PERFORCE change 154331 for review

Robert Watson rwatson at FreeBSD.org
Mon Dec 8 03:58:03 PST 2008 

http://perforce.freebsd.org/chv.cgi?CH=154331

Change 154331 by rwatson at rwatson_cinnamon_macosx on 2008/12/08 11:57:57

	Redo numbering scheme for userspace events to avoid collisions with
	the Solaris allocation scheme; adopt a more formal allocation
	scheme for OpenBSM.  Allocate an event for Calife.  Adding some
	events from Solaris that will be of immediate use in Mac OS X and
	FreeBSD.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/NEWS#19 edit
.. //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#9 edit
.. //depot/projects/trustedbsd/openbsm/etc/audit_event#33 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/NEWS#19 (text+ko) ====

@@ -5,6 +5,10 @@
 - With the addition of BSM error number mapping, we also need to map the
   local error number passed to audit_submit(3) to a BSM error number, rather
   than have the caller perform that conversion.
+- Reallocate user audit events to avoid collisions with Solaris; adopt a more
+  formal allocation scheme, and add some events allocated in Solaris that
+  will be of immediate use on other platforms.
+- Add an event for Calife.
 
 OpenBSM 1.1 alpha 3
 
@@ -369,4 +373,4 @@
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/NEWS#18 $
+$P4: //depot/projects/trustedbsd/openbsm/NEWS#19 $

==== //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#9 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2004 Apple Inc.
+ * Copyright (c) 2004-2008 Apple Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,22 +26,14 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#8 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_uevents.h#9 $
  */
 
 #ifndef _BSM_AUDIT_UEVENTS_H_
 #define	_BSM_AUDIT_UEVENTS_H_
 
-/*-
- * User level audit event numbers
- *
- * Range of audit event numbers:
- * 0			Reserved, invalid
- * 1     - 2047		Reserved for kernel events
- * 2048  - 32767	Defined by BSM for user events
- * 32768 - 36864	Reserved for Mac OS-X applications
- * 36865 - 65535	Reserved for applications
- *
+/*
+ * Solaris userspace events.
  */
 #define	AUE_at_create		6144
 #define	AUE_at_delete		6145
@@ -70,8 +62,13 @@
 #define	AUE_shutdown		6168
 #define	AUE_poweroff		6169
 #define	AUE_crontab_mod		6170
-#define	AUE_audit_startup	6171
-#define	AUE_audit_shutdown	6172
+#define	AUE_ftpd_logout		6171
+#define	AUE_ssh			6172
+#define	AUE_role_login		6173
+#define	AUE_prof_cmd		6180
+#define	AUE_filesystem_add	6181
+#define	AUE_filesystem_delete	6182
+#define	AUE_filesystem_modify	6183
 #define	AUE_allocate_succ	6200
 #define	AUE_allocate_fail	6201
 #define	AUE_deallocate_succ	6202
@@ -83,20 +80,62 @@
 #define	AUE_delete_user		6209
 #define	AUE_disable_user	6210
 #define	AUE_enable_user		6211
-#define	AUE_sudo		6300
-#define	AUE_modify_password	6501	/* Not assigned by Sun. */
-#define	AUE_create_group	6511	/* Not assigned by Sun. */
-#define	AUE_delete_group	6512	/* Not assigned by Sun. */
-#define	AUE_modify_group	6513	/* Not assigned by Sun. */
-#define	AUE_add_to_group	6514	/* Not assigned by Sun. */
-#define	AUE_remove_from_group	6515	/* Not assigned by Sun. */
-#define	AUE_revoke_obj		6521	/* Not assigned by Sun; not used. */
-#define	AUE_lw_login		6600	/* Not assigned by Sun; tentative. */
-#define	AUE_lw_logout		6601	/* Not assigned by Sun; tentative. */
-#define	AUE_auth_user		7000	/* Not assigned by Sun. */
-#define	AUE_ssconn		7001	/* Not assigned by Sun. */
-#define	AUE_ssauthorize		7002	/* Not assigned by Sun. */
-#define	AUE_ssauthint		7003	/* Not assigned by Sun. */
+#define	AUE_newgrp_login	6212
+#define	AUE_admin_authentication	6213
+#define	AUE_kadmind_auth	6214
+#define	AUE_kadmind_unauth	6215
+#define	AUE_krb5kdc_as_req	6216
+#define	AUE_krb5kdc_tgs_req	6217
+#define	AUE_krb5kdc_tgs_req_2ndtktmm	6218
+#define	AUE_krb5kdc_tgs_req_alt_tgt	6219
+
+/*
+ * Historic Darwin use of the low event numbering space, which collided with
+ * the Solaris event space.  Now obsoleted and new, higher, event numbers
+ * assigned to make it easier to interpret Solaris events using the OpenBSM
+ * tools.
+ */
+#define	AUE_DARWIN_audit_startup	6171
+#define	AUE_DARWIN_audit_shutdown	6172
+#define	AUE_DARWIN_sudo			6300
+#define	AUE_DARWIN_modify_password	6501
+#define	AUE_DARWIN_create_group		6511
+#define	AUE_DARWIN_delete_group		6512
+#define	AUE_DARWIN_modify_group		6513
+#define	AUE_DARWIN_add_to_group		6514
+#define	AUE_DARWIN_remove_from_group	6515
+#define	AUE_DARWIN_revoke_obj		6521
+#define	AUE_DARWIN_lw_login		6600
+#define	AUE_DARWIN_lw_logout		6601
+#define	AUE_DARWIN_auth_user		7000
+#define	AUE_DARWIN_ssconn		7001
+#define	AUE_DARWIN_ssauthorize		7002
+#define	AUE_DARWIN_ssauthint		7003
+
+/*
+ * Historic/third-party appliation allocations of event idenfiers.
+ */
 #define	AUE_openssh		32800
 
+/*
+ * OpenBSM-managed application event space.
+ */
+#define	AUE_audit_startup	45000		/* Darwin-specific. */
+#define	AUE_audit_shutdown	45001		/* Darwin-specific. */
+#define	AUE_modify_password	45014		/* Darwin-specific. */
+#define	AUE_create_group	45015		/* Darwin-specific. */
+#define	AUE_delete_group	45016		/* Darwin-specific. */
+#define	AUE_modify_group	45017		/* Darwin-specific. */
+#define	AUE_add_to_group	45018		/* Darwin-specific. */
+#define	AUE_remove_from_group	45019		/* Darwin-specific. */
+#define	AUE_revoke_obj		45020		/* Darwin-specific. */
+#define	AUE_lw_login		45021		/* Darwin-specific. */
+#define	AUE_lw_logout		45022		/* Darwin-specific. */
+#define	AUE_auth_user		45023		/* Darwin-specific. */
+#define	AUE_ssconn		45024		/* Darwin-specific. */
+#define	AUE_ssauthorize		45025		/* Darwin-specific. */
+#define	AUE_ssauthint		45026		/* Darwin-specific. */
+#define	AUE_calife		45027		/* OpenBSM-allocated. */
+#define	AUE_sudo		45028		/* OpenBSM-allocated. */
+
 #endif /* !_BSM_AUDIT_UEVENTS_H_ */

==== //depot/projects/trustedbsd/openbsm/etc/audit_event#33 (text+ko) ====

@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#32 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#33 $
 #
 # The mapping between event identifiers and values is also hard-coded in
 # audit_kevents.h and audit_uevents.h, so changes must occur in both places,
@@ -550,32 +550,103 @@
 43188:AUE_CAP_ENTER:cap_enter(2):pc
 43189:AUE_CAP_GETMODE:cap_getmode(2):pc
 #
-# User space system events.
+# Solaris userspace events.
 #
+6144:AUE_at_create:at-create atjob:ad
+6145:AUE_at_delete:at-delete atjob (at or atrm):ad
+6146:AUE_at_perm:at-permission:no
+6147:AUE_cron_invoke:cron-invoke:ad
+6148:AUE_crontab_create:crontab-crontab created:ad
+6149:AUE_crontab_delete:crontab-crontab deleted:ad
+6150:AUE_crontab_perm:crontab-permission:no
+6151:AUE_inetd_connect:inetd connection:na
 6152:AUE_login:login - local:lo
 6153:AUE_logout:logout - local:lo
+6154:AUE_telnet:login - telnet:lo
+6155:AUE_rlogin:login - rlogin:lo
+6156:AUE_mountd_mount:mount:na
+6157:AUE_mountd_umount:unmount:na
+6158:AUE_rshd:rsh access:lo
 6159:AUE_su:su(1):lo
 6160:AUE_halt:system halt:ad
+6161:AUE_reboot:system reboot:ad
+6162:AUE_rexecd:rexecd:lo
+6163:AUE_passwd:passwd:lo
+6164:AUE_rexd:rexd:lo
+6165:AUE_ftpd:ftp access:lo
+6166:AUE_init:init:lo
+6167:AUE_uadmin:uadmin:no
 6168:AUE_shutdown:system shutdown:ad
-6171:AUE_audit_startup:audit startup:ad
-6172:AUE_audit_shutdown:audit shutdown:ad
+6168:AUE_poweroff:system poweroff:ad
+6170:AUE_crontab_mod:crontab-modify:ad
+6171:AUE_ftpd_logout:ftp logout:lo
+6172:AUE_ssh:login - ssh:lo
+6173:AUE_role_login:role login:lo
+6180:AUE_prof_cmd: profile command:ad
+6181:AUE_filesystem_add:add filesystem:ad
+6182:AUE_filesystem_delete:delete filesystem:ad
+6183:AUE_filesystem_modify:modify filesystem:ad
+6200:AUE_allocate_succ:allocate-device success:ot
+6201:AUE_allocate_fail:allocate-device failure:ot
+6202:AUE_deallocate_succ:deallocate-device success:ot
+6203:AUE_deallocate_fail:deallocate-device failure:ot
+6204:AUE_listdevice_succ:allocate-list devices success:ot
+6205:AUE_listdevice_fail:allocate-list devices failure:ot
 6207:AUE_create_user:create user:ad
 6208:AUE_modify_user:modify user:ad
 6209:AUE_delete_user:delete user:ad
 6210:AUE_disable_user:disable user:ad
-6211:AUE_enable_user::ad
-6300:AUE_sudo:sudo(1):ad
-6501:AUE_modify_password:modify password:ad
-6511:AUE_create_group:create group:ad
-6512:AUE_delete_group:delete group:ad
-6513:AUE_modify_group:modify group:ad
-6514:AUE_add_to_group:add to group:ad
-6515:AUE_remove_from_group:remove from group:ad
-6521:AUE_revoke_obj:revoke object priv:fm
-6600:AUE_lw_login:loginwindow login:lo
-6601:AUE_lw_logout:loginwindow logout:lo
-7000:AUE_auth_user:user authentication:ad
-7001:AUE_ssconn:SecSrvr connection setup:ad
-7002:AUE_ssauthorize:SecSrvr AuthEngine:ad
-7003:AUE_ssauthint:SecSrvr authinternal mech:ad
+6211:AUE_enable_user:enable users:ad
+6212:AUE_newgrp_login:newgrp login:lo
+6213:AUE_admin_authenticate:admin login:lo
+6214:AUE_kadmind_auth:authenticated kadmind request:ua
+6215:AUE_kadmind_unauth:unauthenticated kadmind req:ua
+6216:AUE_krb5kdc_as_req:kdc authentication svc request:ap
+6217:AUE_krb5kdc_tgs_req:kdc tkt-grant svc request:ap
+6218:AUE_krb5kdc_tgs_req_2ndtktmm:kdc tgs 2ndtkt mismtch:ap
+6219:AUE_krb5kdc_tgs_req_alt_tgt:kdc tgs issue alt tgt:ap
+#
+# Historic Darwin use of low event numbering space, which collided with the
+# Solaris event space.  Now obsoleted and new, higher, event numbers assigned
+# to make it easier to interpret Solaris events using the OpenBSM tools.
+#
+6171:AUE_DARWIN_audit_startup:audit startup:ad
+6172:AUE_DARWIN_audit_shutdown:audit shutdown:ad
+6300:AUE_DARWIN_sudo:sudo(1):ad
+6501:AUE_DARWIN_modify_password:modify password:ad
+6511:AUE_DARWIN_create_group:create group:ad
+6512:AUE_DARWIN_delete_group:delete group:ad
+6513:AUE_DARWIN_modify_group:modify group:ad
+6514:AUE_DARWIN_add_to_group:add to group:ad
+6515:AUE_DARWIN_remove_from_group:remove from group:ad
+6521:AUE_DARWIN_revoke_obj:revoke object priv:fm
+6600:AUE_DARWIN_lw_login:loginwindow login:lo
+6601:AUE_DARWIN_lw_logout:loginwindow logout:lo
+7000:AUE_DARWIN_auth_user:user authentication:ad
+7001:AUE_DARWIN_ssconn:SecSrvr connection setup:ad
+7002:AUE_DARWIN_ssauthorize:SecSrvr AuthEngine:ad
+7003:AUE_DARWIN_ssauthint:SecSrvr authinternal mech:ad
+#
+# Historic/third-party application allocations of event identifiers.
+#
 32800:AUE_openssh:OpenSSH login:lo
+#
+# OpenBSM-managed application event space.
+#
+45000:AUE_audit_startup:audit startup:ad
+45001:AUE_audit_shutdown:audit shutdown:ad
+45014:AUE_modify_password:modify password:ad
+45015:AUE_create_group:create group:ad
+45016:AUE_delete_group:delete group:ad
+45017:AUE_modify_group:modify group:ad
+45018:AUE_add_to_group:add to group:ad
+45019:AUE_remove_from_group:remove from group:ad
+45020:AUE_revoke_obj:revoke object priv:fm
+45021:AUE_lw_login:loginwindow login:lo
+45022:AUE_lw_logout:loginwindow logout:lo
+45023:AUE_auth_user:user authentication:ad
+45024:AUE_ssconn:SecSrvr connection setup:ad
+45025:AUE_ssauthorize:SecSrvr AuthEngine:ad
+45026:AUE_ssauthint:SecSrvr authinternal mech:ad
+45027:AUE_calife:Calife:ad
+45028:AUE_sudo:sudo(1):ad

More information about the p4-projects mailing list