Index: stable/10/sys/bsm/audit.h =================================================================== --- stable/10/sys/bsm/audit.h (revision 293162) +++ stable/10/sys/bsm/audit.h (revision 293163) @@ -1,328 +1,327 @@ /*- * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#10 * $FreeBSD$ */ #ifndef _BSM_AUDIT_H #define _BSM_AUDIT_H #include #include #define AUDIT_RECORD_MAGIC 0x828a0f1b #define MAX_AUDIT_RECORDS 20 #define MAXAUDITDATA (0x8000 - 1) #define MAX_AUDIT_RECORD_SIZE MAXAUDITDATA #define MIN_AUDIT_FILE_SIZE (512 * 1024) /* * Minimum noumber of free blocks on the filesystem containing the audit * log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0 * as the kernel does an unsigned compare, plus we want to leave a few blocks * free so userspace can terminate the log, etc. */ #define AUDIT_HARD_LIMIT_FREE_BLOCKS 4 /* * Triggers for the audit daemon. */ #define AUDIT_TRIGGER_MIN 1 #define AUDIT_TRIGGER_LOW_SPACE 1 /* Below low watermark. */ #define AUDIT_TRIGGER_ROTATE_KERNEL 2 /* Kernel requests rotate. */ #define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */ #define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */ #define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */ #define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests rotate. */ #define AUDIT_TRIGGER_INITIALIZE 7 /* User initialize of auditd. */ #define AUDIT_TRIGGER_EXPIRE_TRAILS 8 /* User expiration of trails. */ #define AUDIT_TRIGGER_MAX 8 /* * The special device filename (FreeBSD). */ #define AUDITDEV_FILENAME "audit" #define AUDIT_TRIGGER_FILE ("/dev/" AUDITDEV_FILENAME) /* * Pre-defined audit IDs */ #define AU_DEFAUDITID (uid_t)(-1) #define AU_DEFAUDITSID 0 #define AU_ASSIGN_ASID -1 /* * IPC types. */ #define AT_IPC_MSG ((u_char)1) /* Message IPC id. */ #define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */ #define AT_IPC_SHM ((u_char)3) /* Shared mem IPC id. */ /* * Audit conditions. */ #define AUC_UNSET 0 #define AUC_AUDITING 1 #define AUC_NOAUDIT 2 #define AUC_DISABLED -1 /* * auditon(2) commands. */ #define A_OLDGETPOLICY 2 #define A_OLDSETPOLICY 3 #define A_GETKMASK 4 #define A_SETKMASK 5 #define A_OLDGETQCTRL 6 #define A_OLDSETQCTRL 7 #define A_GETCWD 8 #define A_GETCAR 9 #define A_GETSTAT 12 #define A_SETSTAT 13 #define A_SETUMASK 14 #define A_SETSMASK 15 #define A_OLDGETCOND 20 #define A_OLDSETCOND 21 #define A_GETCLASS 22 #define A_SETCLASS 23 #define A_GETPINFO 24 #define A_SETPMASK 25 #define A_SETFSIZE 26 #define A_GETFSIZE 27 #define A_GETPINFO_ADDR 28 #define A_GETKAUDIT 29 #define A_SETKAUDIT 30 #define A_SENDTRIGGER 31 #define A_GETSINFO_ADDR 32 #define A_GETPOLICY 33 #define A_SETPOLICY 34 #define A_GETQCTRL 35 #define A_SETQCTRL 36 #define A_GETCOND 37 #define A_SETCOND 38 /* * Audit policy controls. */ #define AUDIT_CNT 0x0001 #define AUDIT_AHLT 0x0002 #define AUDIT_ARGV 0x0004 #define AUDIT_ARGE 0x0008 #define AUDIT_SEQ 0x0010 #define AUDIT_WINDATA 0x0020 #define AUDIT_USER 0x0040 #define AUDIT_GROUP 0x0080 #define AUDIT_TRAIL 0x0100 #define AUDIT_PATH 0x0200 #define AUDIT_SCNT 0x0400 #define AUDIT_PUBLIC 0x0800 #define AUDIT_ZONENAME 0x1000 #define AUDIT_PERZONE 0x2000 /* * Default audit queue control parameters. */ #define AQ_HIWATER 100 #define AQ_MAXHIGH 10000 #define AQ_LOWATER 10 #define AQ_BUFSZ MAXAUDITDATA #define AQ_MAXBUFSZ 1048576 /* * Default minimum percentage free space on file system. */ #define AU_FS_MINFREE 20 /* * Type definitions used indicating the length of variable length addresses * in tokens containing addresses, such as header fields. */ #define AU_IPv4 4 #define AU_IPv6 16 __BEGIN_DECLS typedef uid_t au_id_t; typedef pid_t au_asid_t; typedef u_int16_t au_event_t; typedef u_int16_t au_emod_t; typedef u_int32_t au_class_t; typedef u_int64_t au_asflgs_t __attribute__ ((aligned (8))); struct au_tid { dev_t port; u_int32_t machine; }; typedef struct au_tid au_tid_t; struct au_tid_addr { dev_t at_port; u_int32_t at_type; u_int32_t at_addr[4]; }; typedef struct au_tid_addr au_tid_addr_t; struct au_mask { unsigned int am_success; /* Success bits. */ unsigned int am_failure; /* Failure bits. */ }; typedef struct au_mask au_mask_t; struct auditinfo { au_id_t ai_auid; /* Audit user ID. */ au_mask_t ai_mask; /* Audit masks. */ au_tid_t ai_termid; /* Terminal ID. */ au_asid_t ai_asid; /* Audit session ID. */ }; typedef struct auditinfo auditinfo_t; struct auditinfo_addr { au_id_t ai_auid; /* Audit user ID. */ au_mask_t ai_mask; /* Audit masks. */ au_tid_addr_t ai_termid; /* Terminal ID. */ au_asid_t ai_asid; /* Audit session ID. */ au_asflgs_t ai_flags; /* Audit session flags. */ }; typedef struct auditinfo_addr auditinfo_addr_t; struct auditpinfo { pid_t ap_pid; /* ID of target process. */ au_id_t ap_auid; /* Audit user ID. */ au_mask_t ap_mask; /* Audit masks. */ au_tid_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ }; typedef struct auditpinfo auditpinfo_t; struct auditpinfo_addr { pid_t ap_pid; /* ID of target process. */ au_id_t ap_auid; /* Audit user ID. */ au_mask_t ap_mask; /* Audit masks. */ au_tid_addr_t ap_termid; /* Terminal ID. */ au_asid_t ap_asid; /* Audit session ID. */ au_asflgs_t ap_flags; /* Audit session flags. */ }; typedef struct auditpinfo_addr auditpinfo_addr_t; struct au_session { auditinfo_addr_t *as_aia_p; /* Ptr to full audit info. */ au_mask_t as_mask; /* Process Audit Masks. */ }; typedef struct au_session au_session_t; /* * Contents of token_t are opaque outside of libbsm. */ typedef struct au_token token_t; /* * Kernel audit queue control parameters: * Default: Maximum: * aq_hiwater: AQ_HIWATER (100) AQ_MAXHIGH (10000) * aq_lowater: AQ_LOWATER (10) mach_port_name_t audit_session_self(void); au_asid_t audit_session_join(mach_port_name_t port); #endif /* __APPLE_API_PRIVATE */ #endif /* defined(_KERNEL) || defined(KERNEL) */ __END_DECLS #endif /* !_BSM_AUDIT_H */ Index: stable/10/sys/bsm/audit_domain.h =================================================================== --- stable/10/sys/bsm/audit_domain.h (revision 293162) +++ stable/10/sys/bsm/audit_domain.h (revision 293163) @@ -1,115 +1,114 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_domain.h#2 * $FreeBSD$ */ #ifndef _BSM_AUDIT_DOMAIN_H_ #define _BSM_AUDIT_DOMAIN_H_ /* * BSM protocol domain constants - protocol domains defined in Solaris. */ #define BSM_PF_UNSPEC 0 #define BSM_PF_LOCAL 1 #define BSM_PF_INET 2 #define BSM_PF_IMPLINK 3 #define BSM_PF_PUP 4 #define BSM_PF_CHAOS 5 #define BSM_PF_NS 6 #define BSM_PF_NBS 7 /* Solaris-specific. */ #define BSM_PF_ECMA 8 #define BSM_PF_DATAKIT 9 #define BSM_PF_CCITT 10 #define BSM_PF_SNA 11 #define BSM_PF_DECnet 12 #define BSM_PF_DLI 13 #define BSM_PF_LAT 14 #define BSM_PF_HYLINK 15 #define BSM_PF_APPLETALK 16 #define BSM_PF_NIT 17 /* Solaris-specific. */ #define BSM_PF_802 18 /* Solaris-specific. */ #define BSM_PF_OSI 19 #define BSM_PF_X25 20 /* Solaris/Linux-specific. */ #define BSM_PF_OSINET 21 /* Solaris-specific. */ #define BSM_PF_GOSIP 22 /* Solaris-specific. */ #define BSM_PF_IPX 23 #define BSM_PF_ROUTE 24 #define BSM_PF_LINK 25 #define BSM_PF_INET6 26 #define BSM_PF_KEY 27 #define BSM_PF_NCA 28 /* Solaris-specific. */ #define BSM_PF_POLICY 29 /* Solaris-specific. */ #define BSM_PF_INET_OFFLOAD 30 /* Solaris-specific. */ /* * BSM protocol domain constants - protocol domains not defined in Solaris. */ #define BSM_PF_NETBIOS 500 /* FreeBSD/Darwin-specific. */ #define BSM_PF_ISO 501 /* FreeBSD/Darwin-specific. */ #define BSM_PF_XTP 502 /* FreeBSD/Darwin-specific. */ #define BSM_PF_COIP 503 /* FreeBSD/Darwin-specific. */ #define BSM_PF_CNT 504 /* FreeBSD/Darwin-specific. */ #define BSM_PF_RTIP 505 /* FreeBSD/Darwin-specific. */ #define BSM_PF_SIP 506 /* FreeBSD/Darwin-specific. */ #define BSM_PF_PIP 507 /* FreeBSD/Darwin-specific. */ #define BSM_PF_ISDN 508 /* FreeBSD/Darwin-specific. */ #define BSM_PF_E164 509 /* FreeBSD/Darwin-specific. */ #define BSM_PF_NATM 510 /* FreeBSD/Darwin-specific. */ #define BSM_PF_ATM 511 /* FreeBSD/Darwin-specific. */ #define BSM_PF_NETGRAPH 512 /* FreeBSD/Darwin-specific. */ #define BSM_PF_SLOW 513 /* FreeBSD-specific. */ #define BSM_PF_SCLUSTER 514 /* FreeBSD-specific. */ #define BSM_PF_ARP 515 /* FreeBSD-specific. */ #define BSM_PF_BLUETOOTH 516 /* FreeBSD-specific. */ /* 517: unallocated. */ #define BSM_PF_AX25 518 /* Linux-specific. */ #define BSM_PF_ROSE 519 /* Linux-specific. */ #define BSM_PF_NETBEUI 520 /* Linux-specific. */ #define BSM_PF_SECURITY 521 /* Linux-specific. */ #define BSM_PF_PACKET 522 /* Linux-specific. */ #define BSM_PF_ASH 523 /* Linux-specific. */ #define BSM_PF_ECONET 524 /* Linux-specific. */ #define BSM_PF_ATMSVC 525 /* Linux-specific. */ #define BSM_PF_IRDA 526 /* Linux-specific. */ #define BSM_PF_PPPOX 527 /* Linux-specific. */ #define BSM_PF_WANPIPE 528 /* Linux-specific. */ #define BSM_PF_LLC 529 /* Linux-specific. */ #define BSM_PF_CAN 530 /* Linux-specific. */ #define BSM_PF_TIPC 531 /* Linux-specific. */ #define BSM_PF_IUCV 532 /* Linux-specific. */ #define BSM_PF_RXRPC 533 /* Linux-specific. */ #define BSM_PF_PHONET 534 /* Linux-specific. */ /* * Used when there is no mapping from a local to BSM protocol domain. */ #define BSM_PF_UNKNOWN 700 /* OpenBSM-specific. */ #endif /* !_BSM_AUDIT_DOMAIN_H_ */ Index: stable/10/sys/bsm/audit_errno.h =================================================================== --- stable/10/sys/bsm/audit_errno.h (revision 293162) +++ stable/10/sys/bsm/audit_errno.h (revision 293163) @@ -1,217 +1,216 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#7 * $FreeBSD$ */ #ifndef _BSM_AUDIT_ERRNO_H_ #define _BSM_AUDIT_ERRNO_H_ /* * For the purposes of portable encoding, we convert between local error * numbers and Solaris error numbers (as well as some extensions for error * numbers that don't exist in Solaris). Although the first 35 or so * constants are the same across all OS's, we don't handle that in any * special way. * * When adding constants here, also add them to bsm_errno.c. */ #define BSM_ERRNO_ESUCCESS 0 #define BSM_ERRNO_EPERM 1 #define BSM_ERRNO_ENOENT 2 #define BSM_ERRNO_ESRCH 3 #define BSM_ERRNO_EINTR 4 #define BSM_ERRNO_EIO 5 #define BSM_ERRNO_ENXIO 6 #define BSM_ERRNO_E2BIG 7 #define BSM_ERRNO_ENOEXEC 8 #define BSM_ERRNO_EBADF 9 #define BSM_ERRNO_ECHILD 10 #define BSM_ERRNO_EAGAIN 11 #define BSM_ERRNO_ENOMEM 12 #define BSM_ERRNO_EACCES 13 #define BSM_ERRNO_EFAULT 14 #define BSM_ERRNO_ENOTBLK 15 #define BSM_ERRNO_EBUSY 16 #define BSM_ERRNO_EEXIST 17 #define BSM_ERRNO_EXDEV 18 #define BSM_ERRNO_ENODEV 19 #define BSM_ERRNO_ENOTDIR 20 #define BSM_ERRNO_EISDIR 21 #define BSM_ERRNO_EINVAL 22 #define BSM_ERRNO_ENFILE 23 #define BSM_ERRNO_EMFILE 24 #define BSM_ERRNO_ENOTTY 25 #define BSM_ERRNO_ETXTBSY 26 #define BSM_ERRNO_EFBIG 27 #define BSM_ERRNO_ENOSPC 28 #define BSM_ERRNO_ESPIPE 29 #define BSM_ERRNO_EROFS 30 #define BSM_ERRNO_EMLINK 31 #define BSM_ERRNO_EPIPE 32 #define BSM_ERRNO_EDOM 33 #define BSM_ERRNO_ERANGE 34 #define BSM_ERRNO_ENOMSG 35 #define BSM_ERRNO_EIDRM 36 #define BSM_ERRNO_ECHRNG 37 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EL2NSYNC 38 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EL3HLT 39 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EL3RST 40 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELNRNG 41 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EUNATCH 42 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOCSI 43 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EL2HLT 44 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EDEADLK 45 #define BSM_ERRNO_ENOLCK 46 #define BSM_ERRNO_ECANCELED 47 #define BSM_ERRNO_ENOTSUP 48 #define BSM_ERRNO_EDQUOT 49 #define BSM_ERRNO_EBADE 50 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EBADR 51 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EXFULL 52 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOANO 53 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EBADRQC 54 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EBADSLT 55 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EDEADLOCK 56 /* Solaris-specific. */ #define BSM_ERRNO_EBFONT 57 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EOWNERDEAD 58 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOTRECOVERABLE 59 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOSTR 60 /* Solaris/Darwin/Linux-specific. */ #define BSM_ERRNO_ENODATA 61 /* Solaris/Darwin/Linux-specific. */ #define BSM_ERRNO_ETIME 62 /* Solaris/Darwin/Linux-specific. */ #define BSM_ERRNO_ENOSR 63 /* Solaris/Darwin/Linux-specific. */ #define BSM_ERRNO_ENONET 64 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOPKG 65 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EREMOTE 66 #define BSM_ERRNO_ENOLINK 67 #define BSM_ERRNO_EADV 68 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ESRMNT 69 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ECOMM 70 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EPROTO 71 #define BSM_ERRNO_ELOCKUNMAPPED 72 /* Solaris-specific. */ #define BSM_ERRNO_ENOTACTIVE 73 /* Solaris-specific. */ #define BSM_ERRNO_EMULTIHOP 74 #define BSM_ERRNO_EBADMSG 77 #define BSM_ERRNO_ENAMETOOLONG 78 #define BSM_ERRNO_EOVERFLOW 79 #define BSM_ERRNO_ENOTUNIQ 80 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EBADFD 81 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EREMCHG 82 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELIBACC 83 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELIBBAD 84 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELIBSCN 85 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELIBMAX 86 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ELIBEXEC 87 /* Solaris/Linux-specific. */ #define BSM_ERRNO_EILSEQ 88 #define BSM_ERRNO_ENOSYS 89 #define BSM_ERRNO_ELOOP 90 #define BSM_ERRNO_ERESTART 91 #define BSM_ERRNO_ESTRPIPE 92 /* Solaris/Linux-specific. */ #define BSM_ERRNO_ENOTEMPTY 93 #define BSM_ERRNO_EUSERS 94 #define BSM_ERRNO_ENOTSOCK 95 #define BSM_ERRNO_EDESTADDRREQ 96 #define BSM_ERRNO_EMSGSIZE 97 #define BSM_ERRNO_EPROTOTYPE 98 #define BSM_ERRNO_ENOPROTOOPT 99 #define BSM_ERRNO_EPROTONOSUPPORT 120 #define BSM_ERRNO_ESOCKTNOSUPPORT 121 #define BSM_ERRNO_EOPNOTSUPP 122 #define BSM_ERRNO_EPFNOSUPPORT 123 #define BSM_ERRNO_EAFNOSUPPORT 124 #define BSM_ERRNO_EADDRINUSE 125 #define BSM_ERRNO_EADDRNOTAVAIL 126 #define BSM_ERRNO_ENETDOWN 127 #define BSM_ERRNO_ENETUNREACH 128 #define BSM_ERRNO_ENETRESET 129 #define BSM_ERRNO_ECONNABORTED 130 #define BSM_ERRNO_ECONNRESET 131 #define BSM_ERRNO_ENOBUFS 132 #define BSM_ERRNO_EISCONN 133 #define BSM_ERRNO_ENOTCONN 134 #define BSM_ERRNO_ESHUTDOWN 143 #define BSM_ERRNO_ETOOMANYREFS 144 #define BSM_ERRNO_ETIMEDOUT 145 #define BSM_ERRNO_ECONNREFUSED 146 #define BSM_ERRNO_EHOSTDOWN 147 #define BSM_ERRNO_EHOSTUNREACH 148 #define BSM_ERRNO_EALREADY 149 #define BSM_ERRNO_EINPROGRESS 150 #define BSM_ERRNO_ESTALE 151 /* * OpenBSM constants for error numbers not defined in Solaris. In the event * that these errors are added to Solaris, we will deprecate the OpenBSM * numbers in the same way we do for audit event constants. * * ELAST doesn't get a constant in the BSM space. */ #define BSM_ERRNO_EPROCLIM 190 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EBADRPC 191 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_ERPCMISMATCH 192 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EPROGUNAVAIL 193 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EPROGMISMATCH 194 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EPROCUNAVAIL 195 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EFTYPE 196 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EAUTH 197 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_ENEEDAUTH 198 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_ENOATTR 199 /* FreeBSD/Darwin-specific. */ #define BSM_ERRNO_EDOOFUS 200 /* FreeBSD-specific. */ #define BSM_ERRNO_EJUSTRETURN 201 /* FreeBSD-specific. */ #define BSM_ERRNO_ENOIOCTL 202 /* FreeBSD-specific. */ #define BSM_ERRNO_EDIRIOCTL 203 /* FreeBSD-specific. */ #define BSM_ERRNO_EPWROFF 204 /* Darwin-specific. */ #define BSM_ERRNO_EDEVERR 205 /* Darwin-specific. */ #define BSM_ERRNO_EBADEXEC 206 /* Darwin-specific. */ #define BSM_ERRNO_EBADARCH 207 /* Darwin-specific. */ #define BSM_ERRNO_ESHLIBVERS 208 /* Darwin-specific. */ #define BSM_ERRNO_EBADMACHO 209 /* Darwin-specific. */ #define BSM_ERRNO_EPOLICY 210 /* Darwin-specific. */ #define BSM_ERRNO_EDOTDOT 211 /* Linux-specific. */ #define BSM_ERRNO_EUCLEAN 212 /* Linux-specific. */ #define BSM_ERRNO_ENOTNAM 213 /* Linux(Xenix?)-specific. */ #define BSM_ERRNO_ENAVAIL 214 /* Linux(Xenix?)-specific. */ #define BSM_ERRNO_EISNAM 215 /* Linux(Xenix?)-specific. */ #define BSM_ERRNO_EREMOTEIO 216 /* Linux-specific. */ #define BSM_ERRNO_ENOMEDIUM 217 /* Linux-specific. */ #define BSM_ERRNO_EMEDIUMTYPE 218 /* Linux-specific. */ #define BSM_ERRNO_ENOKEY 219 /* Linux-specific. */ #define BSM_ERRNO_EKEYEXPIRED 220 /* Linux-specific. */ #define BSM_ERRNO_EKEYREVOKED 221 /* Linux-specific. */ #define BSM_ERRNO_EKEYREJECTED 222 /* Linux-specific. */ #define BSM_ERRNO_ENOTCAPABLE 223 /* FreeBSD-specific. */ #define BSM_ERRNO_ECAPMODE 224 /* FreeBSD-specific. */ /* * In the event that OpenBSM doesn't have a file representation of a local * error number, use this. */ #define BSM_ERRNO_UNKNOWN 250 /* OpenBSM-specific. */ #endif /* !_BSM_AUDIT_ERRNO_H_ */ Index: stable/10/sys/bsm/audit_fcntl.h =================================================================== --- stable/10/sys/bsm/audit_fcntl.h (revision 293162) +++ stable/10/sys/bsm/audit_fcntl.h (revision 293163) @@ -1,141 +1,140 @@ /*- * Copyright (c) 2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_fcntl.h#2 * $FreeBSD$ */ #ifndef _BSM_AUDIT_FCNTL_H_ #define _BSM_AUDIT_FCNTL_H_ /* * Shared and Solaris-specific: (0-99). */ #define BSM_F_DUPFD 0 #define BSM_F_GETFD 1 #define BSM_F_SETFD 2 #define BSM_F_GETFL 3 #define BSM_F_SETFL 4 #define BSM_F_O_GETLK 5 /* Solaris-specific. */ #define BSM_F_SETLK 6 #define BSM_F_SETLKW 7 #define BSM_F_CHKFL 8 /* Solaris-specific. */ #define BSM_F_DUP2FD 9 /* FreeBSD/Solaris-specific. */ #define BSM_F_ALLOCSP 10 /* Solaris-specific. */ #define BSM_F_FREESP 11 /* Solaris-specific. */ #define BSM_F_ISSTREAM 13 /* Solaris-specific. */ #define BSM_F_GETLK 14 #define BSM_F_PRIV 15 /* Solaris-specific. */ #define BSM_F_NPRIV 16 /* Solaris-specific. */ #define BSM_F_QUOTACTL 17 /* Solaris-specific. */ #define BSM_F_BLOCKS 18 /* Solaris-specific. */ #define BSM_F_BLKSIZE 19 /* Solaris-specific. */ #define BSM_F_GETOWN 23 #define BSM_F_SETOWN 24 #define BSM_F_REVOKE 25 /* Solaris-specific. */ #define BSM_F_HASREMOTELOCKS 26 /* Solaris-specific. */ #define BSM_F_FREESP64 27 /* Solaris-specific. */ #define BSM_F_ALLOCSP64 28 /* Solaris-specific. */ #define BSM_F_GETLK64 33 /* Solaris-specific. */ #define BSM_F_SETLK64 34 /* Solaris-specific. */ #define BSM_F_SETLKW64 35 /* Solaris-specific. */ #define BSM_F_SHARE 40 /* Solaris-specific. */ #define BSM_F_UNSHARE 41 /* Solaris-specific. */ #define BSM_F_SETLK_NBMAND 42 /* Solaris-specific. */ #define BSM_F_SHARE_NBMAND 43 /* Solaris-specific. */ #define BSM_F_SETLK64_NBMAND 44 /* Solaris-specific. */ #define BSM_F_GETXFL 45 /* Solaris-specific. */ #define BSM_F_BADFD 46 /* Solaris-specific. */ /* * FreeBSD-specific (100-199). */ #define BSM_F_OGETLK 107 /* FreeBSD-specific. */ #define BSM_F_OSETLK 108 /* FreeBSD-specific. */ #define BSM_F_OSETLKW 109 /* FreeBSD-specific. */ #define BSM_F_SETLK_REMOTE 114 /* FreeBSD-specific. */ /* * Linux-specific (200-299). */ #define BSM_F_SETSIG 210 /* Linux-specific. */ #define BSM_F_GETSIG 211 /* Linux-specific. */ /* * Darwin-specific (300-399). */ #define BSM_F_CHKCLEAN 341 /* Darwin-specific. */ #define BSM_F_PREALLOCATE 342 /* Darwin-specific. */ #define BSM_F_SETSIZE 343 /* Darwin-specific. */ #define BSM_F_RDADVISE 344 /* Darwin-specific. */ #define BSM_F_RDAHEAD 345 /* Darwin-specific. */ #define BSM_F_READBOOTSTRAP 346 /* Darwin-specific. */ #define BSM_F_WRITEBOOTSTRAP 347 /* Darwin-specific. */ #define BSM_F_NOCACHE 348 /* Darwin-specific. */ #define BSM_F_LOG2PHYS 349 /* Darwin-specific. */ #define BSM_F_GETPATH 350 /* Darwin-specific. */ #define BSM_F_FULLFSYNC 351 /* Darwin-specific. */ #define BSM_F_PATHPKG_CHECK 352 /* Darwin-specific. */ #define BSM_F_FREEZE_FS 353 /* Darwin-specific. */ #define BSM_F_THAW_FS 354 /* Darwin-specific. */ #define BSM_F_GLOBAL_NOCACHE 355 /* Darwin-specific. */ #define BSM_F_OPENFROM 356 /* Darwin-specific. */ #define BSM_F_UNLINKFROM 357 /* Darwin-specific. */ #define BSM_F_CHECK_OPENEVT 358 /* Darwin-specific. */ #define BSM_F_ADDSIGS 359 /* Darwin-specific. */ #define BSM_F_MARKDEPENDENCY 360 /* Darwin-specific. */ /* * Darwin file system specific (400-499). */ #define BSM_F_FS_SPECIFIC_0 400 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_1 401 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_2 402 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_3 403 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_4 404 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_5 405 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_6 406 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_7 407 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_8 408 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_9 409 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_10 410 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_11 411 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_12 412 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_13 413 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_14 414 /* Darwin-fs-specific. */ #define BSM_F_FS_SPECIFIC_15 415 /* Darwin-fs-specific. */ #define BSM_F_UNKNOWN 0xFFFF #endif /* !_BSM_AUDIT_FCNTL_H_ */ Index: stable/10/sys/bsm/audit_internal.h =================================================================== --- stable/10/sys/bsm/audit_internal.h (revision 293162) +++ stable/10/sys/bsm/audit_internal.h (revision 293163) @@ -1,118 +1,117 @@ /*- * Copyright (c) 2005-2008 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * * This code was developed in part by Robert N. M. Watson, Senior Principal * Scientist, SPARTA, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#6 * $FreeBSD$ */ #ifndef _AUDIT_INTERNAL_H #define _AUDIT_INTERNAL_H #if defined(__linux__) && !defined(__unused) #define __unused #endif /* * audit_internal.h contains private interfaces that are shared by user space * and the kernel for the purposes of assembling audit records. Applications * should not include this file or use the APIs found within, or it may be * broken with future releases of OpenBSM, which may delete, modify, or * otherwise break these interfaces or the assumptions they rely on. */ struct au_token { u_char *t_data; size_t len; TAILQ_ENTRY(au_token) tokens; }; struct au_record { char used; /* Record currently in use? */ int desc; /* Descriptor for record. */ TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ u_char *data; size_t len; LIST_ENTRY(au_record) au_rec_q; }; typedef struct au_record au_record_t; /* * We could determined the header and trailer sizes by defining appropriate * structures. We hold off that approach until we have a consistent way of * using structures for all tokens. This is not straightforward since these * token structures may contain pointers of whose contents we do not know the * size (e.g text tokens). */ #define AUDIT_HEADER_EX_SIZE(a) ((a)->ai_termid.at_type+18+sizeof(u_int32_t)) #define AUDIT_HEADER_SIZE 18 #define MAX_AUDIT_HEADER_SIZE (5*sizeof(u_int32_t)+18) #define AUDIT_TRAILER_SIZE 7 /* * BSM token streams store fields in big endian byte order, so as to be * portable; when encoding and decoding, we must convert byte orders for * typed values. */ #define ADD_U_CHAR(loc, val) \ do { \ *(loc) = (val); \ (loc) += sizeof(u_char); \ } while(0) #define ADD_U_INT16(loc, val) \ do { \ be16enc((loc), (val)); \ (loc) += sizeof(u_int16_t); \ } while(0) #define ADD_U_INT32(loc, val) \ do { \ be32enc((loc), (val)); \ (loc) += sizeof(u_int32_t); \ } while(0) #define ADD_U_INT64(loc, val) \ do { \ be64enc((loc), (val)); \ (loc) += sizeof(u_int64_t); \ } while(0) #define ADD_MEM(loc, data, size) \ do { \ memcpy((loc), (data), (size)); \ (loc) += size; \ } while(0) #define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size) #endif /* !_AUDIT_INTERNAL_H_ */ Index: stable/10/sys/bsm/audit_kevents.h =================================================================== --- stable/10/sys/bsm/audit_kevents.h (revision 293162) +++ stable/10/sys/bsm/audit_kevents.h (revision 293163) @@ -1,809 +1,808 @@ /*- * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#7 * $FreeBSD$ */ #ifndef _BSM_AUDIT_KEVENTS_H_ #define _BSM_AUDIT_KEVENTS_H_ /* - * The reserved event numbers for kernel events are 1...2047 and 43001..44900. + * The reserved event numbers for kernel events are 1...2047 and 43001..44999. */ #define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \ ((e) > 43000 && (e) < 45000)) /* * Values marked as AUE_NULL are not required to be audited as per CAPP. * * Some conflicts exist in the assignment of name to event number mappings * between BSM implementations. In general, we prefer the OpenSolaris * definition as we consider Solaris BSM to be authoritative. _DARWIN_ has * been inserted for the Darwin variants. If necessary, other tags will be * added in the future. */ #define AUE_NULL 0 #define AUE_EXIT 1 #define AUE_FORK 2 #define AUE_FORKALL AUE_FORK /* Solaris-specific. */ #define AUE_OPEN 3 #define AUE_CREAT 4 #define AUE_LINK 5 #define AUE_UNLINK 6 #define AUE_DELETE AUE_UNLINK /* Darwin-specific. */ #define AUE_EXEC 7 #define AUE_CHDIR 8 #define AUE_MKNOD 9 #define AUE_CHMOD 10 #define AUE_CHOWN 11 #define AUE_UMOUNT 12 #define AUE_JUNK 13 /* Solaris-specific. */ #define AUE_ACCESS 14 #define AUE_KILL 15 #define AUE_STAT 16 #define AUE_LSTAT 17 #define AUE_ACCT 18 #define AUE_MCTL 19 /* Solaris-specific. */ #define AUE_REBOOT 20 /* XXX: Darwin conflict. */ #define AUE_SYMLINK 21 #define AUE_READLINK 22 #define AUE_EXECVE 23 #define AUE_CHROOT 24 #define AUE_VFORK 25 #define AUE_SETGROUPS 26 #define AUE_SETPGRP 27 #define AUE_SWAPON 28 #define AUE_SETHOSTNAME 29 /* XXX: Darwin conflict. */ #define AUE_FCNTL 30 #define AUE_SETPRIORITY 31 /* XXX: Darwin conflict. */ #define AUE_CONNECT 32 #define AUE_ACCEPT 33 #define AUE_BIND 34 #define AUE_SETSOCKOPT 35 #define AUE_VTRACE 36 /* Solaris-specific. */ #define AUE_SETTIMEOFDAY 37 /* XXX: Darwin conflict. */ #define AUE_FCHOWN 38 #define AUE_FCHMOD 39 #define AUE_SETREUID 40 #define AUE_SETREGID 41 #define AUE_RENAME 42 #define AUE_TRUNCATE 43 /* XXX: Darwin conflict. */ #define AUE_FTRUNCATE 44 /* XXX: Darwin conflict. */ #define AUE_FLOCK 45 /* XXX: Darwin conflict. */ #define AUE_SHUTDOWN 46 #define AUE_MKDIR 47 #define AUE_RMDIR 48 #define AUE_UTIMES 49 #define AUE_ADJTIME 50 #define AUE_SETRLIMIT 51 #define AUE_KILLPG 52 #define AUE_NFS_SVC 53 /* XXX: Darwin conflict. */ #define AUE_STATFS 54 #define AUE_FSTATFS 55 #define AUE_UNMOUNT 56 /* XXX: Darwin conflict. */ #define AUE_ASYNC_DAEMON 57 #define AUE_NFS_GETFH 58 /* XXX: Darwin conflict. */ #define AUE_SETDOMAINNAME 59 #define AUE_QUOTACTL 60 /* XXX: Darwin conflict. */ #define AUE_EXPORTFS 61 #define AUE_MOUNT 62 #define AUE_SEMSYS 63 #define AUE_MSGSYS 64 #define AUE_SHMSYS 65 #define AUE_BSMSYS 66 /* Solaris-specific. */ #define AUE_RFSSYS 67 /* Solaris-specific. */ #define AUE_FCHDIR 68 #define AUE_FCHROOT 69 #define AUE_VPIXSYS 70 /* Solaris-specific. */ #define AUE_PATHCONF 71 #define AUE_OPEN_R 72 #define AUE_OPEN_RC 73 #define AUE_OPEN_RT 74 #define AUE_OPEN_RTC 75 #define AUE_OPEN_W 76 #define AUE_OPEN_WC 77 #define AUE_OPEN_WT 78 #define AUE_OPEN_WTC 79 #define AUE_OPEN_RW 80 #define AUE_OPEN_RWC 81 #define AUE_OPEN_RWT 82 #define AUE_OPEN_RWTC 83 #define AUE_MSGCTL 84 #define AUE_MSGCTL_RMID 85 #define AUE_MSGCTL_SET 86 #define AUE_MSGCTL_STAT 87 #define AUE_MSGGET 88 #define AUE_MSGRCV 89 #define AUE_MSGSND 90 #define AUE_SHMCTL 91 #define AUE_SHMCTL_RMID 92 #define AUE_SHMCTL_SET 93 #define AUE_SHMCTL_STAT 94 #define AUE_SHMGET 95 #define AUE_SHMAT 96 #define AUE_SHMDT 97 #define AUE_SEMCTL 98 #define AUE_SEMCTL_RMID 99 #define AUE_SEMCTL_SET 100 #define AUE_SEMCTL_STAT 101 #define AUE_SEMCTL_GETNCNT 102 #define AUE_SEMCTL_GETPID 103 #define AUE_SEMCTL_GETVAL 104 #define AUE_SEMCTL_GETALL 105 #define AUE_SEMCTL_GETZCNT 106 #define AUE_SEMCTL_SETVAL 107 #define AUE_SEMCTL_SETALL 108 #define AUE_SEMGET 109 #define AUE_SEMOP 110 #define AUE_CORE 111 /* Solaris-specific, currently. */ #define AUE_CLOSE 112 #define AUE_SYSTEMBOOT 113 /* Solaris-specific. */ #define AUE_ASYNC_DAEMON_EXIT 114 /* Solaris-specific. */ #define AUE_NFSSVC_EXIT 115 /* Solaris-specific. */ #define AUE_WRITEL 128 /* Solaris-specific. */ #define AUE_WRITEVL 129 /* Solaris-specific. */ #define AUE_GETAUID 130 #define AUE_SETAUID 131 #define AUE_GETAUDIT 132 #define AUE_SETAUDIT 133 #define AUE_GETUSERAUDIT 134 /* Solaris-specific. */ #define AUE_SETUSERAUDIT 135 /* Solaris-specific. */ #define AUE_AUDITSVC 136 /* Solaris-specific. */ #define AUE_AUDITUSER 137 /* Solaris-specific. */ #define AUE_AUDITON 138 #define AUE_AUDITON_GTERMID 139 /* Solaris-specific. */ #define AUE_AUDITON_STERMID 140 /* Solaris-specific. */ #define AUE_AUDITON_GPOLICY 141 #define AUE_AUDITON_SPOLICY 142 #define AUE_AUDITON_GQCTRL 145 #define AUE_AUDITON_SQCTRL 146 #define AUE_GETKERNSTATE 147 /* Solaris-specific. */ #define AUE_SETKERNSTATE 148 /* Solaris-specific. */ #define AUE_GETPORTAUDIT 149 /* Solaris-specific. */ #define AUE_AUDITSTAT 150 /* Solaris-specific. */ #define AUE_REVOKE 151 #define AUE_MAC 152 /* Solaris-specific. */ #define AUE_ENTERPROM 153 /* Solaris-specific. */ #define AUE_EXITPROM 154 /* Solaris-specific. */ #define AUE_IFLOAT 155 /* Solaris-specific. */ #define AUE_PFLOAT 156 /* Solaris-specific. */ #define AUE_UPRIV 157 /* Solaris-specific. */ #define AUE_IOCTL 158 #define AUE_SOCKET 183 #define AUE_SENDTO 184 #define AUE_PIPE 185 #define AUE_SOCKETPAIR 186 /* XXX: Darwin conflict. */ #define AUE_SEND 187 #define AUE_SENDMSG 188 #define AUE_RECV 189 #define AUE_RECVMSG 190 #define AUE_RECVFROM 191 #define AUE_READ 192 #define AUE_GETDENTS 193 #define AUE_LSEEK 194 #define AUE_WRITE 195 #define AUE_WRITEV 196 #define AUE_NFS 197 /* Solaris-specific. */ #define AUE_READV 198 #define AUE_OSTAT 199 /* Solaris-specific. */ #define AUE_SETUID 200 /* XXXRW: Solaris old setuid? */ #define AUE_STIME 201 /* XXXRW: Solaris old stime? */ #define AUE_UTIME 202 /* XXXRW: Solaris old utime? */ #define AUE_NICE 203 /* XXXRW: Solaris old nice? */ #define AUE_OSETPGRP 204 /* Solaris-specific. */ #define AUE_SETGID 205 #define AUE_READL 206 /* Solaris-specific. */ #define AUE_READVL 207 /* Solaris-specific. */ #define AUE_FSTAT 208 #define AUE_DUP2 209 #define AUE_MMAP 210 #define AUE_AUDIT 211 #define AUE_PRIOCNTLSYS 212 /* Solaris-specific. */ #define AUE_MUNMAP 213 #define AUE_SETEGID 214 #define AUE_SETEUID 215 #define AUE_PUTMSG 216 /* Solaris-specific. */ #define AUE_GETMSG 217 /* Solaris-specific. */ #define AUE_PUTPMSG 218 /* Solaris-specific. */ #define AUE_GETPMSG 219 /* Solaris-specific. */ #define AUE_AUDITSYS 220 /* Solaris-specific. */ #define AUE_AUDITON_GETKMASK 221 #define AUE_AUDITON_SETKMASK 222 #define AUE_AUDITON_GETCWD 223 #define AUE_AUDITON_GETCAR 224 #define AUE_AUDITON_GETSTAT 225 #define AUE_AUDITON_SETSTAT 226 #define AUE_AUDITON_SETUMASK 227 #define AUE_AUDITON_SETSMASK 228 #define AUE_AUDITON_GETCOND 229 #define AUE_AUDITON_SETCOND 230 #define AUE_AUDITON_GETCLASS 231 #define AUE_AUDITON_SETCLASS 232 #define AUE_FUSERS 233 /* Solaris-specific; also UTSSYS? */ #define AUE_STATVFS 234 #define AUE_XSTAT 235 /* Solaris-specific. */ #define AUE_LXSTAT 236 /* Solaris-specific. */ #define AUE_LCHOWN 237 #define AUE_MEMCNTL 238 /* Solaris-specific. */ #define AUE_SYSINFO 239 /* Solaris-specific. */ #define AUE_XMKNOD 240 /* Solaris-specific. */ #define AUE_FORK1 241 #define AUE_MODCTL 242 /* Solaris-specific. */ #define AUE_MODLOAD 243 #define AUE_MODUNLOAD 244 #define AUE_MODCONFIG 245 /* Solaris-specific. */ #define AUE_MODADDMAJ 246 /* Solaris-specific. */ #define AUE_SOCKACCEPT 247 /* Solaris-specific. */ #define AUE_SOCKCONNECT 248 /* Solaris-specific. */ #define AUE_SOCKSEND 249 /* Solaris-specific. */ #define AUE_SOCKRECEIVE 250 /* Solaris-specific. */ #define AUE_ACLSET 251 #define AUE_FACLSET 252 #define AUE_DOORFS 253 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_CALL 254 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_RETURN 255 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_CREATE 256 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_REVOKE 257 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_INFO 258 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_CRED 259 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_BIND 260 /* Solaris-specific. */ #define AUE_DOORFS_DOOR_UNBIND 261 /* Solaris-specific. */ #define AUE_P_ONLINE 262 /* Solaris-specific. */ #define AUE_PROCESSOR_BIND 263 /* Solaris-specific. */ #define AUE_INST_SYNC 264 /* Solaris-specific. */ #define AUE_SOCKCONFIG 265 /* Solaris-specific. */ #define AUE_SETAUDIT_ADDR 266 #define AUE_GETAUDIT_ADDR 267 #define AUE_UMOUNT2 268 /* Solaris-specific. */ #define AUE_FSAT 269 /* Solaris-specific. */ #define AUE_OPENAT_R 270 #define AUE_OPENAT_RC 271 #define AUE_OPENAT_RT 272 #define AUE_OPENAT_RTC 273 #define AUE_OPENAT_W 274 #define AUE_OPENAT_WC 275 #define AUE_OPENAT_WT 276 #define AUE_OPENAT_WTC 277 #define AUE_OPENAT_RW 278 #define AUE_OPENAT_RWC 279 #define AUE_OPENAT_RWT 280 #define AUE_OPENAT_RWTC 281 #define AUE_RENAMEAT 282 #define AUE_FSTATAT 283 #define AUE_FCHOWNAT 284 #define AUE_FUTIMESAT 285 #define AUE_UNLINKAT 286 #define AUE_CLOCK_SETTIME 287 #define AUE_NTP_ADJTIME 288 #define AUE_SETPPRIV 289 /* Solaris-specific. */ #define AUE_MODDEVPLCY 290 /* Solaris-specific. */ #define AUE_MODADDPRIV 291 /* Solaris-specific. */ #define AUE_CRYPTOADM 292 /* Solaris-specific. */ #define AUE_CONFIGKSSL 293 /* Solaris-specific. */ #define AUE_BRANDSYS 294 /* Solaris-specific. */ #define AUE_PF_POLICY_ADDRULE 295 /* Solaris-specific. */ #define AUE_PF_POLICY_DELRULE 296 /* Solaris-specific. */ #define AUE_PF_POLICY_CLONE 297 /* Solaris-specific. */ #define AUE_PF_POLICY_FLIP 298 /* Solaris-specific. */ #define AUE_PF_POLICY_FLUSH 299 /* Solaris-specific. */ #define AUE_PF_POLICY_ALGS 300 /* Solaris-specific. */ #define AUE_PORTFS 301 /* Solaris-specific. */ /* * Events added for Apple Darwin that potentially collide with future Solaris * BSM events. These are assigned AUE_DARWIN prefixes, and are deprecated in * new trails. Systems generating these events should switch to the new * identifiers that avoid colliding with the Solaris identifier space. */ #define AUE_DARWIN_GETFSSTAT 301 #define AUE_DARWIN_PTRACE 302 #define AUE_DARWIN_CHFLAGS 303 #define AUE_DARWIN_FCHFLAGS 304 #define AUE_DARWIN_PROFILE 305 #define AUE_DARWIN_KTRACE 306 #define AUE_DARWIN_SETLOGIN 307 #define AUE_DARWIN_REBOOT 308 #define AUE_DARWIN_REVOKE 309 #define AUE_DARWIN_UMASK 310 #define AUE_DARWIN_MPROTECT 311 #define AUE_DARWIN_SETPRIORITY 312 #define AUE_DARWIN_SETTIMEOFDAY 313 #define AUE_DARWIN_FLOCK 314 #define AUE_DARWIN_MKFIFO 315 #define AUE_DARWIN_POLL 316 #define AUE_DARWIN_SOCKETPAIR 317 #define AUE_DARWIN_FUTIMES 318 #define AUE_DARWIN_SETSID 319 #define AUE_DARWIN_SETPRIVEXEC 320 /* Darwin-specific. */ #define AUE_DARWIN_NFSSVC 321 #define AUE_DARWIN_GETFH 322 #define AUE_DARWIN_QUOTACTL 323 #define AUE_DARWIN_ADDPROFILE 324 /* Darwin-specific. */ #define AUE_DARWIN_KDEBUGTRACE 325 /* Darwin-specific. */ #define AUE_DARWIN_KDBUGTRACE AUE_KDEBUGTRACE #define AUE_DARWIN_FSTAT 326 #define AUE_DARWIN_FPATHCONF 327 #define AUE_DARWIN_GETDIRENTRIES 328 #define AUE_DARWIN_TRUNCATE 329 #define AUE_DARWIN_FTRUNCATE 330 #define AUE_DARWIN_SYSCTL 331 #define AUE_DARWIN_MLOCK 332 #define AUE_DARWIN_MUNLOCK 333 #define AUE_DARWIN_UNDELETE 334 #define AUE_DARWIN_GETATTRLIST 335 /* Darwin-specific. */ #define AUE_DARWIN_SETATTRLIST 336 /* Darwin-specific. */ #define AUE_DARWIN_GETDIRENTRIESATTR 337 /* Darwin-specific. */ #define AUE_DARWIN_EXCHANGEDATA 338 /* Darwin-specific. */ #define AUE_DARWIN_SEARCHFS 339 /* Darwin-specific. */ #define AUE_DARWIN_MINHERIT 340 #define AUE_DARWIN_SEMCONFIG 341 #define AUE_DARWIN_SEMOPEN 342 #define AUE_DARWIN_SEMCLOSE 343 #define AUE_DARWIN_SEMUNLINK 344 #define AUE_DARWIN_SHMOPEN 345 #define AUE_DARWIN_SHMUNLINK 346 #define AUE_DARWIN_LOADSHFILE 347 /* Darwin-specific. */ #define AUE_DARWIN_RESETSHFILE 348 /* Darwin-specific. */ #define AUE_DARWIN_NEWSYSTEMSHREG 349 /* Darwin-specific. */ #define AUE_DARWIN_PTHREADKILL 350 /* Darwin-specific. */ #define AUE_DARWIN_PTHREADSIGMASK 351 /* Darwin-specific. */ #define AUE_DARWIN_AUDITCTL 352 #define AUE_DARWIN_RFORK 353 #define AUE_DARWIN_LCHMOD 354 #define AUE_DARWIN_SWAPOFF 355 #define AUE_DARWIN_INITPROCESS 356 /* Darwin-specific. */ #define AUE_DARWIN_MAPFD 357 /* Darwin-specific. */ #define AUE_DARWIN_TASKFORPID 358 /* Darwin-specific. */ #define AUE_DARWIN_PIDFORTASK 359 /* Darwin-specific. */ #define AUE_DARWIN_SYSCTL_NONADMIN 360 #define AUE_DARWIN_COPYFILE 361 /* Darwin-specific. */ /* * Audit event identifiers added as part of OpenBSM, generally corresponding * to events in FreeBSD, Darwin, and Linux that were not present in Solaris. * These often duplicate events added to the Solaris set by Darwin, but use * event identifiers in a higher range in order to avoid colliding with * future Solaris additions. * * If an event in this section is later added to Solaris, we prefer the * Solaris event identifier, and add _OPENBSM_ to the OpenBSM-specific * identifier so that old trails can still be processed, but new trails use * the Solaris identifier. */ #define AUE_GETFSSTAT 43001 #define AUE_PTRACE 43002 #define AUE_CHFLAGS 43003 #define AUE_FCHFLAGS 43004 #define AUE_PROFILE 43005 #define AUE_KTRACE 43006 #define AUE_SETLOGIN 43007 #define AUE_OPENBSM_REVOKE 43008 /* Solaris event now preferred. */ #define AUE_UMASK 43009 #define AUE_MPROTECT 43010 #define AUE_MKFIFO 43011 #define AUE_POLL 43012 #define AUE_FUTIMES 43013 #define AUE_SETSID 43014 #define AUE_SETPRIVEXEC 43015 /* Darwin-specific. */ #define AUE_ADDPROFILE 43016 /* Darwin-specific. */ #define AUE_KDEBUGTRACE 43017 /* Darwin-specific. */ #define AUE_KDBUGTRACE AUE_KDEBUGTRACE #define AUE_OPENBSM_FSTAT 43018 /* Solaris event now preferred. */ #define AUE_FPATHCONF 43019 #define AUE_GETDIRENTRIES 43020 #define AUE_SYSCTL 43021 #define AUE_MLOCK 43022 #define AUE_MUNLOCK 43023 #define AUE_UNDELETE 43024 #define AUE_GETATTRLIST 43025 /* Darwin-specific. */ #define AUE_SETATTRLIST 43026 /* Darwin-specific. */ #define AUE_GETDIRENTRIESATTR 43027 /* Darwin-specific. */ #define AUE_EXCHANGEDATA 43028 /* Darwin-specific. */ #define AUE_SEARCHFS 43029 /* Darwin-specific. */ #define AUE_MINHERIT 43030 #define AUE_SEMCONFIG 43031 #define AUE_SEMOPEN 43032 #define AUE_SEMCLOSE 43033 #define AUE_SEMUNLINK 43034 #define AUE_SHMOPEN 43035 #define AUE_SHMUNLINK 43036 #define AUE_LOADSHFILE 43037 /* Darwin-specific. */ #define AUE_RESETSHFILE 43038 /* Darwin-specific. */ #define AUE_NEWSYSTEMSHREG 43039 /* Darwin-specific. */ #define AUE_PTHREADKILL 43040 /* Darwin-specific. */ #define AUE_PTHREADSIGMASK 43041 /* Darwin-specific. */ #define AUE_AUDITCTL 43042 #define AUE_RFORK 43043 #define AUE_LCHMOD 43044 #define AUE_SWAPOFF 43045 #define AUE_INITPROCESS 43046 /* Darwin-specific. */ #define AUE_MAPFD 43047 /* Darwin-specific. */ #define AUE_TASKFORPID 43048 /* Darwin-specific. */ #define AUE_PIDFORTASK 43049 /* Darwin-specific. */ #define AUE_SYSCTL_NONADMIN 43050 #define AUE_COPYFILE 43051 /* Darwin-specific. */ /* * Events added to OpenBSM for FreeBSD and Linux; may also be used by Darwin * in the future. */ #define AUE_LUTIMES 43052 #define AUE_LCHFLAGS 43053 /* FreeBSD-specific. */ #define AUE_SENDFILE 43054 /* BSD/Linux-specific. */ #define AUE_USELIB 43055 /* Linux-specific. */ #define AUE_GETRESUID 43056 #define AUE_SETRESUID 43057 #define AUE_GETRESGID 43058 #define AUE_SETRESGID 43059 #define AUE_WAIT4 43060 /* FreeBSD-specific. */ #define AUE_LGETFH 43061 /* FreeBSD-specific. */ #define AUE_FHSTATFS 43062 /* FreeBSD-specific. */ #define AUE_FHOPEN 43063 /* FreeBSD-specific. */ #define AUE_FHSTAT 43064 /* FreeBSD-specific. */ #define AUE_JAIL 43065 /* FreeBSD-specific. */ #define AUE_EACCESS 43066 /* FreeBSD-specific. */ #define AUE_KQUEUE 43067 /* FreeBSD-specific. */ #define AUE_KEVENT 43068 /* FreeBSD-specific. */ #define AUE_FSYNC 43069 #define AUE_NMOUNT 43070 /* FreeBSD-specific. */ #define AUE_BDFLUSH 43071 /* Linux-specific. */ #define AUE_SETFSUID 43072 /* Linux-specific. */ #define AUE_SETFSGID 43073 /* Linux-specific. */ #define AUE_PERSONALITY 43074 /* Linux-specific. */ #define AUE_SCHED_GETSCHEDULER 43075 /* POSIX.1b. */ #define AUE_SCHED_SETSCHEDULER 43076 /* POSIX.1b. */ #define AUE_PRCTL 43077 /* Linux-specific. */ #define AUE_GETCWD 43078 /* FreeBSD/Linux-specific. */ #define AUE_CAPGET 43079 /* Linux-specific. */ #define AUE_CAPSET 43080 /* Linux-specific. */ #define AUE_PIVOT_ROOT 43081 /* Linux-specific. */ #define AUE_RTPRIO 43082 /* FreeBSD-specific. */ #define AUE_SCHED_GETPARAM 43083 /* POSIX.1b. */ #define AUE_SCHED_SETPARAM 43084 /* POSIX.1b. */ #define AUE_SCHED_GET_PRIORITY_MAX 43085 /* POSIX.1b. */ #define AUE_SCHED_GET_PRIORITY_MIN 43086 /* POSIX.1b. */ #define AUE_SCHED_RR_GET_INTERVAL 43087 /* POSIX.1b. */ #define AUE_ACL_GET_FILE 43088 /* FreeBSD. */ #define AUE_ACL_SET_FILE 43089 /* FreeBSD. */ #define AUE_ACL_GET_FD 43090 /* FreeBSD. */ #define AUE_ACL_SET_FD 43091 /* FreeBSD. */ #define AUE_ACL_DELETE_FILE 43092 /* FreeBSD. */ #define AUE_ACL_DELETE_FD 43093 /* FreeBSD. */ #define AUE_ACL_CHECK_FILE 43094 /* FreeBSD. */ #define AUE_ACL_CHECK_FD 43095 /* FreeBSD. */ #define AUE_ACL_GET_LINK 43096 /* FreeBSD. */ #define AUE_ACL_SET_LINK 43097 /* FreeBSD. */ #define AUE_ACL_DELETE_LINK 43098 /* FreeBSD. */ #define AUE_ACL_CHECK_LINK 43099 /* FreeBSD. */ #define AUE_SYSARCH 43100 /* FreeBSD. */ #define AUE_EXTATTRCTL 43101 /* FreeBSD. */ #define AUE_EXTATTR_GET_FILE 43102 /* FreeBSD. */ #define AUE_EXTATTR_SET_FILE 43103 /* FreeBSD. */ #define AUE_EXTATTR_LIST_FILE 43104 /* FreeBSD. */ #define AUE_EXTATTR_DELETE_FILE 43105 /* FreeBSD. */ #define AUE_EXTATTR_GET_FD 43106 /* FreeBSD. */ #define AUE_EXTATTR_SET_FD 43107 /* FreeBSD. */ #define AUE_EXTATTR_LIST_FD 43108 /* FreeBSD. */ #define AUE_EXTATTR_DELETE_FD 43109 /* FreeBSD. */ #define AUE_EXTATTR_GET_LINK 43110 /* FreeBSD. */ #define AUE_EXTATTR_SET_LINK 43111 /* FreeBSD. */ #define AUE_EXTATTR_LIST_LINK 43112 /* FreeBSD. */ #define AUE_EXTATTR_DELETE_LINK 43113 /* FreeBSD. */ #define AUE_KENV 43114 /* FreeBSD. */ #define AUE_JAIL_ATTACH 43115 /* FreeBSD. */ #define AUE_SYSCTL_WRITE 43116 /* FreeBSD. */ #define AUE_IOPERM 43117 /* Linux. */ #define AUE_READDIR 43118 /* Linux. */ #define AUE_IOPL 43119 /* Linux. */ #define AUE_VM86 43120 /* Linux. */ #define AUE_MAC_GET_PROC 43121 /* FreeBSD/Darwin. */ #define AUE_MAC_SET_PROC 43122 /* FreeBSD/Darwin. */ #define AUE_MAC_GET_FD 43123 /* FreeBSD/Darwin. */ #define AUE_MAC_GET_FILE 43124 /* FreeBSD/Darwin. */ #define AUE_MAC_SET_FD 43125 /* FreeBSD/Darwin. */ #define AUE_MAC_SET_FILE 43126 /* FreeBSD/Darwin. */ #define AUE_MAC_SYSCALL 43127 /* FreeBSD. */ #define AUE_MAC_GET_PID 43128 /* FreeBSD/Darwin. */ #define AUE_MAC_GET_LINK 43129 /* FreeBSD/Darwin. */ #define AUE_MAC_SET_LINK 43130 /* FreeBSD/Darwin. */ #define AUE_MAC_EXECVE 43131 /* FreeBSD/Darwin. */ #define AUE_GETPATH_FROMFD 43132 /* FreeBSD. */ #define AUE_GETPATH_FROMADDR 43133 /* FreeBSD. */ #define AUE_MQ_OPEN 43134 /* FreeBSD. */ #define AUE_MQ_SETATTR 43135 /* FreeBSD. */ #define AUE_MQ_TIMEDRECEIVE 43136 /* FreeBSD. */ #define AUE_MQ_TIMEDSEND 43137 /* FreeBSD. */ #define AUE_MQ_NOTIFY 43138 /* FreeBSD. */ #define AUE_MQ_UNLINK 43139 /* FreeBSD. */ #define AUE_LISTEN 43140 /* FreeBSD/Darwin/Linux. */ #define AUE_MLOCKALL 43141 /* FreeBSD. */ #define AUE_MUNLOCKALL 43142 /* FreeBSD. */ #define AUE_CLOSEFROM 43143 /* FreeBSD. */ #define AUE_FEXECVE 43144 /* FreeBSD. */ #define AUE_FACCESSAT 43145 /* FreeBSD. */ #define AUE_FCHMODAT 43146 /* FreeBSD. */ #define AUE_LINKAT 43147 /* FreeBSD. */ #define AUE_MKDIRAT 43148 /* FreeBSD. */ #define AUE_MKFIFOAT 43149 /* FreeBSD. */ #define AUE_MKNODAT 43150 /* FreeBSD. */ #define AUE_READLINKAT 43151 /* FreeBSD. */ #define AUE_SYMLINKAT 43152 /* FreeBSD. */ #define AUE_MAC_GETFSSTAT 43153 /* Darwin. */ #define AUE_MAC_GET_MOUNT 43154 /* Darwin. */ #define AUE_MAC_GET_LCID 43155 /* Darwin. */ #define AUE_MAC_GET_LCTX 43156 /* Darwin. */ #define AUE_MAC_SET_LCTX 43157 /* Darwin. */ #define AUE_MAC_MOUNT 43158 /* Darwin. */ #define AUE_GETLCID 43159 /* Darwin. */ #define AUE_SETLCID 43160 /* Darwin. */ #define AUE_TASKNAMEFORPID 43161 /* Darwin. */ #define AUE_ACCESS_EXTENDED 43162 /* Darwin. */ #define AUE_CHMOD_EXTENDED 43163 /* Darwin. */ #define AUE_FCHMOD_EXTENDED 43164 /* Darwin. */ #define AUE_FSTAT_EXTENDED 43165 /* Darwin. */ #define AUE_LSTAT_EXTENDED 43166 /* Darwin. */ #define AUE_MKDIR_EXTENDED 43167 /* Darwin. */ #define AUE_MKFIFO_EXTENDED 43168 /* Darwin. */ #define AUE_OPEN_EXTENDED 43169 /* Darwin. */ #define AUE_OPEN_EXTENDED_R 43170 /* Darwin. */ #define AUE_OPEN_EXTENDED_RC 43171 /* Darwin. */ #define AUE_OPEN_EXTENDED_RT 43172 /* Darwin. */ #define AUE_OPEN_EXTENDED_RTC 43173 /* Darwin. */ #define AUE_OPEN_EXTENDED_W 43174 /* Darwin. */ #define AUE_OPEN_EXTENDED_WC 43175 /* Darwin. */ #define AUE_OPEN_EXTENDED_WT 43176 /* Darwin. */ #define AUE_OPEN_EXTENDED_WTC 43177 /* Darwin. */ #define AUE_OPEN_EXTENDED_RW 43178 /* Darwin. */ #define AUE_OPEN_EXTENDED_RWC 43179 /* Darwin. */ #define AUE_OPEN_EXTENDED_RWT 43180 /* Darwin. */ #define AUE_OPEN_EXTENDED_RWTC 43181 /* Darwin. */ #define AUE_STAT_EXTENDED 43182 /* Darwin. */ #define AUE_UMASK_EXTENDED 43183 /* Darwin. */ #define AUE_OPENAT 43184 /* FreeBSD. */ #define AUE_POSIX_OPENPT 43185 /* FreeBSD. */ #define AUE_CAP_NEW 43186 /* TrustedBSD. */ #define AUE_CAP_RIGHTS_GET 43187 /* TrustedBSD. */ #define AUE_CAP_GETRIGHTS AUE_CAP_RIGHTS_GET #define AUE_CAP_ENTER 43188 /* TrustedBSD. */ #define AUE_CAP_GETMODE 43189 /* TrustedBSD. */ #define AUE_POSIX_SPAWN 43190 /* Darwin. */ #define AUE_FSGETPATH 43191 /* Darwin. */ #define AUE_PREAD 43192 /* Darwin/FreeBSD. */ #define AUE_PWRITE 43193 /* Darwin/FreeBSD. */ #define AUE_FSCTL 43194 /* Darwin. */ #define AUE_FFSCTL 43195 /* Darwin. */ #define AUE_LPATHCONF 43196 /* FreeBSD. */ #define AUE_PDFORK 43197 /* FreeBSD. */ #define AUE_PDKILL 43198 /* FreeBSD. */ #define AUE_PDGETPID 43199 /* FreeBSD. */ #define AUE_PDWAIT 43200 /* FreeBSD. */ #define AUE_WAIT6 43201 /* FreeBSD. */ #define AUE_CAP_RIGHTS_LIMIT 43202 /* TrustedBSD. */ #define AUE_CAP_IOCTLS_LIMIT 43203 /* TrustedBSD. */ #define AUE_CAP_IOCTLS_GET 43204 /* TrustedBSD. */ #define AUE_CAP_FCNTLS_LIMIT 43205 /* TrustedBSD. */ #define AUE_CAP_FCNTLS_GET 43206 /* TrustedBSD. */ #define AUE_BINDAT 43207 /* TrustedBSD. */ #define AUE_CONNECTAT 43208 /* TrustedBSD. */ #define AUE_CHFLAGSAT 43209 /* FreeBSD-specific. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the * normal Solaris BSM identifiers. _O_ refers to it being an old, or compat * interface. In most cases, Darwin has never implemented these system calls * but picked up the fields in their system call table from their FreeBSD * import. Happily, these have different names than the AUE_O* definitions * in Solaris BSM. */ #define AUE_O_CREAT AUE_OPEN_RWTC /* Darwin */ #define AUE_O_EXECVE AUE_NULL /* Darwin */ #define AUE_O_SBREAK AUE_NULL /* Darwin */ #define AUE_O_LSEEK AUE_NULL /* Darwin */ #define AUE_O_MOUNT AUE_NULL /* Darwin */ #define AUE_O_UMOUNT AUE_NULL /* Darwin */ #define AUE_O_STAT AUE_STAT /* Darwin */ #define AUE_O_LSTAT AUE_LSTAT /* Darwin */ #define AUE_O_FSTAT AUE_FSTAT /* Darwin */ #define AUE_O_GETPAGESIZE AUE_NULL /* Darwin */ #define AUE_O_VREAD AUE_NULL /* Darwin */ #define AUE_O_VWRITE AUE_NULL /* Darwin */ #define AUE_O_MMAP AUE_MMAP /* Darwin */ #define AUE_O_VADVISE AUE_NULL /* Darwin */ #define AUE_O_VHANGUP AUE_NULL /* Darwin */ #define AUE_O_VLIMIT AUE_NULL /* Darwin */ #define AUE_O_WAIT AUE_NULL /* Darwin */ #define AUE_O_GETHOSTNAME AUE_NULL /* Darwin */ #define AUE_O_SETHOSTNAME AUE_SYSCTL /* Darwin */ #define AUE_O_GETDOPT AUE_NULL /* Darwin */ #define AUE_O_SETDOPT AUE_NULL /* Darwin */ #define AUE_O_ACCEPT AUE_NULL /* Darwin */ #define AUE_O_SEND AUE_SENDMSG /* Darwin */ #define AUE_O_RECV AUE_RECVMSG /* Darwin */ #define AUE_O_VTIMES AUE_NULL /* Darwin */ #define AUE_O_SIGVEC AUE_NULL /* Darwin */ #define AUE_O_SIGBLOCK AUE_NULL /* Darwin */ #define AUE_O_SIGSETMASK AUE_NULL /* Darwin */ #define AUE_O_SIGSTACK AUE_NULL /* Darwin */ #define AUE_O_RECVMSG AUE_RECVMSG /* Darwin */ #define AUE_O_SENDMSG AUE_SENDMSG /* Darwin */ #define AUE_O_VTRACE AUE_NULL /* Darwin */ #define AUE_O_RESUBA AUE_NULL /* Darwin */ #define AUE_O_RECVFROM AUE_RECVFROM /* Darwin */ #define AUE_O_SETREUID AUE_SETREUID /* Darwin */ #define AUE_O_SETREGID AUE_SETREGID /* Darwin */ #define AUE_O_GETDIRENTRIES AUE_GETDIRENTRIES /* Darwin */ #define AUE_O_TRUNCATE AUE_TRUNCATE /* Darwin */ #define AUE_O_FTRUNCATE AUE_FTRUNCATE /* Darwin */ #define AUE_O_GETPEERNAME AUE_NULL /* Darwin */ #define AUE_O_GETHOSTID AUE_NULL /* Darwin */ #define AUE_O_SETHOSTID AUE_NULL /* Darwin */ #define AUE_O_GETRLIMIT AUE_NULL /* Darwin */ #define AUE_O_SETRLIMIT AUE_SETRLIMIT /* Darwin */ #define AUE_O_KILLPG AUE_KILL /* Darwin */ #define AUE_O_SETQUOTA AUE_NULL /* Darwin */ #define AUE_O_QUOTA AUE_NULL /* Darwin */ #define AUE_O_GETSOCKNAME AUE_NULL /* Darwin */ #define AUE_O_GETDIREENTRIES AUE_GETDIREENTRIES /* Darwin */ #define AUE_O_ASYNCDAEMON AUE_NULL /* Darwin */ #define AUE_O_GETDOMAINNAME AUE_NULL /* Darwin */ #define AUE_O_SETDOMAINNAME AUE_SYSCTL /* Darwin */ #define AUE_O_PCFS_MOUNT AUE_NULL /* Darwin */ #define AUE_O_EXPORTFS AUE_NULL /* Darwin */ #define AUE_O_USTATE AUE_NULL /* Darwin */ #define AUE_O_WAIT3 AUE_NULL /* Darwin */ #define AUE_O_RPAUSE AUE_NULL /* Darwin */ #define AUE_O_GETDENTS AUE_NULL /* Darwin */ /* * Possible desired future values based on review of BSD/Darwin system calls. */ #define AUE_ATGETMSG AUE_NULL #define AUE_ATPUTMSG AUE_NULL #define AUE_ATSOCKET AUE_NULL #define AUE_ATPGETREQ AUE_NULL #define AUE_ATPGETRSP AUE_NULL #define AUE_ATPSNDREQ AUE_NULL #define AUE_ATPSNDRSP AUE_NULL #define AUE_BSDTHREADCREATE AUE_NULL #define AUE_BSDTHREADTERMINATE AUE_NULL #define AUE_BSDTHREADREGISTER AUE_NULL #define AUE_CHUD AUE_NULL #define AUE_CSOPS AUE_NULL #define AUE_DUP AUE_NULL #define AUE_FDATASYNC AUE_NULL #define AUE_FGETATTRLIST AUE_NULL #define AUE_FGETXATTR AUE_NULL #define AUE_FLISTXATTR AUE_NULL #define AUE_FREMOVEXATTR AUE_NULL #define AUE_FSETATTRLIST AUE_NULL #define AUE_FSETXATTR AUE_NULL #define AUE_FSTATFS64 AUE_NULL #define AUE_FSTATV AUE_NULL #define AUE_FSTAT64 AUE_NULL #define AUE_FSTAT64_EXTENDED AUE_NULL #define AUE_GCCONTROL AUE_NULL #define AUE_GETDIRENTRIES64 AUE_NULL #define AUE_GETDTABLESIZE AUE_NULL #define AUE_GETEGID AUE_NULL #define AUE_GETEUID AUE_NULL #define AUE_GETFSSTAT64 AUE_NULL #define AUE_GETGID AUE_NULL #define AUE_GETGROUPS AUE_NULL #define AUE_GETITIMER AUE_NULL #define AUE_GETLOGIN AUE_NULL #define AUE_GETPEERNAME AUE_NULL #define AUE_GETPGID AUE_NULL #define AUE_GETPGRP AUE_NULL #define AUE_GETPID AUE_NULL #define AUE_GETPPID AUE_NULL #define AUE_GETPRIORITY AUE_NULL #define AUE_GETRLIMIT AUE_NULL #define AUE_GETRUSAGE AUE_NULL #define AUE_GETSGROUPS AUE_NULL #define AUE_GETSID AUE_NULL #define AUE_GETSOCKNAME AUE_NULL #define AUE_GETTIMEOFDAY AUE_NULL #define AUE_GETTID AUE_NULL #define AUE_GETUID AUE_NULL #define AUE_GETSOCKOPT AUE_NULL #define AUE_GETWGROUPS AUE_NULL #define AUE_GETXATTR AUE_NULL #define AUE_IDENTITYSVC AUE_NULL #define AUE_INITGROUPS AUE_NULL #define AUE_IOPOLICYSYS AUE_NULL #define AUE_ISSETUGID AUE_NULL #define AUE_LIOLISTIO AUE_NULL #define AUE_LISTXATTR AUE_NULL #define AUE_LSTATV AUE_NULL #define AUE_LSTAT64 AUE_NULL #define AUE_LSTAT64_EXTENDED AUE_NULL #define AUE_MADVISE AUE_NULL #define AUE_MINCORE AUE_NULL #define AUE_MKCOMPLEX AUE_NULL #define AUE_MODWATCH AUE_NULL #define AUE_MSGCL AUE_NULL #define AUE_MSYNC AUE_NULL #define AUE_PREADV AUE_NULL #define AUE_PROCINFO AUE_NULL #define AUE_PTHREADCANCELED AUE_NULL #define AUE_PTHREADCHDIR AUE_NULL #define AUE_PTHREADCONDBROADCAST AUE_NULL #define AUE_PTHREADCONDDESTORY AUE_NULL #define AUE_PTHREADCONDINIT AUE_NULL #define AUE_PTHREADCONDSIGNAL AUE_NULL #define AUE_PTHREADCONDWAIT AUE_NULL #define AUE_PTHREADFCHDIR AUE_NULL #define AUE_PTHREADMARK AUE_NULL #define AUE_PTHREADMUTEXDESTROY AUE_NULL #define AUE_PTHREADMUTEXINIT AUE_NULL #define AUE_PTHREADMUTEXTRYLOCK AUE_NULL #define AUE_PTHREADMUTEXUNLOCK AUE_NULL #define AUE_PWRITEV AUE_NULL #define AUE_REMOVEXATTR AUE_NULL #define AUE_SBRK AUE_NULL #define AUE_SELECT AUE_NULL #define AUE_SEMDESTROY AUE_NULL #define AUE_SEMGETVALUE AUE_NULL #define AUE_SEMINIT AUE_NULL #define AUE_SEMPOST AUE_NULL #define AUE_SEMTRYWAIT AUE_NULL #define AUE_SEMWAIT AUE_NULL #define AUE_SEMWAITSIGNAL AUE_NULL #define AUE_SETITIMER AUE_NULL #define AUE_SETSGROUPS AUE_NULL #define AUE_SETTID AUE_NULL #define AUE_SETTIDWITHPID AUE_NULL #define AUE_SETWGROUPS AUE_NULL #define AUE_SETXATTR AUE_NULL #define AUE_SHAREDREGIONCHECK AUE_NULL #define AUE_SHAREDREGIONMAP AUE_NULL #define AUE_SIGACTION AUE_NULL #define AUE_SIGALTSTACK AUE_NULL #define AUE_SIGPENDING AUE_NULL #define AUE_SIGPROCMASK AUE_NULL #define AUE_SIGRETURN AUE_NULL #define AUE_SIGSUSPEND AUE_NULL #define AUE_SIGWAIT AUE_NULL #define AUE_SSTK AUE_NULL #define AUE_STACKSNAPSHOT AUE_NULL #define AUE_STATFS64 AUE_NULL #define AUE_STATV AUE_NULL #define AUE_STAT64 AUE_NULL #define AUE_STAT64_EXTENDED AUE_NULL #define AUE_SYNC AUE_NULL #define AUE_SYSCALL AUE_NULL #define AUE_TABLE AUE_NULL #define AUE_VMPRESSUREMONITOR AUE_NULL #define AUE_WAITEVENT AUE_NULL #define AUE_WAITID AUE_NULL #define AUE_WATCHEVENT AUE_NULL #define AUE_WORKQOPEN AUE_NULL #define AUE_WORKQOPS AUE_NULL #endif /* !_BSM_AUDIT_KEVENTS_H_ */ Index: stable/10/sys/bsm/audit_record.h =================================================================== --- stable/10/sys/bsm/audit_record.h (revision 293162) +++ stable/10/sys/bsm/audit_record.h (revision 293163) @@ -1,305 +1,304 @@ /*- * Copyright (c) 2005-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#10 * $FreeBSD$ */ #ifndef _BSM_AUDIT_RECORD_H_ #define _BSM_AUDIT_RECORD_H_ #include /* struct timeval */ #include /* cap_rights_t */ /* * Token type identifiers. */ #define AUT_INVALID 0x00 #define AUT_OTHER_FILE32 0x11 #define AUT_OHEADER 0x12 #define AUT_TRAILER 0x13 #define AUT_HEADER32 0x14 #define AUT_HEADER32_EX 0x15 #define AUT_DATA 0x21 #define AUT_IPC 0x22 #define AUT_PATH 0x23 #define AUT_SUBJECT32 0x24 #define AUT_XATPATH 0x25 #define AUT_PROCESS32 0x26 #define AUT_RETURN32 0x27 #define AUT_TEXT 0x28 #define AUT_OPAQUE 0x29 #define AUT_IN_ADDR 0x2a #define AUT_IP 0x2b #define AUT_IPORT 0x2c #define AUT_ARG32 0x2d #define AUT_SOCKET 0x2e #define AUT_SEQ 0x2f #define AUT_ACL 0x30 #define AUT_ATTR 0x31 #define AUT_IPC_PERM 0x32 #define AUT_LABEL 0x33 #define AUT_GROUPS 0x34 #define AUT_ACE 0x35 #define AUT_PRIV 0x38 #define AUT_UPRIV 0x39 #define AUT_LIAISON 0x3a #define AUT_NEWGROUPS 0x3b #define AUT_EXEC_ARGS 0x3c #define AUT_EXEC_ENV 0x3d #define AUT_ATTR32 0x3e #define AUT_UNAUTH 0x3f #define AUT_XATOM 0x40 #define AUT_XOBJ 0x41 #define AUT_XPROTO 0x42 #define AUT_XSELECT 0x43 #define AUT_XCOLORMAP 0x44 #define AUT_XCURSOR 0x45 #define AUT_XFONT 0x46 #define AUT_XGC 0x47 #define AUT_XPIXMAP 0x48 #define AUT_XPROPERTY 0x49 #define AUT_XWINDOW 0x4a #define AUT_XCLIENT 0x4b #define AUT_CMD 0x51 #define AUT_EXIT 0x52 #define AUT_ZONENAME 0x60 #define AUT_HOST 0x70 #define AUT_ARG64 0x71 #define AUT_RETURN64 0x72 #define AUT_ATTR64 0x73 #define AUT_HEADER64 0x74 #define AUT_SUBJECT64 0x75 #define AUT_PROCESS64 0x77 #define AUT_OTHER_FILE64 0x78 #define AUT_HEADER64_EX 0x79 #define AUT_SUBJECT32_EX 0x7a #define AUT_PROCESS32_EX 0x7b #define AUT_SUBJECT64_EX 0x7c #define AUT_PROCESS64_EX 0x7d #define AUT_IN_ADDR_EX 0x7e #define AUT_SOCKET_EX 0x7f /* * Pre-64-bit BSM, 32-bit tokens weren't explicitly named as '32'. We have * compatibility defines. */ #define AUT_HEADER AUT_HEADER32 #define AUT_ARG AUT_ARG32 #define AUT_RETURN AUT_RETURN32 #define AUT_SUBJECT AUT_SUBJECT32 #define AUT_PROCESS AUT_PROCESS32 #define AUT_OTHER_FILE AUT_OTHER_FILE32 /* * The values for the following token ids are not defined by BSM. * * XXXRW: Not sure how to handle these in OpenBSM yet, but I'll give them * names more consistent with Sun's BSM. These originally came from Apple's * BSM. */ #define AUT_SOCKINET32 0x80 /* XXX */ #define AUT_SOCKINET128 0x81 /* XXX */ #define AUT_SOCKUNIX 0x82 /* XXX */ #define AUT_RIGHTS 0x83 /* print values for the arbitrary token */ #define AUP_BINARY 0 #define AUP_OCTAL 1 #define AUP_DECIMAL 2 #define AUP_HEX 3 #define AUP_STRING 4 /* data-types for the arbitrary token */ #define AUR_BYTE 0 #define AUR_CHAR AUR_BYTE #define AUR_SHORT 1 #define AUR_INT32 2 #define AUR_INT AUR_INT32 #define AUR_INT64 3 /* ... and their sizes */ #define AUR_BYTE_SIZE sizeof(u_char) #define AUR_CHAR_SIZE AUR_BYTE_SIZE #define AUR_SHORT_SIZE sizeof(uint16_t) #define AUR_INT32_SIZE sizeof(uint32_t) #define AUR_INT_SIZE AUR_INT32_SIZE #define AUR_INT64_SIZE sizeof(uint64_t) /* Modifiers for the header token */ #define PAD_NOTATTR 0x4000 /* nonattributable event */ #define PAD_FAILURE 0x8000 /* fail audit event */ #define AUDIT_MAX_GROUPS 16 /* * A number of BSM versions are floating around and defined. Here are * constants for them. OpenBSM uses the same token types, etc, used in the * Solaris BSM version, but has a separate version number in order to * identify a potentially different event identifier name space. */ #define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */ #define AUDIT_HEADER_VERSION_SOLARIS 2 #define AUDIT_HEADER_VERSION_TSOL25 3 #define AUDIT_HEADER_VERSION_TSOL 4 #define AUDIT_HEADER_VERSION_OPENBSM10 10 #define AUDIT_HEADER_VERSION_OPENBSM11 11 #define AUDIT_HEADER_VERSION_OPENBSM AUDIT_HEADER_VERSION_OPENBSM11 #define AUT_TRAILER_MAGIC 0xb105 /* BSM library calls */ __BEGIN_DECLS struct in_addr; struct in6_addr; struct ip; struct ipc_perm; struct kevent; struct sockaddr; struct sockaddr_in; struct sockaddr_in6; struct sockaddr_un; #if defined(_KERNEL) || defined(KERNEL) struct vnode_au_info; #endif int au_open(void); int au_write(int d, token_t *m); int au_close(int d, int keep, short event); int au_close_buffer(int d, short event, u_char *buffer, size_t *buflen); int au_close_token(token_t *tok, u_char *buffer, size_t *buflen); token_t *au_to_file(const char *file, struct timeval tm); token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm); token_t *au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm, struct auditinfo_addr *aia); token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm); #if !defined(KERNEL) && !defined(_KERNEL) token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); token_t *au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod); #endif token_t *au_to_me(void); token_t *au_to_arg(char n, const char *text, uint32_t v); token_t *au_to_arg32(char n, const char *text, uint32_t v); token_t *au_to_arg64(char n, const char *text, uint64_t v); #if defined(_KERNEL) || defined(KERNEL) token_t *au_to_attr(struct vnode_au_info *vni); token_t *au_to_attr32(struct vnode_au_info *vni); token_t *au_to_attr64(struct vnode_au_info *vni); #endif token_t *au_to_data(char unit_print, char unit_type, char unit_count, const char *p); token_t *au_to_exit(int retval, int err); token_t *au_to_groups(int *groups); token_t *au_to_newgroups(uint16_t n, gid_t *groups); token_t *au_to_in_addr(struct in_addr *internet_addr); token_t *au_to_in_addr_ex(struct in6_addr *internet_addr); token_t *au_to_ip(struct ip *ip); token_t *au_to_ipc(char type, int id); token_t *au_to_ipc_perm(struct ipc_perm *perm); token_t *au_to_iport(uint16_t iport); token_t *au_to_opaque(const char *data, uint16_t bytes); token_t *au_to_path(const char *path); token_t *au_to_privset(char *privtypestr, char *privstr); token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_rights(cap_rights_t *rightsp); token_t *au_to_return(char status, uint32_t ret); token_t *au_to_return32(char status, uint32_t ret); token_t *au_to_return64(char status, uint64_t ret); token_t *au_to_seq(long audit_count); token_t *au_to_socket_ex(u_short so_domain, u_short so_type, struct sockaddr *sa_local, struct sockaddr *sa_remote); token_t *au_to_sock_inet(struct sockaddr_in *so); token_t *au_to_sock_inet32(struct sockaddr_in *so); token_t *au_to_sock_inet128(struct sockaddr_in6 *so); token_t *au_to_sock_unix(struct sockaddr_un *so); token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); #if defined(_KERNEL) || defined(KERNEL) token_t *au_to_exec_args(char *args, int argc); token_t *au_to_exec_env(char *envs, int envc); #else token_t *au_to_exec_args(char **argv); token_t *au_to_exec_env(char **envp); #endif token_t *au_to_text(const char *text); token_t *au_to_kevent(struct kevent *kev); token_t *au_to_trailer(int rec_size); token_t *au_to_upriv(char sorf, char *priv); token_t *au_to_zonename(const char *zonename); /* * BSM library routines for converting between local and BSM constant spaces. */ int au_bsm_to_domain(u_short bsm_domain, int *local_domainp); int au_bsm_to_errno(u_char bsm_error, int *errorp); int au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp); int au_bsm_to_socket_type(u_short bsm_socket_type, int *local_socket_typep); u_short au_domain_to_bsm(int local_domain); u_char au_errno_to_bsm(int local_errno); u_short au_fcntl_cmd_to_bsm(int local_fcntl_command); u_short au_socket_type_to_bsm(int local_socket_type); __END_DECLS #endif /* ! _BSM_AUDIT_RECORD_H_ */ Index: stable/10/sys/bsm/audit_socket_type.h =================================================================== --- stable/10/sys/bsm/audit_socket_type.h (revision 293162) +++ stable/10/sys/bsm/audit_socket_type.h (revision 293163) @@ -1,47 +1,46 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_socket_type.h#1 * $FreeBSD$ */ #ifndef _BSM_AUDIT_SOCKET_TYPE_H_ #define _BSM_AUDIT_SOCKET_TYPE_H_ /* * BSM socket type constants. */ #define BSM_SOCK_DGRAM 1 #define BSM_SOCK_STREAM 2 #define BSM_SOCK_RAW 4 #define BSM_SOCK_RDM 5 #define BSM_SOCK_SEQPACKET 6 #define BSM_SOCK_UNKNOWN 500 #endif /* !_BSM_AUDIT_SOCKET_TYPE_H_ */ Index: stable/10/sys/security/audit/bsm_domain.c =================================================================== --- stable/10/sys/security/audit/bsm_domain.c (revision 293162) +++ stable/10/sys/security/audit/bsm_domain.c (revision 293163) @@ -1,495 +1,493 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#3 */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include struct bsm_domain { u_short bd_bsm_domain; int bd_local_domain; }; #define PF_NO_LOCAL_MAPPING -600 static const struct bsm_domain bsm_domains[] = { { BSM_PF_UNSPEC, PF_UNSPEC }, { BSM_PF_LOCAL, PF_LOCAL }, { BSM_PF_INET, PF_INET }, { BSM_PF_IMPLINK, #ifdef PF_IMPLINK PF_IMPLINK #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_PUP, #ifdef PF_PUP PF_PUP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_CHAOS, #ifdef PF_CHAOS PF_CHAOS #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NS, #ifdef PF_NS PF_NS #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NBS, #ifdef PF_NBS PF_NBS #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ECMA, #ifdef PF_ECMA PF_ECMA #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_DATAKIT, #ifdef PF_DATAKIT PF_DATAKIT #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_CCITT, #ifdef PF_CCITT PF_CCITT #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_SNA, PF_SNA }, { BSM_PF_DECnet, PF_DECnet }, { BSM_PF_DLI, #ifdef PF_DLI PF_DLI #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_LAT, #ifdef PF_LAT PF_LAT #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_HYLINK, #ifdef PF_HYLINK PF_HYLINK #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_APPLETALK, PF_APPLETALK }, { BSM_PF_NIT, #ifdef PF_NIT PF_NIT #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_802, #ifdef PF_802 PF_802 #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_OSI, #ifdef PF_OSI PF_OSI #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_X25, #ifdef PF_X25 PF_X25 #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_OSINET, #ifdef PF_OSINET PF_OSINET #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_GOSIP, #ifdef PF_GOSIP PF_GOSIP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_IPX, PF_IPX }, { BSM_PF_ROUTE, PF_ROUTE }, { BSM_PF_LINK, #ifdef PF_LINK PF_LINK #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_INET6, PF_INET6 }, { BSM_PF_KEY, PF_KEY }, { BSM_PF_NCA, #ifdef PF_NCA PF_NCA #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_POLICY, #ifdef PF_POLICY PF_POLICY #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_INET_OFFLOAD, #ifdef PF_INET_OFFLOAD PF_INET_OFFLOAD #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NETBIOS, #ifdef PF_NETBIOS PF_NETBIOS #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ISO, #ifdef PF_ISO PF_ISO #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_XTP, #ifdef PF_XTP PF_XTP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_COIP, #ifdef PF_COIP PF_COIP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_CNT, #ifdef PF_CNT PF_CNT #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_RTIP, #ifdef PF_RTIP PF_RTIP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_SIP, #ifdef PF_SIP PF_SIP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_PIP, #ifdef PF_PIP PF_PIP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ISDN, #ifdef PF_ISDN PF_ISDN #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_E164, #ifdef PF_E164 PF_E164 #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NATM, #ifdef PF_NATM PF_NATM #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ATM, #ifdef PF_ATM PF_ATM #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NETGRAPH, #ifdef PF_NETGRAPH PF_NETGRAPH #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_SLOW, #ifdef PF_SLOW PF_SLOW #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_SCLUSTER, #ifdef PF_SCLUSTER PF_SCLUSTER #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ARP, #ifdef PF_ARP PF_ARP #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_BLUETOOTH, #ifdef PF_BLUETOOTH PF_BLUETOOTH #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_AX25, #ifdef PF_AX25 PF_AX25 #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ROSE, #ifdef PF_ROSE PF_ROSE #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_NETBEUI, #ifdef PF_NETBEUI PF_NETBEUI #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_SECURITY, #ifdef PF_SECURITY PF_SECURITY #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_PACKET, #ifdef PF_PACKET PF_PACKET #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ASH, #ifdef PF_ASH PF_ASH #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ECONET, #ifdef PF_ECONET PF_ECONET #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_ATMSVC, #ifdef PF_ATMSVC PF_ATMSVC #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_IRDA, #ifdef PF_IRDA PF_IRDA #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_PPPOX, #ifdef PF_PPPOX PF_PPPOX #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_WANPIPE, #ifdef PF_WANPIPE PF_WANPIPE #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_LLC, #ifdef PF_LLC PF_LLC #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_CAN, #ifdef PF_CAN PF_CAN #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_TIPC, #ifdef PF_TIPC PF_TIPC #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_IUCV, #ifdef PF_IUCV PF_IUCV #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_RXRPC, #ifdef PF_RXRPC PF_RXRPC #else PF_NO_LOCAL_MAPPING #endif }, { BSM_PF_PHONET, #ifdef PF_PHONET PF_PHONET #else PF_NO_LOCAL_MAPPING #endif }, }; static const int bsm_domains_count = sizeof(bsm_domains) / sizeof(bsm_domains[0]); static const struct bsm_domain * bsm_lookup_local_domain(int local_domain) { int i; for (i = 0; i < bsm_domains_count; i++) { if (bsm_domains[i].bd_local_domain == local_domain) return (&bsm_domains[i]); } return (NULL); } u_short au_domain_to_bsm(int local_domain) { const struct bsm_domain *bstp; bstp = bsm_lookup_local_domain(local_domain); if (bstp == NULL) return (BSM_PF_UNKNOWN); return (bstp->bd_bsm_domain); } static const struct bsm_domain * bsm_lookup_bsm_domain(u_short bsm_domain) { int i; for (i = 0; i < bsm_domains_count; i++) { if (bsm_domains[i].bd_bsm_domain == bsm_domain) return (&bsm_domains[i]); } return (NULL); } int au_bsm_to_domain(u_short bsm_domain, int *local_domainp) { const struct bsm_domain *bstp; bstp = bsm_lookup_bsm_domain(bsm_domain); if (bstp == NULL || bstp->bd_local_domain) return (-1); *local_domainp = bstp->bd_local_domain; return (0); } Index: stable/10/sys/security/audit/bsm_errno.c =================================================================== --- stable/10/sys/security/audit/bsm_errno.c (revision 293162) +++ stable/10/sys/security/audit/bsm_errno.c (revision 293163) @@ -1,775 +1,773 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#22 */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include /* * Different operating systems use different numeric constants for different * error numbers, and sometimes error numbers don't exist in more than one * operating system. These routines convert between BSM and local error * number spaces, subject to the above realities. BSM error numbers are * stored in a single 8-bit character, so don't have a byte order. * * Don't include string definitions when this code is compiled into a kernel. */ struct bsm_errno { int be_bsm_errno; int be_local_errno; #if !defined(KERNEL) && !defined(_KERNEL) const char *be_strerror; #endif }; #define ERRNO_NO_LOCAL_MAPPING -600 #if !defined(KERNEL) && !defined(_KERNEL) #define ES(x) x #else #define ES(x) #endif /* * Mapping table -- please maintain in numeric sorted order with respect to * the BSM constant. Today we do a linear lookup, but could switch to a * binary search if it makes sense. We only ifdef errors that aren't * generally available, but it does make the table a lot more ugly. * * XXXRW: It would be nice to have a similar ordered table mapping to BSM * constant from local constant, but the order of local constants varies by * OS. Really we need to build that table at compile-time but don't do that * yet. * * XXXRW: We currently embed English-language error strings here, but should * support catalogues; these are only used if the OS doesn't have an error * string using strerror(3). */ static const struct bsm_errno bsm_errnos[] = { { BSM_ERRNO_ESUCCESS, 0, ES("Success") }, { BSM_ERRNO_EPERM, EPERM, ES("Operation not permitted") }, { BSM_ERRNO_ENOENT, ENOENT, ES("No such file or directory") }, { BSM_ERRNO_ESRCH, ESRCH, ES("No such process") }, { BSM_ERRNO_EINTR, EINTR, ES("Interrupted system call") }, { BSM_ERRNO_EIO, EIO, ES("Input/output error") }, { BSM_ERRNO_ENXIO, ENXIO, ES("Device not configured") }, { BSM_ERRNO_E2BIG, E2BIG, ES("Argument list too long") }, { BSM_ERRNO_ENOEXEC, ENOEXEC, ES("Exec format error") }, { BSM_ERRNO_EBADF, EBADF, ES("Bad file descriptor") }, { BSM_ERRNO_ECHILD, ECHILD, ES("No child processes") }, { BSM_ERRNO_EAGAIN, EAGAIN, ES("Resource temporarily unavailable") }, { BSM_ERRNO_ENOMEM, ENOMEM, ES("Cannot allocate memory") }, { BSM_ERRNO_EACCES, EACCES, ES("Permission denied") }, { BSM_ERRNO_EFAULT, EFAULT, ES("Bad address") }, { BSM_ERRNO_ENOTBLK, ENOTBLK, ES("Block device required") }, { BSM_ERRNO_EBUSY, EBUSY, ES("Device busy") }, { BSM_ERRNO_EEXIST, EEXIST, ES("File exists") }, { BSM_ERRNO_EXDEV, EXDEV, ES("Cross-device link") }, { BSM_ERRNO_ENODEV, ENODEV, ES("Operation not supported by device") }, { BSM_ERRNO_ENOTDIR, ENOTDIR, ES("Not a directory") }, { BSM_ERRNO_EISDIR, EISDIR, ES("Is a directory") }, { BSM_ERRNO_EINVAL, EINVAL, ES("Invalid argument") }, { BSM_ERRNO_ENFILE, ENFILE, ES("Too many open files in system") }, { BSM_ERRNO_EMFILE, EMFILE, ES("Too many open files") }, { BSM_ERRNO_ENOTTY, ENOTTY, ES("Inappropriate ioctl for device") }, { BSM_ERRNO_ETXTBSY, ETXTBSY, ES("Text file busy") }, { BSM_ERRNO_EFBIG, EFBIG, ES("File too large") }, { BSM_ERRNO_ENOSPC, ENOSPC, ES("No space left on device") }, { BSM_ERRNO_ESPIPE, ESPIPE, ES("Illegal seek") }, { BSM_ERRNO_EROFS, EROFS, ES("Read-only file system") }, { BSM_ERRNO_EMLINK, EMLINK, ES("Too many links") }, { BSM_ERRNO_EPIPE, EPIPE, ES("Broken pipe") }, { BSM_ERRNO_EDOM, EDOM, ES("Numerical argument out of domain") }, { BSM_ERRNO_ERANGE, ERANGE, ES("Result too large") }, { BSM_ERRNO_ENOMSG, ENOMSG, ES("No message of desired type") }, { BSM_ERRNO_EIDRM, EIDRM, ES("Identifier removed") }, { BSM_ERRNO_ECHRNG, #ifdef ECHRNG ECHRNG, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Channel number out of range") }, { BSM_ERRNO_EL2NSYNC, #ifdef EL2NSYNC EL2NSYNC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Level 2 not synchronized") }, { BSM_ERRNO_EL3HLT, #ifdef EL3HLT EL3HLT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Level 3 halted") }, { BSM_ERRNO_EL3RST, #ifdef EL3RST EL3RST, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Level 3 reset") }, { BSM_ERRNO_ELNRNG, #ifdef ELNRNG ELNRNG, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Link number out of range") }, { BSM_ERRNO_EUNATCH, #ifdef EUNATCH EUNATCH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Protocol driver not attached") }, { BSM_ERRNO_ENOCSI, #ifdef ENOCSI ENOCSI, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("No CSI structure available") }, { BSM_ERRNO_EL2HLT, #ifdef EL2HLT EL2HLT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Level 2 halted") }, { BSM_ERRNO_EDEADLK, EDEADLK, ES("Resource deadlock avoided") }, { BSM_ERRNO_ENOLCK, ENOLCK, ES("No locks available") }, { BSM_ERRNO_ECANCELED, ECANCELED, ES("Operation canceled") }, { BSM_ERRNO_ENOTSUP, ENOTSUP, ES("Operation not supported") }, { BSM_ERRNO_EDQUOT, EDQUOT, ES("Disc quota exceeded") }, { BSM_ERRNO_EBADE, #ifdef EBADE EBADE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Invalid exchange") }, { BSM_ERRNO_EBADR, #ifdef EBADR EBADR, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Invalid request descriptor") }, { BSM_ERRNO_EXFULL, #ifdef EXFULL EXFULL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Exchange full") }, { BSM_ERRNO_ENOANO, #ifdef ENOANO ENOANO, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("No anode") }, { BSM_ERRNO_EBADRQC, #ifdef EBADRQC EBADRQC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Invalid request descriptor") }, { BSM_ERRNO_EBADSLT, #ifdef EBADSLT EBADSLT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Invalid slot") }, { BSM_ERRNO_EDEADLOCK, #ifdef EDEADLOCK EDEADLOCK, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Resource deadlock avoided") }, { BSM_ERRNO_EBFONT, #ifdef EBFONT EBFONT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad font file format") }, { BSM_ERRNO_EOWNERDEAD, #ifdef EOWNERDEAD EOWNERDEAD, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Process died with the lock") }, { BSM_ERRNO_ENOTRECOVERABLE, #ifdef ENOTRECOVERABLE ENOTRECOVERABLE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Lock is not recoverable") }, { BSM_ERRNO_ENOSTR, #ifdef ENOSTR ENOSTR, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Device not a stream") }, { BSM_ERRNO_ENONET, #ifdef ENONET ENONET, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Machine is not on the network") }, { BSM_ERRNO_ENOPKG, #ifdef ENOPKG ENOPKG, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Package not installed") }, { BSM_ERRNO_EREMOTE, EREMOTE, ES("Too many levels of remote in path") }, { BSM_ERRNO_ENOLINK, #ifdef ENOLINK ENOLINK, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Link has been severed") }, { BSM_ERRNO_EADV, #ifdef EADV EADV, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Advertise error") }, { BSM_ERRNO_ESRMNT, #ifdef ESRMNT ESRMNT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("srmount error") }, { BSM_ERRNO_ECOMM, #ifdef ECOMM ECOMM, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Communication error on send") }, { BSM_ERRNO_EPROTO, #ifdef EPROTO EPROTO, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Protocol error") }, { BSM_ERRNO_ELOCKUNMAPPED, #ifdef ELOCKUNMAPPED ELOCKUNMAPPED, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Locked lock was unmapped") }, { BSM_ERRNO_ENOTACTIVE, #ifdef ENOTACTIVE ENOTACTIVE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Facility is not active") }, { BSM_ERRNO_EMULTIHOP, #ifdef EMULTIHOP EMULTIHOP, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Multihop attempted") }, { BSM_ERRNO_EBADMSG, #ifdef EBADMSG EBADMSG, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad message") }, { BSM_ERRNO_ENAMETOOLONG, ENAMETOOLONG, ES("File name too long") }, { BSM_ERRNO_EOVERFLOW, EOVERFLOW, ES("Value too large to be stored in data type") }, { BSM_ERRNO_ENOTUNIQ, #ifdef ENOTUNIQ ENOTUNIQ, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Given log name not unique") }, { BSM_ERRNO_EBADFD, #ifdef EBADFD EBADFD, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Given f.d. invalid for this operation") }, { BSM_ERRNO_EREMCHG, #ifdef EREMCHG EREMCHG, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Remote address changed") }, { BSM_ERRNO_ELIBACC, #ifdef ELIBACC ELIBACC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Can't access a needed shared lib") }, { BSM_ERRNO_ELIBBAD, #ifdef ELIBBAD ELIBBAD, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Accessing a corrupted shared lib") }, { BSM_ERRNO_ELIBSCN, #ifdef ELIBSCN ELIBSCN, #else ERRNO_NO_LOCAL_MAPPING, #endif ES(".lib section in a.out corrupted") }, { BSM_ERRNO_ELIBMAX, #ifdef ELIBMAX ELIBMAX, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Attempting to link in too many libs") }, { BSM_ERRNO_ELIBEXEC, #ifdef ELIBEXEC ELIBEXEC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Attempting to exec a shared library") }, { BSM_ERRNO_EILSEQ, EILSEQ, ES("Illegal byte sequence") }, { BSM_ERRNO_ENOSYS, ENOSYS, ES("Function not implemented") }, { BSM_ERRNO_ELOOP, ELOOP, ES("Too many levels of symbolic links") }, { BSM_ERRNO_ERESTART, #ifdef ERESTART ERESTART, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Restart syscall") }, { BSM_ERRNO_ESTRPIPE, #ifdef ESTRPIPE ESTRPIPE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("If pipe/FIFO, don't sleep in stream head") }, { BSM_ERRNO_ENOTEMPTY, ENOTEMPTY, ES("Directory not empty") }, { BSM_ERRNO_EUSERS, EUSERS, ES("Too many users") }, { BSM_ERRNO_ENOTSOCK, ENOTSOCK, ES("Socket operation on non-socket") }, { BSM_ERRNO_EDESTADDRREQ, EDESTADDRREQ, ES("Destination address required") }, { BSM_ERRNO_EMSGSIZE, EMSGSIZE, ES("Message too long") }, { BSM_ERRNO_EPROTOTYPE, EPROTOTYPE, ES("Protocol wrong type for socket") }, { BSM_ERRNO_ENOPROTOOPT, ENOPROTOOPT, ES("Protocol not available") }, { BSM_ERRNO_EPROTONOSUPPORT, EPROTONOSUPPORT, ES("Protocol not supported") }, { BSM_ERRNO_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT, ES("Socket type not supported") }, { BSM_ERRNO_EOPNOTSUPP, EOPNOTSUPP, ES("Operation not supported") }, { BSM_ERRNO_EPFNOSUPPORT, EPFNOSUPPORT, ES("Protocol family not supported") }, { BSM_ERRNO_EAFNOSUPPORT, EAFNOSUPPORT, ES("Address family not supported by protocol family") }, { BSM_ERRNO_EADDRINUSE, EADDRINUSE, ES("Address already in use") }, { BSM_ERRNO_EADDRNOTAVAIL, EADDRNOTAVAIL, ES("Can't assign requested address") }, { BSM_ERRNO_ENETDOWN, ENETDOWN, ES("Network is down") }, { BSM_ERRNO_ENETRESET, ENETRESET, ES("Network dropped connection on reset") }, { BSM_ERRNO_ECONNABORTED, ECONNABORTED, ES("Software caused connection abort") }, { BSM_ERRNO_ECONNRESET, ECONNRESET, ES("Connection reset by peer") }, { BSM_ERRNO_ENOBUFS, ENOBUFS, ES("No buffer space available") }, { BSM_ERRNO_EISCONN, EISCONN, ES("Socket is already connected") }, { BSM_ERRNO_ENOTCONN, ENOTCONN, ES("Socket is not connected") }, { BSM_ERRNO_ESHUTDOWN, ESHUTDOWN, ES("Can't send after socket shutdown") }, { BSM_ERRNO_ETOOMANYREFS, ETOOMANYREFS, ES("Too many references: can't splice") }, { BSM_ERRNO_ETIMEDOUT, ETIMEDOUT, ES("Operation timed out") }, { BSM_ERRNO_ECONNREFUSED, ECONNREFUSED, ES("Connection refused") }, { BSM_ERRNO_EHOSTDOWN, EHOSTDOWN, ES("Host is down") }, { BSM_ERRNO_EHOSTUNREACH, EHOSTUNREACH, ES("No route to host") }, { BSM_ERRNO_EALREADY, EALREADY, ES("Operation already in progress") }, { BSM_ERRNO_EINPROGRESS, EINPROGRESS, ES("Operation now in progress") }, { BSM_ERRNO_ESTALE, ESTALE, ES("Stale NFS file handle") }, { BSM_ERRNO_EPROCLIM, #ifdef EPROCLIM EPROCLIM, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Too many processes") }, { BSM_ERRNO_EBADRPC, #ifdef EBADRPC EBADRPC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("RPC struct is bad") }, { BSM_ERRNO_ERPCMISMATCH, #ifdef ERPCMISMATCH ERPCMISMATCH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("RPC version wrong") }, { BSM_ERRNO_EPROGUNAVAIL, #ifdef EPROGUNAVAIL EPROGUNAVAIL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("RPC prog. not avail") }, { BSM_ERRNO_EPROGMISMATCH, #ifdef EPROGMISMATCH EPROGMISMATCH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("RPC version wrong") }, { BSM_ERRNO_EPROCUNAVAIL, #ifdef EPROCUNAVAIL EPROCUNAVAIL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad procedure for program") }, { BSM_ERRNO_EFTYPE, #ifdef EFTYPE EFTYPE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Inappropriate file type or format") }, { BSM_ERRNO_EAUTH, #ifdef EAUTH EAUTH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Authenticateion error") }, { BSM_ERRNO_ENEEDAUTH, #ifdef ENEEDAUTH ENEEDAUTH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Need authenticator") }, { BSM_ERRNO_ENOATTR, #ifdef ENOATTR ENOATTR, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Attribute not found") }, { BSM_ERRNO_EDOOFUS, #ifdef EDOOFUS EDOOFUS, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Programming error") }, { BSM_ERRNO_EJUSTRETURN, #ifdef EJUSTRETURN EJUSTRETURN, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Just return") }, { BSM_ERRNO_ENOIOCTL, #ifdef ENOIOCTL ENOIOCTL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("ioctl not handled by this layer") }, { BSM_ERRNO_EDIRIOCTL, #ifdef EDIRIOCTL EDIRIOCTL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("do direct ioctl in GEOM") }, { BSM_ERRNO_EPWROFF, #ifdef EPWROFF EPWROFF, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Device power is off") }, { BSM_ERRNO_EDEVERR, #ifdef EDEVERR EDEVERR, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Device error") }, { BSM_ERRNO_EBADEXEC, #ifdef EBADEXEC EBADEXEC, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad executable") }, { BSM_ERRNO_EBADARCH, #ifdef EBADARCH EBADARCH, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Bad CPU type in executable") }, { BSM_ERRNO_ESHLIBVERS, #ifdef ESHLIBVERS ESHLIBVERS, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Shared library version mismatch") }, { BSM_ERRNO_EBADMACHO, #ifdef EBADMACHO EBADMACHO, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Malformed Macho file") }, { BSM_ERRNO_EPOLICY, #ifdef EPOLICY EPOLICY, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Operation failed by policy") }, { BSM_ERRNO_EDOTDOT, #ifdef EDOTDOT EDOTDOT, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("RFS specific error") }, { BSM_ERRNO_EUCLEAN, #ifdef EUCLEAN EUCLEAN, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Structure needs cleaning") }, { BSM_ERRNO_ENOTNAM, #ifdef ENOTNAM ENOTNAM, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Not a XENIX named type file") }, { BSM_ERRNO_ENAVAIL, #ifdef ENAVAIL ENAVAIL, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("No XENIX semaphores available") }, { BSM_ERRNO_EISNAM, #ifdef EISNAM EISNAM, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Is a named type file") }, { BSM_ERRNO_EREMOTEIO, #ifdef EREMOTEIO EREMOTEIO, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Remote I/O error") }, { BSM_ERRNO_ENOMEDIUM, #ifdef ENOMEDIUM ENOMEDIUM, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("No medium found") }, { BSM_ERRNO_EMEDIUMTYPE, #ifdef EMEDIUMTYPE EMEDIUMTYPE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Wrong medium type") }, { BSM_ERRNO_ENOKEY, #ifdef ENOKEY ENOKEY, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Required key not available") }, { BSM_ERRNO_EKEYEXPIRED, #ifdef EKEYEXPIRED EKEYEXPIRED, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Key has expired") }, { BSM_ERRNO_EKEYREVOKED, #ifdef EKEYREVOKED EKEYREVOKED, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Key has been revoked") }, { BSM_ERRNO_EKEYREJECTED, #ifdef EKEYREJECTED EKEYREJECTED, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Key was rejected by service") }, { BSM_ERRNO_ENOTCAPABLE, #ifdef ENOTCAPABLE ENOTCAPABLE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Capabilities insufficient") }, { BSM_ERRNO_ECAPMODE, #ifdef ECAPMODE ECAPMODE, #else ERRNO_NO_LOCAL_MAPPING, #endif ES("Not permitted in capability mode") }, }; static const int bsm_errnos_count = sizeof(bsm_errnos) / sizeof(bsm_errnos[0]); static const struct bsm_errno * bsm_lookup_errno_local(int local_errno) { int i; for (i = 0; i < bsm_errnos_count; i++) { if (bsm_errnos[i].be_local_errno == local_errno) return (&bsm_errnos[i]); } return (NULL); } /* * Conversion to the BSM errno space isn't allowed to fail; we simply map to * BSM_ERRNO_UNKNOWN and let the remote endpoint deal with it. */ u_char au_errno_to_bsm(int local_errno) { const struct bsm_errno *bsme; bsme = bsm_lookup_errno_local(local_errno); if (bsme == NULL) return (BSM_ERRNO_UNKNOWN); return (bsme->be_bsm_errno); } static const struct bsm_errno * bsm_lookup_errno_bsm(u_char bsm_errno) { int i; for (i = 0; i < bsm_errnos_count; i++) { if (bsm_errnos[i].be_bsm_errno == bsm_errno) return (&bsm_errnos[i]); } return (NULL); } /* * Converstion from a BSM error to a local error number may fail if either * OpenBSM doesn't recognize the error on the wire, or because there is no * appropriate local mapping. */ int au_bsm_to_errno(u_char bsm_errno, int *errorp) { const struct bsm_errno *bsme; bsme = bsm_lookup_errno_bsm(bsm_errno); if (bsme == NULL || bsme->be_local_errno == ERRNO_NO_LOCAL_MAPPING) return (-1); *errorp = bsme->be_local_errno; return (0); } #if !defined(KERNEL) && !defined(_KERNEL) const char * au_strerror(u_char bsm_errno) { const struct bsm_errno *bsme; bsme = bsm_lookup_errno_bsm(bsm_errno); if (bsme == NULL) return ("Unrecognized BSM error"); if (bsme->be_local_errno != ERRNO_NO_LOCAL_MAPPING) return (strerror(bsme->be_local_errno)); return (bsme->be_strerror); } #endif Index: stable/10/sys/security/audit/bsm_fcntl.c =================================================================== --- stable/10/sys/security/audit/bsm_fcntl.c (revision 293162) +++ stable/10/sys/security/audit/bsm_fcntl.c (revision 293163) @@ -1,292 +1,290 @@ /*- * Copyright (c) 2008-2009 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_fcntl.c#2 */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include struct bsm_fcntl_cmd { u_short bfc_bsm_fcntl_cmd; int bfc_local_fcntl_cmd; }; typedef struct bsm_fcntl_cmd bsm_fcntl_cmd_t; static const bsm_fcntl_cmd_t bsm_fcntl_cmdtab[] = { { BSM_F_DUPFD, F_DUPFD }, { BSM_F_GETFD, F_GETFD }, { BSM_F_SETFD, F_SETFD }, { BSM_F_GETFL, F_GETFL }, { BSM_F_SETFL, F_SETFL }, #ifdef F_O_GETLK { BSM_F_O_GETLK, F_O_GETLK }, #endif { BSM_F_SETLK, F_SETLK }, { BSM_F_SETLKW, F_SETLK }, #ifdef F_CHFL { BSM_F_CHKFL, F_CHKFL }, #endif #ifdef F_DUP2FD { BSM_F_DUP2FD, F_DUP2FD }, #endif #ifdef F_ALLOCSP { BSM_F_ALLOCSP, F_ALLOCSP }, #endif #ifdef F_FREESP { BSM_F_FREESP, F_FREESP }, #endif #ifdef F_ISSTREAM { BSM_F_ISSTREAM, F_ISSTREAM}, #endif { BSM_F_GETLK, F_GETLK }, #ifdef F_PRIV { BSM_F_PRIV, F_PRIV }, #endif #ifdef F_NPRIV { BSM_F_NPRIV, F_NPRIV }, #endif #ifdef F_QUOTACTL { BSM_F_QUOTACTL, F_QUOTACTL }, #endif #ifdef F_BLOCKS { BSM_F_BLOCKS, F_BLOCKS }, #endif #ifdef F_BLKSIZE { BSM_F_BLKSIZE, F_BLKSIZE }, #endif { BSM_F_GETOWN, F_GETOWN }, { BSM_F_SETOWN, F_SETOWN }, #ifdef F_REVOKE { BSM_F_REVOKE, F_REVOKE }, #endif #ifdef F_HASREMOTEBLOCKS { BSM_F_HASREMOTEBLOCKS, F_HASREMOTEBLOCKS }, #endif #ifdef F_FREESP { BSM_F_FREESP, F_FREESP }, #endif #ifdef F_ALLOCSP { BSM_F_ALLOCSP, F_ALLOCSP }, #endif #ifdef F_FREESP64 { BSM_F_FREESP64, F_FREESP64 }, #endif #ifdef F_ALLOCSP64 { BSM_F_ALLOCSP64, F_ALLOCSP64 }, #endif #ifdef F_GETLK64 { BSM_F_GETLK64, F_GETLK64 }, #endif #ifdef F_SETLK64 { BSM_F_SETLK64, F_SETLK64 }, #endif #ifdef F_SETLKW64 { BSM_F_SETLKW64, F_SETLKW64 }, #endif #ifdef F_SHARE { BSM_F_SHARE, F_SHARE }, #endif #ifdef F_UNSHARE { BSM_F_UNSHARE, F_UNSHARE }, #endif #ifdef F_SETLK_NBMAND { BSM_F_SETLK_NBMAND, F_SETLK_NBMAND }, #endif #ifdef F_SHARE_NBMAND { BSM_F_SHARE_NBMAND, F_SHARE_NBMAND }, #endif #ifdef F_SETLK64_NBMAND { BSM_F_SETLK64_NBMAND, F_SETLK64_NBMAND }, #endif #ifdef F_GETXFL { BSM_F_GETXFL, F_GETXFL }, #endif #ifdef F_BADFD { BSM_F_BADFD, F_BADFD }, #endif #ifdef F_OGETLK { BSM_F_OGETLK, F_OGETLK }, #endif #ifdef F_OSETLK { BSM_F_OSETLK, F_OSETLK }, #endif #ifdef F_OSETLKW { BSM_F_OSETLKW, F_OSETLKW }, #endif #ifdef F_SETLK_REMOTE { BSM_F_SETLK_REMOTE, F_SETLK_REMOTE }, #endif #ifdef F_SETSIG { BSM_F_SETSIG, F_SETSIG }, #endif #ifdef F_GETSIG { BSM_F_GETSIG, F_GETSIG }, #endif #ifdef F_CHKCLEAN { BSM_F_CHKCLEAN, F_CHKCLEAN }, #endif #ifdef F_PREALLOCATE { BSM_F_PREALLOCATE, F_PREALLOCATE }, #endif #ifdef F_SETSIZE { BSM_F_SETSIZE, F_SETSIZE }, #endif #ifdef F_RDADVISE { BSM_F_RDADVISE, F_RDADVISE }, #endif #ifdef F_RDAHEAD { BSM_F_RDAHEAD, F_RDAHEAD }, #endif #ifdef F_READBOOTSTRAP { BSM_F_READBOOTSTRAP, F_READBOOTSTRAP }, #endif #ifdef F_WRITEBOOTSTRAP { BSM_F_WRITEBOOTSTRAP, F_WRITEBOOTSTRAP }, #endif #ifdef F_NOCACHE { BSM_F_NOCACHE, F_NOCACHE }, #endif #ifdef F_LOG2PHYS { BSM_F_LOG2PHYS, F_LOG2PHYS }, #endif #ifdef F_GETPATH { BSM_F_GETPATH, F_GETPATH }, #endif #ifdef F_FULLFSYNC { BSM_F_FULLFSYNC, F_FULLFSYNC }, #endif #ifdef F_PATHPKG_CHECK { BSM_F_PATHPKG_CHECK, F_PATHPKG_CHECK }, #endif #ifdef F_FREEZE_FS { BSM_F_FREEZE_FS, F_FREEZE_FS }, #endif #ifdef F_THAW_FS { BSM_F_THAW_FS, F_THAW_FS }, #endif #ifdef F_GLOBAL_NOCACHE { BSM_F_GLOBAL_NOCACHE, F_GLOBAL_NOCACHE }, #endif #ifdef F_OPENFROM { BSM_F_OPENFROM, F_OPENFROM }, #endif #ifdef F_UNLINKFROM { BSM_F_UNLINKFROM, F_UNLINKFROM }, #endif #ifdef F_CHECK_OPENEVT { BSM_F_CHECK_OPENEVT, F_CHECK_OPENEVT }, #endif #ifdef F_ADDSIGS { BSM_F_ADDSIGS, F_ADDSIGS }, #endif #ifdef F_MARKDEPENDENCY { BSM_F_MARKDEPENDENCY, F_MARKDEPENDENCY }, #endif #ifdef FCNTL_FS_SPECIFIC_BASE { BSM_F_FS_SPECIFIC_0, FCNTL_FS_SPECIFIC_BASE}, { BSM_F_FS_SPECIFIC_1, FCNTL_FS_SPECIFIC_BASE + 1}, { BSM_F_FS_SPECIFIC_2, FCNTL_FS_SPECIFIC_BASE + 2}, { BSM_F_FS_SPECIFIC_3, FCNTL_FS_SPECIFIC_BASE + 3}, { BSM_F_FS_SPECIFIC_4, FCNTL_FS_SPECIFIC_BASE + 4}, { BSM_F_FS_SPECIFIC_5, FCNTL_FS_SPECIFIC_BASE + 5}, { BSM_F_FS_SPECIFIC_6, FCNTL_FS_SPECIFIC_BASE + 6}, { BSM_F_FS_SPECIFIC_7, FCNTL_FS_SPECIFIC_BASE + 7}, { BSM_F_FS_SPECIFIC_8, FCNTL_FS_SPECIFIC_BASE + 8}, { BSM_F_FS_SPECIFIC_9, FCNTL_FS_SPECIFIC_BASE + 9}, { BSM_F_FS_SPECIFIC_10, FCNTL_FS_SPECIFIC_BASE + 10}, { BSM_F_FS_SPECIFIC_11, FCNTL_FS_SPECIFIC_BASE + 11}, { BSM_F_FS_SPECIFIC_12, FCNTL_FS_SPECIFIC_BASE + 12}, { BSM_F_FS_SPECIFIC_13, FCNTL_FS_SPECIFIC_BASE + 13}, { BSM_F_FS_SPECIFIC_14, FCNTL_FS_SPECIFIC_BASE + 14}, { BSM_F_FS_SPECIFIC_15, FCNTL_FS_SPECIFIC_BASE + 15}, #endif /* FCNTL_FS_SPECIFIC_BASE */ }; static const int bsm_fcntl_cmd_count = sizeof(bsm_fcntl_cmdtab) / sizeof(bsm_fcntl_cmdtab[0]); static const bsm_fcntl_cmd_t * bsm_lookup_local_fcntl_cmd(int local_fcntl_cmd) { int i; for (i = 0; i < bsm_fcntl_cmd_count; i++) { if (bsm_fcntl_cmdtab[i].bfc_local_fcntl_cmd == local_fcntl_cmd) return (&bsm_fcntl_cmdtab[i]); } return (NULL); } u_short au_fcntl_cmd_to_bsm(int local_fcntl_cmd) { const bsm_fcntl_cmd_t *bfcp; bfcp = bsm_lookup_local_fcntl_cmd(local_fcntl_cmd); if (bfcp == NULL) return (BSM_F_UNKNOWN); return (bfcp->bfc_bsm_fcntl_cmd); } static const bsm_fcntl_cmd_t * bsm_lookup_bsm_fcntl_cmd(u_short bsm_fcntl_cmd) { int i; for (i = 0; i < bsm_fcntl_cmd_count; i++) { if (bsm_fcntl_cmdtab[i].bfc_bsm_fcntl_cmd == bsm_fcntl_cmd) return (&bsm_fcntl_cmdtab[i]); } return (NULL); } int au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp) { const bsm_fcntl_cmd_t *bfcp; bfcp = bsm_lookup_bsm_fcntl_cmd(bsm_fcntl_cmd); if (bfcp == NULL || bfcp->bfc_local_fcntl_cmd) return (-1); *local_fcntl_cmdp = bfcp->bfc_local_fcntl_cmd; return (0); } Index: stable/10/sys/security/audit/bsm_socket_type.c =================================================================== --- stable/10/sys/security/audit/bsm_socket_type.c (revision 293162) +++ stable/10/sys/security/audit/bsm_socket_type.c (revision 293163) @@ -1,107 +1,105 @@ /*- * Copyright (c) 2008 Apple Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_socket_type.c#1 */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include struct bsm_socket_type { u_short bst_bsm_socket_type; int bst_local_socket_type; }; #define ST_NO_LOCAL_MAPPING -600 static const struct bsm_socket_type bsm_socket_types[] = { { BSM_SOCK_DGRAM, SOCK_DGRAM }, { BSM_SOCK_STREAM, SOCK_STREAM }, { BSM_SOCK_RAW, SOCK_RAW }, { BSM_SOCK_RDM, SOCK_RDM }, { BSM_SOCK_SEQPACKET, SOCK_SEQPACKET }, }; static const int bsm_socket_types_count = sizeof(bsm_socket_types) / sizeof(bsm_socket_types[0]); static const struct bsm_socket_type * bsm_lookup_local_socket_type(int local_socket_type) { int i; for (i = 0; i < bsm_socket_types_count; i++) { if (bsm_socket_types[i].bst_local_socket_type == local_socket_type) return (&bsm_socket_types[i]); } return (NULL); } u_short au_socket_type_to_bsm(int local_socket_type) { const struct bsm_socket_type *bstp; bstp = bsm_lookup_local_socket_type(local_socket_type); if (bstp == NULL) return (BSM_SOCK_UNKNOWN); return (bstp->bst_bsm_socket_type); } static const struct bsm_socket_type * bsm_lookup_bsm_socket_type(u_short bsm_socket_type) { int i; for (i = 0; i < bsm_socket_types_count; i++) { if (bsm_socket_types[i].bst_bsm_socket_type == bsm_socket_type) return (&bsm_socket_types[i]); } return (NULL); } int au_bsm_to_socket_type(u_short bsm_socket_type, int *local_socket_typep) { const struct bsm_socket_type *bstp; bstp = bsm_lookup_bsm_socket_type(bsm_socket_type); if (bstp == NULL || bstp->bst_local_socket_type) return (-1); *local_socket_typep = bstp->bst_local_socket_type; return (0); } Index: stable/10/sys/security/audit/bsm_token.c =================================================================== --- stable/10/sys/security/audit/bsm_token.c (revision 293162) +++ stable/10/sys/security/audit/bsm_token.c (revision 293163) @@ -1,1613 +1,1611 @@ /*- * Copyright (c) 2004-2009 Apple Inc. * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * * This code was developed in part by Robert N. M. Watson, Senior Principal * Scientist, SPARTA, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99 */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define GET_TOKEN_AREA(t, dptr, length) do { \ t = malloc(sizeof(token_t), M_AUDITBSM, M_WAITOK); \ t->t_data = malloc(length, M_AUDITBSM, M_WAITOK | M_ZERO); \ t->len = length; \ dptr = t->t_data; \ } while (0) /* * token ID 1 byte * success/failure 1 byte * privstrlen 2 bytes * privstr N bytes + 1 (\0 byte) */ token_t * au_to_upriv(char sorf, char *priv) { u_int16_t textlen; u_char *dptr; token_t *t; textlen = strlen(priv) + 1; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) + sizeof(u_int16_t) + textlen); ADD_U_CHAR(dptr, AUT_UPRIV); ADD_U_CHAR(dptr, sorf); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, priv, textlen); return (t); } /* * token ID 1 byte * privtstrlen 2 bytes * privtstr N bytes + 1 * privstrlen 2 bytes * privstr N bytes + 1 */ token_t * au_to_privset(char *privtypestr, char *privstr) { u_int16_t type_len, priv_len; u_char *dptr; token_t *t; type_len = strlen(privtypestr) + 1; priv_len = strlen(privstr) + 1; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + sizeof(u_int16_t) + type_len + priv_len); ADD_U_CHAR(dptr, AUT_PRIV); ADD_U_INT16(dptr, type_len); ADD_STRING(dptr, privtypestr, type_len); ADD_U_INT16(dptr, priv_len); ADD_STRING(dptr, privstr, priv_len); return (t); } /* * token ID 1 byte * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) * text length 2 bytes * text N bytes + 1 terminating NULL byte */ token_t * au_to_arg32(char n, const char *text, u_int32_t v) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; textlen = strlen(text); textlen += 1; GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_int16_t) + textlen); ADD_U_CHAR(dptr, AUT_ARG32); ADD_U_CHAR(dptr, n); ADD_U_INT32(dptr, v); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); return (t); } token_t * au_to_arg64(char n, const char *text, u_int64_t v) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; textlen = strlen(text); textlen += 1; GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t) + sizeof(u_int16_t) + textlen); ADD_U_CHAR(dptr, AUT_ARG64); ADD_U_CHAR(dptr, n); ADD_U_INT64(dptr, v); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); return (t); } token_t * au_to_arg(char n, const char *text, u_int32_t v) { return (au_to_arg32(n, text, v)); } #if defined(_KERNEL) || defined(KERNEL) /* * token ID 1 byte * file access mode 4 bytes * owner user ID 4 bytes * owner group ID 4 bytes * file system ID 4 bytes * node ID 8 bytes * device 4 bytes/8 bytes (32-bit/64-bit) */ token_t * au_to_attr32(struct vnode_au_info *vni) { token_t *t; u_char *dptr = NULL; u_int16_t pad0_16 = 0; u_int32_t pad0_32 = 0; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_ATTR32); /* * BSD defines the size for the file mode as 2 bytes; BSM defines 4 * so pad with 0. * * XXXRW: Possibly should be conditionally compiled. * * XXXRW: Should any conversions take place on the mode? */ ADD_U_INT16(dptr, pad0_16); ADD_U_INT16(dptr, vni->vn_mode); ADD_U_INT32(dptr, vni->vn_uid); ADD_U_INT32(dptr, vni->vn_gid); ADD_U_INT32(dptr, vni->vn_fsid); /* * Some systems use 32-bit file ID's, others use 64-bit file IDs. * Attempt to handle both, and let the compiler sort it out. If we * could pick this out at compile-time, it would be better, so as to * avoid the else case below. */ if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { ADD_U_INT32(dptr, pad0_32); ADD_U_INT32(dptr, vni->vn_fileid); } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) ADD_U_INT64(dptr, vni->vn_fileid); else ADD_U_INT64(dptr, 0LL); ADD_U_INT32(dptr, vni->vn_dev); return (t); } token_t * au_to_attr64(struct vnode_au_info *vni) { token_t *t; u_char *dptr = NULL; u_int16_t pad0_16 = 0; u_int32_t pad0_32 = 0; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2); ADD_U_CHAR(dptr, AUT_ATTR64); /* * BSD defines the size for the file mode as 2 bytes; BSM defines 4 * so pad with 0. * * XXXRW: Possibly should be conditionally compiled. * * XXXRW: Should any conversions take place on the mode? */ ADD_U_INT16(dptr, pad0_16); ADD_U_INT16(dptr, vni->vn_mode); ADD_U_INT32(dptr, vni->vn_uid); ADD_U_INT32(dptr, vni->vn_gid); ADD_U_INT32(dptr, vni->vn_fsid); /* * Some systems use 32-bit file ID's, other's use 64-bit file IDs. * Attempt to handle both, and let the compiler sort it out. If we * could pick this out at compile-time, it would be better, so as to * avoid the else case below. */ if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { ADD_U_INT32(dptr, pad0_32); ADD_U_INT32(dptr, vni->vn_fileid); } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) ADD_U_INT64(dptr, vni->vn_fileid); else ADD_U_INT64(dptr, 0LL); ADD_U_INT64(dptr, vni->vn_dev); return (t); } token_t * au_to_attr(struct vnode_au_info *vni) { return (au_to_attr32(vni)); } #endif /* !(defined(_KERNEL) || defined(KERNEL) */ /* * token ID 1 byte * how to print 1 byte * basic unit 1 byte * unit count 1 byte * data items (depends on basic unit) */ token_t * au_to_data(char unit_print, char unit_type, char unit_count, const char *p) { token_t *t; u_char *dptr = NULL; size_t datasize, totdata; /* Determine the size of the basic unit. */ switch (unit_type) { case AUR_BYTE: /* case AUR_CHAR: */ datasize = AUR_BYTE_SIZE; break; case AUR_SHORT: datasize = AUR_SHORT_SIZE; break; case AUR_INT32: /* case AUR_INT: */ datasize = AUR_INT32_SIZE; break; case AUR_INT64: datasize = AUR_INT64_SIZE; break; default: return (NULL); } totdata = datasize * unit_count; GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); /* * XXXRW: We should be byte-swapping each data item for multi-byte * types. */ ADD_U_CHAR(dptr, AUT_DATA); ADD_U_CHAR(dptr, unit_print); ADD_U_CHAR(dptr, unit_type); ADD_U_CHAR(dptr, unit_count); ADD_MEM(dptr, p, totdata); return (t); } /* * token ID 1 byte * status 4 bytes * return value 4 bytes */ token_t * au_to_exit(int retval, int err) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_EXIT); ADD_U_INT32(dptr, err); ADD_U_INT32(dptr, retval); return (t); } /* */ token_t * au_to_groups(int *groups) { return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t *)groups)); } /* * token ID 1 byte * number groups 2 bytes * group list count * 4 bytes */ token_t * au_to_newgroups(u_int16_t n, gid_t *groups) { token_t *t; u_char *dptr = NULL; int i; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + n * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_NEWGROUPS); ADD_U_INT16(dptr, n); for (i = 0; i < n; i++) ADD_U_INT32(dptr, groups[i]); return (t); } /* * token ID 1 byte * internet address 4 bytes */ token_t * au_to_in_addr(struct in_addr *internet_addr) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_IN_ADDR); ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); return (t); } /* * token ID 1 byte * address type/length 4 bytes * address 16 bytes */ token_t * au_to_in_addr_ex(struct in6_addr *internet_addr) { token_t *t; u_char *dptr = NULL; u_int32_t type = AU_IPv6; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); ADD_U_INT32(dptr, type); ADD_MEM(dptr, internet_addr, 4 * sizeof(uint32_t)); return (t); } /* * token ID 1 byte * ip header 20 bytes * * The IP header should be submitted in network byte order. */ token_t * au_to_ip(struct ip *ip) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip)); ADD_U_CHAR(dptr, AUT_IP); ADD_MEM(dptr, ip, sizeof(struct ip)); return (t); } /* * token ID 1 byte * object ID type 1 byte * object ID 4 bytes */ token_t * au_to_ipc(char type, int id) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_IPC); ADD_U_CHAR(dptr, type); ADD_U_INT32(dptr, id); return (t); } /* * token ID 1 byte * owner user ID 4 bytes * owner group ID 4 bytes * creator user ID 4 bytes * creator group ID 4 bytes * access mode 4 bytes * slot sequence # 4 bytes * key 4 bytes */ token_t * au_to_ipc_perm(struct ipc_perm *perm) { token_t *t; u_char *dptr = NULL; u_int16_t pad0 = 0; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 12 * sizeof(u_int16_t) + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_IPC_PERM); /* * Systems vary significantly in what types they use in struct * ipc_perm; at least a few still use 16-bit uid's and gid's, so * allow for that, as BSM define 32-bit values here. * Some systems define the sizes for ipc_perm members as 2 bytes; * BSM defines 4 so pad with 0. * * XXXRW: Possibly shoulid be conditionally compiled, and more cases * need to be handled. */ if (sizeof(perm->uid) != sizeof(u_int32_t)) { ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->uid); ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->gid); ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->cuid); ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->cgid); } else { ADD_U_INT32(dptr, perm->uid); ADD_U_INT32(dptr, perm->gid); ADD_U_INT32(dptr, perm->cuid); ADD_U_INT32(dptr, perm->cgid); } ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->mode); ADD_U_INT16(dptr, pad0); ADD_U_INT16(dptr, perm->seq); ADD_U_INT32(dptr, perm->key); return (t); } /* * token ID 1 byte * port IP address 2 bytes */ token_t * au_to_iport(u_int16_t iport) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t)); ADD_U_CHAR(dptr, AUT_IPORT); ADD_U_INT16(dptr, iport); return (t); } /* * token ID 1 byte * size 2 bytes * data size bytes */ token_t * au_to_opaque(const char *data, u_int16_t bytes) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + bytes); ADD_U_CHAR(dptr, AUT_OPAQUE); ADD_U_INT16(dptr, bytes); ADD_MEM(dptr, data, bytes); return (t); } /* * token ID 1 byte * seconds of time 4 bytes * milliseconds of time 4 bytes * file name len 2 bytes * file pathname N bytes + 1 terminating NULL byte */ token_t * au_to_file(const char *file, struct timeval tm) { token_t *t; u_char *dptr = NULL; u_int16_t filelen; u_int32_t timems; filelen = strlen(file); filelen += 1; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t) + sizeof(u_int16_t) + filelen); timems = tm.tv_usec/1000; ADD_U_CHAR(dptr, AUT_OTHER_FILE32); ADD_U_INT32(dptr, tm.tv_sec); ADD_U_INT32(dptr, timems); /* We need time in ms. */ ADD_U_INT16(dptr, filelen); ADD_STRING(dptr, file, filelen); return (t); } /* * token ID 1 byte * text length 2 bytes * text N bytes + 1 terminating NULL byte */ token_t * au_to_text(const char *text) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; textlen = strlen(text); textlen += 1; /* XXXRW: Should validate length against token size limit. */ GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); ADD_U_CHAR(dptr, AUT_TEXT); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); return (t); } /* * token ID 1 byte * path length 2 bytes * path N bytes + 1 terminating NULL byte */ token_t * au_to_path(const char *text) { token_t *t; u_char *dptr = NULL; u_int16_t textlen; textlen = strlen(text); textlen += 1; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); ADD_U_CHAR(dptr, AUT_PATH); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, text, textlen); return (t); } /* * token ID 1 byte * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * machine address 4 bytes */ token_t * au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_PROCESS32); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); /* * Note: Solaris will write out IPv6 addresses here as a 32-bit * address type and 16 bytes of address, but for IPv4 addresses it * simply writes the 4-byte address directly. We support only IPv4 * addresses for process32 tokens. */ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } token_t * au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) + sizeof(u_int64_t)); ADD_U_CHAR(dptr, AUT_PROCESS64); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT64(dptr, tid->port); /* * Note: Solaris will write out IPv6 addresses here as a 32-bit * address type and 16 bytes of address, but for IPv4 addresses it * simply writes the 4-byte address directly. We support only IPv4 * addresses for process64 tokens. */ ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } token_t * au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { return (au_to_process32(auid, euid, egid, ruid, rgid, pid, sid, tid)); } /* * token ID 1 byte * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * address type-len 4 bytes * machine address 16 bytes */ token_t * au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { token_t *t; u_char *dptr = NULL; KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6), ("au_to_process32_ex: type %u", (unsigned int)tid->at_type)); if (tid->at_type == AU_IPv4) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * sizeof(u_int32_t)); else GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_PROCESS32_EX); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); if (tid->at_type == AU_IPv6) { ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); } return (t); } token_t * au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { token_t *t; u_char *dptr = NULL; if (tid->at_type == AU_IPv4) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 2 * sizeof(u_int32_t)); else if (tid->at_type == AU_IPv6) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 5 * sizeof(u_int32_t)); else panic("au_to_process64_ex: invalidate at_type (%d)", tid->at_type); ADD_U_CHAR(dptr, AUT_PROCESS64_EX); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT64(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); if (tid->at_type == AU_IPv6) { ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); } return (t); } token_t * au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { return (au_to_process32_ex(auid, euid, egid, ruid, rgid, pid, sid, tid)); } token_t * au_to_rights(cap_rights_t *rightsp) { token_t *t; u_char *dptr; int i; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(*rightsp)); ADD_U_CHAR(dptr, AUT_RIGHTS); for (i = 0; i < nitems(rightsp->cr_rights); i++) ADD_U_INT64(dptr, rightsp->cr_rights[i]); return (t); } /* * token ID 1 byte * error status 1 byte * return value 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * au_to_return32(char status, u_int32_t ret) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_RETURN32); ADD_U_CHAR(dptr, status); ADD_U_INT32(dptr, ret); return (t); } token_t * au_to_return64(char status, u_int64_t ret) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t)); ADD_U_CHAR(dptr, AUT_RETURN64); ADD_U_CHAR(dptr, status); ADD_U_INT64(dptr, ret); return (t); } token_t * au_to_return(char status, u_int32_t ret) { return (au_to_return32(status, ret)); } /* * token ID 1 byte * sequence number 4 bytes */ token_t * au_to_seq(long audit_count) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_SEQ); ADD_U_INT32(dptr, audit_count); return (t); } /* * token ID 1 byte * socket domain 2 bytes * socket type 2 bytes * address type 2 byte * local port 2 bytes * local address 4 bytes/16 bytes (IPv4/IPv6 address) * remote port 2 bytes * remote address 4 bytes/16 bytes (IPv4/IPv6 address) * * Domain and type arguments to this routine are assumed to already have been * converted to the BSM constant space, so we don't do that here. */ token_t * au_to_socket_ex(u_short so_domain, u_short so_type, struct sockaddr *sa_local, struct sockaddr *sa_remote) { token_t *t; u_char *dptr = NULL; struct sockaddr_in *sin; struct sockaddr_in6 *sin6; if (so_domain == AF_INET) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); else if (so_domain == AF_INET6) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int16_t) + 8 * sizeof(u_int32_t)); else return (NULL); ADD_U_CHAR(dptr, AUT_SOCKET_EX); ADD_U_INT16(dptr, au_domain_to_bsm(so_domain)); ADD_U_INT16(dptr, au_socket_type_to_bsm(so_type)); if (so_domain == AF_INET) { ADD_U_INT16(dptr, AU_IPv4); sin = (struct sockaddr_in *)sa_local; ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t)); ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t)); sin = (struct sockaddr_in *)sa_remote; ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t)); ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t)); } else { ADD_U_INT16(dptr, AU_IPv6); sin6 = (struct sockaddr_in6 *)sa_local; ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t)); ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t)); sin6 = (struct sockaddr_in6 *)sa_remote; ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t)); ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t)); } return (t); } /* * Kernel-specific version of the above function. * * XXXRW: Should now use au_to_socket_ex() here. */ #ifdef _KERNEL token_t * kau_to_socket(struct socket_au_info *soi) { token_t *t; u_char *dptr; u_int16_t so_type; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + sizeof(u_int32_t) + sizeof(u_int16_t) + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_SOCKET); /* Coerce the socket type into a short value */ so_type = soi->so_type; ADD_U_INT16(dptr, so_type); ADD_U_INT16(dptr, soi->so_lport); ADD_U_INT32(dptr, soi->so_laddr); ADD_U_INT16(dptr, soi->so_rport); ADD_U_INT32(dptr, soi->so_raddr); return (t); } #endif /* * token ID 1 byte * socket family 2 bytes * path (up to) 104 bytes + NULL (NULL terminated string) */ token_t * au_to_sock_unix(struct sockaddr_un *so) { token_t *t; u_char *dptr; GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + strlen(so->sun_path) + 1); ADD_U_CHAR(dptr, AUT_SOCKUNIX); /* BSM token has two bytes for family */ ADD_U_CHAR(dptr, 0); ADD_U_CHAR(dptr, so->sun_family); ADD_STRING(dptr, so->sun_path, strlen(so->sun_path) + 1); return (t); } /* * token ID 1 byte * socket family 2 bytes * local port 2 bytes * socket address 4 bytes */ token_t * au_to_sock_inet32(struct sockaddr_in *so) { token_t *t; u_char *dptr = NULL; uint16_t family; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_SOCKINET32); /* * BSM defines the family field as 16 bits, but many operating * systems have an 8-bit sin_family field. Extend to 16 bits before * writing into the token. Assume that both the port and the address * in the sockaddr_in are already in network byte order, but family * is in local byte order. * * XXXRW: Should a name space conversion be taking place on the value * of sin_family? */ family = so->sin_family; ADD_U_INT16(dptr, family); ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); return (t); } token_t * au_to_sock_inet128(struct sockaddr_in6 *so) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + 4 * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_SOCKINET128); /* * In BSD, sin6_family is one octet, but BSM defines the token to * store two. So we copy in a 0 first. XXXRW: Possibly should be * conditionally compiled. */ ADD_U_CHAR(dptr, 0); ADD_U_CHAR(dptr, so->sin6_family); ADD_U_INT16(dptr, so->sin6_port); ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); return (t); } token_t * au_to_sock_inet(struct sockaddr_in *so) { return (au_to_sock_inet32(so)); } /* * token ID 1 byte * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * machine address 4 bytes */ token_t * au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_SUBJECT32); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->port); ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } token_t * au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { token_t *t; u_char *dptr = NULL; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_SUBJECT64); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT64(dptr, tid->port); ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); return (t); } token_t * au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid) { return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid)); } /* * token ID 1 byte * audit ID 4 bytes * effective user ID 4 bytes * effective group ID 4 bytes * real user ID 4 bytes * real group ID 4 bytes * process ID 4 bytes * session ID 4 bytes * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * address type/length 4 bytes * machine address 16 bytes */ token_t * au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { token_t *t; u_char *dptr = NULL; KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6), ("au_to_subject32_ex: type %u", (unsigned int)tid->at_type)); if (tid->at_type == AU_IPv4) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * sizeof(u_int32_t)); else GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_SUBJECT32_EX); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); if (tid->at_type == AU_IPv6) ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); else ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); return (t); } token_t * au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { token_t *t; u_char *dptr = NULL; KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6), ("au_to_subject64_ex: type %u", (unsigned int)tid->at_type)); if (tid->at_type == AU_IPv4) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 2 * sizeof(u_int32_t)); else GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 5 * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_SUBJECT64_EX); ADD_U_INT32(dptr, auid); ADD_U_INT32(dptr, euid); ADD_U_INT32(dptr, egid); ADD_U_INT32(dptr, ruid); ADD_U_INT32(dptr, rgid); ADD_U_INT32(dptr, pid); ADD_U_INT32(dptr, sid); ADD_U_INT64(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); if (tid->at_type == AU_IPv6) ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); else ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); return (t); } token_t * au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) { return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid, tid)); } #if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) /* * Collects audit information for the current process and creates a subject * token from it. */ token_t * au_to_me(void) { auditinfo_t auinfo; auditinfo_addr_t aia; /* * Try to use getaudit_addr(2) first. If this kernel does not support * it, then fall back on to getaudit(2). */ if (getaudit_addr(&aia, sizeof(aia)) != 0) { if (errno == ENOSYS) { if (getaudit(&auinfo) != 0) return (NULL); return (au_to_subject32(auinfo.ai_auid, geteuid(), getegid(), getuid(), getgid(), getpid(), auinfo.ai_asid, &auinfo.ai_termid)); } else { /* getaudit_addr(2) failed for some other reason. */ return (NULL); } } return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); } #endif #if defined(_KERNEL) || defined(KERNEL) static token_t * au_to_exec_strings(char *strs, int count, u_char type) { token_t *t; u_char *dptr = NULL; u_int32_t totlen; int ctr; char *p; totlen = 0; ctr = count; p = strs; while (ctr-- > 0) { totlen += strlen(p) + 1; p = strs + totlen; } GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); ADD_U_CHAR(dptr, type); ADD_U_INT32(dptr, count); ADD_STRING(dptr, strs, totlen); return (t); } /* * token ID 1 byte * count 4 bytes * text count null-terminated strings */ token_t * au_to_exec_args(char *args, int argc) { return (au_to_exec_strings(args, argc, AUT_EXEC_ARGS)); } /* * token ID 1 byte * count 4 bytes * text count null-terminated strings */ token_t * au_to_exec_env(char *envs, int envc) { return (au_to_exec_strings(envs, envc, AUT_EXEC_ENV)); } #else /* * token ID 1 byte * count 4 bytes * text count null-terminated strings */ token_t * au_to_exec_args(char **argv) { token_t *t; u_char *dptr = NULL; const char *nextarg; int i, count = 0; size_t totlen = 0; nextarg = *argv; while (nextarg != NULL) { int nextlen; nextlen = strlen(nextarg); totlen += nextlen + 1; count++; nextarg = *(argv + count); } GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); ADD_U_CHAR(dptr, AUT_EXEC_ARGS); ADD_U_INT32(dptr, count); for (i = 0; i < count; i++) { nextarg = *(argv + i); ADD_MEM(dptr, nextarg, strlen(nextarg) + 1); } return (t); } /* * token ID 1 byte * count 4 bytes * text count null-terminated strings */ token_t * au_to_exec_env(char **envp) { token_t *t; u_char *dptr = NULL; int i, count = 0; size_t totlen = 0; const char *nextenv; nextenv = *envp; while (nextenv != NULL) { int nextlen; nextlen = strlen(nextenv); totlen += nextlen + 1; count++; nextenv = *(envp + count); } GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); ADD_U_CHAR(dptr, AUT_EXEC_ENV); ADD_U_INT32(dptr, count); for (i = 0; i < count; i++) { nextenv = *(envp + i); ADD_MEM(dptr, nextenv, strlen(nextenv) + 1); } return (t); } #endif /* * token ID 1 byte * zonename length 2 bytes * zonename N bytes + 1 terminating NULL byte */ token_t * au_to_zonename(const char *zonename) { u_char *dptr = NULL; u_int16_t textlen; token_t *t; textlen = strlen(zonename) + 1; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); ADD_U_CHAR(dptr, AUT_ZONENAME); ADD_U_INT16(dptr, textlen); ADD_STRING(dptr, zonename, textlen); return (t); } /* * token ID 1 byte * record byte count 4 bytes * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm) { token_t *t; u_char *dptr = NULL; u_int32_t timems; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_HEADER32); ADD_U_INT32(dptr, rec_size); ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); ADD_U_INT16(dptr, e_type); ADD_U_INT16(dptr, e_mod); timems = tm.tv_usec/1000; /* Add the timestamp */ ADD_U_INT32(dptr, tm.tv_sec); ADD_U_INT32(dptr, timems); /* We need time in ms. */ return (t); } /* * token ID 1 byte * record byte count 4 bytes * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes * address type/length 4 bytes * machine address 4 bytes/16 bytes (IPv4/IPv6 address) * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) */ token_t * au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm, struct auditinfo_addr *aia) { token_t *t; u_char *dptr = NULL; u_int32_t timems; au_tid_addr_t *tid; tid = &aia->ai_termid; KASSERT(tid->at_type == AU_IPv4 || tid->at_type == AU_IPv6, ("au_to_header32_ex_tm: invalid address family")); GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * sizeof(u_int32_t) + tid->at_type); ADD_U_CHAR(dptr, AUT_HEADER32_EX); ADD_U_INT32(dptr, rec_size); ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); ADD_U_INT16(dptr, e_type); ADD_U_INT16(dptr, e_mod); ADD_U_INT32(dptr, tid->at_type); if (tid->at_type == AU_IPv6) ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); else ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); timems = tm.tv_usec/1000; /* Add the timestamp */ ADD_U_INT32(dptr, tm.tv_sec); ADD_U_INT32(dptr, timems); /* We need time in ms. */ return (t); } token_t * au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, struct timeval tm) { token_t *t; u_char *dptr = NULL; u_int32_t timems; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t)); ADD_U_CHAR(dptr, AUT_HEADER64); ADD_U_INT32(dptr, rec_size); ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); ADD_U_INT16(dptr, e_type); ADD_U_INT16(dptr, e_mod); timems = tm.tv_usec/1000; /* Add the timestamp */ ADD_U_INT64(dptr, tm.tv_sec); ADD_U_INT64(dptr, timems); /* We need time in ms. */ return (t); } #if !defined(KERNEL) && !defined(_KERNEL) #ifdef HAVE_AUDIT_SYSCALLS token_t * au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) { struct timeval tm; struct auditinfo_addr aia; if (gettimeofday(&tm, NULL) == -1) return (NULL); if (audit_get_kaudit(&aia, sizeof(aia)) != 0) { if (errno != ENOSYS) return (NULL); return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); } return (au_to_header32_ex_tm(rec_size, e_type, e_mod, tm, &aia)); } #endif /* HAVE_AUDIT_SYSCALLS */ token_t * au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) { struct timeval tm; if (gettimeofday(&tm, NULL) == -1) return (NULL); return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); } token_t * au_to_header64(__unused int rec_size, __unused au_event_t e_type, __unused au_emod_t e_mod) { struct timeval tm; if (gettimeofday(&tm, NULL) == -1) return (NULL); return (au_to_header64_tm(rec_size, e_type, e_mod, tm)); } token_t * au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) { return (au_to_header32(rec_size, e_type, e_mod)); } #ifdef HAVE_AUDIT_SYSCALLS token_t * au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) { return (au_to_header32_ex(rec_size, e_type, e_mod)); } #endif /* HAVE_AUDIT_SYSCALLS */ #endif /* !defined(KERNEL) && !defined(_KERNEL) */ /* * token ID 1 byte * trailer magic number 2 bytes * record byte count 4 bytes */ token_t * au_to_trailer(int rec_size) { token_t *t; u_char *dptr = NULL; u_int16_t magic = AUT_TRAILER_MAGIC; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_TRAILER); ADD_U_INT16(dptr, magic); ADD_U_INT32(dptr, rec_size); return (t); } Index: stable/10 =================================================================== --- stable/10 (revision 293162) +++ stable/10 (revision 293163) Property changes on: stable/10 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r292522