diff options
author | rwatson <rwatson@FreeBSD.org> | 2008-12-28 22:40:42 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2008-12-28 22:40:42 +0000 |
commit | 0c86a1e4f3fbe31c24bb9609b2df551fd777428b (patch) | |
tree | 8026680e57e152bff629fb5733fa531adc5dd323 /sys/bsm | |
parent | 208cf4160e79a64866887cc5f89f964cc899f97e (diff) | |
download | FreeBSD-src-0c86a1e4f3fbe31c24bb9609b2df551fd777428b.zip FreeBSD-src-0c86a1e4f3fbe31c24bb9609b2df551fd777428b.tar.gz |
Vendor import of OpenBSM 1.1 alpha4, which incorporates the following
changes since the last imported OpenBSM release:
OpenBSM 1.1 alpha 4
- With the addition of BSM error number mapping, we also need to map the
local error number passed to audit_submit(3) to a BSM error number,
rather than have the caller perform that conversion.
- Reallocate user audit events to avoid collisions with Solaris; adopt a
more formal allocation scheme, and add some events allocated in Solaris
that will be of immediate use on other platforms.
- Add an event for Calife.
- Add au_strerror(3), which allows generating strings for BSM errors
directly, rather than requiring applications to map to the local error
space, which might not be able to entirely represent the BSM error
number space.
- Major auditd rewrite for launchd(8) support. Add libauditd library
that is shared between launchd and auditd.
- Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for
(re)starting auditing under launchd(8) on Mac OS X.
- Add 'current' symlink to active audit trail.
- Add crash recovery of previous audit trail file when detected on audit
startup that it has not been properly terminated.
- Add the event AUE_audit_recovery to indicated when an audit trail file
has been recovered from not being properly terminated. This event is
stored in the new audit trail file and includes the path of recovered
audit trail file.
- Mac OS X and FreeBSD dependent code in auditd.c is separated into
auditd_darwin.c and auditd_fbsd.c files.
- Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system
calls.
- For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
- Add support for NOTICE level logging.
OpenBSM 1.1 alpha 3
- Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map
between BSM error numbers (largely the Solaris definitions) and local
errno(2) values for 32-bit and 64-bit return tokens. This is required
as operating systems don't agree on some of the values of more recent
error numbers.
- Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the
total size for the token. This bug resulted in "unknown" tokens being
printed after the exec args/env tokens.
- Support for AUT_SOCKET_EX extended socket tokens, which describe a
socket using a pair of IPv4/IPv6 and port tuples.
- OpenBSM BSM file header version bumped for 1.1 release.
- Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.
Obtained from: TrustedBSD Project
Sponsored by: Apple Inc.
Diffstat (limited to 'sys/bsm')
-rw-r--r-- | sys/bsm/Makefile.am | 3 | ||||
-rw-r--r-- | sys/bsm/Makefile.in | 7 | ||||
-rw-r--r-- | sys/bsm/audit.h | 41 | ||||
-rw-r--r-- | sys/bsm/audit_errno.h | 214 | ||||
-rw-r--r-- | sys/bsm/audit_internal.h | 4 | ||||
-rw-r--r-- | sys/bsm/audit_kevents.h | 85 | ||||
-rw-r--r-- | sys/bsm/audit_record.h | 34 |
7 files changed, 356 insertions, 32 deletions
diff --git a/sys/bsm/Makefile.am b/sys/bsm/Makefile.am index b3c7805..2fd60bc 100644 --- a/sys/bsm/Makefile.am +++ b/sys/bsm/Makefile.am @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#1 $ +# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.am#2 $ # @@ -8,6 +8,7 @@ openbsmdir = $(includedir)/bsm openbsm_HEADERS = \ audit.h \ + audit_errno.h \ audit_internal.h \ audit_kevents.h \ audit_record.h diff --git a/sys/bsm/Makefile.in b/sys/bsm/Makefile.in index 34cb9e6..d0e5793 100644 --- a/sys/bsm/Makefile.in +++ b/sys/bsm/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/Makefile.in#4 $ # VPATH = @srcdir@ @@ -48,8 +48,8 @@ CONFIG_HEADER = $(top_builddir)/config/config.h CONFIG_CLEAN_FILES = SOURCES = DIST_SOURCES = -am__openbsm_HEADERS_DIST = audit.h audit_internal.h audit_kevents.h \ - audit_record.h +am__openbsm_HEADERS_DIST = audit.h audit_errno.h audit_internal.h \ + audit_kevents.h audit_record.h am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -173,6 +173,7 @@ top_srcdir = @top_srcdir@ @USE_NATIVE_INCLUDES_FALSE@openbsmdir = $(includedir)/bsm @USE_NATIVE_INCLUDES_FALSE@openbsm_HEADERS = \ @USE_NATIVE_INCLUDES_FALSE@ audit.h \ +@USE_NATIVE_INCLUDES_FALSE@ audit_errno.h \ @USE_NATIVE_INCLUDES_FALSE@ audit_internal.h \ @USE_NATIVE_INCLUDES_FALSE@ audit_kevents.h \ @USE_NATIVE_INCLUDES_FALSE@ audit_record.h diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h index ebb84da..c730cac 100644 --- a/sys/bsm/audit.h +++ b/sys/bsm/audit.h @@ -26,12 +26,21 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#1 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#2 $ */ #ifndef _BSM_AUDIT_H #define _BSM_AUDIT_H +#ifdef __APPLE__ +/* Temporary until rdar://problem/6133383 is resolved. */ +#include <sys/types.h> +#include <sys/param.h> +#include <sys/socket.h> +#include <sys/cdefs.h> +#include <sys/queue.h> +#endif /* __APPLE__ */ + #define AUDIT_RECORD_MAGIC 0x828a0f1b #define MAX_AUDIT_RECORDS 20 #define MAXAUDITDATA (0x8000 - 1) @@ -39,6 +48,14 @@ #define MIN_AUDIT_FILE_SIZE (512 * 1024) /* + * Minimum noumber of free blocks on the filesystem containing the audit + * log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0 + * as the kernel does an unsigned compare, plus we want to leave a few blocks + * free so userspace can terminate the log, etc. + */ +#define AUDIT_HARD_LIMIT_FREE_BLOCKS 4 + +/* * Triggers for the audit daemon. */ #define AUDIT_TRIGGER_MIN 1 @@ -47,8 +64,9 @@ #define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */ #define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */ #define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */ -#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests roate. */ -#define AUDIT_TRIGGER_MAX 6 +#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests rotate. */ +#define AUDIT_TRIGGER_INITIALIZE 7 /* Initialize audit. */ +#define AUDIT_TRIGGER_MAX 7 /* * The special device filename (FreeBSD). @@ -59,7 +77,9 @@ /* * Pre-defined audit IDs */ -#define AU_DEFAUDITID -1 +#define AU_DEFAUDITID (uid_t)(-1) +#define AU_DEFAUDITSID 0 +#define AU_ASSIGN_ASID -1 /* * IPC types. @@ -103,6 +123,7 @@ #define A_GETKAUDIT 29 #define A_SETKAUDIT 30 #define A_SENDTRIGGER 31 +#define A_GETSINFO_ADDR 32 /* * Audit policy controls. @@ -183,6 +204,7 @@ struct auditinfo_addr { au_mask_t ai_mask; /* Audit masks. */ au_tid_addr_t ai_termid; /* Terminal ID. */ au_asid_t ai_asid; /* Audit session ID. */ + u_int64_t ai_flags; /* Audit session flags. */ }; typedef struct auditinfo_addr auditinfo_addr_t; @@ -192,6 +214,7 @@ struct auditpinfo { au_mask_t ap_mask; /* Audit masks. */ au_tid_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ + u_int64_t ap_flags; /* Audit session flags. */ }; typedef struct auditpinfo auditpinfo_t; @@ -204,6 +227,16 @@ struct auditpinfo_addr { }; typedef struct auditpinfo_addr auditpinfo_addr_t; +struct au_session { + auditinfo_addr_t *as_aia_p; /* Ptr to full audit info. */ +#define as_asid as_aia_p->ai_asid +#define as_auid as_aia_p->ai_auid +#define as_termid as_aia_p->ai_termid + + au_mask_t as_mask; /* Process Audit Masks. */ +}; +typedef struct au_session au_session_t; + /* * Contents of token_t are opaque outside of libbsm. */ diff --git a/sys/bsm/audit_errno.h b/sys/bsm/audit_errno.h new file mode 100644 index 0000000..667813c --- /dev/null +++ b/sys/bsm/audit_errno.h @@ -0,0 +1,214 @@ +/*- + * Copyright (c) 2008 Apple Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#4 $ + */ + +#ifndef _BSM_AUDIT_ERRNO_H_ +#define _BSM_AUDIT_ERRNO_H_ + +/* + * For the purposes of portable encoding, we convert between local error + * numbers and Solaris error numbers (as well as some extensions for error + * numbers that don't exist in Solaris). Although the first 35 or so + * constants are the same across all OS's, we don't handle that in any + * special way. + * + * When adding constants here, also add them to bsm_errno.c. + */ +#define BSM_ESUCCESS 0 +#define BSM_EPERM 1 +#define BSM_ENOENT 2 +#define BSM_ESRCH 3 +#define BSM_EINTR 4 +#define BSM_EIO 5 +#define BSM_ENXIO 6 +#define BSM_E2BIG 7 +#define BSM_ENOEXEC 8 +#define BSM_EBADF 9 +#define BSM_ECHILD 10 +#define BSM_EAGAIN 11 +#define BSM_ENOMEM 12 +#define BSM_EACCES 13 +#define BSM_EFAULT 14 +#define BSM_ENOTBLK 15 +#define BSM_EBUSY 16 +#define BSM_EEXIST 17 +#define BSM_EXDEV 18 +#define BSM_ENODEV 19 +#define BSM_ENOTDIR 20 +#define BSM_EISDIR 21 +#define BSM_EINVAL 22 +#define BSM_ENFILE 23 +#define BSM_EMFILE 24 +#define BSM_ENOTTY 25 +#define BSM_ETXTBSY 26 +#define BSM_EFBIG 27 +#define BSM_ENOSPC 28 +#define BSM_ESPIPE 29 +#define BSM_EROFS 30 +#define BSM_EMLINK 31 +#define BSM_EPIPE 32 +#define BSM_EDOM 33 +#define BSM_ERANGE 34 +#define BSM_ENOMSG 35 +#define BSM_EIDRM 36 +#define BSM_ECHRNG 37 /* Solaris/Linux-specific. */ +#define BSM_EL2NSYNC 38 /* Solaris/Linux-specific. */ +#define BSM_EL3HLT 39 /* Solaris/Linux-specific. */ +#define BSM_EL3RST 40 /* Solaris/Linux-specific. */ +#define BSM_ELNRNG 41 /* Solaris/Linux-specific. */ +#define BSM_EUNATCH 42 /* Solaris/Linux-specific. */ +#define BSM_ENOCSI 43 /* Solaris/Linux-specific. */ +#define BSM_EL2HLT 44 /* Solaris/Linux-specific. */ +#define BSM_EDEADLK 45 +#define BSM_ENOLCK 46 +#define BSM_ECANCELED 47 +#define BSM_ENOTSUP 48 +#define BSM_EDQUOT 49 +#define BSM_EBADE 50 /* Solaris/Linux-specific. */ +#define BSM_EBADR 51 /* Solaris/Linux-specific. */ +#define BSM_EXFULL 52 /* Solaris/Linux-specific. */ +#define BSM_ENOANO 53 /* Solaris/Linux-specific. */ +#define BSM_EBADRQC 54 /* Solaris/Linux-specific. */ +#define BSM_EBADSLT 55 /* Solaris/Linux-specific. */ +#define BSM_EDEADLOCK 56 /* Solaris-specific. */ +#define BSM_EBFONT 57 /* Solaris/Linux-specific. */ +#define BSM_EOWNERDEAD 58 /* Solaris/Linux-specific. */ +#define BSM_ENOTRECOVERABLE 59 /* Solaris/Linux-specific. */ +#define BSM_ENOSTR 60 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ENODATA 61 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ETIME 62 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ENOSR 63 /* Solaris/Darwin/Linux-specific. */ +#define BSM_ENONET 64 /* Solaris/Linux-specific. */ +#define BSM_ENOPKG 65 /* Solaris/Linux-specific. */ +#define BSM_EREMOTE 66 +#define BSM_ENOLINK 67 +#define BSM_EADV 68 /* Solaris/Linux-specific. */ +#define BSM_ESRMNT 69 /* Solaris/Linux-specific. */ +#define BSM_ECOMM 70 /* Solaris/Linux-specific. */ +#define BSM_EPROTO 71 +#define BSM_ELOCKUNMAPPED 72 /* Solaris-specific. */ +#define BSM_ENOTACTIVE 73 /* Solaris-specific. */ +#define BSM_EMULTIHOP 74 +#define BSM_EBADMSG 77 +#define BSM_ENAMETOOLONG 78 +#define BSM_EOVERFLOW 79 +#define BSM_ENOTUNIQ 80 /* Solaris/Linux-specific. */ +#define BSM_EBADFD 81 /* Solaris/Linux-specific. */ +#define BSM_EREMCHG 82 /* Solaris/Linux-specific. */ +#define BSM_ELIBACC 83 /* Solaris/Linux-specific. */ +#define BSM_ELIBBAD 84 /* Solaris/Linux-specific. */ +#define BSM_ELIBSCN 85 /* Solaris/Linux-specific. */ +#define BSM_ELIBMAX 86 /* Solaris/Linux-specific. */ +#define BSM_ELIBEXEC 87 /* Solaris/Linux-specific. */ +#define BSM_EILSEQ 88 +#define BSM_ENOSYS 89 +#define BSM_ELOOP 90 +#define BSM_ERESTART 91 +#define BSM_ESTRPIPE 92 /* Solaris/Linux-specific. */ +#define BSM_ENOTEMPTY 93 +#define BSM_EUSERS 94 +#define BSM_ENOTSOCK 95 +#define BSM_EDESTADDRREQ 96 +#define BSM_EMSGSIZE 97 +#define BSM_EPROTOTYPE 98 +#define BSM_ENOPROTOOPT 99 +#define BSM_EPROTONOSUPPORT 120 +#define BSM_ESOCKTNOSUPPORT 121 +#define BSM_EOPNOTSUPP 122 +#define BSM_EPFNOSUPPORT 123 +#define BSM_EAFNOSUPPORT 124 +#define BSM_EADDRINUSE 125 +#define BSM_EADDRNOTAVAIL 126 +#define BSM_ENETDOWN 127 +#define BSM_ENETUNREACH 128 +#define BSM_ENETRESET 129 +#define BSM_ECONNABORTED 130 +#define BSM_ECONNRESET 131 +#define BSM_ENOBUFS 132 +#define BSM_EISCONN 133 +#define BSM_ENOTCONN 134 +#define BSM_ESHUTDOWN 143 +#define BSM_ETOOMANYREFS 144 +#define BSM_ETIMEDOUT 145 +#define BSM_ECONNREFUSED 146 +#define BSM_EHOSTDOWN 147 +#define BSM_EHOSTUNREACH 148 +#define BSM_EALREADY 149 +#define BSM_EINPROGRESS 150 +#define BSM_ESTALE 151 + +/* + * OpenBSM constants for error numbers not defined in Solaris. In the event + * that these errors are added to Solaris, we will deprecate the OpenBSM + * numbers in the same way we do for audit event constants. + * + * ELAST doesn't get a constant in the BSM space. + */ +#define BSM_EPROCLIM 190 /* FreeBSD/Darwin-specific. */ +#define BSM_EBADRPC 191 /* FreeBSD/Darwin-specific. */ +#define BSM_ERPCMISMATCH 192 /* FreeBSD/Darwin-specific. */ +#define BSM_EPROGUNAVAIL 193 /* FreeBSD/Darwin-specific. */ +#define BSM_EPROGMISMATCH 194 /* FreeBSD/Darwin-specific. */ +#define BSM_EPROCUNAVAIL 195 /* FreeBSD/Darwin-specific. */ +#define BSM_EFTYPE 196 /* FreeBSD/Darwin-specific. */ +#define BSM_EAUTH 197 /* FreeBSD/Darwin-specific. */ +#define BSM_ENEEDAUTH 198 /* FreeBSD/Darwin-specific. */ +#define BSM_ENOATTR 199 /* FreeBSD/Darwin-specific. */ +#define BSM_EDOOFUS 200 /* FreeBSD-specific. */ +#define BSM_EJUSTRETURN 201 /* FreeBSD-specific. */ +#define BSM_ENOIOCTL 202 /* FreeBSD-specific. */ +#define BSM_EDIRIOCTL 203 /* FreeBSD-specific. */ +#define BSM_EPWROFF 204 /* Darwin-specific. */ +#define BSM_EDEVERR 205 /* Darwin-specific. */ +#define BSM_EBADEXEC 206 /* Darwin-specific. */ +#define BSM_EBADARCH 207 /* Darwin-specific. */ +#define BSM_ESHLIBVERS 208 /* Darwin-specific. */ +#define BSM_EBADMACHO 209 /* Darwin-specific. */ +#define BSM_EPOLICY 210 /* Darwin-specific. */ +#define BSM_EDOTDOT 211 /* Linux-specific. */ +#define BSM_EUCLEAN 212 /* Linux-specific. */ +#define BSM_ENOTNAM 213 /* Linux(Xenix?)-specific. */ +#define BSM_ENAVAIL 214 /* Linux(Xenix?)-specific. */ +#define BSM_EISNAM 215 /* Linux(Xenix?)-specific. */ +#define BSM_EREMOTEIO 216 /* Linux-specific. */ +#define BSM_ENOMEDIUM 217 /* Linux-specific. */ +#define BSM_EMEDIUMTYPE 218 /* Linux-specific. */ +#define BSM_ENOKEY 219 /* Linux-specific. */ +#define BSM_EKEYEXPIRED 220 /* Linux-specific. */ +#define BSM_EKEYREVOKED 221 /* Linux-specific. */ +#define BSM_EKEYREJECTED 222 /* Linux-specific. */ + +/* + * In the event that OpenBSM doesn't have a file representation of a local + * error number, use this. + */ +#define BSM_UNKNOWNERR 250 /* OpenBSM-specific. */ + +#endif /* !_BSM_AUDIT_ERRNO_H_ */ diff --git a/sys/bsm/audit_internal.h b/sys/bsm/audit_internal.h index d3482b3..71a5130 100644 --- a/sys/bsm/audit_internal.h +++ b/sys/bsm/audit_internal.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Apple Inc. + * Copyright (c) 2005-2008 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * @@ -30,7 +30,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#2 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5 $ */ #ifndef _AUDIT_INTERNAL_H diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h index 34cf545..57351b5 100644 --- a/sys/bsm/audit_kevents.h +++ b/sys/bsm/audit_kevents.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#3 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#4 $ */ #ifndef _BSM_AUDIT_KEVENTS_H_ @@ -58,7 +58,6 @@ #define AUE_UMOUNT 12 #define AUE_JUNK 13 /* Solaris-specific. */ #define AUE_ACCESS 14 -#define AUE_CHECKUSERACCESS AUE_ACCESS /* Darwin-specific. */ #define AUE_KILL 15 #define AUE_STAT 16 #define AUE_LSTAT 17 @@ -560,7 +559,7 @@ #define AUE_ACCESS_EXTENDED 43162 /* Darwin. */ #define AUE_CHMOD_EXTENDED 43163 /* Darwin. */ #define AUE_FCHMOD_EXTENDED 43164 /* Darwin. */ -#define AUE_FSTAT_EXTENDED 43165 /* Dariwn. */ +#define AUE_FSTAT_EXTENDED 43165 /* Darwin. */ #define AUE_LSTAT_EXTENDED 43166 /* Darwin. */ #define AUE_MKDIR_EXTENDED 43167 /* Darwin. */ #define AUE_MKFIFO_EXTENDED 43168 /* Darwin. */ @@ -585,6 +584,8 @@ #define AUE_CAP_GETRIGHTS 43187 /* TrustedBSD. */ #define AUE_CAP_ENTER 43188 /* TrustedBSD. */ #define AUE_CAP_GETMODE 43189 /* TrustedBSD. */ +#define AUE_POSIX_SPAWN 43190 /* Darwin. */ +#define AUE_FSGETPATH 43191 /* Darwin. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the @@ -656,13 +657,42 @@ /* * Possible desired future values based on review of BSD/Darwin system calls. */ +#define AUE_ACCESSEXTENDED AUE_NULL +#define AUE_ATGETMSG AUE_NULL +#define AUE_ATPUTMSG AUE_NULL +#define AUE_ATSOCKET AUE_NULL +#define AUE_ATPGETREQ AUE_NULL +#define AUE_ATPGETRSP AUE_NULL +#define AUE_ATPSNDREQ AUE_NULL +#define AUE_ATPSNDRSP AUE_NULL +#define AUE_BSDTHREADCREATE AUE_NULL +#define AUE_BSDTHREADTERMINATE AUE_NULL +#define AUE_BSDTHREADREGISTER AUE_NULL +#define AUE_CHMODEXTENDED AUE_NULL +#define AUE_CHUD AUE_NULL +#define AUE_CSOPS AUE_NULL #define AUE_DUP AUE_NULL +#define AUE_FCHMODEXTENDED AUE_NULL +#define AUE_FDATASYNC AUE_NULL +#define AUE_FFSCTL AUE_NULL +#define AUE_FGETATTRLIST AUE_NULL +#define AUE_FGETXATTR AUE_NULL +#define AUE_FLISTXATTR AUE_NULL +#define AUE_FREMOVEXATTR AUE_NULL #define AUE_FSCTL AUE_NULL +#define AUE_FSETATTRLIST AUE_NULL +#define AUE_FSETXATTR AUE_NULL +#define AUE_FSTATEXTENDED AUE_NULL +#define AUE_FSTATFS64 AUE_NULL #define AUE_FSTATV AUE_NULL +#define AUE_FSTAT64 AUE_NULL +#define AUE_FSTAT64EXTENDED AUE_NULL #define AUE_GCCONTROL AUE_NULL +#define AUE_GETDIRENTRIES64 AUE_NULL #define AUE_GETDTABLESIZE AUE_NULL #define AUE_GETEGID AUE_NULL #define AUE_GETEUID AUE_NULL +#define AUE_GETFSSTAT64 AUE_NULL #define AUE_GETGID AUE_NULL #define AUE_GETGROUPS AUE_NULL #define AUE_GETITIMER AUE_NULL @@ -675,24 +705,53 @@ #define AUE_GETPRIORITY AUE_NULL #define AUE_GETRLIMIT AUE_NULL #define AUE_GETRUSAGE AUE_NULL +#define AUE_GETSGROUPS AUE_NULL #define AUE_GETSID AUE_NULL #define AUE_GETSOCKNAME AUE_NULL #define AUE_GETTIMEOFDAY AUE_NULL +#define AUE_GETTID AUE_NULL #define AUE_GETUID AUE_NULL #define AUE_GETSOCKOPT AUE_NULL -#define AUE_GTSOCKOPT AUE_GETSOCKOPT /* XXX: Typo in Darwin. */ +#define AUE_GETWGROUPS AUE_NULL +#define AUE_GETXATTR AUE_NULL +#define AUE_IDENTITYSVC AUE_NULL +#define AUE_INITGROUPS AUE_NULL +#define AUE_IOPOLICYSYS AUE_NULL #define AUE_ISSETUGID AUE_NULL +#define AUE_LIOLISTIO AUE_NULL +#define AUE_LISTXATTR AUE_NULL +#define AUE_LSTATEXTENDED AUE_NULL #define AUE_LSTATV AUE_NULL +#define AUE_LSTAT64 AUE_NULL +#define AUE_LSTAT64EXTENDED AUE_NULL #define AUE_MADVISE AUE_NULL #define AUE_MINCORE AUE_NULL #define AUE_MKCOMPLEX AUE_NULL +#define AUE_MKDIREXTENDED AUE_NULL +#define AUE_MKFIFOEXTENDED AUE_NULL #define AUE_MODWATCH AUE_NULL #define AUE_MSGCL AUE_NULL #define AUE_MSYNC AUE_NULL +#define AUE_OPENEXTENDED AUE_NULL #define AUE_PREAD AUE_NULL #define AUE_PWRITE AUE_NULL #define AUE_PREADV AUE_NULL +#define AUE_PROCINFO AUE_NULL +#define AUE_PTHREADCANCELED AUE_NULL +#define AUE_PTHREADCHDIR AUE_NULL +#define AUE_PTHREADCONDBROADCAST AUE_NULL +#define AUE_PTHREADCONDDESTORY AUE_NULL +#define AUE_PTHREADCONDINIT AUE_NULL +#define AUE_PTHREADCONDSIGNAL AUE_NULL +#define AUE_PTHREADCONDWAIT AUE_NULL +#define AUE_PTHREADFCHDIR AUE_NULL +#define AUE_PTHREADMARK AUE_NULL +#define AUE_PTHREADMUTEXDESTROY AUE_NULL +#define AUE_PTHREADMUTEXINIT AUE_NULL +#define AUE_PTHREADMUTEXTRYLOCK AUE_NULL +#define AUE_PTHREADMUTEXUNLOCK AUE_NULL #define AUE_PWRITEV AUE_NULL +#define AUE_REMOVEXATTR AUE_NULL #define AUE_SBRK AUE_NULL #define AUE_SELECT AUE_NULL #define AUE_SEMDESTROY AUE_NULL @@ -701,7 +760,15 @@ #define AUE_SEMPOST AUE_NULL #define AUE_SEMTRYWAIT AUE_NULL #define AUE_SEMWAIT AUE_NULL +#define AUE_SEMWAITSIGNAL AUE_NULL #define AUE_SETITIMER AUE_NULL +#define AUE_SETSGROUPS AUE_NULL +#define AUE_SETTID AUE_NULL +#define AUE_SETTIDWITHPID AUE_NULL +#define AUE_SETWGROUPS AUE_NULL +#define AUE_SETXATTR AUE_NULL +#define AUE_SHAREDREGIONCHECK AUE_NULL +#define AUE_SHAREDREGIONMAP AUE_NULL #define AUE_SIGACTION AUE_NULL #define AUE_SIGALTSTACK AUE_NULL #define AUE_SIGPENDING AUE_NULL @@ -710,11 +777,21 @@ #define AUE_SIGSUSPEND AUE_NULL #define AUE_SIGWAIT AUE_NULL #define AUE_SSTK AUE_NULL +#define AUE_STACKSNAPSHOT AUE_NULL +#define AUE_STATEXTENDED AUE_NULL +#define AUE_STATFS64 AUE_NULL #define AUE_STATV AUE_NULL +#define AUE_STAT64 AUE_NULL +#define AUE_STAT64EXTENDED AUE_NULL #define AUE_SYNC AUE_NULL #define AUE_SYSCALL AUE_NULL #define AUE_TABLE AUE_NULL +#define AUE_UMASKEXTENDED AUE_NULL +#define AUE_VMPRESSUREMONITOR AUE_NULL #define AUE_WAITEVENT AUE_NULL +#define AUE_WAITID AUE_NULL #define AUE_WATCHEVENT AUE_NULL +#define AUE_WORKQOPEN AUE_NULL +#define AUE_WORKQOPS AUE_NULL #endif /* !_BSM_AUDIT_KEVENTS_H_ */ diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h index ccca15b..7295bc4 100644 --- a/sys/bsm/audit_record.h +++ b/sys/bsm/audit_record.h @@ -26,7 +26,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#3 $ + * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#8 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -164,14 +164,11 @@ #define AUDIT_HEADER_VERSION_SOLARIS 2 #define AUDIT_HEADER_VERSION_TSOL25 3 #define AUDIT_HEADER_VERSION_TSOL 4 -#define AUDIT_HEADER_VERSION_OPENBSM 10 +#define AUDIT_HEADER_VERSION_OPENBSM10 10 +#define AUDIT_HEADER_VERSION_OPENBSM11 11 +#define AUDIT_HEADER_VERSION_OPENBSM AUDIT_HEADER_VERSION_OPENBSM11 -/* - * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we - * split the difference, will remove the Apple define for the next release. - */ #define AUT_TRAILER_MAGIC 0xb105 -#define TRAILER_PAD_MAGIC AUT_TRAILER_MAGIC /* BSM library calls */ @@ -182,6 +179,7 @@ struct in6_addr; struct ip; struct ipc_perm; struct kevent; +struct sockaddr; struct sockaddr_in; struct sockaddr_in6; struct sockaddr_un; @@ -208,6 +206,7 @@ token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); +token_t *au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod); #endif token_t *au_to_me(void); @@ -251,15 +250,8 @@ token_t *au_to_return(char status, uint32_t ret); token_t *au_to_return32(char status, uint32_t ret); token_t *au_to_return64(char status, uint64_t ret); token_t *au_to_seq(long audit_count); - -#if defined(_KERNEL) || defined(KERNEL) -token_t *au_to_socket(struct socket *so); -token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la, - struct sockaddr *ta); -token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la, - struct sockaddr *ta); -#endif - +token_t *au_to_socket_ex(u_short so_domain, u_short so_type, + struct sockaddr *sa_local, struct sockaddr *sa_remote); token_t *au_to_sock_inet(struct sockaddr_in *so); token_t *au_to_sock_inet32(struct sockaddr_in *so); token_t *au_to_sock_inet128(struct sockaddr_in6 *so); @@ -277,8 +269,8 @@ token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); #if defined(_KERNEL) || defined(KERNEL) -token_t *au_to_exec_args(const char *args, int argc); -token_t *au_to_exec_env(const char *envs, int envc); +token_t *au_to_exec_args(char *args, int argc); +token_t *au_to_exec_env(char *envs, int envc); #else token_t *au_to_exec_args(char **argv); token_t *au_to_exec_env(char **envp); @@ -288,6 +280,12 @@ token_t *au_to_kevent(struct kevent *kev); token_t *au_to_trailer(int rec_size); token_t *au_to_zonename(const char *zonename); +/* + * BSM library routines for manipulating errno values. + */ +int au_bsm_to_errno(u_char bsm_error, int *errorp); +u_char au_errno_to_bsm(int error); + __END_DECLS #endif /* ! _BSM_AUDIT_RECORD_H_ */ |