Date: Mon, 30 Jan 2006 22:22:46 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 90728 for review Message-ID: <200601302222.k0UMMk0p062522@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=90728 Change 90728 by rwatson@rwatson_peppercorn on 2006/01/30 22:22:20 Integrate recent OpenBSM changes from TrustedBSD OpenBSM branch to TrustedBSD audit3 branch: - style(9) for audit.h, audit_record.h, audit_uevents.h - Additional events in audit_kevents.h, audit_event, annotations, etc. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#7 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#14 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#5 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_uevents.h#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#9 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#7 (text+ko) ==== @@ -30,37 +30,37 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#6 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#7 $ */ #ifndef _BSM_AUDIT_H #define _BSM_AUDIT_H #define AUDIT_RECORD_MAGIC 0x828a0f1b -#define MAX_AUDIT_RECORDS 20 -#define MAX_AUDIT_RECORD_SIZE 4096 -#define MIN_AUDIT_FILE_SIZE (512 * 1024) +#define MAX_AUDIT_RECORDS 20 +#define MAX_AUDIT_RECORD_SIZE 4096 +#define MIN_AUDIT_FILE_SIZE (512 * 1024) /* * Triggers for the audit daemon */ -#define AUDIT_TRIGGER_MIN 1 -#define AUDIT_TRIGGER_LOW_SPACE 1 -#define AUDIT_TRIGGER_OPEN_NEW 2 -#define AUDIT_TRIGGER_READ_FILE 3 -#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 -#define AUDIT_TRIGGER_NO_SPACE 5 -#define AUDIT_TRIGGER_MAX 5 +#define AUDIT_TRIGGER_MIN 1 +#define AUDIT_TRIGGER_LOW_SPACE 1 +#define AUDIT_TRIGGER_OPEN_NEW 2 +#define AUDIT_TRIGGER_READ_FILE 3 +#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 +#define AUDIT_TRIGGER_NO_SPACE 5 +#define AUDIT_TRIGGER_MAX 5 /* * File that will be read for trigger events from the kernel */ -#define AUDIT_TRIGGER_FILE "/dev/audit" +#define AUDIT_TRIGGER_FILE "/dev/audit" /* * Pre-defined audit IDs */ -#define AU_DEFAUDITID -1 +#define AU_DEFAUDITID -1 /* * Define the masks for the classes of audit events. @@ -103,71 +103,74 @@ /* * IPC types */ -#define AT_IPC_MSG ((u_char)1) /* message IPC id */ -#define AT_IPC_SEM ((u_char)2) /* semaphore IPC id */ -#define AT_IPC_SHM ((u_char)3) /* shared mem IPC id */ +#define AT_IPC_MSG ((u_char)1) /* Message IPC id. */ +#define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */ +#define AT_IPC_SHM ((u_char)3) /* Shared mem IPC id. */ /* * Audit conditions. */ -#define AUC_UNSET 0 -#define AUC_AUDITING 1 -#define AUC_NOAUDIT 2 -#define AUC_DISABLED -1 +#define AUC_UNSET 0 +#define AUC_AUDITING 1 +#define AUC_NOAUDIT 2 +#define AUC_DISABLED -1 /* * auditon(2) commands. */ -#define A_GETPOLICY 2 -#define A_SETPOLICY 3 -#define A_GETKMASK 4 -#define A_SETKMASK 5 +#define A_GETPOLICY 2 +#define A_SETPOLICY 3 +#define A_GETKMASK 4 +#define A_SETKMASK 5 #define A_GETQCTRL 6 -#define A_SETQCTRL 7 -#define A_GETCWD 8 -#define A_GETCAR 9 -#define A_GETSTAT 12 -#define A_SETSTAT 13 +#define A_SETQCTRL 7 +#define A_GETCWD 8 +#define A_GETCAR 9 +#define A_GETSTAT 12 +#define A_SETSTAT 13 #define A_SETUMASK 14 -#define A_SETSMASK 15 -#define A_GETCOND 20 -#define A_SETCOND 21 -#define A_GETCLASS 22 -#define A_SETCLASS 23 -#define A_GETPINFO 24 -#define A_SETPMASK 25 -#define A_SETFSIZE 26 -#define A_GETFSIZE 27 -#define A_GETPINFO_ADDR 28 -#define A_GETKAUDIT 29 -#define A_SETKAUDIT 30 -#define A_SENDTRIGGER 31 +#define A_SETSMASK 15 +#define A_GETCOND 20 +#define A_SETCOND 21 +#define A_GETCLASS 22 +#define A_SETCLASS 23 +#define A_GETPINFO 24 +#define A_SETPMASK 25 +#define A_SETFSIZE 26 +#define A_GETFSIZE 27 +#define A_GETPINFO_ADDR 28 +#define A_GETKAUDIT 29 +#define A_SETKAUDIT 30 +#define A_SENDTRIGGER 31 /* * Audit policy controls. */ -#define AUDIT_CNT 0x0001 -#define AUDIT_AHLT 0x0002 -#define AUDIT_ARGV 0x0004 -#define AUDIT_ARGE 0x0008 -#define AUDIT_PASSWD 0x0010 -#define AUDIT_SEQ 0x0020 -#define AUDIT_WINDATA 0x0040 -#define AUDIT_USER 0x0080 -#define AUDIT_GROUP 0x0100 -#define AUDIT_TRAIL 0x0200 -#define AUDIT_PATH 0x0400 +#define AUDIT_CNT 0x0001 +#define AUDIT_AHLT 0x0002 +#define AUDIT_ARGV 0x0004 +#define AUDIT_ARGE 0x0008 +#define AUDIT_PASSWD 0x0010 +#define AUDIT_SEQ 0x0020 +#define AUDIT_WINDATA 0x0040 +#define AUDIT_USER 0x0080 +#define AUDIT_GROUP 0x0100 +#define AUDIT_TRAIL 0x0200 +#define AUDIT_PATH 0x0400 /* * Audit queue control parameters */ -#define AQ_HIWATER 100 -#define AQ_MAXHIGH 10000 -#define AQ_LOWATER 10 -#define AQ_BUFSZ 1024 -#define AQ_MAXBUFSZ 1048576 +#define AQ_HIWATER 100 +#define AQ_MAXHIGH 10000 +#define AQ_LOWATER 10 +#define AQ_BUFSZ 1024 +#define AQ_MAXBUFSZ 1048576 -#define AU_FS_MINFREE 20 /* default min filesystem freespace, in percent */ +/* + * Default minimum percentage free space on file system. + */ +#define AU_FS_MINFREE 20 /* * Type definitions used indicating the length of variable length addresses @@ -178,83 +181,83 @@ __BEGIN_DECLS -typedef uid_t au_id_t; -typedef pid_t au_asid_t; -typedef u_int16_t au_event_t; -typedef u_int16_t au_emod_t; -typedef u_int32_t au_class_t; +typedef uid_t au_id_t; +typedef pid_t au_asid_t; +typedef u_int16_t au_event_t; +typedef u_int16_t au_emod_t; +typedef u_int32_t au_class_t; struct au_tid { - dev_t port; - u_int32_t machine; + dev_t port; + u_int32_t machine; }; -typedef struct au_tid au_tid_t; +typedef struct au_tid au_tid_t; struct au_tid_addr { - dev_t at_port; - u_int32_t at_type; - u_int32_t at_addr[4]; + dev_t at_port; + u_int32_t at_type; + u_int32_t at_addr[4]; }; -typedef struct au_tid_addr au_tid_addr_t; +typedef struct au_tid_addr au_tid_addr_t; struct au_mask { - unsigned int am_success; /* success bits */ - unsigned int am_failure; /* failure bits */ + unsigned int am_success; /* Success bits. */ + unsigned int am_failure; /* Failure bits. */ }; -typedef struct au_mask au_mask_t; +typedef struct au_mask au_mask_t; struct auditinfo { - au_id_t ai_auid; /* Audit user ID */ - au_mask_t ai_mask; /* Audit masks */ - au_tid_t ai_termid; /* Terminal ID */ - au_asid_t ai_asid; /* Audit session ID */ + au_id_t ai_auid; /* Audit user ID. */ + au_mask_t ai_mask; /* Audit masks. */ + au_tid_t ai_termid; /* Terminal ID. */ + au_asid_t ai_asid; /* Audit session ID. */ }; -typedef struct auditinfo auditinfo_t; +typedef struct auditinfo auditinfo_t; struct auditinfo_addr { - au_id_t ai_auid; /* Audit user ID */ - au_mask_t ai_mask; /* Audit masks */ - au_tid_addr_t ai_termid; /* Terminal ID */ - au_asid_t ai_asid; /* Audit session ID */ + au_id_t ai_auid; /* Audit user ID. */ + au_mask_t ai_mask; /* Audit masks. */ + au_tid_addr_t ai_termid; /* Terminal ID. */ + au_asid_t ai_asid; /* Audit session ID. */ }; -typedef struct auditinfo_addr auditinfo_addr_t; +typedef struct auditinfo_addr auditinfo_addr_t; struct auditpinfo { - pid_t ap_pid; /* ID of target process */ - au_id_t ap_auid; /* Audit user ID */ - au_mask_t ap_mask; /* Audit masks */ - au_tid_t ap_termid; /* Terminal ID */ - au_asid_t ap_asid; /* Audit session ID */ + pid_t ap_pid; /* ID of target process. */ + au_id_t ap_auid; /* Audit user ID. */ + au_mask_t ap_mask; /* Audit masks. */ + au_tid_t ap_termid; /* Terminal ID. */ + au_asid_t ap_asid; /* Audit session ID. */ }; -typedef struct auditpinfo auditpinfo_t; +typedef struct auditpinfo auditpinfo_t; struct auditpinfo_addr { - pid_t ap_pid; /* ID of target process */ - au_id_t ap_auid; /* Audit user ID */ - au_mask_t ap_mask; /* Audit masks */ - au_tid_addr_t ap_termid; /* Terminal ID */ - au_asid_t ap_asid; /* Audit session ID */ + pid_t ap_pid; /* ID of target process. */ + au_id_t ap_auid; /* Audit user ID. */ + au_mask_t ap_mask; /* Audit masks. */ + au_tid_addr_t ap_termid; /* Terminal ID. */ + au_asid_t ap_asid; /* Audit session ID. */ }; -typedef struct auditpinfo_addr auditpinfo_addr_t; +typedef struct auditpinfo_addr auditpinfo_addr_t; -/* Token and record structures */ +/* Token and record structures. */ struct au_token { - u_char *t_data; - size_t len; - TAILQ_ENTRY(au_token) tokens; + u_char *t_data; + size_t len; + TAILQ_ENTRY(au_token) tokens; }; -typedef struct au_token token_t; +typedef struct au_token token_t; struct au_record { - char used; /* Is this record currently being used */ - int desc; /* The descriptor associated with this record */ - TAILQ_HEAD(, au_token) token_q; /* queue of BSM tokens */ - u_char *data; - size_t len; - LIST_ENTRY(au_record) au_rec_q; + char used; /* Record currently in use? */ + int desc; /* Descriptor for record. */ + TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ + u_char *data; + size_t len; + LIST_ENTRY(au_record) au_rec_q; }; -typedef struct au_record au_record_t; +typedef struct au_record au_record_t; /* * Kernel audit queue control parameters. @@ -264,59 +267,59 @@ size_t aq_lowater; size_t aq_bufsz; clock_t aq_delay; - int aq_minfree; /* minimum filesystem percent free space */ + int aq_minfree; /* Minimum filesystem percent free space. */ }; -typedef struct au_qctrl au_qctrl_t; +typedef struct au_qctrl au_qctrl_t; /* * Structure for the audit statistics. */ struct audit_stat { - unsigned int as_version; - unsigned int as_numevent; - int as_generated; - int as_nonattring; - int as_kernel; - int as_audit; - int as_auditctl; - int as_enqueu; - int as_written; - int as_wblocked; - int as_rblocked; - int as_dropped; - int as_totalsize; - unsigned int as_memused; + unsigned int as_version; + unsigned int as_numevent; + int as_generated; + int as_nonattring; + int as_kernel; + int as_audit; + int as_auditctl; + int as_enqueu; + int as_written; + int as_wblocked; + int as_rblocked; + int as_dropped; + int as_totalsize; + unsigned int as_memused; }; -typedef struct audit_stat au_stat_t; +typedef struct audit_stat au_stat_t; /* * Structure for the audit file statistics. */ struct audit_fstat { - u_quad_t af_filesz; - u_quad_t af_currsz; + u_quad_t af_filesz; + u_quad_t af_currsz; }; -typedef struct audit_fstat au_fstat_t; +typedef struct audit_fstat au_fstat_t; /* * Audit to event class mapping. */ struct au_evclass_map { - au_event_t ec_number; - au_class_t ec_class; + au_event_t ec_number; + au_class_t ec_class; }; -typedef struct au_evclass_map au_evclass_map_t; +typedef struct au_evclass_map au_evclass_map_t; #if !defined(_KERNEL) && !defined(KERNEL) -int audit(const void *, int); -int auditon(int, void *, int); -int auditctl(const char *); -int getauid(au_id_t *); -int setauid(const au_id_t *); -int getaudit(struct auditinfo *); -int setaudit(const struct auditinfo *); -int getaudit_addr(struct auditinfo_addr *, int); -int setaudit_addr(const struct auditinfo_addr *, int); +int audit(const void *, int); +int auditon(int, void *, int); +int auditctl(const char *); +int getauid(au_id_t *); +int setauid(const au_id_t *); +int getaudit(struct auditinfo *); +int setaudit(const struct auditinfo *); +int getaudit_addr(struct auditinfo_addr *, int); +int setaudit_addr(const struct auditinfo_addr *, int); #endif /* defined(_KERNEL) || defined(KERNEL) */ __END_DECLS ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#14 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#13 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#14 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ @@ -60,12 +60,14 @@ #define AUE_CHMOD 10 #define AUE_CHOWN 11 #define AUE_UMOUNT 12 +#define AUE_JUNK 13 /* Solaris-specific. */ #define AUE_ACCESS 14 #define AUE_CHECKUSERACCESS AUE_ACCESS #define AUE_KILL 15 #define AUE_STAT 16 #define AUE_LSTAT 17 #define AUE_ACCT 18 +#define AUE_MCTL 19 /* Solaris-specific. */ #define AUE_REBOOT 20 /* XXX: Darwin conflict. */ #define AUE_SYMLINK 21 #define AUE_READLINK 22 @@ -157,34 +159,39 @@ #define AUE_SEMCTL_SETALL 108 #define AUE_SEMGET 109 #define AUE_SEMOP 110 -#define AUE_CORE 111 /* Solaris-only, currently. */ +#define AUE_CORE 111 /* Solaris-specific, currently. */ #define AUE_CLOSE 112 #define AUE_SYSTEMBOOT 113 -#define AUE_ASYNC_DAEMON_EXIT 114 /* Solaris-only. */ -#define AUE_NFSSVC_EXIT 115 /* Solaris-only. */ -#define AUE_WRITEL 128 /* Solaris-only. */ -#define AUE_WRITEVL 129 /* Solaris-only. */ +#define AUE_ASYNC_DAEMON_EXIT 114 /* Solaris-specific. */ +#define AUE_NFSSVC_EXIT 115 /* Solaris-specific. */ +#define AUE_WRITEL 128 /* Solaris-specific. */ +#define AUE_WRITEVL 129 /* Solaris-specific. */ #define AUE_GETAUID 130 #define AUE_SETAUID 131 #define AUE_GETAUDIT 132 #define AUE_SETAUDIT 133 -#define AUE_GETUSERAUDIT 134 /* Solaris-only. */ -#define AUE_SETUSERAUDIT 135 /* Solaris-only. */ -#define AUE_AUDITSVC 136 /* Solaris-only. */ -#define AUE_AUDITUSER 137 /* Solaris-only. */ +#define AUE_GETUSERAUDIT 134 /* Solaris-specific. */ +#define AUE_SETUSERAUDIT 135 /* Solaris-specific. */ +#define AUE_AUDITSVC 136 /* Solaris-specific. */ +#define AUE_AUDITUSER 137 /* Solaris-specific. */ #define AUE_AUDITON 138 +#define AUE_AUDITON_GTERMID 139 /* Solaris-specific. */ +#define AUE_AUDITON_STERMID 140 /* Solaris-specific. */ #define AUE_AUDITON_GPOLICY 141 #define AUE_AUDITON_SPOLICY 142 #define AUE_AUDITON_GQCTRL 145 #define AUE_AUDITON_SQCTRL 146 -#define AUE_GETPORTAUDIT 149 -#define AUE_ENTERPROM 153 /* Solaris-only. */ -#define AUE_EXITPROM 154 /* Solaris-only. */ +#define AUE_GETKERNSTATE 147 /* Solaris-specific. */ +#define AUE_SETKERNSTATE 148 /* Solaris-specific. */ +#define AUE_GETPORTAUDIT 149 /* Solaris-specific. */ +#define AUE_AUDISTAT 150 /* Solaris-specific. */ +#define AUE_ENTERPROM 153 /* Solaris-specific. */ +#define AUE_EXITPROM 154 /* Solaris-specific. */ #define AUE_IOCTL 158 #define AUE_SOCKET 183 #define AUE_SENDTO 184 #define AUE_PIPE 185 -#define AUE_SOCKETPAIR 186 /* XXXRW: Darwin conflict. */ +#define AUE_SOCKETPAIR 186 /* XXX: Darwin conflict. */ #define AUE_SEND 187 #define AUE_SENDMSG 188 #define AUE_RECV 189 @@ -194,6 +201,7 @@ #define AUE_LSEEK 194 #define AUE_WRITE 195 #define AUE_WRITEV 196 +#define AUE_NFS 197 /* Solaris-specific. */ #define AUE_READV 198 /* XXXRW: XXX Solaris old stat()? */ #define AUE_SETUID 200 /* XXXRW: Solaris old setuid? */ @@ -212,10 +220,10 @@ #define AUE_SETEGID 214 #define AUE_SETEUID 215 #define AUE_PUTMSG 216 -#define AUE_GETMSG 217 -#define AUE_PUTPMSG 218 -#define AUE_GETPMSG 219 - /* XXXRW: Solaris sc placeholder? */ +#define AUE_GETMSG 217 /* Solaris-specific. */ +#define AUE_PUTPMSG 218 /* Solaris-specific. */ +#define AUE_GETPMSG 219 /* Solaris-specific. */ +#define AUE_AUDITSYS 220 /* Solaris-specific. */ #define AUE_AUDITON_GETKMASK 221 #define AUE_AUDITON_SETKMASK 222 #define AUE_AUDITON_GETCWD 223 @@ -289,12 +297,13 @@ #define AUE_DARWIN_SOCKETPAIR 317 /* XXXRW: See AUE_SOCKETPAIR. */ #define AUE_FUTIMES 318 #define AUE_SETSID 319 -#define AUE_SETPRIVEXEC 320 +#define AUE_SETPRIVEXEC 320 /* Darwin-specific. */ #define AUE_DARWIN_NFSSVC 321 /* XXX: See AUE_NFS_SVC. */ #define AUE_DARWIN_GETFH 322 /* XXX: See AUE_NFS_GETFH. */ #define AUE_DARWIN_QUOTACTL 323 /* XXX: See AUE_QUOTACTL. */ -#define AUE_ADDPROFILE 324 /* Darwin */ -#define AUE_KDBUGTRACE 325 /* Darwin */ +#define AUE_ADDPROFILE 324 /* Darwin-specific. */ +#define AUE_KDEBUGTRACE 325 /* Darwin-specific. */ +#define AUE_KDBUGTRACE AUE_KDEBUGTRACE #define AUE_FSTAT 326 #define AUE_FPATHCONF 327 #define AUE_GETDIRENTRIES 328 @@ -304,11 +313,11 @@ #define AUE_MLOCK 332 #define AUE_MUNLOCK 333 #define AUE_UNDELETE 334 -#define AUE_GETATTRLIST 335 /* Darwin */ -#define AUE_SETATTRLIST 336 /* Darwin */ -#define AUE_GETDIRENTRIESATTR 337 /* Darwin */ -#define AUE_EXCHANGEDATA 338 /* Darwin */ -#define AUE_SEARCHFS 339 /* Darwin */ +#define AUE_GETATTRLIST 335 /* Darwin-specific. */ +#define AUE_SETATTRLIST 336 /* Darwin-specific. */ +#define AUE_GETDIRENTRIESATTR 337 /* Darwin-specific. */ +#define AUE_EXCHANGEDATA 338 /* Darwin-specific. */ +#define AUE_SEARCHFS 339 /* Darwin-specific. */ #define AUE_MINHERIT 340 #define AUE_SEMCONFIG 341 #define AUE_SEMOPEN 342 @@ -316,40 +325,40 @@ #define AUE_SEMUNLINK 344 #define AUE_SHMOPEN 345 #define AUE_SHMUNLINK 346 -#define AUE_LOADSHFILE 347 /* Darwin */ -#define AUE_RESETSHFILE 348 /* Darwin */ -#define AUE_NEWSYSTEMSHREG 349 /* Darwin */ -#define AUE_PTHREADKILL 350 -#define AUE_PTHREADSIGMASK 351 +#define AUE_LOADSHFILE 347 /* Darwin-specific. */ +#define AUE_RESETSHFILE 348 /* Darwin-specific. */ +#define AUE_NEWSYSTEMSHREG 349 /* Darwin-specific. */ +#define AUE_PTHREADKILL 350 /* Darwin-specific. */ +#define AUE_PTHREADSIGMASK 351 /* Darwin-specific. */ #define AUE_AUDITCTL 352 #define AUE_RFORK 353 #define AUE_LCHMOD 354 #define AUE_SWAPOFF 355 -#define AUE_INITPROCESS 356 /* Darwin */ -#define AUE_MAPFD 357 /* Darwin */ -#define AUE_TASKFORPID 358 /* Darwin */ -#define AUE_PIDFORTASK 359 /* Darwin */ +#define AUE_INITPROCESS 356 /* Darwin-specific. */ +#define AUE_MAPFD 357 /* Darwin-specific. */ +#define AUE_TASKFORPID 358 /* Darwin-specific. */ +#define AUE_PIDFORTASK 359 /* Darwin-specific. */ #define AUE_SYSCTL_NONADMIN 360 -#define AUE_COPYFILE 361 /* Darwin */ +#define AUE_COPYFILE 361 /* Darwin-specific. */ #define AUE_LUTIMES 362 -#define AUE_LCHFLAGS 363 /* FreeBSD */ -#define AUE_SENDFILE 364 /* BSD/Linux */ -#define AUE_USELIB 365 /* Linux */ +#define AUE_LCHFLAGS 363 /* FreeBSD-specific. */ +#define AUE_SENDFILE 364 /* BSD/Linux-specific. */ +#define AUE_USELIB 365 /* Linux-specific. */ #define AUE_GETRESUID 366 #define AUE_SETRESUID 367 #define AUE_GETRESGID 368 #define AUE_SETRESGID 369 -#define AUE_WAIT4 370 /* FreeBSD */ -#define AUE_LGETFH 371 /* FreeBSD */ -#define AUE_FHSTATFS 372 /* FreeBSD */ -#define AUE_FHOPEN 373 /* FreeBSD */ -#define AUE_FHSTAT 374 /* FreeBSD */ -#define AUE_JAIL 375 /* FreeBSD */ -#define AUE_EACCESS 376 /* FreeBSD */ -#define AUE_KQUEUE 377 /* FreeBSD */ -#define AUE_KEVENT 378 /* FreeBSD */ +#define AUE_WAIT4 370 /* FreeBSD-specific. */ +#define AUE_LGETFH 371 /* FreeBSD-specific. */ +#define AUE_FHSTATFS 372 /* FreeBSD-specific. */ +#define AUE_FHOPEN 373 /* FreeBSD-specific. */ +#define AUE_FHSTAT 374 /* FreeBSD-specific. */ +#define AUE_JAIL 375 /* FreeBSD-specific. */ +#define AUE_EACCESS 376 /* FreeBSD-specific. */ +#define AUE_KQUEUE 377 /* FreeBSD-specific. */ +#define AUE_KEVENT 378 /* FreeBSD-specific. */ #define AUE_FSYNC 379 -#define AUE_NMOUNT 380 /* FreeBSD */ +#define AUE_NMOUNT 380 /* FreeBSD-specific. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#5 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#4 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#5 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -226,108 +226,99 @@ struct vnode_au_info; #endif -int au_open(void); -int au_write(int d, token_t *m); -int au_close(int d, int keep, short event); -int au_close_buffer(int d, short event, u_char *buffer, - size_t *buflen); +int au_open(void); +int au_write(int d, token_t *m); +int au_close(int d, int keep, short event); +int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen); + #if defined(KERNEL) || defined(_KERNEL) -token_t *au_to_file(char *file, struct timeval tm); +token_t *au_to_file(char *file, struct timeval tm); #else -token_t *au_to_file(char *file); +token_t *au_to_file(char *file); #endif + #if defined(KERNEL) || defined(_KERNEL) -token_t *au_to_header(int rec_size, au_event_t e_type, - au_emod_t e_mod, struct timeval tm); -token_t *au_to_header32(int rec_size, au_event_t e_type, - au_emod_t e_mod, struct timeval tm); +token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm); +token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm); #else -token_t *au_to_header(int rec_size, au_event_t e_type, - au_emod_t e_mod); -token_t *au_to_header32(int rec_size, au_event_t e_type, - au_emod_t e_mod); +token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); +token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); #endif -token_t *au_to_header64(int rec_size, au_event_t e_type, - au_emod_t e_mod); -token_t *au_to_me(void); + +token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); +token_t *au_to_me(void); +token_t *au_to_arg(char n, char *text, uint32_t v); +token_t *au_to_arg32(char n, char *text, uint32_t v); +token_t *au_to_arg64(char n, char *text, uint64_t v); -token_t *au_to_arg(char n, char *text, uint32_t v); -token_t *au_to_arg32(char n, char *text, uint32_t v); -token_t *au_to_arg64(char n, char *text, uint64_t v); #if defined(_KERNEL) || defined(KERNEL) -token_t *au_to_attr(struct vnode_au_info *vni); -token_t *au_to_attr32(struct vnode_au_info *vni); -token_t *au_to_attr64(struct vnode_au_info *vni); +token_t *au_to_attr(struct vnode_au_info *vni); +token_t *au_to_attr32(struct vnode_au_info *vni); +token_t *au_to_attr64(struct vnode_au_info *vni); #endif -token_t *au_to_data(char unit_print, char unit_type, - char unit_count, char *p); -token_t *au_to_exit(int retval, int err); -token_t *au_to_groups(int *groups); -token_t *au_to_newgroups(uint16_t n, gid_t *groups); -token_t *au_to_in_addr(struct in_addr *internet_addr); -token_t *au_to_in_addr_ex(struct in6_addr *internet_addr); -token_t *au_to_ip(struct ip *ip); -token_t *au_to_ipc(char type, int id); -token_t *au_to_ipc_perm(struct ipc_perm *perm); -token_t *au_to_iport(uint16_t iport); -token_t *au_to_opaque(char *data, uint16_t bytes); -token_t *au_to_path(char *path); -token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_process_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_process32_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_process64_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_return(char status, uint32_t ret); -token_t *au_to_return32(char status, uint32_t ret); -token_t *au_to_return64(char status, uint64_t ret); -token_t *au_to_seq(long audit_count); + +token_t *au_to_data(char unit_print, char unit_type, char unit_count, + char *p); +token_t *au_to_exit(int retval, int err); +token_t *au_to_groups(int *groups); +token_t *au_to_newgroups(uint16_t n, gid_t *groups); +token_t *au_to_in_addr(struct in_addr *internet_addr); +token_t *au_to_in_addr_ex(struct in6_addr *internet_addr); +token_t *au_to_ip(struct ip *ip); +token_t *au_to_ipc(char type, int id); +token_t *au_to_ipc_perm(struct ipc_perm *perm); +token_t *au_to_iport(uint16_t iport); +token_t *au_to_opaque(char *data, uint16_t bytes); +token_t *au_to_path(char *path); +token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, + uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, + au_tid_addr_t *tid); +token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_return(char status, uint32_t ret); +token_t *au_to_return32(char status, uint32_t ret); +token_t *au_to_return64(char status, uint64_t ret); +token_t *au_to_seq(long audit_count); + #if defined(_KERNEL) || defined(KERNEL) -token_t *au_to_socket(struct socket *so); -token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp, - struct sockaddr *la, struct sockaddr *ta); -token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp, - struct sockaddr *la, struct sockaddr *ta); +token_t *au_to_socket(struct socket *so); +token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la, + struct sockaddr *ta); +token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la, + struct sockaddr *ta); #endif -token_t *au_to_sock_inet(struct sockaddr_in *so); -token_t *au_to_sock_inet32(struct sockaddr_in *so); -token_t *au_to_sock_inet128(struct sockaddr_in6 *so); -token_t *au_to_sock_unix(struct sockaddr_un *so); -token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_subject_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_exec_args(const char **); -token_t *au_to_exec_env(const char **); -token_t *au_to_text(char *text); -token_t *au_to_kevent(struct kevent *kev); -token_t *au_to_trailer(int rec_size); + +token_t *au_to_sock_inet(struct sockaddr_in *so); +token_t *au_to_sock_inet32(struct sockaddr_in *so); +token_t *au_to_sock_inet128(struct sockaddr_in6 *so); +token_t *au_to_sock_unix(struct sockaddr_un *so); +token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_exec_args(const char **); +token_t *au_to_exec_env(const char **); +token_t *au_to_text(char *text); +token_t *au_to_kevent(struct kevent *kev); +token_t *au_to_trailer(int rec_size); __END_DECLS ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_uevents.h#3 (text+ko) ==== @@ -26,13 +26,13 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_uevents.h#2 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_uevents.h#3 $ */ #ifndef _BSM_AUDIT_UEVENTS_H_ -#define _BSM_AUDIT_UEVENTS_H_ +#define _BSM_AUDIT_UEVENTS_H_ -/* +/*- * User level audit event numbers * * Range of audit event numbers: @@ -43,60 +43,60 @@ * 36865 - 65535 Reserved for applications * */ -#define AUE_at_create 6144 -#define AUE_at_delete 6145 -#define AUE_at_perm 6146 -#define AUE_cron_invoke 6147 -#define AUE_crontab_create 6148 -#define AUE_crontab_delete 6149 -#define AUE_crontab_perm 6150 -#define AUE_inetd_connect 6151 -#define AUE_login 6152 -#define AUE_logout 6153 -#define AUE_telnet 6154 -#define AUE_rlogin 6155 -#define AUE_mountd_mount 6156 -#define AUE_mountd_umount 6157 -#define AUE_rshd 6158 -#define AUE_su 6159 -#define AUE_halt 6160 -#define AUE_reboot 6161 -#define AUE_rexecd 6162 -#define AUE_passwd 6163 -#define AUE_rexd 6164 -#define AUE_ftpd 6165 -#define AUE_init 6166 -#define AUE_uadmin 6167 -#define AUE_shutdown 6168 -#define AUE_poweroff 6169 -#define AUE_crontab_mod 6170 -#define AUE_audit_startup 6171 -#define AUE_audit_shutdown 6172 -#define AUE_allocate_succ 6200 -#define AUE_allocate_fail 6201 -#define AUE_deallocate_succ 6202 -#define AUE_deallocate_fail 6203 -#define AUE_listdevice_succ 6205 -#define AUE_listdevice_fail 6206 -#define AUE_create_user 6207 -#define AUE_modify_user 6208 -#define AUE_delete_user 6209 -#define AUE_disable_user 6210 -#define AUE_enable_user 6211 -#define AUE_sudo 6300 -#define AUE_modify_password 6501 /* not assigned by Sun */ -#define AUE_create_group 6511 /* not assigned by Sun */ -#define AUE_delete_group 6512 /* not assigned by Sun */ -#define AUE_modify_group 6513 /* not assigned by Sun */ -#define AUE_add_to_group 6514 /* not assigned by Sun */ -#define AUE_remove_from_group 6515 /* not assigned by Sun */ -#define AUE_revoke_obj 6521 /* not assigned by Sun; not curr. used */ -#define AUE_lw_login 6600 /* not assigned by Sun; tentative */ -#define AUE_lw_logout 6601 /* not assigned by Sun; tentative */ -#define AUE_auth_user 7000 /* not assigned by Sun */ -#define AUE_ssconn 7001 /* not assigned by Sun */ -#define AUE_ssauthorize 7002 /* not assigned by Sun */ -#define AUE_ssauthint 7003 /* not assigned by Sun */ -#define AUE_openssh 32800 +#define AUE_at_create 6144 +#define AUE_at_delete 6145 +#define AUE_at_perm 6146 +#define AUE_cron_invoke 6147 +#define AUE_crontab_create 6148 +#define AUE_crontab_delete 6149 +#define AUE_crontab_perm 6150 +#define AUE_inetd_connect 6151 +#define AUE_login 6152 +#define AUE_logout 6153 +#define AUE_telnet 6154 +#define AUE_rlogin 6155 +#define AUE_mountd_mount 6156 +#define AUE_mountd_umount 6157 +#define AUE_rshd 6158 +#define AUE_su 6159 +#define AUE_halt 6160 +#define AUE_reboot 6161 +#define AUE_rexecd 6162 +#define AUE_passwd 6163 +#define AUE_rexd 6164 +#define AUE_ftpd 6165 +#define AUE_init 6166 +#define AUE_uadmin 6167 +#define AUE_shutdown 6168 +#define AUE_poweroff 6169 +#define AUE_crontab_mod 6170 +#define AUE_audit_startup 6171 +#define AUE_audit_shutdown 6172 +#define AUE_allocate_succ 6200 +#define AUE_allocate_fail 6201 +#define AUE_deallocate_succ 6202 +#define AUE_deallocate_fail 6203 +#define AUE_listdevice_succ 6205 +#define AUE_listdevice_fail 6206 +#define AUE_create_user 6207 +#define AUE_modify_user 6208 +#define AUE_delete_user 6209 +#define AUE_disable_user 6210 +#define AUE_enable_user 6211 +#define AUE_sudo 6300 +#define AUE_modify_password 6501 /* Not assigned by Sun. */ +#define AUE_create_group 6511 /* Not assigned by Sun. */ +#define AUE_delete_group 6512 /* Not assigned by Sun. */ +#define AUE_modify_group 6513 /* Not assigned by Sun. */ +#define AUE_add_to_group 6514 /* Not assigned by Sun. */ +#define AUE_remove_from_group 6515 /* Not assigned by Sun. */ +#define AUE_revoke_obj 6521 /* Not assigned by Sun; not used. */ +#define AUE_lw_login 6600 /* Not assigned by Sun; tentative. */ +#define AUE_lw_logout 6601 /* Not assigned by Sun; tentative. */ +#define AUE_auth_user 7000 /* Not assigned by Sun. */ +#define AUE_ssconn 7001 /* Not assigned by Sun. */ +#define AUE_ssauthorize 7002 /* Not assigned by Sun. */ +#define AUE_ssauthint 7003 /* Not assigned by Sun. */ +#define AUE_openssh 32800 #endif /* !_BSM_AUDIT_UEVENTS_H_ */ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#9 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#8 $ +# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#9 $ # 0:AUE_NULL:indir system call:no 1:AUE_EXIT:exit(2):pc @@ -125,6 +125,8 @@ 133:AUE_SETAUDIT:setaudit(2):ad 134:AUE_GETUSERAUDIT:getuseraudit(2):ad 135:AUE_SETUSERAUDIT:setuseraudit(2):ad +136:AUE_AUDITSVC:auditsvc(2):ad +137:AUE_AUDITUSER:audituser(2):ad 138:AUE_AUDITON:auditon(2):ad 139:AUE_AUDITON_GTERMID:auditon(2) - GETTERMID command:ad 140:AUE_AUDITON_STERMID:auditon(2) - SETTERMID command:ad @@ -164,12 +166,12 @@ 197:AUE_NFS:nfs server:ad 198:AUE_READV:readv(2):no 199:AUE_OSTAT:old stat(2):fa -200:AUE_OSETUID:old setuid(2):pc +200:AUE_SETUID:setuid(2):pc 201:AUE_STIME:old stime(2):ad 202:AUE_UTIME:old utime(2):fm 203:AUE_NICE:old nice(2):pc 204:AUE_OSETPGRP:old setpgrp(2):pc -205:AUE_SETGID:old setgid(2):pc +205:AUE_SETGID:setgid(2):pc 206:AUE_READL:readl(2):no 207:AUE_READVL:readvl(2):no 209:AUE_DUP2:dup2(2):no @@ -230,6 +232,8 @@ 264:AUE_INST_SYNC:inst_sync(2):ad 266:AUE_SETAUDIT_ADDR:setaudit_addr(2):ad 267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad +268:AUE_CLOCK_SETTIME:clock_settime(2):ad +269:AUE_NTP_ADJTIME:ntp_adjtime(2):ad 301:AUE_GETFSSTAT:getfsstat(2):fa 302:AUE_PTRACE:ptrace(2):pc >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601302222.k0UMMk0p062522>