| audit_record.h (185573) | audit_record.h (186647) |
|---|---|
| 1/*- 2 * Copyright (c) 2005-2008 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * --- 12 unchanged lines hidden (view full) --- 21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * | 1/*- 2 * Copyright (c) 2005-2008 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * --- 12 unchanged lines hidden (view full) --- 21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * |
| 29 * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#3 $ | 29 * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#8 $ |
| 30 */ 31 32#ifndef _BSM_AUDIT_RECORD_H_ 33#define _BSM_AUDIT_RECORD_H_ 34 35#include <sys/time.h> /* struct timeval */ 36 37/* --- 121 unchanged lines hidden (view full) --- 159 * constants for them. OpenBSM uses the same token types, etc, used in the 160 * Solaris BSM version, but has a separate version number in order to 161 * identify a potentially different event identifier name space. 162 */ 163#define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */ 164#define AUDIT_HEADER_VERSION_SOLARIS 2 165#define AUDIT_HEADER_VERSION_TSOL25 3 166#define AUDIT_HEADER_VERSION_TSOL 4 | 30 */ 31 32#ifndef _BSM_AUDIT_RECORD_H_ 33#define _BSM_AUDIT_RECORD_H_ 34 35#include <sys/time.h> /* struct timeval */ 36 37/* --- 121 unchanged lines hidden (view full) --- 159 * constants for them. OpenBSM uses the same token types, etc, used in the 160 * Solaris BSM version, but has a separate version number in order to 161 * identify a potentially different event identifier name space. 162 */ 163#define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */ 164#define AUDIT_HEADER_VERSION_SOLARIS 2 165#define AUDIT_HEADER_VERSION_TSOL25 3 166#define AUDIT_HEADER_VERSION_TSOL 4 |
| 167#define AUDIT_HEADER_VERSION_OPENBSM 10 | 167#define AUDIT_HEADER_VERSION_OPENBSM10 10 168#define AUDIT_HEADER_VERSION_OPENBSM11 11 169#define AUDIT_HEADER_VERSION_OPENBSM AUDIT_HEADER_VERSION_OPENBSM11 |
| 168 | 170 |
| 169/* 170 * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we 171 * split the difference, will remove the Apple define for the next release. 172 */ | |
| 173#define AUT_TRAILER_MAGIC 0xb105 | 171#define AUT_TRAILER_MAGIC 0xb105 |
| 174#define TRAILER_PAD_MAGIC AUT_TRAILER_MAGIC | |
| 175 176/* BSM library calls */ 177 178__BEGIN_DECLS 179 180struct in_addr; 181struct in6_addr; 182struct ip; 183struct ipc_perm; 184struct kevent; | 172 173/* BSM library calls */ 174 175__BEGIN_DECLS 176 177struct in_addr; 178struct in6_addr; 179struct ip; 180struct ipc_perm; 181struct kevent; |
| 182struct sockaddr; |
|
| 185struct sockaddr_in; 186struct sockaddr_in6; 187struct sockaddr_un; 188#if defined(_KERNEL) || defined(KERNEL) 189struct vnode_au_info; 190#endif 191 192int au_open(void); --- 10 unchanged lines hidden (view full) --- 203 struct timeval tm, struct auditinfo_addr *aia); 204token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 205 struct timeval tm); 206#if !defined(KERNEL) && !defined(_KERNEL) 207token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); 208token_t *au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod); 209token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); 210token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); | 183struct sockaddr_in; 184struct sockaddr_in6; 185struct sockaddr_un; 186#if defined(_KERNEL) || defined(KERNEL) 187struct vnode_au_info; 188#endif 189 190int au_open(void); --- 10 unchanged lines hidden (view full) --- 201 struct timeval tm, struct auditinfo_addr *aia); 202token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 203 struct timeval tm); 204#if !defined(KERNEL) && !defined(_KERNEL) 205token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod); 206token_t *au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod); 207token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod); 208token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod); |
| 209token_t *au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod); |
|
| 211#endif 212 213token_t *au_to_me(void); 214token_t *au_to_arg(char n, const char *text, uint32_t v); 215token_t *au_to_arg32(char n, const char *text, uint32_t v); 216token_t *au_to_arg64(char n, const char *text, uint64_t v); 217 218#if defined(_KERNEL) || defined(KERNEL) --- 27 unchanged lines hidden (view full) --- 246 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 247 au_tid_addr_t *tid); 248token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 249 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); 250token_t *au_to_return(char status, uint32_t ret); 251token_t *au_to_return32(char status, uint32_t ret); 252token_t *au_to_return64(char status, uint64_t ret); 253token_t *au_to_seq(long audit_count); | 210#endif 211 212token_t *au_to_me(void); 213token_t *au_to_arg(char n, const char *text, uint32_t v); 214token_t *au_to_arg32(char n, const char *text, uint32_t v); 215token_t *au_to_arg64(char n, const char *text, uint64_t v); 216 217#if defined(_KERNEL) || defined(KERNEL) --- 27 unchanged lines hidden (view full) --- 245 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 246 au_tid_addr_t *tid); 247token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 248 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); 249token_t *au_to_return(char status, uint32_t ret); 250token_t *au_to_return32(char status, uint32_t ret); 251token_t *au_to_return64(char status, uint64_t ret); 252token_t *au_to_seq(long audit_count); |
| 254 255#if defined(_KERNEL) || defined(KERNEL) 256token_t *au_to_socket(struct socket *so); 257token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la, 258 struct sockaddr *ta); 259token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la, 260 struct sockaddr *ta); 261#endif 262 | 253token_t *au_to_socket_ex(u_short so_domain, u_short so_type, 254 struct sockaddr *sa_local, struct sockaddr *sa_remote); |
| 263token_t *au_to_sock_inet(struct sockaddr_in *so); 264token_t *au_to_sock_inet32(struct sockaddr_in *so); 265token_t *au_to_sock_inet128(struct sockaddr_in6 *so); 266token_t *au_to_sock_unix(struct sockaddr_un *so); 267token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 268 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); 269token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 270 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); 271token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 272 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); 273token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 274 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); 275token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 276 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); 277token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 278 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); 279#if defined(_KERNEL) || defined(KERNEL) | 255token_t *au_to_sock_inet(struct sockaddr_in *so); 256token_t *au_to_sock_inet32(struct sockaddr_in *so); 257token_t *au_to_sock_inet128(struct sockaddr_in6 *so); 258token_t *au_to_sock_unix(struct sockaddr_un *so); 259token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 260 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); 261token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 262 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); 263token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 264 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid); 265token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 266 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); 267token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 268 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); 269token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 270 gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); 271#if defined(_KERNEL) || defined(KERNEL) |
| 280token_t *au_to_exec_args(const char *args, int argc); 281token_t *au_to_exec_env(const char *envs, int envc); | 272token_t *au_to_exec_args(char *args, int argc); 273token_t *au_to_exec_env(char *envs, int envc); |
| 282#else 283token_t *au_to_exec_args(char **argv); 284token_t *au_to_exec_env(char **envp); 285#endif 286token_t *au_to_text(const char *text); 287token_t *au_to_kevent(struct kevent *kev); 288token_t *au_to_trailer(int rec_size); 289token_t *au_to_zonename(const char *zonename); 290 | 274#else 275token_t *au_to_exec_args(char **argv); 276token_t *au_to_exec_env(char **envp); 277#endif 278token_t *au_to_text(const char *text); 279token_t *au_to_kevent(struct kevent *kev); 280token_t *au_to_trailer(int rec_size); 281token_t *au_to_zonename(const char *zonename); 282 |
| 283/* 284 * BSM library routines for manipulating errno values. 285 */ 286int au_bsm_to_errno(u_char bsm_error, int *errorp); 287u_char au_errno_to_bsm(int error); 288 |
|
| 291__END_DECLS 292 293#endif /* ! _BSM_AUDIT_RECORD_H_ */ | 289__END_DECLS 290 291#endif /* ! _BSM_AUDIT_RECORD_H_ */ |