185  * The SMF audit event codes are defined in adt_event.h by symbols
244  * this, because configd is still going to generate an event.  A
265  * event.  Eventually, the request processing gets to the point where
271  * 	- the event ID which is one of the ADT_smf_* symbols from
275  * 	- the event data (see audit_event_data structure)
286  * adt_put_event() to generate the event.
293  * 	- gathering event information for each action in a
298  * 	- ADT_smf_annotation event
305  * that we can generate an event for each property action.  The
311  * generate an audit event for each property action.
320  * A special event is generated for these properties in addition to the
321  * regular property event described in the previous section.  The special
326  * generate_property_event() function that generates an event for
327  * every property action.  Before generating the event,
331  * event.
333  * ADT_smf_annotation event:
336  * This is a special event unlike any other.  It allows the svccfg
337  * program to store an annotation in the event log before a series
351  * generates the ADT_smf_annotation event.
440  * permcheck hash table to use in the audit event.  That is to say of all
442  * event.  It is desirable to use the most specific string in the audit
443  * event.
478  * Structure for holding audit event data.  Not all events use all members
492  * Pointer to function to do special processing to get audit event ID.
493  * Audit event IDs are defined in /usr/include/bsm/adt_event.h.  Function
514  * audit event to be generated when there is a change.
521 	au_event_t	api_event_id;	/* event id or 0. */
522 	spc_getid_fn_t	api_event_func; /* function to get event id. */
533  * name combinations that have specific meaning to startd.  A special event
535  * event.
1523 	 * the audit event.
2276  * This function implements a decision table to determine the event ID for
2277  * changes to the enabled (SCF_PROPERTY_ENABLED) property.  The event ID is
3401  * This function generates an annotation audit event if one has been setup.
3410 	adt_event_data_t *event = NULL;
3431 	if ((event = adt_alloc_event(session, ADT_smf_annotation)) == NULL) {
3432 		uu_warn("smf_annotation_event cannot allocate event "
3436 	event->adt_smf_annotation.operation = operation;
3437 	event->adt_smf_annotation.file = file;
3438 	if (adt_put_event(event, status, return_val) == 0) {
3441 		uu_warn("smf_annotation_event failed to put event.  "
3444 	adt_free_event(event);
3449  * an audit event structure.  It establishes an audit session and allocates
3450  * an audit event.  The event is filled in from the audit data, and
3451  * adt_put_event is called to generate the event.
3461 	adt_event_data_t *event = NULL;
3470 	if ((event = adt_alloc_event(session, event_id)) == NULL) {
3471 		uu_warn("_smf_audit_event cannot allocate event "
3498 	/* Fill in the event data. */
3501 		event->adt_smf_attach_snap.auth_used = auth_used;
3502 		event->adt_smf_attach_snap.old_fmri = data->ed_old_fmri;
3503 		event->adt_smf_attach_snap.old_name = data->ed_old_name;
3504 		event->adt_smf_attach_snap.new_fmri = fmri;
3505 		event->adt_smf_attach_snap.new_name = data->ed_snapname;
3508 		event->adt_smf_change_prop.auth_used = auth_used;
3509 		event->adt_smf_change_prop.fmri = fmri;
3510 		event->adt_smf_change_prop.type = data->ed_type;
3511 		event->adt_smf_change_prop.value = prop_value;
3514 		event->adt_smf_clear.auth_used = auth_used;
3515 		event->adt_smf_clear.fmri = fmri;
3518 		event->adt_smf_create.fmri = fmri;
3519 		event->adt_smf_create.auth_used = auth_used;
3522 		event->adt_smf_create_npg.auth_used = auth_used;
3523 		event->adt_smf_create_npg.fmri = fmri;
3524 		event->adt_smf_create_npg.type = data->ed_type;
3527 		event->adt_smf_create_pg.auth_used = auth_used;
3528 		event->adt_smf_create_pg.fmri = fmri;
3529 		event->adt_smf_create_pg.type = data->ed_type;
3532 		event->adt_smf_create_prop.auth_used = auth_used;
3533 		event->adt_smf_create_prop.fmri = fmri;
3534 		event->adt_smf_create_prop.type = data->ed_type;
3535 		event->adt_smf_create_prop.value = prop_value;
3538 		event->adt_smf_create_snap.auth_used = auth_used;
3539 		event->adt_smf_create_snap.fmri = fmri;
3540 		event->adt_smf_create_snap.name = data->ed_snapname;
3543 		event->adt_smf_degrade.auth_used = auth_used;
3544 		event->adt_smf_degrade.fmri = fmri;
3547 		event->adt_smf_delete.fmri = fmri;
3548 		event->adt_smf_delete.auth_used = auth_used;
3551 		event->adt_smf_delete_npg.auth_used = auth_used;
3552 		event->adt_smf_delete_npg.fmri = fmri;
3553 		event->adt_smf_delete_npg.type = data->ed_type;
3556 		event->adt_smf_delete_pg.auth_used = auth_used;
3557 		event->adt_smf_delete_pg.fmri = fmri;
3558 		event->adt_smf_delete_pg.type = data->ed_type;
3561 		event->adt_smf_delete_prop.auth_used = auth_used;
3562 		event->adt_smf_delete_prop.fmri = fmri;
3565 		event->adt_smf_delete_snap.auth_used = auth_used;
3566 		event->adt_smf_delete_snap.fmri = fmri;
3567 		event->adt_smf_delete_snap.name = data->ed_snapname;
3570 		event->adt_smf_disable.auth_used = auth_used;
3571 		event->adt_smf_disable.fmri = fmri;
3574 		event->adt_smf_enable.auth_used = auth_used;
3575 		event->adt_smf_enable.fmri = fmri;
3578 		event->adt_smf_immediate_degrade.auth_used = auth_used;
3579 		event->adt_smf_immediate_degrade.fmri = fmri;
3582 		event->adt_smf_immediate_maintenance.auth_used = auth_used;
3583 		event->adt_smf_immediate_maintenance.fmri = fmri;
3586 		event->adt_smf_immtmp_maintenance.auth_used = auth_used;
3587 		event->adt_smf_immtmp_maintenance.fmri = fmri;
3590 		event->adt_smf_maintenance.auth_used = auth_used;
3591 		event->adt_smf_maintenance.fmri = fmri;
3594 		event->adt_smf_milestone.auth_used = auth_used;
3595 		event->adt_smf_milestone.fmri = fmri;
3598 		event->adt_smf_read_prop.auth_used = auth_used;
3599 		event->adt_smf_read_prop.fmri = fmri;
3602 		event->adt_smf_refresh.auth_used = auth_used;
3603 		event->adt_smf_refresh.fmri = fmri;
3606 		event->adt_smf_restart.auth_used = auth_used;
3607 		event->adt_smf_restart.fmri = fmri;
3610 		event->adt_smf_tmp_disable.auth_used = auth_used;
3611 		event->adt_smf_tmp_disable.fmri = fmri;
3614 		event->adt_smf_tmp_enable.auth_used = auth_used;
3615 		event->adt_smf_tmp_enable.fmri = fmri;
3618 		event->adt_smf_tmp_maintenance.auth_used = auth_used;
3619 		event->adt_smf_tmp_maintenance.fmri = fmri;
3622 		abort();	/* Need to cover all SMF event IDs */
3625 	if (adt_put_event(event, status, return_val) != 0) {
3626 		uu_warn("_smf_audit_event failed to put event.  %s\n",
3629 	adt_free_event(event);
3635  * they are, a special audit event will be generated.
3657 	/* Get the event id */
3666 	/* Generate the event. */
3743  * and generates an audit event for each command.
3822 		/* Generate special property event if necessary. */
3835 		/* Determine the event type. */
3860 		/* Generate the event. */
3907 		 * We continue in this case, so that an audit event can be
5419 		 * audit event later in this function.
5427 		/* No need to produce audit event if client is gone. */
5872 		/* Generate a read_prop audit event. */
6796 		 * event.  Thus, we'll remember the failed authorization,
7117 				 * want to generate an audit event.
7492  * Wait for and report an event of interest to rnip, a notification client

Indexes created Tue Jul 24 14:28:13 CEST 2018