PERFORCE change 103251 for review
Robert Watson
rwatson at FreeBSD.org
Sat Aug 5 15:09:34 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=103251
Change 103251 by rwatson at rwatson_zoo on 2006/08/05 15:09:00
Merge additional OpenBSM 1.0a8 to audit3 branch: new token version,
audit event ID assignments.
Affected files ...
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#8 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#11 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#23 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#13 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#14 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#19 integrate
Differences ...
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#8 (text+ko) ====
@@ -5,6 +5,11 @@
- Arguments to au_to_exec_args() and au_to_exec_env() no longer const.
- Add kernel versions of au_to_exec_args() and au_to_exec_env().
- Fix exec argument type that is printed for env strings from 'arg' to 'env'.
+- New OpenBSM token version number assigned, constants added for other
+ commonly seen version numbers.
+- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future
+ collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they
+ are now deprecated numberings.
OpenBSM 1.0 alpha 7
@@ -183,4 +188,4 @@
to support reloading of kernel event table.
- Allow comments in /etc/security configuration files.
-$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#7 $
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#8 $
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#11 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#10 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#11 $
*/
#include <sys/types.h>
@@ -88,7 +88,7 @@
* Free our local list of directory names.
*/
static void
-free_dir_q()
+free_dir_q(void)
{
struct dir_ent *dirent;
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#23 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#22 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#23 $
*/
#ifndef _BSM_AUDIT_KEVENTS_H_
@@ -273,134 +273,200 @@
#define AUE_NTP_ADJTIME 288
/*
- * Events not present in OpenSolaris BSM, generally derived from Apple Darwin
- * BSM or added in OpenBSM. This start a little too close to the top end of
- * the OpenSolaris event list for my comfort.
+ * Events added for Apple Darwin that potentially collide with future Solaris
+ * BSM events. These are assigned AUE_DARWIN prefixes, and are deprecated in
+ * new trails. Systems generating these events should switch to the new
+ * identifiers that avoid colliding with the Solaris identifier space.
*/
-#define AUE_GETFSSTAT 301
-#define AUE_PTRACE 302
-#define AUE_CHFLAGS 303
-#define AUE_FCHFLAGS 304
-#define AUE_PROFILE 305
-#define AUE_KTRACE 306
-#define AUE_SETLOGIN 307
+#define AUE_DARWIN_GETFSSTAT 301
+#define AUE_DARWIN_PTRACE 302
+#define AUE_DARWIN_CHFLAGS 303
+#define AUE_DARWIN_FCHFLAGS 304
+#define AUE_DARWIN_PROFILE 305
+#define AUE_DARWIN_KTRACE 306
+#define AUE_DARWIN_SETLOGIN 307
#define AUE_DARWIN_REBOOT 308 /* XXX: See AUE_REBOOT. */
-#define AUE_REVOKE 309
-#define AUE_UMASK 310
-#define AUE_MPROTECT 311
+#define AUE_DARWIN_REVOKE 309
+#define AUE_DARWIN_UMASK 310
+#define AUE_DARWIN_MPROTECT 311
#define AUE_DARWIN_SETPRIORITY 312 /* XXX: See AUE_SETPRIORITY. */
#define AUE_DARWIN_SETTIMEOFDAY 313 /* XXX: See AUE_SETTIMEOFDAY. */
#define AUE_DARWIN_FLOCK 314 /* XXX: See AUE_FLOCK. */
-#define AUE_MKFIFO 315
-#define AUE_POLL 316
+#define AUE_DARWIN_MKFIFO 315
+#define AUE_DARWIN_POLL 316
#define AUE_DARWIN_SOCKETPAIR 317 /* XXXRW: See AUE_SOCKETPAIR. */
-#define AUE_FUTIMES 318
-#define AUE_SETSID 319
-#define AUE_SETPRIVEXEC 320 /* Darwin-specific. */
+#define AUE_DARWIN_FUTIMES 318
+#define AUE_DARWIN_SETSID 319
+#define AUE_DARWIN_SETPRIVEXEC 320 /* Darwin-specific. */
#define AUE_DARWIN_NFSSVC 321 /* XXX: See AUE_NFS_SVC. */
#define AUE_DARWIN_GETFH 322 /* XXX: See AUE_NFS_GETFH. */
#define AUE_DARWIN_QUOTACTL 323 /* XXX: See AUE_QUOTACTL. */
-#define AUE_ADDPROFILE 324 /* Darwin-specific. */
-#define AUE_KDEBUGTRACE 325 /* Darwin-specific. */
-#define AUE_KDBUGTRACE AUE_KDEBUGTRACE
-#define AUE_FSTAT 326
-#define AUE_FPATHCONF 327
-#define AUE_GETDIRENTRIES 328
+#define AUE_DARWIN_ADDPROFILE 324 /* Darwin-specific. */
+#define AUE_DARWIN_KDEBUGTRACE 325 /* Darwin-specific. */
+#define AUE_DARWIN_KDBUGTRACE AUE_KDEBUGTRACE
+#define AUE_DARWIN_FSTAT 326
+#define AUE_DARWIN_FPATHCONF 327
+#define AUE_DARWIN_GETDIRENTRIES 328
#define AUE_DARWIN_TRUNCATE 329 /* XXX: See AUE_TRUNCATE. */
#define AUE_DARWIN_FTRUNCATE 330 /* XXX: See AUE_FTRUNCATE. */
-#define AUE_SYSCTL 331
-#define AUE_MLOCK 332
-#define AUE_MUNLOCK 333
-#define AUE_UNDELETE 334
-#define AUE_GETATTRLIST 335 /* Darwin-specific. */
-#define AUE_SETATTRLIST 336 /* Darwin-specific. */
-#define AUE_GETDIRENTRIESATTR 337 /* Darwin-specific. */
-#define AUE_EXCHANGEDATA 338 /* Darwin-specific. */
-#define AUE_SEARCHFS 339 /* Darwin-specific. */
-#define AUE_MINHERIT 340
-#define AUE_SEMCONFIG 341
-#define AUE_SEMOPEN 342
-#define AUE_SEMCLOSE 343
-#define AUE_SEMUNLINK 344
-#define AUE_SHMOPEN 345
-#define AUE_SHMUNLINK 346
-#define AUE_LOADSHFILE 347 /* Darwin-specific. */
-#define AUE_RESETSHFILE 348 /* Darwin-specific. */
-#define AUE_NEWSYSTEMSHREG 349 /* Darwin-specific. */
-#define AUE_PTHREADKILL 350 /* Darwin-specific. */
-#define AUE_PTHREADSIGMASK 351 /* Darwin-specific. */
-#define AUE_AUDITCTL 352
-#define AUE_RFORK 353
-#define AUE_LCHMOD 354
-#define AUE_SWAPOFF 355
-#define AUE_INITPROCESS 356 /* Darwin-specific. */
-#define AUE_MAPFD 357 /* Darwin-specific. */
-#define AUE_TASKFORPID 358 /* Darwin-specific. */
-#define AUE_PIDFORTASK 359 /* Darwin-specific. */
-#define AUE_SYSCTL_NONADMIN 360
-#define AUE_COPYFILE 361 /* Darwin-specific. */
-#define AUE_LUTIMES 362
-#define AUE_LCHFLAGS 363 /* FreeBSD-specific. */
-#define AUE_SENDFILE 364 /* BSD/Linux-specific. */
-#define AUE_USELIB 365 /* Linux-specific. */
-#define AUE_GETRESUID 366
-#define AUE_SETRESUID 367
-#define AUE_GETRESGID 368
-#define AUE_SETRESGID 369
-#define AUE_WAIT4 370 /* FreeBSD-specific. */
-#define AUE_LGETFH 371 /* FreeBSD-specific. */
-#define AUE_FHSTATFS 372 /* FreeBSD-specific. */
-#define AUE_FHOPEN 373 /* FreeBSD-specific. */
-#define AUE_FHSTAT 374 /* FreeBSD-specific. */
-#define AUE_JAIL 375 /* FreeBSD-specific. */
-#define AUE_EACCESS 376 /* FreeBSD-specific. */
-#define AUE_KQUEUE 377 /* FreeBSD-specific. */
-#define AUE_KEVENT 378 /* FreeBSD-specific. */
-#define AUE_FSYNC 379
-#define AUE_NMOUNT 380 /* FreeBSD-specific. */
-#define AUE_BDFLUSH 381 /* Linux-specific. */
-#define AUE_SETFSUID 382 /* Linux-specific. */
-#define AUE_SETFSGID 383 /* Linux-specific. */
-#define AUE_PERSONALITY 384 /* Linux-specific. */
-#define AUE_SCHED_GETSCHEDULER 385 /* POSIX.1b. */
-#define AUE_SCHED_SETSCHEDULER 386 /* POSIX.1b. */
-#define AUE_PRCTL 387 /* Linux-specific. */
-#define AUE_GETCWD 388 /* FreeBSD/Linux-specific. */
-#define AUE_CAPGET 389 /* Linux-specific. */
-#define AUE_CAPSET 390 /* Linux-specific. */
-#define AUE_PIVOT_ROOT 391 /* Linux-specific. */
-#define AUE_RTPRIO 392 /* FreeBSD-specific. */
-#define AUE_SCHED_GETPARAM 393 /* POSIX.1b. */
-#define AUE_SCHED_SETPARAM 394 /* POSIX.1b. */
-#define AUE_SCHED_GET_PRIORITY_MAX 395 /* POSIX.1b. */
-#define AUE_SCHED_GET_PRIORITY_MIN 396 /* POSIX.1b. */
-#define AUE_SCHED_RR_GET_INTERVAL 397 /* POSIX.1b. */
-#define AUE_ACL_GET_FILE 398 /* FreeBSD. */
-#define AUE_ACL_SET_FILE 399 /* FreeBSD. */
-#define AUE_ACL_GET_FD 400 /* FreeBSD. */
-#define AUE_ACL_SET_FD 401 /* FreeBSD. */
-#define AUE_ACL_DELETE_FILE 402 /* FreeBSD. */
-#define AUE_ACL_DELETE_FD 403 /* FreeBSD. */
-#define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */
-#define AUE_ACL_CHECK_FD 405 /* FreeBSD. */
-#define AUE_ACL_GET_LINK 406 /* FreeBSD. */
-#define AUE_ACL_SET_LINK 407 /* FreeBSD. */
-#define AUE_ACL_DELETE_LINK 408 /* FreeBSD. */
-#define AUE_ACL_CHECK_LINK 409 /* FreeBSD. */
-#define AUE_SYSARCH 410 /* FreeBSD. */
-#define AUE_EXTATTRCTL 411 /* FreeBSD. */
-#define AUE_EXTATTR_GET_FILE 412 /* FreeBSD. */
-#define AUE_EXTATTR_SET_FILE 413 /* FreeBSD. */
-#define AUE_EXTATTR_LIST_FILE 414 /* FreeBSD. */
-#define AUE_EXTATTR_DELETE_FILE 415 /* FreeBSD. */
-#define AUE_EXTATTR_GET_FD 416 /* FreeBSD. */
-#define AUE_EXTATTR_SET_FD 417 /* FreeBSD. */
-#define AUE_EXTATTR_LIST_FD 418 /* FreeBSD. */
-#define AUE_EXTATTR_DELETE_FD 419 /* FreeBSD. */
-#define AUE_EXTATTR_GET_LINK 420 /* FreeBSD. */
-#define AUE_EXTATTR_SET_LINK 421 /* FreeBSD. */
-#define AUE_EXTATTR_LIST_LINK 422 /* FreeBSD. */
-#define AUE_EXTATTR_DELETE_LINK 423 /* FreeBSD. */
+#define AUE_DARWIN_SYSCTL 331
+#define AUE_DARWIN_MLOCK 332
+#define AUE_DARWIN_MUNLOCK 333
+#define AUE_DARWIN_UNDELETE 334
+#define AUE_DARWIN_GETATTRLIST 335 /* Darwin-specific. */
+#define AUE_DARWIN_SETATTRLIST 336 /* Darwin-specific. */
+#define AUE_DARWIN_GETDIRENTRIESATTR 337 /* Darwin-specific. */
+#define AUE_DARWIN_EXCHANGEDATA 338 /* Darwin-specific. */
+#define AUE_DARWIN_SEARCHFS 339 /* Darwin-specific. */
+#define AUE_DARWIN_MINHERIT 340
+#define AUE_DARWIN_SEMCONFIG 341
+#define AUE_DARWIN_SEMOPEN 342
+#define AUE_DARWIN_SEMCLOSE 343
+#define AUE_DARWIN_SEMUNLINK 344
+#define AUE_DARWIN_SHMOPEN 345
+#define AUE_DARWIN_SHMUNLINK 346
+#define AUE_DARWIN_LOADSHFILE 347 /* Darwin-specific. */
+#define AUE_DARWIN_RESETSHFILE 348 /* Darwin-specific. */
+#define AUE_DARWIN_NEWSYSTEMSHREG 349 /* Darwin-specific. */
+#define AUE_DARWIN_PTHREADKILL 350 /* Darwin-specific. */
+#define AUE_DARWIN_PTHREADSIGMASK 351 /* Darwin-specific. */
+#define AUE_DARWIN_AUDITCTL 352
+#define AUE_DARWIN_RFORK 353
+#define AUE_DARWIN_LCHMOD 354
+#define AUE_DARWIN_SWAPOFF 355
+#define AUE_DARWIN_INITPROCESS 356 /* Darwin-specific. */
+#define AUE_DARWIN_MAPFD 357 /* Darwin-specific. */
+#define AUE_DARWIN_TASKFORPID 358 /* Darwin-specific. */
+#define AUE_DARWIN_PIDFORTASK 359 /* Darwin-specific. */
+#define AUE_DARWIN_SYSCTL_NONADMIN 360
+#define AUE_DARWIN_COPYFILE 361 /* Darwin-specific. */
+
+/*
+ * Audit event identifiers added as part of OpenBSM, generally corresponding
+ * to events in FreeBSD, Darwin, and Linux that were not present in Solaris.
+ * These often duplicate events added to the Solaris set by Darwin, but use
+ * event identifiers in a higher range in order to avoid colliding with
+ * future Solaris additions.
+ */
+#define AUE_GETFSSTAT 43001
+#define AUE_PTRACE 43002
+#define AUE_CHFLAGS 43003
+#define AUE_FCHFLAGS 43004
+#define AUE_PROFILE 43005
+#define AUE_KTRACE 43006
+#define AUE_SETLOGIN 43007
+#define AUE_REVOKE 43008
+#define AUE_UMASK 43009
+#define AUE_MPROTECT 43010
+#define AUE_MKFIFO 43011
+#define AUE_POLL 43012
+#define AUE_FUTIMES 43013
+#define AUE_SETSID 43014
+#define AUE_SETPRIVEXEC 43015 /* Darwin-specific. */
+#define AUE_ADDPROFILE 43016 /* Darwin-specific. */
+#define AUE_KDEBUGTRACE 43017 /* Darwin-specific. */
+#define AUE_KDBUGTRACE AUE_KDEBUGTRACE
+#define AUE_FSTAT 43018
+#define AUE_FPATHCONF 43019
+#define AUE_GETDIRENTRIES 43020
+#define AUE_SYSCTL 43021
+#define AUE_MLOCK 43022
+#define AUE_MUNLOCK 43023
+#define AUE_UNDELETE 43024
+#define AUE_GETATTRLIST 43025 /* Darwin-specific. */
+#define AUE_SETATTRLIST 43026 /* Darwin-specific. */
+#define AUE_GETDIRENTRIESATTR 43027 /* Darwin-specific. */
+#define AUE_EXCHANGEDATA 43028 /* Darwin-specific. */
+#define AUE_SEARCHFS 43029 /* Darwin-specific. */
+#define AUE_MINHERIT 43030
+#define AUE_SEMCONFIG 43031
+#define AUE_SEMOPEN 43032
+#define AUE_SEMCLOSE 43033
+#define AUE_SEMUNLINK 43034
+#define AUE_SHMOPEN 43035
+#define AUE_SHMUNLINK 43036
+#define AUE_LOADSHFILE 43037 /* Darwin-specific. */
+#define AUE_RESETSHFILE 43038 /* Darwin-specific. */
+#define AUE_NEWSYSTEMSHREG 43039 /* Darwin-specific. */
+#define AUE_PTHREADKILL 43040 /* Darwin-specific. */
+#define AUE_PTHREADSIGMASK 43041 /* Darwin-specific. */
+#define AUE_AUDITCTL 43042
+#define AUE_RFORK 43043
+#define AUE_LCHMOD 43044
+#define AUE_SWAPOFF 43045
+#define AUE_INITPROCESS 43046 /* Darwin-specific. */
+#define AUE_MAPFD 43047 /* Darwin-specific. */
+#define AUE_TASKFORPID 43048 /* Darwin-specific. */
+#define AUE_PIDFORTASK 43049 /* Darwin-specific. */
+#define AUE_SYSCTL_NONADMIN 43050
+#define AUE_COPYFILE 43051 /* Darwin-specific. */
+
+/*
+ * Events added to OpenBSM for FreeBSD and Linux; may also be used by Darwin
+ * in the future.
+ */
+#define AUE_LUTIMES 43052
+#define AUE_LCHFLAGS 43053 /* FreeBSD-specific. */
+#define AUE_SENDFILE 43054 /* BSD/Linux-specific. */
+#define AUE_USELIB 43055 /* Linux-specific. */
+#define AUE_GETRESUID 43056
+#define AUE_SETRESUID 43057
+#define AUE_GETRESGID 43058
+#define AUE_SETRESGID 43059
+#define AUE_WAIT4 43060 /* FreeBSD-specific. */
+#define AUE_LGETFH 43061 /* FreeBSD-specific. */
+#define AUE_FHSTATFS 43062 /* FreeBSD-specific. */
+#define AUE_FHOPEN 43063 /* FreeBSD-specific. */
+#define AUE_FHSTAT 43064 /* FreeBSD-specific. */
+#define AUE_JAIL 43065 /* FreeBSD-specific. */
+#define AUE_EACCESS 43066 /* FreeBSD-specific. */
+#define AUE_KQUEUE 43067 /* FreeBSD-specific. */
+#define AUE_KEVENT 43068 /* FreeBSD-specific. */
+#define AUE_FSYNC 43069
+#define AUE_NMOUNT 43070 /* FreeBSD-specific. */
+#define AUE_BDFLUSH 43071 /* Linux-specific. */
+#define AUE_SETFSUID 43072 /* Linux-specific. */
+#define AUE_SETFSGID 43073 /* Linux-specific. */
+#define AUE_PERSONALITY 43074 /* Linux-specific. */
+#define AUE_SCHED_GETSCHEDULER 43075 /* POSIX.1b. */
+#define AUE_SCHED_SETSCHEDULER 43076 /* POSIX.1b. */
+#define AUE_PRCTL 43077 /* Linux-specific. */
+#define AUE_GETCWD 43078 /* FreeBSD/Linux-specific. */
+#define AUE_CAPGET 43079 /* Linux-specific. */
+#define AUE_CAPSET 43080 /* Linux-specific. */
+#define AUE_PIVOT_ROOT 43081 /* Linux-specific. */
+#define AUE_RTPRIO 43082 /* FreeBSD-specific. */
+#define AUE_SCHED_GETPARAM 43083 /* POSIX.1b. */
+#define AUE_SCHED_SETPARAM 43084 /* POSIX.1b. */
+#define AUE_SCHED_GET_PRIORITY_MAX 43085 /* POSIX.1b. */
+#define AUE_SCHED_GET_PRIORITY_MIN 43086 /* POSIX.1b. */
+#define AUE_SCHED_RR_GET_INTERVAL 43087 /* POSIX.1b. */
+#define AUE_ACL_GET_FILE 43088 /* FreeBSD. */
+#define AUE_ACL_SET_FILE 43089 /* FreeBSD. */
+#define AUE_ACL_GET_FD 43090 /* FreeBSD. */
+#define AUE_ACL_SET_FD 43091 /* FreeBSD. */
+#define AUE_ACL_DELETE_FILE 43092 /* FreeBSD. */
+#define AUE_ACL_DELETE_FD 43093 /* FreeBSD. */
+#define AUE_ACL_CHECK_FILE 43094 /* FreeBSD. */
+#define AUE_ACL_CHECK_FD 43095 /* FreeBSD. */
+#define AUE_ACL_GET_LINK 43096 /* FreeBSD. */
+#define AUE_ACL_SET_LINK 43097 /* FreeBSD. */
+#define AUE_ACL_DELETE_LINK 43098 /* FreeBSD. */
+#define AUE_ACL_CHECK_LINK 43099 /* FreeBSD. */
+#define AUE_SYSARCH 43100 /* FreeBSD. */
+#define AUE_EXTATTRCTL 43101 /* FreeBSD. */
+#define AUE_EXTATTR_GET_FILE 43102 /* FreeBSD. */
+#define AUE_EXTATTR_SET_FILE 43103 /* FreeBSD. */
+#define AUE_EXTATTR_LIST_FILE 43104 /* FreeBSD. */
+#define AUE_EXTATTR_DELETE_FILE 43105 /* FreeBSD. */
+#define AUE_EXTATTR_GET_FD 43106 /* FreeBSD. */
+#define AUE_EXTATTR_SET_FD 43107 /* FreeBSD. */
+#define AUE_EXTATTR_LIST_FD 43108 /* FreeBSD. */
+#define AUE_EXTATTR_DELETE_FD 43109 /* FreeBSD. */
+#define AUE_EXTATTR_GET_LINK 43110 /* FreeBSD. */
+#define AUE_EXTATTR_SET_LINK 43111 /* FreeBSD. */
+#define AUE_EXTATTR_LIST_LINK 43112 /* FreeBSD. */
+#define AUE_EXTATTR_DELETE_LINK 43111 /* FreeBSD. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#13 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#12 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#13 $
*/
#ifndef _BSM_AUDIT_RECORD_H_
@@ -199,9 +199,19 @@
#define PAD_NOTATTR 0x4000 /* nonattributable event */
#define PAD_FAILURE 0x8000 /* fail audit event */
+#define BSM_MAX_GROUPS 16
-#define BSM_MAX_GROUPS 16
-#define HEADER_VERSION 1
+/*
+ * A number of BSM versions are floating around and defined. Here are
+ * constants for them. OpenBSM uses the same token types, etc, used in the
+ * Solaris BSM version, but has a separate version number in order to
+ * identify a potentially different event identifier name space.
+ */
+#define BSM_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */
+#define BSM_HEADER_VERSION_SOLARIS 2
+#define BSM_HEADER_VERSION_TSOL25 3
+#define BSM_HEADER_VERSION_TSOL 4
+#define BSM_HEADER_VERSION_OPENBSM 10
/*
* BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#14 (text+ko) ====
@@ -1,5 +1,5 @@
#
-# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#13 $
+# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#14 $
# $FreeBSD: src/contrib/openbsm/etc/audit_event,v 1.3 2006/06/27 18:09:54 rwatson Exp $
#
0:AUE_NULL:indir system call:no
@@ -235,129 +235,190 @@
267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad
268:AUE_CLOCK_SETTIME:clock_settime(2):ad
269:AUE_NTP_ADJTIME:ntp_adjtime(2):ad
-301:AUE_GETFSSTAT:getfsstat(2):fa
-302:AUE_PTRACE:ptrace(2):pc
-303:AUE_CHFLAGS:chflags(2):fm
-304:AUE_FCHFLAGS:fchflags(2):fm
-305:AUE_PROFILE:profil(2):pc
-306:AUE_KTRACE:ktrace(2):pc
-307:AUE_SETLOGIN:setlogin(2):pc
+#
+# What follows are deprecated Darwin event numbers that may someday conflict
+# with Solaris events.
+#
+301:AUE_DARWIN_GETFSSTAT:getfsstat(2):fa
+302:AUE_DARWIN_PTRACE:ptrace(2):pc
+303:AUE_DARWIN_CHFLAGS:chflags(2):fm
+304:AUE_DARWIN_FCHFLAGS:fchflags(2):fm
+305:AUE_DARWIN_PROFILE:profil(2):pc
+306:AUE_DARWIN_KTRACE:ktrace(2):pc
+307:AUE_DARWIN_SETLOGIN:setlogin(2):pc
308:AUE_DARWIN_REBOOT:reboot(2):ad
-309:AUE_REVOKE:revoke(2):cl
-310:AUE_UMASK:umask(2):pc
-311:AUE_MPROTECT:mprotect(2):fm
+309:AUE_DARWIN_REVOKE:revoke(2):cl
+310:AUE_DARWIN_UMASK:umask(2):pc
+311:AUE_DARWIN_MPROTECT:mprotect(2):fm
312:AUE_DARWIN_SETPRIORITY:setpriority(2):pc,ot
313:AUE_DARWIN_SETTIMEOFDAY:settimeofday(2):ad
314:AUE_DARWIN_FLOCK:flock(2):fm
-315:AUE_MKFIFO:mkfifo(2):fc
-316:AUE_POLL:poll(2):no
+315:AUE_DARWIN_MKFIFO:mkfifo(2):fc
+316:AUE_DARWIN_POLL:poll(2):no
317:AUE_DARWIN_SOCKETPAIR:socketpair(2):nt
-318:AUE_FUTIMES:futimes(2):fm
-319:AUE_SETSID:setsid(2):pc
-320:AUE_SETPRIVEXEC:setprivexec(2):pc
+318:AUE_DARWIN_FUTIMES:futimes(2):fm
+319:AUE_DARWIN_SETSID:setsid(2):pc
+320:AUE_DARWIN_SETPRIVEXEC:setprivexec(2):pc
321:AUE_DARWIN_NFSSVC:nfssvc(2):ad
322:AUE_DARWIN_GETFH:getfh(2):fa
323:AUE_DARWIN_QUOTACTL:quotactl(2):ad
-324:AUE_ADDPROFILE:system call:pc
-325:AUE_KDEBUGTRACE:system call:pc
-326:AUE_FSTAT:fstat(2):fa
-327:AUE_FPATHCONF:fpathconf(2):fa
-328:AUE_GETDIRENTRIES:getdirentries(2):fr
+324:AUE_DARWIN_ADDPROFILE:system call:pc
+325:AUE_DARWIN_KDEBUGTRACE:system call:pc
+326:AUE_DARWIN_FSTAT:fstat(2):fa
+327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa
+328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr
329:AUE_DARWIN_TRUNCATE:truncate(2):fw
330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw
-331:AUE_SYSCTL:sysctl(3):ad
-332:AUE_MLOCK:mlock(2):pc
-333:AUE_MUNLOCK:munlock(2):pc
-334:AUE_UNDELETE:undelete(2):fm
-335:AUE_GETATTRLIST:getattrlist():fa
-336:AUE_SETATTRLIST:setattrlist():fm
-337:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa
-338:AUE_EXCHANGEDATA:exchangedata():fw
-339:AUE_SEARCHFS:searchfs():fa
-340:AUE_MINHERIT:minherit(2):pc
-341:AUE_SEMCONFIG:semconfig():ip
-342:AUE_SEMOPEN:sem_open(2):ip
-343:AUE_SEMCLOSE:sem_close(2):ip
-344:AUE_SEMUNLINK:sem_unlink(2):ip
-345:AUE_SHMOPEN:shm_open(2):ip
-346:AUE_SHMUNLINK:shm_unlink(2):ip
-347:AUE_LOADSHFILE:load_shared_file():fr
-348:AUE_RESETSHFILE:reset_shared_file():ot
-349:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot
-350:AUE_PTHREADKILL:pthread_kill(2):pc
-351:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc
-352:AUE_AUDITCTL:auditctl(2):ad
-353:AUE_RFORK:rfork(2):pc
-354:AUE_LCHMOD:lchmod(2):fm
-355:AUE_SWAPOFF:swapoff():ad
-356:AUE_INITPROCESS:init_process():pc
-357:AUE_MAPFD:map_fd():fa
-358:AUE_TASKFORPID:task_for_pid():pc
-359:AUE_PIDFORTASK:pid_for_task():pc
-360:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot
-361:AUE_COPYFILE:copyfile():fr,fw
-362:AUE_LUTIMES:lutimes(2):fm
-363:AUE_LCHFLAGS:lchflags(2):fm
-364:AUE_SENDFILE:sendfile(2):nt
-365:AUE_USELIB:uselib(2):fa
-366:AUE_GETRESUID:getresuid(2):pc
-367:AUE_SETRESUID:setresuid(2):pc
-368:AUE_GETRESGID:getresgid(2):pc
-369:AUE_SETRESGID:setresgid(2):pc
-370:AUE_WAIT4:wait4(2):pc
-371:AUE_LGETFH:lgetfh(2):fa
-372:AUE_FHSTATFS:fhstatfs(2):fa
-373:AUE_FHOPEN:fhopen(2):fa
-374:AUE_FHSTAT:fhstat(2):fa
-375:AUE_JAIL:jail(2):pc
-376:AUE_EACCESS:eaccess(2):fa
-377:AUE_KQUEUE:kqueue(2):no
-378:AUE_KEVENT:kevent(2):no
-379:AUE_FSYNC:fsync(2):fm
-380:AUE_NMOUNT:nmount(2):ad
-381:AUE_BDFLUSH:bdflush(2):ad
-382:AUE_SETFSUID:setfsuid(2):ot
-383:AUE_SETFSGID:setfsgid(2):ot
-384:AUE_PERSONALITY:personality(2):pc
-385:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
-386:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
-387:AUE_PRCTL:prctl(2):pc
-388:AUE_GETCWD:getcwd(2):pc
-389:AUE_CAPGET:capget(2):pc
-390:AUE_CAPSET:capset(2):pc
-391:AUE_PIVOT_ROOT:pivot_root(2):pc
-392:AUE_RTPRIO::rtprio(2):pc
-393:AUE_SCHED_GETPARAM:sched_getparam(2):ad
-394:AUE_SCHED_SETPARAM:sched_setparam(2):ad
-395:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
-396:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
-397:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
-398:AUE_ACL_GET_FILE:acl_get_file(2):fa
-399:AUE_ACL_SET_FILE:acl_set_file(2):fm
-400:AUE_ACL_GET_FD:acl_get_fd(2):fa
-401:AUE_ACL_SET_FD:acl_set_fd(2):fm
-402:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
-403:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
-404:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
-405:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
-406:AUE_ACL_GET_LINK:acl_get_link(2):fa
-407:AUE_ACL_SET_LINK:acl_set_link(2):fm
-408:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
-409:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
-410:AUE_SYSARCH:sysarch(2):na
-411:AUE_EXTATTRCTL:extattrctl(2):fm
-412:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
-413:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
-414:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
-415:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
-416:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
-417:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
-418:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
-419:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
-420:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
-421:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
-422:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
-423:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
+331:AUE_DARWIN_SYSCTL:sysctl(3):ad
+332:AUE_DARWIN_MLOCK:mlock(2):pc
+333:AUE_DARWIN_MUNLOCK:munlock(2):pc
+334:AUE_DARWIN_UNDELETE:undelete(2):fm
+335:AUE_DARWIN_GETATTRLIST:getattrlist():fa
+336:AUE_DARWIN_SETATTRLIST:setattrlist():fm
+337:AUE_DARWIN_GETDIRENTRIESATTR:getdirentriesattr():fa
+338:AUE_DARWIN_EXCHANGEDATA:exchangedata():fw
+339:AUE_DARWIN_SEARCHFS:searchfs():fa
+340:AUE_DARWIN_MINHERIT:minherit(2):pc
+341:AUE_DARWIN_SEMCONFIG:semconfig():ip
+342:AUE_DARWIN_SEMOPEN:sem_open(2):ip
+343:AUE_DARWIN_SEMCLOSE:sem_close(2):ip
+344:AUE_DARWIN_SEMUNLINK:sem_unlink(2):ip
+345:AUE_DARWIN_SHMOPEN:shm_open(2):ip
+346:AUE_DARWIN_SHMUNLINK:shm_unlink(2):ip
+347:AUE_DARWIN_LOADSHFILE:load_shared_file():fr
+348:AUE_DARWIN_RESETSHFILE:reset_shared_file():ot
+349:AUE_DARWIN_NEWSYSTEMSHREG:new_system_share_regions():ot
+350:AUE_DARWIN_PTHREADKILL:pthread_kill(2):pc
+351:AUE_DARWIN_PTHREADSIGMASK:pthread_sigmask(2):pc
+352:AUE_DARWIN_AUDITCTL:auditctl(2):ad
+353:AUE_DARWIN_RFORK:rfork(2):pc
+354:AUE_DARWIN_LCHMOD:lchmod(2):fm
+355:AUE_DARWIN_SWAPOFF:swapoff():ad
+356:AUE_DARWIN_INITPROCESS:init_process():pc
+357:AUE_DARWIN_MAPFD:map_fd():fa
+358:AUE_DARWIN_TASKFORPID:task_for_pid():pc
+359:AUE_DARWIN_PIDFORTASK:pid_for_task():pc
+360:AUE_DARWIN_SYSCTL_NONADMIN:sysctl() - non-admin:ot
+361:AUE_DARWIN_COPYFILE:copyfile():fr,fw
+#
+# OpenBSM-specific kernel events.
+#
+43001:AUE_GETFSSTAT:getfsstat(2):fa
+43002:AUE_PTRACE:ptrace(2):pc
+43003:AUE_CHFLAGS:chflags(2):fm
+43004:AUE_FCHFLAGS:fchflags(2):fm
+43005:AUE_PROFILE:profil(2):pc
+43006:AUE_KTRACE:ktrace(2):pc
+43007:AUE_SETLOGIN:setlogin(2):pc
+43008:AUE_REVOKE:revoke(2):cl
+43009:AUE_UMASK:umask(2):pc
+43010:AUE_MPROTECT:mprotect(2):fm
+43011:AUE_MKFIFO:mkfifo(2):fc
+43012:AUE_POLL:poll(2):no
+43013:AUE_FUTIMES:futimes(2):fm
+43014:AUE_SETSID:setsid(2):pc
+43015:AUE_SETPRIVEXEC:setprivexec(2):pc
+43016:AUE_ADDPROFILE:system call:pc
+43017:AUE_KDEBUGTRACE:system call:pc
+43018:AUE_FSTAT:fstat(2):fa
+43019:AUE_FPATHCONF:fpathconf(2):fa
+43020:AUE_GETDIRENTRIES:getdirentries(2):fr
+43021:AUE_SYSCTL:sysctl(3):ad
+43022:AUE_MLOCK:mlock(2):pc
+43023:AUE_MUNLOCK:munlock(2):pc
+43024:AUE_UNDELETE:undelete(2):fm
+43025:AUE_GETATTRLIST:getattrlist():fa
+43026:AUE_SETATTRLIST:setattrlist():fm
+43027:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa
+43028:AUE_EXCHANGEDATA:exchangedata():fw
+43029:AUE_SEARCHFS:searchfs():fa
+43030:AUE_MINHERIT:minherit(2):pc
+43031:AUE_SEMCONFIG:semconfig():ip
+43032:AUE_SEMOPEN:sem_open(2):ip
+43033:AUE_SEMCLOSE:sem_close(2):ip
+43034:AUE_SEMUNLINK:sem_unlink(2):ip
+43035:AUE_SHMOPEN:shm_open(2):ip
+43036:AUE_SHMUNLINK:shm_unlink(2):ip
+43037:AUE_LOADSHFILE:load_shared_file():fr
+43038:AUE_RESETSHFILE:reset_shared_file():ot
+43039:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot
+43040:AUE_PTHREADKILL:pthread_kill(2):pc
+43041:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc
+43042:AUE_AUDITCTL:auditctl(2):ad
+43043:AUE_RFORK:rfork(2):pc
+43044:AUE_LCHMOD:lchmod(2):fm
+43045:AUE_SWAPOFF:swapoff():ad
+43046:AUE_INITPROCESS:init_process():pc
+43047:AUE_MAPFD:map_fd():fa
+43048:AUE_TASKFORPID:task_for_pid():pc
+43049:AUE_PIDFORTASK:pid_for_task():pc
+43050:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot
+43051:AUE_COPYFILE:copyfile():fr,fw
+43052:AUE_LUTIMES:lutimes(2):fm
+43053:AUE_LCHFLAGS:lchflags(2):fm
+43054:AUE_SENDFILE:sendfile(2):nt
+43055:AUE_USELIB:uselib(2):fa
+43056:AUE_GETRESUID:getresuid(2):pc
+43057:AUE_SETRESUID:setresuid(2):pc
+43058:AUE_GETRESGID:getresgid(2):pc
+43059:AUE_SETRESGID:setresgid(2):pc
+43060:AUE_WAIT4:wait4(2):pc
+43061:AUE_LGETFH:lgetfh(2):fa
+43062:AUE_FHSTATFS:fhstatfs(2):fa
+43063:AUE_FHOPEN:fhopen(2):fa
+43064:AUE_FHSTAT:fhstat(2):fa
+43065:AUE_JAIL:jail(2):pc
+43066:AUE_EACCESS:eaccess(2):fa
+43067:AUE_KQUEUE:kqueue(2):no
+43068:AUE_KEVENT:kevent(2):no
+43069:AUE_FSYNC:fsync(2):fm
+43070:AUE_NMOUNT:nmount(2):ad
+43071:AUE_BDFLUSH:bdflush(2):ad
+43072:AUE_SETFSUID:setfsuid(2):ot
+43073:AUE_SETFSGID:setfsgid(2):ot
+43074:AUE_PERSONALITY:personality(2):pc
+43075:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
+43076:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
+43077:AUE_PRCTL:prctl(2):pc
+43078:AUE_GETCWD:getcwd(2):pc
+43079:AUE_CAPGET:capget(2):pc
+43080:AUE_CAPSET:capset(2):pc
+43081:AUE_PIVOT_ROOT:pivot_root(2):pc
+43082:AUE_RTPRIO::rtprio(2):pc
+43083:AUE_SCHED_GETPARAM:sched_getparam(2):ad
+43084:AUE_SCHED_SETPARAM:sched_setparam(2):ad
+43085:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
+43086:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
+43087:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
+43088:AUE_ACL_GET_FILE:acl_get_file(2):fa
+43089:AUE_ACL_SET_FILE:acl_set_file(2):fm
+43090:AUE_ACL_GET_FD:acl_get_fd(2):fa
+43091:AUE_ACL_SET_FD:acl_set_fd(2):fm
+43092:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
+43093:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
+43094:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
+43095:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
+43096:AUE_ACL_GET_LINK:acl_get_link(2):fa
+43097:AUE_ACL_SET_LINK:acl_set_link(2):fm
+43098:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
+43099:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
+43100:AUE_SYSARCH:sysarch(2):na
+43101:AUE_EXTATTRCTL:extattrctl(2):fm
+43102:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
+43103:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
+43104:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
+43105:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
+43106:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
+43107:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
+43108:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
+43109:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
+43110:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
+43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
+43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
+43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
+#
+# User space system events.
+#
6152:AUE_login:login - local:lo
6153:AUE_logout:logout - local:lo
6159:AUE_su:su(1):lo
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#19 (text+ko) ====
@@ -30,7 +30,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#18 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#19 $
*/
#include <sys/types.h>
@@ -1155,7 +1155,7 @@
ADD_U_CHAR(dptr, AUT_HEADER32);
ADD_U_INT32(dptr, rec_size);
- ADD_U_CHAR(dptr, HEADER_VERSION);
+ ADD_U_CHAR(dptr, BSM_HEADER_VERSION_OPENBSM);
ADD_U_INT16(dptr, e_type);
ADD_U_INT16(dptr, e_mod);
More information about the trustedbsd-cvs
mailing list