PERFORCE change 160640 for review

Stacey Son sson at FreeBSD.org
Tue Apr 14 13:29:23 PDT 2009 

http://perforce.freebsd.org/chv.cgi?CH=160640

Change 160640 by sson at sson_amd64 on 2009/04/14 20:29:05

	Adding AUE_ssauthmech event, the "aa" class, and changing
	flags to audit the aa event class by default.
	
	Sync sys/bsm/audit.h with darwin kernel version.
	
	Credit: Gary Hoo

Affected files ...

.. //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#11 edit
.. //depot/projects/trustedbsd/openbsm/etc/audit_class#6 edit
.. //depot/projects/trustedbsd/openbsm/etc/audit_control#8 edit
.. //depot/projects/trustedbsd/openbsm/etc/audit_event#39 edit
.. //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#11 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#10 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#11 $
  */
 
 #ifndef _BSM_AUDIT_UEVENTS_H_
@@ -138,5 +138,6 @@
 #define	AUE_calife		45027		/* OpenBSM-allocated. */
 #define	AUE_sudo		45028		/* OpenBSM-allocated. */
 #define	AUE_audit_recovery	45029		/* OpenBSM-allocated. */
+#define	AUE_ssauthmech		45030		/* Darwin-specific. */
 
 #endif /* !_BSM_AUDIT_UEVENTS_H_ */

==== //depot/projects/trustedbsd/openbsm/etc/audit_class#6 (text+ko) ====

@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#5 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#6 $
 #
 0x00000000:no:invalid class
 0x00000001:fr:file read
@@ -15,6 +15,7 @@
 0x00000400:na:non attributable
 0x00000800:ad:administrative
 0x00001000:lo:login_logout
+0x00002000:aa:authentication and authorization
 0x00004000:ap:application
 0x20000000:io:ioctl
 0x40000000:ex:exec

==== //depot/projects/trustedbsd/openbsm/etc/audit_control#8 (text+ko) ====

@@ -1,10 +1,10 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#7 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#8 $
 #
 dir:/var/audit
-flags:lo
+flags:lo,aa
 minfree:5
-naflags:lo
+naflags:lo,aa
 policy:cnt,argv
 filesz:2M
 expire-after:10M

==== //depot/projects/trustedbsd/openbsm/etc/audit_event#39 (text+ko) ====

@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#38 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#39 $
 #
 # The mapping between event identifiers and values is also hard-coded in
 # audit_kevents.h and audit_uevents.h, so changes must occur in both places,
@@ -628,10 +628,10 @@
 6521:AUE_DARWIN_revoke_obj:revoke object priv:fm
 6600:AUE_DARWIN_lw_login:loginwindow login:lo
 6601:AUE_DARWIN_lw_logout:loginwindow logout:lo
-7000:AUE_DARWIN_auth_user:user authentication:ad
-7001:AUE_DARWIN_ssconn:SecSrvr connection setup:ad
-7002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:ad
-7003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:ad
+7000:AUE_DARWIN_auth_user:user authentication:aa
+7001:AUE_DARWIN_ssconn:SecSrvr connection setup:aa
+7002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:aa
+7003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:aa
 #
 # Historic/third-party application allocations of event identifiers.
 #
@@ -650,10 +650,11 @@
 45020:AUE_revoke_obj:revoke object priv:fm
 45021:AUE_lw_login:loginwindow login:lo
 45022:AUE_lw_logout:loginwindow logout:lo
-45023:AUE_auth_user:user authentication:ad
-45024:AUE_ssconn:SecSrvr connection setup:ad
-45025:AUE_ssauthorize:SecSrvr AuthEngine:ad
-45026:AUE_ssauthint:SecSrvr authinternal mech:ad
+45023:AUE_auth_user:user authentication:aa
+45024:AUE_ssconn:SecSrvr connection setup:aa
+45025:AUE_ssauthorize:SecSrvr AuthEngine:aa
+45026:AUE_ssauthint:SecSrvr authinternal mech:aa
 45027:AUE_calife:Calife:ad
-45028:AUE_sudo:sudo(1):ad
+45028:AUE_sudo:sudo(1):aa
 45029:AUE_audit_recovery:audit crash recovery:ad
+45030:AUE_ssauthmech:SecSrvr AuthMechanism:aa

==== //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 (text+ko) ====

@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#8 $
+ * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 $
  */
 
 #ifndef	_BSM_AUDIT_H
@@ -313,10 +313,10 @@
 int	getaudit_addr(struct auditinfo_addr *, int);
 int	setaudit_addr(const struct auditinfo_addr *, int);
 
-#ifdef	__APPLE_API_PRIVATE
+#ifdef __APPLE_API_PRIVATE
 #include <mach/port.h>
-mach_port_name_t	audit_session_self(void);
-au_asid_t		audit_sesison_join(mach_port_name_t port);
+mach_port_name_t audit_session_self(void);
+au_asid_t	 audit_session_join(mach_port_name_t port);
 #endif /* __APPLE_API_PRIVATE */
 
 #endif /* defined(_KERNEL) || defined(KERNEL) */

More information about the p4-projects mailing list