PERFORCE change 90728 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jan 30 22:22:46 GMT 2006
http://perforce.freebsd.org/chv.cgi?CH=90728
Change 90728 by rwatson at rwatson_peppercorn on 2006/01/30 22:22:20
Integrate recent OpenBSM changes from TrustedBSD OpenBSM branch
to TrustedBSD audit3 branch:
- style(9) for audit.h, audit_record.h, audit_uevents.h
- Additional events in audit_kevents.h, audit_event, annotations,
etc.
Affected files ...
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#7 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#14 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_uevents.h#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#9 integrate
Differences ...
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#7 (text+ko) ====
@@ -30,37 +30,37 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#6 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#7 $
*/
#ifndef _BSM_AUDIT_H
#define _BSM_AUDIT_H
#define AUDIT_RECORD_MAGIC 0x828a0f1b
-#define MAX_AUDIT_RECORDS 20
-#define MAX_AUDIT_RECORD_SIZE 4096
-#define MIN_AUDIT_FILE_SIZE (512 * 1024)
+#define MAX_AUDIT_RECORDS 20
+#define MAX_AUDIT_RECORD_SIZE 4096
+#define MIN_AUDIT_FILE_SIZE (512 * 1024)
/*
* Triggers for the audit daemon
*/
-#define AUDIT_TRIGGER_MIN 1
-#define AUDIT_TRIGGER_LOW_SPACE 1
-#define AUDIT_TRIGGER_OPEN_NEW 2
-#define AUDIT_TRIGGER_READ_FILE 3
-#define AUDIT_TRIGGER_CLOSE_AND_DIE 4
-#define AUDIT_TRIGGER_NO_SPACE 5
-#define AUDIT_TRIGGER_MAX 5
+#define AUDIT_TRIGGER_MIN 1
+#define AUDIT_TRIGGER_LOW_SPACE 1
+#define AUDIT_TRIGGER_OPEN_NEW 2
+#define AUDIT_TRIGGER_READ_FILE 3
+#define AUDIT_TRIGGER_CLOSE_AND_DIE 4
+#define AUDIT_TRIGGER_NO_SPACE 5
+#define AUDIT_TRIGGER_MAX 5
/*
* File that will be read for trigger events from the kernel
*/
-#define AUDIT_TRIGGER_FILE "/dev/audit"
+#define AUDIT_TRIGGER_FILE "/dev/audit"
/*
* Pre-defined audit IDs
*/
-#define AU_DEFAUDITID -1
+#define AU_DEFAUDITID -1
/*
* Define the masks for the classes of audit events.
@@ -103,71 +103,74 @@
/*
* IPC types
*/
-#define AT_IPC_MSG ((u_char)1) /* message IPC id */
-#define AT_IPC_SEM ((u_char)2) /* semaphore IPC id */
-#define AT_IPC_SHM ((u_char)3) /* shared mem IPC id */
+#define AT_IPC_MSG ((u_char)1) /* Message IPC id. */
+#define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */
+#define AT_IPC_SHM ((u_char)3) /* Shared mem IPC id. */
/*
* Audit conditions.
*/
-#define AUC_UNSET 0
-#define AUC_AUDITING 1
-#define AUC_NOAUDIT 2
-#define AUC_DISABLED -1
+#define AUC_UNSET 0
+#define AUC_AUDITING 1
+#define AUC_NOAUDIT 2
+#define AUC_DISABLED -1
/*
* auditon(2) commands.
*/
-#define A_GETPOLICY 2
-#define A_SETPOLICY 3
-#define A_GETKMASK 4
-#define A_SETKMASK 5
+#define A_GETPOLICY 2
+#define A_SETPOLICY 3
+#define A_GETKMASK 4
+#define A_SETKMASK 5
#define A_GETQCTRL 6
-#define A_SETQCTRL 7
-#define A_GETCWD 8
-#define A_GETCAR 9
-#define A_GETSTAT 12
-#define A_SETSTAT 13
+#define A_SETQCTRL 7
+#define A_GETCWD 8
+#define A_GETCAR 9
+#define A_GETSTAT 12
+#define A_SETSTAT 13
#define A_SETUMASK 14
-#define A_SETSMASK 15
-#define A_GETCOND 20
-#define A_SETCOND 21
-#define A_GETCLASS 22
-#define A_SETCLASS 23
-#define A_GETPINFO 24
-#define A_SETPMASK 25
-#define A_SETFSIZE 26
-#define A_GETFSIZE 27
-#define A_GETPINFO_ADDR 28
-#define A_GETKAUDIT 29
-#define A_SETKAUDIT 30
-#define A_SENDTRIGGER 31
+#define A_SETSMASK 15
+#define A_GETCOND 20
+#define A_SETCOND 21
+#define A_GETCLASS 22
+#define A_SETCLASS 23
+#define A_GETPINFO 24
+#define A_SETPMASK 25
+#define A_SETFSIZE 26
+#define A_GETFSIZE 27
+#define A_GETPINFO_ADDR 28
+#define A_GETKAUDIT 29
+#define A_SETKAUDIT 30
+#define A_SENDTRIGGER 31
/*
* Audit policy controls.
*/
-#define AUDIT_CNT 0x0001
-#define AUDIT_AHLT 0x0002
-#define AUDIT_ARGV 0x0004
-#define AUDIT_ARGE 0x0008
-#define AUDIT_PASSWD 0x0010
-#define AUDIT_SEQ 0x0020
-#define AUDIT_WINDATA 0x0040
-#define AUDIT_USER 0x0080
-#define AUDIT_GROUP 0x0100
-#define AUDIT_TRAIL 0x0200
-#define AUDIT_PATH 0x0400
+#define AUDIT_CNT 0x0001
+#define AUDIT_AHLT 0x0002
+#define AUDIT_ARGV 0x0004
+#define AUDIT_ARGE 0x0008
+#define AUDIT_PASSWD 0x0010
+#define AUDIT_SEQ 0x0020
+#define AUDIT_WINDATA 0x0040
+#define AUDIT_USER 0x0080
+#define AUDIT_GROUP 0x0100
+#define AUDIT_TRAIL 0x0200
+#define AUDIT_PATH 0x0400
/*
* Audit queue control parameters
*/
-#define AQ_HIWATER 100
-#define AQ_MAXHIGH 10000
-#define AQ_LOWATER 10
-#define AQ_BUFSZ 1024
-#define AQ_MAXBUFSZ 1048576
+#define AQ_HIWATER 100
+#define AQ_MAXHIGH 10000
+#define AQ_LOWATER 10
+#define AQ_BUFSZ 1024
+#define AQ_MAXBUFSZ 1048576
-#define AU_FS_MINFREE 20 /* default min filesystem freespace, in percent */
+/*
+ * Default minimum percentage free space on file system.
+ */
+#define AU_FS_MINFREE 20
/*
* Type definitions used indicating the length of variable length addresses
@@ -178,83 +181,83 @@
__BEGIN_DECLS
-typedef uid_t au_id_t;
-typedef pid_t au_asid_t;
-typedef u_int16_t au_event_t;
-typedef u_int16_t au_emod_t;
-typedef u_int32_t au_class_t;
+typedef uid_t au_id_t;
+typedef pid_t au_asid_t;
+typedef u_int16_t au_event_t;
+typedef u_int16_t au_emod_t;
+typedef u_int32_t au_class_t;
struct au_tid {
- dev_t port;
- u_int32_t machine;
+ dev_t port;
+ u_int32_t machine;
};
-typedef struct au_tid au_tid_t;
+typedef struct au_tid au_tid_t;
struct au_tid_addr {
- dev_t at_port;
- u_int32_t at_type;
- u_int32_t at_addr[4];
+ dev_t at_port;
+ u_int32_t at_type;
+ u_int32_t at_addr[4];
};
-typedef struct au_tid_addr au_tid_addr_t;
+typedef struct au_tid_addr au_tid_addr_t;
struct au_mask {
- unsigned int am_success; /* success bits */
- unsigned int am_failure; /* failure bits */
+ unsigned int am_success; /* Success bits. */
+ unsigned int am_failure; /* Failure bits. */
};
-typedef struct au_mask au_mask_t;
+typedef struct au_mask au_mask_t;
struct auditinfo {
- au_id_t ai_auid; /* Audit user ID */
- au_mask_t ai_mask; /* Audit masks */
- au_tid_t ai_termid; /* Terminal ID */
- au_asid_t ai_asid; /* Audit session ID */
+ au_id_t ai_auid; /* Audit user ID. */
+ au_mask_t ai_mask; /* Audit masks. */
+ au_tid_t ai_termid; /* Terminal ID. */
+ au_asid_t ai_asid; /* Audit session ID. */
};
-typedef struct auditinfo auditinfo_t;
+typedef struct auditinfo auditinfo_t;
struct auditinfo_addr {
- au_id_t ai_auid; /* Audit user ID */
- au_mask_t ai_mask; /* Audit masks */
- au_tid_addr_t ai_termid; /* Terminal ID */
- au_asid_t ai_asid; /* Audit session ID */
+ au_id_t ai_auid; /* Audit user ID. */
+ au_mask_t ai_mask; /* Audit masks. */
+ au_tid_addr_t ai_termid; /* Terminal ID. */
+ au_asid_t ai_asid; /* Audit session ID. */
};
-typedef struct auditinfo_addr auditinfo_addr_t;
+typedef struct auditinfo_addr auditinfo_addr_t;
struct auditpinfo {
- pid_t ap_pid; /* ID of target process */
- au_id_t ap_auid; /* Audit user ID */
- au_mask_t ap_mask; /* Audit masks */
- au_tid_t ap_termid; /* Terminal ID */
- au_asid_t ap_asid; /* Audit session ID */
+ pid_t ap_pid; /* ID of target process. */
+ au_id_t ap_auid; /* Audit user ID. */
+ au_mask_t ap_mask; /* Audit masks. */
+ au_tid_t ap_termid; /* Terminal ID. */
+ au_asid_t ap_asid; /* Audit session ID. */
};
-typedef struct auditpinfo auditpinfo_t;
+typedef struct auditpinfo auditpinfo_t;
struct auditpinfo_addr {
- pid_t ap_pid; /* ID of target process */
- au_id_t ap_auid; /* Audit user ID */
- au_mask_t ap_mask; /* Audit masks */
- au_tid_addr_t ap_termid; /* Terminal ID */
- au_asid_t ap_asid; /* Audit session ID */
+ pid_t ap_pid; /* ID of target process. */
+ au_id_t ap_auid; /* Audit user ID. */
+ au_mask_t ap_mask; /* Audit masks. */
+ au_tid_addr_t ap_termid; /* Terminal ID. */
+ au_asid_t ap_asid; /* Audit session ID. */
};
-typedef struct auditpinfo_addr auditpinfo_addr_t;
+typedef struct auditpinfo_addr auditpinfo_addr_t;
-/* Token and record structures */
+/* Token and record structures. */
struct au_token {
- u_char *t_data;
- size_t len;
- TAILQ_ENTRY(au_token) tokens;
+ u_char *t_data;
+ size_t len;
+ TAILQ_ENTRY(au_token) tokens;
};
-typedef struct au_token token_t;
+typedef struct au_token token_t;
struct au_record {
- char used; /* Is this record currently being used */
- int desc; /* The descriptor associated with this record */
- TAILQ_HEAD(, au_token) token_q; /* queue of BSM tokens */
- u_char *data;
- size_t len;
- LIST_ENTRY(au_record) au_rec_q;
+ char used; /* Record currently in use? */
+ int desc; /* Descriptor for record. */
+ TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */
+ u_char *data;
+ size_t len;
+ LIST_ENTRY(au_record) au_rec_q;
};
-typedef struct au_record au_record_t;
+typedef struct au_record au_record_t;
/*
* Kernel audit queue control parameters.
@@ -264,59 +267,59 @@
size_t aq_lowater;
size_t aq_bufsz;
clock_t aq_delay;
- int aq_minfree; /* minimum filesystem percent free space */
+ int aq_minfree; /* Minimum filesystem percent free space. */
};
-typedef struct au_qctrl au_qctrl_t;
+typedef struct au_qctrl au_qctrl_t;
/*
* Structure for the audit statistics.
*/
struct audit_stat {
- unsigned int as_version;
- unsigned int as_numevent;
- int as_generated;
- int as_nonattring;
- int as_kernel;
- int as_audit;
- int as_auditctl;
- int as_enqueu;
- int as_written;
- int as_wblocked;
- int as_rblocked;
- int as_dropped;
- int as_totalsize;
- unsigned int as_memused;
+ unsigned int as_version;
+ unsigned int as_numevent;
+ int as_generated;
+ int as_nonattring;
+ int as_kernel;
+ int as_audit;
+ int as_auditctl;
+ int as_enqueu;
+ int as_written;
+ int as_wblocked;
+ int as_rblocked;
+ int as_dropped;
+ int as_totalsize;
+ unsigned int as_memused;
};
-typedef struct audit_stat au_stat_t;
+typedef struct audit_stat au_stat_t;
/*
* Structure for the audit file statistics.
*/
struct audit_fstat {
- u_quad_t af_filesz;
- u_quad_t af_currsz;
+ u_quad_t af_filesz;
+ u_quad_t af_currsz;
};
-typedef struct audit_fstat au_fstat_t;
+typedef struct audit_fstat au_fstat_t;
/*
* Audit to event class mapping.
*/
struct au_evclass_map {
- au_event_t ec_number;
- au_class_t ec_class;
+ au_event_t ec_number;
+ au_class_t ec_class;
};
-typedef struct au_evclass_map au_evclass_map_t;
+typedef struct au_evclass_map au_evclass_map_t;
#if !defined(_KERNEL) && !defined(KERNEL)
-int audit(const void *, int);
-int auditon(int, void *, int);
-int auditctl(const char *);
-int getauid(au_id_t *);
-int setauid(const au_id_t *);
-int getaudit(struct auditinfo *);
-int setaudit(const struct auditinfo *);
-int getaudit_addr(struct auditinfo_addr *, int);
-int setaudit_addr(const struct auditinfo_addr *, int);
+int audit(const void *, int);
+int auditon(int, void *, int);
+int auditctl(const char *);
+int getauid(au_id_t *);
+int setauid(const au_id_t *);
+int getaudit(struct auditinfo *);
+int setaudit(const struct auditinfo *);
+int getaudit_addr(struct auditinfo_addr *, int);
+int setaudit_addr(const struct auditinfo_addr *, int);
#endif /* defined(_KERNEL) || defined(KERNEL) */
__END_DECLS
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#14 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#13 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#14 $
*/
#ifndef _BSM_AUDIT_KEVENTS_H_
@@ -60,12 +60,14 @@
#define AUE_CHMOD 10
#define AUE_CHOWN 11
#define AUE_UMOUNT 12
+#define AUE_JUNK 13 /* Solaris-specific. */
#define AUE_ACCESS 14
#define AUE_CHECKUSERACCESS AUE_ACCESS
#define AUE_KILL 15
#define AUE_STAT 16
#define AUE_LSTAT 17
#define AUE_ACCT 18
+#define AUE_MCTL 19 /* Solaris-specific. */
#define AUE_REBOOT 20 /* XXX: Darwin conflict. */
#define AUE_SYMLINK 21
#define AUE_READLINK 22
@@ -157,34 +159,39 @@
#define AUE_SEMCTL_SETALL 108
#define AUE_SEMGET 109
#define AUE_SEMOP 110
-#define AUE_CORE 111 /* Solaris-only, currently. */
+#define AUE_CORE 111 /* Solaris-specific, currently. */
#define AUE_CLOSE 112
#define AUE_SYSTEMBOOT 113
-#define AUE_ASYNC_DAEMON_EXIT 114 /* Solaris-only. */
-#define AUE_NFSSVC_EXIT 115 /* Solaris-only. */
-#define AUE_WRITEL 128 /* Solaris-only. */
-#define AUE_WRITEVL 129 /* Solaris-only. */
+#define AUE_ASYNC_DAEMON_EXIT 114 /* Solaris-specific. */
+#define AUE_NFSSVC_EXIT 115 /* Solaris-specific. */
+#define AUE_WRITEL 128 /* Solaris-specific. */
+#define AUE_WRITEVL 129 /* Solaris-specific. */
#define AUE_GETAUID 130
#define AUE_SETAUID 131
#define AUE_GETAUDIT 132
#define AUE_SETAUDIT 133
-#define AUE_GETUSERAUDIT 134 /* Solaris-only. */
-#define AUE_SETUSERAUDIT 135 /* Solaris-only. */
-#define AUE_AUDITSVC 136 /* Solaris-only. */
-#define AUE_AUDITUSER 137 /* Solaris-only. */
+#define AUE_GETUSERAUDIT 134 /* Solaris-specific. */
+#define AUE_SETUSERAUDIT 135 /* Solaris-specific. */
+#define AUE_AUDITSVC 136 /* Solaris-specific. */
+#define AUE_AUDITUSER 137 /* Solaris-specific. */
#define AUE_AUDITON 138
+#define AUE_AUDITON_GTERMID 139 /* Solaris-specific. */
+#define AUE_AUDITON_STERMID 140 /* Solaris-specific. */
#define AUE_AUDITON_GPOLICY 141
#define AUE_AUDITON_SPOLICY 142
#define AUE_AUDITON_GQCTRL 145
#define AUE_AUDITON_SQCTRL 146
-#define AUE_GETPORTAUDIT 149
-#define AUE_ENTERPROM 153 /* Solaris-only. */
-#define AUE_EXITPROM 154 /* Solaris-only. */
+#define AUE_GETKERNSTATE 147 /* Solaris-specific. */
+#define AUE_SETKERNSTATE 148 /* Solaris-specific. */
+#define AUE_GETPORTAUDIT 149 /* Solaris-specific. */
+#define AUE_AUDISTAT 150 /* Solaris-specific. */
+#define AUE_ENTERPROM 153 /* Solaris-specific. */
+#define AUE_EXITPROM 154 /* Solaris-specific. */
#define AUE_IOCTL 158
#define AUE_SOCKET 183
#define AUE_SENDTO 184
#define AUE_PIPE 185
-#define AUE_SOCKETPAIR 186 /* XXXRW: Darwin conflict. */
+#define AUE_SOCKETPAIR 186 /* XXX: Darwin conflict. */
#define AUE_SEND 187
#define AUE_SENDMSG 188
#define AUE_RECV 189
@@ -194,6 +201,7 @@
#define AUE_LSEEK 194
#define AUE_WRITE 195
#define AUE_WRITEV 196
+#define AUE_NFS 197 /* Solaris-specific. */
#define AUE_READV 198
/* XXXRW: XXX Solaris old stat()? */
#define AUE_SETUID 200 /* XXXRW: Solaris old setuid? */
@@ -212,10 +220,10 @@
#define AUE_SETEGID 214
#define AUE_SETEUID 215
#define AUE_PUTMSG 216
-#define AUE_GETMSG 217
-#define AUE_PUTPMSG 218
-#define AUE_GETPMSG 219
- /* XXXRW: Solaris sc placeholder? */
+#define AUE_GETMSG 217 /* Solaris-specific. */
+#define AUE_PUTPMSG 218 /* Solaris-specific. */
+#define AUE_GETPMSG 219 /* Solaris-specific. */
+#define AUE_AUDITSYS 220 /* Solaris-specific. */
#define AUE_AUDITON_GETKMASK 221
#define AUE_AUDITON_SETKMASK 222
#define AUE_AUDITON_GETCWD 223
@@ -289,12 +297,13 @@
#define AUE_DARWIN_SOCKETPAIR 317 /* XXXRW: See AUE_SOCKETPAIR. */
#define AUE_FUTIMES 318
#define AUE_SETSID 319
-#define AUE_SETPRIVEXEC 320
+#define AUE_SETPRIVEXEC 320 /* Darwin-specific. */
#define AUE_DARWIN_NFSSVC 321 /* XXX: See AUE_NFS_SVC. */
#define AUE_DARWIN_GETFH 322 /* XXX: See AUE_NFS_GETFH. */
#define AUE_DARWIN_QUOTACTL 323 /* XXX: See AUE_QUOTACTL. */
-#define AUE_ADDPROFILE 324 /* Darwin */
-#define AUE_KDBUGTRACE 325 /* Darwin */
+#define AUE_ADDPROFILE 324 /* Darwin-specific. */
+#define AUE_KDEBUGTRACE 325 /* Darwin-specific. */
+#define AUE_KDBUGTRACE AUE_KDEBUGTRACE
#define AUE_FSTAT 326
#define AUE_FPATHCONF 327
#define AUE_GETDIRENTRIES 328
@@ -304,11 +313,11 @@
#define AUE_MLOCK 332
#define AUE_MUNLOCK 333
#define AUE_UNDELETE 334
-#define AUE_GETATTRLIST 335 /* Darwin */
-#define AUE_SETATTRLIST 336 /* Darwin */
-#define AUE_GETDIRENTRIESATTR 337 /* Darwin */
-#define AUE_EXCHANGEDATA 338 /* Darwin */
-#define AUE_SEARCHFS 339 /* Darwin */
+#define AUE_GETATTRLIST 335 /* Darwin-specific. */
+#define AUE_SETATTRLIST 336 /* Darwin-specific. */
+#define AUE_GETDIRENTRIESATTR 337 /* Darwin-specific. */
+#define AUE_EXCHANGEDATA 338 /* Darwin-specific. */
+#define AUE_SEARCHFS 339 /* Darwin-specific. */
#define AUE_MINHERIT 340
#define AUE_SEMCONFIG 341
#define AUE_SEMOPEN 342
@@ -316,40 +325,40 @@
#define AUE_SEMUNLINK 344
#define AUE_SHMOPEN 345
#define AUE_SHMUNLINK 346
-#define AUE_LOADSHFILE 347 /* Darwin */
-#define AUE_RESETSHFILE 348 /* Darwin */
-#define AUE_NEWSYSTEMSHREG 349 /* Darwin */
-#define AUE_PTHREADKILL 350
-#define AUE_PTHREADSIGMASK 351
+#define AUE_LOADSHFILE 347 /* Darwin-specific. */
+#define AUE_RESETSHFILE 348 /* Darwin-specific. */
+#define AUE_NEWSYSTEMSHREG 349 /* Darwin-specific. */
+#define AUE_PTHREADKILL 350 /* Darwin-specific. */
+#define AUE_PTHREADSIGMASK 351 /* Darwin-specific. */
#define AUE_AUDITCTL 352
#define AUE_RFORK 353
#define AUE_LCHMOD 354
#define AUE_SWAPOFF 355
-#define AUE_INITPROCESS 356 /* Darwin */
-#define AUE_MAPFD 357 /* Darwin */
-#define AUE_TASKFORPID 358 /* Darwin */
-#define AUE_PIDFORTASK 359 /* Darwin */
+#define AUE_INITPROCESS 356 /* Darwin-specific. */
+#define AUE_MAPFD 357 /* Darwin-specific. */
+#define AUE_TASKFORPID 358 /* Darwin-specific. */
+#define AUE_PIDFORTASK 359 /* Darwin-specific. */
#define AUE_SYSCTL_NONADMIN 360
-#define AUE_COPYFILE 361 /* Darwin */
+#define AUE_COPYFILE 361 /* Darwin-specific. */
#define AUE_LUTIMES 362
-#define AUE_LCHFLAGS 363 /* FreeBSD */
-#define AUE_SENDFILE 364 /* BSD/Linux */
-#define AUE_USELIB 365 /* Linux */
+#define AUE_LCHFLAGS 363 /* FreeBSD-specific. */
+#define AUE_SENDFILE 364 /* BSD/Linux-specific. */
+#define AUE_USELIB 365 /* Linux-specific. */
#define AUE_GETRESUID 366
#define AUE_SETRESUID 367
#define AUE_GETRESGID 368
#define AUE_SETRESGID 369
-#define AUE_WAIT4 370 /* FreeBSD */
-#define AUE_LGETFH 371 /* FreeBSD */
-#define AUE_FHSTATFS 372 /* FreeBSD */
-#define AUE_FHOPEN 373 /* FreeBSD */
-#define AUE_FHSTAT 374 /* FreeBSD */
-#define AUE_JAIL 375 /* FreeBSD */
-#define AUE_EACCESS 376 /* FreeBSD */
-#define AUE_KQUEUE 377 /* FreeBSD */
-#define AUE_KEVENT 378 /* FreeBSD */
+#define AUE_WAIT4 370 /* FreeBSD-specific. */
+#define AUE_LGETFH 371 /* FreeBSD-specific. */
+#define AUE_FHSTATFS 372 /* FreeBSD-specific. */
+#define AUE_FHOPEN 373 /* FreeBSD-specific. */
+#define AUE_FHSTAT 374 /* FreeBSD-specific. */
+#define AUE_JAIL 375 /* FreeBSD-specific. */
+#define AUE_EACCESS 376 /* FreeBSD-specific. */
+#define AUE_KQUEUE 377 /* FreeBSD-specific. */
+#define AUE_KEVENT 378 /* FreeBSD-specific. */
#define AUE_FSYNC 379
-#define AUE_NMOUNT 380 /* FreeBSD */
+#define AUE_NMOUNT 380 /* FreeBSD-specific. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#5 (text+ko) ====
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#4 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#5 $
*/
#ifndef _BSM_AUDIT_RECORD_H_
@@ -226,108 +226,99 @@
struct vnode_au_info;
#endif
-int au_open(void);
-int au_write(int d, token_t *m);
-int au_close(int d, int keep, short event);
-int au_close_buffer(int d, short event, u_char *buffer,
- size_t *buflen);
+int au_open(void);
+int au_write(int d, token_t *m);
+int au_close(int d, int keep, short event);
+int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen);
+
#if defined(KERNEL) || defined(_KERNEL)
-token_t *au_to_file(char *file, struct timeval tm);
+token_t *au_to_file(char *file, struct timeval tm);
#else
-token_t *au_to_file(char *file);
+token_t *au_to_file(char *file);
#endif
+
#if defined(KERNEL) || defined(_KERNEL)
-token_t *au_to_header(int rec_size, au_event_t e_type,
- au_emod_t e_mod, struct timeval tm);
-token_t *au_to_header32(int rec_size, au_event_t e_type,
- au_emod_t e_mod, struct timeval tm);
+token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod,
+ struct timeval tm);
+token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod,
+ struct timeval tm);
#else
-token_t *au_to_header(int rec_size, au_event_t e_type,
- au_emod_t e_mod);
-token_t *au_to_header32(int rec_size, au_event_t e_type,
- au_emod_t e_mod);
+token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
#endif
-token_t *au_to_header64(int rec_size, au_event_t e_type,
- au_emod_t e_mod);
-token_t *au_to_me(void);
+
+token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t *au_to_me(void);
+token_t *au_to_arg(char n, char *text, uint32_t v);
+token_t *au_to_arg32(char n, char *text, uint32_t v);
+token_t *au_to_arg64(char n, char *text, uint64_t v);
-token_t *au_to_arg(char n, char *text, uint32_t v);
-token_t *au_to_arg32(char n, char *text, uint32_t v);
-token_t *au_to_arg64(char n, char *text, uint64_t v);
#if defined(_KERNEL) || defined(KERNEL)
-token_t *au_to_attr(struct vnode_au_info *vni);
-token_t *au_to_attr32(struct vnode_au_info *vni);
-token_t *au_to_attr64(struct vnode_au_info *vni);
+token_t *au_to_attr(struct vnode_au_info *vni);
+token_t *au_to_attr32(struct vnode_au_info *vni);
+token_t *au_to_attr64(struct vnode_au_info *vni);
#endif
-token_t *au_to_data(char unit_print, char unit_type,
- char unit_count, char *p);
-token_t *au_to_exit(int retval, int err);
-token_t *au_to_groups(int *groups);
-token_t *au_to_newgroups(uint16_t n, gid_t *groups);
-token_t *au_to_in_addr(struct in_addr *internet_addr);
-token_t *au_to_in_addr_ex(struct in6_addr *internet_addr);
-token_t *au_to_ip(struct ip *ip);
-token_t *au_to_ipc(char type, int id);
-token_t *au_to_ipc_perm(struct ipc_perm *perm);
-token_t *au_to_iport(uint16_t iport);
-token_t *au_to_opaque(char *data, uint16_t bytes);
-token_t *au_to_path(char *path);
-token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_process_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_process32_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_process64_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_return(char status, uint32_t ret);
-token_t *au_to_return32(char status, uint32_t ret);
-token_t *au_to_return64(char status, uint64_t ret);
-token_t *au_to_seq(long audit_count);
+
+token_t *au_to_data(char unit_print, char unit_type, char unit_count,
+ char *p);
+token_t *au_to_exit(int retval, int err);
+token_t *au_to_groups(int *groups);
+token_t *au_to_newgroups(uint16_t n, gid_t *groups);
+token_t *au_to_in_addr(struct in_addr *internet_addr);
+token_t *au_to_in_addr_ex(struct in6_addr *internet_addr);
+token_t *au_to_ip(struct ip *ip);
+token_t *au_to_ipc(char type, int id);
+token_t *au_to_ipc_perm(struct ipc_perm *perm);
+token_t *au_to_iport(uint16_t iport);
+token_t *au_to_opaque(char *data, uint16_t bytes);
+token_t *au_to_path(char *path);
+token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
+token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid,
+ uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid,
+ au_tid_addr_t *tid);
+token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
+token_t *au_to_return(char status, uint32_t ret);
+token_t *au_to_return32(char status, uint32_t ret);
+token_t *au_to_return64(char status, uint64_t ret);
+token_t *au_to_seq(long audit_count);
+
#if defined(_KERNEL) || defined(KERNEL)
-token_t *au_to_socket(struct socket *so);
-token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp,
- struct sockaddr *la, struct sockaddr *ta);
-token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp,
- struct sockaddr *la, struct sockaddr *ta);
+token_t *au_to_socket(struct socket *so);
+token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la,
+ struct sockaddr *ta);
+token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la,
+ struct sockaddr *ta);
#endif
-token_t *au_to_sock_inet(struct sockaddr_in *so);
-token_t *au_to_sock_inet32(struct sockaddr_in *so);
-token_t *au_to_sock_inet128(struct sockaddr_in6 *so);
-token_t *au_to_sock_unix(struct sockaddr_un *so);
-token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid);
-token_t *au_to_subject_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_subject32_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_subject64_ex(au_id_t auid, uid_t euid,
- gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_exec_args(const char **);
-token_t *au_to_exec_env(const char **);
-token_t *au_to_text(char *text);
-token_t *au_to_kevent(struct kevent *kev);
-token_t *au_to_trailer(int rec_size);
+
+token_t *au_to_sock_inet(struct sockaddr_in *so);
+token_t *au_to_sock_inet32(struct sockaddr_in *so);
+token_t *au_to_sock_inet128(struct sockaddr_in6 *so);
+token_t *au_to_sock_unix(struct sockaddr_un *so);
+token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
+token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
+token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
+token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
+ gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
+token_t *au_to_exec_args(const char **);
+token_t *au_to_exec_env(const char **);
+token_t *au_to_text(char *text);
+token_t *au_to_kevent(struct kevent *kev);
+token_t *au_to_trailer(int rec_size);
__END_DECLS
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_uevents.h#3 (text+ko) ====
@@ -26,13 +26,13 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_uevents.h#2 $
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_uevents.h#3 $
*/
#ifndef _BSM_AUDIT_UEVENTS_H_
-#define _BSM_AUDIT_UEVENTS_H_
+#define _BSM_AUDIT_UEVENTS_H_
-/*
+/*-
* User level audit event numbers
*
* Range of audit event numbers:
@@ -43,60 +43,60 @@
* 36865 - 65535 Reserved for applications
*
*/
-#define AUE_at_create 6144
-#define AUE_at_delete 6145
-#define AUE_at_perm 6146
-#define AUE_cron_invoke 6147
-#define AUE_crontab_create 6148
-#define AUE_crontab_delete 6149
-#define AUE_crontab_perm 6150
-#define AUE_inetd_connect 6151
-#define AUE_login 6152
-#define AUE_logout 6153
-#define AUE_telnet 6154
-#define AUE_rlogin 6155
-#define AUE_mountd_mount 6156
-#define AUE_mountd_umount 6157
-#define AUE_rshd 6158
-#define AUE_su 6159
-#define AUE_halt 6160
-#define AUE_reboot 6161
-#define AUE_rexecd 6162
-#define AUE_passwd 6163
-#define AUE_rexd 6164
-#define AUE_ftpd 6165
-#define AUE_init 6166
-#define AUE_uadmin 6167
-#define AUE_shutdown 6168
-#define AUE_poweroff 6169
-#define AUE_crontab_mod 6170
-#define AUE_audit_startup 6171
-#define AUE_audit_shutdown 6172
-#define AUE_allocate_succ 6200
-#define AUE_allocate_fail 6201
-#define AUE_deallocate_succ 6202
-#define AUE_deallocate_fail 6203
-#define AUE_listdevice_succ 6205
-#define AUE_listdevice_fail 6206
-#define AUE_create_user 6207
-#define AUE_modify_user 6208
-#define AUE_delete_user 6209
-#define AUE_disable_user 6210
-#define AUE_enable_user 6211
-#define AUE_sudo 6300
-#define AUE_modify_password 6501 /* not assigned by Sun */
-#define AUE_create_group 6511 /* not assigned by Sun */
-#define AUE_delete_group 6512 /* not assigned by Sun */
-#define AUE_modify_group 6513 /* not assigned by Sun */
-#define AUE_add_to_group 6514 /* not assigned by Sun */
-#define AUE_remove_from_group 6515 /* not assigned by Sun */
-#define AUE_revoke_obj 6521 /* not assigned by Sun; not curr. used */
-#define AUE_lw_login 6600 /* not assigned by Sun; tentative */
-#define AUE_lw_logout 6601 /* not assigned by Sun; tentative */
-#define AUE_auth_user 7000 /* not assigned by Sun */
-#define AUE_ssconn 7001 /* not assigned by Sun */
-#define AUE_ssauthorize 7002 /* not assigned by Sun */
-#define AUE_ssauthint 7003 /* not assigned by Sun */
-#define AUE_openssh 32800
+#define AUE_at_create 6144
+#define AUE_at_delete 6145
+#define AUE_at_perm 6146
+#define AUE_cron_invoke 6147
+#define AUE_crontab_create 6148
+#define AUE_crontab_delete 6149
+#define AUE_crontab_perm 6150
+#define AUE_inetd_connect 6151
+#define AUE_login 6152
+#define AUE_logout 6153
+#define AUE_telnet 6154
+#define AUE_rlogin 6155
+#define AUE_mountd_mount 6156
+#define AUE_mountd_umount 6157
+#define AUE_rshd 6158
+#define AUE_su 6159
+#define AUE_halt 6160
+#define AUE_reboot 6161
+#define AUE_rexecd 6162
+#define AUE_passwd 6163
+#define AUE_rexd 6164
+#define AUE_ftpd 6165
+#define AUE_init 6166
+#define AUE_uadmin 6167
+#define AUE_shutdown 6168
+#define AUE_poweroff 6169
+#define AUE_crontab_mod 6170
+#define AUE_audit_startup 6171
+#define AUE_audit_shutdown 6172
+#define AUE_allocate_succ 6200
+#define AUE_allocate_fail 6201
+#define AUE_deallocate_succ 6202
+#define AUE_deallocate_fail 6203
+#define AUE_listdevice_succ 6205
+#define AUE_listdevice_fail 6206
+#define AUE_create_user 6207
+#define AUE_modify_user 6208
+#define AUE_delete_user 6209
+#define AUE_disable_user 6210
+#define AUE_enable_user 6211
+#define AUE_sudo 6300
+#define AUE_modify_password 6501 /* Not assigned by Sun. */
+#define AUE_create_group 6511 /* Not assigned by Sun. */
+#define AUE_delete_group 6512 /* Not assigned by Sun. */
+#define AUE_modify_group 6513 /* Not assigned by Sun. */
+#define AUE_add_to_group 6514 /* Not assigned by Sun. */
+#define AUE_remove_from_group 6515 /* Not assigned by Sun. */
+#define AUE_revoke_obj 6521 /* Not assigned by Sun; not used. */
+#define AUE_lw_login 6600 /* Not assigned by Sun; tentative. */
+#define AUE_lw_logout 6601 /* Not assigned by Sun; tentative. */
+#define AUE_auth_user 7000 /* Not assigned by Sun. */
+#define AUE_ssconn 7001 /* Not assigned by Sun. */
+#define AUE_ssauthorize 7002 /* Not assigned by Sun. */
+#define AUE_ssauthint 7003 /* Not assigned by Sun. */
+#define AUE_openssh 32800
#endif /* !_BSM_AUDIT_UEVENTS_H_ */
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#9 (text+ko) ====
@@ -1,5 +1,5 @@
#
-# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#8 $
+# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#9 $
#
0:AUE_NULL:indir system call:no
1:AUE_EXIT:exit(2):pc
@@ -125,6 +125,8 @@
133:AUE_SETAUDIT:setaudit(2):ad
134:AUE_GETUSERAUDIT:getuseraudit(2):ad
135:AUE_SETUSERAUDIT:setuseraudit(2):ad
+136:AUE_AUDITSVC:auditsvc(2):ad
+137:AUE_AUDITUSER:audituser(2):ad
138:AUE_AUDITON:auditon(2):ad
139:AUE_AUDITON_GTERMID:auditon(2) - GETTERMID command:ad
140:AUE_AUDITON_STERMID:auditon(2) - SETTERMID command:ad
@@ -164,12 +166,12 @@
197:AUE_NFS:nfs server:ad
198:AUE_READV:readv(2):no
199:AUE_OSTAT:old stat(2):fa
-200:AUE_OSETUID:old setuid(2):pc
+200:AUE_SETUID:setuid(2):pc
201:AUE_STIME:old stime(2):ad
202:AUE_UTIME:old utime(2):fm
203:AUE_NICE:old nice(2):pc
204:AUE_OSETPGRP:old setpgrp(2):pc
-205:AUE_SETGID:old setgid(2):pc
+205:AUE_SETGID:setgid(2):pc
206:AUE_READL:readl(2):no
207:AUE_READVL:readvl(2):no
209:AUE_DUP2:dup2(2):no
@@ -230,6 +232,8 @@
264:AUE_INST_SYNC:inst_sync(2):ad
266:AUE_SETAUDIT_ADDR:setaudit_addr(2):ad
267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad
+268:AUE_CLOCK_SETTIME:clock_settime(2):ad
+269:AUE_NTP_ADJTIME:ntp_adjtime(2):ad
301:AUE_GETFSSTAT:getfsstat(2):fa
302:AUE_PTRACE:ptrace(2):pc
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list