From owner-p4-projects@FreeBSD.ORG Mon Jan 30 22:23:55 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2639E16A423; Mon, 30 Jan 2006 22:23:55 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C49A216A420 for ; Mon, 30 Jan 2006 22:23:54 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2F0F43D5C for ; Mon, 30 Jan 2006 22:23:48 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k0UMNmDa062608 for ; Mon, 30 Jan 2006 22:23:48 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k0UMNmbL062605 for perforce@freebsd.org; Mon, 30 Jan 2006 22:23:48 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 30 Jan 2006 22:23:48 GMT Message-Id: <200601302223.k0UMNmbL062605@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 90729 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2006 22:23:56 -0000 http://perforce.freebsd.org/chv.cgi?CH=90729 Change 90729 by rwatson@rwatson_peppercorn on 2006/01/30 22:23:07 Integrate changes from contrib/openbsm to sys in audit3 branch. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#20 integrate .. //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#15 integrate .. //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#8 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#20 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#19 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#20 $ */ #ifndef _BSM_AUDIT_H @@ -41,9 +41,9 @@ #include #define AUDIT_RECORD_MAGIC 0x828a0f1b -#define MAX_AUDIT_RECORDS 20 -#define MAX_AUDIT_RECORD_SIZE 4096 -#define MIN_AUDIT_FILE_SIZE (512 * 1024) +#define MAX_AUDIT_RECORDS 20 +#define MAX_AUDIT_RECORD_SIZE 4096 +#define MIN_AUDIT_FILE_SIZE (512 * 1024) /* The special device filename */ #define AUDITDEV_FILENAME "audit" @@ -63,23 +63,23 @@ /* * Triggers for the audit daemon */ -#define AUDIT_TRIGGER_MIN 1 -#define AUDIT_TRIGGER_LOW_SPACE 1 -#define AUDIT_TRIGGER_OPEN_NEW 2 -#define AUDIT_TRIGGER_READ_FILE 3 -#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 -#define AUDIT_TRIGGER_NO_SPACE 5 -#define AUDIT_TRIGGER_MAX 5 +#define AUDIT_TRIGGER_MIN 1 +#define AUDIT_TRIGGER_LOW_SPACE 1 +#define AUDIT_TRIGGER_OPEN_NEW 2 +#define AUDIT_TRIGGER_READ_FILE 3 +#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 +#define AUDIT_TRIGGER_NO_SPACE 5 +#define AUDIT_TRIGGER_MAX 5 /* * File that will be read for trigger events from the kernel */ -#define AUDIT_TRIGGER_FILE "/dev/audit" +#define AUDIT_TRIGGER_FILE "/dev/audit" /* * Pre-defined audit IDs */ -#define AU_DEFAUDITID -1 +#define AU_DEFAUDITID -1 /* * Define the masks for the classes of audit events. @@ -122,71 +122,74 @@ /* * IPC types */ -#define AT_IPC_MSG ((u_char)1) /* message IPC id */ -#define AT_IPC_SEM ((u_char)2) /* semaphore IPC id */ -#define AT_IPC_SHM ((u_char)3) /* shared mem IPC id */ +#define AT_IPC_MSG ((u_char)1) /* Message IPC id. */ +#define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */ +#define AT_IPC_SHM ((u_char)3) /* Shared mem IPC id. */ /* * Audit conditions. */ -#define AUC_UNSET 0 -#define AUC_AUDITING 1 -#define AUC_NOAUDIT 2 -#define AUC_DISABLED -1 +#define AUC_UNSET 0 +#define AUC_AUDITING 1 +#define AUC_NOAUDIT 2 +#define AUC_DISABLED -1 /* * auditon(2) commands. */ -#define A_GETPOLICY 2 -#define A_SETPOLICY 3 -#define A_GETKMASK 4 -#define A_SETKMASK 5 +#define A_GETPOLICY 2 +#define A_SETPOLICY 3 +#define A_GETKMASK 4 +#define A_SETKMASK 5 #define A_GETQCTRL 6 -#define A_SETQCTRL 7 -#define A_GETCWD 8 -#define A_GETCAR 9 -#define A_GETSTAT 12 -#define A_SETSTAT 13 +#define A_SETQCTRL 7 +#define A_GETCWD 8 +#define A_GETCAR 9 +#define A_GETSTAT 12 +#define A_SETSTAT 13 #define A_SETUMASK 14 -#define A_SETSMASK 15 -#define A_GETCOND 20 -#define A_SETCOND 21 -#define A_GETCLASS 22 -#define A_SETCLASS 23 -#define A_GETPINFO 24 -#define A_SETPMASK 25 -#define A_SETFSIZE 26 -#define A_GETFSIZE 27 -#define A_GETPINFO_ADDR 28 -#define A_GETKAUDIT 29 -#define A_SETKAUDIT 30 -#define A_SENDTRIGGER 31 +#define A_SETSMASK 15 +#define A_GETCOND 20 +#define A_SETCOND 21 +#define A_GETCLASS 22 +#define A_SETCLASS 23 +#define A_GETPINFO 24 +#define A_SETPMASK 25 +#define A_SETFSIZE 26 +#define A_GETFSIZE 27 +#define A_GETPINFO_ADDR 28 +#define A_GETKAUDIT 29 +#define A_SETKAUDIT 30 +#define A_SENDTRIGGER 31 /* * Audit policy controls. */ -#define AUDIT_CNT 0x0001 -#define AUDIT_AHLT 0x0002 -#define AUDIT_ARGV 0x0004 -#define AUDIT_ARGE 0x0008 -#define AUDIT_PASSWD 0x0010 -#define AUDIT_SEQ 0x0020 -#define AUDIT_WINDATA 0x0040 -#define AUDIT_USER 0x0080 -#define AUDIT_GROUP 0x0100 -#define AUDIT_TRAIL 0x0200 -#define AUDIT_PATH 0x0400 +#define AUDIT_CNT 0x0001 +#define AUDIT_AHLT 0x0002 +#define AUDIT_ARGV 0x0004 +#define AUDIT_ARGE 0x0008 +#define AUDIT_PASSWD 0x0010 +#define AUDIT_SEQ 0x0020 +#define AUDIT_WINDATA 0x0040 +#define AUDIT_USER 0x0080 +#define AUDIT_GROUP 0x0100 +#define AUDIT_TRAIL 0x0200 +#define AUDIT_PATH 0x0400 /* * Audit queue control parameters */ -#define AQ_HIWATER 100 -#define AQ_MAXHIGH 10000 -#define AQ_LOWATER 10 -#define AQ_BUFSZ 1024 -#define AQ_MAXBUFSZ 1048576 +#define AQ_HIWATER 100 +#define AQ_MAXHIGH 10000 +#define AQ_LOWATER 10 +#define AQ_BUFSZ 1024 +#define AQ_MAXBUFSZ 1048576 -#define AU_FS_MINFREE 20 /* default min filesystem freespace, in percent */ +/* + * Default minimum percentage free space on file system. + */ +#define AU_FS_MINFREE 20 /* * Type definitions used indicating the length of variable length addresses @@ -197,83 +200,83 @@ __BEGIN_DECLS -typedef uid_t au_id_t; -typedef pid_t au_asid_t; -typedef u_int16_t au_event_t; -typedef u_int16_t au_emod_t; -typedef u_int32_t au_class_t; +typedef uid_t au_id_t; +typedef pid_t au_asid_t; +typedef u_int16_t au_event_t; +typedef u_int16_t au_emod_t; +typedef u_int32_t au_class_t; struct au_tid { - dev_t port; - u_int32_t machine; + dev_t port; + u_int32_t machine; }; -typedef struct au_tid au_tid_t; +typedef struct au_tid au_tid_t; struct au_tid_addr { - dev_t at_port; - u_int32_t at_type; - u_int32_t at_addr[4]; + dev_t at_port; + u_int32_t at_type; + u_int32_t at_addr[4]; }; -typedef struct au_tid_addr au_tid_addr_t; +typedef struct au_tid_addr au_tid_addr_t; struct au_mask { - unsigned int am_success; /* success bits */ - unsigned int am_failure; /* failure bits */ + unsigned int am_success; /* Success bits. */ + unsigned int am_failure; /* Failure bits. */ }; -typedef struct au_mask au_mask_t; +typedef struct au_mask au_mask_t; struct auditinfo { - au_id_t ai_auid; /* Audit user ID */ - au_mask_t ai_mask; /* Audit masks */ - au_tid_t ai_termid; /* Terminal ID */ - au_asid_t ai_asid; /* Audit session ID */ + au_id_t ai_auid; /* Audit user ID. */ + au_mask_t ai_mask; /* Audit masks. */ + au_tid_t ai_termid; /* Terminal ID. */ + au_asid_t ai_asid; /* Audit session ID. */ }; -typedef struct auditinfo auditinfo_t; +typedef struct auditinfo auditinfo_t; struct auditinfo_addr { - au_id_t ai_auid; /* Audit user ID */ - au_mask_t ai_mask; /* Audit masks */ - au_tid_addr_t ai_termid; /* Terminal ID */ - au_asid_t ai_asid; /* Audit session ID */ + au_id_t ai_auid; /* Audit user ID. */ + au_mask_t ai_mask; /* Audit masks. */ + au_tid_addr_t ai_termid; /* Terminal ID. */ + au_asid_t ai_asid; /* Audit session ID. */ }; -typedef struct auditinfo_addr auditinfo_addr_t; +typedef struct auditinfo_addr auditinfo_addr_t; struct auditpinfo { - pid_t ap_pid; /* ID of target process */ - au_id_t ap_auid; /* Audit user ID */ - au_mask_t ap_mask; /* Audit masks */ - au_tid_t ap_termid; /* Terminal ID */ - au_asid_t ap_asid; /* Audit session ID */ + pid_t ap_pid; /* ID of target process. */ + au_id_t ap_auid; /* Audit user ID. */ + au_mask_t ap_mask; /* Audit masks. */ + au_tid_t ap_termid; /* Terminal ID. */ + au_asid_t ap_asid; /* Audit session ID. */ }; -typedef struct auditpinfo auditpinfo_t; +typedef struct auditpinfo auditpinfo_t; struct auditpinfo_addr { - pid_t ap_pid; /* ID of target process */ - au_id_t ap_auid; /* Audit user ID */ - au_mask_t ap_mask; /* Audit masks */ - au_tid_addr_t ap_termid; /* Terminal ID */ - au_asid_t ap_asid; /* Audit session ID */ + pid_t ap_pid; /* ID of target process. */ + au_id_t ap_auid; /* Audit user ID. */ + au_mask_t ap_mask; /* Audit masks. */ + au_tid_addr_t ap_termid; /* Terminal ID. */ + au_asid_t ap_asid; /* Audit session ID. */ }; -typedef struct auditpinfo_addr auditpinfo_addr_t; +typedef struct auditpinfo_addr auditpinfo_addr_t; -/* Token and record structures */ +/* Token and record structures. */ struct au_token { - u_char *t_data; - size_t len; - TAILQ_ENTRY(au_token) tokens; + u_char *t_data; + size_t len; + TAILQ_ENTRY(au_token) tokens; }; -typedef struct au_token token_t; +typedef struct au_token token_t; struct au_record { - char used; /* Is this record currently being used */ - int desc; /* The descriptor associated with this record */ - TAILQ_HEAD(, au_token) token_q; /* queue of BSM tokens */ - u_char *data; - size_t len; - LIST_ENTRY(au_record) au_rec_q; + char used; /* Record currently in use? */ + int desc; /* Descriptor for record. */ + TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ + u_char *data; + size_t len; + LIST_ENTRY(au_record) au_rec_q; }; -typedef struct au_record au_record_t; +typedef struct au_record au_record_t; /* * Kernel audit queue control parameters. @@ -283,60 +286,60 @@ size_t aq_lowater; size_t aq_bufsz; clock_t aq_delay; - int aq_minfree; /* minimum filesystem percent free space */ + int aq_minfree; /* Minimum filesystem percent free space. */ }; -typedef struct au_qctrl au_qctrl_t; +typedef struct au_qctrl au_qctrl_t; /* * Structure for the audit statistics. */ struct audit_stat { - unsigned int as_version; - unsigned int as_numevent; - int as_generated; - int as_nonattring; - int as_kernel; - int as_audit; - int as_auditctl; - int as_enqueu; - int as_written; - int as_wblocked; - int as_rblocked; - int as_dropped; - int as_totalsize; - unsigned int as_memused; + unsigned int as_version; + unsigned int as_numevent; + int as_generated; + int as_nonattring; + int as_kernel; + int as_audit; + int as_auditctl; + int as_enqueu; + int as_written; + int as_wblocked; + int as_rblocked; + int as_dropped; + int as_totalsize; + unsigned int as_memused; }; -typedef struct audit_stat au_stat_t; +typedef struct audit_stat au_stat_t; /* * Structure for the audit file statistics. */ struct audit_fstat { - u_quad_t af_filesz; - u_quad_t af_currsz; + u_quad_t af_filesz; + u_quad_t af_currsz; }; -typedef struct audit_fstat au_fstat_t; +typedef struct audit_fstat au_fstat_t; /* * Audit to event class mapping. */ struct au_evclass_map { - au_event_t ec_number; - au_class_t ec_class; + au_event_t ec_number; + au_class_t ec_class; }; -typedef struct au_evclass_map au_evclass_map_t; +typedef struct au_evclass_map au_evclass_map_t; #ifndef _KERNEL -int audit(const void *, int); -int auditon(int, void *, int); -int auditctl(const char *); -int getauid(au_id_t *); -int setauid(const au_id_t *); -int getaudit(struct auditinfo *); -int setaudit(const struct auditinfo *); -int getaudit_addr(struct auditinfo_addr *, int); -int setaudit_addr(const struct auditinfo_addr *, int); +int audit(const void *, int); +int auditon(int, void *, int); +int auditctl(const char *); +int getauid(au_id_t *); +int setauid(const au_id_t *); +int getaudit(struct auditinfo *); +int setaudit(const struct auditinfo *); +int getaudit_addr(struct auditinfo_addr *, int); +int setaudit_addr(const struct auditinfo_addr *, int); #endif /* !_KERNEL */ ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#15 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#14 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#15 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ @@ -60,12 +60,14 @@ #define AUE_CHMOD 10 #define AUE_CHOWN 11 #define AUE_UMOUNT 12 +#define AUE_JUNK 13 /* Solaris-specific. */ #define AUE_ACCESS 14 #define AUE_CHECKUSERACCESS AUE_ACCESS #define AUE_KILL 15 #define AUE_STAT 16 #define AUE_LSTAT 17 #define AUE_ACCT 18 +#define AUE_MCTL 19 /* Solaris-specific. */ #define AUE_REBOOT 20 /* XXX: Darwin conflict. */ #define AUE_SYMLINK 21 #define AUE_READLINK 22 @@ -157,34 +159,39 @@ #define AUE_SEMCTL_SETALL 108 #define AUE_SEMGET 109 #define AUE_SEMOP 110 -#define AUE_CORE 111 /* Solaris-only, currently. */ +#define AUE_CORE 111 /* Solaris-specific, currently. */ #define AUE_CLOSE 112 #define AUE_SYSTEMBOOT 113 -#define AUE_ASYNC_DAEMON_EXIT 114 /* Solaris-only. */ -#define AUE_NFSSVC_EXIT 115 /* Solaris-only. */ -#define AUE_WRITEL 128 /* Solaris-only. */ -#define AUE_WRITEVL 129 /* Solaris-only. */ +#define AUE_ASYNC_DAEMON_EXIT 114 /* Solaris-specific. */ +#define AUE_NFSSVC_EXIT 115 /* Solaris-specific. */ +#define AUE_WRITEL 128 /* Solaris-specific. */ +#define AUE_WRITEVL 129 /* Solaris-specific. */ #define AUE_GETAUID 130 #define AUE_SETAUID 131 #define AUE_GETAUDIT 132 #define AUE_SETAUDIT 133 -#define AUE_GETUSERAUDIT 134 /* Solaris-only. */ -#define AUE_SETUSERAUDIT 135 /* Solaris-only. */ -#define AUE_AUDITSVC 136 /* Solaris-only. */ -#define AUE_AUDITUSER 137 /* Solaris-only. */ +#define AUE_GETUSERAUDIT 134 /* Solaris-specific. */ +#define AUE_SETUSERAUDIT 135 /* Solaris-specific. */ +#define AUE_AUDITSVC 136 /* Solaris-specific. */ +#define AUE_AUDITUSER 137 /* Solaris-specific. */ #define AUE_AUDITON 138 +#define AUE_AUDITON_GTERMID 139 /* Solaris-specific. */ +#define AUE_AUDITON_STERMID 140 /* Solaris-specific. */ #define AUE_AUDITON_GPOLICY 141 #define AUE_AUDITON_SPOLICY 142 #define AUE_AUDITON_GQCTRL 145 #define AUE_AUDITON_SQCTRL 146 -#define AUE_GETPORTAUDIT 149 -#define AUE_ENTERPROM 153 /* Solaris-only. */ -#define AUE_EXITPROM 154 /* Solaris-only. */ +#define AUE_GETKERNSTATE 147 /* Solaris-specific. */ +#define AUE_SETKERNSTATE 148 /* Solaris-specific. */ +#define AUE_GETPORTAUDIT 149 /* Solaris-specific. */ +#define AUE_AUDISTAT 150 /* Solaris-specific. */ +#define AUE_ENTERPROM 153 /* Solaris-specific. */ +#define AUE_EXITPROM 154 /* Solaris-specific. */ #define AUE_IOCTL 158 #define AUE_SOCKET 183 #define AUE_SENDTO 184 #define AUE_PIPE 185 -#define AUE_SOCKETPAIR 186 /* XXXRW: Darwin conflict. */ +#define AUE_SOCKETPAIR 186 /* XXX: Darwin conflict. */ #define AUE_SEND 187 #define AUE_SENDMSG 188 #define AUE_RECV 189 @@ -194,6 +201,7 @@ #define AUE_LSEEK 194 #define AUE_WRITE 195 #define AUE_WRITEV 196 +#define AUE_NFS 197 /* Solaris-specific. */ #define AUE_READV 198 /* XXXRW: XXX Solaris old stat()? */ #define AUE_SETUID 200 /* XXXRW: Solaris old setuid? */ @@ -212,10 +220,10 @@ #define AUE_SETEGID 214 #define AUE_SETEUID 215 #define AUE_PUTMSG 216 -#define AUE_GETMSG 217 -#define AUE_PUTPMSG 218 -#define AUE_GETPMSG 219 - /* XXXRW: Solaris sc placeholder? */ +#define AUE_GETMSG 217 /* Solaris-specific. */ +#define AUE_PUTPMSG 218 /* Solaris-specific. */ +#define AUE_GETPMSG 219 /* Solaris-specific. */ +#define AUE_AUDITSYS 220 /* Solaris-specific. */ #define AUE_AUDITON_GETKMASK 221 #define AUE_AUDITON_SETKMASK 222 #define AUE_AUDITON_GETCWD 223 @@ -289,12 +297,13 @@ #define AUE_DARWIN_SOCKETPAIR 317 /* XXXRW: See AUE_SOCKETPAIR. */ #define AUE_FUTIMES 318 #define AUE_SETSID 319 -#define AUE_SETPRIVEXEC 320 +#define AUE_SETPRIVEXEC 320 /* Darwin-specific. */ #define AUE_DARWIN_NFSSVC 321 /* XXX: See AUE_NFS_SVC. */ #define AUE_DARWIN_GETFH 322 /* XXX: See AUE_NFS_GETFH. */ #define AUE_DARWIN_QUOTACTL 323 /* XXX: See AUE_QUOTACTL. */ -#define AUE_ADDPROFILE 324 /* Darwin */ -#define AUE_KDBUGTRACE 325 /* Darwin */ +#define AUE_ADDPROFILE 324 /* Darwin-specific. */ +#define AUE_KDEBUGTRACE 325 /* Darwin-specific. */ +#define AUE_KDBUGTRACE AUE_KDEBUGTRACE #define AUE_FSTAT 326 #define AUE_FPATHCONF 327 #define AUE_GETDIRENTRIES 328 @@ -304,11 +313,11 @@ #define AUE_MLOCK 332 #define AUE_MUNLOCK 333 #define AUE_UNDELETE 334 -#define AUE_GETATTRLIST 335 /* Darwin */ -#define AUE_SETATTRLIST 336 /* Darwin */ -#define AUE_GETDIRENTRIESATTR 337 /* Darwin */ -#define AUE_EXCHANGEDATA 338 /* Darwin */ -#define AUE_SEARCHFS 339 /* Darwin */ +#define AUE_GETATTRLIST 335 /* Darwin-specific. */ +#define AUE_SETATTRLIST 336 /* Darwin-specific. */ +#define AUE_GETDIRENTRIESATTR 337 /* Darwin-specific. */ +#define AUE_EXCHANGEDATA 338 /* Darwin-specific. */ +#define AUE_SEARCHFS 339 /* Darwin-specific. */ #define AUE_MINHERIT 340 #define AUE_SEMCONFIG 341 #define AUE_SEMOPEN 342 @@ -316,40 +325,40 @@ #define AUE_SEMUNLINK 344 #define AUE_SHMOPEN 345 #define AUE_SHMUNLINK 346 -#define AUE_LOADSHFILE 347 /* Darwin */ -#define AUE_RESETSHFILE 348 /* Darwin */ -#define AUE_NEWSYSTEMSHREG 349 /* Darwin */ -#define AUE_PTHREADKILL 350 -#define AUE_PTHREADSIGMASK 351 +#define AUE_LOADSHFILE 347 /* Darwin-specific. */ +#define AUE_RESETSHFILE 348 /* Darwin-specific. */ +#define AUE_NEWSYSTEMSHREG 349 /* Darwin-specific. */ +#define AUE_PTHREADKILL 350 /* Darwin-specific. */ +#define AUE_PTHREADSIGMASK 351 /* Darwin-specific. */ #define AUE_AUDITCTL 352 #define AUE_RFORK 353 #define AUE_LCHMOD 354 #define AUE_SWAPOFF 355 -#define AUE_INITPROCESS 356 /* Darwin */ -#define AUE_MAPFD 357 /* Darwin */ -#define AUE_TASKFORPID 358 /* Darwin */ -#define AUE_PIDFORTASK 359 /* Darwin */ +#define AUE_INITPROCESS 356 /* Darwin-specific. */ +#define AUE_MAPFD 357 /* Darwin-specific. */ +#define AUE_TASKFORPID 358 /* Darwin-specific. */ +#define AUE_PIDFORTASK 359 /* Darwin-specific. */ #define AUE_SYSCTL_NONADMIN 360 -#define AUE_COPYFILE 361 /* Darwin */ +#define AUE_COPYFILE 361 /* Darwin-specific. */ #define AUE_LUTIMES 362 -#define AUE_LCHFLAGS 363 /* FreeBSD */ -#define AUE_SENDFILE 364 /* BSD/Linux */ -#define AUE_USELIB 365 /* Linux */ +#define AUE_LCHFLAGS 363 /* FreeBSD-specific. */ +#define AUE_SENDFILE 364 /* BSD/Linux-specific. */ +#define AUE_USELIB 365 /* Linux-specific. */ #define AUE_GETRESUID 366 #define AUE_SETRESUID 367 #define AUE_GETRESGID 368 #define AUE_SETRESGID 369 -#define AUE_WAIT4 370 /* FreeBSD */ -#define AUE_LGETFH 371 /* FreeBSD */ -#define AUE_FHSTATFS 372 /* FreeBSD */ -#define AUE_FHOPEN 373 /* FreeBSD */ -#define AUE_FHSTAT 374 /* FreeBSD */ -#define AUE_JAIL 375 /* FreeBSD */ -#define AUE_EACCESS 376 /* FreeBSD */ -#define AUE_KQUEUE 377 /* FreeBSD */ -#define AUE_KEVENT 378 /* FreeBSD */ +#define AUE_WAIT4 370 /* FreeBSD-specific. */ +#define AUE_LGETFH 371 /* FreeBSD-specific. */ +#define AUE_FHSTATFS 372 /* FreeBSD-specific. */ +#define AUE_FHOPEN 373 /* FreeBSD-specific. */ +#define AUE_FHSTAT 374 /* FreeBSD-specific. */ +#define AUE_JAIL 375 /* FreeBSD-specific. */ +#define AUE_EACCESS 376 /* FreeBSD-specific. */ +#define AUE_KQUEUE 377 /* FreeBSD-specific. */ +#define AUE_KEVENT 378 /* FreeBSD-specific. */ #define AUE_FSYNC 379 -#define AUE_NMOUNT 380 /* FreeBSD */ +#define AUE_NMOUNT 380 /* FreeBSD-specific. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#8 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#7 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#8 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -226,108 +226,99 @@ struct vnode_au_info; #endif -int au_open(void); -int au_write(int d, token_t *m); -int au_close(int d, int keep, short event); -int au_close_buffer(int d, short event, u_char *buffer, - size_t *buflen); +int au_open(void); +int au_write(int d, token_t *m); +int au_close(int d, int keep, short event); +int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen); + #if defined(KERNEL) || defined(_KERNEL) -token_t *au_to_file(char *file, struct timeval tm); +token_t *au_to_file(char *file, struct timeval tm); #else -token_t *au_to_file(char *file); +token_t *au_to_file(char *file); #endif + #if defined(KERNEL) || defined(_KERNEL) -token_t *au_to_header(int rec_size, au_event_t e_type, - au_emod_t e_mod, struct timeval tm); -token_t *au_to_header32(int rec_size, au_event_t e_type, - au_emod_t e_mod, struct timeval tm); +token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm); +token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod, + struct timeval tm); #else -token_t *au_to_header(int rec_size, au_event_t e_type, - au_emod_t e_mod); -token_t *au_to_header32(int rec_size, au_event_t e_type, - au_emod_t e_mod); +token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); +token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); #endif -token_t *au_to_header64(int rec_size, au_event_t e_type, - au_emod_t e_mod); -token_t *au_to_me(void); + +token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); +token_t *au_to_me(void); +token_t *au_to_arg(char n, char *text, uint32_t v); +token_t *au_to_arg32(char n, char *text, uint32_t v); +token_t *au_to_arg64(char n, char *text, uint64_t v); -token_t *au_to_arg(char n, char *text, uint32_t v); -token_t *au_to_arg32(char n, char *text, uint32_t v); -token_t *au_to_arg64(char n, char *text, uint64_t v); #if defined(_KERNEL) || defined(KERNEL) -token_t *au_to_attr(struct vnode_au_info *vni); -token_t *au_to_attr32(struct vnode_au_info *vni); -token_t *au_to_attr64(struct vnode_au_info *vni); +token_t *au_to_attr(struct vnode_au_info *vni); +token_t *au_to_attr32(struct vnode_au_info *vni); +token_t *au_to_attr64(struct vnode_au_info *vni); #endif -token_t *au_to_data(char unit_print, char unit_type, - char unit_count, char *p); -token_t *au_to_exit(int retval, int err); -token_t *au_to_groups(int *groups); -token_t *au_to_newgroups(uint16_t n, gid_t *groups); -token_t *au_to_in_addr(struct in_addr *internet_addr); -token_t *au_to_in_addr_ex(struct in6_addr *internet_addr); -token_t *au_to_ip(struct ip *ip); -token_t *au_to_ipc(char type, int id); -token_t *au_to_ipc_perm(struct ipc_perm *perm); -token_t *au_to_iport(uint16_t iport); -token_t *au_to_opaque(char *data, uint16_t bytes); -token_t *au_to_path(char *path); -token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_process_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_process32_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_process64_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_return(char status, uint32_t ret); -token_t *au_to_return32(char status, uint32_t ret); -token_t *au_to_return64(char status, uint64_t ret); -token_t *au_to_seq(long audit_count); + +token_t *au_to_data(char unit_print, char unit_type, char unit_count, + char *p); +token_t *au_to_exit(int retval, int err); +token_t *au_to_groups(int *groups); +token_t *au_to_newgroups(uint16_t n, gid_t *groups); +token_t *au_to_in_addr(struct in_addr *internet_addr); +token_t *au_to_in_addr_ex(struct in6_addr *internet_addr); +token_t *au_to_ip(struct ip *ip); +token_t *au_to_ipc(char type, int id); +token_t *au_to_ipc_perm(struct ipc_perm *perm); +token_t *au_to_iport(uint16_t iport); +token_t *au_to_opaque(char *data, uint16_t bytes); +token_t *au_to_path(char *path); +token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, + uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, + au_tid_addr_t *tid); +token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_return(char status, uint32_t ret); +token_t *au_to_return32(char status, uint32_t ret); +token_t *au_to_return64(char status, uint64_t ret); +token_t *au_to_seq(long audit_count); + #if defined(_KERNEL) || defined(KERNEL) -token_t *au_to_socket(struct socket *so); -token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp, - struct sockaddr *la, struct sockaddr *ta); -token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp, - struct sockaddr *la, struct sockaddr *ta); +token_t *au_to_socket(struct socket *so); +token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la, + struct sockaddr *ta); +token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la, + struct sockaddr *ta); #endif -token_t *au_to_sock_inet(struct sockaddr_in *so); -token_t *au_to_sock_inet32(struct sockaddr_in *so); -token_t *au_to_sock_inet128(struct sockaddr_in6 *so); -token_t *au_to_sock_unix(struct sockaddr_un *so); -token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_t *tid); -token_t *au_to_subject_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, - gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, - au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_exec_args(const char **); -token_t *au_to_exec_env(const char **); -token_t *au_to_text(char *text); -token_t *au_to_kevent(struct kevent *kev); -token_t *au_to_trailer(int rec_size); + +token_t *au_to_sock_inet(struct sockaddr_in *so); +token_t *au_to_sock_inet32(struct sockaddr_in *so); +token_t *au_to_sock_inet128(struct sockaddr_in6 *so); +token_t *au_to_sock_unix(struct sockaddr_un *so); +token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); +token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, + gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_exec_args(const char **); +token_t *au_to_exec_env(const char **); +token_t *au_to_text(char *text); +token_t *au_to_kevent(struct kevent *kev); +token_t *au_to_trailer(int rec_size); __END_DECLS