Vendor import of OpenBSM 1.0 alpha 9, with the following change history
notes since the last import: OpenBSM 1.0 alpha 9 - Rename many OpenBSM-specific constants and API elements containing the strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true for almost all existing constants and APIs. - Instead of passing a per-instance cookie directly into all audit filter APIs, pass in the audit filter daemon state pointer, which is then used by the module using an audit_filter_{get,set}cookie() API. This will allow future service APIs provided by the filter daemon to maintain their own state -- for example, per-module preselection state. OpenBSM 1.0 alpha 8 - Correct typo in definition of AUR_INT. - Adopt OpenSolaris constant values for AUDIT_* configuration flags. - Arguments to au_to_exec_args() and au_to_exec_env() no longer const. - Add kernel versions of au_to_exec_args() and au_to_exec_env(). - Fix exec argument type that is printed for env strings from 'arg' to 'env'. - New OpenBSM token version number assigned, constants added for other commonly seen version numbers. - OpenBSM-specific events assigned numbers in the 43xxx range to avoid future collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they are now deprecated numberings. - autoconf now detects clock_gettime(), which is not available on Darwin. - praudit output fixes relating to arg32 and arg64 tokens. - Maximum record size updated to 64k-1 to match Solaris record size limit. - Various style and comment cleanups in include files. This is an MFC candidate to RELENG_6. Obtained from: TrustedBSD Project
This commit is contained in:
parent
02d6c5b525
commit
3dabba580b
@ -1,3 +1,31 @@
|
||||
OpenBSM 1.0 alpha 9
|
||||
|
||||
- Rename many OpenBSM-specific constants and API elements containing the
|
||||
strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true
|
||||
for almost all existing constants and APIs.
|
||||
- Instead of passing a per-instance cookie directly into all audit filter
|
||||
APIs, pass in the audit filter daemon state pointer, which is then used by
|
||||
the module using an audit_filter_{get,set}cookie() API. This will allow
|
||||
future service APIs provided by the filter daemon to maintain their own
|
||||
state -- for example, per-module preselection state.
|
||||
|
||||
OpenBSM 1.0 alpha 8
|
||||
|
||||
- Correct typo in definition of AUR_INT.
|
||||
- Adopt OpenSolaris constant values for AUDIT_* configuration flags.
|
||||
- Arguments to au_to_exec_args() and au_to_exec_env() no longer const.
|
||||
- Add kernel versions of au_to_exec_args() and au_to_exec_env().
|
||||
- Fix exec argument type that is printed for env strings from 'arg' to 'env'.
|
||||
- New OpenBSM token version number assigned, constants added for other
|
||||
commonly seen version numbers.
|
||||
- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future
|
||||
collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they
|
||||
are now deprecated numberings.
|
||||
- autoconf now detects clock_gettime(), which is not available on Darwin.
|
||||
- praudit output fixes relating to arg32 and arg64 tokens.
|
||||
- Maximum record size updated to 64k-1 to match Solaris record size limit.
|
||||
- Various style and comment cleanups in include files.
|
||||
|
||||
OpenBSM 1.0 alpha 7
|
||||
|
||||
- Adopted Solaris-compatible format for subject32_ex and subject64_ex
|
||||
@ -175,4 +203,4 @@ OpenBSM 1.0 alpha 1
|
||||
to support reloading of kernel event table.
|
||||
- Allow comments in /etc/security configuration files.
|
||||
|
||||
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#15 $
|
||||
$P4: //depot/projects/trustedbsd/openbsm/HISTORY#25 $
|
||||
|
@ -74,6 +74,8 @@ to the development of OpenBSM:
|
||||
Olivier Houchard
|
||||
Christian Peron
|
||||
Martin Fong
|
||||
Pawel Worach
|
||||
Martin Englund
|
||||
|
||||
In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
|
||||
Software's FlexeLint tool were used to identify a number of bugs in the
|
||||
@ -95,4 +97,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page:
|
||||
|
||||
http://www.TrustedBSD.org/
|
||||
|
||||
$P4: //depot/projects/trustedbsd/openbsm/README#17 $
|
||||
$P4: //depot/projects/trustedbsd/openbsm/README#19 $
|
||||
|
@ -1 +1 @@
|
||||
OPENBSM_1_0_ALPHA_7
|
||||
OPENBSM_1_0_ALPHA_9
|
||||
|
@ -30,7 +30,7 @@
|
||||
*
|
||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#16 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#17 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -88,7 +88,7 @@ fail_exit(void)
|
||||
* Free our local list of directory names.
|
||||
*/
|
||||
static void
|
||||
free_dir_q()
|
||||
free_dir_q(void)
|
||||
{
|
||||
struct dir_ent *dirent;
|
||||
|
||||
|
@ -25,7 +25,16 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#6 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#9 $
|
||||
*/
|
||||
|
||||
/*
|
||||
* Main file for the audit filter daemon, which presents audit records to a
|
||||
* set of run-time registered loadable modules. This is the main event loop
|
||||
* of the daemon, which handles starting up, waiting for records, and
|
||||
* presenting records to configured modules. auditfilterd_conf.c handles the
|
||||
* reading and management of the configuration, module list and module state,
|
||||
* etc.
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -106,13 +115,13 @@ signal_handler(int signum)
|
||||
* Present raw BSM to a set of registered and interested filters.
|
||||
*/
|
||||
static void
|
||||
present_bsmrecord(struct timespec *ts, u_char *data, u_int len)
|
||||
present_rawrecord(struct timespec *ts, u_char *data, u_int len)
|
||||
{
|
||||
struct auditfilter_module *am;
|
||||
|
||||
TAILQ_FOREACH(am, &filter_list, am_list) {
|
||||
if (am->am_bsmrecord != NULL)
|
||||
(am->am_bsmrecord)(am->am_instance, ts, data, len);
|
||||
if (am->am_rawrecord != NULL)
|
||||
(am->am_rawrecord)(am, ts, data, len);
|
||||
}
|
||||
}
|
||||
|
||||
@ -140,8 +149,7 @@ present_tokens(struct timespec *ts, u_char *data, u_int len)
|
||||
|
||||
TAILQ_FOREACH(am, &filter_list, am_list) {
|
||||
if (am->am_record != NULL)
|
||||
(am->am_record)(am->am_instance, ts, tokencount,
|
||||
tokens);
|
||||
(am->am_record)(am, ts, tokencount, tokens);
|
||||
}
|
||||
}
|
||||
|
||||
@ -191,7 +199,7 @@ mainloop_file(const char *conffile, const char *trailfile, FILE *trail_fp)
|
||||
continue;
|
||||
if (clock_gettime(CLOCK_REALTIME, &ts) < 0)
|
||||
err(-1, "clock_gettime");
|
||||
present_bsmrecord(&ts, buf, reclen);
|
||||
present_rawrecord(&ts, buf, reclen);
|
||||
present_tokens(&ts, buf, reclen);
|
||||
free(buf);
|
||||
}
|
||||
@ -241,7 +249,7 @@ mainloop_pipe(const char *conffile, const char *pipefile, int pipe_fd)
|
||||
continue;
|
||||
if (clock_gettime(CLOCK_REALTIME, &ts) < 0)
|
||||
err(-1, "clock_gettime");
|
||||
present_bsmrecord(&ts, record, reclen);
|
||||
present_rawrecord(&ts, record, reclen);
|
||||
present_tokens(&ts, record, reclen);
|
||||
}
|
||||
}
|
||||
|
@ -25,7 +25,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.h#3 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.h#5 $
|
||||
*/
|
||||
|
||||
#define AUDITFILTERD_CONFFILE "/etc/security/audit_filter"
|
||||
@ -53,11 +53,11 @@ struct auditfilter_module {
|
||||
/*
|
||||
* Fields provided by or extracted from the module.
|
||||
*/
|
||||
void *am_instance;
|
||||
void *am_cookie;
|
||||
audit_filter_attach_t am_attach;
|
||||
audit_filter_reinit_t am_reinit;
|
||||
audit_filter_record_t am_record;
|
||||
audit_filter_bsmrecord_t am_bsmrecord;
|
||||
audit_filter_rawrecord_t am_rawrecord;
|
||||
audit_filter_detach_t am_detach;
|
||||
|
||||
/*
|
||||
|
@ -25,7 +25,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd_conf.c#3 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd_conf.c#5 $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -38,6 +38,12 @@
|
||||
* Modules are in one of two states: attached, or detached. If attach fails,
|
||||
* detach is not called because it was not attached. If a module is attached
|
||||
* and a call to its reinit method fails, we will detach it.
|
||||
*
|
||||
* Modules are passed a (void *) reference to their configuration state so
|
||||
* that they may pass this into any common APIs we provide which may rely on
|
||||
* that state. Currently, the only such API is the cookie API, which allows
|
||||
* per-instance state to be maintained by a module. In the future, this will
|
||||
* also be used to support per-instance preselection state.
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -105,8 +111,8 @@ auditfilter_module_detach(struct auditfilter_module *am)
|
||||
{
|
||||
|
||||
if (am->am_detach != NULL)
|
||||
am->am_detach(am->am_instance);
|
||||
am->am_instance = NULL;
|
||||
am->am_detach(am);
|
||||
am->am_cookie = NULL;
|
||||
(void)dlclose(am->am_dlhandle);
|
||||
am->am_dlhandle = NULL;
|
||||
}
|
||||
@ -149,21 +155,22 @@ auditfilter_module_attach(struct auditfilter_module *am)
|
||||
am->am_attach = dlsym(am->am_dlhandle, AUDIT_FILTER_ATTACH_STRING);
|
||||
am->am_reinit = dlsym(am->am_dlhandle, AUDIT_FILTER_REINIT_STRING);
|
||||
am->am_record = dlsym(am->am_dlhandle, AUDIT_FILTER_RECORD_STRING);
|
||||
am->am_bsmrecord = dlsym(am->am_dlhandle,
|
||||
AUDIT_FILTER_BSMRECORD_STRING);
|
||||
am->am_rawrecord = dlsym(am->am_dlhandle,
|
||||
AUDIT_FILTER_RAWRECORD_STRING);
|
||||
am->am_detach = dlsym(am->am_dlhandle, AUDIT_FILTER_DETACH_STRING);
|
||||
|
||||
if (am->am_attach != NULL) {
|
||||
if (am->am_attach(&am->am_instance, am->am_argc, am->am_argv)
|
||||
if (am->am_attach(am, am->am_argc, am->am_argv)
|
||||
!= AUDIT_FILTER_SUCCESS) {
|
||||
warnx("auditfilter_module_attach: %s: failed",
|
||||
am->am_modulename);
|
||||
dlclose(am->am_dlhandle);
|
||||
am->am_dlhandle = NULL;
|
||||
am->am_cookie = NULL;
|
||||
am->am_attach = NULL;
|
||||
am->am_reinit = NULL;
|
||||
am->am_record = NULL;
|
||||
am->am_bsmrecord = NULL;
|
||||
am->am_rawrecord = NULL;
|
||||
am->am_detach = NULL;
|
||||
return (-1);
|
||||
}
|
||||
@ -184,7 +191,7 @@ auditfilter_module_reinit(struct auditfilter_module *am)
|
||||
if (am->am_reinit == NULL)
|
||||
return (0);
|
||||
|
||||
if (am->am_reinit(&am->am_instance, am->am_argc, am->am_argv) !=
|
||||
if (am->am_reinit(am, am->am_argc, am->am_argv) !=
|
||||
AUDIT_FILTER_SUCCESS) {
|
||||
warnx("auditfilter_module_reinit: %s: failed",
|
||||
am->am_modulename);
|
||||
@ -483,3 +490,24 @@ auditfilterd_conf_shutdown(void)
|
||||
auditfilter_module_list_detach(&filter_list);
|
||||
auditfilter_module_list_free(&filter_list);
|
||||
}
|
||||
|
||||
/*
|
||||
* APIs to allow modules to query and set their per-instance cookie.
|
||||
*/
|
||||
void
|
||||
audit_filter_getcookie(void *instance, void **cookie)
|
||||
{
|
||||
struct auditfilter_module *am;
|
||||
|
||||
am = (struct auditfilter_module *)instance;
|
||||
*cookie = am->am_cookie;
|
||||
}
|
||||
|
||||
void
|
||||
audit_filter_setcookie(void *instance, void *cookie)
|
||||
{
|
||||
struct auditfilter_module *am;
|
||||
|
||||
am = (struct auditfilter_module *)instance;
|
||||
am->am_cookie = cookie;
|
||||
}
|
||||
|
@ -30,7 +30,7 @@
|
||||
*
|
||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#16 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#19 $
|
||||
*/
|
||||
|
||||
#ifndef _BSM_AUDIT_H
|
||||
@ -38,11 +38,12 @@
|
||||
|
||||
#define AUDIT_RECORD_MAGIC 0x828a0f1b
|
||||
#define MAX_AUDIT_RECORDS 20
|
||||
#define MAX_AUDIT_RECORD_SIZE 4096
|
||||
#define MAXAUDITDATA (0x8000 - 1)
|
||||
#define MAX_AUDIT_RECORD_SIZE MAXAUDITDATA
|
||||
#define MIN_AUDIT_FILE_SIZE (512 * 1024)
|
||||
|
||||
/*
|
||||
* Triggers for the audit daemon
|
||||
* Triggers for the audit daemon.
|
||||
*/
|
||||
#define AUDIT_TRIGGER_MIN 1
|
||||
#define AUDIT_TRIGGER_LOW_SPACE 1
|
||||
@ -53,7 +54,8 @@
|
||||
#define AUDIT_TRIGGER_MAX 5
|
||||
|
||||
/*
|
||||
* File that will be read for trigger events from the kernel
|
||||
* Special file that will be read for trigger events from the kernel
|
||||
* (FreeBSD).
|
||||
*/
|
||||
#define AUDIT_TRIGGER_FILE "/dev/audit"
|
||||
|
||||
@ -101,7 +103,7 @@
|
||||
#define AU_ALL 0xffffffff
|
||||
|
||||
/*
|
||||
* IPC types
|
||||
* IPC types.
|
||||
*/
|
||||
#define AT_IPC_MSG ((u_char)1) /* Message IPC id. */
|
||||
#define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */
|
||||
@ -150,16 +152,19 @@
|
||||
#define AUDIT_AHLT 0x0002
|
||||
#define AUDIT_ARGV 0x0004
|
||||
#define AUDIT_ARGE 0x0008
|
||||
#define AUDIT_PASSWD 0x0010
|
||||
#define AUDIT_SEQ 0x0020
|
||||
#define AUDIT_WINDATA 0x0040
|
||||
#define AUDIT_USER 0x0080
|
||||
#define AUDIT_GROUP 0x0100
|
||||
#define AUDIT_TRAIL 0x0200
|
||||
#define AUDIT_PATH 0x0400
|
||||
#define AUDIT_SEQ 0x0010
|
||||
#define AUDIT_WINDATA 0x0020
|
||||
#define AUDIT_USER 0x0040
|
||||
#define AUDIT_GROUP 0x0080
|
||||
#define AUDIT_TRAIL 0x0100
|
||||
#define AUDIT_PATH 0x0200
|
||||
#define AUDIT_SCNT 0x0400
|
||||
#define AUDIT_PUBLIC 0x0800
|
||||
#define AUDIT_ZONENAME 0x1000
|
||||
#define AUDIT_PERZONE 0x2000
|
||||
|
||||
/*
|
||||
* Audit queue control parameters
|
||||
* Audit queue control parameters.
|
||||
*/
|
||||
#define AQ_HIWATER 100
|
||||
#define AQ_MAXHIGH 10000
|
||||
|
@ -25,7 +25,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_filter.h#2 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_filter.h#4 $
|
||||
*/
|
||||
|
||||
#ifndef _BSM_AUDIT_FILTER_H_
|
||||
@ -38,21 +38,27 @@
|
||||
* audit_filter_reinit_t - arguments to module have changed
|
||||
* audit_filter_record_t - present parsed record to filter module, with
|
||||
* receipt time
|
||||
* audit_filter_bsmrecord_t - present bsm format record to filter module,
|
||||
* audit_filter_rawrecord_t - present BSM format record to filter module,
|
||||
* with receipt time
|
||||
* audit_filter_destach_t - filter module is being detached
|
||||
*
|
||||
* There may be many instances of the same filter, identified by the instance
|
||||
* void pointer maintained by the filter instance.
|
||||
*/
|
||||
typedef int (*audit_filter_attach_t)(void **instance, int argc, char *argv[]);
|
||||
typedef int (*audit_filter_attach_t)(void *instance, int argc, char *argv[]);
|
||||
typedef int (*audit_filter_reinit_t)(void *instance, int argc, char *argv[]);
|
||||
typedef void (*audit_filter_record_t)(void *instance, struct timespec *ts,
|
||||
int token_count, const tokenstr_t tok[]);
|
||||
typedef void (*audit_filter_bsmrecord_t)(void *instance, struct timespec *ts,
|
||||
typedef void (*audit_filter_rawrecord_t)(void *instance, struct timespec *ts,
|
||||
void *data, u_int len);
|
||||
typedef void (*audit_filter_detach_t)(void *instance);
|
||||
|
||||
/*
|
||||
* APIs that may be called by audit filters.
|
||||
*/
|
||||
void audit_filter_getcookie(void *instance, void **cookie);
|
||||
void audit_filter_setcookie(void *instance, void *cookie);
|
||||
|
||||
/*
|
||||
* Values to be returned by audit_filter_init_t.
|
||||
*/
|
||||
@ -66,12 +72,12 @@ typedef void (*audit_filter_detach_t)(void *instance);
|
||||
#define AUDIT_FILTER_ATTACH audit_filter_attach
|
||||
#define AUDIT_FILTER_REINIT audit_filter_reinit
|
||||
#define AUDIT_FILTER_RECORD audit_filter_record
|
||||
#define AUDIT_FILTER_BSMRECORD audit_filter_bsmrecord
|
||||
#define AUDIT_FILTER_RAWRECORD audit_filter_rawrecord
|
||||
#define AUDIT_FILTER_DETACH audit_filter_detach
|
||||
#define AUDIT_FILTER_ATTACH_STRING "audit_filter_attach"
|
||||
#define AUDIT_FILTER_REINIT_STRING "audit_filter_reinit"
|
||||
#define AUDIT_FILTER_RECORD_STRING "audit_filter_record"
|
||||
#define AUDIT_FILTER_BSMRECORD_STRING "audit_filter_bsmrecord"
|
||||
#define AUDIT_FILTER_RAWRECORD_STRING "audit_filter_rawrecord"
|
||||
#define AUDIT_FILTER_DETACH_STRING "audit_filter_detach"
|
||||
|
||||
#endif /* !_BSM_AUDIT_FILTER_H_ */
|
||||
|
@ -34,7 +34,7 @@
|
||||
*
|
||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#13 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#14 $
|
||||
*/
|
||||
|
||||
#ifndef _AUDIT_INTERNAL_H
|
||||
@ -68,15 +68,15 @@ struct au_record {
|
||||
typedef struct au_record au_record_t;
|
||||
|
||||
|
||||
/* We could determined the header and trailer sizes by
|
||||
* defining appropriate structures. We hold off that approach
|
||||
* till we have a consistant way of using structures for all tokens.
|
||||
* This is not straightforward since these token structures may
|
||||
* contain pointers of whose contents we dont know the size
|
||||
* (e.g text tokens)
|
||||
/*
|
||||
* We could determined the header and trailer sizes by defining appropriate
|
||||
* structures. We hold off that approach until we have a consistant way of
|
||||
* using structures for all tokens. This is not straightforward since these
|
||||
* token structures may contain pointers of whose contents we dont know the
|
||||
* size (e.g text tokens).
|
||||
*/
|
||||
#define BSM_HEADER_SIZE 18
|
||||
#define BSM_TRAILER_SIZE 7
|
||||
#define AUDIT_HEADER_SIZE 18
|
||||
#define AUDIT_TRAILER_SIZE 7
|
||||
|
||||
/*
|
||||
* BSM token streams store fields in big endian byte order, so as to be
|
||||
|
@ -30,7 +30,7 @@
|
||||
*
|
||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#38 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#40 $
|
||||
*/
|
||||
|
||||
#ifndef _BSM_AUDIT_KEVENTS_H_
|
||||
@ -273,134 +273,200 @@
|
||||
#define AUE_NTP_ADJTIME 288
|
||||
|
||||
/*
|
||||
* Events not present in OpenSolaris BSM, generally derived from Apple Darwin
|
||||
* BSM or added in OpenBSM. This start a little too close to the top end of
|
||||
* the OpenSolaris event list for my comfort.
|
||||
* Events added for Apple Darwin that potentially collide with future Solaris
|
||||
* BSM events. These are assigned AUE_DARWIN prefixes, and are deprecated in
|
||||
* new trails. Systems generating these events should switch to the new
|
||||
* identifiers that avoid colliding with the Solaris identifier space.
|
||||
*/
|
||||
#define AUE_GETFSSTAT 301
|
||||
#define AUE_PTRACE 302
|
||||
#define AUE_CHFLAGS 303
|
||||
#define AUE_FCHFLAGS 304
|
||||
#define AUE_PROFILE 305
|
||||
#define AUE_KTRACE 306
|
||||
#define AUE_SETLOGIN 307
|
||||
#define AUE_DARWIN_GETFSSTAT 301
|
||||
#define AUE_DARWIN_PTRACE 302
|
||||
#define AUE_DARWIN_CHFLAGS 303
|
||||
#define AUE_DARWIN_FCHFLAGS 304
|
||||
#define AUE_DARWIN_PROFILE 305
|
||||
#define AUE_DARWIN_KTRACE 306
|
||||
#define AUE_DARWIN_SETLOGIN 307
|
||||
#define AUE_DARWIN_REBOOT 308 /* XXX: See AUE_REBOOT. */
|
||||
#define AUE_REVOKE 309
|
||||
#define AUE_UMASK 310
|
||||
#define AUE_MPROTECT 311
|
||||
#define AUE_DARWIN_REVOKE 309
|
||||
#define AUE_DARWIN_UMASK 310
|
||||
#define AUE_DARWIN_MPROTECT 311
|
||||
#define AUE_DARWIN_SETPRIORITY 312 /* XXX: See AUE_SETPRIORITY. */
|
||||
#define AUE_DARWIN_SETTIMEOFDAY 313 /* XXX: See AUE_SETTIMEOFDAY. */
|
||||
#define AUE_DARWIN_FLOCK 314 /* XXX: See AUE_FLOCK. */
|
||||
#define AUE_MKFIFO 315
|
||||
#define AUE_POLL 316
|
||||
#define AUE_DARWIN_MKFIFO 315
|
||||
#define AUE_DARWIN_POLL 316
|
||||
#define AUE_DARWIN_SOCKETPAIR 317 /* XXXRW: See AUE_SOCKETPAIR. */
|
||||
#define AUE_FUTIMES 318
|
||||
#define AUE_SETSID 319
|
||||
#define AUE_SETPRIVEXEC 320 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_FUTIMES 318
|
||||
#define AUE_DARWIN_SETSID 319
|
||||
#define AUE_DARWIN_SETPRIVEXEC 320 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_NFSSVC 321 /* XXX: See AUE_NFS_SVC. */
|
||||
#define AUE_DARWIN_GETFH 322 /* XXX: See AUE_NFS_GETFH. */
|
||||
#define AUE_DARWIN_QUOTACTL 323 /* XXX: See AUE_QUOTACTL. */
|
||||
#define AUE_ADDPROFILE 324 /* Darwin-specific. */
|
||||
#define AUE_KDEBUGTRACE 325 /* Darwin-specific. */
|
||||
#define AUE_KDBUGTRACE AUE_KDEBUGTRACE
|
||||
#define AUE_FSTAT 326
|
||||
#define AUE_FPATHCONF 327
|
||||
#define AUE_GETDIRENTRIES 328
|
||||
#define AUE_DARWIN_ADDPROFILE 324 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_KDEBUGTRACE 325 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_KDBUGTRACE AUE_KDEBUGTRACE
|
||||
#define AUE_DARWIN_FSTAT 326
|
||||
#define AUE_DARWIN_FPATHCONF 327
|
||||
#define AUE_DARWIN_GETDIRENTRIES 328
|
||||
#define AUE_DARWIN_TRUNCATE 329 /* XXX: See AUE_TRUNCATE. */
|
||||
#define AUE_DARWIN_FTRUNCATE 330 /* XXX: See AUE_FTRUNCATE. */
|
||||
#define AUE_SYSCTL 331
|
||||
#define AUE_MLOCK 332
|
||||
#define AUE_MUNLOCK 333
|
||||
#define AUE_UNDELETE 334
|
||||
#define AUE_GETATTRLIST 335 /* Darwin-specific. */
|
||||
#define AUE_SETATTRLIST 336 /* Darwin-specific. */
|
||||
#define AUE_GETDIRENTRIESATTR 337 /* Darwin-specific. */
|
||||
#define AUE_EXCHANGEDATA 338 /* Darwin-specific. */
|
||||
#define AUE_SEARCHFS 339 /* Darwin-specific. */
|
||||
#define AUE_MINHERIT 340
|
||||
#define AUE_SEMCONFIG 341
|
||||
#define AUE_SEMOPEN 342
|
||||
#define AUE_SEMCLOSE 343
|
||||
#define AUE_SEMUNLINK 344
|
||||
#define AUE_SHMOPEN 345
|
||||
#define AUE_SHMUNLINK 346
|
||||
#define AUE_LOADSHFILE 347 /* Darwin-specific. */
|
||||
#define AUE_RESETSHFILE 348 /* Darwin-specific. */
|
||||
#define AUE_NEWSYSTEMSHREG 349 /* Darwin-specific. */
|
||||
#define AUE_PTHREADKILL 350 /* Darwin-specific. */
|
||||
#define AUE_PTHREADSIGMASK 351 /* Darwin-specific. */
|
||||
#define AUE_AUDITCTL 352
|
||||
#define AUE_RFORK 353
|
||||
#define AUE_LCHMOD 354
|
||||
#define AUE_SWAPOFF 355
|
||||
#define AUE_INITPROCESS 356 /* Darwin-specific. */
|
||||
#define AUE_MAPFD 357 /* Darwin-specific. */
|
||||
#define AUE_TASKFORPID 358 /* Darwin-specific. */
|
||||
#define AUE_PIDFORTASK 359 /* Darwin-specific. */
|
||||
#define AUE_SYSCTL_NONADMIN 360
|
||||
#define AUE_COPYFILE 361 /* Darwin-specific. */
|
||||
#define AUE_LUTIMES 362
|
||||
#define AUE_LCHFLAGS 363 /* FreeBSD-specific. */
|
||||
#define AUE_SENDFILE 364 /* BSD/Linux-specific. */
|
||||
#define AUE_USELIB 365 /* Linux-specific. */
|
||||
#define AUE_GETRESUID 366
|
||||
#define AUE_SETRESUID 367
|
||||
#define AUE_GETRESGID 368
|
||||
#define AUE_SETRESGID 369
|
||||
#define AUE_WAIT4 370 /* FreeBSD-specific. */
|
||||
#define AUE_LGETFH 371 /* FreeBSD-specific. */
|
||||
#define AUE_FHSTATFS 372 /* FreeBSD-specific. */
|
||||
#define AUE_FHOPEN 373 /* FreeBSD-specific. */
|
||||
#define AUE_FHSTAT 374 /* FreeBSD-specific. */
|
||||
#define AUE_JAIL 375 /* FreeBSD-specific. */
|
||||
#define AUE_EACCESS 376 /* FreeBSD-specific. */
|
||||
#define AUE_KQUEUE 377 /* FreeBSD-specific. */
|
||||
#define AUE_KEVENT 378 /* FreeBSD-specific. */
|
||||
#define AUE_FSYNC 379
|
||||
#define AUE_NMOUNT 380 /* FreeBSD-specific. */
|
||||
#define AUE_BDFLUSH 381 /* Linux-specific. */
|
||||
#define AUE_SETFSUID 382 /* Linux-specific. */
|
||||
#define AUE_SETFSGID 383 /* Linux-specific. */
|
||||
#define AUE_PERSONALITY 384 /* Linux-specific. */
|
||||
#define AUE_SCHED_GETSCHEDULER 385 /* POSIX.1b. */
|
||||
#define AUE_SCHED_SETSCHEDULER 386 /* POSIX.1b. */
|
||||
#define AUE_PRCTL 387 /* Linux-specific. */
|
||||
#define AUE_GETCWD 388 /* FreeBSD/Linux-specific. */
|
||||
#define AUE_CAPGET 389 /* Linux-specific. */
|
||||
#define AUE_CAPSET 390 /* Linux-specific. */
|
||||
#define AUE_PIVOT_ROOT 391 /* Linux-specific. */
|
||||
#define AUE_RTPRIO 392 /* FreeBSD-specific. */
|
||||
#define AUE_SCHED_GETPARAM 393 /* POSIX.1b. */
|
||||
#define AUE_SCHED_SETPARAM 394 /* POSIX.1b. */
|
||||
#define AUE_SCHED_GET_PRIORITY_MAX 395 /* POSIX.1b. */
|
||||
#define AUE_SCHED_GET_PRIORITY_MIN 396 /* POSIX.1b. */
|
||||
#define AUE_SCHED_RR_GET_INTERVAL 397 /* POSIX.1b. */
|
||||
#define AUE_ACL_GET_FILE 398 /* FreeBSD. */
|
||||
#define AUE_ACL_SET_FILE 399 /* FreeBSD. */
|
||||
#define AUE_ACL_GET_FD 400 /* FreeBSD. */
|
||||
#define AUE_ACL_SET_FD 401 /* FreeBSD. */
|
||||
#define AUE_ACL_DELETE_FILE 402 /* FreeBSD. */
|
||||
#define AUE_ACL_DELETE_FD 403 /* FreeBSD. */
|
||||
#define AUE_ACL_CHECK_FILE 404 /* FreeBSD. */
|
||||
#define AUE_ACL_CHECK_FD 405 /* FreeBSD. */
|
||||
#define AUE_ACL_GET_LINK 406 /* FreeBSD. */
|
||||
#define AUE_ACL_SET_LINK 407 /* FreeBSD. */
|
||||
#define AUE_ACL_DELETE_LINK 408 /* FreeBSD. */
|
||||
#define AUE_ACL_CHECK_LINK 409 /* FreeBSD. */
|
||||
#define AUE_SYSARCH 410 /* FreeBSD. */
|
||||
#define AUE_EXTATTRCTL 411 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_GET_FILE 412 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_SET_FILE 413 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_LIST_FILE 414 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_DELETE_FILE 415 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_GET_FD 416 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_SET_FD 417 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_LIST_FD 418 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_DELETE_FD 419 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_GET_LINK 420 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_SET_LINK 421 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_LIST_LINK 422 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_DELETE_LINK 423 /* FreeBSD. */
|
||||
#define AUE_DARWIN_SYSCTL 331
|
||||
#define AUE_DARWIN_MLOCK 332
|
||||
#define AUE_DARWIN_MUNLOCK 333
|
||||
#define AUE_DARWIN_UNDELETE 334
|
||||
#define AUE_DARWIN_GETATTRLIST 335 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_SETATTRLIST 336 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_GETDIRENTRIESATTR 337 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_EXCHANGEDATA 338 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_SEARCHFS 339 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_MINHERIT 340
|
||||
#define AUE_DARWIN_SEMCONFIG 341
|
||||
#define AUE_DARWIN_SEMOPEN 342
|
||||
#define AUE_DARWIN_SEMCLOSE 343
|
||||
#define AUE_DARWIN_SEMUNLINK 344
|
||||
#define AUE_DARWIN_SHMOPEN 345
|
||||
#define AUE_DARWIN_SHMUNLINK 346
|
||||
#define AUE_DARWIN_LOADSHFILE 347 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_RESETSHFILE 348 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_NEWSYSTEMSHREG 349 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_PTHREADKILL 350 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_PTHREADSIGMASK 351 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_AUDITCTL 352
|
||||
#define AUE_DARWIN_RFORK 353
|
||||
#define AUE_DARWIN_LCHMOD 354
|
||||
#define AUE_DARWIN_SWAPOFF 355
|
||||
#define AUE_DARWIN_INITPROCESS 356 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_MAPFD 357 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_TASKFORPID 358 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_PIDFORTASK 359 /* Darwin-specific. */
|
||||
#define AUE_DARWIN_SYSCTL_NONADMIN 360
|
||||
#define AUE_DARWIN_COPYFILE 361 /* Darwin-specific. */
|
||||
|
||||
/*
|
||||
* Audit event identifiers added as part of OpenBSM, generally corresponding
|
||||
* to events in FreeBSD, Darwin, and Linux that were not present in Solaris.
|
||||
* These often duplicate events added to the Solaris set by Darwin, but use
|
||||
* event identifiers in a higher range in order to avoid colliding with
|
||||
* future Solaris additions.
|
||||
*/
|
||||
#define AUE_GETFSSTAT 43001
|
||||
#define AUE_PTRACE 43002
|
||||
#define AUE_CHFLAGS 43003
|
||||
#define AUE_FCHFLAGS 43004
|
||||
#define AUE_PROFILE 43005
|
||||
#define AUE_KTRACE 43006
|
||||
#define AUE_SETLOGIN 43007
|
||||
#define AUE_REVOKE 43008
|
||||
#define AUE_UMASK 43009
|
||||
#define AUE_MPROTECT 43010
|
||||
#define AUE_MKFIFO 43011
|
||||
#define AUE_POLL 43012
|
||||
#define AUE_FUTIMES 43013
|
||||
#define AUE_SETSID 43014
|
||||
#define AUE_SETPRIVEXEC 43015 /* Darwin-specific. */
|
||||
#define AUE_ADDPROFILE 43016 /* Darwin-specific. */
|
||||
#define AUE_KDEBUGTRACE 43017 /* Darwin-specific. */
|
||||
#define AUE_KDBUGTRACE AUE_KDEBUGTRACE
|
||||
#define AUE_FSTAT 43018
|
||||
#define AUE_FPATHCONF 43019
|
||||
#define AUE_GETDIRENTRIES 43020
|
||||
#define AUE_SYSCTL 43021
|
||||
#define AUE_MLOCK 43022
|
||||
#define AUE_MUNLOCK 43023
|
||||
#define AUE_UNDELETE 43024
|
||||
#define AUE_GETATTRLIST 43025 /* Darwin-specific. */
|
||||
#define AUE_SETATTRLIST 43026 /* Darwin-specific. */
|
||||
#define AUE_GETDIRENTRIESATTR 43027 /* Darwin-specific. */
|
||||
#define AUE_EXCHANGEDATA 43028 /* Darwin-specific. */
|
||||
#define AUE_SEARCHFS 43029 /* Darwin-specific. */
|
||||
#define AUE_MINHERIT 43030
|
||||
#define AUE_SEMCONFIG 43031
|
||||
#define AUE_SEMOPEN 43032
|
||||
#define AUE_SEMCLOSE 43033
|
||||
#define AUE_SEMUNLINK 43034
|
||||
#define AUE_SHMOPEN 43035
|
||||
#define AUE_SHMUNLINK 43036
|
||||
#define AUE_LOADSHFILE 43037 /* Darwin-specific. */
|
||||
#define AUE_RESETSHFILE 43038 /* Darwin-specific. */
|
||||
#define AUE_NEWSYSTEMSHREG 43039 /* Darwin-specific. */
|
||||
#define AUE_PTHREADKILL 43040 /* Darwin-specific. */
|
||||
#define AUE_PTHREADSIGMASK 43041 /* Darwin-specific. */
|
||||
#define AUE_AUDITCTL 43042
|
||||
#define AUE_RFORK 43043
|
||||
#define AUE_LCHMOD 43044
|
||||
#define AUE_SWAPOFF 43045
|
||||
#define AUE_INITPROCESS 43046 /* Darwin-specific. */
|
||||
#define AUE_MAPFD 43047 /* Darwin-specific. */
|
||||
#define AUE_TASKFORPID 43048 /* Darwin-specific. */
|
||||
#define AUE_PIDFORTASK 43049 /* Darwin-specific. */
|
||||
#define AUE_SYSCTL_NONADMIN 43050
|
||||
#define AUE_COPYFILE 43051 /* Darwin-specific. */
|
||||
|
||||
/*
|
||||
* Events added to OpenBSM for FreeBSD and Linux; may also be used by Darwin
|
||||
* in the future.
|
||||
*/
|
||||
#define AUE_LUTIMES 43052
|
||||
#define AUE_LCHFLAGS 43053 /* FreeBSD-specific. */
|
||||
#define AUE_SENDFILE 43054 /* BSD/Linux-specific. */
|
||||
#define AUE_USELIB 43055 /* Linux-specific. */
|
||||
#define AUE_GETRESUID 43056
|
||||
#define AUE_SETRESUID 43057
|
||||
#define AUE_GETRESGID 43058
|
||||
#define AUE_SETRESGID 43059
|
||||
#define AUE_WAIT4 43060 /* FreeBSD-specific. */
|
||||
#define AUE_LGETFH 43061 /* FreeBSD-specific. */
|
||||
#define AUE_FHSTATFS 43062 /* FreeBSD-specific. */
|
||||
#define AUE_FHOPEN 43063 /* FreeBSD-specific. */
|
||||
#define AUE_FHSTAT 43064 /* FreeBSD-specific. */
|
||||
#define AUE_JAIL 43065 /* FreeBSD-specific. */
|
||||
#define AUE_EACCESS 43066 /* FreeBSD-specific. */
|
||||
#define AUE_KQUEUE 43067 /* FreeBSD-specific. */
|
||||
#define AUE_KEVENT 43068 /* FreeBSD-specific. */
|
||||
#define AUE_FSYNC 43069
|
||||
#define AUE_NMOUNT 43070 /* FreeBSD-specific. */
|
||||
#define AUE_BDFLUSH 43071 /* Linux-specific. */
|
||||
#define AUE_SETFSUID 43072 /* Linux-specific. */
|
||||
#define AUE_SETFSGID 43073 /* Linux-specific. */
|
||||
#define AUE_PERSONALITY 43074 /* Linux-specific. */
|
||||
#define AUE_SCHED_GETSCHEDULER 43075 /* POSIX.1b. */
|
||||
#define AUE_SCHED_SETSCHEDULER 43076 /* POSIX.1b. */
|
||||
#define AUE_PRCTL 43077 /* Linux-specific. */
|
||||
#define AUE_GETCWD 43078 /* FreeBSD/Linux-specific. */
|
||||
#define AUE_CAPGET 43079 /* Linux-specific. */
|
||||
#define AUE_CAPSET 43080 /* Linux-specific. */
|
||||
#define AUE_PIVOT_ROOT 43081 /* Linux-specific. */
|
||||
#define AUE_RTPRIO 43082 /* FreeBSD-specific. */
|
||||
#define AUE_SCHED_GETPARAM 43083 /* POSIX.1b. */
|
||||
#define AUE_SCHED_SETPARAM 43084 /* POSIX.1b. */
|
||||
#define AUE_SCHED_GET_PRIORITY_MAX 43085 /* POSIX.1b. */
|
||||
#define AUE_SCHED_GET_PRIORITY_MIN 43086 /* POSIX.1b. */
|
||||
#define AUE_SCHED_RR_GET_INTERVAL 43087 /* POSIX.1b. */
|
||||
#define AUE_ACL_GET_FILE 43088 /* FreeBSD. */
|
||||
#define AUE_ACL_SET_FILE 43089 /* FreeBSD. */
|
||||
#define AUE_ACL_GET_FD 43090 /* FreeBSD. */
|
||||
#define AUE_ACL_SET_FD 43091 /* FreeBSD. */
|
||||
#define AUE_ACL_DELETE_FILE 43092 /* FreeBSD. */
|
||||
#define AUE_ACL_DELETE_FD 43093 /* FreeBSD. */
|
||||
#define AUE_ACL_CHECK_FILE 43094 /* FreeBSD. */
|
||||
#define AUE_ACL_CHECK_FD 43095 /* FreeBSD. */
|
||||
#define AUE_ACL_GET_LINK 43096 /* FreeBSD. */
|
||||
#define AUE_ACL_SET_LINK 43097 /* FreeBSD. */
|
||||
#define AUE_ACL_DELETE_LINK 43098 /* FreeBSD. */
|
||||
#define AUE_ACL_CHECK_LINK 43099 /* FreeBSD. */
|
||||
#define AUE_SYSARCH 43100 /* FreeBSD. */
|
||||
#define AUE_EXTATTRCTL 43101 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_GET_FILE 43102 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_SET_FILE 43103 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_LIST_FILE 43104 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_DELETE_FILE 43105 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_GET_FD 43106 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_SET_FD 43107 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_LIST_FD 43108 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_DELETE_FD 43109 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_GET_LINK 43110 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_SET_LINK 43111 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_LIST_LINK 43112 /* FreeBSD. */
|
||||
#define AUE_EXTATTR_DELETE_LINK 43113 /* FreeBSD. */
|
||||
|
||||
/*
|
||||
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
|
||||
|
@ -30,7 +30,7 @@
|
||||
*
|
||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#19 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#23 $
|
||||
*/
|
||||
|
||||
#ifndef _BSM_AUDIT_RECORD_H_
|
||||
@ -184,7 +184,7 @@
|
||||
#define AUR_CHAR AUR_BYTE
|
||||
#define AUR_SHORT 1
|
||||
#define AUR_INT32 2
|
||||
#define AUR_INT AUR_INT
|
||||
#define AUR_INT AUR_INT32
|
||||
#define AUR_INT64 3
|
||||
|
||||
/* ... and their sizes */
|
||||
@ -199,9 +199,19 @@
|
||||
#define PAD_NOTATTR 0x4000 /* nonattributable event */
|
||||
#define PAD_FAILURE 0x8000 /* fail audit event */
|
||||
|
||||
#define AUDIT_MAX_GROUPS 16
|
||||
|
||||
#define BSM_MAX_GROUPS 16
|
||||
#define HEADER_VERSION 1
|
||||
/*
|
||||
* A number of BSM versions are floating around and defined. Here are
|
||||
* constants for them. OpenBSM uses the same token types, etc, used in the
|
||||
* Solaris BSM version, but has a separate version number in order to
|
||||
* identify a potentially different event identifier name space.
|
||||
*/
|
||||
#define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */
|
||||
#define AUDIT_HEADER_VERSION_SOLARIS 2
|
||||
#define AUDIT_HEADER_VERSION_TSOL25 3
|
||||
#define AUDIT_HEADER_VERSION_TSOL 4
|
||||
#define AUDIT_HEADER_VERSION_OPENBSM 10
|
||||
|
||||
/*
|
||||
* BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we
|
||||
@ -308,8 +318,13 @@ token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
|
||||
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
|
||||
token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
|
||||
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
|
||||
token_t *au_to_exec_args(const char **);
|
||||
token_t *au_to_exec_env(const char **);
|
||||
#if defined(_KERNEL) || defined(KERNEL)
|
||||
token_t *au_to_exec_args(char *args, int argc);
|
||||
token_t *au_to_exec_env(char *envs, int envc);
|
||||
#else
|
||||
token_t *au_to_exec_args(char **argv);
|
||||
token_t *au_to_exec_env(char **envp);
|
||||
#endif
|
||||
token_t *au_to_text(char *text);
|
||||
token_t *au_to_kevent(struct kevent *kev);
|
||||
token_t *au_to_trailer(int rec_size);
|
||||
|
@ -26,7 +26,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#21 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#27 $
|
||||
*/
|
||||
|
||||
#ifndef _LIBBSM_H_
|
||||
@ -37,8 +37,8 @@
|
||||
* solely to allow OpenSSH to compile; Darwin/Apple code should not use them.
|
||||
*/
|
||||
|
||||
#define MAX_ARGS 10
|
||||
#define MAX_ENV 10
|
||||
#define AUDIT_MAX_ARGS 10
|
||||
#define AUDIT_MAX_ENV 10
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/cdefs.h>
|
||||
@ -82,11 +82,10 @@
|
||||
#define BSM_TEXTBUFSZ MAX_AUDITSTRING_LEN /* OpenSSH compatibility */
|
||||
|
||||
/*
|
||||
* These are referenced in Solaris 9 au_open(3BSM); values are guesses.
|
||||
* Provided for OpenSSH compatibility.
|
||||
* Arguments to au_close(3).
|
||||
*/
|
||||
#define AU_TO_NO_WRITE 0
|
||||
#define AU_TO_WRITE 1
|
||||
#define AU_TO_NO_WRITE 0 /* Abandon audit record. */
|
||||
#define AU_TO_WRITE 1 /* Commit audit record. */
|
||||
|
||||
__BEGIN_DECLS
|
||||
struct au_event_ent {
|
||||
@ -138,15 +137,6 @@ __END_DECLS
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
/*
|
||||
* Internal representation of audit user in libnsl.
|
||||
*/
|
||||
typedef struct au_user_str_s {
|
||||
char *au_name;
|
||||
char *au_always;
|
||||
char *au_never;
|
||||
} au_user_str_t;
|
||||
|
||||
typedef struct au_tid32 {
|
||||
u_int32_t port;
|
||||
u_int32_t addr;
|
||||
@ -228,7 +218,7 @@ typedef struct {
|
||||
*/
|
||||
typedef struct {
|
||||
u_int32_t count;
|
||||
char *text[MAX_ARGS];
|
||||
char *text[AUDIT_MAX_ARGS];
|
||||
} au_execarg_t;
|
||||
|
||||
/*
|
||||
@ -237,7 +227,7 @@ typedef struct {
|
||||
*/
|
||||
typedef struct {
|
||||
u_int32_t count;
|
||||
char *text[MAX_ENV];
|
||||
char *text[AUDIT_MAX_ENV];
|
||||
} au_execenv_t;
|
||||
|
||||
/*
|
||||
@ -269,7 +259,7 @@ typedef struct {
|
||||
*/
|
||||
typedef struct {
|
||||
u_int16_t no;
|
||||
u_int32_t list[BSM_MAX_GROUPS];
|
||||
u_int32_t list[AUDIT_MAX_GROUPS];
|
||||
} au_groups_t;
|
||||
|
||||
/*
|
||||
@ -729,8 +719,6 @@ int au_preselect(au_event_t event, au_mask_t *mask_p,
|
||||
|
||||
/*
|
||||
* Functions relating to querying audit event information.
|
||||
*
|
||||
* XXXRW: getauevnonam() has no _r version?
|
||||
*/
|
||||
void setauevent(void);
|
||||
void endauevent(void);
|
||||
@ -770,6 +758,11 @@ void au_print_tok(FILE *outfp, tokenstr_t *tok,
|
||||
char *del, char raw, char sfrm);
|
||||
__END_DECLS
|
||||
|
||||
/*
|
||||
* The remaining APIs are associated with Apple's BSM implementation, in
|
||||
* particular as relates to Mach IPC auditing and triggers passed via Mach
|
||||
* IPC.
|
||||
*/
|
||||
#ifdef __APPLE__
|
||||
#include <sys/appleapiopts.h>
|
||||
|
||||
|
@ -12,6 +12,9 @@
|
||||
/* Define to 1 if your system has a working `chown' function. */
|
||||
#undef HAVE_CHOWN
|
||||
|
||||
/* Define to 1 if you have the `clock_gettime' function. */
|
||||
#undef HAVE_CLOCK_GETTIME
|
||||
|
||||
/* Define to 1 if you have the <dlfcn.h> header file. */
|
||||
#undef HAVE_DLFCN_H
|
||||
|
||||
|
25
contrib/openbsm/configure
vendored
25
contrib/openbsm/configure
vendored
@ -1,7 +1,7 @@
|
||||
#! /bin/sh
|
||||
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#23 .
|
||||
# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#27 .
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a7.
|
||||
# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a9.
|
||||
#
|
||||
# Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
|
||||
#
|
||||
@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='OpenBSM'
|
||||
PACKAGE_TARNAME='openbsm'
|
||||
PACKAGE_VERSION='1.0a7'
|
||||
PACKAGE_STRING='OpenBSM 1.0a7'
|
||||
PACKAGE_VERSION='1.0a9'
|
||||
PACKAGE_STRING='OpenBSM 1.0a9'
|
||||
PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
|
||||
|
||||
ac_unique_file="bin/auditreduce/auditreduce.c"
|
||||
@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures OpenBSM 1.0a7 to adapt to many kinds of systems.
|
||||
\`configure' configures OpenBSM 1.0a9 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1021,7 +1021,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of OpenBSM 1.0a7:";;
|
||||
short | recursive ) echo "Configuration of OpenBSM 1.0a9:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1162,7 +1162,7 @@ fi
|
||||
test -n "$ac_init_help" && exit 0
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
OpenBSM configure 1.0a7
|
||||
OpenBSM configure 1.0a9
|
||||
generated by GNU Autoconf 2.59
|
||||
|
||||
Copyright (C) 2003 Free Software Foundation, Inc.
|
||||
@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by OpenBSM $as_me 1.0a7, which was
|
||||
It was created by OpenBSM $as_me 1.0a9, which was
|
||||
generated by GNU Autoconf 2.59. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
@ -19278,7 +19278,7 @@ fi
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE=OpenBSM
|
||||
VERSION=1.0a7
|
||||
VERSION=1.0a9
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
@ -22833,7 +22833,8 @@ done
|
||||
|
||||
|
||||
|
||||
for ac_func in bzero ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul
|
||||
|
||||
for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul
|
||||
do
|
||||
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||
echo "$as_me:$LINENO: checking for $ac_func" >&5
|
||||
@ -23477,7 +23478,7 @@ _ASBOX
|
||||
} >&5
|
||||
cat >&5 <<_CSEOF
|
||||
|
||||
This file was extended by OpenBSM $as_me 1.0a7, which was
|
||||
This file was extended by OpenBSM $as_me 1.0a9, which was
|
||||
generated by GNU Autoconf 2.59. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -23540,7 +23541,7 @@ _ACEOF
|
||||
|
||||
cat >>$CONFIG_STATUS <<_ACEOF
|
||||
ac_cs_version="\\
|
||||
OpenBSM config.status 1.0a7
|
||||
OpenBSM config.status 1.0a9
|
||||
configured by $0, generated by GNU Autoconf 2.59,
|
||||
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
|
||||
|
||||
|
@ -2,8 +2,8 @@
|
||||
# Process this file with autoconf to produce a configure script.
|
||||
|
||||
AC_PREREQ(2.59)
|
||||
AC_INIT([OpenBSM], [1.0a7], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
|
||||
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#24 $])
|
||||
AC_INIT([OpenBSM], [1.0a9], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
|
||||
AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 $])
|
||||
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
|
||||
AC_CONFIG_AUX_DIR(config)
|
||||
AC_CONFIG_HEADER([config/config.h])
|
||||
@ -56,7 +56,7 @@ AC_FUNC_MKTIME
|
||||
AC_TYPE_SIGNAL
|
||||
AC_FUNC_STAT
|
||||
AC_FUNC_STRFTIME
|
||||
AC_CHECK_FUNCS([bzero ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul])
|
||||
AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul])
|
||||
|
||||
# sys/queue.h exists on most systems, but its capabilities vary a great deal.
|
||||
# test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in
|
||||
|
@ -1,5 +1,5 @@
|
||||
#
|
||||
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#11 $
|
||||
# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#12 $
|
||||
#
|
||||
0:AUE_NULL:indir system call:no
|
||||
1:AUE_EXIT:exit(2):pc
|
||||
@ -234,129 +234,190 @@
|
||||
267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad
|
||||
268:AUE_CLOCK_SETTIME:clock_settime(2):ad
|
||||
269:AUE_NTP_ADJTIME:ntp_adjtime(2):ad
|
||||
301:AUE_GETFSSTAT:getfsstat(2):fa
|
||||
302:AUE_PTRACE:ptrace(2):pc
|
||||
303:AUE_CHFLAGS:chflags(2):fm
|
||||
304:AUE_FCHFLAGS:fchflags(2):fm
|
||||
305:AUE_PROFILE:profil(2):pc
|
||||
306:AUE_KTRACE:ktrace(2):pc
|
||||
307:AUE_SETLOGIN:setlogin(2):pc
|
||||
#
|
||||
# What follows are deprecated Darwin event numbers that may someday conflict
|
||||
# with Solaris events.
|
||||
#
|
||||
301:AUE_DARWIN_GETFSSTAT:getfsstat(2):fa
|
||||
302:AUE_DARWIN_PTRACE:ptrace(2):pc
|
||||
303:AUE_DARWIN_CHFLAGS:chflags(2):fm
|
||||
304:AUE_DARWIN_FCHFLAGS:fchflags(2):fm
|
||||
305:AUE_DARWIN_PROFILE:profil(2):pc
|
||||
306:AUE_DARWIN_KTRACE:ktrace(2):pc
|
||||
307:AUE_DARWIN_SETLOGIN:setlogin(2):pc
|
||||
308:AUE_DARWIN_REBOOT:reboot(2):ad
|
||||
309:AUE_REVOKE:revoke(2):cl
|
||||
310:AUE_UMASK:umask(2):pc
|
||||
311:AUE_MPROTECT:mprotect(2):fm
|
||||
309:AUE_DARWIN_REVOKE:revoke(2):cl
|
||||
310:AUE_DARWIN_UMASK:umask(2):pc
|
||||
311:AUE_DARWIN_MPROTECT:mprotect(2):fm
|
||||
312:AUE_DARWIN_SETPRIORITY:setpriority(2):pc,ot
|
||||
313:AUE_DARWIN_SETTIMEOFDAY:settimeofday(2):ad
|
||||
314:AUE_DARWIN_FLOCK:flock(2):fm
|
||||
315:AUE_MKFIFO:mkfifo(2):fc
|
||||
316:AUE_POLL:poll(2):no
|
||||
315:AUE_DARWIN_MKFIFO:mkfifo(2):fc
|
||||
316:AUE_DARWIN_POLL:poll(2):no
|
||||
317:AUE_DARWIN_SOCKETPAIR:socketpair(2):nt
|
||||
318:AUE_FUTIMES:futimes(2):fm
|
||||
319:AUE_SETSID:setsid(2):pc
|
||||
320:AUE_SETPRIVEXEC:setprivexec(2):pc
|
||||
318:AUE_DARWIN_FUTIMES:futimes(2):fm
|
||||
319:AUE_DARWIN_SETSID:setsid(2):pc
|
||||
320:AUE_DARWIN_SETPRIVEXEC:setprivexec(2):pc
|
||||
321:AUE_DARWIN_NFSSVC:nfssvc(2):ad
|
||||
322:AUE_DARWIN_GETFH:getfh(2):fa
|
||||
323:AUE_DARWIN_QUOTACTL:quotactl(2):ad
|
||||
324:AUE_ADDPROFILE:system call:pc
|
||||
325:AUE_KDEBUGTRACE:system call:pc
|
||||
326:AUE_FSTAT:fstat(2):fa
|
||||
327:AUE_FPATHCONF:fpathconf(2):fa
|
||||
328:AUE_GETDIRENTRIES:getdirentries(2):fr
|
||||
324:AUE_DARWIN_ADDPROFILE:system call:pc
|
||||
325:AUE_DARWIN_KDEBUGTRACE:system call:pc
|
||||
326:AUE_DARWIN_FSTAT:fstat(2):fa
|
||||
327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa
|
||||
328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr
|
||||
329:AUE_DARWIN_TRUNCATE:truncate(2):fw
|
||||
330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw
|
||||
331:AUE_SYSCTL:sysctl(3):ad
|
||||
332:AUE_MLOCK:mlock(2):pc
|
||||
333:AUE_MUNLOCK:munlock(2):pc
|
||||
334:AUE_UNDELETE:undelete(2):fm
|
||||
335:AUE_GETATTRLIST:getattrlist():fa
|
||||
336:AUE_SETATTRLIST:setattrlist():fm
|
||||
337:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa
|
||||
338:AUE_EXCHANGEDATA:exchangedata():fw
|
||||
339:AUE_SEARCHFS:searchfs():fa
|
||||
340:AUE_MINHERIT:minherit(2):pc
|
||||
341:AUE_SEMCONFIG:semconfig():ip
|
||||
342:AUE_SEMOPEN:sem_open(2):ip
|
||||
343:AUE_SEMCLOSE:sem_close(2):ip
|
||||
344:AUE_SEMUNLINK:sem_unlink(2):ip
|
||||
345:AUE_SHMOPEN:shm_open(2):ip
|
||||
346:AUE_SHMUNLINK:shm_unlink(2):ip
|
||||
347:AUE_LOADSHFILE:load_shared_file():fr
|
||||
348:AUE_RESETSHFILE:reset_shared_file():ot
|
||||
349:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot
|
||||
350:AUE_PTHREADKILL:pthread_kill(2):pc
|
||||
351:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc
|
||||
352:AUE_AUDITCTL:auditctl(2):ad
|
||||
353:AUE_RFORK:rfork(2):pc
|
||||
354:AUE_LCHMOD:lchmod(2):fm
|
||||
355:AUE_SWAPOFF:swapoff():ad
|
||||
356:AUE_INITPROCESS:init_process():pc
|
||||
357:AUE_MAPFD:map_fd():fa
|
||||
358:AUE_TASKFORPID:task_for_pid():pc
|
||||
359:AUE_PIDFORTASK:pid_for_task():pc
|
||||
360:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot
|
||||
361:AUE_COPYFILE:copyfile():fr,fw
|
||||
362:AUE_LUTIMES:lutimes(2):fm
|
||||
363:AUE_LCHFLAGS:lchflags(2):fm
|
||||
364:AUE_SENDFILE:sendfile(2):nt
|
||||
365:AUE_USELIB:uselib(2):fa
|
||||
366:AUE_GETRESUID:getresuid(2):pc
|
||||
367:AUE_SETRESUID:setresuid(2):pc
|
||||
368:AUE_GETRESGID:getresgid(2):pc
|
||||
369:AUE_SETRESGID:setresgid(2):pc
|
||||
370:AUE_WAIT4:wait4(2):pc
|
||||
371:AUE_LGETFH:lgetfh(2):fa
|
||||
372:AUE_FHSTATFS:fhstatfs(2):fa
|
||||
373:AUE_FHOPEN:fhopen(2):fa
|
||||
374:AUE_FHSTAT:fhstat(2):fa
|
||||
375:AUE_JAIL:jail(2):pc
|
||||
376:AUE_EACCESS:eaccess(2):fa
|
||||
377:AUE_KQUEUE:kqueue(2):no
|
||||
378:AUE_KEVENT:kevent(2):no
|
||||
379:AUE_FSYNC:fsync(2):fm
|
||||
380:AUE_NMOUNT:nmount(2):ad
|
||||
381:AUE_BDFLUSH:bdflush(2):ad
|
||||
382:AUE_SETFSUID:setfsuid(2):ot
|
||||
383:AUE_SETFSGID:setfsgid(2):ot
|
||||
384:AUE_PERSONALITY:personality(2):pc
|
||||
385:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
|
||||
386:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
|
||||
387:AUE_PRCTL:prctl(2):pc
|
||||
388:AUE_GETCWD:getcwd(2):pc
|
||||
389:AUE_CAPGET:capget(2):pc
|
||||
390:AUE_CAPSET:capset(2):pc
|
||||
391:AUE_PIVOT_ROOT:pivot_root(2):pc
|
||||
392:AUE_RTPRIO::rtprio(2):pc
|
||||
393:AUE_SCHED_GETPARAM:sched_getparam(2):ad
|
||||
394:AUE_SCHED_SETPARAM:sched_setparam(2):ad
|
||||
395:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
|
||||
396:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
|
||||
397:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
|
||||
398:AUE_ACL_GET_FILE:acl_get_file(2):fa
|
||||
399:AUE_ACL_SET_FILE:acl_set_file(2):fm
|
||||
400:AUE_ACL_GET_FD:acl_get_fd(2):fa
|
||||
401:AUE_ACL_SET_FD:acl_set_fd(2):fm
|
||||
402:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
|
||||
403:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
|
||||
404:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
|
||||
405:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
|
||||
406:AUE_ACL_GET_LINK:acl_get_link(2):fa
|
||||
407:AUE_ACL_SET_LINK:acl_set_link(2):fm
|
||||
408:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
|
||||
409:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
|
||||
410:AUE_SYSARCH:sysarch(2):na
|
||||
411:AUE_EXTATTRCTL:extattrctl(2):fm
|
||||
412:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
|
||||
413:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
|
||||
414:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
|
||||
415:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
|
||||
416:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
|
||||
417:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
|
||||
418:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
|
||||
419:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
|
||||
420:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
|
||||
421:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
|
||||
422:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
|
||||
423:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
|
||||
331:AUE_DARWIN_SYSCTL:sysctl(3):ad
|
||||
332:AUE_DARWIN_MLOCK:mlock(2):pc
|
||||
333:AUE_DARWIN_MUNLOCK:munlock(2):pc
|
||||
334:AUE_DARWIN_UNDELETE:undelete(2):fm
|
||||
335:AUE_DARWIN_GETATTRLIST:getattrlist():fa
|
||||
336:AUE_DARWIN_SETATTRLIST:setattrlist():fm
|
||||
337:AUE_DARWIN_GETDIRENTRIESATTR:getdirentriesattr():fa
|
||||
338:AUE_DARWIN_EXCHANGEDATA:exchangedata():fw
|
||||
339:AUE_DARWIN_SEARCHFS:searchfs():fa
|
||||
340:AUE_DARWIN_MINHERIT:minherit(2):pc
|
||||
341:AUE_DARWIN_SEMCONFIG:semconfig():ip
|
||||
342:AUE_DARWIN_SEMOPEN:sem_open(2):ip
|
||||
343:AUE_DARWIN_SEMCLOSE:sem_close(2):ip
|
||||
344:AUE_DARWIN_SEMUNLINK:sem_unlink(2):ip
|
||||
345:AUE_DARWIN_SHMOPEN:shm_open(2):ip
|
||||
346:AUE_DARWIN_SHMUNLINK:shm_unlink(2):ip
|
||||
347:AUE_DARWIN_LOADSHFILE:load_shared_file():fr
|
||||
348:AUE_DARWIN_RESETSHFILE:reset_shared_file():ot
|
||||
349:AUE_DARWIN_NEWSYSTEMSHREG:new_system_share_regions():ot
|
||||
350:AUE_DARWIN_PTHREADKILL:pthread_kill(2):pc
|
||||
351:AUE_DARWIN_PTHREADSIGMASK:pthread_sigmask(2):pc
|
||||
352:AUE_DARWIN_AUDITCTL:auditctl(2):ad
|
||||
353:AUE_DARWIN_RFORK:rfork(2):pc
|
||||
354:AUE_DARWIN_LCHMOD:lchmod(2):fm
|
||||
355:AUE_DARWIN_SWAPOFF:swapoff():ad
|
||||
356:AUE_DARWIN_INITPROCESS:init_process():pc
|
||||
357:AUE_DARWIN_MAPFD:map_fd():fa
|
||||
358:AUE_DARWIN_TASKFORPID:task_for_pid():pc
|
||||
359:AUE_DARWIN_PIDFORTASK:pid_for_task():pc
|
||||
360:AUE_DARWIN_SYSCTL_NONADMIN:sysctl() - non-admin:ot
|
||||
361:AUE_DARWIN_COPYFILE:copyfile():fr,fw
|
||||
#
|
||||
# OpenBSM-specific kernel events.
|
||||
#
|
||||
43001:AUE_GETFSSTAT:getfsstat(2):fa
|
||||
43002:AUE_PTRACE:ptrace(2):pc
|
||||
43003:AUE_CHFLAGS:chflags(2):fm
|
||||
43004:AUE_FCHFLAGS:fchflags(2):fm
|
||||
43005:AUE_PROFILE:profil(2):pc
|
||||
43006:AUE_KTRACE:ktrace(2):pc
|
||||
43007:AUE_SETLOGIN:setlogin(2):pc
|
||||
43008:AUE_REVOKE:revoke(2):cl
|
||||
43009:AUE_UMASK:umask(2):pc
|
||||
43010:AUE_MPROTECT:mprotect(2):fm
|
||||
43011:AUE_MKFIFO:mkfifo(2):fc
|
||||
43012:AUE_POLL:poll(2):no
|
||||
43013:AUE_FUTIMES:futimes(2):fm
|
||||
43014:AUE_SETSID:setsid(2):pc
|
||||
43015:AUE_SETPRIVEXEC:setprivexec(2):pc
|
||||
43016:AUE_ADDPROFILE:system call:pc
|
||||
43017:AUE_KDEBUGTRACE:system call:pc
|
||||
43018:AUE_FSTAT:fstat(2):fa
|
||||
43019:AUE_FPATHCONF:fpathconf(2):fa
|
||||
43020:AUE_GETDIRENTRIES:getdirentries(2):fr
|
||||
43021:AUE_SYSCTL:sysctl(3):ad
|
||||
43022:AUE_MLOCK:mlock(2):pc
|
||||
43023:AUE_MUNLOCK:munlock(2):pc
|
||||
43024:AUE_UNDELETE:undelete(2):fm
|
||||
43025:AUE_GETATTRLIST:getattrlist():fa
|
||||
43026:AUE_SETATTRLIST:setattrlist():fm
|
||||
43027:AUE_GETDIRENTRIESATTR:getdirentriesattr():fa
|
||||
43028:AUE_EXCHANGEDATA:exchangedata():fw
|
||||
43029:AUE_SEARCHFS:searchfs():fa
|
||||
43030:AUE_MINHERIT:minherit(2):pc
|
||||
43031:AUE_SEMCONFIG:semconfig():ip
|
||||
43032:AUE_SEMOPEN:sem_open(2):ip
|
||||
43033:AUE_SEMCLOSE:sem_close(2):ip
|
||||
43034:AUE_SEMUNLINK:sem_unlink(2):ip
|
||||
43035:AUE_SHMOPEN:shm_open(2):ip
|
||||
43036:AUE_SHMUNLINK:shm_unlink(2):ip
|
||||
43037:AUE_LOADSHFILE:load_shared_file():fr
|
||||
43038:AUE_RESETSHFILE:reset_shared_file():ot
|
||||
43039:AUE_NEWSYSTEMSHREG:new_system_share_regions():ot
|
||||
43040:AUE_PTHREADKILL:pthread_kill(2):pc
|
||||
43041:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc
|
||||
43042:AUE_AUDITCTL:auditctl(2):ad
|
||||
43043:AUE_RFORK:rfork(2):pc
|
||||
43044:AUE_LCHMOD:lchmod(2):fm
|
||||
43045:AUE_SWAPOFF:swapoff():ad
|
||||
43046:AUE_INITPROCESS:init_process():pc
|
||||
43047:AUE_MAPFD:map_fd():fa
|
||||
43048:AUE_TASKFORPID:task_for_pid():pc
|
||||
43049:AUE_PIDFORTASK:pid_for_task():pc
|
||||
43050:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot
|
||||
43051:AUE_COPYFILE:copyfile():fr,fw
|
||||
43052:AUE_LUTIMES:lutimes(2):fm
|
||||
43053:AUE_LCHFLAGS:lchflags(2):fm
|
||||
43054:AUE_SENDFILE:sendfile(2):nt
|
||||
43055:AUE_USELIB:uselib(2):fa
|
||||
43056:AUE_GETRESUID:getresuid(2):pc
|
||||
43057:AUE_SETRESUID:setresuid(2):pc
|
||||
43058:AUE_GETRESGID:getresgid(2):pc
|
||||
43059:AUE_SETRESGID:setresgid(2):pc
|
||||
43060:AUE_WAIT4:wait4(2):pc
|
||||
43061:AUE_LGETFH:lgetfh(2):fa
|
||||
43062:AUE_FHSTATFS:fhstatfs(2):fa
|
||||
43063:AUE_FHOPEN:fhopen(2):fa
|
||||
43064:AUE_FHSTAT:fhstat(2):fa
|
||||
43065:AUE_JAIL:jail(2):pc
|
||||
43066:AUE_EACCESS:eaccess(2):fa
|
||||
43067:AUE_KQUEUE:kqueue(2):no
|
||||
43068:AUE_KEVENT:kevent(2):no
|
||||
43069:AUE_FSYNC:fsync(2):fm
|
||||
43070:AUE_NMOUNT:nmount(2):ad
|
||||
43071:AUE_BDFLUSH:bdflush(2):ad
|
||||
43072:AUE_SETFSUID:setfsuid(2):ot
|
||||
43073:AUE_SETFSGID:setfsgid(2):ot
|
||||
43074:AUE_PERSONALITY:personality(2):pc
|
||||
43075:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
|
||||
43076:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
|
||||
43077:AUE_PRCTL:prctl(2):pc
|
||||
43078:AUE_GETCWD:getcwd(2):pc
|
||||
43079:AUE_CAPGET:capget(2):pc
|
||||
43080:AUE_CAPSET:capset(2):pc
|
||||
43081:AUE_PIVOT_ROOT:pivot_root(2):pc
|
||||
43082:AUE_RTPRIO::rtprio(2):pc
|
||||
43083:AUE_SCHED_GETPARAM:sched_getparam(2):ad
|
||||
43084:AUE_SCHED_SETPARAM:sched_setparam(2):ad
|
||||
43085:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
|
||||
43086:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
|
||||
43087:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
|
||||
43088:AUE_ACL_GET_FILE:acl_get_file(2):fa
|
||||
43089:AUE_ACL_SET_FILE:acl_set_file(2):fm
|
||||
43090:AUE_ACL_GET_FD:acl_get_fd(2):fa
|
||||
43091:AUE_ACL_SET_FD:acl_set_fd(2):fm
|
||||
43092:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
|
||||
43093:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
|
||||
43094:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
|
||||
43095:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
|
||||
43096:AUE_ACL_GET_LINK:acl_get_link(2):fa
|
||||
43097:AUE_ACL_SET_LINK:acl_set_link(2):fm
|
||||
43098:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
|
||||
43099:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
|
||||
43100:AUE_SYSARCH:sysarch(2):na
|
||||
43101:AUE_EXTATTRCTL:extattrctl(2):fm
|
||||
43102:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
|
||||
43103:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
|
||||
43104:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
|
||||
43105:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
|
||||
43106:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
|
||||
43107:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
|
||||
43108:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
|
||||
43109:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
|
||||
43110:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
|
||||
43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
|
||||
43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
|
||||
43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
|
||||
#
|
||||
# User space system events.
|
||||
#
|
||||
6152:AUE_login:login - local:lo
|
||||
6153:AUE_logout:logout - local:lo
|
||||
6159:AUE_su:su(1):lo
|
||||
|
@ -23,7 +23,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#7 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#8 $
|
||||
.\"
|
||||
.Dd April 19, 2005
|
||||
.Dt AU_TOKEN 3
|
||||
@ -155,9 +155,9 @@
|
||||
.Ft token_t *
|
||||
.Fn au_to_me "void"
|
||||
.Ft token_t *
|
||||
.Fn au_to_exec_args "const char **args"
|
||||
.Fn au_to_exec_args "char **argv"
|
||||
.Ft token_t *
|
||||
.Fn au_to_exec_env "const char **env"
|
||||
.Fn au_to_exec_env "char **envp"
|
||||
.Ft token_t *
|
||||
.Fn au_to_header "int rec_size" "au_event_t e_type" "au_emod_t emod"
|
||||
.Ft token_t *
|
||||
|
@ -30,7 +30,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#26 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#28 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -54,14 +54,14 @@
|
||||
static au_record_t *open_desc_table[MAX_AUDIT_RECORDS];
|
||||
|
||||
/* The current number of active record descriptors */
|
||||
static int bsm_rec_count = 0;
|
||||
static int audit_rec_count = 0;
|
||||
|
||||
/*
|
||||
* Records that can be recycled are maintained in the list given below. The
|
||||
* maximum number of elements that can be present in this list is bounded by
|
||||
* MAX_AUDIT_RECORDS. Memory allocated for these records are never freed.
|
||||
*/
|
||||
static LIST_HEAD(, au_record) bsm_free_q;
|
||||
static LIST_HEAD(, au_record) audit_free_q;
|
||||
|
||||
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
|
||||
|
||||
@ -93,15 +93,15 @@ au_open(void)
|
||||
|
||||
pthread_mutex_lock(&mutex);
|
||||
|
||||
if (bsm_rec_count == 0)
|
||||
LIST_INIT(&bsm_free_q);
|
||||
if (audit_rec_count == 0)
|
||||
LIST_INIT(&audit_free_q);
|
||||
|
||||
/*
|
||||
* Find an unused descriptor, remove it from the free list, mark as
|
||||
* used.
|
||||
*/
|
||||
if (!LIST_EMPTY(&bsm_free_q)) {
|
||||
rec = LIST_FIRST(&bsm_free_q);
|
||||
if (!LIST_EMPTY(&audit_free_q)) {
|
||||
rec = LIST_FIRST(&audit_free_q);
|
||||
rec->used = 1;
|
||||
LIST_REMOVE(rec, au_rec_q);
|
||||
}
|
||||
@ -125,7 +125,7 @@ au_open(void)
|
||||
|
||||
pthread_mutex_lock(&mutex);
|
||||
|
||||
if (bsm_rec_count == MAX_AUDIT_RECORDS) {
|
||||
if (audit_rec_count == MAX_AUDIT_RECORDS) {
|
||||
pthread_mutex_unlock(&mutex);
|
||||
free(rec->data);
|
||||
free(rec);
|
||||
@ -134,9 +134,9 @@ au_open(void)
|
||||
errno = ENOMEM;
|
||||
return (-1);
|
||||
}
|
||||
rec->desc = bsm_rec_count;
|
||||
open_desc_table[bsm_rec_count] = rec;
|
||||
bsm_rec_count++;
|
||||
rec->desc = audit_rec_count;
|
||||
open_desc_table[audit_rec_count] = rec;
|
||||
audit_rec_count++;
|
||||
|
||||
pthread_mutex_unlock(&mutex);
|
||||
|
||||
@ -174,7 +174,7 @@ au_write(int d, token_t *tok)
|
||||
return (-1); /* Invalid descriptor */
|
||||
}
|
||||
|
||||
if (rec->len + tok->len + BSM_TRAILER_SIZE > MAX_AUDIT_RECORD_SIZE) {
|
||||
if (rec->len + tok->len + AUDIT_TRAILER_SIZE > MAX_AUDIT_RECORD_SIZE) {
|
||||
errno = ENOMEM;
|
||||
return (-1);
|
||||
}
|
||||
@ -208,7 +208,7 @@ au_assemble(au_record_t *rec, short event)
|
||||
u_char *dptr;
|
||||
int error;
|
||||
|
||||
tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
|
||||
tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
|
||||
header = au_to_header32(tot_rec_size, event, 0);
|
||||
if (header == NULL)
|
||||
return (-1);
|
||||
@ -257,7 +257,7 @@ au_teardown(au_record_t *rec)
|
||||
pthread_mutex_lock(&mutex);
|
||||
|
||||
/* Add the record to the freelist tail */
|
||||
LIST_INSERT_HEAD(&bsm_free_q, rec, au_rec_q);
|
||||
LIST_INSERT_HEAD(&audit_free_q, rec, au_rec_q);
|
||||
|
||||
pthread_mutex_unlock(&mutex);
|
||||
}
|
||||
@ -285,7 +285,7 @@ au_close(int d, int keep, short event)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
|
||||
tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
|
||||
|
||||
if (tot_rec_size > MAX_AUDIT_RECORD_SIZE) {
|
||||
/*
|
||||
@ -335,7 +335,7 @@ au_close_buffer(int d, short event, u_char *buffer, size_t *buflen)
|
||||
}
|
||||
|
||||
retval = 0;
|
||||
tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
|
||||
tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
|
||||
if ((tot_rec_size > MAX_AUDIT_RECORD_SIZE) ||
|
||||
(tot_rec_size > *buflen)) {
|
||||
/*
|
||||
|
@ -27,7 +27,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_event.c#11 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_event.c#12 $
|
||||
*/
|
||||
|
||||
#include <bsm/libbsm.h>
|
||||
@ -62,27 +62,32 @@ eventfromstr(char *str, struct au_event_ent *e)
|
||||
evdesc = strtok_r(NULL, eventdelim, &last);
|
||||
evclass = strtok_r(NULL, eventdelim, &last);
|
||||
|
||||
if ((evno == NULL) || (evname == NULL) || (evdesc == NULL) ||
|
||||
(evclass == NULL))
|
||||
if ((evno == NULL) || (evname == NULL))
|
||||
return (NULL);
|
||||
|
||||
if (strlen(evname) >= AU_EVENT_NAME_MAX)
|
||||
return (NULL);
|
||||
|
||||
strcpy(e->ae_name, evname);
|
||||
if (strlen(evdesc) >= AU_EVENT_DESC_MAX)
|
||||
return (NULL);
|
||||
strcpy(e->ae_desc, evdesc);
|
||||
if (evdesc != NULL) {
|
||||
if (strlen(evdesc) >= AU_EVENT_DESC_MAX)
|
||||
return (NULL);
|
||||
strcpy(e->ae_desc, evdesc);
|
||||
} else
|
||||
strcpy(e->ae_desc, "");
|
||||
|
||||
e->ae_number = atoi(evno);
|
||||
|
||||
/*
|
||||
* Find out the mask that corresponds to the given list of classes.
|
||||
*/
|
||||
if (getauditflagsbin(evclass, &evmask) != 0)
|
||||
if (evclass != NULL) {
|
||||
if (getauditflagsbin(evclass, &evmask) != 0)
|
||||
e->ae_class = AU_NULL;
|
||||
else
|
||||
e->ae_class = evmask.am_success;
|
||||
} else
|
||||
e->ae_class = AU_NULL;
|
||||
else
|
||||
e->ae_class = evmask.am_success;
|
||||
|
||||
return (e);
|
||||
}
|
||||
|
@ -31,7 +31,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#37 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#40 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -820,7 +820,7 @@ print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
|
||||
print_delim(fp, del);
|
||||
print_1_byte(fp, tok->tt.arg32.no, "%u");
|
||||
print_delim(fp, del);
|
||||
print_4_bytes(fp, tok->tt.arg32.val, "%#x");
|
||||
print_4_bytes(fp, tok->tt.arg32.val, "0x%x");
|
||||
print_delim(fp, del);
|
||||
print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len);
|
||||
}
|
||||
@ -859,7 +859,7 @@ print_arg64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
|
||||
print_delim(fp, del);
|
||||
print_1_byte(fp, tok->tt.arg64.no, "%u");
|
||||
print_delim(fp, del);
|
||||
print_8_bytes(fp, tok->tt.arg64.val, "%#llx");
|
||||
print_8_bytes(fp, tok->tt.arg64.val, "0x%llx");
|
||||
print_delim(fp, del);
|
||||
print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len);
|
||||
}
|
||||
@ -1259,7 +1259,7 @@ print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
|
||||
{
|
||||
int i;
|
||||
|
||||
print_tok_type(fp, tok->id, "exec arg", raw);
|
||||
print_tok_type(fp, tok->id, "exec env", raw);
|
||||
for (i = 0; i< tok->tt.execenv.count; i++) {
|
||||
print_delim(fp, del);
|
||||
print_string(fp, tok->tt.execenv.text[i],
|
||||
@ -2448,7 +2448,7 @@ fetch_invalid_tok(tokenstr_t *tok, char *buf, int len)
|
||||
int err = 0;
|
||||
int recoversize;
|
||||
|
||||
recoversize = len - (tok->len + BSM_TRAILER_SIZE);
|
||||
recoversize = len - (tok->len + AUDIT_TRAILER_SIZE);
|
||||
if (recoversize <= 0)
|
||||
return (-1);
|
||||
|
||||
|
@ -30,7 +30,7 @@
|
||||
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#48 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#51 $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -309,7 +309,7 @@ token_t *
|
||||
au_to_groups(int *groups)
|
||||
{
|
||||
|
||||
return (au_to_newgroups(BSM_MAX_GROUPS, groups));
|
||||
return (au_to_newgroups(AUDIT_MAX_GROUPS, groups));
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1055,7 +1055,7 @@ au_to_me(void)
|
||||
* text count null-terminated strings
|
||||
*/
|
||||
token_t *
|
||||
au_to_exec_args(const char **args)
|
||||
au_to_exec_args(char **argv)
|
||||
{
|
||||
token_t *t;
|
||||
u_char *dptr = NULL;
|
||||
@ -1063,7 +1063,7 @@ au_to_exec_args(const char **args)
|
||||
int i, count = 0;
|
||||
size_t totlen = 0;
|
||||
|
||||
nextarg = *args;
|
||||
nextarg = *argv;
|
||||
|
||||
while (nextarg != NULL) {
|
||||
int nextlen;
|
||||
@ -1071,7 +1071,7 @@ au_to_exec_args(const char **args)
|
||||
nextlen = strlen(nextarg);
|
||||
totlen += nextlen + 1;
|
||||
count++;
|
||||
nextarg = *(args + count);
|
||||
nextarg = *(argv + count);
|
||||
}
|
||||
|
||||
totlen += count * sizeof(char); /* nul terminations. */
|
||||
@ -1083,7 +1083,7 @@ au_to_exec_args(const char **args)
|
||||
ADD_U_INT32(dptr, count);
|
||||
|
||||
for (i = 0; i < count; i++) {
|
||||
nextarg = *(args + i);
|
||||
nextarg = *(argv + i);
|
||||
ADD_MEM(dptr, nextarg, strlen(nextarg) + 1);
|
||||
}
|
||||
|
||||
@ -1096,7 +1096,7 @@ au_to_exec_args(const char **args)
|
||||
* text count null-terminated strings
|
||||
*/
|
||||
token_t *
|
||||
au_to_exec_env(const char **env)
|
||||
au_to_exec_env(char **envp)
|
||||
{
|
||||
token_t *t;
|
||||
u_char *dptr = NULL;
|
||||
@ -1104,7 +1104,7 @@ au_to_exec_env(const char **env)
|
||||
size_t totlen = 0;
|
||||
const char *nextenv;
|
||||
|
||||
nextenv = *env;
|
||||
nextenv = *envp;
|
||||
|
||||
while (nextenv != NULL) {
|
||||
int nextlen;
|
||||
@ -1112,7 +1112,7 @@ au_to_exec_env(const char **env)
|
||||
nextlen = strlen(nextenv);
|
||||
totlen += nextlen + 1;
|
||||
count++;
|
||||
nextenv = *(env + count);
|
||||
nextenv = *(envp + count);
|
||||
}
|
||||
|
||||
totlen += sizeof(char) * count;
|
||||
@ -1124,7 +1124,7 @@ au_to_exec_env(const char **env)
|
||||
ADD_U_INT32(dptr, count);
|
||||
|
||||
for (i = 0; i < count; i++) {
|
||||
nextenv = *(env + i);
|
||||
nextenv = *(envp + i);
|
||||
ADD_MEM(dptr, nextenv, strlen(nextenv) + 1);
|
||||
}
|
||||
|
||||
@ -1155,7 +1155,7 @@ au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
|
||||
|
||||
ADD_U_CHAR(dptr, AUT_HEADER32);
|
||||
ADD_U_INT32(dptr, rec_size);
|
||||
ADD_U_CHAR(dptr, HEADER_VERSION);
|
||||
ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM);
|
||||
ADD_U_INT16(dptr, e_type);
|
||||
ADD_U_INT16(dptr, e_mod);
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\"-
|
||||
.\" Copyright (c) 2005 Robert N. M. Watson
|
||||
.\" Copyright (c) 2005-2006 Robert N. M. Watson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
@ -23,7 +23,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#9 $
|
||||
.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#10 $
|
||||
.\"
|
||||
.Dd May 1, 2005
|
||||
.Dt AUDIT.LOG 5
|
||||
@ -91,10 +91,14 @@ The
|
||||
token is used to mark the beginning of a complete audit record, and includes
|
||||
the length of the total record in bytes, a version number for the record
|
||||
layout, the event type and subtype, and the time at which the event occurred.
|
||||
A
|
||||
A 32-bit
|
||||
.Dv header
|
||||
token can be created using
|
||||
.Xr au_to_header32 3 .
|
||||
.Xr au_to_header32 3 ;
|
||||
a 64-bit
|
||||
.Dv header
|
||||
token can be created using
|
||||
.Xr au_to_header64 3 .
|
||||
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
||||
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
||||
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
|
||||
@ -111,11 +115,14 @@ The
|
||||
token is an expanded version of the
|
||||
.Dv header
|
||||
token, with the addition of a machine IPv4 or IPv6 address.
|
||||
The
|
||||
.Xr libbsm 3
|
||||
API cannot currently create an
|
||||
.Dv expanded header
|
||||
token.
|
||||
A 32-bit extended
|
||||
.Dv header
|
||||
token can be created using
|
||||
.Xr au_to_header32_ex 3 ;
|
||||
a 64-bit extended
|
||||
.Dv header
|
||||
token can be created using
|
||||
.Xr au_to_header64_ex 3 .
|
||||
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
||||
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
||||
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
|
||||
@ -154,11 +161,10 @@ A
|
||||
.Dv How to print
|
||||
field is present to specify how to print the data, but interpretation of
|
||||
that field is not currently defined.
|
||||
The
|
||||
.Xr libbsm 3
|
||||
API cannot currently create an
|
||||
An
|
||||
.Dv arbitrary data
|
||||
token.
|
||||
token can be created using
|
||||
.Xr au_to_data 3 .
|
||||
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
|
||||
.It Sy "Field" Ta Sy Bytes Ta Sy Description
|
||||
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
|
||||
|
@ -25,7 +25,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/auditfilter_noop.c#2 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/modules/auditfilter_noop/auditfilter_noop.c#4 $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -39,7 +39,7 @@
|
||||
#include <bsm/audit_filter.h>
|
||||
|
||||
int
|
||||
AUDIT_FILTER_ATTACH(void **instance, int argc, char *argv[])
|
||||
AUDIT_FILTER_ATTACH(void *instance, int argc, char *argv[])
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -60,7 +60,7 @@ AUDIT_FILTER_RECORD(void *instance, struct timespec *ts, int token_count,
|
||||
}
|
||||
|
||||
void
|
||||
AUDIT_FILTER_BSMRECORD(void *instance, struct timespec *ts, u_char *data,
|
||||
AUDIT_FILTER_RAWRECORD(void *instance, struct timespec *ts, u_char *data,
|
||||
u_int len)
|
||||
{
|
||||
|
||||
|
@ -23,7 +23,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#4 $
|
||||
* $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#5 $
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -144,6 +144,17 @@ generate_file_token(const char *directory, const char *token_filename)
|
||||
write_token(directory, token_filename, file_token);
|
||||
}
|
||||
|
||||
static void
|
||||
generate_file_record(const char *directory, const char *record_filename)
|
||||
{
|
||||
token_t *file_token;
|
||||
|
||||
file_token = au_to_file("test", file_token_timeval);
|
||||
if (file_token == NULL)
|
||||
err(EX_UNAVAILABLE, "au_to_file");
|
||||
write_record(directory, record_filename, file_token, AUE_NULL);
|
||||
}
|
||||
|
||||
/*
|
||||
* AUT_OHEADER
|
||||
*/
|
||||
@ -326,6 +337,32 @@ generate_subject32ex_token(const char *directory, const char *token_filename,
|
||||
write_token(directory, buf, subject32ex_token);
|
||||
}
|
||||
|
||||
static void
|
||||
generate_subject32ex_record(const char *directory, const char *record_filename,
|
||||
u_int32_t type)
|
||||
{
|
||||
token_t *subject32ex_token;
|
||||
char *buf;
|
||||
|
||||
buf = (char *)malloc(strlen(record_filename) + 6);
|
||||
if (type == AU_IPv6) {
|
||||
inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr);
|
||||
subject32_tid_addr.at_type = AU_IPv6;
|
||||
sprintf(buf, "%s%s", record_filename, "-IPv6");
|
||||
} else {
|
||||
subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
|
||||
subject32_tid_addr.at_type = AU_IPv4;
|
||||
sprintf(buf, "%s%s", record_filename, "-IPv4");
|
||||
}
|
||||
|
||||
subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid,
|
||||
subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
|
||||
subject32_sid, &subject32_tid_addr);
|
||||
if (subject32ex_token == NULL)
|
||||
err(EX_UNAVAILABLE, "au_to_subject32_ex");
|
||||
write_record(directory, record_filename, subject32ex_token, AUE_NULL);
|
||||
}
|
||||
|
||||
static au_id_t process32_auid = 0x12345678;
|
||||
static uid_t process32_euid = 0x01234567;
|
||||
static gid_t process32_egid = 0x23456789;
|
||||
@ -382,6 +419,22 @@ generate_process32ex_token(const char *directory, const char *token_filename)
|
||||
write_token(directory, token_filename, process32ex_token);
|
||||
}
|
||||
|
||||
static void
|
||||
generate_process32ex_record(const char *directory, const char *record_filename)
|
||||
{
|
||||
token_t *process32ex_token;
|
||||
|
||||
process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
|
||||
process32_tid_addr.at_type = AU_IPv4;
|
||||
|
||||
process32ex_token = au_to_process32_ex(process32_auid, process32_euid,
|
||||
process32_egid, process32_ruid, process32_rgid, process32_pid,
|
||||
process32_sid, &process32_tid_addr);
|
||||
if (process32ex_token == NULL)
|
||||
err(EX_UNAVAILABLE, "au_to_process32_ex");
|
||||
write_record(directory, record_filename, process32ex_token, AUE_NULL);
|
||||
}
|
||||
|
||||
static char return32_status = 0xd7;
|
||||
static uint32_t return32_ret = 0x12345678;
|
||||
|
||||
@ -777,29 +830,29 @@ main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
if (do_records) {
|
||||
generate_file_token(directory, "file_token");
|
||||
generate_trailer_token(directory, "trailer_token");
|
||||
generate_header32_token(directory, "header32_token");
|
||||
generate_data_token(directory, "data_record");
|
||||
generate_ipc_token(directory, "ipc_record");
|
||||
generate_path_token(directory, "path_record");
|
||||
generate_subject32_token(directory, "subject32_record");
|
||||
generate_subject32ex_token(directory, "subject32ex_record", AU_IPv4);
|
||||
generate_subject32ex_token(directory, "subject32ex_record", AU_IPv6);
|
||||
generate_process32_token(directory, "process32_record");
|
||||
generate_process32ex_token(directory, "process32ex_token");
|
||||
generate_return32_token(directory, "return32_record");
|
||||
generate_text_token(directory, "text_record");
|
||||
generate_opaque_token(directory, "opaque_record");
|
||||
generate_in_addr_token(directory, "in_addr_record");
|
||||
generate_ip_token(directory, "ip_record");
|
||||
generate_iport_token(directory, "iport_record");
|
||||
generate_arg32_token(directory, "arg32_record");
|
||||
generate_seq_token(directory, "seq_record");
|
||||
generate_attr_token(directory, "attr_record");
|
||||
generate_ipc_perm_token(directory, "ipc_perm_record");
|
||||
generate_groups_token(directory, "groups_record");
|
||||
generate_attr32_token(directory, "attr32_record");
|
||||
generate_file_record(directory, "file_record");
|
||||
generate_data_record(directory, "data_record");
|
||||
generate_ipc_record(directory, "ipc_record");
|
||||
generate_path_record(directory, "path_record");
|
||||
generate_subject32_record(directory, "subject32_record");
|
||||
generate_subject32ex_record(directory, "subject32ex_record",
|
||||
AU_IPv4);
|
||||
generate_subject32ex_record(directory, "subject32ex_record",
|
||||
AU_IPv6);
|
||||
generate_process32_record(directory, "process32_record");
|
||||
generate_process32ex_record(directory, "process32ex_record");
|
||||
generate_return32_record(directory, "return32_record");
|
||||
generate_text_record(directory, "text_record");
|
||||
generate_opaque_record(directory, "opaque_record");
|
||||
generate_in_addr_record(directory, "in_addr_record");
|
||||
generate_ip_record(directory, "ip_record");
|
||||
generate_iport_record(directory, "iport_record");
|
||||
generate_arg32_record(directory, "arg32_record");
|
||||
generate_seq_record(directory, "seq_record");
|
||||
generate_attr_record(directory, "attr_record");
|
||||
generate_ipc_perm_record(directory, "ipc_perm_record");
|
||||
generate_groups_record(directory, "groups_record");
|
||||
generate_attr32_record(directory, "attr32_record");
|
||||
}
|
||||
|
||||
return (0);
|
||||
|
@ -1,9 +1,9 @@
|
||||
#
|
||||
# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.am#1 $
|
||||
# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.am#2 $
|
||||
#
|
||||
|
||||
INCLUDES = -I$(top_srcdir)
|
||||
|
||||
bin_PROGRAMS = autool
|
||||
autool_SOURCES = autool.c
|
||||
autool_LDADD = $(top_builddir)/libbsm/libbsm.la
|
||||
bin_PROGRAMS = audump
|
||||
audump_SOURCES = audump.c
|
||||
audump_LDADD = $(top_builddir)/libbsm/libbsm.la
|
||||
|
@ -15,7 +15,7 @@
|
||||
@SET_MAKE@
|
||||
|
||||
#
|
||||
# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.in#3 $
|
||||
# $P4: //depot/projects/trustedbsd/openbsm/tools/Makefile.in#4 $
|
||||
#
|
||||
|
||||
srcdir = @srcdir@
|
||||
@ -40,7 +40,7 @@ PRE_UNINSTALL = :
|
||||
POST_UNINSTALL = :
|
||||
build_triplet = @build@
|
||||
host_triplet = @host@
|
||||
bin_PROGRAMS = autool$(EXEEXT)
|
||||
bin_PROGRAMS = audump$(EXEEXT)
|
||||
subdir = tools
|
||||
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
@ -53,9 +53,9 @@ CONFIG_CLEAN_FILES =
|
||||
am__installdirs = "$(DESTDIR)$(bindir)"
|
||||
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
|
||||
PROGRAMS = $(bin_PROGRAMS)
|
||||
am_autool_OBJECTS = autool.$(OBJEXT)
|
||||
autool_OBJECTS = $(am_autool_OBJECTS)
|
||||
autool_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
|
||||
am_audump_OBJECTS = audump.$(OBJEXT)
|
||||
audump_OBJECTS = $(am_audump_OBJECTS)
|
||||
audump_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
|
||||
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/config
|
||||
depcomp = $(SHELL) $(top_srcdir)/config/depcomp
|
||||
am__depfiles_maybe = depfiles
|
||||
@ -67,8 +67,8 @@ LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
|
||||
CCLD = $(CC)
|
||||
LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
|
||||
$(AM_LDFLAGS) $(LDFLAGS) -o $@
|
||||
SOURCES = $(autool_SOURCES)
|
||||
DIST_SOURCES = $(autool_SOURCES)
|
||||
SOURCES = $(audump_SOURCES)
|
||||
DIST_SOURCES = $(audump_SOURCES)
|
||||
ETAGS = etags
|
||||
CTAGS = ctags
|
||||
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
||||
@ -174,8 +174,8 @@ sharedstatedir = @sharedstatedir@
|
||||
sysconfdir = @sysconfdir@
|
||||
target_alias = @target_alias@
|
||||
INCLUDES = -I$(top_srcdir)
|
||||
autool_SOURCES = autool.c
|
||||
autool_LDADD = $(top_builddir)/libbsm/libbsm.la
|
||||
audump_SOURCES = audump.c
|
||||
audump_LDADD = $(top_builddir)/libbsm/libbsm.la
|
||||
all: all-am
|
||||
|
||||
.SUFFIXES:
|
||||
@ -237,9 +237,9 @@ clean-binPROGRAMS:
|
||||
echo " rm -f $$p $$f"; \
|
||||
rm -f $$p $$f ; \
|
||||
done
|
||||
autool$(EXEEXT): $(autool_OBJECTS) $(autool_DEPENDENCIES)
|
||||
@rm -f autool$(EXEEXT)
|
||||
$(LINK) $(autool_LDFLAGS) $(autool_OBJECTS) $(autool_LDADD) $(LIBS)
|
||||
audump$(EXEEXT): $(audump_OBJECTS) $(audump_DEPENDENCIES)
|
||||
@rm -f audump$(EXEEXT)
|
||||
$(LINK) $(audump_LDFLAGS) $(audump_OBJECTS) $(audump_LDADD) $(LIBS)
|
||||
|
||||
mostlyclean-compile:
|
||||
-rm -f *.$(OBJEXT)
|
||||
@ -247,7 +247,7 @@ mostlyclean-compile:
|
||||
distclean-compile:
|
||||
-rm -f *.tab.c
|
||||
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/autool.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audump.Po@am__quote@
|
||||
|
||||
.c.o:
|
||||
@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
|
||||
|
Loading…
Reference in New Issue
Block a user