diff options
Diffstat (limited to 'bsm')
| -rw-r--r-- | bsm/Makefile | 22 | ||||
| -rw-r--r-- | bsm/Makefile.am | 6 | ||||
| -rw-r--r-- | bsm/Makefile.in | 7 | ||||
| -rw-r--r-- | bsm/audit.h | 280 | ||||
| -rw-r--r-- | bsm/audit_internal.h | 115 | ||||
| -rw-r--r-- | bsm/audit_kevents.h | 682 | ||||
| -rw-r--r-- | bsm/audit_record.h | 334 | ||||
| -rw-r--r-- | bsm/audit_uevents.h | 8 | ||||
| -rw-r--r-- | bsm/libbsm.h | 10 |
9 files changed, 13 insertions, 1451 deletions
diff --git a/bsm/Makefile b/bsm/Makefile deleted file mode 100644 index ba63701..0000000 --- a/bsm/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# -# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile#7 $ -# - -INCS= audit.h \ - audit_internal.h \ - audit_kevents.h \ - audit_record.h \ - audit_uevents.h \ - libbsm.h - -TARGET= ${DESTDIR}/usr/include/bsm - -all: -default: -depend: -clean: - -install: - mkdir -p -m 0755 ${TARGET} - install -o root -g wheel -m 0644 ${INCS} ${TARGET} - diff --git a/bsm/Makefile.am b/bsm/Makefile.am index 8287789..cad4115 100644 --- a/bsm/Makefile.am +++ b/bsm/Makefile.am @@ -1,15 +1,11 @@ # -# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#2 $ +# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.am#3 $ # openbsmdir = $(includedir)/bsm openbsm_HEADERS = \ - audit.h \ audit_filter.h \ - audit_internal.h \ - audit_kevents.h \ - audit_record.h \ audit_uevents.h \ libbsm.h diff --git a/bsm/Makefile.in b/bsm/Makefile.in index a5ae086..ed82a3b 100644 --- a/bsm/Makefile.in +++ b/bsm/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.in#5 $ +# $P4: //depot/projects/trustedbsd/openbsm/bsm/Makefile.in#8 $ # VPATH = @srcdir@ @@ -101,6 +101,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MIG = @MIG@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ @@ -169,11 +170,7 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ openbsmdir = $(includedir)/bsm openbsm_HEADERS = \ - audit.h \ audit_filter.h \ - audit_internal.h \ - audit_kevents.h \ - audit_record.h \ audit_uevents.h \ libbsm.h diff --git a/bsm/audit.h b/bsm/audit.h deleted file mode 100644 index 83372cd..0000000 --- a/bsm/audit.h +++ /dev/null @@ -1,280 +0,0 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of - * its contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#23 $ - */ - -#ifndef _BSM_AUDIT_H -#define _BSM_AUDIT_H - -#define AUDIT_RECORD_MAGIC 0x828a0f1b -#define MAX_AUDIT_RECORDS 20 -#define MAXAUDITDATA (0x8000 - 1) -#define MAX_AUDIT_RECORD_SIZE MAXAUDITDATA -#define MIN_AUDIT_FILE_SIZE (512 * 1024) - -/* - * Triggers for the audit daemon. - */ -#define AUDIT_TRIGGER_MIN 1 -#define AUDIT_TRIGGER_LOW_SPACE 1 /* Below low watermark. */ -#define AUDIT_TRIGGER_ROTATE_KERNEL 2 /* Kernel requests rotate. */ -#define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */ -#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */ -#define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */ -#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests roate. */ -#define AUDIT_TRIGGER_MAX 6 - -/* - * The special device filename (FreeBSD). - */ -#define AUDITDEV_FILENAME "audit" -#define AUDIT_TRIGGER_FILE ("/dev/" AUDITDEV_FILENAME) - -/* - * Pre-defined audit IDs - */ -#define AU_DEFAUDITID -1 - -/* - * IPC types. - */ -#define AT_IPC_MSG ((u_char)1) /* Message IPC id. */ -#define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */ -#define AT_IPC_SHM ((u_char)3) /* Shared mem IPC id. */ - -/* - * Audit conditions. - */ -#define AUC_UNSET 0 -#define AUC_AUDITING 1 -#define AUC_NOAUDIT 2 -#define AUC_DISABLED -1 - -/* - * auditon(2) commands. - */ -#define A_GETPOLICY 2 -#define A_SETPOLICY 3 -#define A_GETKMASK 4 -#define A_SETKMASK 5 -#define A_GETQCTRL 6 -#define A_SETQCTRL 7 -#define A_GETCWD 8 -#define A_GETCAR 9 -#define A_GETSTAT 12 -#define A_SETSTAT 13 -#define A_SETUMASK 14 -#define A_SETSMASK 15 -#define A_GETCOND 20 -#define A_SETCOND 21 -#define A_GETCLASS 22 -#define A_SETCLASS 23 -#define A_GETPINFO 24 -#define A_SETPMASK 25 -#define A_SETFSIZE 26 -#define A_GETFSIZE 27 -#define A_GETPINFO_ADDR 28 -#define A_GETKAUDIT 29 -#define A_SETKAUDIT 30 -#define A_SENDTRIGGER 31 - -/* - * Audit policy controls. - */ -#define AUDIT_CNT 0x0001 -#define AUDIT_AHLT 0x0002 -#define AUDIT_ARGV 0x0004 -#define AUDIT_ARGE 0x0008 -#define AUDIT_SEQ 0x0010 -#define AUDIT_WINDATA 0x0020 -#define AUDIT_USER 0x0040 -#define AUDIT_GROUP 0x0080 -#define AUDIT_TRAIL 0x0100 -#define AUDIT_PATH 0x0200 -#define AUDIT_SCNT 0x0400 -#define AUDIT_PUBLIC 0x0800 -#define AUDIT_ZONENAME 0x1000 -#define AUDIT_PERZONE 0x2000 - -/* - * Default audit queue control parameters. - */ -#define AQ_HIWATER 100 -#define AQ_MAXHIGH 10000 -#define AQ_LOWATER 10 -#define AQ_BUFSZ MAXAUDITDATA -#define AQ_MAXBUFSZ 1048576 - -/* - * Default minimum percentage free space on file system. - */ -#define AU_FS_MINFREE 20 - -/* - * Type definitions used indicating the length of variable length addresses - * in tokens containing addresses, such as header fields. - */ -#define AU_IPv4 4 -#define AU_IPv6 16 - -__BEGIN_DECLS - -typedef uid_t au_id_t; -typedef pid_t au_asid_t; -typedef u_int16_t au_event_t; -typedef u_int16_t au_emod_t; -typedef u_int32_t au_class_t; - -struct au_tid { - dev_t port; - u_int32_t machine; -}; -typedef struct au_tid au_tid_t; - -struct au_tid_addr { - dev_t at_port; - u_int32_t at_type; - u_int32_t at_addr[4]; -}; -typedef struct au_tid_addr au_tid_addr_t; - -struct au_mask { - unsigned int am_success; /* Success bits. */ - unsigned int am_failure; /* Failure bits. */ -}; -typedef struct au_mask au_mask_t; - -struct auditinfo { - au_id_t ai_auid; /* Audit user ID. */ - au_mask_t ai_mask; /* Audit masks. */ - au_tid_t ai_termid; /* Terminal ID. */ - au_asid_t ai_asid; /* Audit session ID. */ -}; -typedef struct auditinfo auditinfo_t; - -struct auditinfo_addr { - au_id_t ai_auid; /* Audit user ID. */ - au_mask_t ai_mask; /* Audit masks. */ - au_tid_addr_t ai_termid; /* Terminal ID. */ - au_asid_t ai_asid; /* Audit session ID. */ -}; -typedef struct auditinfo_addr auditinfo_addr_t; - -struct auditpinfo { - pid_t ap_pid; /* ID of target process. */ - au_id_t ap_auid; /* Audit user ID. */ - au_mask_t ap_mask; /* Audit masks. */ - au_tid_t ap_termid; /* Terminal ID. */ - au_asid_t ap_asid; /* Audit session ID. */ -}; -typedef struct auditpinfo auditpinfo_t; - -struct auditpinfo_addr { - pid_t ap_pid; /* ID of target process. */ - au_id_t ap_auid; /* Audit user ID. */ - au_mask_t ap_mask; /* Audit masks. */ - au_tid_addr_t ap_termid; /* Terminal ID. */ - au_asid_t ap_asid; /* Audit session ID. */ -}; -typedef struct auditpinfo_addr auditpinfo_addr_t; - -/* - * Contents of token_t are opaque outside of libbsm. - */ -typedef struct au_token token_t; - -/* - * Kernel audit queue control parameters. - */ -struct au_qctrl { - size_t aq_hiwater; - size_t aq_lowater; - size_t aq_bufsz; - clock_t aq_delay; - int aq_minfree; /* Minimum filesystem percent free space. */ -}; -typedef struct au_qctrl au_qctrl_t; - -/* - * Structure for the audit statistics. - */ -struct audit_stat { - unsigned int as_version; - unsigned int as_numevent; - int as_generated; - int as_nonattrib; - int as_kernel; - int as_audit; - int as_auditctl; - int as_enqueue; - int as_written; - int as_wblocked; - int as_rblocked; - int as_dropped; - int as_totalsize; - unsigned int as_memused; -}; -typedef struct audit_stat au_stat_t; - -/* - * Structure for the audit file statistics. - */ -struct audit_fstat { - u_quad_t af_filesz; - u_quad_t af_currsz; -}; -typedef struct audit_fstat au_fstat_t; - -/* - * Audit to event class mapping. - */ -struct au_evclass_map { - au_event_t ec_number; - au_class_t ec_class; -}; -typedef struct au_evclass_map au_evclass_map_t; - -/* - * Audit system calls. - */ -#if !defined(_KERNEL) && !defined(KERNEL) -int audit(const void *, int); -int auditon(int, void *, int); -int auditctl(const char *); -int getauid(au_id_t *); -int setauid(const au_id_t *); -int getaudit(struct auditinfo *); -int setaudit(const struct auditinfo *); -int getaudit_addr(struct auditinfo_addr *, int); -int setaudit_addr(const struct auditinfo_addr *, int); -#endif /* defined(_KERNEL) || defined(KERNEL) */ - -__END_DECLS - -#endif /* !_BSM_AUDIT_H */ diff --git a/bsm/audit_internal.h b/bsm/audit_internal.h deleted file mode 100644 index 5a52a54..0000000 --- a/bsm/audit_internal.h +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. - * Copyright (c) 2005 SPARTA, Inc. - * All rights reserved. - * - * This code was developed in part by Robert N. M. Watson, Senior Principal - * Scientist, SPARTA, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of - * its contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#16 $ - */ - -#ifndef _AUDIT_INTERNAL_H -#define _AUDIT_INTERNAL_H - -#if defined(__linux__) && !defined(__unused) -#define __unused -#endif - -/* - * audit_internal.h contains private interfaces that are shared by user space - * and the kernel for the purposes of assembling audit records. Applications - * should not include this file or use the APIs found within, or it may be - * broken with future releases of OpenBSM, which may delete, modify, or - * otherwise break these interfaces or the assumptions they rely on. - */ -struct au_token { - u_char *t_data; - size_t len; - TAILQ_ENTRY(au_token) tokens; -}; - -struct au_record { - char used; /* Record currently in use? */ - int desc; /* Descriptor for record. */ - TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ - u_char *data; - size_t len; - LIST_ENTRY(au_record) au_rec_q; -}; -typedef struct au_record au_record_t; - - -/* - * We could determined the header and trailer sizes by defining appropriate - * structures. We hold off that approach until we have a consistent way of - * using structures for all tokens. This is not straightforward since these - * token structures may contain pointers of whose contents we do not know the - * size (e.g text tokens). - */ -#define AUDIT_HEADER_SIZE 18 -#define AUDIT_TRAILER_SIZE 7 - -/* - * BSM token streams store fields in big endian byte order, so as to be - * portable; when encoding and decoding, we must convert byte orders for - * typed values. - */ -#define ADD_U_CHAR(loc, val) \ - do { \ - *(loc) = (val); \ - (loc) += sizeof(u_char); \ - } while(0) - - -#define ADD_U_INT16(loc, val) \ - do { \ - be16enc((loc), (val)); \ - (loc) += sizeof(u_int16_t); \ - } while(0) - -#define ADD_U_INT32(loc, val) \ - do { \ - be32enc((loc), (val)); \ - (loc) += sizeof(u_int32_t); \ - } while(0) - -#define ADD_U_INT64(loc, val) \ - do { \ - be64enc((loc), (val)); \ - (loc) += sizeof(u_int64_t); \ - } while(0) - -#define ADD_MEM(loc, data, size) \ - do { \ - memcpy((loc), (data), (size)); \ - (loc) += size; \ - } while(0) - -#define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size) - -#endif /* !_AUDIT_INTERNAL_H_ */ diff --git a/bsm/audit_kevents.h b/bsm/audit_kevents.h deleted file mode 100644 index 8191a99..0000000 --- a/bsm/audit_kevents.h +++ /dev/null @@ -1,682 +0,0 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of - * its contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#52 $ - */ - -#ifndef _BSM_AUDIT_KEVENTS_H_ -#define _BSM_AUDIT_KEVENTS_H_ - -/* - * Values marked as AUE_NULL are not required to be audited as per CAPP. - * - * Some conflicts exist in the assignment of name to event number mappings - * between BSM implementations. In general, we prefer the OpenSolaris - * definition as we consider Solaris BSM to be authoritative. _DARWIN_ has - * been inserted for the Darwin variants. If necessary, other tags will be - * added in the future. - */ -#define AUE_NULL 0 -#define AUE_EXIT 1 -#define AUE_FORK 2 -#define AUE_FORKALL AUE_FORK /* Solaris-specific. */ -#define AUE_OPEN 3 -#define AUE_CREAT 4 -#define AUE_LINK 5 -#define AUE_UNLINK 6 -#define AUE_DELETE AUE_UNLINK /* Darwin-specific. */ -#define AUE_EXEC 7 -#define AUE_CHDIR 8 -#define AUE_MKNOD 9 -#define AUE_CHMOD 10 -#define AUE_CHOWN 11 -#define AUE_UMOUNT 12 -#define AUE_JUNK 13 /* Solaris-specific. */ -#define AUE_ACCESS 14 -#define AUE_CHECKUSERACCESS AUE_ACCESS /* Darwin-specific. */ -#define AUE_KILL 15 -#define AUE_STAT 16 -#define AUE_LSTAT 17 -#define AUE_ACCT 18 -#define AUE_MCTL 19 /* Solaris-specific. */ -#define AUE_REBOOT 20 /* XXX: Darwin conflict. */ -#define AUE_SYMLINK 21 -#define AUE_READLINK 22 -#define AUE_EXECVE 23 -#define AUE_CHROOT 24 -#define AUE_VFORK 25 -#define AUE_SETGROUPS 26 -#define AUE_SETPGRP 27 -#define AUE_SWAPON 28 -#define AUE_SETHOSTNAME 29 /* XXX: Darwin conflict. */ -#define AUE_FCNTL 30 -#define AUE_SETPRIORITY 31 /* XXX: Darwin conflict. */ -#define AUE_CONNECT 32 -#define AUE_ACCEPT 33 -#define AUE_BIND 34 -#define AUE_SETSOCKOPT 35 -#define AUE_VTRACE 36 /* Solaris-specific. */ -#define AUE_SETTIMEOFDAY 37 /* XXX: Darwin conflict. */ -#define AUE_FCHOWN 38 -#define AUE_FCHMOD 39 -#define AUE_SETREUID 40 -#define AUE_SETREGID 41 -#define AUE_RENAME 42 -#define AUE_TRUNCATE 43 /* XXX: Darwin conflict. */ -#define AUE_FTRUNCATE 44 /* XXX: Darwin conflict. */ -#define AUE_FLOCK 45 /* XXX: Darwin conflict. */ -#define AUE_SHUTDOWN 46 -#define AUE_MKDIR 47 -#define AUE_RMDIR 48 -#define AUE_UTIMES 49 -#define AUE_ADJTIME 50 -#define AUE_SETRLIMIT 51 -#define AUE_KILLPG 52 -#define AUE_NFS_SVC 53 /* XXX: Darwin conflict. */ -#define AUE_STATFS 54 -#define AUE_FSTATFS 55 -#define AUE_UNMOUNT 56 /* XXX: Darwin conflict. */ -#define AUE_ASYNC_DAEMON 57 -#define AUE_NFS_GETFH 58 /* XXX: Darwin conflict. */ -#define AUE_SETDOMAINNAME 59 -#define AUE_QUOTACTL 60 /* XXX: Darwin conflict. */ -#define AUE_EXPORTFS 61 -#define AUE_MOUNT 62 -#define AUE_SEMSYS 63 -#define AUE_MSGSYS 64 -#define AUE_SHMSYS 65 -#define AUE_BSMSYS 66 /* Solaris-specific. */ -#define AUE_RFSSYS 67 /* Solaris-specific. */ -#define AUE_FCHDIR 68 -#define AUE_FCHROOT 69 -#define AUE_VPIXSYS 70 /* Solaris-specific. */ -#define AUE_PATHCONF 71 -#define AUE_OPEN_R 72 -#define AUE_OPEN_RC 73 -#define AUE_OPEN_RT 74 -#define AUE_OPEN_RTC 75 -#define AUE_OPEN_W 76 -#define AUE_OPEN_WC 77 -#define AUE_OPEN_WT 78 -#define AUE_OPEN_WTC 79 -#define AUE_OPEN_RW 80 -#define AUE_OPEN_RWC 81 -#define AUE_OPEN_RWT 82 -#define AUE_OPEN_RWTC 83 -#define AUE_MSGCTL 84 -#define AUE_MSGCTL_RMID 85 -#define AUE_MSGCTL_SET 86 -#define AUE_MSGCTL_STAT 87 -#define AUE_MSGGET 88 -#define AUE_MSGRCV 89 -#define AUE_MSGSND 90 -#define AUE_SHMCTL 91 -#define AUE_SHMCTL_RMID 92 -#define AUE_SHMCTL_SET 93 -#define AUE_SHMCTL_STAT 94 -#define AUE_SHMGET 95 -#define AUE_SHMAT 96 -#define AUE_SHMDT 97 -#define AUE_SEMCTL 98 -#define AUE_SEMCTL_RMID 99 -#define AUE_SEMCTL_SET 100 -#define AUE_SEMCTL_STAT 101 -#define AUE_SEMCTL_GETNCNT 102 -#define AUE_SEMCTL_GETPID 103 -#define AUE_SEMCTL_GETVAL 104 -#define AUE_SEMCTL_GETALL 105 -#define AUE_SEMCTL_GETZCNT 106 -#define AUE_SEMCTL_SETVAL 107 -#define AUE_SEMCTL_SETALL 108 -#define AUE_SEMGET 109 -#define AUE_SEMOP 110 -#define AUE_CORE 111 /* Solaris-specific, currently. */ -#define AUE_CLOSE 112 -#define AUE_SYSTEMBOOT 113 /* Solaris-specific. */ -#define AUE_ASYNC_DAEMON_EXIT 114 /* Solaris-specific. */ -#define AUE_NFSSVC_EXIT 115 /* Solaris-specific. */ -#define AUE_WRITEL 128 /* Solaris-specific. */ -#define AUE_WRITEVL 129 /* Solaris-specific. */ -#define AUE_GETAUID 130 -#define AUE_SETAUID 131 -#define AUE_GETAUDIT 132 -#define AUE_SETAUDIT 133 -#define AUE_GETUSERAUDIT 134 /* Solaris-specific. */ -#define AUE_SETUSERAUDIT 135 /* Solaris-specific. */ -#define AUE_AUDITSVC 136 /* Solaris-specific. */ -#define AUE_AUDITUSER 137 /* Solaris-specific. */ -#define AUE_AUDITON 138 -#define AUE_AUDITON_GTERMID 139 /* Solaris-specific. */ -#define AUE_AUDITON_STERMID 140 /* Solaris-specific. */ -#define AUE_AUDITON_GPOLICY 141 -#define AUE_AUDITON_SPOLICY 142 -#define AUE_AUDITON_GQCTRL 145 -#define AUE_AUDITON_SQCTRL 146 -#define AUE_GETKERNSTATE 147 /* Solaris-specific. */ -#define AUE_SETKERNSTATE 148 /* Solaris-specific. */ -#define AUE_GETPORTAUDIT 149 /* Solaris-specific. */ -#define AUE_AUDITSTAT 150 /* Solaris-specific. */ -#define AUE_REVOKE 151 -#define AUE_MAC 152 /* Solaris-specific. */ -#define AUE_ENTERPROM 153 /* Solaris-specific. */ -#define AUE_EXITPROM 154 /* Solaris-specific. */ -#define AUE_IFLOAT 155 /* Solaris-specific. */ -#define AUE_PFLOAT 156 /* Solaris-specific. */ -#define AUE_UPRIV 157 /* Solaris-specific. */ -#define AUE_IOCTL 158 -#define AUE_SOCKET 183 -#define AUE_SENDTO 184 -#define AUE_PIPE 185 -#define AUE_SOCKETPAIR 186 /* XXX: Darwin conflict. */ -#define AUE_SEND 187 -#define AUE_SENDMSG 188 -#define AUE_RECV 189 -#define AUE_RECVMSG 190 -#define AUE_RECVFROM 191 -#define AUE_READ 192 -#define AUE_GETDENTS 193 -#define AUE_LSEEK 194 -#define AUE_WRITE 195 -#define AUE_WRITEV 196 -#define AUE_NFS 197 /* Solaris-specific. */ -#define AUE_READV 198 -#define AUE_OSTAT 199 /* Solaris-specific. */ -#define AUE_SETUID 200 /* XXXRW: Solaris old setuid? */ -#define AUE_STIME 201 /* XXXRW: Solaris old stime? */ -#define AUE_UTIME 202 /* XXXRW: Solaris old utime? */ -#define AUE_NICE 203 /* XXXRW: Solaris old nice? */ -#define AUE_OSETPGRP 204 /* Solaris-specific. */ -#define AUE_SETGID 205 -#define AUE_READL 206 /* Solaris-specific. */ -#define AUE_READVL 207 /* Solaris-specific. */ -#define AUE_FSTAT 208 -#define AUE_DUP2 209 -#define AUE_MMAP 210 -#define AUE_AUDIT 211 -#define AUE_PRIOCNTLSYS 212 /* Solaris-specific. */ -#define AUE_MUNMAP 213 -#define AUE_SETEGID 214 -#define AUE_SETEUID 215 -#define AUE_PUTMSG 216 /* Solaris-specific. */ -#define AUE_GETMSG 217 /* Solaris-specific. */ -#define AUE_PUTPMSG 218 /* Solaris-specific. */ -#define AUE_GETPMSG 219 /* Solaris-specific. */ -#define AUE_AUDITSYS 220 /* Solaris-specific. */ -#define AUE_AUDITON_GETKMASK 221 -#define AUE_AUDITON_SETKMASK 222 -#define AUE_AUDITON_GETCWD 223 -#define AUE_AUDITON_GETCAR 224 -#define AUE_AUDITON_GETSTAT 225 -#define AUE_AUDITON_SETSTAT 226 -#define AUE_AUDITON_SETUMASK 227 -#define AUE_AUDITON_SETSMASK 228 -#define AUE_AUDITON_GETCOND 229 -#define AUE_AUDITON_SETCOND 230 -#define AUE_AUDITON_GETCLASS 231 -#define AUE_AUDITON_SETCLASS 232 -#define AUE_FUSERS 233 /* Solaris-specific; also UTSSYS? */ -#define AUE_STATVFS 234 -#define AUE_XSTAT 235 /* Solaris-specific. */ -#define AUE_LXSTAT 236 /* Solaris-specific. */ -#define AUE_LCHOWN 237 -#define AUE_MEMCNTL 238 /* Solaris-specific. */ -#define AUE_SYSINFO 239 /* Solaris-specific. */ -#define AUE_XMKNOD 240 /* Solaris-specific. */ -#define AUE_FORK1 241 -#define AUE_MODCTL 242 /* Solaris-specific. */ -#define AUE_MODLOAD 243 -#define AUE_MODUNLOAD 244 -#define AUE_MODCONFIG 245 /* Solaris-specific. */ -#define AUE_MODADDMAJ 246 /* Solaris-specific. */ -#define AUE_SOCKACCEPT 247 /* Solaris-specific. */ -#define AUE_SOCKCONNECT 248 /* Solaris-specific. */ -#define AUE_SOCKSEND 249 /* Solaris-specific. */ -#define AUE_SOCKRECEIVE 250 /* Solaris-specific. */ -#define AUE_ACLSET 251 -#define AUE_FACLSET 252 -#define AUE_DOORFS 253 /* Solaris-specific. */ -#define AUE_DOORFS_DOOR_CALL 254 /* Solaris-specific. */ -#define AUE_DOORFS_DOOR_RETURN 255 /* Solaris-specific. */ -#define AUE_DOORFS_DOOR_CREATE 256 /* Solaris-specific. */ -#define AUE_DOORFS_DOOR_REVOKE 257 /* Solaris-specific. */ -#define AUE_DOORFS_DOOR_INFO 258 /* Solaris-specific. */ -#define AUE_DOORFS_DOOR_CRED 259 /* Solaris-specific. */ -#define AUE_DOORFS_DOOR_BIND 260 /* Solaris-specific. */ -#define AUE_DOORFS_DOOR_UNBIND 261 /* Solaris-specific. */ -#define AUE_P_ONLINE 262 /* Solaris-specific. */ -#define AUE_PROCESSOR_BIND 263 /* Solaris-specific. */ -#define AUE_INST_SYNC 264 /* Solaris-specific. */ -#define AUE_SOCKCONFIG 265 /* Solaris-specific. */ -#define AUE_SETAUDIT_ADDR 266 -#define AUE_GETAUDIT_ADDR 267 -#define AUE_UMOUNT2 268 /* Solaris-specific. */ -#define AUE_FSAT 269 /* Solaris-specific. */ -#define AUE_OPENAT_R 270 -#define AUE_OPENAT_RC 271 -#define AUE_OPENAT_RT 272 -#define AUE_OPENAT_RTC 273 -#define AUE_OPENAT_W 274 -#define AUE_OPENAT_WC 275 -#define AUE_OPENAT_WT 276 -#define AUE_OPENAT_WTC 277 -#define AUE_OPENAT_RW 278 -#define AUE_OPENAT_RWC 279 -#define AUE_OPENAT_RWT 280 -#define AUE_OPENAT_RWTC 281 -#define AUE_RENAMEAT 282 -#define AUE_FSTATAT 283 -#define AUE_FCHOWNAT 284 -#define AUE_FUTIMESAT 285 -#define AUE_UNLINKAT 286 -#define AUE_CLOCK_SETTIME 287 -#define AUE_NTP_ADJTIME 288 -#define AUE_SETPPRIV 289 /* Solaris-specific. */ -#define AUE_MODDEVPLCY 290 /* Solaris-specific. */ -#define AUE_MODADDPRIV 291 /* Solaris-specific. */ -#define AUE_CRYPTOADM 292 /* Solaris-specific. */ -#define AUE_CONFIGKSSL 293 /* Solaris-specific. */ -#define AUE_BRANDSYS 294 /* Solaris-specific. */ -#define AUE_PF_POLICY_ADDRULE 295 /* Solaris-specific. */ -#define AUE_PF_POLICY_DELRULE 296 /* Solaris-specific. */ -#define AUE_PF_POLICY_CLONE 297 /* Solaris-specific. */ -#define AUE_PF_POLICY_FLIP 298 /* Solaris-specific. */ -#define AUE_PF_POLICY_FLUSH 299 /* Solaris-specific. */ -#define AUE_PF_POLICY_ALGS 300 /* Solaris-specific. */ - -/* - * Events added for Apple Darwin that potentially collide with future Solaris - * BSM events. These are assigned AUE_DARWIN prefixes, and are deprecated in - * new trails. Systems generating these events should switch to the new - * identifiers that avoid colliding with the Solaris identifier space. - */ -#define AUE_DARWIN_GETFSSTAT 301 -#define AUE_DARWIN_PTRACE 302 -#define AUE_DARWIN_CHFLAGS 303 -#define AUE_DARWIN_FCHFLAGS 304 -#define AUE_DARWIN_PROFILE 305 -#define AUE_DARWIN_KTRACE 306 -#define AUE_DARWIN_SETLOGIN 307 -#define AUE_DARWIN_REBOOT 308 -#define AUE_DARWIN_REVOKE 309 -#define AUE_DARWIN_UMASK 310 -#define AUE_DARWIN_MPROTECT 311 -#define AUE_DARWIN_SETPRIORITY 312 -#define AUE_DARWIN_SETTIMEOFDAY 313 -#define AUE_DARWIN_FLOCK 314 -#define AUE_DARWIN_MKFIFO 315 -#define AUE_DARWIN_POLL 316 -#define AUE_DARWIN_SOCKETPAIR 317 -#define AUE_DARWIN_FUTIMES 318 -#define AUE_DARWIN_SETSID 319 -#define AUE_DARWIN_SETPRIVEXEC 320 /* Darwin-specific. */ -#define AUE_DARWIN_NFSSVC 321 -#define AUE_DARWIN_GETFH 322 -#define AUE_DARWIN_QUOTACTL 323 -#define AUE_DARWIN_ADDPROFILE 324 /* Darwin-specific. */ -#define AUE_DARWIN_KDEBUGTRACE 325 /* Darwin-specific. */ -#define AUE_DARWIN_KDBUGTRACE AUE_KDEBUGTRACE -#define AUE_DARWIN_FSTAT 326 -#define AUE_DARWIN_FPATHCONF 327 -#define AUE_DARWIN_GETDIRENTRIES 328 -#define AUE_DARWIN_TRUNCATE 329 -#define AUE_DARWIN_FTRUNCATE 330 -#define AUE_DARWIN_SYSCTL 331 -#define AUE_DARWIN_MLOCK 332 -#define AUE_DARWIN_MUNLOCK 333 -#define AUE_DARWIN_UNDELETE 334 -#define AUE_DARWIN_GETATTRLIST 335 /* Darwin-specific. */ -#define AUE_DARWIN_SETATTRLIST 336 /* Darwin-specific. */ -#define AUE_DARWIN_GETDIRENTRIESATTR 337 /* Darwin-specific. */ -#define AUE_DARWIN_EXCHANGEDATA 338 /* Darwin-specific. */ -#define AUE_DARWIN_SEARCHFS 339 /* Darwin-specific. */ -#define AUE_DARWIN_MINHERIT 340 -#define AUE_DARWIN_SEMCONFIG 341 -#define AUE_DARWIN_SEMOPEN 342 -#define AUE_DARWIN_SEMCLOSE 343 -#define AUE_DARWIN_SEMUNLINK 344 -#define AUE_DARWIN_SHMOPEN 345 -#define AUE_DARWIN_SHMUNLINK 346 -#define AUE_DARWIN_LOADSHFILE 347 /* Darwin-specific. */ -#define AUE_DARWIN_RESETSHFILE 348 /* Darwin-specific. */ -#define AUE_DARWIN_NEWSYSTEMSHREG 349 /* Darwin-specific. */ -#define AUE_DARWIN_PTHREADKILL 350 /* Darwin-specific. */ -#define AUE_DARWIN_PTHREADSIGMASK 351 /* Darwin-specific. */ -#define AUE_DARWIN_AUDITCTL 352 -#define AUE_DARWIN_RFORK 353 -#define AUE_DARWIN_LCHMOD 354 -#define AUE_DARWIN_SWAPOFF 355 -#define AUE_DARWIN_INITPROCESS 356 /* Darwin-specific. */ -#define AUE_DARWIN_MAPFD 357 /* Darwin-specific. */ -#define AUE_DARWIN_TASKFORPID 358 /* Darwin-specific. */ -#define AUE_DARWIN_PIDFORTASK 359 /* Darwin-specific. */ -#define AUE_DARWIN_SYSCTL_NONADMIN 360 -#define AUE_DARWIN_COPYFILE 361 /* Darwin-specific. */ - -/* - * Audit event identifiers added as part of OpenBSM, generally corresponding - * to events in FreeBSD, Darwin, and Linux that were not present in Solaris. - * These often duplicate events added to the Solaris set by Darwin, but use - * event identifiers in a higher range in order to avoid colliding with - * future Solaris additions. - * - * If an event in this section is later added to Solaris, we prefer the - * Solaris event identifier, and add _OPENBSM_ to the OpenBSM-specific - * identifier so that old trails can still be processed, but new trails use - * the Solaris identifier. - */ -#define AUE_GETFSSTAT 43001 -#define AUE_PTRACE 43002 -#define AUE_CHFLAGS 43003 -#define AUE_FCHFLAGS 43004 -#define AUE_PROFILE 43005 -#define AUE_KTRACE 43006 -#define AUE_SETLOGIN 43007 -#define AUE_OPENBSM_REVOKE 43008 /* Solaris event now preferred. */ -#define AUE_UMASK 43009 -#define AUE_MPROTECT 43010 -#define AUE_MKFIFO 43011 -#define AUE_POLL 43012 -#define AUE_FUTIMES 43013 -#define AUE_SETSID 43014 -#define AUE_SETPRIVEXEC 43015 /* Darwin-specific. */ -#define AUE_ADDPROFILE 43016 /* Darwin-specific. */ -#define AUE_KDEBUGTRACE 43017 /* Darwin-specific. */ -#define AUE_KDBUGTRACE AUE_KDEBUGTRACE -#define AUE_OPENBSM_FSTAT 43018 /* Solaris event now preferred. */ -#define AUE_FPATHCONF 43019 -#define AUE_GETDIRENTRIES 43020 -#define AUE_SYSCTL 43021 -#define AUE_MLOCK 43022 -#define AUE_MUNLOCK 43023 -#define AUE_UNDELETE 43024 -#define AUE_GETATTRLIST 43025 /* Darwin-specific. */ -#define AUE_SETATTRLIST 43026 /* Darwin-specific. */ -#define AUE_GETDIRENTRIESATTR 43027 /* Darwin-specific. */ -#define AUE_EXCHANGEDATA 43028 /* Darwin-specific. */ -#define AUE_SEARCHFS 43029 /* Darwin-specific. */ -#define AUE_MINHERIT 43030 -#define AUE_SEMCONFIG 43031 -#define AUE_SEMOPEN 43032 -#define AUE_SEMCLOSE 43033 -#define AUE_SEMUNLINK 43034 -#define AUE_SHMOPEN 43035 -#define AUE_SHMUNLINK 43036 -#define AUE_LOADSHFILE 43037 /* Darwin-specific. */ -#define AUE_RESETSHFILE 43038 /* Darwin-specific. */ -#define AUE_NEWSYSTEMSHREG 43039 /* Darwin-specific. */ -#define AUE_PTHREADKILL 43040 /* Darwin-specific. */ -#define AUE_PTHREADSIGMASK 43041 /* Darwin-specific. */ -#define AUE_AUDITCTL 43042 -#define AUE_RFORK 43043 -#define AUE_LCHMOD 43044 -#define AUE_SWAPOFF 43045 -#define AUE_INITPROCESS 43046 /* Darwin-specific. */ -#define AUE_MAPFD 43047 /* Darwin-specific. */ -#define AUE_TASKFORPID 43048 /* Darwin-specific. */ -#define AUE_PIDFORTASK 43049 /* Darwin-specific. */ -#define AUE_SYSCTL_NONADMIN 43050 -#define AUE_COPYFILE 43051 /* Darwin-specific. */ - -/* - * Events added to OpenBSM for FreeBSD and Linux; may also be used by Darwin - * in the future. - */ -#define AUE_LUTIMES 43052 -#define AUE_LCHFLAGS 43053 /* FreeBSD-specific. */ -#define AUE_SENDFILE 43054 /* BSD/Linux-specific. */ -#define AUE_USELIB 43055 /* Linux-specific. */ -#define AUE_GETRESUID 43056 -#define AUE_SETRESUID 43057 -#define AUE_GETRESGID 43058 -#define AUE_SETRESGID 43059 -#define AUE_WAIT4 43060 /* FreeBSD-specific. */ -#define AUE_LGETFH 43061 /* FreeBSD-specific. */ -#define AUE_FHSTATFS 43062 /* FreeBSD-specific. */ -#define AUE_FHOPEN 43063 /* FreeBSD-specific. */ -#define AUE_FHSTAT 43064 /* FreeBSD-specific. */ -#define AUE_JAIL 43065 /* FreeBSD-specific. */ -#define AUE_EACCESS 43066 /* FreeBSD-specific. */ -#define AUE_KQUEUE 43067 /* FreeBSD-specific. */ -#define AUE_KEVENT 43068 /* FreeBSD-specific. */ -#define AUE_FSYNC 43069 -#define AUE_NMOUNT 43070 /* FreeBSD-specific. */ -#define AUE_BDFLUSH 43071 /* Linux-specific. */ -#define AUE_SETFSUID 43072 /* Linux-specific. */ -#define AUE_SETFSGID 43073 /* Linux-specific. */ -#define AUE_PERSONALITY 43074 /* Linux-specific. */ -#define AUE_SCHED_GETSCHEDULER 43075 /* POSIX.1b. */ -#define AUE_SCHED_SETSCHEDULER 43076 /* POSIX.1b. */ -#define AUE_PRCTL 43077 /* Linux-specific. */ -#define AUE_GETCWD 43078 /* FreeBSD/Linux-specific. */ -#define AUE_CAPGET 43079 /* Linux-specific. */ -#define AUE_CAPSET 43080 /* Linux-specific. */ -#define AUE_PIVOT_ROOT 43081 /* Linux-specific. */ -#define AUE_RTPRIO 43082 /* FreeBSD-specific. */ -#define AUE_SCHED_GETPARAM 43083 /* POSIX.1b. */ -#define AUE_SCHED_SETPARAM 43084 /* POSIX.1b. */ -#define AUE_SCHED_GET_PRIORITY_MAX 43085 /* POSIX.1b. */ -#define AUE_SCHED_GET_PRIORITY_MIN 43086 /* POSIX.1b. */ -#define AUE_SCHED_RR_GET_INTERVAL 43087 /* POSIX.1b. */ -#define AUE_ACL_GET_FILE 43088 /* FreeBSD. */ -#define AUE_ACL_SET_FILE 43089 /* FreeBSD. */ -#define AUE_ACL_GET_FD 43090 /* FreeBSD. */ -#define AUE_ACL_SET_FD 43091 /* FreeBSD. */ -#define AUE_ACL_DELETE_FILE 43092 /* FreeBSD. */ -#define AUE_ACL_DELETE_FD 43093 /* FreeBSD. */ -#define AUE_ACL_CHECK_FILE 43094 /* FreeBSD. */ -#define AUE_ACL_CHECK_FD 43095 /* FreeBSD. */ -#define AUE_ACL_GET_LINK 43096 /* FreeBSD. */ -#define AUE_ACL_SET_LINK 43097 /* FreeBSD. */ -#define AUE_ACL_DELETE_LINK 43098 /* FreeBSD. */ -#define AUE_ACL_CHECK_LINK 43099 /* FreeBSD. */ -#define AUE_SYSARCH 43100 /* FreeBSD. */ -#define AUE_EXTATTRCTL 43101 /* FreeBSD. */ -#define AUE_EXTATTR_GET_FILE 43102 /* FreeBSD. */ -#define AUE_EXTATTR_SET_FILE 43103 /* FreeBSD. */ -#define AUE_EXTATTR_LIST_FILE 43104 /* FreeBSD. */ -#define AUE_EXTATTR_DELETE_FILE 43105 /* FreeBSD. */ -#define AUE_EXTATTR_GET_FD 43106 /* FreeBSD. */ -#define AUE_EXTATTR_SET_FD 43107 /* FreeBSD. */ -#define AUE_EXTATTR_LIST_FD 43108 /* FreeBSD. */ -#define AUE_EXTATTR_DELETE_FD 43109 /* FreeBSD. */ -#define AUE_EXTATTR_GET_LINK 43110 /* FreeBSD. */ -#define AUE_EXTATTR_SET_LINK 43111 /* FreeBSD. */ -#define AUE_EXTATTR_LIST_LINK 43112 /* FreeBSD. */ -#define AUE_EXTATTR_DELETE_LINK 43113 /* FreeBSD. */ -#define AUE_KENV 43114 /* FreeBSD. */ -#define AUE_JAIL_ATTACH 43115 /* FreeBSD. */ -#define AUE_SYSCTL_WRITE 43116 /* FreeBSD. */ -#define AUE_IOPERM 43117 /* Linux. */ -#define AUE_READDIR 43118 /* Linux. */ -#define AUE_IOPL 43119 /* Linux. */ -#define AUE_VM86 43120 /* Linux. */ -#define AUE_MAC_GET_PROC 43121 /* FreeBSD. */ -#define AUE_MAC_SET_PROC 43122 /* FreeBSD. */ -#define AUE_MAC_GET_FD 43123 /* FreeBSD. */ -#define AUE_MAC_GET_FILE 43124 /* FreeBSD. */ -#define AUE_MAC_SET_FD 43125 /* FreeBSD. */ -#define AUE_MAC_SET_FILE 43126 /* FreeBSD. */ -#define AUE_MAC_SYSCALL 43127 /* FreeBSD. */ -#define AUE_MAC_GET_PID 43128 /* FreeBSD. */ -#define AUE_MAC_GET_LINK 43129 /* FreeBSD. */ -#define AUE_MAC_SET_LINK 43130 /* FreeBSD. */ -#define AUE_MAC_EXECVE 43131 /* FreeBSD. */ -#define AUE_GETPATH_FROMFD 43132 /* FreeBSD. */ -#define AUE_GETPATH_FROMADDR 43133 /* FreeBSD. */ -#define AUE_MQ_OPEN 43134 /* FreeBSD. */ -#define AUE_MQ_SETATTR 43135 /* FreeBSD. */ -#define AUE_MQ_TIMEDRECEIVE 43136 /* FreeBSD. */ -#define AUE_MQ_TIMEDSEND 43137 /* FreeBSD. */ -#define AUE_MQ_NOTIFY 43138 /* FreeBSD. */ -#define AUE_MQ_UNLINK 43139 /* FreeBSD. */ -#define AUE_LISTEN 43140 /* FreeBSD/Darwin/Linux. */ -#define AUE_MLOCKALL 43141 /* FreeBSD. */ -#define AUE_MUNLOCKALL 43142 /* FreeBSD. */ -#define AUE_CLOSEFROM 43143 /* FreeBSD. */ -#define AUE_FEXECVE 43144 /* FreeBSD. */ -#define AUE_FACCESSAT 43145 /* FreeBSD. */ -#define AUE_FCHMODAT 43146 /* FreeBSD. */ -#define AUE_LINKAT 43147 /* FreeBSD. */ -#define AUE_MKDIRAT 43148 /* FreeBSD. */ -#define AUE_MKFIFOAT 43149 /* FreeBSD. */ -#define AUE_MKNODAT 43150 /* FreeBSD. */ -#define AUE_READLINKAT 43151 /* FreeBSD. */ -#define AUE_SYMLINKAT 43152 /* FreeBSD. */ - -/* - * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the - * normal Solaris BSM identifiers. _O_ refers to it being an old, or compat - * interface. In most cases, Darwin has never implemented these system calls - * but picked up the fields in their system call table from their FreeBSD - * import. Happily, these have different names than the AUE_O* definitions - * in Solaris BSM. - */ -#define AUE_O_CREAT AUE_OPEN_RWTC /* Darwin */ -#define AUE_O_EXECVE AUE_NULL /* Darwin */ -#define AUE_O_SBREAK AUE_NULL /* Darwin */ -#define AUE_O_LSEEK AUE_NULL /* Darwin */ -#define AUE_O_MOUNT AUE_NULL /* Darwin */ -#define AUE_O_UMOUNT AUE_NULL /* Darwin */ -#define AUE_O_STAT AUE_STAT /* Darwin */ -#define AUE_O_LSTAT AUE_LSTAT /* Darwin */ -#define AUE_O_FSTAT AUE_FSTAT /* Darwin */ -#define AUE_O_GETPAGESIZE AUE_NULL /* Darwin */ -#define AUE_O_VREAD AUE_NULL /* Darwin */ -#define AUE_O_VWRITE AUE_NULL /* Darwin */ -#define AUE_O_MMAP AUE_MMAP /* Darwin */ -#define AUE_O_VADVISE AUE_NULL /* Darwin */ -#define AUE_O_VHANGUP AUE_NULL /* Darwin */ -#define AUE_O_VLIMIT AUE_NULL /* Darwin */ -#define AUE_O_WAIT AUE_NULL /* Darwin */ -#define AUE_O_GETHOSTNAME AUE_NULL /* Darwin */ -#define AUE_O_SETHOSTNAME AUE_SYSCTL /* Darwin */ -#define AUE_O_GETDOPT AUE_NULL /* Darwin */ -#define AUE_O_SETDOPT AUE_NULL /* Darwin */ -#define AUE_O_ACCEPT AUE_NULL /* Darwin */ -#define AUE_O_SEND AUE_SENDMSG /* Darwin */ -#define AUE_O_RECV AUE_RECVMSG /* Darwin */ -#define AUE_O_VTIMES AUE_NULL /* Darwin */ -#define AUE_O_SIGVEC AUE_NULL /* Darwin */ -#define AUE_O_SIGBLOCK AUE_NULL /* Darwin */ -#define AUE_O_SIGSETMASK AUE_NULL /* Darwin */ -#define AUE_O_SIGSTACK AUE_NULL /* Darwin */ -#define AUE_O_RECVMSG AUE_RECVMSG /* Darwin */ -#define AUE_O_SENDMSG AUE_SENDMSG /* Darwin */ -#define AUE_O_VTRACE AUE_NULL /* Darwin */ -#define AUE_O_RESUBA AUE_NULL /* Darwin */ -#define AUE_O_RECVFROM AUE_RECVFROM /* Darwin */ -#define AUE_O_SETREUID AUE_SETREUID /* Darwin */ -#define AUE_O_SETREGID AUE_SETREGID /* Darwin */ -#define AUE_O_GETDIRENTRIES AUE_GETDIRENTRIES /* Darwin */ -#define AUE_O_TRUNCATE AUE_TRUNCATE /* Darwin */ -#define AUE_O_FTRUNCATE AUE_FTRUNCATE /* Darwin */ -#define AUE_O_GETPEERNAME AUE_NULL /* Darwin */ -#define AUE_O_GETHOSTID AUE_NULL /* Darwin */ -#define AUE_O_SETHOSTID AUE_NULL /* Darwin */ -#define AUE_O_GETRLIMIT AUE_NULL /* Darwin */ -#define AUE_O_SETRLIMIT AUE_SETRLIMIT /* Darwin */ -#define AUE_O_KILLPG AUE_KILL /* Darwin */ -#define AUE_O_SETQUOTA AUE_NULL /* Darwin */ -#define AUE_O_QUOTA AUE_NULL /* Darwin */ -#define AUE_O_GETSOCKNAME AUE_NULL /* Darwin */ -#define AUE_O_GETDIREENTRIES AUE_GETDIREENTRIES /* Darwin */ -#define AUE_O_ASYNCDAEMON AUE_NULL /* Darwin */ -#define AUE_O_GETDOMAINNAME AUE_NULL /* Darwin */ -#define AUE_O_SETDOMAINNAME AUE_SYSCTL /* Darwin */ -#define AUE_O_PCFS_MOUNT AUE_NULL /* Darwin */ -#define AUE_O_EXPORTFS AUE_NULL /* Darwin */ -#define AUE_O_USTATE AUE_NULL /* Darwin */ -#define AUE_O_WAIT3 AUE_NULL /* Darwin */ -#define AUE_O_RPAUSE AUE_NULL /* Darwin */ -#define AUE_O_GETDENTS AUE_NULL /* Darwin */ - -/* - * Possible desired future values based on review of BSD/Darwin system calls. - */ -#define AUE_DUP AUE_NULL -#define AUE_FSCTL AUE_NULL -#define AUE_FSTATV AUE_NULL -#define AUE_GCCONTROL AUE_NULL -#define AUE_GETDTABLESIZE AUE_NULL -#define AUE_GETEGID AUE_NULL -#define AUE_GETEUID AUE_NULL -#define AUE_GETGID AUE_NULL -#define AUE_GETGROUPS AUE_NULL -#define AUE_GETITIMER AUE_NULL -#define AUE_GETLOGIN AUE_NULL -#define AUE_GETPEERNAME AUE_NULL -#define AUE_GETPGID AUE_NULL -#define AUE_GETPGRP AUE_NULL -#define AUE_GETPID AUE_NULL -#define AUE_GETPPID AUE_NULL -#define AUE_GETPRIORITY AUE_NULL -#define AUE_GETRLIMIT AUE_NULL -#define AUE_GETRUSAGE AUE_NULL -#define AUE_GETSID AUE_NULL -#define AUE_GETSOCKNAME AUE_NULL -#define AUE_GETTIMEOFDAY AUE_NULL -#define AUE_GETUID AUE_NULL -#define AUE_GETSOCKOPT AUE_NULL -#define AUE_GTSOCKOPT AUE_GETSOCKOPT /* XXX: Typo in Darwin. */ -#define AUE_ISSETUGID AUE_NULL -#define AUE_LSTATV AUE_NULL -#define AUE_MADVISE AUE_NULL -#define AUE_MINCORE AUE_NULL -#define AUE_MKCOMPLEX AUE_NULL -#define AUE_MODWATCH AUE_NULL -#define AUE_MSGCL AUE_NULL -#define AUE_MSYNC AUE_NULL -#define AUE_PREAD AUE_NULL -#define AUE_PWRITE AUE_NULL -#define AUE_PREADV AUE_NULL -#define AUE_PWRITEV AUE_NULL -#define AUE_SBRK AUE_NULL -#define AUE_SELECT AUE_NULL -#define AUE_SEMDESTROY AUE_NULL -#define AUE_SEMGETVALUE AUE_NULL -#define AUE_SEMINIT AUE_NULL -#define AUE_SEMPOST AUE_NULL -#define AUE_SEMTRYWAIT AUE_NULL -#define AUE_SEMWAIT AUE_NULL -#define AUE_SETITIMER AUE_NULL -#define AUE_SIGACTION AUE_NULL -#define AUE_SIGALTSTACK AUE_NULL -#define AUE_SIGPENDING AUE_NULL -#define AUE_SIGPROCMASK AUE_NULL -#define AUE_SIGRETURN AUE_NULL -#define AUE_SIGSUSPEND AUE_NULL -#define AUE_SIGWAIT AUE_NULL -#define AUE_SSTK AUE_NULL -#define AUE_STATV AUE_NULL -#define AUE_SYNC AUE_NULL -#define AUE_SYSCALL AUE_NULL -#define AUE_TABLE AUE_NULL -#define AUE_WAITEVENT AUE_NULL -#define AUE_WATCHEVENT AUE_NULL - -#endif /* !_BSM_AUDIT_KEVENTS_H_ */ diff --git a/bsm/audit_record.h b/bsm/audit_record.h deleted file mode 100644 index f9bf10c..0000000 --- a/bsm/audit_record.h +++ /dev/null @@ -1,334 +0,0 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of - * its contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#26 $ - */ - -#ifndef _BSM_AUDIT_RECORD_H_ -#define _BSM_AUDIT_RECORD_H_ - -#include <sys/time.h> /* struct timeval */ - -/* - * Token type identifiers. - */ -#define AUT_INVALID 0x00 -#define AUT_OTHER_FILE32 0x11 -#define AUT_OHEADER 0x12 -#define AUT_TRAILER 0x13 -#define AUT_HEADER32 0x14 -#define AUT_HEADER32_EX 0x15 -#define AUT_DATA 0x21 -#define AUT_IPC 0x22 -#define AUT_PATH 0x23 -#define AUT_SUBJECT32 0x24 -#define AUT_SERVER32 0x25 -#define AUT_PROCESS32 0x26 -#define AUT_RETURN32 0x27 -#define AUT_TEXT 0x28 -#define AUT_OPAQUE 0x29 -#define AUT_IN_ADDR 0x2a -#define AUT_IP 0x2b -#define AUT_IPORT 0x2c -#define AUT_ARG32 0x2d -#define AUT_SOCKET 0x2e -#define AUT_SEQ 0x2f -#define AUT_ACL 0x30 -#define AUT_ATTR 0x31 -#define AUT_IPC_PERM 0x32 -#define AUT_LABEL 0x33 -#define AUT_GROUPS 0x34 -#define AUT_ILABEL 0x35 -#define AUT_SLABEL 0x36 -#define AUT_CLEAR 0x37 -#define AUT_PRIV 0x38 -#define AUT_UPRIV 0x39 -#define AUT_LIAISON 0x3a -#define AUT_NEWGROUPS 0x3b -#define AUT_EXEC_ARGS 0x3c -#define AUT_EXEC_ENV 0x3d -#define AUT_ATTR32 0x3e -/* #define AUT_???? 0x3f */ -#define AUT_XATOM 0x40 -#define AUT_XOBJ 0x41 -#define AUT_XPROTO 0x42 -#define AUT_XSELECT 0x43 -/* XXXRW: Additional X11 tokens not defined? */ -#define AUT_CMD 0x51 -#define AUT_EXIT 0x52 -#define AUT_ZONENAME 0x60 -/* XXXRW: OpenBSM AUT_HOST 0x70? */ -#define AUT_ARG64 0x71 -#define AUT_RETURN64 0x72 -#define AUT_ATTR64 0x73 -#define AUT_HEADER64 0x74 -#define AUT_SUBJECT64 0x75 -#define AUT_SERVER64 0x76 -#define AUT_PROCESS64 0x77 -#define AUT_OTHER_FILE64 0x78 -#define AUT_HEADER64_EX 0x79 -#define AUT_SUBJECT32_EX 0x7a -#define AUT_PROCESS32_EX 0x7b -#define AUT_SUBJECT64_EX 0x7c -#define AUT_PROCESS64_EX 0x7d -#define AUT_IN_ADDR_EX 0x7e -#define AUT_SOCKET_EX 0x7f - -/* - * Pre-64-bit BSM, 32-bit tokens weren't explicitly named as '32'. We have - * compatibility defines. - */ -#define AUT_HEADER AUT_HEADER32 -#define AUT_ARG AUT_ARG32 -#define AUT_RETURN AUT_RETURN32 -#define AUT_SUBJECT AUT_SUBJECT32 -#define AUT_SERVER AUT_SERVER32 -#define AUT_PROCESS AUT_PROCESS32 -#define AUT_OTHER_FILE AUT_OTHER_FILE32 - -/* - * Darwin's bsm distribution uses the following non-BSM token name defines. - * We provide them for a single OpenBSM release for compatibility reasons. - */ -#define AU_FILE_TOKEN AUT_OTHER_FILE32 -#define AU_TRAILER_TOKEN AUT_TRAILER -#define AU_HEADER_32_TOKEN AUT_HEADER32 -#define AU_DATA_TOKEN AUT_DATA -#define AU_ARB_TOKEN AUT_DATA -#define AU_IPC_TOKEN AUT_IPC -#define AU_PATH_TOKEN AUT_PATH -#define AU_SUBJECT_32_TOKEN AUT_SUBJECT32 -#define AU_PROCESS_32_TOKEN AUT_PROCESS32 -#define AU_RETURN_32_TOKEN AUT_RETURN32 -#define AU_TEXT_TOKEN AUT_TEXT -#define AU_OPAQUE_TOKEN AUT_OPAQUE -#define AU_IN_ADDR_TOKEN AUT_IN_ADDR -#define AU_IP_TOKEN AUT_IP -#define AU_IPORT_TOKEN AUT_IPORT -#define AU_ARG32_TOKEN AUT_ARG32 -#define AU_SOCK_TOKEN AUT_SOCKET -#define AU_SEQ_TOKEN AUT_SEQ -#define AU_ATTR_TOKEN AUT_ATTR -#define AU_IPCPERM_TOKEN AUT_IPC_PERM -#define AU_NEWGROUPS_TOKEN AUT_NEWGROUPS -#define AU_EXEC_ARG_TOKEN AUT_EXEC_ARGS -#define AU_EXEC_ENV_TOKEN AUT_EXEC_ENV -#define AU_ATTR32_TOKEN AUT_ATTR32 -#define AU_CMD_TOKEN AUT_CMD -#define AU_EXIT_TOKEN AUT_EXIT -#define AU_ARG64_TOKEN AUT_ARG64 -#define AU_RETURN_64_TOKEN AUT_RETURN64 -#define AU_ATTR64_TOKEN AUT_ATTR64 -#define AU_HEADER_64_TOKEN AUT_HEADER64 -#define AU_SUBJECT_64_TOKEN AUT_SUBJECT64 -#define AU_PROCESS_64_TOKEN AUT_PROCESS64 -#define AU_HEADER_64_EX_TOKEN AUT_HEADER64_EX -#define AU_SUBJECT_32_EX_TOKEN AUT_SUBJECT32_EX -#define AU_PROCESS_32_EX_TOKEN AUT_PROCESS32_EX -#define AU_SUBJECT_64_EX_TOKEN AUT_SUBJECT64_EX -#define AU_PROCESS_64_EX_TOKEN AUT_PROCESS64_EX -#define AU_IN_ADDR_EX_TOKEN AUT_IN_ADDR_EX -#define AU_SOCK_32_EX_TOKEN AUT_SOCKET_EX - -/* - * The values for the following token ids are not defined by BSM. - * - * XXXRW: Not sure how to handle these in OpenBSM yet, but I'll give them - * names more consistent with Sun's BSM. These originally came from Apple's - * BSM. - */ -#define AUT_SOCKINET32 0x80 /* XXX */ -#define AUT_SOCKINET128 0x81 /* XXX */ -#define AUT_SOCKUNIX 0x82 /* XXX */ -#define AU_SOCK_INET_32_TOKEN AUT_SOCKINET32 -#define AU_SOCK_INET_128_TOKEN AUT_SOCKINET128 -#define AU_SOCK_UNIX_TOKEN AUT_SOCKUNIX - -/* print values for the arbitrary token */ -#define AUP_BINARY 0 -#define AUP_OCTAL 1 -#define AUP_DECIMAL 2 -#define AUP_HEX 3 -#define AUP_STRING 4 - -/* data-types for the arbitrary token */ -#define AUR_BYTE 0 -#define AUR_CHAR AUR_BYTE -#define AUR_SHORT 1 -#define AUR_INT32 2 -#define AUR_INT AUR_INT32 -#define AUR_INT64 3 - -/* ... and their sizes */ -#define AUR_BYTE_SIZE sizeof(u_char) -#define AUR_CHAR_SIZE AUR_BYTE_SIZE -#define AUR_SHORT_SIZE sizeof(uint16_t) -#define AUR_INT32_SIZE sizeof(uint32_t) -#define AUR_INT_SIZE AUR_INT32_SIZE -#define AUR_INT64_SIZE sizeof(uint64_t) - -/* Modifiers for the header token */ -#define PAD_NOTATTR 0x4000 /* nonattributable event */ -#define PAD_FAILURE 0x8000 /* fail audit event */ - -#define AUDIT_MAX_GROUPS 16 - -/* - * A number of BSM versions are floating around and defined. Here are - * constants for them. OpenBSM uses the same token types, etc, used in the - * Solaris BSM version, but has a separate version number in order to - * identify a potentially different event identifier name space. - */ -#define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */ -#define AUDIT_HEADER_VERSION_SOLARIS 2 -#define AUDIT_HEADER_VERSION_TSOL25 3 -#define AUDIT_HEADER_VERSION_TSOL 4 -#define AUDIT_HEADER_VERSION_OPENBSM 10 - -/* - * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we - * split the difference, will remove the Apple define for the next release. - */ -#define AUT_TRAILER_MAGIC 0xb105 -#define TRAILER_PAD_MAGIC AUT_TRAILER_MAGIC - -/* BSM library calls */ - -__BEGIN_DECLS - -struct in_addr; -struct in6_addr; -struct ip; -struct ipc_perm; -struct kevent; -struct sockaddr_in; -struct sockaddr_in6; -struct sockaddr_un; -#if defined(_KERNEL) || defined(KERNEL) -struct vnode_au_info; -#endif - -int au_open(void); -int au_write(int d, token_t *m); -int au_close(int d, int keep, short event); -int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen); -int au_close_token(token_t *tok, u_char *buffer, size_t *buflen); - -token_t *au_to_file(char *file, struct timeval tm); - -token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, - struct timeval tm); -token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, - struct timeval tm); -#if !defined(KERNEL) && !defined(_KERNEL) -token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); -token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); -token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); -#endif - -token_t *au_to_me(void); -token_t *au_to_arg(char n, char *text, uint32_t v); -token_t *au_to_arg32(char n, char *text, uint32_t v); -token_t *au_to_arg64(char n, char *text, uint64_t v); - -#if defined(_KERNEL) || defined(KERNEL) -token_t *au_to_attr(struct vnode_au_info *vni); -token_t *au_to_attr32(struct vnode_au_info *vni); -token_t *au_to_attr64(struct vnode_au_info *vni); -#endif - -token_t *au_to_data(char unit_print, char unit_type, char unit_count, - char *p); -token_t *au_to_exit(int retval, int err); -token_t *au_to_groups(int *groups); -token_t *au_to_newgroups(uint16_t n, gid_t *groups); -token_t *au_to_in_addr(struct in_addr *internet_addr); -token_t *au_to_in_addr_ex(struct in6_addr *internet_addr); -token_t *au_to_ip(struct ip *ip); -token_t *au_to_ipc(char type, int id); -token_t *au_to_ipc_perm(struct ipc_perm *perm); -token_t *au_to_iport(uint16_t iport); -token_t *au_to_opaque(char *data, uint16_t bytes); -token_t *au_to_path(char *path); -token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); -token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); -token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); -token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, - uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, - au_tid_addr_t *tid); -token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_return(char status, uint32_t ret); -token_t *au_to_return32(char status, uint32_t ret); -token_t *au_to_return64(char status, uint64_t ret); -token_t *au_to_seq(long audit_count); - -#if defined(_KERNEL) || defined(KERNEL) -token_t *au_to_socket(struct socket *so); -token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la, - struct sockaddr *ta); -token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la, - struct sockaddr *ta); -#endif - -token_t *au_to_sock_inet(struct sockaddr_in *so); -token_t *au_to_sock_inet32(struct sockaddr_in *so); -token_t *au_to_sock_inet128(struct sockaddr_in6 *so); -token_t *au_to_sock_unix(struct sockaddr_un *so); -token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); -token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); -token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); -token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, - gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); -#if defined(_KERNEL) || defined(KERNEL) -token_t *au_to_exec_args(char *args, int argc); -token_t *au_to_exec_env(char *envs, int envc); -#else -token_t *au_to_exec_args(char **argv); -token_t *au_to_exec_env(char **envp); -#endif -token_t *au_to_text(char *text); -token_t *au_to_kevent(struct kevent *kev); -token_t *au_to_trailer(int rec_size); -token_t *au_to_zonename(char *zonename); - -__END_DECLS - -#endif /* ! _BSM_AUDIT_RECORD_H_ */ diff --git a/bsm/audit_uevents.h b/bsm/audit_uevents.h index 0493e31..03d0f9b 100644 --- a/bsm/audit_uevents.h +++ b/bsm/audit_uevents.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#7 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#8 $ */ #ifndef _BSM_AUDIT_UEVENTS_H_ diff --git a/bsm/libbsm.h b/bsm/libbsm.h index b1a9731..97b9530 100644 --- a/bsm/libbsm.h +++ b/bsm/libbsm.h @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. +/*- + * Copyright (c) 2004 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,7 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#33 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#35 $ */ #ifndef _LIBBSM_H_ @@ -82,6 +82,7 @@ #define FLAGS_CONTROL_ENTRY "flags" #define NA_CONTROL_ENTRY "naflags" #define POLICY_CONTROL_ENTRY "policy" +#define AUDIT_HOST_CONTROL_ENTRY "host" #define AU_CLASS_NAME_MAX 8 #define AU_CLASS_DESC_MAX 72 @@ -764,6 +765,7 @@ int getacfilesz(size_t *size_val); int getacflg(char *auditstr, int len); int getacna(char *auditstr, int len); int getacpol(char *auditstr, size_t len); +int getachost(char *auditstr, size_t len); int getauditflagsbin(char *auditstr, au_mask_t *masks); int getauditflagschar(char *auditstr, au_mask_t *masks, int verbose); |
