninstall-man uninstall-man3 + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/libbsm/au_control.3 b/libbsm/au_control.3 index b3576ef1c87f..622fae21df3f 100644 --- a/libbsm/au_control.3 +++ b/libbsm/au_control.3 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#11 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#17 $ .\" .Dd April 19, 2005 .Dt AU_CONTROL 3 @@ -32,10 +32,12 @@ .Nm setac , .Nm endac , .Nm getacdir , -.Nm getacmin , +.Nm getacdist , .Nm getacexpire , .Nm getacfilesz , .Nm getacflg , +.Nm getachost , +.Nm getacmin , .Nm getacna , .Nm getacpol , .Nm au_poltostr , @@ -52,7 +54,7 @@ .Ft int .Fn getacdir "char *name" "int len" .Ft int -.Fn getacmin "int *min_val" +.Fn getacdist "void" .Ft int .Fn getacexpire "int *andflg, time_t *age, size_t *size" .Ft int @@ -60,6 +62,10 @@ .Ft int .Fn getacflg "char *auditstr" "int len" .Ft int +.Fn getachost "char *auditstr" "int len" +.Ft int +.Fn getacmin "int *min_val" +.Ft int .Fn getacna "char *auditstr" "int len" .Ft int .Fn getacpol "char *auditstr" "size_t len" @@ -96,16 +102,13 @@ of length .Fa len . .Pp The -.Fn getacmin -function -returns the minimum free disk space for the audit log target file system via -the passed -.Fa min_val -variable. +.Fn getacdist +function returns a value that allows to decide if trail files distribution is +turned on or off. .Pp The .Fn getacexpire -function +function returns the audit trail file expiration parameters in the passed .Vt int buffer @@ -113,7 +116,7 @@ buffer .Vt time_t buffer .Fa age -and +and .Vt size_t buffer .Fa size . @@ -138,6 +141,23 @@ of length .Fa len . .Pp The +.Fn getachost +function +returns the local systems's audit host information via the the passed character +buffer +.Fa auditstr +of length +.Fa len . +.Pp +The +.Fn getacmin +function +returns the minimum free disk space for the audit log target file system via +the passed +.Fa min_val +variable. +.Pp +The .Fn getacna function returns the non-attributable flags via the passed character buffer @@ -172,10 +192,12 @@ to a numeric audit policy mask returned via .Fa policy . .Sh RETURN VALULES The +.Fn getacfilesz , .Fn getacdir , -.Fn getacmin , .Fn getacexpire , .Fn getacflg , +.Fn getachost , +.Fn getacmin , .Fn getacna , .Fn getacpol , and @@ -191,6 +213,11 @@ function returns a string length of 0 or more on success, or a negative value on if there is a failure. .Pp +The +.Fn getacdist +function returns 1 if trail files distribution is turned on, 0 if it is turned +off or negative value on failure. +.Pp Functions that return a string value will return a failure if there is insufficient room in the passed character buffer for the full string. .Sh SEE ALSO @@ -221,7 +248,7 @@ The implementation should be changed to return an error via when .Dv NULL is returned. -.Sh BUGS +.Pp There is no reason for the .Fn setac interface to be exposed as part of the public API, as it is called implicitly diff --git a/libbsm/au_fcntl_cmd.3 b/libbsm/au_fcntl_cmd.3 index 7f03666a02dd..7843c94efb90 100644 --- a/libbsm/au_fcntl_cmd.3 +++ b/libbsm/au_fcntl_cmd.3 @@ -26,9 +26,9 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_fcntl_cmd.3#1 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_fcntl_cmd.3#2 $ .\" -.Dd March 5, 2009 +.Dd March 5, 2009 .Dt AU_BSM_TO_FCNTL_CMD 3 .Os .Sh NAME @@ -65,12 +65,12 @@ The .Fn au_fcntl_cmd_to_bsm function accepts a local .Xr fcntl 2 -command value, and returns the BSM +command value, and returns the BSM .Xr fcntl 2 -command value for it. This call cannot fail, and instead returns a BSM +command value for it. This call cannot fail, and instead returns a BSM command value indicating to a later decoder that the command value could not be encoded. -.Sh RETURN VALULES +.Sh RETURN VALUES On success, .Fn au_bsm_to_fcntl_cmd returns 0 and a converted command value; on failure, it returns -1 but does @@ -90,7 +90,7 @@ and were introduced in OpenBSM 1.1. .Sh AUTHORS These functions were implemented by -.An Stacey Son +.An Stacey Son under contract to Apple Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event diff --git a/libbsm/au_io.3 b/libbsm/au_io.3 index 5e9045f960f6..bd8e5a12066a 100644 --- a/libbsm/au_io.3 +++ b/libbsm/au_io.3 @@ -1,4 +1,5 @@ .\"- +.\" Copyright (c) 2009 Apple, Inc. .\" Copyright (c) 2005 Robert N. M. Watson .\" All rights reserved. .\" @@ -23,14 +24,15 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#5 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#9 $ .\" -.Dd April 19, 2005 +.Dd August 4, 2009 .Dt AU_IO 3 .Os .Sh NAME .Nm au_fetch_tok , .Nm au_print_tok , +.Nm au_print_flags_tok , .Nm au_read_rec .Nd "perform I/O involving an audit record" .Sh LIBRARY @@ -43,6 +45,10 @@ .Fo au_print_tok .Fa "FILE *outfp" "tokenstr_t *tok" "char *del" "char raw" "char sfrm" .Fc +.Ft void +.Fo au_print_flags_tok +.Fa "FILE *outfp" "tokenstr_t *tok" "char *del" "int oflags" +.Fc .Ft int .Fn au_read_rec "FILE *fp" "u_char **buf" .Sh DESCRIPTION @@ -73,6 +79,30 @@ is set non-zero. The delimiter .Fa del is used when printing. +The +.Fn au_print_flags_tok +function is a replacement for +.Fn au_print_tok . +The +.Fa oflags +controls how the output should be formatted and is specified by +or'ing the following flags: +.Pp +.Bl -tag -width AU_OFLAG_NORESOLVE -compact -offset indent +.It Li AU_OFLAG_NONE +Use the default form. +.It Li AU_OFLAG_NORESOLVE +Leave user and group IDs in their numeric form. +.It Li AU_OFLAG_RAW +Use the raw, numeric form. +.It Li AU_OFLAG_SHORT +Use the short form. +.It Li AU_OFLAG_XML +Use the XML form. +.El +.Pp +The flags options AU_OFLAG_SHORT and AU_OFLAG_RAW are exclusive and +should not be used together. .Pp The .Fn au_read_rec @@ -92,7 +122,7 @@ Each record would be broken down into components tokens through sequential calls to .Fn au_fetch_tok on the buffer, and then invoking -.Fn au_print_tok +.Fn au_print_flags_tok to print each token to an output stream such as .Dv stdout . On completion of the processing of each record, a call to @@ -117,6 +147,15 @@ The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. +.Pp +The +.Fn au_print_flags_tok +function was added by Stacey Son as a replacement for the +.Fn au_print_tok +so new output formatting flags can be easily added without changing the API. +The +.Fn au_print_tok +is obsolete but remains in the API to support legacy code. .Sh AUTHORS .An -nosplit This software was created by diff --git a/libbsm/audit_submit.3 b/libbsm/audit_submit.3 index b6c28a7142a2..a320c7c2fdc8 100644 --- a/libbsm/audit_submit.3 +++ b/libbsm/audit_submit.3 @@ -27,10 +27,10 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#17 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#18 $ .\" .Dd January 18, 2008 -.Dt audit_submit 3 +.Dt AUDIT_SUBMIT 3 .Os .Sh NAME .Nm audit_submit @@ -88,6 +88,13 @@ subject will be retrieved from the kernel via .Xr getaudit 2 , or .Xr getaudit_addr 2 . +.Sh RETURN VALUES +If successful, +.Nm +will return zero. +Otherwise a -1 is returned and the global variable +.Va errno +is set to indicate the error. .Sh EXAMPLES .Bd -literal -offset indent #include <bsm/audit.h> @@ -131,13 +138,6 @@ text,bad su from from csjp to root return,failure : Operation not permitted,1 trailer,94 .Ed -.Sh RETURN VALUES -If successful, -.Nm -will return zero. -Otherwise a -1 is returned and the global variable -.Va errno -is set to indicate the error. .Sh SEE ALSO .Xr auditon 2 , .Xr getaudit 2 , diff --git a/libbsm/bsm_control.c b/libbsm/bsm_control.c index 378035db729e..baaa0a5f48b2 100644 --- a/libbsm/bsm_control.c +++ b/libbsm/bsm_control.c @@ -27,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#34 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#41 $ */ #include <config/config.h> @@ -37,6 +37,7 @@ #include <ctype.h> #include <errno.h> #include <string.h> +#include <strings.h> #ifdef HAVE_PTHREAD_MUTEX_LOCK #include <pthread.h> #endif @@ -71,8 +72,8 @@ static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; * Audit policy string token table for au_poltostr() and au_strtopol(). */ struct audit_polstr { - long ap_policy; - const char *ap_str; + long ap_policy; + const char *ap_str; }; static struct audit_polstr au_polstr[] = { @@ -100,7 +101,7 @@ static struct audit_polstr au_polstr[] = { * Must be called with mutex held. */ static int -getstrfromtype_locked(char *name, char **str) +getstrfromtype_locked(const char *name, char **str) { char *type, *nl; char *tokptr; @@ -183,7 +184,7 @@ au_timetosec(time_t *seconds, u_long value, char mult) } /* - * Convert a given disk space value with a multiplier (bytes, kilobytes, + * Convert a given disk space value with a multiplier (bytes, kilobytes, * megabytes, gigabytes) to bytes. Return 0 on success. */ static int @@ -397,6 +398,43 @@ getacdir(char *name, int len) } /* + * Return 1 if dist value is set to 'yes' or 'on'. + * Return 0 if dist value is set to something else. + * Return negative value on error. + */ +int +getacdist(void) +{ + char *str; + int ret; + +#ifdef HAVE_PTHREAD_MUTEX_LOCK + pthread_mutex_lock(&mutex); +#endif + setac_locked(); + if (getstrfromtype_locked(DIST_CONTROL_ENTRY, &str) < 0) { +#ifdef HAVE_PTHREAD_MUTEX_LOCK + pthread_mutex_unlock(&mutex); +#endif + return (-2); + } + if (str == NULL) { +#ifdef HAVE_PTHREAD_MUTEX_LOCK + pthread_mutex_unlock(&mutex); +#endif + return (0); + } + if (strcasecmp(str, "on") == 0 || strcasecmp(str, "yes") == 0) + ret = 1; + else + ret = 0; +#ifdef HAVE_PTHREAD_MUTEX_LOCK + pthread_mutex_unlock(&mutex); +#endif + return (ret); +} + +/* * Return the minimum free diskspace value from the audit control file. */ int @@ -418,7 +456,7 @@ getacmin(int *min_val) #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif - return (1); + return (-1); } *min_val = atoi(min); #ifdef HAVE_PTHREAD_MUTEX_LOCK @@ -453,7 +491,7 @@ getacfilesz(size_t *filesz_val) pthread_mutex_unlock(&mutex); #endif errno = EINVAL; - return (1); + return (-1); } /* Trim off any leading white space. */ @@ -498,11 +536,8 @@ getacfilesz(size_t *filesz_val) return (0); } -/* - * Return the system audit value from the audit contol file. - */ -int -getacflg(char *auditstr, int len) +static int +getaccommon(const char *name, char *auditstr, int len) { char *str; @@ -510,7 +545,7 @@ getacflg(char *auditstr, int len) pthread_mutex_lock(&mutex); #endif setac_locked(); - if (getstrfromtype_locked(FLAGS_CONTROL_ENTRY, &str) < 0) { + if (getstrfromtype_locked(name, &str) < 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif @@ -520,7 +555,7 @@ getacflg(char *auditstr, int len) #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif - return (1); + return (-1); } if (strlen(str) >= (size_t)len) { #ifdef HAVE_PTHREAD_MUTEX_LOCK @@ -536,40 +571,23 @@ getacflg(char *auditstr, int len) } /* + * Return the system audit value from the audit contol file. + */ +int +getacflg(char *auditstr, int len) +{ + + return (getaccommon(FLAGS_CONTROL_ENTRY, auditstr, len)); +} + +/* * Return the non attributable flags from the audit contol file. */ int getacna(char *auditstr, int len) { - char *str; -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_lock(&mutex); -#endif - setac_locked(); - if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) { -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (-2); - } - if (str == NULL) { -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (1); - } - if (strlen(str) >= (size_t)len) { -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (-3); - } - strlcpy(auditstr, str, len); -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (0); + return (getaccommon(NA_CONTROL_ENTRY, auditstr, len)); } /* @@ -578,69 +596,15 @@ getacna(char *auditstr, int len) int getacpol(char *auditstr, size_t len) { - char *str; -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_lock(&mutex); -#endif - setac_locked(); - if (getstrfromtype_locked(POLICY_CONTROL_ENTRY, &str) < 0) { -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (-2); - } - if (str == NULL) { -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (-1); - } - if (strlen(str) >= len) { -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (-3); - } - strlcpy(auditstr, str, len); -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (0); + return (getaccommon(POLICY_CONTROL_ENTRY, auditstr, len)); } int getachost(char *auditstr, size_t len) { - char *str; -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_lock(&mutex); -#endif - setac_locked(); - if (getstrfromtype_locked(AUDIT_HOST_CONTROL_ENTRY, &str) < 0) { -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (-2); - } - if (str == NULL) { -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (1); - } - if (strlen(str) >= len) { -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (-3); - } - strlcpy(auditstr, str, len); -#ifdef HAVE_PTHREAD_MUTEX_LOCK - pthread_mutex_unlock(&mutex); -#endif - return (0); + return (getaccommon(HOST_CONTROL_ENTRY, auditstr, len)); } /* @@ -686,12 +650,12 @@ getacexpire(int *andflg, time_t *age, size_t *size) #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif - return (1); + return (-1); } /* First, trim off any leading white space. */ while (*str == ' ' || *str == '\t') - str++; + str++; nparsed = sscanf(str, "%lu%c%[ \tadnorADNOR]%lu%c", &val1, &mult1, andor, &val2, &mult2); @@ -713,7 +677,7 @@ getacexpire(int *andflg, time_t *age, size_t *size) case 5: /* Two expiration conditions. */ - if (setexpirecond(age, size, val1, mult1) != 0 || + if (setexpirecond(age, size, val1, mult1) != 0 || setexpirecond(age, size, val2, mult2) != 0) { #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); diff --git a/libbsm/bsm_errno.c b/libbsm/bsm_errno.c index 2ca70094e7e3..8682fc784e73 100644 --- a/libbsm/bsm_errno.c +++ b/libbsm/bsm_errno.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#19 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#22 $ */ #include <sys/types.h> @@ -664,7 +664,7 @@ static const struct bsm_errno bsm_errnos[] = { #endif ES("Required key not available") }, { BSM_ERRNO_EKEYEXPIRED, -#ifdef EKEEXPIRED +#ifdef EKEYEXPIRED EKEYEXPIRED, #else ERRNO_NO_LOCAL_MAPPING, @@ -678,12 +678,26 @@ static const struct bsm_errno bsm_errnos[] = { #endif ES("Key has been revoked") }, { BSM_ERRNO_EKEYREJECTED, -#ifdef EKEREJECTED +#ifdef EKEYREJECTED EKEYREJECTED, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Key was rejected by service") }, + { BSM_ERRNO_ENOTCAPABLE, +#ifdef ENOTCAPABLE + ENOTCAPABLE, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Capabilities insufficient") }, + { BSM_ERRNO_ECAPMODE, +#ifdef ECAPMODE + ECAPMODE, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Not permitted in capability mode") }, }; static const int bsm_errnos_count = sizeof(bsm_errnos) / sizeof(bsm_errnos[0]); diff --git a/libbsm/bsm_io.c b/libbsm/bsm_io.c index 2dd133013e47..0de8080977ac 100644 --- a/libbsm/bsm_io.c +++ b/libbsm/bsm_io.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004-2008 Apple Inc. + * Copyright (c) 2004-2009 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * Copyright (c) 2006 Robert N. M. Watson * Copyright (c) 2006 Martin Voros @@ -32,26 +32,29 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#63 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#74 $ */ #include <sys/types.h> #include <config/config.h> -#if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BE32ENC) + +#ifdef USE_ENDIAN_H +#include <endian.h> +#endif +#ifdef USE_SYS_ENDIAN_H #include <sys/endian.h> -#else /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */ -#ifdef HAVE_MACHINE_ENDIAN_H +#endif +#ifdef USE_MACHINE_ENDIAN_H #include <machine/endian.h> -#else /* !HAVE_MACHINE_ENDIAN_H */ -#ifdef HAVE_ENDIAN_H -#include <endian.h> -#else /* !HAVE_ENDIAN_H */ -#error "No supported endian.h" -#endif /* !HAVE_ENDIAN_H */ -#endif /* !HAVE_MACHINE_ENDIAN_H */ +#endif +#ifdef USE_COMPAT_ENDIAN_H #include <compat/endian.h> -#endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */ +#endif +#ifdef USE_COMPAT_ENDIAN_ENC_H +#include <compat/endian_enc.h> +#endif + #ifdef HAVE_FULL_QUEUE_H #include <sys/queue.h> #else /* !HAVE_FULL_QUEUE_H */ @@ -74,6 +77,12 @@ #include <pwd.h> #include <grp.h> +#ifdef HAVE_VIS +#include <vis.h> +#else +#include <compat/vis.h> +#endif + #include <bsm/audit_internal.h> #define READ_TOKEN_BYTES(buf, len, dest, size, bytesread, err) do { \ @@ -106,7 +115,7 @@ (dest) = be32dec((buf) + (bytesread)); \ (bytesread) += sizeof(u_int32_t); \ } else \ - (err) = 1; \ + (err) = 1; \ } while (0) #define READ_TOKEN_U_INT64(buf, len, dest, bytesread, err) do { \ @@ -114,7 +123,7 @@ dest = be64dec((buf) + (bytesread)); \ (bytesread) += sizeof(u_int64_t); \ } else \ - (err) = 1; \ + (err) = 1; \ } while (0) #define SET_PTR(buf, len, ptr, size, bytesread, err) do { \ @@ -214,6 +223,51 @@ print_string(FILE *fp, const char *str, size_t len) } /* + * Prints the given data bytes as an XML-sanitized string. + */ +static void +print_xml_string(FILE *fp, const char *str, size_t len) +{ + u_int32_t i; + char visbuf[5]; + + if (len == 0) + return; + + for (i = 0; i < len; i++) { + switch (str[i]) { + case '\0': + return; + + case '&': + (void) fprintf(fp, "&"); + break; + + case '<': + (void) fprintf(fp, "<"); + break; + + case '>': + (void) fprintf(fp, ">"); + break; + + case '\"': + (void) fprintf(fp, """); + break; + + case '\'': + (void) fprintf(fp, "'"); + break; + + default: + (void) vis(visbuf, str[i], VIS_CSTYLE, 0); + (void) fprintf(fp, "%s", visbuf); + break; + } + } +} + +/* * Prints the beggining of attribute. */ static void @@ -407,10 +461,10 @@ close_tag(FILE *fp, u_char type) * Prints the token type in either the raw or the default form. */ static void -print_tok_type(FILE *fp, u_char type, const char *tokname, char raw, int xml) +print_tok_type(FILE *fp, u_char type, const char *tokname, int oflags) { - if (xml) { + if (oflags & AU_OFLAG_XML) { switch(type) { case AUT_HEADER32: fprintf(fp, "<record "); @@ -576,7 +630,7 @@ print_tok_type(FILE *fp, u_char type, const char *tokname, char raw, int xml) break; } } else { - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", type); else fprintf(fp, "%s", tokname); @@ -587,11 +641,11 @@ print_tok_type(FILE *fp, u_char type, const char *tokname, char raw, int xml) * Prints a user value. */ static void -print_user(FILE *fp, u_int32_t usr, char raw) +print_user(FILE *fp, u_int32_t usr, int oflags) { struct passwd *pwent; - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%d", usr); else { pwent = getpwuid(usr); @@ -606,11 +660,11 @@ print_user(FILE *fp, u_int32_t usr, char raw) * Prints a group value. */ static void -print_group(FILE *fp, u_int32_t grp, char raw) +print_group(FILE *fp, u_int32_t grp, int oflags) { struct group *grpent; - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%d", grp); else { grpent = getgrgid(grp); @@ -626,7 +680,7 @@ print_group(FILE *fp, u_int32_t grp, char raw) * form. */ static void -print_event(FILE *fp, u_int16_t ev, char raw, char sfrm) +print_event(FILE *fp, u_int16_t ev, int oflags) { char event_ent_name[AU_EVENT_NAME_MAX]; char event_ent_desc[AU_EVENT_DESC_MAX]; @@ -644,9 +698,9 @@ print_event(FILE *fp, u_int16_t ev, char raw, char sfrm) return; } - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", ev); - else if (sfrm) + else if (oflags & AU_OFLAG_SHORT) fprintf(fp, "%s", e.ae_name); else fprintf(fp, "%s", e.ae_desc); @@ -658,9 +712,9 @@ print_event(FILE *fp, u_int16_t ev, char raw, char sfrm) * raw form. */ static void -print_evmod(FILE *fp, u_int16_t evmod, char raw) +print_evmod(FILE *fp, u_int16_t evmod, int oflags) { - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", evmod); else fprintf(fp, "%u", evmod); @@ -670,12 +724,12 @@ print_evmod(FILE *fp, u_int16_t evmod, char raw) * Prints seconds in the ctime format. */ static void -print_sec32(FILE *fp, u_int32_t sec, char raw) +print_sec32(FILE *fp, u_int32_t sec, int oflags) { time_t timestamp; char timestr[26]; - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", sec); else { timestamp = (time_t)sec; @@ -690,12 +744,12 @@ print_sec32(FILE *fp, u_int32_t sec, char raw) * assume a 32-bit time_t, we simply truncate for now. */ static void -print_sec64(FILE *fp, u_int64_t sec, char raw) +print_sec64(FILE *fp, u_int64_t sec, int oflags) { time_t timestamp; char timestr[26]; - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", (u_int32_t)sec); else { timestamp = (time_t)sec; @@ -709,9 +763,9 @@ print_sec64(FILE *fp, u_int64_t sec, char raw) * Prints the excess milliseconds. */ static void -print_msec32(FILE *fp, u_int32_t msec, char raw) +print_msec32(FILE *fp, u_int32_t msec, int oflags) { - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", msec); else fprintf(fp, " + %u msec", msec); @@ -722,11 +776,11 @@ print_msec32(FILE *fp, u_int32_t msec, char raw) * a 32-bit msec, we simply truncate for now. */ static void -print_msec64(FILE *fp, u_int64_t msec, char raw) +print_msec64(FILE *fp, u_int64_t msec, int oflags) { msec &= 0xffffffff; - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", (u_int32_t)msec); else fprintf(fp, " + %u msec", (u_int32_t)msec); @@ -776,11 +830,11 @@ print_ip_ex_address(FILE *fp, u_int32_t type, u_int32_t *ipaddr) * Prints return value as success or failure. */ static void -print_retval(FILE *fp, u_char status, char raw) +print_retval(FILE *fp, u_char status, int oflags) { int error; - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", status); else { /* @@ -813,9 +867,9 @@ print_errval(FILE *fp, u_int32_t val) * Prints IPC type. */ static void -print_ipctype(FILE *fp, u_char type, char raw) +print_ipctype(FILE *fp, u_char type, int oflags) { - if (raw) + if (oflags & AU_OFLAG_RAW) fprintf(fp, "%u", type); else { if (type == AT_IPC_MSG) @@ -835,7 +889,7 @@ print_ipctype(FILE *fp, u_char type, char raw) void au_print_xml_header(FILE *outfp) { - + fprintf(outfp, "<?xml version='1.0' ?>\n"); fprintf(outfp, "<audit>\n"); } @@ -846,7 +900,7 @@ au_print_xml_header(FILE *outfp) void au_print_xml_footer(FILE *outfp) { - + fprintf(outfp, "</audit>\n"); } @@ -891,26 +945,25 @@ fetch_header32_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, - int xml) +print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "header", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "header", oflags); + if (oflags & AU_OFLAG_RAW) { open_attr(fp, "version"); print_1_byte(fp, tok->tt.hdr32.version, "%u"); close_attr(fp); open_attr(fp, "event"); - print_event(fp, tok->tt.hdr32.e_type, raw, sfrm); + print_event(fp, tok->tt.hdr32.e_type, oflags); close_attr(fp); open_attr(fp, "modifier"); - print_evmod(fp, tok->tt.hdr32.e_mod, raw); + print_evmod(fp, tok->tt.hdr32.e_mod, oflags); close_attr(fp); open_attr(fp, "time"); - print_sec32(fp, tok->tt.hdr32.s, raw); + print_sec32(fp, tok->tt.hdr32.s, oflags); close_attr(fp); open_attr(fp, "msec"); - print_msec32(fp, tok->tt.hdr32.ms, 1); + print_msec32(fp, tok->tt.hdr32.ms, oflags); close_attr(fp); close_tag(fp, tok->id); } else { @@ -919,13 +972,13 @@ print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, print_delim(fp, del); print_1_byte(fp, tok->tt.hdr32.version, "%u"); print_delim(fp, del); - print_event(fp, tok->tt.hdr32.e_type, raw, sfrm); + print_event(fp, tok->tt.hdr32.e_type, oflags); print_delim(fp, del); - print_evmod(fp, tok->tt.hdr32.e_mod, raw); + print_evmod(fp, tok->tt.hdr32.e_mod, oflags); print_delim(fp, del); - print_sec32(fp, tok->tt.hdr32.s, raw); + print_sec32(fp, tok->tt.hdr32.s, oflags); print_delim(fp, del); - print_msec32(fp, tok->tt.hdr32.ms, raw); + print_msec32(fp, tok->tt.hdr32.ms, oflags); } } @@ -999,30 +1052,29 @@ fetch_header32_ex_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - char sfrm, int xml) +print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "header_ex", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "header_ex", oflags); + if (oflags & AU_OFLAG_RAW) { open_attr(fp, "version"); print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); close_attr(fp); open_attr(fp, "event"); - print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm); + print_event(fp, tok->tt.hdr32_ex.e_type, oflags); close_attr(fp); open_attr(fp, "modifier"); - print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw); + print_evmod(fp, tok->tt.hdr32_ex.e_mod, oflags); close_attr(fp); open_attr(fp, "host"); print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, tok->tt.hdr32_ex.addr); close_attr(fp); open_attr(fp, "time"); - print_sec32(fp, tok->tt.hdr32_ex.s, raw); + print_sec32(fp, tok->tt.hdr32_ex.s, oflags); close_attr(fp); open_attr(fp, "msec"); - print_msec32(fp, tok->tt.hdr32_ex.ms, raw); + print_msec32(fp, tok->tt.hdr32_ex.ms, oflags); close_attr(fp); close_tag(fp, tok->id); } else { @@ -1031,16 +1083,16 @@ print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_delim(fp, del); print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); print_delim(fp, del); - print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm); + print_event(fp, tok->tt.hdr32_ex.e_type, oflags); print_delim(fp, del); - print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw); + print_evmod(fp, tok->tt.hdr32_ex.e_mod, oflags); print_delim(fp, del); print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, tok->tt.hdr32_ex.addr); print_delim(fp, del); - print_sec32(fp, tok->tt.hdr32_ex.s, raw); + print_sec32(fp, tok->tt.hdr32_ex.s, oflags); print_delim(fp, del); - print_msec32(fp, tok->tt.hdr32_ex.ms, raw); + print_msec32(fp, tok->tt.hdr32_ex.ms, oflags); } } @@ -1085,26 +1137,25 @@ fetch_header64_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, - int xml) +print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - - print_tok_type(fp, tok->id, "header", raw, xml); - if (xml) { + + print_tok_type(fp, tok->id, "header", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "version"); print_1_byte(fp, tok->tt.hdr64.version, "%u"); close_attr(fp); open_attr(fp, "event"); - print_event(fp, tok->tt.hdr64.e_type, raw, sfrm); + print_event(fp, tok->tt.hdr64.e_type, oflags); close_attr(fp); open_attr(fp, "modifier"); - print_evmod(fp, tok->tt.hdr64.e_mod, raw); + print_evmod(fp, tok->tt.hdr64.e_mod, oflags); close_attr(fp); open_attr(fp, "time"); - print_sec64(fp, tok->tt.hdr64.s, raw); + print_sec64(fp, tok->tt.hdr64.s, oflags); close_attr(fp); open_attr(fp, "msec"); - print_msec64(fp, tok->tt.hdr64.ms, raw); + print_msec64(fp, tok->tt.hdr64.ms, oflags); close_attr(fp); close_tag(fp, tok->id); } else { @@ -1113,13 +1164,13 @@ print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, print_delim(fp, del); print_1_byte(fp, tok->tt.hdr64.version, "%u"); print_delim(fp, del); - print_event(fp, tok->tt.hdr64.e_type, raw, sfrm); + print_event(fp, tok->tt.hdr64.e_type, oflags); print_delim(fp, del); - print_evmod(fp, tok->tt.hdr64.e_mod, raw); + print_evmod(fp, tok->tt.hdr64.e_mod, oflags); print_delim(fp, del); - print_sec64(fp, tok->tt.hdr64.s, raw); + print_sec64(fp, tok->tt.hdr64.s, oflags); print_delim(fp, del); - print_msec64(fp, tok->tt.hdr64.ms, raw); + print_msec64(fp, tok->tt.hdr64.ms, oflags); } } @@ -1189,30 +1240,29 @@ fetch_header64_ex_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - char sfrm, int xml) +print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "header_ex", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "header_ex", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "version"); print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); close_attr(fp); open_attr(fp, "event"); - print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm); + print_event(fp, tok->tt.hdr64_ex.e_type, oflags); close_attr(fp); open_attr(fp, "modifier"); - print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw); + print_evmod(fp, tok->tt.hdr64_ex.e_mod, oflags); close_attr(fp); open_attr(fp, "host"); print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, tok->tt.hdr64_ex.addr); close_attr(fp); open_attr(fp, "time"); - print_sec64(fp, tok->tt.hdr64_ex.s, raw); + print_sec64(fp, tok->tt.hdr64_ex.s, oflags); close_attr(fp); open_attr(fp, "msec"); - print_msec64(fp, tok->tt.hdr64_ex.ms, raw); + print_msec64(fp, tok->tt.hdr64_ex.ms, oflags); close_attr(fp); close_tag(fp, tok->id); } else { @@ -1221,16 +1271,16 @@ print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_delim(fp, del); print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); print_delim(fp, del); - print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm); + print_event(fp, tok->tt.hdr64_ex.e_type, oflags); print_delim(fp, del); - print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw); + print_evmod(fp, tok->tt.hdr64_ex.e_mod, oflags); print_delim(fp, del); print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, tok->tt.hdr64_ex.addr); print_delim(fp, del); - print_sec64(fp, tok->tt.hdr64_ex.s, raw); + print_sec64(fp, tok->tt.hdr64_ex.s, oflags); print_delim(fp, del); - print_msec64(fp, tok->tt.hdr64_ex.ms, raw); + print_msec64(fp, tok->tt.hdr64_ex.ms, oflags); } } @@ -1255,12 +1305,11 @@ fetch_trailer_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_trailer_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_trailer_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "trailer", raw, xml); - if (!xml) { + print_tok_type(fp, tok->id, "trailer", oflags); + if (!(oflags & AU_OFLAG_XML)) { print_delim(fp, del); print_4_bytes(fp, tok->tt.trail.count, "%u"); } @@ -1298,12 +1347,11 @@ fetch_arg32_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "argument", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "argument", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "arg-num"); print_1_byte(fp, tok->tt.arg32.no, "%u"); close_attr(fp); @@ -1350,12 +1398,11 @@ fetch_arg64_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_arg64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_arg64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "argument", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "argument", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "arg-num"); print_1_byte(fp, tok->tt.arg64.no, "%u"); close_attr(fp); @@ -1435,16 +1482,15 @@ fetch_arb_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { char *str; char *format; size_t size; int i; - print_tok_type(fp, tok->id, "arbitrary", raw, xml); - if (!xml) + print_tok_type(fp, tok->id, "arbitrary", oflags); + if (!(oflags & AU_OFLAG_XML)) print_delim(fp, del); switch(tok->tt.arb.howtopr) { @@ -1477,7 +1523,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, return; } - if (xml) { + if (oflags & AU_OFLAG_XML) { open_attr(fp, "print"); fprintf(fp, "%s",str); close_attr(fp); @@ -1490,7 +1536,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, /* case AUR_CHAR: */ str = "byte"; size = AUR_BYTE_SIZE; - if (xml) { + if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); fprintf(fp, "%zu", size); close_attr(fp); @@ -1516,7 +1562,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, case AUR_SHORT: str = "short"; size = AUR_SHORT_SIZE; - if (xml) { + if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); fprintf(fp, "%zu", size); close_attr(fp); @@ -1545,7 +1591,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, /* case AUR_INT: */ str = "int"; size = AUR_INT32_SIZE; - if (xml) { + if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); fprintf(fp, "%zu", size); close_attr(fp); @@ -1573,7 +1619,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, case AUR_INT64: str = "int64"; size = AUR_INT64_SIZE; - if (xml) { + if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); fprintf(fp, "%zu", size); close_attr(fp); @@ -1644,20 +1690,19 @@ fetch_attr32_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_attr32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_attr32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "attribute", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "attribute", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "mode"); print_4_bytes(fp, tok->tt.attr32.mode, "%o"); close_attr(fp); open_attr(fp, "uid"); - print_user(fp, tok->tt.attr32.uid, raw); + print_user(fp, tok->tt.attr32.uid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.attr32.gid, raw); + print_group(fp, tok->tt.attr32.gid, oflags); close_attr(fp); open_attr(fp, "fsid"); print_4_bytes(fp, tok->tt.attr32.fsid, "%u"); @@ -1673,9 +1718,9 @@ print_attr32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_delim(fp, del); print_4_bytes(fp, tok->tt.attr32.mode, "%o"); print_delim(fp, del); - print_user(fp, tok->tt.attr32.uid, raw); + print_user(fp, tok->tt.attr32.uid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.attr32.gid, raw); + print_group(fp, tok->tt.attr32.gid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.attr32.fsid, "%u"); print_delim(fp, del); @@ -1726,20 +1771,19 @@ fetch_attr64_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_attr64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_attr64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "attribute", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "attribute", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "mode"); print_4_bytes(fp, tok->tt.attr64.mode, "%o"); close_attr(fp); open_attr(fp, "uid"); - print_user(fp, tok->tt.attr64.uid, raw); + print_user(fp, tok->tt.attr64.uid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.attr64.gid, raw); + print_group(fp, tok->tt.attr64.gid, oflags); close_attr(fp); open_attr(fp, "fsid"); print_4_bytes(fp, tok->tt.attr64.fsid, "%u"); @@ -1755,9 +1799,9 @@ print_attr64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, print_delim(fp, del); print_4_bytes(fp, tok->tt.attr64.mode, "%o"); print_delim(fp, del); - print_user(fp, tok->tt.attr64.uid, raw); + print_user(fp, tok->tt.attr64.uid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.attr64.gid, raw); + print_group(fp, tok->tt.attr64.gid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.attr64.fsid, "%u"); print_delim(fp, del); @@ -1788,12 +1832,11 @@ fetch_exit_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_exit_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_exit_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "exit", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "exit", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "errval"); print_errval(fp, tok->tt.exit.status); close_attr(fp); @@ -1846,16 +1889,15 @@ fetch_execarg_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_execarg_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_execarg_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { u_int32_t i; - print_tok_type(fp, tok->id, "exec arg", raw, xml); + print_tok_type(fp, tok->id, "exec arg", oflags); for (i = 0; i < tok->tt.execarg.count; i++) { - if (xml) { + if (oflags & AU_OFLAG_XML) { fprintf(fp, "<arg>"); - print_string(fp, tok->tt.execarg.text[i], + print_xml_string(fp, tok->tt.execarg.text[i], strlen(tok->tt.execarg.text[i])); fprintf(fp, "</arg>"); } else { @@ -1864,7 +1906,7 @@ print_execarg_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, strlen(tok->tt.execarg.text[i])); } } - if (xml) + if (oflags & AU_OFLAG_XML) close_tag(fp, tok->id); } @@ -1905,16 +1947,15 @@ fetch_execenv_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { u_int32_t i; - print_tok_type(fp, tok->id, "exec env", raw, xml); + print_tok_type(fp, tok->id, "exec env", oflags); for (i = 0; i< tok->tt.execenv.count; i++) { - if (xml) { + if (oflags & AU_OFLAG_XML) { fprintf(fp, "<env>"); - print_string(fp, tok->tt.execenv.text[i], + print_xml_string(fp, tok->tt.execenv.text[i], strlen(tok->tt.execenv.text[i])); fprintf(fp, "</env>"); } else { @@ -1923,7 +1964,7 @@ print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, strlen(tok->tt.execenv.text[i])); } } - if (xml) + if (oflags & AU_OFLAG_XML) close_tag(fp, tok->id); } @@ -1959,26 +2000,25 @@ fetch_file_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_file_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_file_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "file", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "file", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "time"); - print_sec32(fp, tok->tt.file.s, raw); + print_sec32(fp, tok->tt.file.s, oflags); close_attr(fp); open_attr(fp, "msec"); - print_msec32(fp, tok->tt.file.ms, raw); + print_msec32(fp, tok->tt.file.ms, oflags); close_attr(fp); fprintf(fp, ">"); print_string(fp, tok->tt.file.name, tok->tt.file.len); close_tag(fp, tok->id); } else { print_delim(fp, del); - print_sec32(fp, tok->tt.file.s, raw); + print_sec32(fp, tok->tt.file.s, oflags); print_delim(fp, del); - print_msec32(fp, tok->tt.file.ms, raw); + print_msec32(fp, tok->tt.file.ms, oflags); print_delim(fp, del); print_string(fp, tok->tt.file.name, tok->tt.file.len); } @@ -2001,29 +2041,28 @@ fetch_newgroups_tok(tokenstr_t *tok, u_char *buf, int len) for (i = 0; i<tok->tt.grps.no; i++) { READ_TOKEN_U_INT32(buf, len, tok->tt.grps.list[i], tok->len, err); - if (err) - return (-1); + if (err) + return (-1); } return (0); } static void -print_newgroups_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_newgroups_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { int i; - print_tok_type(fp, tok->id, "group", raw, xml); + print_tok_type(fp, tok->id, "group", oflags); for (i = 0; i < tok->tt.grps.no; i++) { - if (xml) { + if (oflags & AU_OFLAG_XML) { fprintf(fp, "<gid>"); - print_group(fp, tok->tt.grps.list[i], raw); + print_group(fp, tok->tt.grps.list[i], oflags); fprintf(fp, "</gid>"); close_tag(fp, tok->id); } else { print_delim(fp, del); - print_group(fp, tok->tt.grps.list[i], raw); + print_group(fp, tok->tt.grps.list[i], oflags); } } } @@ -2046,12 +2085,11 @@ fetch_inaddr_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_inaddr_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_inaddr_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "ip addr", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "ip addr", oflags); + if (oflags & AU_OFLAG_XML) { print_ip_address(fp, tok->tt.inaddr.addr); close_tag(fp, tok->id); } else { @@ -2061,7 +2099,7 @@ print_inaddr_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, } /* - * type 4 bytes + * type 4 bytes * address 16 bytes */ static int @@ -2090,12 +2128,11 @@ fetch_inaddr_ex_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_inaddr_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_inaddr_ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "ip addr ex", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "ip addr ex", oflags); + if (oflags & AU_OFLAG_XML) { print_ip_ex_address(fp, tok->tt.inaddr_ex.type, tok->tt.inaddr_ex.addr); close_tag(fp, tok->id); @@ -2164,12 +2201,11 @@ fetch_ip_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_ip_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_ip_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "ip", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "ip", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "version"); print_mem(fp, (u_char *)(&tok->tt.ip.version), sizeof(u_char)); @@ -2248,14 +2284,13 @@ fetch_ipc_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_ipc_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_ipc_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "IPC", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "IPC", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "ipc-type"); - print_ipctype(fp, tok->tt.ipc.type, raw); + print_ipctype(fp, tok->tt.ipc.type, oflags); close_attr(fp); open_attr(fp, "ipc-id"); print_4_bytes(fp, tok->tt.ipc.id, "%u"); @@ -2263,7 +2298,7 @@ print_ipc_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_ipctype(fp, tok->tt.ipc.type, raw); + print_ipctype(fp, tok->tt.ipc.type, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.ipc.id, "%u"); } @@ -2315,23 +2350,22 @@ fetch_ipcperm_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_ipcperm_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_ipcperm_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "IPC perm", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "IPC perm", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "uid"); - print_user(fp, tok->tt.ipcperm.uid, raw); + print_user(fp, tok->tt.ipcperm.uid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.ipcperm.gid, raw); + print_group(fp, tok->tt.ipcperm.gid, oflags); close_attr(fp); open_attr(fp, "creator-uid"); - print_user(fp, tok->tt.ipcperm.puid, raw); + print_user(fp, tok->tt.ipcperm.puid, oflags); close_attr(fp); open_attr(fp, "creator-gid"); - print_group(fp, tok->tt.ipcperm.pgid, raw); + print_group(fp, tok->tt.ipcperm.pgid, oflags); close_attr(fp); open_attr(fp, "mode"); print_4_bytes(fp, tok->tt.ipcperm.mode, "%o"); @@ -2345,13 +2379,13 @@ print_ipcperm_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_user(fp, tok->tt.ipcperm.uid, raw); + print_user(fp, tok->tt.ipcperm.uid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.ipcperm.gid, raw); + print_group(fp, tok->tt.ipcperm.gid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.ipcperm.puid, raw); + print_user(fp, tok->tt.ipcperm.puid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.ipcperm.pgid, raw); + print_group(fp, tok->tt.ipcperm.pgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.ipcperm.mode, "%o"); print_delim(fp, del); @@ -2378,12 +2412,11 @@ fetch_iport_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_iport_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_iport_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "ip port", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "ip port", oflags); + if (oflags & AU_OFLAG_XML) { print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x"); close_tag(fp, tok->id); } else { @@ -2414,12 +2447,11 @@ fetch_opaque_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_opaque_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_opaque_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "opaque", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "opaque", oflags); + if (oflags & AU_OFLAG_XML) { print_mem(fp, (u_char*)tok->tt.opaque.data, tok->tt.opaque.size); close_tag(fp, tok->id); @@ -2454,12 +2486,11 @@ fetch_path_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_path_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_path_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "path", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "path", oflags); + if (oflags & AU_OFLAG_XML) { print_string(fp, tok->tt.path.path, tok->tt.path.len); close_tag(fp, tok->id); } else { @@ -2527,26 +2558,25 @@ fetch_process32_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_process32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_process32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "process", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "process", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); - print_user(fp, tok->tt.proc32.auid, raw); + print_user(fp, tok->tt.proc32.auid, oflags); close_attr(fp); open_attr(fp, "uid"); - print_user(fp, tok->tt.proc32.euid, raw); + print_user(fp, tok->tt.proc32.euid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.proc32.egid, raw); + print_group(fp, tok->tt.proc32.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); - print_user(fp, tok->tt.proc32.ruid, raw); + print_user(fp, tok->tt.proc32.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); - print_group(fp, tok->tt.proc32.rgid, raw); + print_group(fp, tok->tt.proc32.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.proc32.pid, "%u"); @@ -2561,15 +2591,15 @@ print_process32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_user(fp, tok->tt.proc32.auid, raw); + print_user(fp, tok->tt.proc32.auid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.proc32.euid, raw); + print_user(fp, tok->tt.proc32.euid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.proc32.egid, raw); + print_group(fp, tok->tt.proc32.egid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.proc32.ruid, raw); + print_user(fp, tok->tt.proc32.ruid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.proc32.rgid, raw); + print_group(fp, tok->tt.proc32.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc32.pid, "%u"); print_delim(fp, del); @@ -2640,25 +2670,24 @@ fetch_process64_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_process64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_process64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "process", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "process", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); - print_user(fp, tok->tt.proc64.auid, raw); + print_user(fp, tok->tt.proc64.auid, oflags); close_attr(fp); open_attr(fp, "uid"); - print_user(fp, tok->tt.proc64.euid, raw); + print_user(fp, tok->tt.proc64.euid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.proc64.egid, raw); + print_group(fp, tok->tt.proc64.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); - print_user(fp, tok->tt.proc64.ruid, raw); + print_user(fp, tok->tt.proc64.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); - print_group(fp, tok->tt.proc64.rgid, raw); + print_group(fp, tok->tt.proc64.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.proc64.pid, "%u"); @@ -2673,15 +2702,15 @@ print_process64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_user(fp, tok->tt.proc64.auid, raw); + print_user(fp, tok->tt.proc64.auid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.proc64.euid, raw); + print_user(fp, tok->tt.proc64.euid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.proc64.egid, raw); + print_group(fp, tok->tt.proc64.egid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.proc64.ruid, raw); + print_user(fp, tok->tt.proc64.ruid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.proc64.rgid, raw); + print_group(fp, tok->tt.proc64.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc64.pid, "%u"); print_delim(fp, del); @@ -2767,26 +2796,25 @@ fetch_process32ex_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_process32ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_process32ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "process_ex", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "process_ex", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); - print_user(fp, tok->tt.proc32_ex.auid, raw); + print_user(fp, tok->tt.proc32_ex.auid, oflags); close_attr(fp); open_attr(fp, "uid"); - print_user(fp, tok->tt.proc32_ex.euid, raw); + print_user(fp, tok->tt.proc32_ex.euid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.proc32_ex.egid, raw); + print_group(fp, tok->tt.proc32_ex.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); - print_user(fp, tok->tt.proc32_ex.ruid, raw); + print_user(fp, tok->tt.proc32_ex.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); - print_group(fp, tok->tt.proc32_ex.rgid, raw); + print_group(fp, tok->tt.proc32_ex.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u"); @@ -2802,15 +2830,15 @@ print_process32ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_user(fp, tok->tt.proc32_ex.auid, raw); + print_user(fp, tok->tt.proc32_ex.auid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.proc32_ex.euid, raw); + print_user(fp, tok->tt.proc32_ex.euid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.proc32_ex.egid, raw); + print_group(fp, tok->tt.proc32_ex.egid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.proc32_ex.ruid, raw); + print_user(fp, tok->tt.proc32_ex.ruid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.proc32_ex.rgid, raw); + print_group(fp, tok->tt.proc32_ex.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u"); print_delim(fp, del); @@ -2897,25 +2925,24 @@ fetch_process64ex_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_process64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_process64ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "process_ex", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "process_ex", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); - print_user(fp, tok->tt.proc64_ex.auid, raw); + print_user(fp, tok->tt.proc64_ex.auid, oflags); close_attr(fp); open_attr(fp, "uid"); - print_user(fp, tok->tt.proc64_ex.euid, raw); + print_user(fp, tok->tt.proc64_ex.euid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.proc64_ex.egid, raw); + print_group(fp, tok->tt.proc64_ex.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); - print_user(fp, tok->tt.proc64_ex.ruid, raw); + print_user(fp, tok->tt.proc64_ex.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); - print_group(fp, tok->tt.proc64_ex.rgid, raw); + print_group(fp, tok->tt.proc64_ex.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u"); @@ -2931,15 +2958,15 @@ print_process64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_user(fp, tok->tt.proc64_ex.auid, raw); + print_user(fp, tok->tt.proc64_ex.auid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.proc64_ex.euid, raw); + print_user(fp, tok->tt.proc64_ex.euid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.proc64_ex.egid, raw); + print_group(fp, tok->tt.proc64_ex.egid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.proc64_ex.ruid, raw); + print_user(fp, tok->tt.proc64_ex.ruid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.proc64_ex.rgid, raw); + print_group(fp, tok->tt.proc64_ex.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u"); print_delim(fp, del); @@ -2973,14 +3000,13 @@ fetch_return32_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_return32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_return32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "return", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "return", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp ,"errval"); - print_retval(fp, tok->tt.ret32.status, raw); + print_retval(fp, tok->tt.ret32.status, oflags); close_attr(fp); open_attr(fp, "retval"); print_4_bytes(fp, tok->tt.ret32.ret, "%u"); @@ -2988,7 +3014,7 @@ print_return32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_retval(fp, tok->tt.ret32.status, raw); + print_retval(fp, tok->tt.ret32.status, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.ret32.ret, "%u"); } @@ -3011,14 +3037,13 @@ fetch_return64_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_return64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_return64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "return", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "return", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "errval"); - print_retval(fp, tok->tt.ret64.err, raw); + print_retval(fp, tok->tt.ret64.err, oflags); close_attr(fp); open_attr(fp, "retval"); print_8_bytes(fp, tok->tt.ret64.val, "%lld"); @@ -3026,7 +3051,7 @@ print_return64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_retval(fp, tok->tt.ret64.err, raw); + print_retval(fp, tok->tt.ret64.err, oflags); print_delim(fp, del); print_8_bytes(fp, tok->tt.ret64.val, "%lld"); } @@ -3048,12 +3073,11 @@ fetch_seq_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_seq_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_seq_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "sequence", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "sequence", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "seq-num"); print_4_bytes(fp, tok->tt.seq.seqno, "%u"); close_attr(fp); @@ -3093,12 +3117,11 @@ fetch_sock_inet32_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "socket-inet", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "socket-inet", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u"); close_attr(fp); @@ -3148,12 +3171,11 @@ fetch_sock_inet128_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_sock_inet128_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_sock_inet128_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "socket-inet6", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "socket-inet6", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u"); close_attr(fp); @@ -3192,7 +3214,7 @@ fetch_sock_unix_tok(tokenstr_t *tok, u_char *buf, int len) /* slen = strnlen((buf + tok->len), 104) + 1; */ p = (u_char *)memchr((const void *)(buf + tok->len), '\0', 104); - slen = (p ? (int)(p - (buf + tok->len)) : 104) + 1; + slen = (p ? (int)(p - (buf + tok->len)) : 104) + 1; READ_TOKEN_BYTES(buf, len, tok->tt.sockunix.path, slen, tok->len, err); if (err) @@ -3202,12 +3224,11 @@ fetch_sock_unix_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_sock_unix_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_sock_unix_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "socket-unix", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "socket-unix", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "type"); print_2_bytes(fp, tok->tt.sockunix.family, "%u"); close_attr(fp); @@ -3267,12 +3288,11 @@ fetch_socket_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_socket_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_socket_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "socket", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "socket", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "sock_type"); print_2_bytes(fp, tok->tt.socket.type, "%u"); close_attr(fp); @@ -3361,26 +3381,25 @@ fetch_subject32_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_subject32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_subject32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "subject", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "subject", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); - print_user(fp, tok->tt.subj32.auid, raw); + print_user(fp, tok->tt.subj32.auid, oflags); close_attr(fp); open_attr(fp, "uid"); - print_user(fp, tok->tt.subj32.euid, raw); + print_user(fp, tok->tt.subj32.euid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.subj32.egid, raw); + print_group(fp, tok->tt.subj32.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); - print_user(fp, tok->tt.subj32.ruid, raw); + print_user(fp, tok->tt.subj32.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); - print_group(fp, tok->tt.subj32.rgid, raw); + print_group(fp, tok->tt.subj32.rgid, oflags); close_attr(fp); open_attr(fp,"pid"); print_4_bytes(fp, tok->tt.subj32.pid, "%u"); @@ -3395,15 +3414,15 @@ print_subject32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_user(fp, tok->tt.subj32.auid, raw); + print_user(fp, tok->tt.subj32.auid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.subj32.euid, raw); + print_user(fp, tok->tt.subj32.euid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.subj32.egid, raw); + print_group(fp, tok->tt.subj32.egid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.subj32.ruid, raw); + print_user(fp, tok->tt.subj32.ruid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.subj32.rgid, raw); + print_group(fp, tok->tt.subj32.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj32.pid, "%u"); print_delim(fp, del); @@ -3415,6 +3434,110 @@ print_subject32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, } } +static void +print_upriv_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) +{ + + print_tok_type(fp, tok->id, "use of privilege", oflags); + if (oflags & AU_OFLAG_XML) { + open_attr(fp, "status"); + if (tok->tt.priv.sorf) + (void) fprintf(fp, "successful use of priv"); + else + (void) fprintf(fp, "failed use of priv"); + close_attr(fp); + open_attr(fp, "name"); + print_string(fp, tok->tt.priv.priv, tok->tt.priv.privstrlen); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + if (tok->tt.priv.sorf) + (void) fprintf(fp, "successful use of priv"); + else + (void) fprintf(fp, "failed use of priv"); + print_delim(fp, del); + print_string(fp, tok->tt.priv.priv, tok->tt.priv.privstrlen); + } +} + +/* + * status 1 byte + * privstrlen 2 bytes + * priv N bytes + 1 (\0 byte) + */ +static int +fetch_priv_tok(tokenstr_t *tok, u_char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_CHAR(buf, len, tok->tt.priv.sorf, tok->len, err); + if (err) + return (-1); + READ_TOKEN_U_INT16(buf, len, tok->tt.priv.privstrlen, tok->len, err); + if (err) + return (-1); + SET_PTR((char *)buf, len, tok->tt.priv.priv, tok->tt.priv.privstrlen, + tok->len, err); + if (err) + return (-1); + return (0); +} + +/* + * privtstrlen 1 byte + * privtstr N bytes + 1 + * privstrlen 1 byte + * privstr N bytes + 1 + */ +static int +fetch_privset_tok(tokenstr_t *tok, u_char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT16(buf, len, tok->tt.privset.privtstrlen, + tok->len, err); + if (err) + return (-1); + SET_PTR((char *)buf, len, tok->tt.privset.privtstr, + tok->tt.privset.privtstrlen, tok->len, err); + if (err) + return (-1); + READ_TOKEN_U_INT16(buf, len, tok->tt.privset.privstrlen, + tok->len, err); + if (err) + return (-1); + SET_PTR((char *)buf, len, tok->tt.privset.privstr, + tok->tt.privset.privstrlen, tok->len, err); + if (err) + return (-1); + return (0); +} + +static void +print_privset_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) +{ + + print_tok_type(fp, tok->id, "privilege", oflags); + if (oflags & AU_OFLAG_XML) { + open_attr(fp, "type"); + print_string(fp, tok->tt.privset.privtstr, + tok->tt.privset.privtstrlen); + close_attr(fp); + open_attr(fp, "priv"); + print_string(fp, tok->tt.privset.privstr, + tok->tt.privset.privstrlen); + close_attr(fp); + } else { + print_delim(fp, del); + print_string(fp, tok->tt.privset.privtstr, + tok->tt.privset.privtstrlen); + print_delim(fp, del); + print_string(fp, tok->tt.privset.privstr, + tok->tt.privset.privstrlen); + } +} + /* * audit ID 4 bytes * euid 4 bytes @@ -3473,26 +3596,25 @@ fetch_subject64_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_subject64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_subject64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "subject", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "subject", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); - print_user(fp, tok->tt.subj64.auid, raw); + print_user(fp, tok->tt.subj64.auid, oflags); close_attr(fp); open_attr(fp, "uid"); - print_user(fp, tok->tt.subj64.euid, raw); + print_user(fp, tok->tt.subj64.euid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.subj64.egid, raw); + print_group(fp, tok->tt.subj64.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); - print_user(fp, tok->tt.subj64.ruid, raw); + print_user(fp, tok->tt.subj64.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); - print_group(fp, tok->tt.subj64.rgid, raw); + print_group(fp, tok->tt.subj64.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.subj64.pid, "%u"); @@ -3507,15 +3629,15 @@ print_subject64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_user(fp, tok->tt.subj64.auid, raw); + print_user(fp, tok->tt.subj64.auid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.subj64.euid, raw); + print_user(fp, tok->tt.subj64.euid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.subj64.egid, raw); + print_group(fp, tok->tt.subj64.egid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.subj64.ruid, raw); + print_user(fp, tok->tt.subj64.ruid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.subj64.rgid, raw); + print_group(fp, tok->tt.subj64.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj64.pid, "%u"); print_delim(fp, del); @@ -3600,26 +3722,25 @@ fetch_subject32ex_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_subject32ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_subject32ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "subject_ex", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "subject_ex", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); - print_user(fp, tok->tt.subj32_ex.auid, raw); + print_user(fp, tok->tt.subj32_ex.auid, oflags); close_attr(fp); open_attr(fp, "uid"); - print_user(fp, tok->tt.subj32_ex.euid, raw); + print_user(fp, tok->tt.subj32_ex.euid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.subj32_ex.egid, raw); + print_group(fp, tok->tt.subj32_ex.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); - print_user(fp, tok->tt.subj32_ex.ruid, raw); + print_user(fp, tok->tt.subj32_ex.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); - print_group(fp, tok->tt.subj32_ex.rgid, raw); + print_group(fp, tok->tt.subj32_ex.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u"); @@ -3635,15 +3756,15 @@ print_subject32ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_user(fp, tok->tt.subj32_ex.auid, raw); + print_user(fp, tok->tt.subj32_ex.auid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.subj32_ex.euid, raw); + print_user(fp, tok->tt.subj32_ex.euid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.subj32_ex.egid, raw); + print_group(fp, tok->tt.subj32_ex.egid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.subj32_ex.ruid, raw); + print_user(fp, tok->tt.subj32_ex.ruid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.subj32_ex.rgid, raw); + print_group(fp, tok->tt.subj32_ex.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u"); print_delim(fp, del); @@ -3729,25 +3850,24 @@ fetch_subject64ex_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_subject64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_subject64ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "subject_ex", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "subject_ex", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "audit-uid"); - print_user(fp, tok->tt.subj64_ex.auid, raw); + print_user(fp, tok->tt.subj64_ex.auid, oflags); close_attr(fp); open_attr(fp, "uid"); - print_user(fp, tok->tt.subj64_ex.euid, raw); + print_user(fp, tok->tt.subj64_ex.euid, oflags); close_attr(fp); open_attr(fp, "gid"); - print_group(fp, tok->tt.subj64_ex.egid, raw); + print_group(fp, tok->tt.subj64_ex.egid, oflags); close_attr(fp); open_attr(fp, "ruid"); - print_user(fp, tok->tt.subj64_ex.ruid, raw); + print_user(fp, tok->tt.subj64_ex.ruid, oflags); close_attr(fp); open_attr(fp, "rgid"); - print_group(fp, tok->tt.subj64_ex.rgid, raw); + print_group(fp, tok->tt.subj64_ex.rgid, oflags); close_attr(fp); open_attr(fp, "pid"); print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); @@ -3763,15 +3883,15 @@ print_subject64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, close_tag(fp, tok->id); } else { print_delim(fp, del); - print_user(fp, tok->tt.subj64_ex.auid, raw); + print_user(fp, tok->tt.subj64_ex.auid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.subj64_ex.euid, raw); + print_user(fp, tok->tt.subj64_ex.euid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.subj64_ex.egid, raw); + print_group(fp, tok->tt.subj64_ex.egid, oflags); print_delim(fp, del); - print_user(fp, tok->tt.subj64_ex.ruid, raw); + print_user(fp, tok->tt.subj64_ex.ruid, oflags); print_delim(fp, del); - print_group(fp, tok->tt.subj64_ex.rgid, raw); + print_group(fp, tok->tt.subj64_ex.rgid, oflags); print_delim(fp, del); print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); print_delim(fp, del); @@ -3806,12 +3926,11 @@ fetch_text_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_text_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_text_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "text", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "text", oflags); + if (oflags & AU_OFLAG_XML) { print_string(fp, tok->tt.text.text, tok->tt.text.len); close_tag(fp, tok->id); } else { @@ -3891,8 +4010,7 @@ fetch_socketex32_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { /* @@ -3901,8 +4019,8 @@ print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, * these constants in the future, we may want to call conversion * routines. */ - print_tok_type(fp, tok->id, "socket", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "socket", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "sock_dom"); print_2_bytes(fp, tok->tt.socket_ex32.domain, "%#x"); close_attr(fp); @@ -3963,12 +4081,11 @@ fetch_invalid_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_invalid_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_invalid_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - if (!xml) { - print_tok_type(fp, tok->id, "unknown", raw, 0); + if (!(oflags & AU_OFLAG_XML)) { + print_tok_type(fp, tok->id, "unknown", oflags); print_delim(fp, del); print_mem(fp, (u_char*)tok->tt.invalid.data, tok->tt.invalid.length); @@ -3996,12 +4113,11 @@ fetch_zonename_tok(tokenstr_t *tok, u_char *buf, int len) } static void -print_zonename_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm, int xml) +print_zonename_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) { - print_tok_type(fp, tok->id, "zone", raw, xml); - if (xml) { + print_tok_type(fp, tok->id, "zone", oflags); + if (oflags & AU_OFLAG_XML) { open_attr(fp, "name"); print_string(fp, tok->tt.zonename.zonename, tok->tt.zonename.len); @@ -4152,360 +4268,230 @@ au_fetch_tok(tokenstr_t *tok, u_char *buf, int len) case AUT_ZONENAME: return (fetch_zonename_tok(tok, buf, len)); + case AUT_UPRIV: + return (fetch_priv_tok(tok, buf, len)); + + case AUT_PRIV: + return (fetch_privset_tok(tok, buf, len)); + default: return (fetch_invalid_tok(tok, buf, len)); } } -/* - * 'prints' the token out to outfp. - */ void -au_print_tok(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm) +au_print_flags_tok(FILE *outfp, tokenstr_t *tok, char *del, int oflags) { switch(tok->id) { case AUT_HEADER32: - print_header32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_header32_tok(outfp, tok, del, oflags); return; case AUT_HEADER32_EX: - print_header32_ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_header32_ex_tok(outfp, tok, del, oflags); return; case AUT_HEADER64: - print_header64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_header64_tok(outfp, tok, del, oflags); return; case AUT_HEADER64_EX: - print_header64_ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_header64_ex_tok(outfp, tok, del, oflags); return; case AUT_TRAILER: - print_trailer_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_trailer_tok(outfp, tok, del, oflags); return; case AUT_ARG32: - print_arg32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_arg32_tok(outfp, tok, del, oflags); return; case AUT_ARG64: - print_arg64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_arg64_tok(outfp, tok, del, oflags); return; case AUT_DATA: - print_arb_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_arb_tok(outfp, tok, del, oflags); return; case AUT_ATTR32: - print_attr32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_attr32_tok(outfp, tok, del, oflags); return; case AUT_ATTR64: - print_attr64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_attr64_tok(outfp, tok, del, oflags); return; case AUT_EXIT: - print_exit_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_exit_tok(outfp, tok, del, oflags); return; case AUT_EXEC_ARGS: - print_execarg_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_execarg_tok(outfp, tok, del, oflags); return; case AUT_EXEC_ENV: - print_execenv_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_execenv_tok(outfp, tok, del, oflags); return; case AUT_OTHER_FILE32: - print_file_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_file_tok(outfp, tok, del, oflags); return; case AUT_NEWGROUPS: - print_newgroups_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_newgroups_tok(outfp, tok, del, oflags); return; case AUT_IN_ADDR: - print_inaddr_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_inaddr_tok(outfp, tok, del, oflags); return; case AUT_IN_ADDR_EX: - print_inaddr_ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_inaddr_ex_tok(outfp, tok, del, oflags); return; case AUT_IP: - print_ip_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_ip_tok(outfp, tok, del, oflags); return; case AUT_IPC: - print_ipc_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_ipc_tok(outfp, tok, del, oflags); return; case AUT_IPC_PERM: - print_ipcperm_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_ipcperm_tok(outfp, tok, del, oflags); return; case AUT_IPORT: - print_iport_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_iport_tok(outfp, tok, del, oflags); return; case AUT_OPAQUE: - print_opaque_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_opaque_tok(outfp, tok, del, oflags); return; case AUT_PATH: - print_path_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_path_tok(outfp, tok, del, oflags); return; case AUT_PROCESS32: - print_process32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_process32_tok(outfp, tok, del, oflags); return; case AUT_PROCESS32_EX: - print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_process32ex_tok(outfp, tok, del, oflags); return; case AUT_PROCESS64: - print_process64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_process64_tok(outfp, tok, del, oflags); return; case AUT_PROCESS64_EX: - print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_process64ex_tok(outfp, tok, del, oflags); return; case AUT_RETURN32: - print_return32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_return32_tok(outfp, tok, del, oflags); return; case AUT_RETURN64: - print_return64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_return64_tok(outfp, tok, del, oflags); return; case AUT_SEQ: - print_seq_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_seq_tok(outfp, tok, del, oflags); return; case AUT_SOCKET: - print_socket_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_socket_tok(outfp, tok, del, oflags); return; case AUT_SOCKINET32: - print_sock_inet32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_sock_inet32_tok(outfp, tok, del, oflags); return; case AUT_SOCKUNIX: - print_sock_unix_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_sock_unix_tok(outfp, tok, del, oflags); return; case AUT_SOCKINET128: - print_sock_inet128_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_sock_inet128_tok(outfp, tok, del, oflags); return; case AUT_SUBJECT32: - print_subject32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_subject32_tok(outfp, tok, del, oflags); return; case AUT_SUBJECT64: - print_subject64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_subject64_tok(outfp, tok, del, oflags); return; case AUT_SUBJECT32_EX: - print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_subject32ex_tok(outfp, tok, del, oflags); return; case AUT_SUBJECT64_EX: - print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_subject64ex_tok(outfp, tok, del, oflags); return; case AUT_TEXT: - print_text_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_text_tok(outfp, tok, del, oflags); return; case AUT_SOCKET_EX: - print_socketex32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_socketex32_tok(outfp, tok, del, oflags); return; case AUT_ZONENAME: - print_zonename_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_zonename_tok(outfp, tok, del, oflags); + return; + + case AUT_UPRIV: + print_upriv_tok(outfp, tok, del, oflags); + return; + + case AUT_PRIV: + print_privset_tok(outfp, tok, del, oflags); return; default: - print_invalid_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + print_invalid_tok(outfp, tok, del, oflags); } } /* - * 'prints' the token out to outfp in XML format. + * 'prints' the token out to outfp. */ void -au_print_tok_xml(FILE *outfp, tokenstr_t *tok, char *del, char raw, - char sfrm) +au_print_tok(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm) { + int oflags = AU_OFLAG_NONE; - switch(tok->id) { - case AUT_HEADER32: - print_header32_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_HEADER32_EX: - print_header32_ex_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_HEADER64: - print_header64_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_HEADER64_EX: - print_header64_ex_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_TRAILER: - print_trailer_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_ARG32: - print_arg32_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_ARG64: - print_arg64_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_DATA: - print_arb_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_ATTR32: - print_attr32_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_ATTR64: - print_attr64_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_EXIT: - print_exit_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_EXEC_ARGS: - print_execarg_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_EXEC_ENV: - print_execenv_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_OTHER_FILE32: - print_file_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_NEWGROUPS: - print_newgroups_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_IN_ADDR: - print_inaddr_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_IN_ADDR_EX: - print_inaddr_ex_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_IP: - print_ip_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_IPC: - print_ipc_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_IPC_PERM: - print_ipcperm_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_IPORT: - print_iport_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_OPAQUE: - print_opaque_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_PATH: - print_path_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_PROCESS32: - print_process32_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_PROCESS32_EX: - print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_PROCESS64: - print_process64_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_PROCESS64_EX: - print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_RETURN32: - print_return32_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_RETURN64: - print_return64_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_SEQ: - print_seq_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_SOCKET: - print_socket_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_SOCKINET32: - print_sock_inet32_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_SOCKUNIX: - print_sock_unix_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_SUBJECT32: - print_subject32_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_SUBJECT64: - print_subject64_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_SUBJECT32_EX: - print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; - - case AUT_SUBJECT64_EX: - print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; + if (raw) + oflags |= AU_OFLAG_RAW; + if (sfrm) + oflags |= AU_OFLAG_SHORT; - case AUT_TEXT: - print_text_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; + au_print_flags_tok(outfp, tok, del, oflags); +} - case AUT_SOCKET_EX: - print_socketex32_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; +/* + * 'prints' the token out to outfp in XML format. + */ +void +au_print_tok_xml(FILE *outfp, tokenstr_t *tok, char *del, char raw, + char sfrm) +{ + int oflags = AU_OFLAG_XML; - case AUT_ZONENAME: - print_zonename_tok(outfp, tok, del, raw, sfrm, AU_XML); - return; + if (raw) + oflags |= AU_OFLAG_RAW; + if (sfrm) + oflags |= AU_OFLAG_SHORT; - default: - print_invalid_tok(outfp, tok, del, raw, sfrm, AU_XML); - } + au_print_flags_tok(outfp, tok, del, oflags); } /* @@ -4553,11 +4539,10 @@ au_read_rec(FILE *fp, u_char **buf) return (-1); } - *buf = malloc(recsize * sizeof(u_char)); + *buf = calloc(recsize, sizeof(u_char)); if (*buf == NULL) return (-1); bptr = *buf; - memset(bptr, 0, recsize); /* store the token contents already read, back to the buffer*/ *bptr = type; diff --git a/libbsm/bsm_token.c b/libbsm/bsm_token.c index a37dd630c57c..a6b975d04d1b 100644 --- a/libbsm/bsm_token.c +++ b/libbsm/bsm_token.c @@ -30,26 +30,29 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99 $ */ #include <sys/types.h> #include <config/config.h> -#if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BE32ENC) + +#ifdef USE_ENDIAN_H +#include <endian.h> +#endif +#ifdef USE_SYS_ENDIAN_H #include <sys/endian.h> -#else /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */ -#ifdef HAVE_MACHINE_ENDIAN_H +#endif +#ifdef USE_MACHINE_ENDIAN_H #include <machine/endian.h> -#else /* !HAVE_MACHINE_ENDIAN_H */ -#ifdef HAVE_ENDIAN_H -#include <endian.h> -#else /* !HAVE_ENDIAN_H */ -#error "No supported endian.h" -#endif /* !HAVE_ENDIAN_H */ -#endif /* !HAVE_MACHINE_ENDIAN_H */ +#endif +#ifdef USE_COMPAT_ENDIAN_H #include <compat/endian.h> -#endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */ +#endif +#ifdef USE_COMPAT_ENDIAN_ENC_H +#include <compat/endian_enc.h> +#endif + #ifdef HAVE_FULL_QUEUE_H #include <sys/queue.h> #else /* !HAVE_FULL_QUEUE_H */ @@ -79,12 +82,11 @@ (t) = malloc(sizeof(token_t)); \ if ((t) != NULL) { \ (t)->len = (length); \ - (dptr) = (t->t_data) = malloc((length) * sizeof(u_char)); \ + (dptr) = (t->t_data) = calloc((length), sizeof(u_char)); \ if ((dptr) == NULL) { \ free(t); \ (t) = NULL; \ - } else \ - memset((dptr), 0, (length)); \ + } \ } else \ (dptr) = NULL; \ assert((t) == NULL || (dptr) != NULL); \ @@ -92,6 +94,59 @@ /* * token ID 1 byte + * success/failure 1 byte + * privstrlen 2 bytes + * privstr N bytes + 1 (\0 byte) + */ +token_t * +au_to_upriv(char sorf, char *priv) +{ + u_int16_t textlen; + u_char *dptr; + token_t *t; + + textlen = strlen(priv) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) + + sizeof(u_int16_t) + textlen); + if (t == NULL) + return (NULL); + ADD_U_CHAR(dptr, AUT_UPRIV); + ADD_U_CHAR(dptr, sorf); + ADD_U_INT16(dptr, textlen); + ADD_STRING(dptr, priv, textlen); + return (t); +} + +/* + * token ID 1 byte + * privtstrlen 2 bytes + * privtstr N bytes + 1 + * privstrlen 2 bytes + * privstr N bytes + 1 + */ +token_t * +au_to_privset(char *privtypestr, char *privstr) +{ + u_int16_t type_len, priv_len; + u_char *dptr; + token_t *t; + + type_len = strlen(privtypestr) + 1; + priv_len = strlen(privstr) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + + sizeof(u_int16_t) + type_len + priv_len); + if (t == NULL) + return (NULL); + ADD_U_CHAR(dptr, AUT_PRIV); + ADD_U_INT16(dptr, type_len); + ADD_STRING(dptr, privtypestr, type_len); + ADD_U_INT16(dptr, priv_len); + ADD_STRING(dptr, privstr, priv_len); + return (t); +} + +/* + * token ID 1 byte * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) * text length 2 bytes @@ -968,6 +1023,8 @@ au_to_socket_ex(u_short so_domain, u_short so_type, errno = EINVAL; return (NULL); } + if (t == NULL) + return (NULL); ADD_U_CHAR(dptr, AUT_SOCKET_EX); ADD_U_INT16(dptr, au_domain_to_bsm(so_domain)); @@ -1285,9 +1342,9 @@ au_to_me(void) auinfo.ai_asid, &auinfo.ai_termid)); } else { /* getaudit_addr(2) failed for some other reason. */ - return (NULL); + return (NULL); } - } + } return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); @@ -1459,7 +1516,7 @@ au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * sizeof(u_int32_t) + tid->at_type); - if (t == NULL) + if (t == NULL) return (NULL); ADD_U_CHAR(dptr, AUT_HEADER32_EX); @@ -1478,7 +1535,7 @@ au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, ADD_U_INT32(dptr, tm.tv_sec); ADD_U_INT32(dptr, timems); /* We need time in ms. */ - return (t); + return (t); } token_t * diff --git a/libbsm/bsm_user.c b/libbsm/bsm_user.c index 005698be9a98..c7464f04b7bd 100644 --- a/libbsm/bsm_user.c +++ b/libbsm/bsm_user.c @@ -27,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#19 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#20 $ */ #include <config/config.h> @@ -210,7 +210,7 @@ getauusernam_r(struct au_user_ent *u, const char *name) #ifdef HAVE_PTHREAD_MUTEX_LOCK pthread_mutex_unlock(&mutex); #endif - return (u); + return (up); } } diff --git a/libbsm/bsm_wrappers.c b/libbsm/bsm_wrappers.c index ab6dc17f8d6c..2d24a0ce0f69 100644 --- a/libbsm/bsm_wrappers.c +++ b/libbsm/bsm_wrappers.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#31 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#32 $ */ #ifdef __APPLE__ @@ -181,7 +181,7 @@ audit_submit(short au_event, au_id_t auid, char status, token = au_to_return32(au_errno_to_bsm(status), reterr); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, - "audit: enable to build return token"); + "audit: unable to build return token"); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = EPERM; return (-1); |