mirror of
https://git.FreeBSD.org/src.git
synced 2024-11-25 07:49:18 +00:00
Fixup some incorrect information and some comments. These changes
were cherry picked up the upstream OpenBSD repository. At some point we will look at doing another import, but the diffs are substantial and will require some careful testing. Differential Revision: https://reviews.freebsd.org/D25021 MFC after: 2 weeks Submitted by: gbe Reviewed by: myself, bcr
This commit is contained in:
parent
f72e5be58a
commit
3008333d44
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=363655
@ -36,6 +36,9 @@ the development of OpenBSM:
|
||||
Ryan Steinmetz
|
||||
The FreeBSD Foundation
|
||||
Brooks Davis
|
||||
Mateusz Piotrowski
|
||||
Alan Somers
|
||||
Aniket Pandey
|
||||
|
||||
In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
|
||||
Software's FlexeLint tool were used to identify a number of bugs in the
|
||||
|
@ -712,7 +712,7 @@ auditd_config_controls(void)
|
||||
*/
|
||||
err = auditd_set_qsize();
|
||||
if (err) {
|
||||
auditd_log_err("audit_set_qsize() %s: %m",
|
||||
auditd_log_err("auditd_set_qsize() %s: %m",
|
||||
auditd_strerror(err));
|
||||
ret = -1;
|
||||
} else
|
||||
|
@ -523,7 +523,7 @@ main_loop(void)
|
||||
}
|
||||
TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) {
|
||||
if (adhost->adh_role == ADIST_ROLE_SENDER) {
|
||||
/* Only sender workers asks for connections. */
|
||||
/* Only sender workers ask for connections. */
|
||||
PJDLOG_ASSERT(adhost->adh_conn != NULL);
|
||||
fd = proto_descriptor(adhost->adh_conn);
|
||||
PJDLOG_ASSERT(fd >= 0);
|
||||
|
@ -413,7 +413,7 @@ tls_exec_client(const char *user, int startfd, const char *srcaddr,
|
||||
tls_certificate_verify(ssl, fingerprint);
|
||||
|
||||
/*
|
||||
* The following byte is send to make proto_connect_wait() to work.
|
||||
* The following byte is sent to make proto_connect_wait() work.
|
||||
*/
|
||||
connected = 1;
|
||||
for (;;) {
|
||||
@ -460,7 +460,7 @@ tls_call_exec_client(struct proto_conn *sock, const char *srcaddr,
|
||||
proto_close(sock);
|
||||
} else {
|
||||
/*
|
||||
* The FD_CLOEXEC is cleared by dup2(2), so when we not
|
||||
* The FD_CLOEXEC is cleared by dup2(2), so when we do not
|
||||
* call it, we have to clear it by hand in case it is set.
|
||||
*/
|
||||
if (fcntl(startfd, F_SETFD, 0) == -1)
|
||||
|
@ -498,7 +498,7 @@ auditd_expire_trails(int (*warn_expired)(char *))
|
||||
* update the mtime of the trail file to the current
|
||||
* time. This is so we don't prematurely remove a trail
|
||||
* file that was created while the system clock reset
|
||||
* to the * "beginning of time" but later the system
|
||||
* to the "beginning of time" but later the system
|
||||
* clock is set to the correct current time.
|
||||
*/
|
||||
if (current_time >= JAN_01_2000 &&
|
||||
|
@ -201,7 +201,7 @@ converts an audit policy flags string,
|
||||
.Fa polstr ,
|
||||
to a numeric audit policy mask returned via
|
||||
.Fa policy .
|
||||
.Sh RETURN VALULES
|
||||
.Sh RETURN VALUES
|
||||
The
|
||||
.Fn getacfilesz ,
|
||||
.Fn getacdir ,
|
||||
|
@ -62,7 +62,7 @@ The
|
||||
function accepts a local domain, and returns the BSM domain for it.
|
||||
This call cannot fail, and instead returns a BSM domain indicating to a later
|
||||
decoder that the domain could not be encoded.
|
||||
.Sh RETURN VALULES
|
||||
.Sh RETURN VALUES
|
||||
On success,
|
||||
.Fn au_bsm_to_domain
|
||||
returns 0 and a converted domain; on failure, it returns -1 but does not set
|
||||
|
@ -76,7 +76,7 @@ function converts a BSM error value to a string, generally by converting first t
|
||||
local error number and using the local
|
||||
.Xr strerror 3
|
||||
function, but will also work for errors that are not locally defined.
|
||||
.Sh RETURN VALULES
|
||||
.Sh RETURN VALUES
|
||||
On success,
|
||||
.Fn au_bsm_to_errno
|
||||
returns 0 and a converted error value; on failure, it returns -1 but does not
|
||||
|
@ -61,7 +61,7 @@ operating system.
|
||||
function accepts a local socket type, and returns the BSM socket type for it.
|
||||
This call cannot fail, and instead returns a BSM socket type indicating to a
|
||||
later decoder that the socket type could not be encoded.
|
||||
.Sh RETURN VALULES
|
||||
.Sh RETURN VALUES
|
||||
On success,
|
||||
.Fn au_bsm_to_socket_type
|
||||
returns 0 and a converted socket type; on failure, it returns -1 but does not
|
||||
|
@ -102,7 +102,7 @@ token can be created using
|
||||
.It Sy "Field Bytes Description"
|
||||
.It "Token ID 1 byte Token ID"
|
||||
.It "Record Byte Count 4 bytes Number of bytes in record"
|
||||
.It "Version Number 2 bytes Record version number"
|
||||
.It "Version Number 1 byte Record version number"
|
||||
.It "Event Type 2 bytes Event type"
|
||||
.It "Event Modifier 2 bytes Event sub-type"
|
||||
.It "Seconds 4/8 bytes Record time stamp (32/64-bits)"
|
||||
@ -126,7 +126,7 @@ token can be created using
|
||||
.It Sy "Field Bytes Description"
|
||||
.It "Token ID 1 byte Token ID"
|
||||
.It "Record Byte Count 4 bytes Number of bytes in record"
|
||||
.It "Version Number 2 bytes Record version number"
|
||||
.It "Version Number 1 byte Record version number"
|
||||
.It "Event Type 2 bytes Event type"
|
||||
.It "Event Modifier 2 bytes Event sub-type"
|
||||
.It "Address Type/Length 1 byte Host address type and length"
|
||||
@ -325,7 +325,7 @@ or
|
||||
.It "Process ID 4 bytes Process ID"
|
||||
.It "Session ID 4 bytes Audit session ID"
|
||||
.It "Terminal Port ID 4/8 bytes Terminal port ID (32/64-bits)"
|
||||
.It "Terminal Address Type/Length 1 byte Length of machine address"
|
||||
.It "Terminal Address Type/Length 4 bytes Length of machine address"
|
||||
.It "Terminal Machine Address 4 bytes IPv4 or IPv6 address of machine"
|
||||
.El
|
||||
.Ss Return Token
|
||||
|
@ -24,7 +24,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd October 19, 2008
|
||||
.Dd March 14, 2018
|
||||
.Dt GETAUDIT 2
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -62,6 +62,7 @@ struct auditinfo {
|
||||
au_mask_t ai_mask; /* Audit masks */
|
||||
au_tid_t ai_termid; /* Terminal ID */
|
||||
au_asid_t ai_asid; /* Audit session ID */
|
||||
au_asflgs_t ai_flags; /* Audit session flags. */
|
||||
};
|
||||
typedef struct auditinfo auditinfo_t;
|
||||
.Ed
|
||||
|
@ -46,7 +46,7 @@
|
||||
#define MIN_AUDIT_FILE_SIZE (512 * 1024)
|
||||
|
||||
/*
|
||||
* Minimum noumber of free blocks on the filesystem containing the audit
|
||||
* Minimum number of free blocks on the filesystem containing the audit
|
||||
* log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0
|
||||
* as the kernel does an unsigned compare, plus we want to leave a few blocks
|
||||
* free so userspace can terminate the log, etc.
|
||||
@ -249,14 +249,14 @@ typedef struct au_token token_t;
|
||||
/*
|
||||
* Kernel audit queue control parameters:
|
||||
* Default: Maximum:
|
||||
* aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000)
|
||||
* aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000)
|
||||
* aq_lowater: AQ_LOWATER (10) <aq_hiwater
|
||||
* aq_bufsz: AQ_BUFSZ (32767) AQ_MAXBUFSZ (1048576)
|
||||
* aq_delay: 20 20000 (not used)
|
||||
* aq_delay: 20 20000 (not used)
|
||||
*/
|
||||
struct au_qctrl {
|
||||
int aq_hiwater; /* Max # of audit recs in queue when */
|
||||
/* threads with new ARs get blocked. */
|
||||
/* threads with new ARs get blocked. */
|
||||
|
||||
int aq_lowater; /* # of audit recs in queue when */
|
||||
/* blocked threads get unblocked. */
|
||||
|
Loading…
Reference in New Issue
Block a user