Date: Mon, 8 Dec 2008 11:58:02 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 154331 for review Message-ID: <200812081158.mB8Bw2X1032914@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=154331 Change 154331 by rwatson@rwatson_cinnamon_macosx on 2008/12/08 11:57:57 Redo numbering scheme for userspace events to avoid collisions with the Solaris allocation scheme; adopt a more formal allocation scheme for OpenBSM. Allocate an event for Calife. Adding some events from Solaris that will be of immediate use in Mac OS X and FreeBSD. Affected files ... .. //depot/projects/trustedbsd/openbsm/NEWS#19 edit .. //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#9 edit .. //depot/projects/trustedbsd/openbsm/etc/audit_event#33 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/NEWS#19 (text+ko) ==== @@ -5,6 +5,10 @@ - With the addition of BSM error number mapping, we also need to map the local error number passed to audit_submit(3) to a BSM error number, rather than have the caller perform that conversion. +- Reallocate user audit events to avoid collisions with Solaris; adopt a more + formal allocation scheme, and add some events allocated in Solaris that + will be of immediate use on other platforms. +- Add an event for Calife. OpenBSM 1.1 alpha 3 @@ -369,4 +373,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/NEWS#18 $ +$P4: //depot/projects/trustedbsd/openbsm/NEWS#19 $ ==== //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#9 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2004 Apple Inc. + * Copyright (c) 2004-2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,22 +26,14 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#8 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#9 $ */ #ifndef _BSM_AUDIT_UEVENTS_H_ #define _BSM_AUDIT_UEVENTS_H_ -/*- - * User level audit event numbers - * - * Range of audit event numbers: - * 0 Reserved, invalid - * 1 - 2047 Reserved for kernel events - * 2048 - 32767 Defined by BSM for user events - * 32768 - 36864 Reserved for Mac OS-X applications - * 36865 - 65535 Reserved for applications - * +/* + * Solaris userspace events. */ #define AUE_at_create 6144 #define AUE_at_delete 6145 @@ -70,8 +62,13 @@ #define AUE_shutdown 6168 #define AUE_poweroff 6169 #define AUE_crontab_mod 6170 -#define AUE_audit_startup 6171 -#define AUE_audit_shutdown 6172 +#define AUE_ftpd_logout 6171 +#define AUE_ssh 6172 +#define AUE_role_login 6173 +#define AUE_prof_cmd 6180 +#define AUE_filesystem_add 6181 +#define AUE_filesystem_delete 6182 +#define AUE_filesystem_modify 6183 #define AUE_allocate_succ 6200 #define AUE_allocate_fail 6201 #define AUE_deallocate_succ 6202 @@ -83,20 +80,62 @@ #define AUE_delete_user 6209 #define AUE_disable_user 6210 #define AUE_enable_user 6211 -#define AUE_sudo 6300 -#define AUE_modify_password 6501 /* Not assigned by Sun. */ -#define AUE_create_group 6511 /* Not assigned by Sun. */ -#define AUE_delete_group 6512 /* Not assigned by Sun. */ -#define AUE_modify_group 6513 /* Not assigned by Sun. */ -#define AUE_add_to_group 6514 /* Not assigned by Sun. */ -#define AUE_remove_from_group 6515 /* Not assigned by Sun. */ -#define AUE_revoke_obj 6521 /* Not assigned by Sun; not used. */ -#define AUE_lw_login 6600 /* Not assigned by Sun; tentative. */ -#define AUE_lw_logout 6601 /* Not assigned by Sun; tentative. */ -#define AUE_auth_user 7000 /* Not assigned by Sun. */ -#define AUE_ssconn 7001 /* Not assigned by Sun. */ -#define AUE_ssauthorize 7002 /* Not assigned by Sun. */ -#define AUE_ssauthint 7003 /* Not assigned by Sun. */ +#define AUE_newgrp_login 6212 +#define AUE_admin_authentication 6213 +#define AUE_kadmind_auth 6214 +#define AUE_kadmind_unauth 6215 +#define AUE_krb5kdc_as_req 6216 +#define AUE_krb5kdc_tgs_req 6217 +#define AUE_krb5kdc_tgs_req_2ndtktmm 6218 +#define AUE_krb5kdc_tgs_req_alt_tgt 6219 + +/* + * Historic Darwin use of the low event numbering space, which collided with + * the Solaris event space. Now obsoleted and new, higher, event numbers + * assigned to make it easier to interpret Solaris events using the OpenBSM + * tools. + */ +#define AUE_DARWIN_audit_startup 6171 +#define AUE_DARWIN_audit_shutdown 6172 +#define AUE_DARWIN_sudo 6300 +#define AUE_DARWIN_modify_password 6501 +#define AUE_DARWIN_create_group 6511 +#define AUE_DARWIN_delete_group 6512 +#define AUE_DARWIN_modify_group 6513 +#define AUE_DARWIN_add_to_group 6514 +#define AUE_DARWIN_remove_from_group 6515 +#define AUE_DARWIN_revoke_obj 6521 +#define AUE_DARWIN_lw_login 6600 +#define AUE_DARWIN_lw_logout 6601 +#define AUE_DARWIN_auth_user 7000 +#define AUE_DARWIN_ssconn 7001 +#define AUE_DARWIN_ssauthorize 7002 +#define AUE_DARWIN_ssauthint 7003 + +/* + * Historic/third-party appliation allocations of event idenfiers. + */ #define AUE_openssh 32800 +/* + * OpenBSM-managed application event space. + */ +#define AUE_audit_startup 45000 /* Darwin-specific. */ +#define AUE_audit_shutdown 45001 /* Darwin-specific. */ +#define AUE_modify_password 45014 /* Darwin-specific. */ +#define AUE_create_group 45015 /* Darwin-specific. */ +#define AUE_delete_group 45016 /* Darwin-specific. */ +#define AUE_modify_group 45017 /* Darwin-specific. */ +#define AUE_add_to_group 45018 /* Darwin-specific. */ +#define AUE_remove_from_group 45019 /* Darwin-specific. */ +#define AUE_revoke_obj 45020 /* Darwin-specific. */ +#define AUE_lw_login 45021 /* Darwin-specific. */ +#define AUE_lw_logout 45022 /* Darwin-specific. */ +#define AUE_auth_user 45023 /* Darwin-specific. */ +#define AUE_ssconn 45024 /* Darwin-specific. */ +#define AUE_ssauthorize 45025 /* Darwin-specific. */ +#define AUE_ssauthint 45026 /* Darwin-specific. */ +#define AUE_calife 45027 /* OpenBSM-allocated. */ +#define AUE_sudo 45028 /* OpenBSM-allocated. */ + #endif /* !_BSM_AUDIT_UEVENTS_H_ */ ==== //depot/projects/trustedbsd/openbsm/etc/audit_event#33 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#32 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#33 $ # # The mapping between event identifiers and values is also hard-coded in # audit_kevents.h and audit_uevents.h, so changes must occur in both places, @@ -550,32 +550,103 @@ 43188:AUE_CAP_ENTER:cap_enter(2):pc 43189:AUE_CAP_GETMODE:cap_getmode(2):pc # -# User space system events. +# Solaris userspace events. # +6144:AUE_at_create:at-create atjob:ad +6145:AUE_at_delete:at-delete atjob (at or atrm):ad +6146:AUE_at_perm:at-permission:no +6147:AUE_cron_invoke:cron-invoke:ad +6148:AUE_crontab_create:crontab-crontab created:ad +6149:AUE_crontab_delete:crontab-crontab deleted:ad +6150:AUE_crontab_perm:crontab-permission:no +6151:AUE_inetd_connect:inetd connection:na 6152:AUE_login:login - local:lo 6153:AUE_logout:logout - local:lo +6154:AUE_telnet:login - telnet:lo +6155:AUE_rlogin:login - rlogin:lo +6156:AUE_mountd_mount:mount:na +6157:AUE_mountd_umount:unmount:na +6158:AUE_rshd:rsh access:lo 6159:AUE_su:su(1):lo 6160:AUE_halt:system halt:ad +6161:AUE_reboot:system reboot:ad +6162:AUE_rexecd:rexecd:lo +6163:AUE_passwd:passwd:lo +6164:AUE_rexd:rexd:lo +6165:AUE_ftpd:ftp access:lo +6166:AUE_init:init:lo +6167:AUE_uadmin:uadmin:no 6168:AUE_shutdown:system shutdown:ad -6171:AUE_audit_startup:audit startup:ad -6172:AUE_audit_shutdown:audit shutdown:ad +6168:AUE_poweroff:system poweroff:ad +6170:AUE_crontab_mod:crontab-modify:ad +6171:AUE_ftpd_logout:ftp logout:lo +6172:AUE_ssh:login - ssh:lo +6173:AUE_role_login:role login:lo +6180:AUE_prof_cmd: profile command:ad +6181:AUE_filesystem_add:add filesystem:ad +6182:AUE_filesystem_delete:delete filesystem:ad +6183:AUE_filesystem_modify:modify filesystem:ad +6200:AUE_allocate_succ:allocate-device success:ot +6201:AUE_allocate_fail:allocate-device failure:ot +6202:AUE_deallocate_succ:deallocate-device success:ot +6203:AUE_deallocate_fail:deallocate-device failure:ot +6204:AUE_listdevice_succ:allocate-list devices success:ot +6205:AUE_listdevice_fail:allocate-list devices failure:ot 6207:AUE_create_user:create user:ad 6208:AUE_modify_user:modify user:ad 6209:AUE_delete_user:delete user:ad 6210:AUE_disable_user:disable user:ad -6211:AUE_enable_user::ad -6300:AUE_sudo:sudo(1):ad -6501:AUE_modify_password:modify password:ad -6511:AUE_create_group:create group:ad -6512:AUE_delete_group:delete group:ad -6513:AUE_modify_group:modify group:ad -6514:AUE_add_to_group:add to group:ad -6515:AUE_remove_from_group:remove from group:ad -6521:AUE_revoke_obj:revoke object priv:fm -6600:AUE_lw_login:loginwindow login:lo -6601:AUE_lw_logout:loginwindow logout:lo -7000:AUE_auth_user:user authentication:ad -7001:AUE_ssconn:SecSrvr connection setup:ad -7002:AUE_ssauthorize:SecSrvr AuthEngine:ad -7003:AUE_ssauthint:SecSrvr authinternal mech:ad +6211:AUE_enable_user:enable users:ad +6212:AUE_newgrp_login:newgrp login:lo +6213:AUE_admin_authenticate:admin login:lo +6214:AUE_kadmind_auth:authenticated kadmind request:ua +6215:AUE_kadmind_unauth:unauthenticated kadmind req:ua +6216:AUE_krb5kdc_as_req:kdc authentication svc request:ap +6217:AUE_krb5kdc_tgs_req:kdc tkt-grant svc request:ap +6218:AUE_krb5kdc_tgs_req_2ndtktmm:kdc tgs 2ndtkt mismtch:ap +6219:AUE_krb5kdc_tgs_req_alt_tgt:kdc tgs issue alt tgt:ap +# +# Historic Darwin use of low event numbering space, which collided with the +# Solaris event space. Now obsoleted and new, higher, event numbers assigned +# to make it easier to interpret Solaris events using the OpenBSM tools. +# +6171:AUE_DARWIN_audit_startup:audit startup:ad +6172:AUE_DARWIN_audit_shutdown:audit shutdown:ad +6300:AUE_DARWIN_sudo:sudo(1):ad +6501:AUE_DARWIN_modify_password:modify password:ad +6511:AUE_DARWIN_create_group:create group:ad +6512:AUE_DARWIN_delete_group:delete group:ad +6513:AUE_DARWIN_modify_group:modify group:ad +6514:AUE_DARWIN_add_to_group:add to group:ad +6515:AUE_DARWIN_remove_from_group:remove from group:ad +6521:AUE_DARWIN_revoke_obj:revoke object priv:fm +6600:AUE_DARWIN_lw_login:loginwindow login:lo +6601:AUE_DARWIN_lw_logout:loginwindow logout:lo +7000:AUE_DARWIN_auth_user:user authentication:ad +7001:AUE_DARWIN_ssconn:SecSrvr connection setup:ad +7002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:ad +7003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:ad +# +# Historic/third-party application allocations of event identifiers. +# 32800:AUE_openssh:OpenSSH login:lo +# +# OpenBSM-managed application event space. +# +45000:AUE_audit_startup:audit startup:ad +45001:AUE_audit_shutdown:audit shutdown:ad +45014:AUE_modify_password:modify password:ad +45015:AUE_create_group:create group:ad +45016:AUE_delete_group:delete group:ad +45017:AUE_modify_group:modify group:ad +45018:AUE_add_to_group:add to group:ad +45019:AUE_remove_from_group:remove from group:ad +45020:AUE_revoke_obj:revoke object priv:fm +45021:AUE_lw_login:loginwindow login:lo +45022:AUE_lw_logout:loginwindow logout:lo +45023:AUE_auth_user:user authentication:ad +45024:AUE_ssconn:SecSrvr connection setup:ad +45025:AUE_ssauthorize:SecSrvr AuthEngine:ad +45026:AUE_ssauthint:SecSrvr authinternal mech:ad +45027:AUE_calife:Calife:ad +45028:AUE_sudo:sudo(1):ad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812081158.mB8Bw2X1032914>