sec_audit_events(5) OSF sec_audit_events(5)
NAME [Toc] [Back]
sec_audit_events - Auditable events for the security services
DESCRIPTION [Toc] [Back]
Code is in place for auditing security-significant events in the
Security Server. Among these events are
+ Attempts at invoking Authentication Server/Ticket-granting
Server/Privilege Server (AS/TGS/PS) operations.
+ Deletion of Security Server objects, including
-- ACLs
-- accounts
-- pgo items
-- registry properties
-- registry/organization policies
-- registry master key
+ Attempts at invoking an operation that modifies Security Server
objects or updates an ACL.
+ Attempts at invoking operations that involve access control.
+ Failed client responses to the server's challenge, detected
replays and invalid ticket requests.
+ The usage of cryptographic keys in the RPC runtime.
+ Attempts at changing the maintenance/operation states of the
registry server.
Event class definitions, together with filters, control the auditing
execution at these code points. Filters can be updated dynamically.
Filter files are maintained by a per-host audit daemon, and are shared
among all the audit clients on the same host. The dcecp command
interface program is used for maintaining the filters. (See the dcecp
reference page.) The dcecp command is executable by all users and
system administrators. The control on who is allowed to modify
filters is done through the audit daemon's ACL, which maintains the
filters.
Hewlett-Packard Company - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
Security Server RPC interfaces include krb5rpc, rdaclif, rdacliftmp,
rpriv, rs_acct, rs_query, rs_rpladmn, rs_update, and rsec_cert. All
the RPC interfaces are offered using the rpc_c_authn_dce_secret
authentication service. The Security Server's RPC runtime uses dce-
rgy as its authentication identity. Within the same process, the
security server's UDP/IP interface provides Kerberos AS/TGS functions,
with krbtgt/cell_name as its authentication identity.
The following are the audit code points in these Security Service
interfaces, with their Event Types, Event Classes, and any EventSpecific
Information.
Authentication Interface (krb5rpc) Operations [Toc] [Back]
The rsec_krb5rpc_sendto_kdc() function is an RPC interface operation
for accessing Kerberos AS/TGS services. Ticket-granting tickets and
application tickets are requested and returned. There is no access
control on this interface other than what is within the Kerberos
Ticket-granting mechanism itself; that is, the TGS request
verification.
Event Type (Event Number, Event Classes)
AS_Request (0x101, dce_sec_authent)
Event-Specific Information
None
Event Type (Event Number, Event Classes)
TGS_TicketReq (0x102, dce_sec_authent)
Event-Specific Information
None
Event Type (Event Number, Event Classes)
TGS_RenewReq (0x103, dce_sec_authent)
Event-Specific Information
None
Event Type (Event Number, Event Classes)
TGS_ValidateReq (0x104, dce_sec_authent)
Event-Specific Information
None
Hewlett-Packard Company - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
DACL Management Interface (rdaclif) Operations [Toc] [Back]
The rdacl_lookup() operation retrieves an ACL of an object in the
Security Server. Review of ACL associated with an object in Security
Server is allowed if the caller has any access to the object.
Event Type (Event Number, Event Classes)
ACL_Lookup (0x105, dce_sec_control, dce_sec_query)
Event-Specific Information
char *component_name
uuid_t manager_type
sec_acl_type_t acl_type
The rdacl_replace() operation replaces the ACL of an object in the
Security Server. The client must have the sec_acl_perm_owner
permission for the update to be carried out.
Event Type (Event Number, Event Classes)
ACL_Replace (0x106, dce_sec_control, dce_sec_modify)
Event-Specific Information
char *component_name
uuid_t manager_type
sec_acl_type_t acl_type
sec_acl_list_t old_acl_list
sec_acl_list_t new_acl_list
The rdacl_get_access() operation determines the caller's access to a
specified object. This call is authorized if the caller has any
access to the object.
Event Type (Event Number, Event Classes)
ACL_GetAccess (0x107, dce_sec_control, dce_sec_query)
Event-Specific Information
char *component_name
uuid_t manager_type
sec_acl_permset_t net_rights
Hewlett-Packard Company - 3 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
The rdacl_test_access() operation determines if the caller has the
requested access. The return value of the call indicates whether the
caller has the requested access to the object.
Event Type (Event Number, Event Classes)
ACL_TestAccess (0x108, dce_sec_control, dce_sec_query)
Event-Specific Information
char *component_name
uuid_t manager_type
sec_acl_permset_t desired_permset
The rdacl_get_manager_types() operation lists the types (UUIDs) of
ACLs protecting an object. The caller must have some permissions on
the object for each of the manager types that is defined for the
object. Otherwise, no manager type is returned.
Event Type (Event Number, Event Classes)
ACL_GetMgrTypes (0x10A, dce_sec_control, dce_sec_query)
Event-Specific Information
char *component_name
sec_acl_type_t acl_type
The rdacl_get_referral() operation obtains a referral to an ACL update
site. This function is used when the current ACL site yields a
sec_acl_site_readonly error. Some replication managers will require
all updates for a given object to be directed to a given replica.
Clients of the generic ACL interface may know they are dealing with an
object that is replicated in this way. This function allows them to
recover from this problem and rebind to the proper update site. The
client is required to have execute access on the parent of the object
named by component_name.
Event Type (Event Number, Event Classes)
ACL_GetReferral (0x10B, dce_sec_control, dce_sec_query)
Event-Specific Information
char *component_name
uuid_t manager_type
Hewlett-Packard Company - 4 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
sec_acl_type_t sec_acl_type
Privilege Server Interface (rpriv) Operations [Toc] [Back]
The rpriv_get_ptgt() operation returns a privilege certificate to the
Ticket-granting service. The caller supplies the group set, and the
Privilege Server seals the group set in the authorization portion of a
privilege Ticket-granting ticket, after first rejecting any groups
that are not legitimately part of the caller credentials. A group
will be rejected if the caller is not a member of the group, or the
group is not allowed on project lists (the projlist_ok flag is not
set).
There is no access control on this interface other than what was
within the Kerberos Ticket-granting mechanism itself; that is, the TGS
request verification. This call may result in growth of potential
access set. Note that this is a pre-DCE 1.1 routine.
Event Type (Event Number, Event Classes)
PRIV_GetPtgt (0x10C, dce_sec_authent, dce_sec_control)
Event-Specific Information
char *string client_address
unsigned16 num_groups /* Number of local groups in PAC */
uuid_t groups /* num_groups local groups in PAC */
Registry Server Account Interface (rs_acct) Operations [Toc] [Back]
The rs_acct_add() operation adds an account with a specified login
name. The caller needs to have m, a, and u (mgmt_info, auth_info, and
user_info) permissions on the principal of the account that is to be
added. The constituent principal, group, and organization (PGO) items
for an account must be added before the account can be created. Also,
the principal must have been added as a member of the specified group
and organization.
Event Type (Event Number, Event Classes)
ACCT_Add (0x10D, dce_sec_control, dce_sec_modify)
Event-Specific Information
char *login_name
sec_rgy_acct_key_t key_parts
Hewlett-Packard Company - 5 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
The rs_acct_delete() operation deletes an account with a specified
login name. The caller needs to have m, a, and u (mgmt_info,
auth_info, and user_info) permissions on the principal of the account
that is to be deleted.
Event Type (Event Number, Event Classes)
ACCT_Delete (0x10E, dce_sec_control, dce_sec_modify)
Event-Specific Information
char *login_name
The rs_acct_rename() operation changes the account login name. The
caller has to have the m (mgmt_info) permission on the account's
principal to be renamed (old_login_name.pname).
Event Type (Event Number, Event Classes)
ACCT_Rename (0x10F, dce_sec_control, dce_sec_modify)
Event-Specific Information
char *old_login_name
char *new_login_name
The rs_acct_lookup() operation returns data for a specified account.
The caller must have the r (read) permission according to the ACL of
the account's principal in order to be viewed.
Event Type (Event Number, Event Classes)
ACCT_Lookup (0x110, dce_sec_control, dce_sec_query)
Event-Specific Information
char *login_name
The rs_acct_replace() operation replaces both the user and
administrative information in the account record specified by the
input login name. The administrative information contains limitations
on the account's use and privileges. The user information contains
such information as the account home directory and default shell. The
administrative information can only be modified by a caller with the a
(auth_info) privilege for the account's principal. The user
Hewlett-Packard Company - 6 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
information can be modified by a caller with the u (user_info)
privileges for the account's principal.
Event Type (Event Number, Event Classes)
ACCT_Replace (0x111, dce_sec_control, dce_sec_modify)
Event-Specific Information
char *login_name
unsigned32 key_parts
The rs_acct_get_projlist() operation returns members of the project
list for the specified account. This operation requires the caller to
have the r (read) permission on the account principal for which the
project list data is to be returned.
Event Type (Event Number, Event Classes)
ACCT_GetProjlist (0x112, dce_sec_control, dce_sec_query)
Event-Specific Information
char login_name
Registry Miscellaneous Operation Interface (rs_misc) Operations [Toc] [Back]
The rs_login_get_info() operation returns login information for the
specified account. This information is extracted from the account's
entry in the registry database. This operation requires the caller to
have the r (read) permission on the account's principal from which the
data is to be returned.
Event Type (Event Number, Event Classes)
LOGIN_GetInfo (0x113, dce_sec_control, dce_sec_query)
Event-Specific Information
char *login_name
Registry PGO Interface (rs_pgo) Operations [Toc] [Back]
The rs_pgo_add() operation adds a PGO item to the registry database.
This operation requires the caller to have the i (insert) permission
on the parent directory in which the PGO item is to be created.
Hewlett-Packard Company - 7 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
Event Type (Event Number, Event Classes)
PGO_Add (0x114, dce_sec_control, dce_sec_modify)
Event-Specific Information
sec_rgy_domain_t name_domain
char *pgo_name
The rs_pgo_delete() operation deletes a PGO item from registry
database. Any account depending on the deleted PGO item is also
deleted. The deletion operation requires the caller to have the d
(delete) permission on the parent directory that contains the PGO item
to be deleted and the D (Delete_object) permission on the PGO item
itself.
Event Type (Event Number, Event Classes)
PGO_Delete (0x115, dce_sec_control, dce_sec_modify)
Event-Specific Information
sec_rgy_domain_t name_domain
char *pgo_name
The rs_pgo_replace() operation replaces the data associated with a PGO
item in the registry database. The caller needs to have the m
(mgmt_info) permission on the PGO item, if quota, flags, or unix_num
is being set. (Only a cell principal's unix_num is modifiable.) The
caller needs to have the f (fullname) permission to modify the
fullname of the PGO item.
Event Type (Event Number, Event Classes)
PGO_Replace (0x116, dce_sec_control, dce_sec_modify)
Event-Specific Information
sec_rgy_domain_t name_domain
char *pgo_name
The rs_pgo_rename() operation renames a PGO item in the registry
database. The caller needs to have the n (name) permission on the old
name of the PGO item, if performing a rename within a directory. In
order to move a PGO item between directories, the caller needs to have
the n (name) permission on the old name of the PGO item as well as the
Hewlett-Packard Company - 8 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
d (delete) permission on the old parent directory and the i (insert)
permission on the new parent directory in which the PGO item is being
added under the new name.
Event Type (Event Classes)
PGO_Rename (0x117, dce_sec_control, dce_sec_modify)
sec_rgy_domain_t name_domain
char *old_name
char *new_name
The rs_pgo_get() operation returns the name and data for a PGO item.
The desired item is identified by a query key, which can be a name, a
uuid, a unix_num, or a sequential-search flag. The caller needs to
have the r (read) permission on the PGO item to be viewed.
Event Type (Event Number, Event Classes)
PGO_Get (0x118, dce_sec_control, dce_sec_query)
Event-Specific Information
sec_rgy_domain_t name_domain
rs_pgo_query_key_t key /* The query key and one of the following */
/* depending on the query key specified: */
case (key == rs_pgo_query_name)
char *name /* Name of the item being searched */
case (key == rs_pgo_query_id)
uuid_t id_key /* uuid of the item being searched */
case (key == rs_pgo_query_unix_num)
unsigned32 unix_num /* unix_num of item being searched */
case (key == rs_pgo_query_next)
char *scope /* Scope of item being searched */
The rs_pgo_key_transfer() operation performs a specified key transfer
between the uuid, unix_num, and name of a PGO item. The caller needs
to have some permission on the PGO item for id->name and
unix_num->name transfers.
Event Type (Event Number, Event Classes)
PGO_KeyTransfer (0x119, dce_sec_control)
Event-Specific Information
sec_rgy_domain_t name_domain
Hewlett-Packard Company - 9 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
rs_pgo_query_key_t key /* The query key */
/* One of the following, depending on the query
/* key specified: */
case (key == rs_pgo_query_name)
char *name /* Name of the item being searched */
case (key == rs_pgo_query_id)
uuid_t id_key /* uuid of the item being searched */
case (key == rs_pgo_query_unix_num)
unsigned32 unix_num /* unix_num of item being searched */
unsigned32 requested_result_type
The rs_pgo_add_member() operation adds a member to a group or an
organization. The caller must have the M (Member_list) permission on
the group or organization. Additionally, if this call is for adding a
group member, the caller must have the g (groups) permission on the
principal to be added.
Event Type (Event Number, Event Classes)
PGO_AddMember (0x11A, dce_sec_control, dce_sec_modify)
Event-Specific Information
sec_rgy_domain_t name_domain
char *person_name /* Principal's name */
char *go_name /* Group or organization's name */
The rs_pgo_delete_member() operation deletes a principal from a group
or an organization in the registry database. The caller must have the
M (Member_list) permission on the group or organization. Note that
the caller does not need to have the g (groups) permission when
deleting the principal from a group.
Event Type (Event Number, Event Classes)
PGO_DeleteMember (0x11B, dce_sec_control, dce_sec_modify)
Event-Specific Information
sec_rgy_domain_t name_domain
char *person_name /* Principal's name */
char *go_name /* Group or organization's name */
The rs_pgo_is_member() operation tests whether a specified principal
is a member of a specified group or organization. The caller must
have t (test) permission on the group or organization.
Hewlett-Packard Company - 10 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
Event Type (Event Number, Event Classes)
PGO_IsMember (0x11C, dce_sec_control, dce_sec_query)
Event-Specific Information
sec_rgy_domain_t name_domain
char *person_name /* Principal's name */
char *go_name /* Group or organization's name */
The rs_pgo_get_members() operation, if the specified domain is group
or organization, lists the members of a specified group or
organization. If the domain is principal, list the groups in which
the principal is a member. The caller must have the r (read)
permission on the principal, group, or organization.
Event Type (Event Number, Event Classes)
PGO_GetMembers (0x11D, dce_sec_control, dce_sec_query)
Event-Specific Information
sec_rgy_domain_t name_domain
char *go_name /* PGO's uuid */
Registry Policy Interface (rs_policy) Operations [Toc] [Back]
The rs_properties_get_info() operation returns a list of registry
properties. The caller must have the r (read) permission on the
policy object from which the property information is to be returned.
Event Type (Event Number, Event Classes)
PROP_GetInfo (0x11E, dce_sec_control, dce_sec_query)
Event-Specific Information
None
The rs_properties_set_info() operation sets the registry properties.
The caller must have the m (mgmt_info) permission on the policy object
for which the property information is to be set.
Event Type (Event Number, Event Classes)
PROP_SetInfo (0x11F, dce_sec_control, dce_sec_modify)
Hewlett-Packard Company - 11 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
Event-Specific Information
None
The rs_policy_get_info() operation returns the policy for a specified
organization or the registry (if no organization name is specified).
The caller must have the r (read) permission on the policy object or
organization item from which the data is to be returned. Note that
the rs_policy_get_effective() operation uses the same audit event
(POLICY_GetInfo) as the rs_policy_get_info() operation.
Event Type (Event Number, Event Classes)
POLICY_GetInfo (0x120, dce_sec_control, dce_sec_query)
Event-Specific Information
char *organization
The rs_policy_set_info() operation sets the policy for a specified
organization or the registry (if no organization name is specified).
The caller must have the m (mgmt_info) permission on the policy object
or organization item for which the data is to be set.
Event Type (Event Number, Event Classes)
POLICY_SetInfo (0x121, dce_sec_control, dce_sec_modify)
Event-Specific Information
char *organization
The rs_auth_policy_get_info() operation returns the authentication
policy for a specified account or the registry (if no account is
specified). The caller must have the r (read) permission on the
policy object or account's principal from which the data is to be
returned.
Event Type (Event Number, Event Classes)
AUTHPOLICY_GetInfo (0x122, dce_sec_control, dce_sec_query)
Event-Specific Information
char *account
Hewlett-Packard Company - 12 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
The rs_auth_policy_get_effective() operation returns the effective
authentication policy for an account. If no account is specified, the
authentication policy for the registry is returned. The caller must
have the r (read) permission on the policy object of the registry. If
an account is specified, the caller must also have r (read) permission
on the account's principal.
Event Type (Event Number, Event Classes)
No new event is defined for this operation.
AUTHPOLICY_GetInfo is used here.
The rs_auth_policy_set_info() operation sets the authentication policy
for an account or the registry (if no account is specified). The
caller must have the a (auth_info) permission on the account's
principal or policy object of the registry.
Event Type (Event Number, Event Classes)
AUTHPOLICY_SetInfo (0x123, dce_sec_control, dce_sec_modify)
Event-Specific Information
char *account
Registry Administration Interface Operations [Toc] [Back]
The rs_rep_admin_stop() operation directs the registry server to stop
servicing remote procedure calls. The caller must have A (Admin)
permission on the registry policy object.
Event Type (Event Number, Event Classes)
REPADMIN_Stop (0x124, dce_sec_control, dce_sec_server)
Event-Specific Information
None
The rs_rep_admin_maint() operation directs the registry server into
(checkpoint the database, close files, and so on) or out of
maintenance state. The caller must have A (Admin) permission on the
registry policy object.
Event Type (Event Number, Event Classes)
REPADMIN_Maint (0x125, dce_sec_control, dce_sec_server)
Hewlett-Packard Company - 13 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
Event-Specific Information
boolean in_maintenance
The rs_rep_admin_mkey() operation directs the registry to change its
master key and re-encrypt account keys using the new master key. The
caller must have A (Admin) permission on the registry policy object.
Event Type (Event Number, Event Classes)
REPADMIN_Mkey (0x126, dce_sec_control, dce_sec_server)
Event-Specific Information
None
The rs_rep_admin_destroy() operation directs the registry server
replica to destroy its database and exit. The caller must have A
(Admin) permission on the registry policy object.
Event Type (Event Classes)
REPADMIN_Destroy (0x127, dce_sec_control, dce_sec_server)
Event-Specific Information
None
The rs_rep_admin_init_replica() operation directs the registry server
to (re-)initialize the slave identified by rep_id. This is a master
server only operation. The caller must have A (Admin) permission on
the registry policy object.
Event Type (Event Classes)
REPADMIN_Init (0x128, dce_sec_control, dce_sec_server)
Event-Specific Information
char *rep_id_str
The rs_rep_admin_set_sw_rev() operation directs the master registry
server to update the current security software version and begin
supporting the security features appropriate for that version. If the
master is successful, the version update is propagated to all replicas
and any replicas that cannot support the new software version will
Hewlett-Packard Company - 14 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
shut down. This is a master-only operation. The caller must have A
(Admin) permission on the registry policy object.
Event Type (Event Number, Event Classes)
REPADMIN_SetSwRev (0x13A, dce_sec_control, dce_sec_server)
Event-Specific Information
unsigned long software_version
Registry Server Attributes Manipulation Interface (rs_attr) Operations [Toc] [Back]
The rs_attr_update() operation updates (writes/creates) an attribute.
The caller must have, for each attribute defined in attr_keys, the
query_permset permission on the registry object specified.
Event Type (Event Classes)
ERA_Update (0x12B, dce_sec_control, dce_sec_modify)
Event-Specific Information
char * component_name
unsigned32 int num_to_write
uuid in_attrs[num_to_write].attr_id
The rs_attr_delete() operation deletes a specified attribute(s). The
caller must have delete_permset permission for each attribute
specified.
Event Type (Event Classes)
ERA_Delete (0x12C, dce_sec_control, dce_sec_modify)
Event-Specific Information
char * component_name
unsigned32 num_to_delete
uuid attrs[num_to_delete].attr_id
The rs_attr_lookup_by_id() operation performs a lookup of the
attributes by attribute type ID. If the number of query attribute
keys is 0, this operation will return all attributes that the caller
is authorized to use. The caller must have, for each attribute
specified, the query_permset permission on the registry object
Hewlett-Packard Company - 15 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
specified.
Event Type (Event Classes)
ERA_LookupById (0x12E, dce_sec_control)
Event-Specific Information
char * component_name
unsigned32 int num_attr_keys
uuid attr_keys[num_attr_keys].attr_id
The rs_attr_lookup_no_expand() operation performs a lookup of the
attributes by attribute type ID without expanding attribute sets to
their constituent member attributes. If the number of query attribute
keys is 0, this operation will return all attributes that the caller
is authorized to use. The caller must have, for each attribute
specified, the query_permset permission on the registry object
specified.
Event Type (Event Classes)
ERA_LookupNoExpand (0x12F, dce_sec_control)
Event-Specific Information
char * component_name
unsigned32 int num_attr_keys
uuid attr_keys[num_attr_keys].attr_id
The rs_attr_lookup_by_name() operation performs a lookup of an
attribute by name. The caller must have, for the attribute specified,
query_permset permission on the registry object specified.
Event Type (Event Classes)
ERA_LookupByName (0x12G, dce_sec_control)
Event-Specific Information
char * component_name
char * attr_name
Registry Server Attributes Schema Manipulation Interface [Toc] [Back]
(rs_attr_schema) Operations
Hewlett-Packard Company - 16 -OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
The rs_attr_schema_create_entry() operation creates a new schema
entry. The caller must be authorized to add entries to the specified
schema.
Event Type (Event Classes)
ERA_SchemaCreate (0x131, dce_sec_control, dce_sec_modify)
Event-Specific Information
char * schema_name
char * schema_entry->attr_name
uuid schema_entry->attr_id
The rs_attr_schema_delete_entry() operation deletes a schema entry.
The caller must be authorized to delete schema entries.
Event Type (Event Classes)
ERA_SchemaDelete (0x132, dce_sec_control, dce_sec_modify)
Event-Specific Information
char *schema_name
uuid attr_id
The rs_attr_schema_update_entry() operation updates the modifiable
fields of a schema entry. The caller needs to have m (mgmt_info)
permissions on the schema entry that is to be modified.
Event Type (Event Classes)
ERA_SchemaUpdate (0x133, dce_sec_control, dce_sec_modify)
Event-Specific Information
char * schema_name
uuid schema_entry->attr_id
The rs_attr_schema_lookup_by_id() operation retrieves the schema entry
identified by the attribute type uuid. The caller must have r (read)
permissions on the schema entry specified.
Hewlett-Packard Company - 17 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
Event Type (Event Classes)
ERA_SchemaLookupId (0x134, dce_sec_control)
Event-Specific Information
char * schema_name
uuid attr_id
The rs_attr_schema_lookup_by_name() operation retrieves the schema
entry identified by the attribute name. The caller must have r (read)
permissions on the schema entry specified.
Event Type (Event Classes)
ERA_SchemaLookupName (0x135, dce_sec_control)
Event-Specific Information
char * schema_name
char * attr_name
Version 1.1 Privilege Server Manager Interface (rpriv_v1_1) Operations [Toc] [Back]
The rpriv_get_eptgt() operation constructs and returns an extended
privilege certificate to the ticket_granting service. The caller
supplies the extended privilege attributes in the form of an encoded
Extended Privilege Attribute Certificate (EPAC). The procedure by
which the requested privilege attributes are verified depends on how
the call is authenticated and whether the request is "local" (that is,
is a request from a client in this Privilege Server's cell) or is
"intercell" (that is, is from a foreign privilege service).
If the request is local, then the ticket to the Privilege Server is
based on a Kerberos V5 TGT and the requested_privs consists of a
single encoded EPAC. The Privilege Server decodes the requested_privs
and verifies that the requested privileges are valid by performing the
necessary database queries.
If the request is foreign, then the ticket to the privilege service is
based on a DCE EPTGT and the Privilege Server retrieves the EPAC seal
from the DCE authorization data contained in the ticket, and uses it
to verify that the requested privileges are valid.
Event Type (Event Classes)
PRIV_GetEptgt (0x136, dce_sec_control, dce_sec_authent)
Hewlett-Packard Company - 18 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
Event-Specific Information
char * request_location /* "LOCAL" or "INTERCELL" */
if "LOCAL" request:
uuid req_princ_id->uuid; /* requested local principal uuid */
uuid req_group_id->uuid; /* requested local primary group uuid */
unsigned short int num_groups /* number of valid local groups */
uuid = groups[num_groups].uuid /* valid local groups' uuids */
if "INTERCELL" request:
unsigned short int num_epacs /* number of epacs in delegation chain */
uuid [num_epacs].pa.realm.uuid /* privilege attribute realm uuid */
uuid [num_epacs].pa.principal.uuid /* privilege attribute principal uuid */
uuid [num_epacs].pa.num_groups /* number of groups in privilege attribute */
uuid [num_epacs].pa.groups[([epac_set.num_epacs].pa.num_groups)].uuid
/* uuids for groups in privilege attribute */
The rpriv_become_delegate() operation permits an intermediate server
to become a delegate for its caller. The caller supplies extended
privilege attributes in the form of an encoded Extended Privilege
Attribute Certificate (EPAC). The Privilege Server verifies that the
delegation token for this EPAC chain is correct and then creates a new
chain from the existing one with the intermediary's EPAC as a new
delegate.
Event Type (Event Classes)
PRIV_BecomeDelegate (0x138, dce_sec_control,
dce_sec_authent)
Event-Specific Information
uuid req_princ_id->uuid; /* requested local principal uuid */
uuid req_group_id->uuid; /* requested local primary group uuid */
unsigned short int num_groups /* number of valid local groups */
uuid = groups[num_groups].uuid /* valid local groups' uuids */
unsigned short int num_epacs /* number of epacs in delegation chain */
uuid [num_epacs].pa.realm.uuid /* privilege attribute realm uuid */
uuid [num_epacs].pa.principal.uuid /* privilege attribute principal uuid */
uuid [num_epacs].pa.num_groups /* number of groups in privilege attribute */
uuid [num_epacs].pa.groups[([epac_set.num_epacs].pa.num_groups)].uuid
/* uuids for groups in privilege attribute */
The rpriv_become_impersonator() operation permits an intermediate
server to become an impersonator for its caller. The caller supplies
extended privilege attributes in the form of an encoded Extended
Privilege Attribute Certificate (EPAC). The Privilege Server verifies
Hewlett-Packard Company - 19 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_audit_events(5) Open Software Foundation sec_audit_events(5)
that the delegation token for the initator's EPAC is correct and also
that the intermediary is allowed to impersonate the initiator.
Event Type (Event Classes)
PRIV_BecomeImpersonator (0x139, dce_sec_control,
dce_sec_authent)
Event-Specific Information
uuid req_princ_id->uuid; /* requested local principal uuid */
uuid req_group_id->uuid; /* requested local primary group uuid */
unsigned short int num_groups /* number of valid local groups */
uuid = groups[num_groups].uuid /* valid local groups' uuids */
unsigned short int num_epacs /* number of epacs in delegation chain */
uuid [num_epacs].pa.realm.uuid /* privilege attribute realm uuid */
uuid [num_epacs].pa.principal.uuid /* privilege attribute principal uuid */
uuid [num_epacs].pa.num_groups /* number of groups in privilege attribute */
uuid [num_epacs].pa.groups[([epac_set.num_epacs].pa.num_groups)].uuid
/* uuids for groups in privilege attribute */
RELATED INFORMATION [Toc] [Back]
Commands: dcecp(1m).
Files: dts_audit_events(5), event_class.5.
Hewlett-Packard Company - 20 -�OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96 [ Back ] |
