From owner-p4-projects@FreeBSD.ORG Tue Apr 14 20:29:19 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E23E11065786; Tue, 14 Apr 2009 20:29:18 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E89F106576B for ; Tue, 14 Apr 2009 20:29:18 +0000 (UTC) (envelope-from sson@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 5A71C8FC08 for ; Tue, 14 Apr 2009 20:29:18 +0000 (UTC) (envelope-from sson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n3EKTIX9025843 for ; Tue, 14 Apr 2009 20:29:18 GMT (envelope-from sson@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n3EKTINV025841 for perforce@freebsd.org; Tue, 14 Apr 2009 20:29:18 GMT (envelope-from sson@FreeBSD.org) Date: Tue, 14 Apr 2009 20:29:18 GMT Message-Id: <200904142029.n3EKTINV025841@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to sson@FreeBSD.org using -f From: Stacey Son To: Perforce Change Reviews Cc: Subject: PERFORCE change 160640 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Apr 2009 20:29:23 -0000 http://perforce.freebsd.org/chv.cgi?CH=160640 Change 160640 by sson@sson_amd64 on 2009/04/14 20:29:05 Adding AUE_ssauthmech event, the "aa" class, and changing flags to audit the aa event class by default. Sync sys/bsm/audit.h with darwin kernel version. Credit: Gary Hoo Affected files ... .. //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#11 edit .. //depot/projects/trustedbsd/openbsm/etc/audit_class#6 edit .. //depot/projects/trustedbsd/openbsm/etc/audit_control#8 edit .. //depot/projects/trustedbsd/openbsm/etc/audit_event#39 edit .. //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#11 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#10 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#11 $ */ #ifndef _BSM_AUDIT_UEVENTS_H_ @@ -138,5 +138,6 @@ #define AUE_calife 45027 /* OpenBSM-allocated. */ #define AUE_sudo 45028 /* OpenBSM-allocated. */ #define AUE_audit_recovery 45029 /* OpenBSM-allocated. */ +#define AUE_ssauthmech 45030 /* Darwin-specific. */ #endif /* !_BSM_AUDIT_UEVENTS_H_ */ ==== //depot/projects/trustedbsd/openbsm/etc/audit_class#6 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#5 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_class#6 $ # 0x00000000:no:invalid class 0x00000001:fr:file read @@ -15,6 +15,7 @@ 0x00000400:na:non attributable 0x00000800:ad:administrative 0x00001000:lo:login_logout +0x00002000:aa:authentication and authorization 0x00004000:ap:application 0x20000000:io:ioctl 0x40000000:ex:exec ==== //depot/projects/trustedbsd/openbsm/etc/audit_control#8 (text+ko) ==== @@ -1,10 +1,10 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#7 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#8 $ # dir:/var/audit -flags:lo +flags:lo,aa minfree:5 -naflags:lo +naflags:lo,aa policy:cnt,argv filesz:2M expire-after:10M ==== //depot/projects/trustedbsd/openbsm/etc/audit_event#39 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#38 $ +# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#39 $ # # The mapping between event identifiers and values is also hard-coded in # audit_kevents.h and audit_uevents.h, so changes must occur in both places, @@ -628,10 +628,10 @@ 6521:AUE_DARWIN_revoke_obj:revoke object priv:fm 6600:AUE_DARWIN_lw_login:loginwindow login:lo 6601:AUE_DARWIN_lw_logout:loginwindow logout:lo -7000:AUE_DARWIN_auth_user:user authentication:ad -7001:AUE_DARWIN_ssconn:SecSrvr connection setup:ad -7002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:ad -7003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:ad +7000:AUE_DARWIN_auth_user:user authentication:aa +7001:AUE_DARWIN_ssconn:SecSrvr connection setup:aa +7002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:aa +7003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:aa # # Historic/third-party application allocations of event identifiers. # @@ -650,10 +650,11 @@ 45020:AUE_revoke_obj:revoke object priv:fm 45021:AUE_lw_login:loginwindow login:lo 45022:AUE_lw_logout:loginwindow logout:lo -45023:AUE_auth_user:user authentication:ad -45024:AUE_ssconn:SecSrvr connection setup:ad -45025:AUE_ssauthorize:SecSrvr AuthEngine:ad -45026:AUE_ssauthint:SecSrvr authinternal mech:ad +45023:AUE_auth_user:user authentication:aa +45024:AUE_ssconn:SecSrvr connection setup:aa +45025:AUE_ssauthorize:SecSrvr AuthEngine:aa +45026:AUE_ssauthint:SecSrvr authinternal mech:aa 45027:AUE_calife:Calife:ad -45028:AUE_sudo:sudo(1):ad +45028:AUE_sudo:sudo(1):aa 45029:AUE_audit_recovery:audit crash recovery:ad +45030:AUE_ssauthmech:SecSrvr AuthMechanism:aa ==== //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 (text+ko) ==== @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#8 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9 $ */ #ifndef _BSM_AUDIT_H @@ -313,10 +313,10 @@ int getaudit_addr(struct auditinfo_addr *, int); int setaudit_addr(const struct auditinfo_addr *, int); -#ifdef __APPLE_API_PRIVATE +#ifdef __APPLE_API_PRIVATE #include -mach_port_name_t audit_session_self(void); -au_asid_t audit_sesison_join(mach_port_name_t port); +mach_port_name_t audit_session_self(void); +au_asid_t audit_session_join(mach_port_name_t port); #endif /* __APPLE_API_PRIVATE */ #endif /* defined(_KERNEL) || defined(KERNEL) */