| audit.h (185573) | audit.h (186647) |
|---|---|
| 1/*- 2 * Copyright (c) 2005 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * --- 12 unchanged lines hidden (view full) --- 21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * | 1/*- 2 * Copyright (c) 2005 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * --- 12 unchanged lines hidden (view full) --- 21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * |
| 29 * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#1 $ | 29 * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#2 $ |
| 30 */ 31 32#ifndef _BSM_AUDIT_H 33#define _BSM_AUDIT_H 34 | 30 */ 31 32#ifndef _BSM_AUDIT_H 33#define _BSM_AUDIT_H 34 |
| 35#ifdef __APPLE__ 36/* Temporary until rdar://problem/6133383 is resolved. */ 37#include <sys/types.h> 38#include <sys/param.h> 39#include <sys/socket.h> 40#include <sys/cdefs.h> 41#include <sys/queue.h> 42#endif /* __APPLE__ */ 43 |
|
| 35#define AUDIT_RECORD_MAGIC 0x828a0f1b 36#define MAX_AUDIT_RECORDS 20 37#define MAXAUDITDATA (0x8000 - 1) 38#define MAX_AUDIT_RECORD_SIZE MAXAUDITDATA 39#define MIN_AUDIT_FILE_SIZE (512 * 1024) 40 41/* | 44#define AUDIT_RECORD_MAGIC 0x828a0f1b 45#define MAX_AUDIT_RECORDS 20 46#define MAXAUDITDATA (0x8000 - 1) 47#define MAX_AUDIT_RECORD_SIZE MAXAUDITDATA 48#define MIN_AUDIT_FILE_SIZE (512 * 1024) 49 50/* |
| 51 * Minimum noumber of free blocks on the filesystem containing the audit 52 * log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0 53 * as the kernel does an unsigned compare, plus we want to leave a few blocks 54 * free so userspace can terminate the log, etc. 55 */ 56#define AUDIT_HARD_LIMIT_FREE_BLOCKS 4 57 58/* |
|
| 42 * Triggers for the audit daemon. 43 */ 44#define AUDIT_TRIGGER_MIN 1 45#define AUDIT_TRIGGER_LOW_SPACE 1 /* Below low watermark. */ 46#define AUDIT_TRIGGER_ROTATE_KERNEL 2 /* Kernel requests rotate. */ 47#define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */ 48#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */ 49#define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */ | 59 * Triggers for the audit daemon. 60 */ 61#define AUDIT_TRIGGER_MIN 1 62#define AUDIT_TRIGGER_LOW_SPACE 1 /* Below low watermark. */ 63#define AUDIT_TRIGGER_ROTATE_KERNEL 2 /* Kernel requests rotate. */ 64#define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */ 65#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */ 66#define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */ |
| 50#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests roate. */ 51#define AUDIT_TRIGGER_MAX 6 | 67#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests rotate. */ 68#define AUDIT_TRIGGER_INITIALIZE 7 /* Initialize audit. */ 69#define AUDIT_TRIGGER_MAX 7 |
| 52 53/* 54 * The special device filename (FreeBSD). 55 */ 56#define AUDITDEV_FILENAME "audit" 57#define AUDIT_TRIGGER_FILE ("/dev/" AUDITDEV_FILENAME) 58 59/* 60 * Pre-defined audit IDs 61 */ | 70 71/* 72 * The special device filename (FreeBSD). 73 */ 74#define AUDITDEV_FILENAME "audit" 75#define AUDIT_TRIGGER_FILE ("/dev/" AUDITDEV_FILENAME) 76 77/* 78 * Pre-defined audit IDs 79 */ |
| 62#define AU_DEFAUDITID -1 | 80#define AU_DEFAUDITID (uid_t)(-1) 81#define AU_DEFAUDITSID 0 82#define AU_ASSIGN_ASID -1 |
| 63 64/* 65 * IPC types. 66 */ 67#define AT_IPC_MSG ((u_char)1) /* Message IPC id. */ 68#define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */ 69#define AT_IPC_SHM ((u_char)3) /* Shared mem IPC id. */ 70 --- 27 unchanged lines hidden (view full) --- 98#define A_GETPINFO 24 99#define A_SETPMASK 25 100#define A_SETFSIZE 26 101#define A_GETFSIZE 27 102#define A_GETPINFO_ADDR 28 103#define A_GETKAUDIT 29 104#define A_SETKAUDIT 30 105#define A_SENDTRIGGER 31 | 83 84/* 85 * IPC types. 86 */ 87#define AT_IPC_MSG ((u_char)1) /* Message IPC id. */ 88#define AT_IPC_SEM ((u_char)2) /* Semaphore IPC id. */ 89#define AT_IPC_SHM ((u_char)3) /* Shared mem IPC id. */ 90 --- 27 unchanged lines hidden (view full) --- 118#define A_GETPINFO 24 119#define A_SETPMASK 25 120#define A_SETFSIZE 26 121#define A_GETFSIZE 27 122#define A_GETPINFO_ADDR 28 123#define A_GETKAUDIT 29 124#define A_SETKAUDIT 30 125#define A_SENDTRIGGER 31 |
| 126#define A_GETSINFO_ADDR 32 |
|
| 106 107/* 108 * Audit policy controls. 109 */ 110#define AUDIT_CNT 0x0001 111#define AUDIT_AHLT 0x0002 112#define AUDIT_ARGV 0x0004 113#define AUDIT_ARGE 0x0008 --- 64 unchanged lines hidden (view full) --- 178}; 179typedef struct auditinfo auditinfo_t; 180 181struct auditinfo_addr { 182 au_id_t ai_auid; /* Audit user ID. */ 183 au_mask_t ai_mask; /* Audit masks. */ 184 au_tid_addr_t ai_termid; /* Terminal ID. */ 185 au_asid_t ai_asid; /* Audit session ID. */ | 127 128/* 129 * Audit policy controls. 130 */ 131#define AUDIT_CNT 0x0001 132#define AUDIT_AHLT 0x0002 133#define AUDIT_ARGV 0x0004 134#define AUDIT_ARGE 0x0008 --- 64 unchanged lines hidden (view full) --- 199}; 200typedef struct auditinfo auditinfo_t; 201 202struct auditinfo_addr { 203 au_id_t ai_auid; /* Audit user ID. */ 204 au_mask_t ai_mask; /* Audit masks. */ 205 au_tid_addr_t ai_termid; /* Terminal ID. */ 206 au_asid_t ai_asid; /* Audit session ID. */ |
| 207 u_int64_t ai_flags; /* Audit session flags. */ |
|
| 186}; 187typedef struct auditinfo_addr auditinfo_addr_t; 188 189struct auditpinfo { 190 pid_t ap_pid; /* ID of target process. */ 191 au_id_t ap_auid; /* Audit user ID. */ 192 au_mask_t ap_mask; /* Audit masks. */ 193 au_tid_t ap_termid; /* Terminal ID. */ 194 au_asid_t ap_asid; /* Audit session ID. */ | 208}; 209typedef struct auditinfo_addr auditinfo_addr_t; 210 211struct auditpinfo { 212 pid_t ap_pid; /* ID of target process. */ 213 au_id_t ap_auid; /* Audit user ID. */ 214 au_mask_t ap_mask; /* Audit masks. */ 215 au_tid_t ap_termid; /* Terminal ID. */ 216 au_asid_t ap_asid; /* Audit session ID. */ |
| 217 u_int64_t ap_flags; /* Audit session flags. */ |
|
| 195}; 196typedef struct auditpinfo auditpinfo_t; 197 198struct auditpinfo_addr { 199 pid_t ap_pid; /* ID of target process. */ 200 au_id_t ap_auid; /* Audit user ID. */ 201 au_mask_t ap_mask; /* Audit masks. */ 202 au_tid_addr_t ap_termid; /* Terminal ID. */ 203 au_asid_t ap_asid; /* Audit session ID. */ 204}; 205typedef struct auditpinfo_addr auditpinfo_addr_t; 206 | 218}; 219typedef struct auditpinfo auditpinfo_t; 220 221struct auditpinfo_addr { 222 pid_t ap_pid; /* ID of target process. */ 223 au_id_t ap_auid; /* Audit user ID. */ 224 au_mask_t ap_mask; /* Audit masks. */ 225 au_tid_addr_t ap_termid; /* Terminal ID. */ 226 au_asid_t ap_asid; /* Audit session ID. */ 227}; 228typedef struct auditpinfo_addr auditpinfo_addr_t; 229 |
| 230struct au_session { 231 auditinfo_addr_t *as_aia_p; /* Ptr to full audit info. */ 232#define as_asid as_aia_p->ai_asid 233#define as_auid as_aia_p->ai_auid 234#define as_termid as_aia_p->ai_termid 235 236 au_mask_t as_mask; /* Process Audit Masks. */ 237}; 238typedef struct au_session au_session_t; 239 |
|
| 207/* 208 * Contents of token_t are opaque outside of libbsm. 209 */ 210typedef struct au_token token_t; 211 212/* 213 * Kernel audit queue control parameters. 214 */ --- 66 unchanged lines hidden --- | 240/* 241 * Contents of token_t are opaque outside of libbsm. 242 */ 243typedef struct au_token token_t; 244 245/* 246 * Kernel audit queue control parameters. 247 */ --- 66 unchanged lines hidden --- |