Mercurial > illumos > illumos-gate

changeset 5319:9240c6b7b6bd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6549682 uadmin audit records are no longer generated for the global zone 6608684 $SRC/lib/libbsm/common/audit_private.h has definitions for removed interfaces. 6611462 libbsm's adt_to_text() incorrectly handles message lists 6617501 auditxml may produce too long lines in adt_event.h for message lists 6617877 adt.xml should explain how to add a msg list
author tz204579
date Wed, 24 Oct 2007 13:35:35 -0700
parents 277236bdbcdc
children 43bde2b01a59
files deleted_files/usr/src/lib/libbsm/common/audit_uadmin.c usr/src/cmd/bsmrecord/audit_record_attr.txt usr/src/cmd/uadmin/Makefile usr/src/cmd/uadmin/uadmin.c usr/src/lib/auditd_plugins/binfile/binfile.c usr/src/lib/libbsm/Makefile.com usr/src/lib/libbsm/audit_event.txt usr/src/lib/libbsm/auditxml usr/src/lib/libbsm/common/adt.xml usr/src/lib/libbsm/common/adt_token.c usr/src/lib/libbsm/common/adt_xlate.h usr/src/lib/libbsm/common/audit_private.h usr/src/lib/libbsm/common/audit_uadmin.c usr/src/lib/libbsm/common/mapfile-vers usr/src/tools/abi/etc/ABI_i386.db usr/src/tools/abi/etc/ABI_sparc.db
diffstat 16 files changed, 509 insertions(+), 250 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deleted_files/usr/src/lib/libbsm/common/audit_uadmin.c	Wed Oct 24 13:35:35 2007 -0700
@@ -0,0 +1,136 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License").  You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+#pragma ident	"%Z%%M%	%I%	%E% SMI"
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/fcntl.h>
+#include <bsm/audit.h>
+#include <bsm/audit_record.h>
+#include <bsm/audit_uevents.h>
+#include <bsm/libbsm.h>
+#include <bsm/audit_private.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <netinet/in.h>
+#include <generic.h>
+
+#ifdef C2_DEBUG
+#define	dprintf(x) {printf x; }
+#else
+#define	dprintf(x)
+#endif
+
+static char	**gargv;
+static int	save_afunc();
+
+static int audit_uadmin_generic(int);
+
+/* ARGSUSED */
+int
+audit_uadmin_setup(int argc, char **argv)
+{
+	dprintf(("audit_uadmin_setup()\n"));
+
+	if (cannot_audit(0)) {
+		return (0);
+	}
+	gargv = argv;
+
+	(void) aug_init();
+	aug_save_event(AUE_uadmin_solaris);
+	(void) aug_save_me();
+	aug_save_afunc(save_afunc);
+	return (0);
+}
+
+static int
+save_afunc(int ad)
+{
+	if (gargv && gargv[1])
+		(void) au_write(ad, au_to_text(gargv[1]));
+	if (gargv && gargv[2])
+		(void) au_write(ad, au_to_text(gargv[2]));
+	return (0);
+}
+
+int
+audit_uadmin_fail()
+{
+	return (audit_uadmin_generic(-1));
+}
+
+int
+audit_uadmin_success()
+{
+	int res = 0;
+
+	(void) audit_uadmin_generic(0);
+
+	/*
+	 * wait for audit daemon to put halt message onto audit trail
+	 */
+	if (!cannot_audit(0)) {
+		int cond = AUC_NOAUDIT;
+		int canaudit;
+
+		(void) sleep(1);
+
+		/* find out if audit daemon is running */
+		(void) auditon(A_GETCOND, (caddr_t)&cond,
+			sizeof (cond));
+		canaudit = ((cond == AUC_AUDITING) || (cond == AUC_NOSPACE));
+
+		/* turn off audit daemon and try to flush audit queue */
+		if (canaudit && system("/usr/sbin/audit -t"))
+			res = -1;
+
+		/* give a chance for syslogd to do the job */
+		(void) sleep(5);
+	}
+
+	return (res);
+}
+
+int
+audit_uadmin_generic(sorf)
+	int sorf;
+{
+	int r;
+
+	dprintf(("audit_uadmin_generic(%d)\n", sorf));
+
+	if (cannot_audit(0)) {
+		return (0);
+	}
+
+	aug_save_sorf(sorf);
+	r = aug_audit();
+
+	return (r);
+}
--- a/usr/src/cmd/bsmrecord/audit_record_attr.txt	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/cmd/bsmrecord/audit_record_attr.txt	Wed Oct 24 13:35:35 2007 -0700
@@ -2301,9 +2301,10 @@
 # code shows a third token, path, but it isn't implemented.
 
 label=AUE_uadmin_solaris
-  title=uadmin
-  program=/sbin/uadmin;/usr/sbin/uadmin
+  title=uadmin (obsolete)
+  program=
+  see=
   format=text1:text2
   comment=function code:argument code
-# See audit_uadmin.c
+# not used. Replaced by AUE_uadmin_* events, see uadmin.c, adt.xml
 
--- a/usr/src/cmd/uadmin/Makefile	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/cmd/uadmin/Makefile	Wed Oct 24 13:35:35 2007 -0700
@@ -2,9 +2,8 @@
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License").  You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 1989,1999-2003 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -33,7 +32,7 @@
 
 OWNER = root
 GROUP = sys
-LDLIBS += -lbsm
+LDLIBS += -lbsm -lscf
 LINTFLAGS = -ux
 
 .KEEP_STATE:
--- a/usr/src/cmd/uadmin/uadmin.c	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/cmd/uadmin/uadmin.c	Wed Oct 24 13:35:35 2007 -0700
@@ -35,14 +35,18 @@
 #include <unistd.h>
 #include <signal.h>
 #include <sys/uadmin.h>
-#include <bsm/libbsm.h>
+#include <bsm/adt.h>
+#include <bsm/adt_event.h>
+#include <libscf.h>
+#include <strings.h>
 
-#define	SMF_RST "/etc/svc/volatile/resetting"
+#define	SMF_RST	"/etc/svc/volatile/resetting"
+#define	AUDITD_FMRI	"svc:/system/auditd:default"
 
 static const char *Usage = "Usage: %s cmd fcn [mdep]\n";
 
-extern int audit_uadmin_setup(int, char **);
-extern int audit_uadmin_success();
+static int turnoff_auditd();
+static void wait_for_auqueue();
 
 int
 main(int argc, char *argv[])
@@ -50,14 +54,16 @@
 	int cmd, fcn;
 	uintptr_t mdep = NULL;
 	sigset_t set;
+	adt_session_data_t *ah;  /* audit session handle */
+	adt_event_data_t *event = NULL; /* event to be generated */
+	au_event_t event_id;
+	enum adt_uadmin_fcn fcn_id;
 
 	if (argc < 3 || argc > 4) {
 		(void) fprintf(stderr, Usage, argv[0]);
 		return (1);
 	}
 
-	(void) audit_uadmin_setup(argc, argv);
-
 	(void) sigfillset(&set);
 	(void) sigprocmask(SIG_BLOCK, &set, NULL);
 
@@ -75,8 +81,146 @@
 		}
 	}
 
+	/* set up audit session and event */
+	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
+		(void) fprintf(stderr, "%s: can't start audit session\n",
+		    argv[0]);
+	}
+	switch (cmd) {
+	case A_SHUTDOWN:
+		event_id = ADT_uadmin_shutdown;
+		break;
+	case A_REBOOT:
+		event_id = ADT_uadmin_reboot;
+		break;
+	case A_DUMP:
+		event_id = ADT_uadmin_dump;
+		break;
+	case A_REMOUNT:
+		event_id = ADT_uadmin_remount;
+		break;
+	case A_FREEZE:
+		event_id = ADT_uadmin_freeze;
+		break;
+	case A_FTRACE:
+		event_id = ADT_uadmin_ftrace;
+		break;
+	case A_SWAPCTL:
+		event_id = ADT_uadmin_swapctl;
+		break;
+	default:
+		event_id = 0;
+	}
+	if ((event_id != 0) &&
+	    (event = adt_alloc_event(ah, event_id)) == NULL) {
+		(void) fprintf(stderr, "%s: can't allocate audit event\n",
+		    argv[0]);
+	}
+	switch (fcn) {
+	case AD_HALT:
+		fcn_id = ADT_UADMIN_FCN_AD_HALT;
+		break;
+	case AD_POWEROFF:
+		fcn_id = ADT_UADMIN_FCN_AD_POWEROFF;
+		break;
+	case AD_BOOT:
+		fcn_id = ADT_UADMIN_FCN_AD_BOOT;
+		break;
+	case AD_IBOOT:
+		fcn_id = ADT_UADMIN_FCN_AD_IBOOT;
+		break;
+	case AD_SBOOT:
+		fcn_id = ADT_UADMIN_FCN_AD_SBOOT;
+		break;
+	case AD_SIBOOT:
+		fcn_id = ADT_UADMIN_FCN_AD_SIBOOT;
+		break;
+	case AD_NOSYNC:
+		fcn_id = ADT_UADMIN_FCN_AD_NOSYNC;
+		break;
+	default:
+		fcn_id = 0;
+	}
+	if (cmd == A_FREEZE) {
+		switch (fcn) {
+		case AD_SUSPEND_TO_DISK:
+			fcn_id = ADT_UADMIN_FCN_AD_SUSPEND_TO_DISK;
+			break;
+		case AD_CHECK_SUSPEND_TO_DISK:
+			fcn_id = ADT_UADMIN_FCN_AD_CHECK_SUSPEND_TO_DISK;
+			break;
+		case AD_FORCE:
+			fcn_id = ADT_UADMIN_FCN_AD_FORCE;
+			break;
+		case AD_SUSPEND_TO_RAM:
+			fcn_id = ADT_UADMIN_FCN_AD_SUSPEND_TO_RAM;
+			break;
+		case AD_CHECK_SUSPEND_TO_RAM:
+			fcn_id = ADT_UADMIN_FCN_AD_CHECK_SUSPEND_TO_RAM;
+			break;
+		case AD_REUSEINIT:
+			fcn_id = ADT_UADMIN_FCN_AD_REUSEINIT;
+			break;
+		case AD_REUSABLE:
+			fcn_id = ADT_UADMIN_FCN_AD_REUSABLE;
+			break;
+		case AD_REUSEFINI:
+			fcn_id = ADT_UADMIN_FCN_AD_REUSEFINI;
+			break;
+		}
+	} else if (cmd == A_FTRACE) {
+		switch (fcn) {
+		case AD_FTRACE_START:
+			fcn_id = ADT_UADMIN_FCN_AD_FTRACE_START;
+			break;
+		case AD_FTRACE_STOP:
+			fcn_id = ADT_UADMIN_FCN_AD_FTRACE_STOP;
+			break;
+		}
+	}
+
 	if (geteuid() == 0) {
-		if (audit_uadmin_success() == -1)
+		if (event != NULL) {
+			switch (cmd) {
+			case A_SHUTDOWN:
+				event->adt_uadmin_shutdown.fcn = fcn_id;
+				event->adt_uadmin_shutdown.mdep = (char *)mdep;
+				break;
+			case A_REBOOT:
+				event->adt_uadmin_reboot.fcn = fcn_id;
+				event->adt_uadmin_reboot.mdep = (char *)mdep;
+				break;
+			case A_DUMP:
+				event->adt_uadmin_dump.fcn = fcn_id;
+				event->adt_uadmin_dump.mdep = (char *)mdep;
+				break;
+			case A_REMOUNT:
+				/* no parameters */
+				break;
+			case A_FREEZE:
+				event->adt_uadmin_freeze.fcn = fcn_id;
+				event->adt_uadmin_freeze.mdep = (char *)mdep;
+				break;
+			case A_FTRACE:
+				event->adt_uadmin_ftrace.fcn = fcn_id;
+				break;
+			case A_SWAPCTL:
+				event->adt_uadmin_swapctl.fcn = fcn_id;
+				break;
+			}
+
+			if (adt_put_event(event, ADT_SUCCESS, 0) != 0) {
+				(void) fprintf(stderr,
+				    "%s: can't put audit event\n", argv[0]);
+			}
+			/*
+			 * allow audit record to be processed in the kernel
+			 * audit queue
+			 */
+			wait_for_auqueue();
+		}
+
+		if (turnoff_auditd() == -1)
 			(void) fprintf(stderr, "%s: can't turn off auditd\n",
 			    argv[0]);
 
@@ -84,6 +228,9 @@
 			(void) creat(SMF_RST, 0777);
 	}
 
+	(void) adt_free_event(event);
+	(void) adt_end_session(ah);
+
 	if (uadmin(cmd, fcn, mdep) < 0) {
 		perror("uadmin");
 
@@ -94,3 +241,51 @@
 
 	return (0);
 }
+
+static int
+turnoff_auditd()
+{
+	char	*smf_state;
+	int	rc = -1;
+	int	retries = 15;
+
+	if (smf_disable_instance(AUDITD_FMRI, SMF_TEMPORARY) != 0) {
+		(void) fprintf(stderr, "error disabling auditd: %s\n",
+		    scf_strerror(scf_error()));
+		return (-1);
+	}
+
+	/* wait for auditd to finish its work */
+	do {
+		if ((smf_state = smf_get_state(AUDITD_FMRI)) == NULL) {
+			(void) fprintf(stderr,
+			    "getting state of auditd failed: %s\n",
+			    scf_strerror(scf_error()));
+			return (-1);
+		}
+
+		if (strcmp(smf_state, SCF_STATE_STRING_DISABLED)) {
+			retries--;
+			(void) sleep(1);
+		} else {
+			rc = 0;
+		}
+		free(smf_state);
+	} while (rc && retries);
+
+	return (rc);
+}
+
+static void
+wait_for_auqueue()
+{
+	au_stat_t	au_stat;
+	int		retries = 10;
+
+	while (retries-- && auditon(A_GETSTAT, (caddr_t)&au_stat, NULL) == 0) {
+		if (au_stat.as_enqueue == au_stat.as_written) {
+			break;
+		}
+		(void) sleep(1);
+	}
+}
--- a/usr/src/lib/auditd_plugins/binfile/binfile.c	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/lib/auditd_plugins/binfile/binfile.c	Wed Oct 24 13:35:35 2007 -0700
@@ -517,8 +517,10 @@
 	 * newname is "" if binfile is being closed down.
 	 */
 	(void) write_file_token(currentdir->dl_fd, newname);
-	if (currentdir->dl_fd >= 0)
+	if (currentdir->dl_fd >= 0) {
+		(void) fsync(currentdir->dl_fd);
 		(void) close(currentdir->dl_fd);
+	}
 	currentdir->dl_fd = -1;
 	(void) rename(currentdir->dl_filename, oldname);
 
--- a/usr/src/lib/libbsm/Makefile.com	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/lib/libbsm/Makefile.com	Wed Oct 24 13:35:35 2007 -0700
@@ -19,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -55,7 +55,6 @@
 		audit_rshd.o \
 		audit_settid.o \
 		audit_shutdown.o \
-		audit_uadmin.o \
 		audit_user.o \
 		bsm.o \
 		generic.o \
--- a/usr/src/lib/libbsm/audit_event.txt	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/lib/libbsm/audit_event.txt	Wed Oct 24 13:35:35 2007 -0700
@@ -374,7 +374,7 @@
 6164:AUE_rexd:rexd:lo
 6165:AUE_ftpd:ftp access:lo
 6166:AUE_init_solaris:init(1m):ss
-6167:AUE_uadmin_solaris:uadmin(1m):ss
+6167:AUE_uadmin_solaris:uadmin(1m):no
 6168:AUE_shutdown_solaris:shutdown(1b):ss
 6169:AUE_poweroff_solaris:poweroff(1m):ss
 6170:AUE_crontab_mod:crontab-modify:ua
@@ -437,6 +437,13 @@
 6234:AUE_pool_export:export device from pool:ot
 6235:AUE_dladm_create_secobj:create network security object:as,cy
 6236:AUE_dladm_delete_secobj:delete network security object:as,cy
+6237:AUE_uadmin_shutdown:uadmin(1m) - shutdown:ss
+6238:AUE_uadmin_reboot:uadmin(1m) - reboot:ss
+6239:AUE_uadmin_dump:uadmin(1m) - dump:ss
+6240:AUE_uadmin_freeze:uadmin(1m) - freeze:ss
+6241:AUE_uadmin_remount:uadmin(1m) - remount:ss
+6242:AUE_uadmin_ftrace:uadmin(1m) - ftrace:ss
+6243:AUE_uadmin_swapctl:uadmin(1m) - swapctl:ss
 #
 # Trusted Extensions events:
 #
--- a/usr/src/lib/libbsm/auditxml	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/lib/libbsm/auditxml	Wed Oct 24 13:35:35 2007 -0700
@@ -387,7 +387,30 @@
 	        $start = "$comma\t";
 	    }
 	    $text = "(no token will be generated)" unless $text;
-	    print Hfile "\tADT_$shortName", "_$id$start\t/* $text */\n";
+	    my $line = "\tADT_$shortName"."_$id$start\t/* ";
+	    # ensure whole line does not exceed 80 chars
+	    my $eline = $line.$text;
+	    #expand tabs
+	    1 while $eline =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e;
+	    if ((length($eline) > 77) && ($line =~ /\t\t/)) {
+	    	# 77 = 80 - length(" */")
+		# strip off double tab so that comment can be longer
+		$line =~ s/\t\t/\t/;
+		# shorten eline; don't mind where the spaces are removed, it is
+		# only $eline length which matters
+		$eline =~ s/ {8}//; 
+	    }
+	    if (length($eline) > 77) { # 80 - length(" */")
+	    	# here we use negative length in substr to leave off from the
+		# right side; 74 = 77 - length("...")
+	    	$line .= substr($text, 0, 74 - length($eline));
+		# strip off part of last word (already cut)
+		$line =~ s/\s(\S+)$/ /;
+		$line .= "...";
+	    } else {
+	    	$line .= $text;
+	    }
+	    print Hfile "$line */\n";
 	    $start = '';
 	}
 	print Hfile "};\n";
--- a/usr/src/lib/libbsm/common/adt.xml	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/lib/libbsm/common/adt.xml	Wed Oct 24 13:35:35 2007 -0700
@@ -179,9 +179,12 @@
 			- id is the name to be used for this group of text
 			  strings in adt_event.h
 			- header is as defined for <event>
+			- start is a number where produced enum type begins;
+			  ensure msg lists do not overlap
 			Within a msg_list block, <msg> and <debug> are defined.
 			The order of <msg> tags in a msg_list is reflected
-			directly in adt_event.h
+			directly in adt_event.h. Also add ADT_LIST_<<id>> to
+			enum adt_msg_list in adt_xlate.h.
 
 	msg		Define one string.
 			- id is the name to be used in the enum describing
@@ -1134,8 +1137,102 @@
 	</entry>
     </event>
 
+    <!-- uadmin(1m) events -->
+    <event id="AUE_uadmin_generic" type="generic" omit="always">
+	<entry id="subject">
+	    <internal token="subject"/>
+	    <external opt="none"/>
+	</entry>
+	<entry id="fcn">
+	    <internal token="text"/>
+	    <external opt="required" type="msg uadmin_fcn"/>
+	    <comment>next action</comment>
+	</entry>
+	<entry id="mdep">
+	    <internal token="text"/>
+	    <external opt="optional" type="char *"/>
+	    <comment>machine dependent argument</comment>
+	</entry>
+	<entry id="return">
+	    <internal token="return"/>
+	    <external opt="none"/>
+	</entry>
+    </event>
+    <event id="AUE_uadmin_generic_fcn" type="generic" omit="always">
+	<entry id="subject">
+	    <internal token="subject"/>
+	    <external opt="none"/>
+	</entry>
+	<entry id="fcn">
+	    <internal token="text"/>
+	    <external opt="required" type="msg uadmin_fcn"/>
+	    <comment>next action</comment>
+	</entry>
+	<entry id="return">
+	    <internal token="return"/>
+	    <external opt="none"/>
+	</entry>
+    </event>
+    <event id="AUE_uadmin_shutdown" instance_of="AUE_uadmin_generic"
+        header="0" idNo="51" omit="JNI">
+    	<title>uadmin shutdown</title>
+	<program>/sbin/uadmin</program>
+	<program>/usr/sbin/uadmin</program>
+	<see>uadmin(1M)</see>
+    </event>
+    <event id="AUE_uadmin_reboot" instance_of="AUE_uadmin_generic"
+        header="0" idNo="52" omit="JNI">
+    	<title>uadmin reboot</title>
+	<program>/sbin/uadmin</program>
+	<program>/usr/sbin/uadmin</program>
+	<see>uadmin(1M)</see>
+    </event>
+    <event id="AUE_uadmin_dump" instance_of="AUE_uadmin_generic"
+        header="0" idNo="53" omit="JNI">
+    	<title>uadmin dump</title>
+	<program>/sbin/uadmin</program>
+	<program>/usr/sbin/uadmin</program>
+	<see>uadmin(1M)</see>
+    </event>
+    <event id="AUE_uadmin_freeze" instance_of="AUE_uadmin_generic"
+        header="0" idNo="54" omit="JNI">
+    	<title>uadmin freeze</title>
+	<program>/sbin/uadmin</program>
+	<program>/usr/sbin/uadmin</program>
+	<see>uadmin(1M)</see>
+    </event>
+    <event id="AUE_uadmin_remount" header="0" idNo="55" omit="JNI">
+    	<title>uadmin remount</title>
+	<program>/sbin/uadmin</program>
+	<program>/usr/sbin/uadmin</program>
+	<see>uadmin(1M)</see>
+	<entry id="subject">
+	    <internal token="subject"/>
+	    <external opt="none"/>
+	</entry>
+	<entry id="return">
+	    <internal token="return"/>
+	    <external opt="none"/>
+	</entry>
+    </event>
+    <!-- uadmin ftrace and swapctl are not documented in uadmin(2) -->
+    <event id="AUE_uadmin_ftrace" instance_of="AUE_uadmin_generic_fcn"
+        header="0" idNo="56" omit="JNI">
+    	<title>uadmin ftrace</title>
+	<program>/sbin/uadmin</program>
+	<program>/usr/sbin/uadmin</program>
+	<see>uadmin(1M)</see>
+    </event>
+    <event id="AUE_uadmin_swapctl" instance_of="AUE_uadmin_generic_fcn"
+        header="0" idNo="57" omit="JNI">
+    	<title>uadmin swapctl</title>
+	<program>/sbin/uadmin</program>
+	<program>/usr/sbin/uadmin</program>
+	<see>uadmin(1M)</see>
+    </event>
+
 <!-- add new events here with the next higher idNo -->
-<!-- Highest idNo is 50, so next is 51, then fix this comment -->
+<!-- Highest idNo is 57, so next is 58, then fix this comment -->
 <!-- end of C Only events -->
 
 
@@ -1306,4 +1403,25 @@
 	<msg id="ANON_USER">No anonymous</msg>
     </msg_list>
 
+<!-- msg list for uadmin(1m) fcn argument (next action, see uadmin(2)) -->
+    <msg_list id="uadmin_fcn" header="0" start="3000" public="true">
+    	<msg id="AD_HALT">Halt the processor(s)</msg>
+	<msg id="AD_POWEROFF">Halt the processor(s) and turn off the power</msg>
+	<msg id="AD_BOOT">Reboot the system using the kernel file</msg>
+	<msg id="AD_IBOOT">Interactive reboot</msg>
+	<msg id="AD_SUSPEND_TO_DISK">Save the system state to the state file</msg>
+	<msg id="AD_CHECK_SUSPEND_TO_DISK">Check if system supports suspend to disk</msg>
+	<msg id="AD_FORCE">Force suspend to disk even when threads of user
+	applications are not suspendable</msg>
+	<msg id="AD_SUSPEND_TO_RAM">Save the system state to memory</msg>
+	<msg id="AD_CHECK_SUSPEND_TO_RAM">Check if system supports suspend to memory</msg>
+	<msg id="AD_SBOOT">Single-user reboot</msg>
+	<msg id="AD_SIBOOT">Single-user interactive reboot</msg>
+	<msg id="AD_NOSYNC">Do not sync filesystems on next A_DUMP</msg>
+	<msg id="AD_REUSEINIT">Prepare for AD_REUSABLE</msg>
+	<msg id="AD_REUSABLE">Create reusable statefile</msg>
+	<msg id="AD_REUSEFINI">Revert to normal CPR mode (not reusable)</msg>
+	<msg id="AD_FTRACE_START">ftrace start</msg>
+	<msg id="AD_FTRACE_STOP">ftrace stop</msg>
+    </msg_list>
 </specification>
--- a/usr/src/lib/libbsm/common/adt_token.c	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/lib/libbsm/common/adt_token.c	Wed Oct 24 13:35:35 2007 -0700
@@ -670,8 +670,8 @@
 		list = &adt_msg_text[(enum adt_login_text)def->dd_input_size];
 		list_index = ((union convert *)p_data)->msg_selector;
 
-		if ((list_index < list->ml_min_index) |
-		    (list_index > list->ml_max_index))
+		if ((list_index + list->ml_offset < list->ml_min_index) ||
+		    (list_index + list->ml_offset > list->ml_max_index))
 			string = "Invalid message index";
 		else
 			string = list->ml_msg_list[list_index +
--- a/usr/src/lib/libbsm/common/adt_xlate.h	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/lib/libbsm/common/adt_xlate.h	Wed Oct 24 13:35:35 2007 -0700
@@ -21,7 +21,7 @@
 /*
  * adt_xlate.h
  *
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
  */
@@ -81,7 +81,8 @@
 enum adt_msg_list {
 	ADT_LIST_FAIL_PAM,
 	ADT_LIST_FAIL_VALUE,
-	ADT_LIST_LOGIN_TEXT};
+	ADT_LIST_LOGIN_TEXT,
+	ADT_LIST_UADMIN_FCN};
 
 enum datatype {ADT_UNDEFINED = 0,
     ADT_DATE,
--- a/usr/src/lib/libbsm/common/audit_private.h	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/lib/libbsm/common/audit_private.h	Wed Oct 24 13:35:35 2007 -0700
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
  * Do not add to this file unless it is to cover an existing private
@@ -179,27 +179,6 @@
     char *, char **);
 extern	void	audit_rexd_setup(void);
 
-/*
- * audit_uadmin.c
- * interface user
- * uadmin
- */
-extern	int	audit_uadmin_setup(int, char **);
-extern	int	audit_uadmin_success(void);
-
-/*
- * audit_su.c
- * interface user
- * su
- */
-extern	void	audit_su_bad_authentication(void);
-extern	void	audit_su_bad_uid(uid_t);
-extern	void	audit_su_bad_username(void);
-extern	void	audit_su_init_info(char *, char *);
-extern	void	audit_su_reset_ai(void);
-extern	void	audit_su_success(void);
-extern	void	audit_su_unknown_failure(void);
-
 #ifdef	__cplusplus
 }
 #endif
--- a/usr/src/lib/libbsm/common/audit_uadmin.c	Wed Oct 24 12:59:16 2007 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,136 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-/*
- * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-#include <sys/types.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/fcntl.h>
-#include <bsm/audit.h>
-#include <bsm/audit_record.h>
-#include <bsm/audit_uevents.h>
-#include <bsm/libbsm.h>
-#include <bsm/audit_private.h>
-#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
-#include <netinet/in.h>
-#include <generic.h>
-
-#ifdef C2_DEBUG
-#define	dprintf(x) {printf x; }
-#else
-#define	dprintf(x)
-#endif
-
-static char	**gargv;
-static int	save_afunc();
-
-static int audit_uadmin_generic(int);
-
-/* ARGSUSED */
-int
-audit_uadmin_setup(int argc, char **argv)
-{
-	dprintf(("audit_uadmin_setup()\n"));
-
-	if (cannot_audit(0)) {
-		return (0);
-	}
-	gargv = argv;
-
-	(void) aug_init();
-	aug_save_event(AUE_uadmin_solaris);
-	(void) aug_save_me();
-	aug_save_afunc(save_afunc);
-	return (0);
-}
-
-static int
-save_afunc(int ad)
-{
-	if (gargv && gargv[1])
-		(void) au_write(ad, au_to_text(gargv[1]));
-	if (gargv && gargv[2])
-		(void) au_write(ad, au_to_text(gargv[2]));
-	return (0);
-}
-
-int
-audit_uadmin_fail()
-{
-	return (audit_uadmin_generic(-1));
-}
-
-int
-audit_uadmin_success()
-{
-	int res = 0;
-
-	(void) audit_uadmin_generic(0);
-
-	/*
-	 * wait for audit daemon to put halt message onto audit trail
-	 */
-	if (!cannot_audit(0)) {
-		int cond = AUC_NOAUDIT;
-		int canaudit;
-
-		(void) sleep(1);
-
-		/* find out if audit daemon is running */
-		(void) auditon(A_GETCOND, (caddr_t)&cond,
-			sizeof (cond));
-		canaudit = ((cond == AUC_AUDITING) || (cond == AUC_NOSPACE));
-
-		/* turn off audit daemon and try to flush audit queue */
-		if (canaudit && system("/usr/sbin/audit -t"))
-			res = -1;
-
-		/* give a chance for syslogd to do the job */
-		(void) sleep(5);
-	}
-
-	return (res);
-}
-
-int
-audit_uadmin_generic(sorf)
-	int sorf;
-{
-	int r;
-
-	dprintf(("audit_uadmin_generic(%d)\n", sorf));
-
-	if (cannot_audit(0)) {
-		return (0);
-	}
-
-	aug_save_sorf(sorf);
-	r = aug_audit();
-
-	return (r);
-}
--- a/usr/src/lib/libbsm/common/mapfile-vers	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/lib/libbsm/common/mapfile-vers	Wed Oct 24 13:35:35 2007 -0700
@@ -224,8 +224,6 @@
 	audit_shutdown_setup;
 	audit_shutdown_success;
 	__audit_syslog;
-	audit_uadmin_setup;
-	audit_uadmin_success;
 	aug_audit;
 	aug_get_machine;
 	aug_get_port;
--- a/usr/src/tools/abi/etc/ABI_i386.db	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/tools/abi/etc/ABI_i386.db	Wed Oct 24 13:35:35 2007 -0700
@@ -17934,33 +17934,6 @@
 audit_shutdown_success usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
 audit_shutdown_success lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
 audit_shutdown_success lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_authentication usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_bad_authentication lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_authentication lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_uid usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_bad_uid lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_uid lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_username usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_bad_username lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_username lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_init_info usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_init_info lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_init_info lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_reset_ai usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_reset_ai lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_reset_ai lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_success usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_success lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_success lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_unknown_failure usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_unknown_failure lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_unknown_failure lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_uadmin_setup usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_uadmin_setup lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_uadmin_setup lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_uadmin_success usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_uadmin_success lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_uadmin_success lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
 audit_user_create_event usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
 audit_user_create_event lib/amd64/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
 audit_user_create_event lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
--- a/usr/src/tools/abi/etc/ABI_sparc.db	Wed Oct 24 12:59:16 2007 -0700
+++ b/usr/src/tools/abi/etc/ABI_sparc.db	Wed Oct 24 13:35:35 2007 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # CDDL HEADER START
@@ -19190,42 +19190,6 @@
 audit_shutdown_success usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
 audit_shutdown_success lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
 audit_shutdown_success lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_authentication usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
-audit_su_bad_authentication usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_bad_authentication lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_authentication lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_uid usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
-audit_su_bad_uid usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_bad_uid lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_uid lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_username usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
-audit_su_bad_username usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_bad_username lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_bad_username lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_init_info usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
-audit_su_init_info usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_init_info lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_init_info lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_reset_ai usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
-audit_su_reset_ai usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_reset_ai lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_reset_ai lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_success usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
-audit_su_success usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_success lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_success lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_unknown_failure usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
-audit_su_unknown_failure usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_su_unknown_failure lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_su_unknown_failure lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_uadmin_setup usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
-audit_uadmin_setup usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_uadmin_setup lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_uadmin_setup lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_uadmin_success usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
-audit_uadmin_success usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
-audit_uadmin_success lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
-audit_uadmin_success lib/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0
 audit_user_create_event usr/lib/sparcv9/libbsm.so.1 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 1111111 0 1111110 0000001 0 0 0 0
 audit_user_create_event usr/lib/libbsm.so.1 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 SUNWprivate_1.1 0 0 0011111 0 0011110 0000001 0 0 0 0
 audit_user_create_event lib/sparcv9/libbsm.so.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SUNWprivate_1.1 SUNWprivate_1.1 0000001 0 0000001 0 0 0 0 0