1<?xml version="1.0" standalone="yes"?> 2<!DOCTYPE specification SYSTEM "audit.dtd"> 3<!-- 4 CDDL HEADER START 5 6 The contents of this file are subject to the terms of the 7 Common Development and Distribution License (the "License"). 8 You may not use this file except in compliance with the License. 9 10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 11 or http://www.opensolaris.org/os/licensing. 12 See the License for the specific language governing permissions 13 and limitations under the License. 14 15 When distributing Covered Code, include this CDDL HEADER in each 16 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 17 If applicable, add the following below this CDDL HEADER, with the 18 fields enclosed by brackets "[]" replaced with your own identifying 19 information: Portions Copyright [yyyy] [name of copyright owner] 20 21 CDDL HEADER END 22 23Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24Use is subject to license terms. 25 26 ident "%Z%%M% %I% %E% SMI" 27--> 28 29<specification> 30 31<!-- comments are displayed to stderr if debug is on --> 32<debug set="off"/> 33 34 <!-- The order of events is arbitrary EXCEPT generic events must 35 precede their instances --> 36 <!-- The order of entries within an event determine the order 37 data is defined in the external API --> 38 <!-- The order of internal / external is arbitrary --> 39 40<!-- 41 tags: 42 The following top level tags are defined: 43 <event> <token> <msg_list> <debug> 44 45 event defines an audit record 46 - id is the record id from audit_uevents.h 47 - reorder="yes" or "no". (default is "no"). 48 if "yes" then the order of the tokens to be 49 output does not match the order of the data 50 input. (see order attribute of <entry>) 51 - header defines the header file to contain the external 52 definitions for this event type. The header file 53 name is adt_event_N.h, where N is the value supplied 54 header="0" is for "stable" events, > 0 for new ones. 55 with this attribute. (header="1"). 56 - idNo is the number associated with the external 57 name of this event. (For AUE_login, ADT_login is 58 the external name and idNo is the value for 59 ADT_login.) 60 - omit is by default 'no' (i.e., don't omit) and can be 61 'always' or 'JNI'. In the latter case, C interface 62 code is generated but neither Java nor JNI code is. 63 - included text is just a comment 64 Within an event block, the following tags are defined: 65 <entry>, <debug>, <altname>, <title>, <program>, <see> 66 67 altname defines the internal name of an audit record; if 68 omitted, the internal name is the same as the 69 external name. 70 71 title, these tags are used by bsmrecord build to create 72 program, audit_record_attr database from adt events. 73 see Following example demonstrates their semantics: 74 75 bsmrecord -p passwd 76 passwd <- <title> 77 program various See passwd(1) 78 ^- <program> ^- <see> 79 event ID 6163 AUE_passwd 80 class lo (0x00001000) 81 header 82 subject 83 [text] username... 84 ^- <comment> 85 return 86 87 entry defines the correspondence between the data 88 supplied by the caller and the token to be 89 output. 90 - id is the data name that shows up in the structures 91 of adt_event.h If it is a comma separated list, 92 it is the list of names of data to be associated 93 with one output token. (See <external>, below) 94 Within an entry block, the following tags are defined: 95 <internal>, <external>, <debug>, <comment> 96 97 internal defines the token to be generated. 98 - token is a name that must also be defined with 99 a <token> tag elsewhere in this file. (order is 100 not important). 101 - order="some number" determines the order of the 102 tokens to be output, starting with 1. The subject 103 token is normally order="1". The use is to insure 104 that the order of fields listed in adt_event.h does 105 not change when we arbitrarily change the order of 106 tokens. If the <event reorder="yes"> is not set, 107 order is ignored. 108 - format is a printf-like string that will be used 109 in to format the data supplied by the user. 110 111 external defines the data to be supplied for creating the 112 token defined via <internal> 113 - opt is one of four values: "required", "optional", 114 "obsolete", or "none". The first two values 115 indicate that this token's data must or may 116 be supplied by the user; the third value is 117 equivalent to "optional" but shows in the 118 comment that this field is no longer used; 119 the forth value indicates that this token 120 does not require any user-supplied data. If 121 data is required, then a token is always 122 output, while optional data is output only 123 if data is supplied. 124 - type describes the C data type to be associated 125 with the <entry id="dataName">. The following 126 data types are representative: 127 128 au_asid_t (uint32_t) 129 char 130 char * (blank is optional) 131 char ** (blank is optional) 132 uint_t, int, int32_t, uid_t, gid_t 133 uid_t *, gid_t * 134 long, ulong_t 135 m_label_t * 136 pid_t 137 priv_set_t * 138 uint16_t, unit32_t, uint64_t 139 uint32_t *, uint32_t[], uint64_t * 140 msg (not a C type, see below) 141 142 Below is what Tony said. Above seems to be 143 what is implemented 144 char 145 char * (blank is optional) 146 char ** (blank is optional) 147 int, uid_t, gid_t 148 int *, uid_t *, gid_t * 149 msg (not a C type, see below) 150 time_t 151 uint, uint * 152 153 The msg type refers to an enumerated type 154 that must be defined via a <msg> description 155 else where in this file. The syntax is 156 special. Example: <external opt="optional" 157 type="msg login_text"/> "login_text" is the 158 id of a <msg_list> descriptor given 159 elsewhere in this file. 160 161 If the <entry> id is a list, the type must also 162 be a comma-separated list, where the types are 163 in the same order as the id's. 164 If the type is an array, its length must be given 165 explicitly. 166 167 comment Used by bsmrecord build to generate audit_record_attr. 168 Comment is explanation note printed with token type. 169 See example above for other tags related to bsmrecord. 170 171 token Define allowed token names. 172 - id is the name of token; this name is used 173 as an <internal> id. 174 - usage is an optional value. At present, only 175 "TSOL" is defined; it means that this data is 176 to be used only in Trusted Solaris implementations. 177 178 msg_list Define a set of text strings. 179 - id is the name to be used for this group of text 180 strings in adt_event.h 181 - header is as defined for <event> 182 - start is a number where produced enum type begins; 183 ensure msg lists do not overlap 184 Within a msg_list block, <msg> and <debug> are defined. 185 The order of <msg> tags in a msg_list is reflected 186 directly in adt_event.h. Also add ADT_LIST_<<id>> to 187 enum adt_msg_list in adt_xlate.h. 188 189 msg Define one string. 190 - id is the name to be used in the enum describing 191 this set of strings. Convention: use upper case. 192 The content (text between <msg> and </msg>) is the 193 actual string. Extra white space, including line 194 feeds, is ignored. If empty, no output token 195 is generated unless the <external> opt attribute is 196 set to "required", in which case a blank text token 197 is generated. 198 Within a msg block, <debug> is defined, but has not been 199 tested and may have no effect. 200 201 debug This turns on/off debug messages during the processing 202 of the xml data. It affects the block within which it 203 is defined. 204 - set may have one of two values: "on" or "off". If 205 set is omitted, the debug state for the current block 206 is toggled. 207 The use of the <debug> tag does not affect the output 208 of data to the various files created, but does generate 209 potentially large amounts of output to stderr. 210 211--> 212<!-- template for an event record definition 213 214 <event id="" header="0" idNo=""> 215 <entry id="subject"> 216 <internal token="subject"/> 217 <external opt="none"/> 218 </entry> 219 <entry id=""> 220 <internal token=""/> 221 <external opt="" type="" /> 222 </entry> 223 <entry id="return"> 224 <internal token="return"/> 225 <external opt="none"/> 226 </entry> 227 </event> 228 229 Generic events must precede Instance events; within each 230 group, please group the AUE_* by area and event idNo-s in order, 231 gaps in idNo-s are OK. 232 N.B. Renumbering idNo-s requires recompilation of consumers. See 233 the contracts for whom to notify if/when this happens. 234--> 235 236<!-- generic events --> 237 238 <!-- 239 'omit="always"' means that this record type is not reflected 240 in the generated header and table files. 241 --> 242 243 <event id="AUE_generic_basic" type="generic" omit="always"> 244 <!-- 245 246 This is a template for the event types that have no tokens 247 other than the header and return. There is no allowed_type 248 list because the template is not externally visible due to the 249 omit="always". 250 251 --> 252 <entry id="subject"> 253 <internal token="subject"/> 254 <external opt="none"/> 255 </entry> 256 <entry id="return"> 257 <internal token="return"/> 258 <external opt="none"/> 259 </entry> 260 </event> 261 262 <event id="AUE_generic_login" type="generic" omit="always"> 263 <!-- 264 265 This is a template for the various login event types 266 AUE_login, AUE_ftp, etc which match this template. There is 267 no allowed_type list because the template is not externally 268 visible due to the omit="always". 269 270 --> 271 <entry id="subject"> 272 <internal token="subject"/> 273 <external opt="none"/> 274 </entry> 275 276 <!-- This field is still in use for SMC until it is cleaned up, 277 it must remain, see login_text msg list at the end of the 278 file. 279 --> 280 <entry id="message"> 281 <internal token="text"/> 282 <external opt="optional" type="msg login_text"/> 283 <comment>error message</comment> 284 </entry> 285 <entry id="return"> 286 <internal token="return"/> 287 <external opt="none"/> 288 </entry> 289 </event> 290 291<!-- generic SMC events --> 292 293 <event id="AUE_generic_SMC_add" type="generic" omit="always"> 294 <entry id="subject"> 295 <internal token="subject"/> 296 <external opt="none"/> 297 </entry> 298 <entry id="object_name"> 299 <internal token="text"/> 300 <external opt="required" type="char *"/> 301 <comment>object name</comment> 302 </entry> 303 <entry id="domain"> 304 <internal token="text"/> 305 <external opt="optional" type="char *"/> 306 <comment>domain</comment> 307 </entry> 308 <entry id="name_service"> 309 <internal token="text"/> 310 <external opt="required" type="char *"/> 311 <comment>name_service</comment> 312 </entry> 313 <entry id="auth_used"> 314 <internal token="uauth"/> 315 <external opt="optional" type="char *"/> 316 <comment>authorization used</comment> 317 </entry> 318 <!-- 319 This should really be its own token type, not "text" 320 --> 321 <entry id="initial_values"> 322 <internal token="text"/> 323 <external opt="required" type="char *"/> 324 <comment>initial values</comment> 325 </entry> 326 <entry id="return"> 327 <internal token="return"/> 328 <external opt="none"/> 329 </entry> 330 </event> 331 332 <event id="AUE_generic_SMC_delete" type="generic" omit="always"> 333 <entry id="subject"> 334 <internal token="subject"/> 335 <external opt="none"/> 336 </entry> 337 <entry id="object_name"> 338 <internal token="text"/> 339 <external opt="required" type="char *"/> 340 <comment>object name</comment> 341 </entry> 342 <entry id="domain"> 343 <internal token="text"/> 344 <external opt="optional" type="char *"/> 345 <comment>domain</comment> 346 </entry> 347 <entry id="name_service"> 348 <internal token="text"/> 349 <external opt="required" type="char *"/> 350 <comment>name_service</comment> 351 </entry> 352 <entry id="auth_used"> 353 <internal token="uauth"/> 354 <external opt="optional" type="char *"/> 355 <comment>authorization used</comment> 356 </entry> 357 <entry id="delete_values"> 358 <internal token="text"/> 359 <external opt="required" type="char *"/> 360 <comment>deleted values</comment> 361 </entry> 362 <entry id="return"> 363 <internal token="return"/> 364 <external opt="none"/> 365 </entry> 366 </event> 367 368 <event id="AUE_generic_SMC_modify" type="generic" omit="always"> 369 <entry id="subject"> 370 <internal token="subject"/> 371 <external opt="none"/> 372 </entry> 373 <entry id="object_name"> 374 <internal token="text"/> 375 <external opt="required" type="char *"/> 376 <comment>object name</comment> 377 </entry> 378 <entry id="domain"> 379 <internal token="text"/> 380 <external opt="optional" type="char *"/> 381 <comment>domain</comment> 382 </entry> 383 <entry id="name_service"> 384 <internal token="text"/> 385 <external opt="required" type="char *"/> 386 <comment>name_service</comment> 387 </entry> 388 <entry id="auth_used"> 389 <internal token="uauth"/> 390 <external opt="optional" type="char *"/> 391 <comment>authorization used</comment> 392 </entry> 393 <entry id="changed_values"> 394 <internal token="text"/> 395 <external opt="required" type="char *"/> 396 <comment>changed values</comment> 397 </entry> 398 <entry id="return"> 399 <internal token="return"/> 400 <external opt="none"/> 401 </entry> 402 </event> 403 404<!-- instances --> 405 406<!-- 407 Java needed for SMC events. Since the SMC events grow less 408 often than the C related events. They come first. It 409 would be nice to reorder the idNo-s, but that's an ABI 410 change and should rev libbsm version no. If reordered 411 start with 1 and eliminate the comment at the end about 412 the highest idNo. 413--> 414 <event id="AUE_admin_authenticate" instance_of="AUE_generic_login" 415 header="0" idNo="3"> 416 <title>Admin Server Authentication</title> 417 <program>admin (various)</program> 418 <see>SMC, WBEM, or AdminSuite</see> 419 </event> 420 421 <event id="AUE_filesystem_add" instance_of="AUE_generic_SMC_add" 422 header="0" idNo="4"> 423 <title>SMC: filesystem add</title> 424 <program>SMC server</program> 425 </event> 426 <event id="AUE_filesystem_delete" instance_of="AUE_generic_SMC_delete" 427 header="0" idNo="5"> 428 <title>SMC: filesystem delete</title> 429 <program>SMC server</program> 430 </event> 431 <event id="AUE_filesystem_modify" instance_of="AUE_generic_SMC_modify" 432 header="0" idNo="6"> 433 <title>SMC: filesystem modify</title> 434 <program>SMC server</program> 435 </event> 436 437 <event id="AUE_network_add" instance_of="AUE_generic_SMC_add" 438 header="0" idNo="7"> 439 <title>SMC: network add</title> 440 <program>SMC server</program> 441 </event> 442 <event id="AUE_network_delete" instance_of="AUE_generic_SMC_delete" 443 header="0" idNo="8"> 444 <title>SMC: network delete</title> 445 <program>SMC server</program> 446 </event> 447 <event id="AUE_network_modify" instance_of="AUE_generic_SMC_modify" 448 header="0" idNo="9"> 449 <title>SMC: network modify</title> 450 <program>SMC server</program> 451 </event> 452 453 <event id="AUE_printer_add" instance_of="AUE_generic_SMC_add" 454 header="0" idNo="10"> 455 <title>SMC: printer add</title> 456 <program>SMC server</program> 457 </event> 458 <event id="AUE_printer_delete" instance_of="AUE_generic_SMC_delete" 459 header="0" idNo="11"> 460 <title>SMC: printer delete</title> 461 <program>SMC server</program> 462 </event> 463 <event id="AUE_printer_modify" instance_of="AUE_generic_SMC_modify" 464 header="0" idNo="12"> 465 <title>SMC: printer modify</title> 466 <program>SMC server</program> 467 </event> 468 469<!-- 470 This is SMC; it's also used in su and should probably be used in 471 desktop role login. If we fix the SMC to not record NO_MSG here, 472 we can fix to record failed user. See su.c and AUE_su. 473--> 474 <event id="AUE_role_login" instance_of="AUE_generic_login" 475 header="0" idNo="13"> 476 <title>RBAC: role login</title> 477 <program>SMC server</program> 478 <program>/usr/bin/su</program> 479 </event> 480 481 <event id="AUE_scheduledjob_add" instance_of="AUE_generic_SMC_add" 482 header="0" idNo="14"> 483 <title>SMC: scheduled job add</title> 484 <program>SMC server</program> 485 </event> 486 <event id="AUE_scheduledjob_delete" instance_of="AUE_generic_SMC_delete" 487 header="0" idNo="15"> 488 <title>SMC: scheduled job delete</title> 489 <program>SMC server</program> 490 </event> 491 <event id="AUE_scheduledjob_modify" instance_of="AUE_generic_SMC_modify" 492 header="0" idNo="16"> 493 <title>SMC: scheduled job modify</title> 494 <program>SMC server</program> 495 </event> 496 497 <event id="AUE_serialport_add" instance_of="AUE_generic_SMC_add" 498 header="0" idNo="17"> 499 <title>SMC: serial port add</title> 500 <program>SMC server</program> 501 </event> 502 <event id="AUE_serialport_delete" instance_of="AUE_generic_SMC_delete" 503 header="0" idNo="18"> 504 <title>SMC: serial port delete</title> 505 <program>SMC server</program> 506 </event> 507 <event id="AUE_serialport_modify" instance_of="AUE_generic_SMC_modify" 508 header="0" idNo="19"> 509 <title>SMC: serial port modify</title> 510 <program>SMC server</program> 511 </event> 512 513<!-- This is SMC; should this also be used elsewhere? --> 514 <event id="AUE_uauth" header="0" idNo="20"> 515 <title>SMC: Use of Authorization</title> 516 <program>SMC server</program> 517 <entry id="subject"> 518 <internal token="subject"/> 519 <external opt="none"/> 520 </entry> 521 <entry id="auth_used"> 522 <internal token="uauth"/> 523 <external opt="required" type="char *"/> 524 <comment>authorization used</comment> 525 </entry> 526 <entry id="objectname"> 527 <internal token="text"/> 528 <external opt="required" type="char *"/> 529 <comment>object name</comment> 530 </entry> 531 <entry id="return"> 532 <internal token="return"/> 533 <external opt="none"/> 534 </entry> 535 </event> 536 537 <event id="AUE_usermgr_add" instance_of="AUE_generic_SMC_add" 538 header="0" idNo="21"> 539 <title>SMC: User Manager add</title> 540 <program>SMC server</program> 541 </event> 542 <event id="AUE_usermgr_delete" instance_of="AUE_generic_SMC_delete" 543 header="0" idNo="22"> 544 <title>SMC: User Manager delete</title> 545 <program>SMC server</program> 546 </event> 547 <event id="AUE_usermgr_modify" instance_of="AUE_generic_SMC_modify" 548 header="0" idNo="23"> 549 <title>SMC: User Manager modify</title> 550 <program>SMC server</program> 551 </event> 552<!-- end of Java needed for SMC events --> 553<!-- 554 while not used by SMC logout is used by Lockhart 555--> 556 <event id="AUE_logout" header="0" idNo="1"> 557 <title>login: logout</title> 558 <program>various</program> 559 <see>login(1)</see> 560 <entry id="subject"> 561 <internal token="subject"/> 562 <external opt="none"/> 563 </entry> 564<!-- 565 not used by C code, used by Lockhart, 566 get them to change and remove 567 event.user_name("logout " + session.getUserName()); 568 from /ws/lockhart-nv-gate/src/bundled/app/webmgt/lib/services/ 569 com/sun/management/services/audit/SolarisAuditEvent_Logout.java 570--> 571 <entry id="user_name"> 572 <internal token="text" format="logout %s"/> 573 <external opt="optional" type="char *"/> 574 <comment>"logout" username</comment> 575 </entry> 576 <entry id="return"> 577 <internal token="return"/> 578 <external opt="none"/> 579 </entry> 580 </event> 581 582 583<!-- C Only events --> 584 <event id="AUE_init_solaris" header="0" idNo="32" omit="JNI"> 585 <title>init</title> 586 <program>/sbin/init</program> 587 <program>/usr/sbin/init</program> 588 <program>/usr/sbin/shutdown</program> 589 <entry id="subject"> 590 <internal token="subject"/> 591 <external opt="none"/> 592 </entry> 593 <entry id="info"> 594 <internal token="text"/> 595 <external opt="optional" type="char *"/> 596 <comment>init level or zone name</comment> 597 </entry> 598 <entry id="return"> 599 <internal token="return"/> 600 <external opt="none"/> 601 </entry> 602 </event> 603 604 <event id="AUE_login" instance_of="AUE_generic_login" header="0" 605 idNo="25" omit="JNI"> 606 <title>terminal login</title> 607 <program>/usr/sbin/login</program> 608 <program>/usr/dt/bin/dtlogin</program> 609 <see>login(1)</see> 610 <see>dtlogin</see> 611 </event> 612 <event id="AUE_rlogin" instance_of="AUE_generic_login" header="0" 613 idNo="28" omit="JNI"> 614 <title>rlogin</title> 615 <program>/usr/sbin/login</program> 616 <see>login(1) - rlogin</see> 617 </event> 618 <event id="AUE_telnet" instance_of="AUE_generic_login" header="0" 619 idNo="29" omit="JNI"> 620 <title>telnet login</title> 621 <program>/usr/sbin/login</program> 622 <see>login(1) - telnet</see> 623 </event> 624 <event id="AUE_ssh" instance_of="AUE_generic_login" header="0" 625 idNo="2" omit="JNI"> 626 <program>/usr/lib/ssh/sshd</program> 627 </event> 628 629 <event id="AUE_zlogin" header="0" idNo="38" omit="JNI"> 630 <title>zone login</title> 631 <program>/usr/sbin/login</program> 632 <see>zlogin(1)</see> 633 <entry id="subject"> 634 <internal token="subject"/> 635 <external opt="none"/> 636 </entry> 637 <entry id="message"> 638 <internal token="text"/> 639 <external opt="optional" type="char *"/> 640 <comment>error message</comment> 641 </entry> 642 <entry id="return"> 643 <internal token="return"/> 644 <external opt="none"/> 645 </entry> 646 </event> 647 648 <event id="AUE_su" header="0" idNo="30" omit="JNI"> 649 <title>su</title> 650 <program>/usr/bin/su</program> 651 <see>su(1M)</see> 652 <entry id="subject"> 653 <internal token="subject"/> 654 <external opt="none"/> 655 </entry> 656<!-- 657 should be changed to "fail_user" and su.c updated 658 However, the jni stuff is broken, so for now it's "message" 659--> 660 <entry id="message"> 661 <internal token="text"/> 662 <external opt="optional" type="char *"/> 663 <comment>"user name" of failed new user/role</comment> 664 </entry> 665 <entry id="return"> 666 <internal token="return"/> 667 <external opt="none"/> 668 </entry> 669 </event> 670 671 <event id="AUE_passwd" header="0" idNo="27" omit="JNI"> 672 <title>passwd</title> 673 <program>various</program> 674 <see>passwd(1)</see> 675 <entry id="subject"> 676 <internal token="subject"/> 677 <external opt="none"/> 678 </entry> 679 <entry id="username"> 680 <internal token="text"/> 681 <external opt="optional" type="char *"/> 682 <comment>username if different than caller</comment> 683 </entry> 684 <entry id="return"> 685 <internal token="return"/> 686 <external opt="none"/> 687 </entry> 688 </event> 689 690 <event id="AUE_screenlock" instance_of="AUE_generic_basic" header="0" 691 idNo="26" omit="JNI"> 692 <program>desktop screen lock</program> 693 </event> 694 <event id="AUE_screenunlock" instance_of="AUE_generic_basic" header="0" 695 idNo="31" omit="JNI"> 696 <program>desktop screen unlock</program> 697 </event> 698 699 <!-- 700 AUE_prof_cmd is not supportable for Java due to the structure of 701 the priv token. When and if a Java program needs to generate 702 a priv token, we'll need to look at the data format in the 703 Java code and provide an appropriate java and jni implementation. 704 --> 705 706 <event id="AUE_prof_cmd" header="0" idNo="24" omit="JNI"> 707 <title>pfexec</title> 708 <program>/usr/bin/pfexec</program> 709 <see>pfexec(1)</see> 710 <entry id="subject"> 711 <internal token="subject"/> 712 <external opt="none"/> 713 </entry> 714 <entry id="cwdpath"> 715 <internal token="path"/> 716 <external opt="required" type="char*"/> 717 <comment>working directory</comment> 718 </entry> 719 <entry id="cmdpath"> 720 <internal token="path"/> 721 <external opt="required" type="char*"/> 722 <comment>command pathname</comment> 723 </entry> 724 <entry id="argc,argv,envp"> 725 <internal token="command"/> 726 <external opt="required" type="int,char**,char**"/> 727 </entry> 728 <entry id="proc_auid,proc_euid,proc_egid,proc_ruid,proc_rgid,proc_pid,proc_sid,proc_termid"> 729 <internal token="process"/> 730 <external opt="required" 731 type="uid_t,uid_t,gid_t,uid_t,gid_t,pid_t,au_asid_t,termid*"/> 732 </entry> 733 <entry id="limit_set"> 734 <internal token="priv_limit"/> 735 <external opt="optional" type="priv_set_t*"/> 736 </entry> 737 <entry id="inherit_set"> 738 <internal token="priv_inherit"/> 739 <external opt="optional" type="priv_set_t*"/> 740 </entry> 741 <entry id="return"> 742 <internal token="return"/> 743 <external opt="none"/> 744 </entry> 745 </event> 746 747 <event id="AUE_inetd_connect" header="0" idNo="34" omit="JNI"> 748 <title>inetd</title> 749 <program>/usr/sbin/inetd</program> 750 <entry id="subject"> 751 <internal token="subject"/> 752 <external opt="none"/> 753 </entry> 754 <entry id="service_name"> 755 <internal token="text"/> 756 <external opt="optional" type="char *"/> 757 <comment>service name</comment> 758 </entry> 759 <entry id="ip_type,ip_remote_port,ip_local_port,ip_adr"> 760 <internal token="tid"/> 761 <external opt="required" 762 type="uint32_t,uint16_t,uint16_t,uint32_t[4]"/> 763 <comment>client address</comment> 764 </entry> 765 <entry id="cmd"> 766 <internal token="command_1"/> 767 <external opt="required" type="char *"/> 768 <comment>inetd command</comment> 769 </entry> 770 <entry id="privileges"> 771 <internal token="priv_effective"/> 772 <external opt="required" type="priv_set_t *"/> 773 </entry> 774 <entry id="return"> 775 <internal token="return"/> 776 <external opt="none"/> 777 </entry> 778 </event> 779 780 <event id="AUE_inetd_ratelimit" header="0" idNo="35" omit="JNI"> 781 <title>inetd</title> 782 <program>/usr/sbin/inetd</program> 783 <entry id="subject"> 784 <internal token="subject"/> 785 <external opt="none"/> 786 </entry> 787 <entry id="service_name"> 788 <internal token="text"/> 789 <external opt="optional" type="char *"/> 790 <comment>service name</comment> 791 </entry> 792 <entry id="limit"> 793 <internal token="text"/> 794 <external opt="required" type="char *"/> 795 <comment>limit value</comment> 796 </entry> 797 <entry id="return"> 798 <internal token="return"/> 799 <external opt="none"/> 800 </entry> 801 </event> 802 803 <event id="AUE_inetd_copylimit" header="0" idNo="36" omit="JNI"> 804 <title>inetd</title> 805 <program>/usr/sbin/inetd</program> 806 <entry id="subject"> 807 <internal token="subject"/> 808 <external opt="none"/> 809 </entry> 810 <entry id="service_name"> 811 <internal token="text"/> 812 <external opt="optional" type="char *"/> 813 <comment>service name</comment> 814 </entry> 815 <entry id="limit"> 816 <internal token="text"/> 817 <external opt="required" type="char *"/> 818 <comment>limit value</comment> 819 </entry> 820 <entry id="return"> 821 <internal token="return"/> 822 <external opt="none"/> 823 </entry> 824 </event> 825 826 <event id="AUE_inetd_failrate" header="0" idNo="37" omit="JNI"> 827 <title>inetd</title> 828 <program>/usr/sbin/inetd</program> 829 <entry id="subject"> 830 <internal token="subject"/> 831 <external opt="none"/> 832 </entry> 833 <entry id="service_name"> 834 <internal token="text"/> 835 <external opt="optional" type="char *"/> 836 <comment>service name</comment> 837 </entry> 838 <entry id="values"> 839 <internal token="text"/> 840 <external opt="required" type="char *"/> 841 <comment>limit value, interval</comment> 842 </entry> 843 <entry id="return"> 844 <internal token="return"/> 845 <external opt="none"/> 846 </entry> 847 </event> 848 849 <event id="AUE_zone_state" header="0" idNo="33" omit="JNI"> 850 <entry id="subject"> 851 <internal token="subject"/> 852 <external opt="none"/> 853 </entry> 854 <entry id="new_state"> 855 <internal token="text"/> 856 <external opt="required" type="char *"/> 857 <comment>New zone state</comment> 858 </entry> 859 <entry id="zonename"> 860 <internal token="zonename"/> 861 <external opt="required" type="char *"/> 862 <comment>zone name</comment> 863 </entry> 864 <entry id="return"> 865 <internal token="return"/> 866 <external opt="none"/> 867 </entry> 868 </event> 869 870 <event id="AUE_su_logout" instance_of="AUE_generic_basic" 871 header="0" idNo="39" omit="JNI"> 872 <title>su</title> 873 <program>/usr/bin/su</program> 874 <see>su(1M)</see> 875 </event> 876 877 <event id="AUE_role_logout" instance_of="AUE_generic_basic" 878 header="0" idNo="40" omit="JNI"> 879 <title>su</title> 880 <program>/usr/bin/su</program> 881 <see>su(1M)</see> 882 </event> 883 884 <event id="AUE_newgrp_login" header="0" idNo="41" omit="JNI"> 885 <program>newgrp</program> 886 <entry id="subject"> 887 <internal token="subject"/> 888 <external opt="none"/> 889 </entry> 890 <entry id="groupname"> 891 <internal token="text"/> 892 <external opt="required" type="char *"/> 893 <comment>group name</comment> 894 </entry> 895 <entry id="return"> 896 <internal token="return"/> 897 <external opt="none"/> 898 </entry> 899 </event> 900 901 <event id="AUE_generic_mountable" type="generic" omit="always"> 902 <!-- 903 904 User device mounting related functions 905 906 --> 907 <entry id="subject"> 908 <internal token="subject"/> 909 <external opt="none"/> 910 </entry> 911 <entry id="auth_used"> 912 <internal token="uauth"/> 913 <external opt="required" type="char *"/> 914 <comment>authorization used</comment> 915 </entry> 916 <entry id="mount_point"> 917 <internal token="path"/> 918 <external opt="required" type="char *"/> 919 <comment>mount point</comment> 920 </entry> 921 <entry id="device"> 922 <internal token="path"/> 923 <external opt="required" type="char *"/> 924 <comment>device</comment> 925 </entry> 926 <entry id="options"> 927 <internal token="text"/> 928 <external opt="optional" type="char *"/> 929 <comment>options</comment> 930 </entry> 931 <entry id="return"> 932 <internal token="return"/> 933 <external opt="none"/> 934 </entry> 935 </event> 936 937 <event id="AUE_attach" instance_of="AUE_generic_mountable" 938 header="0" idNo="42" omit="JNI"> 939 <program>hald</program> 940 </event> 941 <event id="AUE_detach" instance_of="AUE_generic_mountable" 942 header="0" idNo="43" omit="JNI"> 943 <program>hald</program> 944 </event> 945 <event id="AUE_remove" header="0" idNo="44" omit="JNI"> 946 <program>hald</program> 947 <entry id="subject"> 948 <internal token="subject"/> 949 <external opt="none"/> 950 </entry> 951 <entry id="auth_used"> 952 <internal token="uauth"/> 953 <external opt="required" type="char *"/> 954 <comment>authorization used</comment> 955 </entry> 956 <entry id="mount_point"> 957 <internal token="path"/> 958 <external opt="optional" type="char *"/> 959 <comment>mount point</comment> 960 </entry> 961 <entry id="device"> 962 <internal token="path"/> 963 <external opt="required" type="char *"/> 964 <comment>device</comment> 965 </entry> 966 <entry id="return"> 967 <internal token="return"/> 968 <external opt="none"/> 969 </entry> 970 </event> 971 972 <event id="AUE_pool_import" header="0" idNo="45" omit="JNI"> 973 <program>hald</program> 974 <entry id="subject"> 975 <internal token="subject"/> 976 <external opt="none"/> 977 </entry> 978 <entry id="auth_used"> 979 <internal token="uauth"/> 980 <external opt="required" type="char *"/> 981 <comment>authorization used</comment> 982 </entry> 983 <entry id="pool"> 984 <internal token="text"/> 985 <external opt="required" type="char *"/> 986 <comment>pool</comment> 987 </entry> 988 <entry id="device"> 989 <internal token="path"/> 990 <external opt="required" type="char *"/> 991 <comment>device</comment> 992 </entry> 993 <entry id="return"> 994 <internal token="return"/> 995 <external opt="none"/> 996 </entry> 997 </event> 998 <event id="AUE_pool_export" header="0" idNo="46" omit="JNI"> 999 <program>hald</program> 1000 <entry id="subject"> 1001 <internal token="subject"/> 1002 <external opt="none"/> 1003 </entry> 1004 <entry id="auth_used"> 1005 <internal token="uauth"/> 1006 <external opt="required" type="char *"/> 1007 <comment>authorization used</comment> 1008 </entry> 1009 <entry id="pool"> 1010 <internal token="text"/> 1011 <external opt="required" type="char *"/> 1012 <comment>pool</comment> 1013 </entry> 1014 <entry id="device"> 1015 <internal token="path"/> 1016 <external opt="required" type="char *"/> 1017 <comment>device</comment> 1018 </entry> 1019 <entry id="return"> 1020 <internal token="return"/> 1021 <external opt="none"/> 1022 </entry> 1023 </event> 1024 1025<!-- dladm security objected events --> 1026 <event id="AUE_dladm_generic" type="generic" omit="always"> 1027 <entry id="subject"> 1028 <internal token="subject"/> 1029 <external opt="none"/> 1030 </entry> 1031 <entry id="auth_used"> 1032 <internal token="uauth"/> 1033 <external opt="required" type="char *"/> 1034 <comment>authorization used</comment> 1035 </entry> 1036 <entry id="obj_class"> 1037 <internal token="text"/> 1038 <external opt="required" type="char *"/> 1039 <comment>object class name</comment> 1040 </entry> 1041 <entry id="obj_name"> 1042 <internal token="text"/> 1043 <external opt="required" type="char *"/> 1044 <comment>object name</comment> 1045 </entry> 1046 <entry id="return"> 1047 <internal token="return"/> 1048 <external opt="none"/> 1049 </entry> 1050 </event> 1051 1052 <event id="AUE_dladm_create_secobj" instance_of="AUE_dladm_generic" 1053 header="0" idNo="47" omit="JNI"> 1054 <title>create wifi security object</title> 1055 <program>/usr/sbin/dladm</program> 1056 <see>dladm(1M)</see> 1057 </event> 1058 <event id="AUE_dladm_delete_secobj" instance_of="AUE_dladm_generic" 1059 header="0" idNo="48" omit="JNI"> 1060 <title>delete wifi security object</title> 1061 <program>/usr/sbin/dladm</program> 1062 <see>dladm(1M)</see> 1063 </event> 1064 1065<!-- Trusted eXtensions (TX) events --> 1066 1067 <!-- labeld events --> 1068 <event id="AUE_file_relabel" header="0" idNo="49" omit="JNI"> 1069 <title>relabel file from one zone to another</title> 1070 <program>setlabel(1)</program> 1071 <see>setflabel(3TSOL)</see> 1072 <entry id="subject"> 1073 <internal token="subject"/> 1074 <external opt="none"/> 1075 </entry> 1076 <entry id="auth_used"> 1077 <internal token="uauth"/> 1078 <external opt="required" type="char *"/> 1079 <comment>authorization used</comment> 1080 </entry> 1081 <entry id="file"> 1082 <internal token="path"/> 1083 <external opt="required" type="char *"/> 1084 <comment>file relabeled</comment> 1085 </entry> 1086 <entry id="src_label"> 1087 <internal token="label"/> 1088 <external opt="required" type="m_label_t *"/> 1089 <comment>original label</comment> 1090 </entry> 1091 <entry id="dst_label"> 1092 <internal token="label"/> 1093 <external opt="required" type="m_label_t *"/> 1094 <comment>new label</comment> 1095 </entry> 1096 <entry id="return"> 1097 <internal token="return"/> 1098 <external opt="none"/> 1099 </entry> 1100 </event> 1101 1102 <event id="AUE_file_copy" header="0" idNo="50" omit="JNI"> 1103 <title>copy file to another zone</title> 1104 <program>dtfile(1X)</program> 1105 <entry id="subject"> 1106 <internal token="subject"/> 1107 <external opt="none"/> 1108 </entry> 1109 <entry id="auth_used"> 1110 <internal token="uauth"/> 1111 <external opt="required" type="char *"/> 1112 <comment>authorization used</comment> 1113 </entry> 1114 <entry id="src_file"> 1115 <internal token="path"/> 1116 <external opt="required" type="char *"/> 1117 <comment>source file</comment> 1118 </entry> 1119 <entry id="src_label"> 1120 <internal token="label"/> 1121 <external opt="required" type="m_label_t *"/> 1122 <comment>source label</comment> 1123 </entry> 1124 <entry id="dst_file"> 1125 <internal token="path"/> 1126 <external opt="required" type="char *"/> 1127 <comment>destination directory</comment> 1128 </entry> 1129 <entry id="dst_label"> 1130 <internal token="label"/> 1131 <external opt="required" type="m_label_t *"/> 1132 <comment>destination label</comment> 1133 </entry> 1134 <entry id="return"> 1135 <internal token="return"/> 1136 <external opt="none"/> 1137 </entry> 1138 </event> 1139 1140 <!-- uadmin(1m) events --> 1141 <event id="AUE_uadmin_generic" type="generic" omit="always"> 1142 <entry id="subject"> 1143 <internal token="subject"/> 1144 <external opt="none"/> 1145 </entry> 1146 <entry id="fcn"> 1147 <internal token="text"/> 1148 <external opt="required" type="msg uadmin_fcn"/> 1149 <comment>next action</comment> 1150 </entry> 1151 <entry id="mdep"> 1152 <internal token="text"/> 1153 <external opt="optional" type="char *"/> 1154 <comment>machine dependent argument</comment> 1155 </entry> 1156 <entry id="return"> 1157 <internal token="return"/> 1158 <external opt="none"/> 1159 </entry> 1160 </event> 1161 <event id="AUE_uadmin_generic_fcn" type="generic" omit="always"> 1162 <entry id="subject"> 1163 <internal token="subject"/> 1164 <external opt="none"/> 1165 </entry> 1166 <entry id="fcn"> 1167 <internal token="text"/> 1168 <external opt="required" type="msg uadmin_fcn"/> 1169 <comment>next action</comment> 1170 </entry> 1171 <entry id="return"> 1172 <internal token="return"/> 1173 <external opt="none"/> 1174 </entry> 1175 </event> 1176 <event id="AUE_uadmin_shutdown" instance_of="AUE_uadmin_generic" 1177 header="0" idNo="51" omit="JNI"> 1178 <title>uadmin shutdown</title> 1179 <program>/sbin/uadmin</program> 1180 <program>/usr/sbin/uadmin</program> 1181 <see>uadmin(1M)</see> 1182 </event> 1183 <event id="AUE_uadmin_reboot" instance_of="AUE_uadmin_generic" 1184 header="0" idNo="52" omit="JNI"> 1185 <title>uadmin reboot</title> 1186 <program>/sbin/uadmin</program> 1187 <program>/usr/sbin/uadmin</program> 1188 <see>uadmin(1M)</see> 1189 </event> 1190 <event id="AUE_uadmin_dump" instance_of="AUE_uadmin_generic" 1191 header="0" idNo="53" omit="JNI"> 1192 <title>uadmin dump</title> 1193 <program>/sbin/uadmin</program> 1194 <program>/usr/sbin/uadmin</program> 1195 <see>uadmin(1M)</see> 1196 </event> 1197 <event id="AUE_uadmin_freeze" instance_of="AUE_uadmin_generic" 1198 header="0" idNo="54" omit="JNI"> 1199 <title>uadmin freeze</title> 1200 <program>/sbin/uadmin</program> 1201 <program>/usr/sbin/uadmin</program> 1202 <see>uadmin(1M)</see> 1203 </event> 1204 <event id="AUE_uadmin_remount" header="0" idNo="55" omit="JNI"> 1205 <title>uadmin remount</title> 1206 <program>/sbin/uadmin</program> 1207 <program>/usr/sbin/uadmin</program> 1208 <see>uadmin(1M)</see> 1209 <entry id="subject"> 1210 <internal token="subject"/> 1211 <external opt="none"/> 1212 </entry> 1213 <entry id="return"> 1214 <internal token="return"/> 1215 <external opt="none"/> 1216 </entry> 1217 </event> 1218 <!-- uadmin ftrace and swapctl are not documented in uadmin(2) --> 1219 <event id="AUE_uadmin_ftrace" instance_of="AUE_uadmin_generic_fcn" 1220 header="0" idNo="56" omit="JNI"> 1221 <title>uadmin ftrace</title> 1222 <program>/sbin/uadmin</program> 1223 <program>/usr/sbin/uadmin</program> 1224 <see>uadmin(1M)</see> 1225 </event> 1226 <event id="AUE_uadmin_swapctl" instance_of="AUE_uadmin_generic_fcn" 1227 header="0" idNo="57" omit="JNI"> 1228 <title>uadmin swapctl</title> 1229 <program>/sbin/uadmin</program> 1230 <program>/usr/sbin/uadmin</program> 1231 <see>uadmin(1M)</see> 1232 </event> 1233 1234<!-- smbd service event; smbd session setup --> 1235 <event id="AUE_smbd_session" header="0" idNo="58" omit="JNI"> 1236 <title>smbd</title> 1237 <program>/usr/lib/smbsrv/smbd</program> 1238 <entry id="subject"> 1239 <internal token="subject"/> 1240 <external opt="none"/> 1241 </entry> 1242 <entry id="domain"> 1243 <internal token="text"/> 1244 <external opt="required" type="char*"/> 1245 <comment>domain</comment> 1246 </entry> 1247 <entry id="username"> 1248 <internal token="text"/> 1249 <external opt="required" type="char*"/> 1250 <comment>username</comment> 1251 </entry> 1252 <entry id="sid"> 1253 <internal token="text"/> 1254 <external opt="optional" type="char*"/> 1255 <comment>sid</comment> 1256 </entry> 1257 <entry id="return"> 1258 <internal token="return"/> 1259 <external opt="none"/> 1260 </entry> 1261 </event> 1262 1263<!-- smbd service event; smbd session logoff --> 1264 <event id="AUE_smbd_logoff" header="0" idNo="59" omit="JNI"> 1265 <title>smbd</title> 1266 <program>/usr/lib/smbsrv/smbd</program> 1267 <entry id="subject"> 1268 <internal token="subject"/> 1269 <external opt="none"/> 1270 </entry> 1271 <entry id="domain"> 1272 <internal token="text"/> 1273 <external opt="required" type="char*"/> 1274 <comment>domain</comment> 1275 </entry> 1276 <entry id="username"> 1277 <internal token="text"/> 1278 <external opt="required" type="char*"/> 1279 <comment>username</comment> 1280 </entry> 1281 <entry id="return"> 1282 <internal token="return"/> 1283 <external opt="none"/> 1284 </entry> 1285 </event> 1286 1287<!-- vscan service event; infected file detected --> 1288 <event id="AUE_vscan_quarantine" header="0" idNo="60" omit="JNI"> 1289 <title>VSCAN: quarantine infected file</title> 1290 <program>/usr/lib/vscan/vscand</program> 1291 <see>vscand(1M), ICAP RFC 3507 (Extensions)</see> 1292 <entry id="subject"> 1293 <internal token="subject"/> 1294 <external opt="none"/> 1295 </entry> 1296 <entry id="file"> 1297 <internal token="path"/> 1298 <external opt="required" type="char*"/> 1299 <comment>infected file</comment> 1300 </entry> 1301 <entry id="violations,nviolations"> 1302 <internal token="text"/> 1303 <external opt="optional" type="char**,int"/> 1304 <comment>ID - threat description</comment> 1305 </entry> 1306 <entry id="return"> 1307 <internal token="return"/> 1308 <external opt="none"/> 1309 </entry> 1310 </event> 1311 1312 1313<!-- add new events here with the next higher idNo --> 1314<!-- Highest idNo is 60, so next is 61, then fix this comment --> 1315<!-- end of C Only events --> 1316 1317 1318<!-- 1319 token definitions are partially implemented. All they do for now 1320 is create a list of defined token names. In the future they may 1321 become a way of describing token structure. 1322--> 1323 1324 <token id="acl"> 1325 </token> 1326 <token id="arbitrary"> 1327 </token> 1328 <token id="arg"> 1329 </token> 1330 <token id="attr"> 1331 </token> 1332 <token id="command"> 1333 </token> 1334 <token id="command_1"> 1335 </token> 1336 <token id="date"> 1337 </token> 1338 <token id="exec_args"> 1339 </token> 1340 <token id="exec_env"> 1341 </token> 1342 <token id="exit"> 1343 </token> 1344 <token id="file"> 1345 </token> 1346 <token id="fmri"> 1347 </token> 1348 <token id="groups"> 1349 </token> 1350 <!-- pseudo token; in_addr and in_port of peer --> 1351 <token id="in_peer"> 1352 </token> 1353 <token id="ipc"> 1354 </token> 1355 <token id="ipc_perm"> 1356 </token> 1357 <token id="label"> 1358 </token> 1359 <token id="newgroups"> 1360 </token> 1361 <token id="opaque"> 1362 </token> 1363 <token id="path"> 1364 </token> 1365 <!-- pseudo token; path list generates 0 or more path tokens --> 1366 <token id="path_list"> 1367 </token> 1368 <token id="tid"> 1369 </token> 1370 1371 <!-- 1372 privilege token is implemented as one of the pseudo tokens 1373 priv_limit, priv_effective, or priv_inherit 1374 1375 <token id="privilege"> 1376 </token> 1377 --> 1378 <token id="priv_effective"> 1379 </token> 1380 <token id="priv_inherit"> 1381 </token> 1382 <token id="priv_limit"> 1383 </token> 1384 <token id="process"> 1385 </token> 1386 <token id="return"> 1387 </token> 1388 <token id="seq"> 1389 </token> 1390 <token id="socket"> 1391 </token> 1392 <token id="socket-inet"> 1393 </token> 1394 <token id="subject"> 1395 </token> 1396 <token id="text"> 1397 </token> 1398 <token id="uauth"> 1399 </token> 1400 <token id="zonename"> 1401 </token> 1402 1403<!-- 1404 error value list for return values with success/fail code of fail. 1405 These values start at 1000 so praudit can tell the difference 1406 between the libbsm/common/audit_*.c broken error values and 1407 the new adt_ error value list. It is public so that praudit 1408 can find it. 1409 1410 praudit outputs "failure" %s" for these strings, so there is 1411 no need to use words such as "failed" in the message. 1412 1413 ** Add to the end only to maintain validity across versions of 1414 the audit log. ** 1415--> 1416 1417 <msg_list id="fail_value" header="0" start="1000" public="true"> 1418 <msg id="PW_ATTR">Attribute update</msg> 1419 <msg id="PW">Password update</msg> 1420 <msg id="USERNAME">bad username</msg> 1421 <msg id="AUTH">authorization failed</msg> 1422 <msg id="UID">bad uid</msg> 1423 <msg id="UNKNOWN">unknown failure</msg> 1424 <msg id="EXPIRED">password expired</msg> 1425 <msg id="ACCOUNT_LOCKED">Account is locked</msg> 1426 <msg id="BAD_DIALUP">Bad dial up</msg> 1427 <msg id="BAD_ID">Invalid ID</msg> 1428 <msg id="BAD_PW">Invalid password</msg> 1429 <msg id="CONSOLE">Not on console</msg> 1430 <msg id="MAX_TRIES">Too many failed attempts</msg> 1431 <msg id="PROTOCOL_FAILURE">Protocol failure</msg> 1432 <msg id="EXCLUDED_USER">Excluded user</msg> 1433 <msg id="ANON_USER">No anonymous</msg> 1434 <msg id="BAD_CMD">Invalid command</msg> 1435 <msg id="BAD_TTY">Standard input not a tty line</msg> 1436 <msg id="PROGRAM">Program failure</msg> 1437 <msg id="CHDIR_FAILED">chdir to home directory</msg> 1438 <msg id="INPUT_OVERFLOW">Input line too long.</msg> 1439 <msg id="DEVICE_PERM">login device override</msg> 1440 <msg id="AUTH_BYPASS">authorization bypass</msg> 1441 <msg id="LOGIN_DISABLED">login disabled</msg> 1442 </msg_list> 1443 1444<!-- 1445 The following empty list is used for PAM errors; the "start" 1446 value is used by praudit to know to use the PAM infrastructure 1447 for generating error strings 1448--> 1449 <msg_list id="fail_pam" header="0" start="2000" public="true"> 1450 </msg_list> 1451 1452<!-- 1453 This is still in use by SMC. See AUE_generic_login. When 1454 either SMC is fixed to stop using this, or SMC goes away. 1455 REMOVE this stuff and the corresponding AUE_generic_login 1456 message field. 1457 1458 Message list for the various authentication events, such 1459 as AUE_login and AUE_admin_authenticate. Add new entries 1460 at the end. The order of msg_list entries and the order 1461 of msg entries both affect the names in adt.h and the value 1462 of the associated enumerated types. 1463 1464 Each of these messages except NO_MSG is also in the failure_attribute 1465 list; the difference is that the messages below use a text token 1466 in the audit record, while the failure_attribute messages are 1467 associated with the return value of the return token. 1468 1469 This list is deprecated; please don't use text tokens for error 1470 messages. 1471--> 1472 1473 <msg_list id="login_text" header="0" deprecated="true"> 1474 <msg id="NO_MSG"></msg> 1475 <msg id="ACCOUNT_LOCKED">Account is locked</msg> 1476 <msg id="BAD_DIALUP">Bad dial up</msg> 1477 <msg id="BAD_ID">Invalid ID</msg> 1478 <msg id="BAD_PW">Invalid password</msg> 1479 <msg id="CONSOLE">Not on console</msg> 1480 <msg id="MAX_TRIES">Too many failed attempts</msg> 1481 <msg id="PROTOCOL_FAILURE">Protocol failure</msg> 1482 <msg id="EXCLUDED_USER">Excluded user</msg> 1483 <msg id="ANON_USER">No anonymous</msg> 1484 </msg_list> 1485 1486<!-- msg list for uadmin(1m) fcn argument (next action, see uadmin(2)) --> 1487 <msg_list id="uadmin_fcn" header="0" start="3000" public="true"> 1488 <msg id="AD_HALT">Halt the processor(s)</msg> 1489 <msg id="AD_POWEROFF">Halt the processor(s) and turn off the power</msg> 1490 <msg id="AD_BOOT">Reboot the system using the kernel file</msg> 1491 <msg id="AD_IBOOT">Interactive reboot</msg> 1492 <msg id="AD_SUSPEND_TO_DISK">Save the system state to the state file</msg> 1493 <msg id="AD_CHECK_SUSPEND_TO_DISK">Check if system supports suspend to disk</msg> 1494 <msg id="AD_FORCE">Force suspend to disk even when threads of user 1495 applications are not suspendable</msg> 1496 <msg id="AD_SUSPEND_TO_RAM">Save the system state to memory</msg> 1497 <msg id="AD_CHECK_SUSPEND_TO_RAM">Check if system supports suspend to memory</msg> 1498 <msg id="AD_SBOOT">Single-user reboot</msg> 1499 <msg id="AD_SIBOOT">Single-user interactive reboot</msg> 1500 <msg id="AD_NOSYNC">Do not sync filesystems on next A_DUMP</msg> 1501 <msg id="AD_REUSEINIT">Prepare for AD_REUSABLE</msg> 1502 <msg id="AD_REUSABLE">Create reusable statefile</msg> 1503 <msg id="AD_REUSEFINI">Revert to normal CPR mode (not reusable)</msg> 1504 <msg id="AD_FTRACE_START">ftrace start</msg> 1505 <msg id="AD_FTRACE_STOP">ftrace stop</msg> 1506 </msg_list> 1507</specification> 1508