--- old/usr/src/cmd/auditrecord/audit_record_attr.txt Fri Oct 18 12:26:05 2019 +++ new/usr/src/cmd/auditrecord/audit_record_attr.txt Fri Oct 18 12:26:05 2019 @@ -3,6 +3,7 @@ # other comments are removed. ## ## Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. +## Copyright 2018 Nexenta Systems, Inc. All rights reserved. ## Copyright 2019 Joyent, Inc. ## ## CDDL HEADER START @@ -1485,6 +1486,14 @@ label=AUE_RMDIR format=path:[attr] +label=AUE_SACL + title=File Access Audit + syscall=none + see=none + format=head:path:arg1:[text]2:subj + comment="access_mask": + comment="Windows SID" + label=AUE_SEMCTL format=arg1:[ipc]:[ipc_perm] comment=1, semaphore ID, "sem ID" --- old/usr/src/cmd/auditreduce/auditrt.h Fri Oct 18 12:26:06 2019 +++ new/usr/src/cmd/auditreduce/auditrt.h Fri Oct 18 12:26:06 2019 @@ -21,6 +21,8 @@ /* * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * + * Copyright 2018 Nexenta Systems, Inc. All rights reserved. */ #ifndef _AUDITRT_H @@ -155,6 +157,7 @@ #define OBJ_SHMOWNER 0x10000 /* 'o' shared memory [c]owner */ #define OBJ_FMRI 0x20000 /* 'o' fmri object */ #define OBJ_USER 0x40000 /* 'o' user object */ +#define OBJ_WSID 0x80000 /* 'o' windows sid object */ #define SOCKFLG_MACHINE 0 /* search socket token by machine name */ #define SOCKFLG_PORT 1 /* search socket token by port number */ --- old/usr/src/cmd/praudit/toktable.h Fri Oct 18 12:26:06 2019 +++ new/usr/src/cmd/praudit/toktable.h Fri Oct 18 12:26:06 2019 @@ -21,6 +21,8 @@ /* * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * + * Copyright 2018 Nexenta Systems, Inc. All rights reserved. */ #ifndef _TOKTABLE_H @@ -156,6 +158,7 @@ TAG_ACETYPE, /* with ace token */ TAG_ACEID, /* with ace token */ TAG_USERNAME, /* with user token */ + TAG_WSID, /* with wsid token */ MAXTAG }; --- old/usr/src/lib/libbsm/audit_class.txt Fri Oct 18 12:26:06 2019 +++ new/usr/src/lib/libbsm/audit_class.txt Fri Oct 18 12:26:06 2019 @@ -2,6 +2,8 @@ # Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # +# Copyright 2018 Nexenta Systems, Inc. All rights reserved. +# # CDDL HEADER START # # The contents of this file are subject to the terms of the @@ -21,8 +23,6 @@ # # CDDL HEADER END # -# ident "%Z%%M% %I% %E% SMI" -# # User Level Class Masks # # Developers: If you change this file you must also edit audit.h. @@ -66,6 +66,7 @@ 0x00800000:xc:X - object create/destroy 0x01000000:xs:X - operations that always silently fail, if bad 0x01c00000:xx:X - all X events (meta-class) +0x02000000:sa:SACL-based File Access Auditing 0x20000000:io:ioctl 0x40000000:ex:exec 0x80000000:ot:other --- old/usr/src/lib/libbsm/audit_event.txt Fri Oct 18 12:26:06 2019 +++ new/usr/src/lib/libbsm/audit_event.txt Fri Oct 18 12:26:06 2019 @@ -1,5 +1,6 @@ # # Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright 2018 Nexenta Systems, Inc. All rights reserved. # # # CDDL HEADER START @@ -361,6 +362,7 @@ 310:AUE_AUDITON_GETAMASK:auditon(2) - get default user preselection mask:aa 311:AUE_AUDITON_SETAMASK:auditon(2) - set default user preselection mask:as 312:AUE_PSECFLAGS:psecflags(2) - set process security flags:pm +313:AUE_SACL:SACL-based File Access Auditing:sa # # user level audit events # 2048 - 6143 Reserved --- old/usr/src/uts/common/c2/audit_kevents.h Fri Oct 18 12:26:06 2019 +++ new/usr/src/uts/common/c2/audit_kevents.h Fri Oct 18 12:26:06 2019 @@ -20,6 +20,7 @@ */ /* * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2018 Nexenta Systems, Inc. All rights reserved. */ #ifndef _BSM_AUDIT_KEVENTS_H @@ -348,9 +349,10 @@ #define AUE_AUDITON_GETAMASK 310 /* =aa */ #define AUE_AUDITON_SETAMASK 311 /* =as */ #define AUE_PSECFLAGS 312 /* =pm psecflags */ +#define AUE_SACL 313 /* =sa SACL auditing (reserved) */ /* NOTE: update MAX_KEVENTS below if events are added. */ -#define MAX_KEVENTS 312 +#define MAX_KEVENTS 313 #ifdef __cplusplus } --- old/usr/src/uts/common/c2/audit_record.h Fri Oct 18 12:26:06 2019 +++ new/usr/src/uts/common/c2/audit_record.h Fri Oct 18 12:26:06 2019 @@ -21,6 +21,8 @@ /* * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * + * Copyright 2018 Nexenta Systems, Inc. All rights reserved. */ #ifndef _BSM_AUDIT_RECORD_H @@ -189,6 +191,12 @@ #define AUT_IN_ADDR_EX ((char)0x7e) #define AUT_SOCKET_EX ((char)0x7f) +/* + * Can't do >= 0x80 because these are chars. 0x16/0x17 seem to be free here, + * but who knows if they have historical uses + */ +#define AUT_ACCESS_MASK ((char)0x16) +#define AUT_WSID ((char)0x17) /* * Audit print suggestion types.