1/*-
2 * Copyright (c) 2008 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 *
| 1/*-
2 * Copyright (c) 2008 Apple Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 *
|
29 * $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#3 $
| 29 * $P4: //depot/projects/trustedbsd/openbsm/bsm/auditd_lib.h#4 $
|
30 */
31
32#ifndef _BSM_AUDITD_LIB_H_
33#define _BSM_AUDITD_LIB_H_
34
35/*
36 * Lengths for audit trail file components.
37 */
38#define NOT_TERMINATED "not_terminated"
39#define CRASH_RECOVERY "crash_recovery"
40#define POSTFIX_LEN (sizeof("YYYYMMDDhhmmss") - 1)
41#define FILENAME_LEN ((2 * POSTFIX_LEN) + 2)
42#define TIMESTAMP_LEN (POSTFIX_LEN + 1)
43
44/*
45 * Macro to generate the timestamp string for trail file.
46 */
47#define getTSstr(t, b, l) \
48 ( (((t) = time(0)) == (time_t)-1 ) || \
49 !strftime((b), (l), "%Y%m%d%H%M%S", gmtime(&(t)) ) ) ? -1 : 0
50
51/*
52 * The symbolic link to the currently active audit trail file.
53 */
54#define AUDIT_CURRENT_LINK "/var/audit/current"
55
56/*
57 * Path of auditd plist file for launchd.
58 */
59#define AUDITD_PLIST_FILE \
60 "/System/Library/LaunchDaemons/com.apple.auditd.plist"
61
62/*
63 * Error return codes for auditd_lib functions.
64 */
65#define ADE_NOERR 0 /* No Error or Success. */
66#define ADE_PARSE -1 /* Error parsing audit_control(5). */
67#define ADE_AUDITON -2 /* auditon(2) call failed. */
68#define ADE_NOMEM -3 /* Error allocating memory. */
69#define ADE_SOFTLIM -4 /* All audit log directories over soft limit. */
70#define ADE_HARDLIM -5 /* All audit log directories over hard limit. */
71#define ADE_STRERR -6 /* Error creating file name string. */
72#define ADE_AU_OPEN -7 /* au_open(3) failed. */
73#define ADE_AU_CLOSE -8 /* au_close(3) failed. */
74#define ADE_SETAUDIT -9 /* setaudit(2) or setaudit_addr(2) failed. */
75#define ADE_ACTL -10 /* "Soft" error with auditctl(2). */
76#define ADE_ACTLERR -11 /* "Hard" error with auditctl(2). */
77#define ADE_SWAPERR -12 /* The audit trail file could not be swap. */
78#define ADE_RENAME -13 /* Error renaming crash recovery file. */
79#define ADE_READLINK -14 /* Error reading 'current' link. */
80#define ADE_SYMLINK -15 /* Error creating 'current' link. */
81#define ADE_INVAL -16 /* Invalid argument. */
82#define ADE_GETADDR -17 /* Error resolving address from hostname. */
83#define ADE_ADDRFAM -18 /* Address family not supported. */
| 30 */
31
32#ifndef _BSM_AUDITD_LIB_H_
33#define _BSM_AUDITD_LIB_H_
34
35/*
36 * Lengths for audit trail file components.
37 */
38#define NOT_TERMINATED "not_terminated"
39#define CRASH_RECOVERY "crash_recovery"
40#define POSTFIX_LEN (sizeof("YYYYMMDDhhmmss") - 1)
41#define FILENAME_LEN ((2 * POSTFIX_LEN) + 2)
42#define TIMESTAMP_LEN (POSTFIX_LEN + 1)
43
44/*
45 * Macro to generate the timestamp string for trail file.
46 */
47#define getTSstr(t, b, l) \
48 ( (((t) = time(0)) == (time_t)-1 ) || \
49 !strftime((b), (l), "%Y%m%d%H%M%S", gmtime(&(t)) ) ) ? -1 : 0
50
51/*
52 * The symbolic link to the currently active audit trail file.
53 */
54#define AUDIT_CURRENT_LINK "/var/audit/current"
55
56/*
57 * Path of auditd plist file for launchd.
58 */
59#define AUDITD_PLIST_FILE \
60 "/System/Library/LaunchDaemons/com.apple.auditd.plist"
61
62/*
63 * Error return codes for auditd_lib functions.
64 */
65#define ADE_NOERR 0 /* No Error or Success. */
66#define ADE_PARSE -1 /* Error parsing audit_control(5). */
67#define ADE_AUDITON -2 /* auditon(2) call failed. */
68#define ADE_NOMEM -3 /* Error allocating memory. */
69#define ADE_SOFTLIM -4 /* All audit log directories over soft limit. */
70#define ADE_HARDLIM -5 /* All audit log directories over hard limit. */
71#define ADE_STRERR -6 /* Error creating file name string. */
72#define ADE_AU_OPEN -7 /* au_open(3) failed. */
73#define ADE_AU_CLOSE -8 /* au_close(3) failed. */
74#define ADE_SETAUDIT -9 /* setaudit(2) or setaudit_addr(2) failed. */
75#define ADE_ACTL -10 /* "Soft" error with auditctl(2). */
76#define ADE_ACTLERR -11 /* "Hard" error with auditctl(2). */
77#define ADE_SWAPERR -12 /* The audit trail file could not be swap. */
78#define ADE_RENAME -13 /* Error renaming crash recovery file. */
79#define ADE_READLINK -14 /* Error reading 'current' link. */
80#define ADE_SYMLINK -15 /* Error creating 'current' link. */
81#define ADE_INVAL -16 /* Invalid argument. */
82#define ADE_GETADDR -17 /* Error resolving address from hostname. */
83#define ADE_ADDRFAM -18 /* Address family not supported. */
|
| 84#define ADE_EXPIRE -19 /* Error expiring audit trail files. */
|
84
85/*
86 * auditd_lib functions.
87 */
88const char *auditd_strerror(int errcode);
89int auditd_set_minfree(void);
| 85
86/*
87 * auditd_lib functions.
88 */
89const char *auditd_strerror(int errcode);
90int auditd_set_minfree(void);
|
| 91int auditd_expire_trails(int (*warn_expired)(char *));
|
90int auditd_read_dirs(int (*warn_soft)(char *), int (*warn_hard)(char *));
91void auditd_close_dirs(void);
92int auditd_set_evcmap(void);
93int auditd_set_namask(void);
94int auditd_set_policy(void);
95int auditd_set_fsize(void);
96int auditd_set_host(void);
97int auditd_swap_trail(char *TS, char **newfile, gid_t gid,
98 int (*warn_getacdir)(char *));
99int auditd_prevent_audit(void);
100int auditd_gen_record(int event, char *path);
101int auditd_new_curlink(char *curfile);
102int audit_quick_start(void);
103int audit_quick_stop(void);
104
105#endif /* !_BSM_AUDITD_LIB_H_ */
| 92int auditd_read_dirs(int (*warn_soft)(char *), int (*warn_hard)(char *));
93void auditd_close_dirs(void);
94int auditd_set_evcmap(void);
95int auditd_set_namask(void);
96int auditd_set_policy(void);
97int auditd_set_fsize(void);
98int auditd_set_host(void);
99int auditd_swap_trail(char *TS, char **newfile, gid_t gid,
100 int (*warn_getacdir)(char *));
101int auditd_prevent_audit(void);
102int auditd_gen_record(int event, char *path);
103int auditd_new_curlink(char *curfile);
104int audit_quick_start(void);
105int audit_quick_stop(void);
106
107#endif /* !_BSM_AUDITD_LIB_H_ */
|