PERFORCE change 160640 for review
Stacey Son
sson at FreeBSD.org
Tue Apr 14 13:29:23 PDT 2009
http://perforce.freebsd.org/chv.cgi?CH=160640
Change 160640 by sson at sson_amd64 on 2009/04/14 20:29:05
Adding AUE_ssauthmech event, the "aa" class, and changing
flags to audit the aa event class by default.
Sync sys/bsm/audit.h with darwin kernel version.
Credit: Gary Hoo
Affected files ...
.. //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#11 edit
.. //depot/projects/trustedbsd/openbsm/etc/audit_class#6 edit
.. //depot/projects/trustedbsd/openbsm/etc/audit_control#8 edit
.. //depot/projects/trustedbsd/openbsm/etc/audit_event#39 edit
.. //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#11 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#10 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#11 $
*/
#ifndef _BSM_AUDIT_UEVENTS_H_
@@ -138,5 +138,6 @@
#define AUE_calife 45027 /* OpenBSM-allocated. */
#define AUE_sudo 45028 /* OpenBSM-allocated. */
#define AUE_audit_recovery 45029 /* OpenBSM-allocated. */
+#define AUE_ssauthmech 45030 /* Darwin-specific. */
#endif /* !_BSM_AUDIT_UEVENTS_H_ */
==== //depot/projects/trustedbsd/openbsm/etc/audit_class#6 (text+ko) ====
@@ -1,5 +1,5 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#5 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#6 $
#
0x00000000:no:invalid class
0x00000001:fr:file read
@@ -15,6 +15,7 @@
0x00000400:na:non attributable
0x00000800:ad:administrative
0x00001000:lo:login_logout
+0x00002000:aa:authentication and authorization
0x00004000:ap:application
0x20000000:io:ioctl
0x40000000:ex:exec
==== //depot/projects/trustedbsd/openbsm/etc/audit_control#8 (text+ko) ====
@@ -1,10 +1,10 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#7 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#8 $
#
dir:/var/audit
-flags:lo
+flags:lo,aa
minfree:5
-naflags:lo
+naflags:lo,aa
policy:cnt,argv
filesz:2M
expire-after:10M
==== //depot/projects/trustedbsd/openbsm/etc/audit_event#39 (text+ko) ====
@@ -1,5 +1,5 @@
#
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#38 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#39 $
#
# The mapping between event identifiers and values is also hard-coded in
# audit_kevents.h and audit_uevents.h, so changes must occur in both places,
@@ -628,10 +628,10 @@
6521:AUE_DARWIN_revoke_obj:revoke object priv:fm
6600:AUE_DARWIN_lw_login:loginwindow login:lo
6601:AUE_DARWIN_lw_logout:loginwindow logout:lo
-7000:AUE_DARWIN_auth_user:user authentication:ad
-7001:AUE_DARWIN_ssconn:SecSrvr connection setup:ad
-7002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:ad
-7003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:ad
+7000:AUE_DARWIN_auth_user:user authentication:aa
+7001:AUE_DARWIN_ssconn:SecSrvr connection setup:aa
+7002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:aa
+7003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:aa
#
# Historic/third-party application allocations of event identifiers.
#
@@ -650,10 +650,11 @@
45020:AUE_revoke_obj:revoke object priv:fm
45021:AUE_lw_login:loginwindow login:lo
45022:AUE_lw_logout:loginwindow logout:lo
-45023:AUE_auth_user:user authentication:ad
-45024:AUE_ssconn:SecSrvr connection setup:ad
-45025:AUE_ssauthorize:SecSrvr AuthEngine:ad
-45026:AUE_ssauthint:SecSrvr authinternal mech:ad
+45023:AUE_auth_user:user authentication:aa
+45024:AUE_ssconn:SecSrvr connection setup:aa
+45025:AUE_ssauthorize:SecSrvr AuthEngine:aa
+45026:AUE_ssauthint:SecSrvr authinternal mech:aa
45027:AUE_calife:Calife:ad
-45028:AUE_sudo:sudo(1):ad
+45028:AUE_sudo:sudo(1):aa
45029:AUE_audit_recovery:audit crash recovery:ad
+45030:AUE_ssauthmech:SecSrvr AuthMechanism:aa
==== //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 (text+ko) ====
@@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#8 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 $
*/
#ifndef _BSM_AUDIT_H
@@ -313,10 +313,10 @@
int getaudit_addr(struct auditinfo_addr *, int);
int setaudit_addr(const struct auditinfo_addr *, int);
-#ifdef __APPLE_API_PRIVATE
+#ifdef __APPLE_API_PRIVATE
#include <mach/port.h>
-mach_port_name_t audit_session_self(void);
-au_asid_t audit_sesison_join(mach_port_name_t port);
+mach_port_name_t audit_session_self(void);
+au_asid_t audit_session_join(mach_port_name_t port);
#endif /* __APPLE_API_PRIVATE */
#endif /* defined(_KERNEL) || defined(KERNEL) */
More information about the p4-projects
mailing list