From owner-trustedbsd-cvs@FreeBSD.ORG Sat Aug 5 15:09:34 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D24C16A55F for ; Sat, 5 Aug 2006 15:09:34 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92DD443D4C for ; Sat, 5 Aug 2006 15:09:33 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 9551C46BB6 for ; Sat, 5 Aug 2006 11:09:32 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 0BE8F55BE0; Sat, 5 Aug 2006 15:09:32 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 05B2416A4E1; Sat, 5 Aug 2006 15:09:32 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA20716A4DD for ; Sat, 5 Aug 2006 15:09:31 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8DFD43D55 for ; Sat, 5 Aug 2006 15:09:30 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k75F9UJA099121 for ; Sat, 5 Aug 2006 15:09:30 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k75F9UQx099105 for perforce@freebsd.org; Sat, 5 Aug 2006 15:09:30 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sat, 5 Aug 2006 15:09:30 GMT Message-Id: <200608051509.k75F9UQx099105@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 103251 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Aug 2006 15:09:34 -0000 http://perforce.freebsd.org/chv.cgi?CH=103251 Change 103251 by rwatson@rwatson_zoo on 2006/08/05 15:09:00 Merge additional OpenBSM 1.0a8 to audit3 branch: new token version, audit event ID assignments. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#8 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#11 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#23 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#13 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#14 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#19 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#8 (text+ko) ==== @@ -5,6 +5,11 @@ - Arguments to au_to_exec_args() and au_to_exec_env() no longer const. - Add kernel versions of au_to_exec_args() and au_to_exec_env(). - Fix exec argument type that is printed for env strings from 'arg' to 'env'. +- New OpenBSM token version number assigned, constants added for other + commonly seen version numbers. +- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future + collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they + are now deprecated numberings. OpenBSM 1.0 alpha 7 @@ -183,4 +188,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#7 $ +$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/HISTORY#8 $ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#11 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#10 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditd/auditd.c#11 $ */ #include @@ -88,7 +88,7 @@ * Free our local list of directory names. */ static void -free_dir_q() +free_dir_q(void) { struct dir_ent *dirent; ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#23 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#22 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#23 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ @@ -273,134 +273,200 @@ #define AUE_NTP_ADJTIME 288 /* - * Events not present in OpenSolaris BSM, generally derived from Apple Darwin - * BSM or added in OpenBSM. This start a little too close to the top end of - * the OpenSolaris event list for my comfort. + * Events added for Apple Darwin that potentially collide with future Solaris + * BSM events. These are assigned AUE_DARWIN prefixes, and are deprecated in + * new trails. Systems generating these events should switch to the new + * identifiers that avoid colliding with the Solaris identifier space. */ -#define AUE_GETFSSTAT 301 -#define AUE_PTRACE 302 -#define AUE_CHFLAGS 303 -#define AUE_FCHFLAGS 304 -#define AUE_PROFILE 305 -#define AUE_KTRACE 306 -#define AUE_SETLOGIN 307 +#define AUE_DARWIN_GETFSSTAT 301 +#define AUE_DARWIN_PTRACE 302 +#define AUE_DARWIN_CHFLAGS 303 +#define AUE_DARWIN_FCHFLAGS 304 +#define AUE_DARWIN_PROFILE 305 +#define AUE_DARWIN_KTRACE 306 +#define AUE_DARWIN_SETLOGIN 307 #define AUE_DARWIN_REBOOT 308 /* XXX: See AUE_REBOOT. */ -#define AUE_REVOKE 309 -#define AUE_UMASK 310 -#define AUE_MPROTECT 311 +#define AUE_DARWIN_REVOKE 309 +#define AUE_DARWIN_UMASK 310 +#define AUE_DARWIN_MPROTECT 311 #define AUE_DARWIN_SETPRIORITY 312 /* XXX: See AUE_SETPRIORITY. */ #define AUE_DARWIN_SETTIMEOFDAY 313 /* XXX: See AUE_SETTIMEOFDAY. */ #define AUE_DARWIN_FLOCK 314 /* XXX: See AUE_FLOCK. */ -#define AUE_MKFIFO 315 -#define AUE_POLL 316 +#define AUE_DARWIN_MKFIFO 315 +#define AUE_DARWIN_POLL 316 #define AUE_DARWIN_SOCKETPAIR 317 /* XXXRW: See AUE_SOCKETPAIR. */ -#define AUE_FUTIMES 318 -#define AUE_SETSID 319 -#define AUE_SETPRIVEXEC 320 /* Darwin-specific. */ +#define AUE_DARWIN_FUTIMES 318 +#define AUE_DARWIN_SETSID 319 +#define AUE_DARWIN_SETPRIVEXEC 320 /* Darwin-specific. */ #define AUE_DARWIN_NFSSVC 321 /* XXX: See AUE_NFS_SVC. */ #define AUE_DARWIN_GETFH 322 /* XXX: See AUE_NFS_GETFH. */ #define AUE_DARWIN_QUOTACTL 323 /* XXX: See AUE_QUOTACTL. */ -#define AUE_ADDPROFILE 324 /* Darwin-specific. */ -#define AUE_KDEBUGTRACE 325 /* Darwin-specific. */ -#define AUE_KDBUGTRACE AUE_KDEBUGTRACE -#define AUE_FSTAT 326 -#define AUE_FPATHCONF 327 -#define AUE_GETDIRENTRIES 328 +#define AUE_DARWIN_ADDPROFILE 324 /* Darwin-specific. */ +#define AUE_DARWIN_KDEBUGTRACE 325 /* Darwin-specific. */ +#define AUE_DARWIN_KDBUGTRACE AUE_KDEBUGTRACE +#define AUE_DARWIN_FSTAT 326 +#define AUE_DARWIN_FPATHCONF 327 +#define AUE_DARWIN_GETDIRENTRIES 328 #define AUE_DARWIN_TRUNCATE 329 /* XXX: See AUE_TRUNCATE. */ #define AUE_DARWIN_FTRUNCATE 330 /* XXX: See AUE_FTRUNCATE. */ -#define AUE_SYSCTL 331 -#define AUE_MLOCK 332 -#define AUE_MUNLOCK 333 -#define AUE_UNDELETE 334 -#define AUE_GETATTRLIST 335 /* Darwin-specific. */ -#define AUE_SETATTRLIST 336 /* Darwin-specific. */ -#define AUE_GETDIRENTRIESATTR 337 /* Darwin-specific. */ -#define AUE_EXCHANGEDATA 338 /* Darwin-specific. */ -#define AUE_SEARCHFS 339 /* Darwin-specific. */ -#define AUE_MINHERIT 340 -#define AUE_SEMCONFIG 341 -#define AUE_SEMOPEN 342 -#define AUE_SEMCLOSE 343 -#define AUE_SEMUNLINK 344 -#define AUE_SHMOPEN 345 -#define AUE_SHMUNLINK 346 -#define AUE_LOADSHFILE 347 /* Darwin-specific. */ -#define AUE_RESETSHFILE 348 /* Darwin-specific. */ -#define AUE_NEWSYSTEMSHREG 349 /* Darwin-specific. */ -#define AUE_PTHREADKILL 350 /* Darwin-specific. */ -#define AUE_PTHREADSIGMASK 351 /* Darwin-specific. */ -#define AUE_AUDITCTL 352 -#define AUE_RFORK 353 -#define AUE_LCHMOD 354 -#define AUE_SWAPOFF 355 -#define AUE_INITPROCESS 356 /* Darwin-specific. */ -#define AUE_MAPFD 357 /* Darwin-specific. */ -#define AUE_TASKFORPID 358 /* Darwin-specific. */ -#define AUE_PIDFORTASK 359 /* Darwin-specific. */ -#define AUE_SYSCTL_NONADMIN 360 -#define AUE_COPYFILE 361 /* Darwin-specific. */ -#define AUE_LUTIMES 362 -#define AUE_LCHFLAGS 363 /* FreeBSD-specific. */ -#define AUE_SENDFILE 364 /* BSD/Linux-specific. */ -#define AUE_USELIB 365 /* Linux-specific. */ -#define AUE_GETRESUID 366 -#define AUE_SETRESUID 367 -#define AUE_GETRESGID 368 -#define AUE_SETRESGID 369 -#define AUE_WAIT4 370 /* FreeBSD-specific. */ -#define AUE_LGETFH 371 /* FreeBSD-specific. */ -#define AUE_FHSTATFS 372 /* FreeBSD-specific. */ -#define AUE_FHOPEN 373 /* FreeBSD-specific. */ -#define AUE_FHSTAT 374 /* FreeBSD-specific. */ -#define AUE_JAIL 375 /* FreeBSD-specific. */ -#define AUE_EACCESS 376 /* FreeBSD-specific. */ -#define AUE_KQUEUE 377 /* FreeBSD-specific. */ -#define AUE_KEVENT 378 /* FreeBSD-specific. */ -#define AUE_FSYNC 379 -#define AUE_NMOUNT 380 /* FreeBSD-specific. */ -#define AUE_BDFLUSH 381 /* Linux-specific. */ -#define AUE_SETFSUID 382 /* Linux-specific. */ -#define AUE_SETFSGID 383 /* Linux-specific. */ -#define AUE_PERSONALITY 384 /* Linux-specific. */ -#define AUE_SCHED_GETSCHEDULER 385 /* POSIX.1b. */ -#define AUE_SCHED_SETSCHEDULER 386 /* POSIX.1b. */ -#define AUE_PRCTL 387 /* Linux-specific. */ -#define AUE_GETCWD 388 /* FreeBSD/Linux-specific. */ -#define AUE_CAPGET 389 /* Linux-specific. */ -#define AUE_CAPSET 390 /* Linux-specific. */ -#define AUE_PIVOT_ROOT 391 /* Linux-specific. */ -#define AUE_RTPRIO 392 /* FreeBSD-specific. */ -#define AUE_SCHED_GETPARAM 393 /* POSIX.1b. */ -#define AUE_SCHED_SETPARAM 394 /* POSIX.1b. */ -#define AUE_SCHED_GET_PRIORITY_MAX 395 /* POSIX.1b. */ -#define AUE_SCHED_GET_PRIORITY_MIN 396 /* POSIX.1b. */ -#define AUE_SCHED_RR_GET_INTERVAL 397 /* POSIX.1b. */ -#define AUE_ACL_GET_FILE 398 /* FreeBSD. */ -#define AUE_ACL_SET_FILE 399 /* FreeBSD. */ -#define AUE_ACL_GET_FD 400 /* FreeBSD. */ -#define AUE_ACL_SET_FD 401 /* FreeBSD. */ -#define AUE_ACL_DELETE_FILE 402 /* FreeBSD. */ -#define AUE_ACL_DELETE_FD 403 /* FreeBSD. */ -#define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */ -#define AUE_ACL_CHECK_FD 405 /* FreeBSD. */ -#define AUE_ACL_GET_LINK 406 /* FreeBSD. */ -#define AUE_ACL_SET_LINK 407 /* FreeBSD. */ -#define AUE_ACL_DELETE_LINK 408 /* FreeBSD. */ -#define AUE_ACL_CHECK_LINK 409 /* FreeBSD. */ -#define AUE_SYSARCH 410 /* FreeBSD. */ -#define AUE_EXTATTRCTL 411 /* FreeBSD. */ -#define AUE_EXTATTR_GET_FILE 412 /* FreeBSD. */ -#define AUE_EXTATTR_SET_FILE 413 /* FreeBSD. */ -#define AUE_EXTATTR_LIST_FILE 414 /* FreeBSD. */ -#define AUE_EXTATTR_DELETE_FILE 415 /* FreeBSD. */ -#define AUE_EXTATTR_GET_FD 416 /* FreeBSD. */ -#define AUE_EXTATTR_SET_FD 417 /* FreeBSD. */ -#define AUE_EXTATTR_LIST_FD 418 /* FreeBSD. */ -#define AUE_EXTATTR_DELETE_FD 419 /* FreeBSD. */ -#define AUE_EXTATTR_GET_LINK 420 /* FreeBSD. */ -#define AUE_EXTATTR_SET_LINK 421 /* FreeBSD. */ -#define AUE_EXTATTR_LIST_LINK 422 /* FreeBSD. */ -#define AUE_EXTATTR_DELETE_LINK 423 /* FreeBSD. */ +#define AUE_DARWIN_SYSCTL 331 +#define AUE_DARWIN_MLOCK 332 +#define AUE_DARWIN_MUNLOCK 333 +#define AUE_DARWIN_UNDELETE 334 +#define AUE_DARWIN_GETATTRLIST 335 /* Darwin-specific. */ +#define AUE_DARWIN_SETATTRLIST 336 /* Darwin-specific. */ +#define AUE_DARWIN_GETDIRENTRIESATTR 337 /* Darwin-specific. */ +#define AUE_DARWIN_EXCHANGEDATA 338 /* Darwin-specific. */ +#define AUE_DARWIN_SEARCHFS 339 /* Darwin-specific. */ +#define AUE_DARWIN_MINHERIT 340 +#define AUE_DARWIN_SEMCONFIG 341 +#define AUE_DARWIN_SEMOPEN 342 +#define AUE_DARWIN_SEMCLOSE 343 +#define AUE_DARWIN_SEMUNLINK 344 +#define AUE_DARWIN_SHMOPEN 345 +#define AUE_DARWIN_SHMUNLINK 346 +#define AUE_DARWIN_LOADSHFILE 347 /* Darwin-specific. */ +#define AUE_DARWIN_RESETSHFILE 348 /* Darwin-specific. */ +#define AUE_DARWIN_NEWSYSTEMSHREG 349 /* Darwin-specific. */ +#define AUE_DARWIN_PTHREADKILL 350 /* Darwin-specific. */ +#define AUE_DARWIN_PTHREADSIGMASK 351 /* Darwin-specific. */ +#define AUE_DARWIN_AUDITCTL 352 +#define AUE_DARWIN_RFORK 353 +#define AUE_DARWIN_LCHMOD 354 +#define AUE_DARWIN_SWAPOFF 355 +#define AUE_DARWIN_INITPROCESS 356 /* Darwin-specific. */ +#define AUE_DARWIN_MAPFD 357 /* Darwin-specific. */ +#define AUE_DARWIN_TASKFORPID 358 /* Darwin-specific. */ +#define AUE_DARWIN_PIDFORTASK 359 /* Darwin-specific. */ +#define AUE_DARWIN_SYSCTL_NONADMIN 360 +#define AUE_DARWIN_COPYFILE 361 /* Darwin-specific. */ + +/* + * Audit event identifiers added as part of OpenBSM, generally corresponding + * to events in FreeBSD, Darwin, and Linux that were not present in Solaris. + * These often duplicate events added to the Solaris set by Darwin, but use + * event identifiers in a higher range in order to avoid colliding with + * future Solaris additions. + */ +#define AUE_GETFSSTAT 43001 +#define AUE_PTRACE 43002 +#define AUE_CHFLAGS 43003 +#define AUE_FCHFLAGS 43004 +#define AUE_PROFILE 43005 +#define AUE_KTRACE 43006 +#define AUE_SETLOGIN 43007 +#define AUE_REVOKE 43008 +#define AUE_UMASK 43009 +#define AUE_MPROTECT 43010 +#define AUE_MKFIFO 43011 +#define AUE_POLL 43012 +#define AUE_FUTIMES 43013 +#define AUE_SETSID 43014 +#define AUE_SETPRIVEXEC 43015 /* Darwin-specific. */ +#define AUE_ADDPROFILE 43016 /* Darwin-specific. */ +#define AUE_KDEBUGTRACE 43017 /* Darwin-specific. */ +#define AUE_KDBUGTRACE AUE_KDEBUGTRACE +#define AUE_FSTAT 43018 +#define AUE_FPATHCONF 43019 +#define AUE_GETDIRENTRIES 43020 +#define AUE_SYSCTL 43021 +#define AUE_MLOCK 43022 +#define AUE_MUNLOCK 43023 +#define AUE_UNDELETE 43024 +#define AUE_GETATTRLIST 43025 /* Darwin-specific. */ +#define AUE_SETATTRLIST 43026 /* Darwin-specific. */ +#define AUE_GETDIRENTRIESATTR 43027 /* Darwin-specific. */ +#define AUE_EXCHANGEDATA 43028 /* Darwin-specific. */ +#define AUE_SEARCHFS 43029 /* Darwin-specific. */ +#define AUE_MINHERIT 43030 +#define AUE_SEMCONFIG 43031 +#define AUE_SEMOPEN 43032 +#define AUE_SEMCLOSE 43033 +#define AUE_SEMUNLINK 43034 +#define AUE_SHMOPEN 43035 +#define AUE_SHMUNLINK 43036 +#define AUE_LOADSHFILE 43037 /* Darwin-specific. */ +#define AUE_RESETSHFILE 43038 /* Darwin-specific. */ +#define AUE_NEWSYSTEMSHREG 43039 /* Darwin-specific. */ +#define AUE_PTHREADKILL 43040 /* Darwin-specific. */ +#define AUE_PTHREADSIGMASK 43041 /* Darwin-specific. */ +#define AUE_AUDITCTL 43042 +#define AUE_RFORK 43043 +#define AUE_LCHMOD 43044 +#define AUE_SWAPOFF 43045 +#define AUE_INITPROCESS 43046 /* Darwin-specific. */ +#define AUE_MAPFD 43047 /* Darwin-specific. */ +#define AUE_TASKFORPID 43048 /* Darwin-specific. */ +#define AUE_PIDFORTASK 43049 /* Darwin-specific. */ +#define AUE_SYSCTL_NONADMIN 43050 +#define AUE_COPYFILE 43051 /* Darwin-specific. */ + +/* + * Events added to OpenBSM for FreeBSD and Linux; may also be used by Darwin + * in the future. + */ +#define AUE_LUTIMES 43052 +#define AUE_LCHFLAGS 43053 /* FreeBSD-specific. */ +#define AUE_SENDFILE 43054 /* BSD/Linux-specific. */ +#define AUE_USELIB 43055 /* Linux-specific. */ +#define AUE_GETRESUID 43056 +#define AUE_SETRESUID 43057 +#define AUE_GETRESGID 43058 +#define AUE_SETRESGID 43059 +#define AUE_WAIT4 43060 /* FreeBSD-specific. */ +#define AUE_LGETFH 43061 /* FreeBSD-specific. */ +#define AUE_FHSTATFS 43062 /* FreeBSD-specific. */ +#define AUE_FHOPEN 43063 /* FreeBSD-specific. */ +#define AUE_FHSTAT 43064 /* FreeBSD-specific. */ +#define AUE_JAIL 43065 /* FreeBSD-specific. */ +#define AUE_EACCESS 43066 /* FreeBSD-specific. */ +#define AUE_KQUEUE 43067 /* FreeBSD-specific. */ +#define AUE_KEVENT 43068 /* FreeBSD-specific. */ +#define AUE_FSYNC 43069 +#define AUE_NMOUNT 43070 /* FreeBSD-specific. */ +#define AUE_BDFLUSH 43071 /* Linux-specific. */ +#define AUE_SETFSUID 43072 /* Linux-specific. */ +#define AUE_SETFSGID 43073 /* Linux-specific. */ +#define AUE_PERSONALITY 43074 /* Linux-specific. */ +#define AUE_SCHED_GETSCHEDULER 43075 /* POSIX.1b. */ +#define AUE_SCHED_SETSCHEDULER 43076 /* POSIX.1b. */ +#define AUE_PRCTL 43077 /* Linux-specific. */ +#define AUE_GETCWD 43078 /* FreeBSD/Linux-specific. */ +#define AUE_CAPGET 43079 /* Linux-specific. */ +#define AUE_CAPSET 43080 /* Linux-specific. */ +#define AUE_PIVOT_ROOT 43081 /* Linux-specific. */ +#define AUE_RTPRIO 43082 /* FreeBSD-specific. */ +#define AUE_SCHED_GETPARAM 43083 /* POSIX.1b. */ +#define AUE_SCHED_SETPARAM 43084 /* POSIX.1b. */ +#define AUE_SCHED_GET_PRIORITY_MAX 43085 /* POSIX.1b. */ +#define AUE_SCHED_GET_PRIORITY_MIN 43086 /* POSIX.1b. */ +#define AUE_SCHED_RR_GET_INTERVAL 43087 /* POSIX.1b. */ +#define AUE_ACL_GET_FILE 43088 /* FreeBSD. */ +#define AUE_ACL_SET_FILE 43089 /* FreeBSD. */ +#define AUE_ACL_GET_FD 43090 /* FreeBSD. */ +#define AUE_ACL_SET_FD 43091 /* FreeBSD. */ +#define AUE_ACL_DELETE_FILE 43092 /* FreeBSD. */ +#define AUE_ACL_DELETE_FD 43093 /* FreeBSD. */ +#define AUE_ACL_CHECK_FILE 43094 /* FreeBSD. */ +#define AUE_ACL_CHECK_FD 43095 /* FreeBSD. */ +#define AUE_ACL_GET_LINK 43096 /* FreeBSD. */ +#define AUE_ACL_SET_LINK 43097 /* FreeBSD. */ +#define AUE_ACL_DELETE_LINK 43098 /* FreeBSD. */ +#define AUE_ACL_CHECK_LINK 43099 /* FreeBSD. */ +#define AUE_SYSARCH 43100 /* FreeBSD. */ +#define AUE_EXTATTRCTL 43101 /* FreeBSD. */ +#define AUE_EXTATTR_GET_FILE 43102 /* FreeBSD. */ +#define AUE_EXTATTR_SET_FILE 43103 /* FreeBSD. */ +#define AUE_EXTATTR_LIST_FILE 43104 /* FreeBSD. */ +#define AUE_EXTATTR_DELETE_FILE 43105 /* FreeBSD. */ +#define AUE_EXTATTR_GET_FD 43106 /* FreeBSD. */ +#define AUE_EXTATTR_SET_FD 43107 /* FreeBSD. */ +#define AUE_EXTATTR_LIST_FD 43108 /* FreeBSD. */ +#define AUE_EXTATTR_DELETE_FD 43109 /* FreeBSD. */ +#define AUE_EXTATTR_GET_LINK 43110 /* FreeBSD. */ +#define AUE_EXTATTR_SET_LINK 43111 /* FreeBSD. */ +#define AUE_EXTATTR_LIST_LINK 43112 /* FreeBSD. */ +#define AUE_EXTATTR_DELETE_LINK 43111 /* FreeBSD. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#13 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#12 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#13 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -199,9 +199,19 @@ #define PAD_NOTATTR 0x4000 /* nonattributable event */ #define PAD_FAILURE 0x8000 /* fail audit event */ +#define BSM_MAX_GROUPS 16 -#define BSM_MAX_GROUPS 16 -#define HEADER_VERSION 1 +/* + * A number of BSM versions are floating around and defined. Here are + * constants for them. OpenBSM uses the same token types, etc, used in the + * Solaris BSM version, but has a separate version number in order to + * identify a potentially different event identifier name space. + */ +#define BSM_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */ +#define BSM_HEADER_VERSION_SOLARIS 2 +#define BSM_HEADER_VERSION_TSOL25 3 +#define BSM_HEADER_VERSION_TSOL 4 +#define BSM_HEADER_VERSION_OPENBSM 10 /* * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#14 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#13 $ +# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#14 $ # $FreeBSD: src/contrib/openbsm/etc/audit_event,v 1.3 2006/06/27 18:09:54 rwatson Exp $ # 0:AUE_NULL:indir system call:no @@ -235,129 +235,190 @@ 267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad 268:AUE_CLOCK_SETTIME:clock_settime(2):ad 269:AUE_NTP_ADJTIME:ntp_adjtime(2):ad -301:AUE_GETFSSTAT:getfsstat(2):fa -302:AUE_PTRACE:ptrace(2):pc -303:AUE_CHFLAGS:chflags(2):fm -304:AUE_FCHFLAGS:fchflags(2):fm -305:AUE_PROFILE:profil(2):pc -306:AUE_KTRACE:ktrace(2):pc -307:AUE_SETLOGIN:setlogin(2):pc +# +# What follows are deprecated Darwin event numbers that may someday conflict +# with Solaris events. +# +301:AUE_DARWIN_GETFSSTAT:getfsstat(2):fa +302:AUE_DARWIN_PTRACE:ptrace(2):pc +303:AUE_DARWIN_CHFLAGS:chflags(2):fm +304:AUE_DARWIN_FCHFLAGS:fchflags(2):fm +305:AUE_DARWIN_PROFILE:profil(2):pc +306:AUE_DARWIN_KTRACE:ktrace(2):pc +307:AUE_DARWIN_SETLOGIN:setlogin(2):pc 308:AUE_DARWIN_REBOOT:reboot(2):ad -309:AUE_REVOKE:revoke(2):cl -310:AUE_UMASK:umask(2):pc -311:AUE_MPROTECT:mprotect(2):fm +309:AUE_DARWIN_REVOKE:revoke(2):cl +310:AUE_DARWIN_UMASK:umask(2):pc +311:AUE_DARWIN_MPROTECT:mprotect(2):fm 312:AUE_DARWIN_SETPRIORITY:setpriority(2):pc,ot 313:AUE_DARWIN_SETTIMEOFDAY:settimeofday(2):ad 314:AUE_DARWIN_FLOCK:flock(2):fm -315:AUE_MKFIFO:mkfifo(2):fc -316:AUE_POLL:poll(2):no +315:AUE_DARWIN_MKFIFO:mkfifo(2):fc +316:AUE_DARWIN_POLL:poll(2):no 317:AUE_DARWIN_SOCKETPAIR:socketpair(2):nt -318:AUE_FUTIMES:futimes(2):fm -319:AUE_SETSID:setsid(2):pc -320:AUE_SETPRIVEXEC:setprivexec(2):pc +318:AUE_DARWIN_FUTIMES:futimes(2):fm +319:AUE_DARWIN_SETSID:setsid(2):pc +320:AUE_DARWIN_SETPRIVEXEC:setprivexec(2):pc 321:AUE_DARWIN_NFSSVC:nfssvc(2):ad 322:AUE_DARWIN_GETFH:getfh(2):fa 323:AUE_DARWIN_QUOTACTL:quotactl(2):ad -324:AUE_ADDPROFILE:system call:pc -325:AUE_KDEBUGTRACE:system call:pc -326:AUE_FSTAT:fstat(2):fa -327:AUE_FPATHCONF:fpathconf(2):fa -328:AUE_GETDIRENTRIES:getdirentries(2):fr +324:AUE_DARWIN_ADDPROFILE:system call:pc +325:AUE_DARWIN_KDEBUGTRACE:system call:pc +326:AUE_DARWIN_FSTAT:fstat(2):fa +327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa +328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr 329:AUE_DARWIN_TRUNCATE:truncate(2):fw 330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw -331:AUE_SYSCTL:sysctl(3):ad -332:AUE_MLOCK:mlock(2):pc -333:AUE_MUNLOCK:munlock(2):pc -334:AUE_UNDELETE:undelete(2):fm -335:AUE_GETATTRLIST:getattrlist():fa -336:AUE_SETATTRLIST:setattrlist():fm -337:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa -338:AUE_EXCHANGEDATA:exchangedata():fw -339:AUE_SEARCHFS:searchfs():fa -340:AUE_MINHERIT:minherit(2):pc -341:AUE_SEMCONFIG:semconfig():ip -342:AUE_SEMOPEN:sem_open(2):ip -343:AUE_SEMCLOSE:sem_close(2):ip -344:AUE_SEMUNLINK:sem_unlink(2):ip -345:AUE_SHMOPEN:shm_open(2):ip -346:AUE_SHMUNLINK:shm_unlink(2):ip -347:AUE_LOADSHFILE:load_shared_file():fr -348:AUE_RESETSHFILE:reset_shared_file():ot -349:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot -350:AUE_PTHREADKILL:pthread_kill(2):pc -351:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc -352:AUE_AUDITCTL:auditctl(2):ad -353:AUE_RFORK:rfork(2):pc -354:AUE_LCHMOD:lchmod(2):fm -355:AUE_SWAPOFF:swapoff():ad -356:AUE_INITPROCESS:init_process():pc -357:AUE_MAPFD:map_fd():fa -358:AUE_TASKFORPID:task_for_pid():pc -359:AUE_PIDFORTASK:pid_for_task():pc -360:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot -361:AUE_COPYFILE:copyfile():fr,fw -362:AUE_LUTIMES:lutimes(2):fm -363:AUE_LCHFLAGS:lchflags(2):fm -364:AUE_SENDFILE:sendfile(2):nt -365:AUE_USELIB:uselib(2):fa -366:AUE_GETRESUID:getresuid(2):pc -367:AUE_SETRESUID:setresuid(2):pc -368:AUE_GETRESGID:getresgid(2):pc -369:AUE_SETRESGID:setresgid(2):pc -370:AUE_WAIT4:wait4(2):pc -371:AUE_LGETFH:lgetfh(2):fa -372:AUE_FHSTATFS:fhstatfs(2):fa -373:AUE_FHOPEN:fhopen(2):fa -374:AUE_FHSTAT:fhstat(2):fa -375:AUE_JAIL:jail(2):pc -376:AUE_EACCESS:eaccess(2):fa -377:AUE_KQUEUE:kqueue(2):no -378:AUE_KEVENT:kevent(2):no -379:AUE_FSYNC:fsync(2):fm -380:AUE_NMOUNT:nmount(2):ad -381:AUE_BDFLUSH:bdflush(2):ad -382:AUE_SETFSUID:setfsuid(2):ot -383:AUE_SETFSGID:setfsgid(2):ot -384:AUE_PERSONALITY:personality(2):pc -385:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad -386:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad -387:AUE_PRCTL:prctl(2):pc -388:AUE_GETCWD:getcwd(2):pc -389:AUE_CAPGET:capget(2):pc -390:AUE_CAPSET:capset(2):pc -391:AUE_PIVOT_ROOT:pivot_root(2):pc -392:AUE_RTPRIO::rtprio(2):pc -393:AUE_SCHED_GETPARAM:sched_getparam(2):ad -394:AUE_SCHED_SETPARAM:sched_setparam(2):ad -395:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad -396:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad -397:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad -398:AUE_ACL_GET_FILE:acl_get_file(2):fa -399:AUE_ACL_SET_FILE:acl_set_file(2):fm -400:AUE_ACL_GET_FD:acl_get_fd(2):fa -401:AUE_ACL_SET_FD:acl_set_fd(2):fm -402:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm -403:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm -404:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa -405:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa -406:AUE_ACL_GET_LINK:acl_get_link(2):fa -407:AUE_ACL_SET_LINK:acl_set_link(2):fm -408:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm -409:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa -410:AUE_SYSARCH:sysarch(2):na -411:AUE_EXTATTRCTL:extattrctl(2):fm -412:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa -413:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm -414:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa -415:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm -416:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa -417:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm -418:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa -419:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm -420:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa -421:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm -422:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa -423:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm +331:AUE_DARWIN_SYSCTL:sysctl(3):ad +332:AUE_DARWIN_MLOCK:mlock(2):pc +333:AUE_DARWIN_MUNLOCK:munlock(2):pc +334:AUE_DARWIN_UNDELETE:undelete(2):fm +335:AUE_DARWIN_GETATTRLIST:getattrlist():fa +336:AUE_DARWIN_SETATTRLIST:setattrlist():fm +337:AUE_DARWIN_GETDIRENTRIESATTR:getdirentriesattr():fa +338:AUE_DARWIN_EXCHANGEDATA:exchangedata():fw +339:AUE_DARWIN_SEARCHFS:searchfs():fa +340:AUE_DARWIN_MINHERIT:minherit(2):pc +341:AUE_DARWIN_SEMCONFIG:semconfig():ip +342:AUE_DARWIN_SEMOPEN:sem_open(2):ip +343:AUE_DARWIN_SEMCLOSE:sem_close(2):ip +344:AUE_DARWIN_SEMUNLINK:sem_unlink(2):ip +345:AUE_DARWIN_SHMOPEN:shm_open(2):ip +346:AUE_DARWIN_SHMUNLINK:shm_unlink(2):ip +347:AUE_DARWIN_LOADSHFILE:load_shared_file():fr +348:AUE_DARWIN_RESETSHFILE:reset_shared_file():ot +349:AUE_DARWIN_NEWSYSTEMSHREG:new_system_share_regions():ot +350:AUE_DARWIN_PTHREADKILL:pthread_kill(2):pc +351:AUE_DARWIN_PTHREADSIGMASK:pthread_sigmask(2):pc +352:AUE_DARWIN_AUDITCTL:auditctl(2):ad +353:AUE_DARWIN_RFORK:rfork(2):pc +354:AUE_DARWIN_LCHMOD:lchmod(2):fm +355:AUE_DARWIN_SWAPOFF:swapoff():ad +356:AUE_DARWIN_INITPROCESS:init_process():pc +357:AUE_DARWIN_MAPFD:map_fd():fa +358:AUE_DARWIN_TASKFORPID:task_for_pid():pc +359:AUE_DARWIN_PIDFORTASK:pid_for_task():pc +360:AUE_DARWIN_SYSCTL_NONADMIN:sysctl() - non-admin:ot +361:AUE_DARWIN_COPYFILE:copyfile():fr,fw +# +# OpenBSM-specific kernel events. +# +43001:AUE_GETFSSTAT:getfsstat(2):fa +43002:AUE_PTRACE:ptrace(2):pc +43003:AUE_CHFLAGS:chflags(2):fm +43004:AUE_FCHFLAGS:fchflags(2):fm +43005:AUE_PROFILE:profil(2):pc +43006:AUE_KTRACE:ktrace(2):pc +43007:AUE_SETLOGIN:setlogin(2):pc +43008:AUE_REVOKE:revoke(2):cl +43009:AUE_UMASK:umask(2):pc +43010:AUE_MPROTECT:mprotect(2):fm +43011:AUE_MKFIFO:mkfifo(2):fc +43012:AUE_POLL:poll(2):no +43013:AUE_FUTIMES:futimes(2):fm +43014:AUE_SETSID:setsid(2):pc +43015:AUE_SETPRIVEXEC:setprivexec(2):pc +43016:AUE_ADDPROFILE:system call:pc +43017:AUE_KDEBUGTRACE:system call:pc +43018:AUE_FSTAT:fstat(2):fa +43019:AUE_FPATHCONF:fpathconf(2):fa +43020:AUE_GETDIRENTRIES:getdirentries(2):fr +43021:AUE_SYSCTL:sysctl(3):ad +43022:AUE_MLOCK:mlock(2):pc +43023:AUE_MUNLOCK:munlock(2):pc +43024:AUE_UNDELETE:undelete(2):fm +43025:AUE_GETATTRLIST:getattrlist():fa +43026:AUE_SETATTRLIST:setattrlist():fm +43027:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa +43028:AUE_EXCHANGEDATA:exchangedata():fw +43029:AUE_SEARCHFS:searchfs():fa +43030:AUE_MINHERIT:minherit(2):pc +43031:AUE_SEMCONFIG:semconfig():ip +43032:AUE_SEMOPEN:sem_open(2):ip +43033:AUE_SEMCLOSE:sem_close(2):ip +43034:AUE_SEMUNLINK:sem_unlink(2):ip +43035:AUE_SHMOPEN:shm_open(2):ip +43036:AUE_SHMUNLINK:shm_unlink(2):ip +43037:AUE_LOADSHFILE:load_shared_file():fr +43038:AUE_RESETSHFILE:reset_shared_file():ot +43039:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot +43040:AUE_PTHREADKILL:pthread_kill(2):pc +43041:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc +43042:AUE_AUDITCTL:auditctl(2):ad +43043:AUE_RFORK:rfork(2):pc +43044:AUE_LCHMOD:lchmod(2):fm +43045:AUE_SWAPOFF:swapoff():ad +43046:AUE_INITPROCESS:init_process():pc +43047:AUE_MAPFD:map_fd():fa +43048:AUE_TASKFORPID:task_for_pid():pc +43049:AUE_PIDFORTASK:pid_for_task():pc +43050:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot +43051:AUE_COPYFILE:copyfile():fr,fw +43052:AUE_LUTIMES:lutimes(2):fm +43053:AUE_LCHFLAGS:lchflags(2):fm +43054:AUE_SENDFILE:sendfile(2):nt +43055:AUE_USELIB:uselib(2):fa +43056:AUE_GETRESUID:getresuid(2):pc +43057:AUE_SETRESUID:setresuid(2):pc +43058:AUE_GETRESGID:getresgid(2):pc +43059:AUE_SETRESGID:setresgid(2):pc +43060:AUE_WAIT4:wait4(2):pc +43061:AUE_LGETFH:lgetfh(2):fa +43062:AUE_FHSTATFS:fhstatfs(2):fa +43063:AUE_FHOPEN:fhopen(2):fa +43064:AUE_FHSTAT:fhstat(2):fa +43065:AUE_JAIL:jail(2):pc +43066:AUE_EACCESS:eaccess(2):fa +43067:AUE_KQUEUE:kqueue(2):no +43068:AUE_KEVENT:kevent(2):no +43069:AUE_FSYNC:fsync(2):fm +43070:AUE_NMOUNT:nmount(2):ad +43071:AUE_BDFLUSH:bdflush(2):ad +43072:AUE_SETFSUID:setfsuid(2):ot +43073:AUE_SETFSGID:setfsgid(2):ot +43074:AUE_PERSONALITY:personality(2):pc +43075:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad +43076:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad +43077:AUE_PRCTL:prctl(2):pc +43078:AUE_GETCWD:getcwd(2):pc +43079:AUE_CAPGET:capget(2):pc +43080:AUE_CAPSET:capset(2):pc +43081:AUE_PIVOT_ROOT:pivot_root(2):pc +43082:AUE_RTPRIO::rtprio(2):pc +43083:AUE_SCHED_GETPARAM:sched_getparam(2):ad +43084:AUE_SCHED_SETPARAM:sched_setparam(2):ad +43085:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad +43086:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad +43087:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad +43088:AUE_ACL_GET_FILE:acl_get_file(2):fa +43089:AUE_ACL_SET_FILE:acl_set_file(2):fm +43090:AUE_ACL_GET_FD:acl_get_fd(2):fa +43091:AUE_ACL_SET_FD:acl_set_fd(2):fm +43092:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm +43093:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm +43094:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa +43095:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa +43096:AUE_ACL_GET_LINK:acl_get_link(2):fa +43097:AUE_ACL_SET_LINK:acl_set_link(2):fm +43098:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm +43099:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa +43100:AUE_SYSARCH:sysarch(2):na +43101:AUE_EXTATTRCTL:extattrctl(2):fm +43102:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa +43103:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm +43104:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa +43105:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm +43106:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa +43107:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm +43108:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa +43109:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm +43110:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa +43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm +43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa +43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm +# +# User space system events. +# 6152:AUE_login:login - local:lo 6153:AUE_logout:logout - local:lo 6159:AUE_su:su(1):lo ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#19 (text+ko) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#18 $ + * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#19 $ */ #include @@ -1155,7 +1155,7 @@ ADD_U_CHAR(dptr, AUT_HEADER32); ADD_U_INT32(dptr, rec_size); - ADD_U_CHAR(dptr, HEADER_VERSION); + ADD_U_CHAR(dptr, BSM_HEADER_VERSION_OPENBSM); ADD_U_INT16(dptr, e_type); ADD_U_INT16(dptr, e_mod);