audit_private.h (156882) | audit_private.h (156888) |
---|---|
1/* 2 * Copyright (c) 1999-2005 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 12 unchanged lines hidden (view full) --- 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 * | 1/* 2 * Copyright (c) 1999-2005 Apple Computer, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 12 unchanged lines hidden (view full) --- 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 * |
29 * $FreeBSD: head/sys/security/audit/audit_private.h 156882 2006-03-19 15:37:04Z rwatson $ | 29 * $FreeBSD: head/sys/security/audit/audit_private.h 156888 2006-03-19 16:03:43Z rwatson $ |
30 */ 31 32/* 33 * This include file contains function prototypes and type definitions used 34 * within the audit implementation. 35 */ 36 37#ifndef _SECURITY_AUDIT_PRIVATE_H_ --- 10 unchanged lines hidden (view full) --- 48#ifdef MALLOC_DECLARE 49MALLOC_DECLARE(M_AUDITBSM); 50MALLOC_DECLARE(M_AUDITDATA); 51MALLOC_DECLARE(M_AUDITPATH); 52MALLOC_DECLARE(M_AUDITTEXT); 53#endif 54 55/* | 30 */ 31 32/* 33 * This include file contains function prototypes and type definitions used 34 * within the audit implementation. 35 */ 36 37#ifndef _SECURITY_AUDIT_PRIVATE_H_ --- 10 unchanged lines hidden (view full) --- 48#ifdef MALLOC_DECLARE 49MALLOC_DECLARE(M_AUDITBSM); 50MALLOC_DECLARE(M_AUDITDATA); 51MALLOC_DECLARE(M_AUDITPATH); 52MALLOC_DECLARE(M_AUDITTEXT); 53#endif 54 55/* |
56 * The AUDIT_EXCESSIVELY_VERBOSE define enables a number of gratuitously 57 * noisy printf's to the console. Due to the volume, it should be left off 58 * unless you want your system to churn a lot whenever the audit record flow 59 * gets high. 60 */ 61//#define AUDIT_EXCESSIVELY_VERBOSE 62#ifdef AUDIT_EXCESSIVELY_VERBOSE 63#define AUDIT_PRINTF(x) printf x 64#else 65#define AUDIT_PRINTF(x) 66#endif 67 68/* |
|
56 * Audit control variables that are usually set/read via system calls 57 * and used to control various aspects of auditing. 58 */ 59extern struct au_qctrl audit_qctrl; 60extern struct audit_fstat audit_fstat; 61extern struct au_mask audit_nae_mask; 62extern int audit_panic_on_write_fail; 63extern int audit_fail_stop; --- 144 unchanged lines hidden (view full) --- 208 209/* 210 * In-kernel version of audit record; the basic record plus queue meta-data. 211 * This record can also have a pointer set to some opaque data that will 212 * be passed through to the audit writing mechanism. 213 */ 214struct kaudit_record { 215 struct audit_record k_ar; | 69 * Audit control variables that are usually set/read via system calls 70 * and used to control various aspects of auditing. 71 */ 72extern struct au_qctrl audit_qctrl; 73extern struct audit_fstat audit_fstat; 74extern struct au_mask audit_nae_mask; 75extern int audit_panic_on_write_fail; 76extern int audit_fail_stop; --- 144 unchanged lines hidden (view full) --- 221 222/* 223 * In-kernel version of audit record; the basic record plus queue meta-data. 224 * This record can also have a pointer set to some opaque data that will 225 * be passed through to the audit writing mechanism. 226 */ 227struct kaudit_record { 228 struct audit_record k_ar; |
216 u_int32_t k_ar_commit; | 229 u_int32_t k_ar_commit; |
217 void *k_udata; /* user data */ 218 u_int k_ulen; /* user data length */ 219 struct uthread *k_uthread; /* thread we are auditing */ 220 TAILQ_ENTRY(kaudit_record) k_q; 221}; | 230 void *k_udata; /* user data */ 231 u_int k_ulen; /* user data length */ 232 struct uthread *k_uthread; /* thread we are auditing */ 233 TAILQ_ENTRY(kaudit_record) k_q; 234}; |
235TAILQ_HEAD(kaudit_queue, kaudit_record); |
|
222 223/* 224 * Functions to manage the allocation, release, and commit of kernel audit 225 * records. 226 */ 227void audit_abort(struct kaudit_record *ar); | 236 237/* 238 * Functions to manage the allocation, release, and commit of kernel audit 239 * records. 240 */ 241void audit_abort(struct kaudit_record *ar); |
228void audit_commit(struct kaudit_record *ar, int error, | 242void audit_commit(struct kaudit_record *ar, int error, |
229 int retval); 230struct kaudit_record *audit_new(int event, struct thread *td); 231 232/* 233 * Functions relating to the conversion of internal kernel audit records to 234 * the BSM file format. 235 */ 236struct au_record; --- 9 unchanged lines hidden (view full) --- 246 247/* 248 * Return values for pre-selection and post-selection decisions. 249 */ 250#define AU_PRS_SUCCESS 1 251#define AU_PRS_FAILURE 2 252#define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) 253 | 243 int retval); 244struct kaudit_record *audit_new(int event, struct thread *td); 245 246/* 247 * Functions relating to the conversion of internal kernel audit records to 248 * the BSM file format. 249 */ 250struct au_record; --- 9 unchanged lines hidden (view full) --- 260 261/* 262 * Return values for pre-selection and post-selection decisions. 263 */ 264#define AU_PRS_SUCCESS 1 265#define AU_PRS_FAILURE 2 266#define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) 267 |
254/* | 268/* 269 * Data structures relating to the kernel audit queue. Ideally, these might 270 * be abstracted so that only accessor methods are exposed. 271 */ 272extern struct mtx audit_mtx; 273extern struct cv audit_commit_cv; 274extern struct cv audit_cv; 275extern struct kaudit_queue audit_q; 276extern int audit_q_len; 277extern int audit_pre_q_len; 278extern int audit_in_failure; 279 280/* |
255 * Flags to use on audit files when opening and closing. 256 */ 257#define AUDIT_OPEN_FLAGS (FWRITE | O_APPEND) 258#define AUDIT_CLOSE_FLAGS (FWRITE | O_APPEND) 259 260#include <sys/fcntl.h> 261#include <sys/kernel.h> 262#include <sys/malloc.h> --- 25 unchanged lines hidden (view full) --- 288 */ 289void audit_trigger_init(void); 290int send_trigger(unsigned int trigger); 291 292/* 293 * General audit related functions. 294 */ 295struct kaudit_record *currecord(void); | 281 * Flags to use on audit files when opening and closing. 282 */ 283#define AUDIT_OPEN_FLAGS (FWRITE | O_APPEND) 284#define AUDIT_CLOSE_FLAGS (FWRITE | O_APPEND) 285 286#include <sys/fcntl.h> 287#include <sys/kernel.h> 288#include <sys/malloc.h> --- 25 unchanged lines hidden (view full) --- 314 */ 315void audit_trigger_init(void); 316int send_trigger(unsigned int trigger); 317 318/* 319 * General audit related functions. 320 */ 321struct kaudit_record *currecord(void); |
322void audit_free(struct kaudit_record *ar); |
|
296void audit_shutdown(void *arg, int howto); 297void audit_rotate_vnode(struct ucred *cred, 298 struct vnode *vp); | 323void audit_shutdown(void *arg, int howto); 324void audit_rotate_vnode(struct ucred *cred, 325 struct vnode *vp); |
326void audit_worker_init(void); |
|
299 300/* 301 * Audit pipe functions. 302 */ 303void audit_pipe_submit(void *record, u_int record_len); 304 305#endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */ | 327 328/* 329 * Audit pipe functions. 330 */ 331void audit_pipe_submit(void *record, u_int record_len); 332 333#endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */ |