History log of /freebsd-head/contrib/openbsm/libauditd/auditd_lib.c
Revision Date Author Comments
9568fd4404ad713327f6288bc2c21aadbbce1d5c 28-Jul-2020 csjp <csjp@FreeBSD.org> Fixup some incorrect information and some comments. These changes
were cherry picked up the upstream OpenBSD repository. At some point we
will look at doing another import, but the diffs are substantial and will
require some careful testing.

Differential Revision: https://reviews.freebsd.org/D25021
MFC after: 2 weeks
Submitted by: gbe
Reviewed by: myself, bcr
cdf255bc9fa08a632659986088fe11f9747c326c 09-Jan-2019 pjd <pjd@FreeBSD.org> In r316006 the getstrfromtype_locked() function was modified to return
an empty string, instead of NULL, if an entry is missing in the audit_control
file. Because of that change the getachost() function started to return
success even if the host name was not defined in the audit_control.
This in turn led to auditd_hostlen always being set (for an empty host it was
set to 0). If auditd_hostlen was not equal to -1 we were trying to append
the host name to trail file name. All this led to situation where when host
name is not defined in audit_control, auditd will create trail files with
a leading '.', which breaks auditdistd as it doesn't work with longer audit
trail file names.

Fix this by appending host name to the trail file name only if the host name
is not empty.
dd5df8c25b355d43b2317ea3bc662ede476849d0 22-Jul-2018 asomers <asomers@FreeBSD.org> auditd(8): Log a better error when no hostname is set in audit_control

Cherry-pick from https://github.com/openbsm/openbsm/commit/01ba03b

Reviewed by: cem
Obtained from: OpenBSM
MFC after: 2 weeks
Pull Request: https://github.com/openbsm/openbsm/pull/38
84f8c77a4286aae495d442457099f6bea3b9b319 26-Mar-2017 rwatson <rwatson@FreeBSD.org> Merge OpenBSM 1.2-alpha5 from vendor branch to FreeBSD -CURRENT:

- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to
query it, allowing to set the kernel's maximum audit queue length.
- Add support to push a mapping between audit event names and event numbers
into the kernel (where supported) using new A_GETEVENT and A_SETEVENT
auditon(2) operations.
- Add audit event identifiers for a number of new (and not-so-new) FreeBSD
system calls including those for asynchronous I/O, thread management, SCTP,
jails, multi-FIB support, and misc. POSIX interfaces such as
posix_fallocate(2) and posix_fadvise(2).
- On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now
run sandboxed.
- Empty "flags" and "naflags" fields are now permitted in audit_control(5).

Many thanks to Christian Brueffer for producing the OpenBSM release and
importing/tagging it in the vendor branch. This release will allow improved
auditing of a range of new FreeBSD functionality, as well as non-traditional
events (e.g., fine-grained I/O auditing) not required by the Orange Book or
Common Criteria.

Obtained from: TrustedBSD Project
Sponsored by: DARPA, AFRL
MFC after: 3 weeks
00d578928eca75be320b36d37543a7e2a4f9fbdb 27-May-2016 grehan <grehan@FreeBSD.org> Create branch for bhyve graphics import.
144eea387465dd3aebdc4046e8e6d172c51f17bc 04-Jan-2016 brueffer <brueffer@FreeBSD.org> MFH: 292432,r292433,r292434

- Merge OpenBSM 1.2 alpha 4.
- Regenerate config.h for OpenBSM 1.2 alpha 4.
- Add au_notify.2 and MLINKs (added in OpenBSM 1.2 alpha 4).

Relnotes: yes
eb1a5f8de9f7ea602c373a710f531abbf81141c4 21-Feb-2014 gjb <gjb@FreeBSD.org> Move ^/user/gjb/hacking/release-embedded up one directory, and remove
^/user/gjb/hacking since this is likely to be merged to head/ soon.

Sponsored by: The FreeBSD Foundation
6b01bbf146ab195243a8e7d43bb11f8835c76af8 27-Dec-2013 gjb <gjb@FreeBSD.org> Copy head@r259933 -> user/gjb/hacking/release-embedded for initial
inclusion of (at least) arm builds with the release.

Sponsored by: The FreeBSD Foundation
f001c5d63e95efd8ef1616678ab5b713c3faeec7 08-Apr-2012 rwatson <rwatson@FreeBSD.org> Merge a local fix to OpenBSM's libauditd to avoid a directory descriptor
leak when iterating over possible audit trail directories. This fix will
be merged upstream in an identical form, but hasn't yet appeared in an
OpenBSM release.

Submitted by: guido
Obtained from: TrustedBSD Project
MFC after: 3 days
09f9c897d33c41618ada06fbbcf1a9b3812dee53 19-Oct-2010 jamie <jamie@FreeBSD.org> A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.
f1216d1f0ade038907195fc114b7e630623b402c 19-Mar-2010 delphij <delphij@FreeBSD.org> Create a custom branch where I will be able to do the merge.
d77b22ca313fa4061782d2b1677a768149593534 17-Jul-2009 rwatson <rwatson@FreeBSD.org> Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:

- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
error number space.

MFC after: 3 weeks
Obtained from: TrustedBSD Project
Sponsored by: Apple, Inc.
Approved by: re (kib)
ee5318d5431890ccd7baeb15560b4bebe982525b 02-Mar-2009 rwatson <rwatson@FreeBSD.org> Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual

OpenBSM history for imported revision below for reference.

MFC after: 1 month
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project

OpenBSM 1.1 beta 1

- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
For legacy support no suffix defaults to bytes.
- Audit trail log expiration support added. It is configured in
audit_control(5) with the expire-after parameter. If there is no
expire-after parameter in audit_control(5), the default, then the audit
trail files are not expired and removed. See audit_control(5) for
more information.
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
partitions, rotate automatically at 2mb, and set the default policy to
cnt,argv rather than cnt so that execve(2) arguments are captured if
AUE_EXECVE events are audited. These may provide more usable defaults for
many users.
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
au_to_socket_ex(3) arguments to BSM format.
- Fix error encoding AUT_IPC_PERM tokens.