audit_internal.h revision 181053
15116SN/A/* 216500Sserb * Copyright (c) 2005 Apple Inc. 35116SN/A * Copyright (c) 2005 SPARTA, Inc. 45116SN/A * All rights reserved. 55116SN/A * 65116SN/A * This code was developed in part by Robert N. M. Watson, Senior Principal 75116SN/A * Scientist, SPARTA, Inc. 85116SN/A * 95116SN/A * Redistribution and use in source and binary forms, with or without 105116SN/A * modification, are permitted provided that the following conditions 115116SN/A * are met: 125116SN/A * 135116SN/A * 1. Redistributions of source code must retain the above copyright 145116SN/A * notice, this list of conditions and the following disclaimer. 155116SN/A * 2. Redistributions in binary form must reproduce the above copyright 165116SN/A * notice, this list of conditions and the following disclaimer in the 175116SN/A * documentation and/or other materials provided with the distribution. 185116SN/A * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of 195116SN/A * its contributors may be used to endorse or promote products derived 205116SN/A * from this software without specific prior written permission. 215116SN/A * 225116SN/A * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 235116SN/A * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 245116SN/A * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 255116SN/A * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 265116SN/A * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 275116SN/A * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 2816500Sserb * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 2916500Sserb * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 3016500Sserb * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 318111SN/A * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 325116SN/A * 335116SN/A * P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#18 345116SN/A * $FreeBSD: head/sys/bsm/audit_internal.h 181053 2008-07-31 09:54:35Z rwatson $ 358111SN/A */ 365116SN/A 375116SN/A#ifndef _AUDIT_INTERNAL_H 385116SN/A#define _AUDIT_INTERNAL_H 395116SN/A 405116SN/A#if defined(__linux__) && !defined(__unused) 415116SN/A#define __unused 4216500Sserb#endif 435116SN/A 445116SN/A/* 455116SN/A * audit_internal.h contains private interfaces that are shared by user space 465116SN/A * and the kernel for the purposes of assembling audit records. Applications 475116SN/A * should not include this file or use the APIs found within, or it may be 488111SN/A * broken with future releases of OpenBSM, which may delete, modify, or 498111SN/A * otherwise break these interfaces or the assumptions they rely on. 508111SN/A */ 518111SN/Astruct au_token { 528111SN/A u_char *t_data; 538111SN/A size_t len; 548111SN/A TAILQ_ENTRY(au_token) tokens; 558111SN/A}; 568111SN/A 578111SN/Astruct au_record { 588111SN/A char used; /* Record currently in use? */ 598111SN/A int desc; /* Descriptor for record. */ 608111SN/A TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ 618111SN/A u_char *data; 6216500Sserb size_t len; 635116SN/A LIST_ENTRY(au_record) au_rec_q; 645116SN/A}; 655116SN/Atypedef struct au_record au_record_t; 6616500Sserb 6716500Sserb 6816500Sserb/* 6916500Sserb * We could determined the header and trailer sizes by defining appropriate 705116SN/A * structures. We hold off that approach until we have a consistent way of 715116SN/A * using structures for all tokens. This is not straightforward since these 725116SN/A * token structures may contain pointers of whose contents we do not know the 7316500Sserb * size (e.g text tokens). 7416500Sserb */ 755116SN/A#define AUDIT_HEADER_SIZE 18 7616500Sserb#define AUDIT_TRAILER_SIZE 7 775116SN/A 785116SN/A/* 795116SN/A * BSM token streams store fields in big endian byte order, so as to be 8016500Sserb * portable; when encoding and decoding, we must convert byte orders for 815116SN/A * typed values. 825116SN/A */ 835116SN/A#define ADD_U_CHAR(loc, val) \ 845116SN/A do { \ 855116SN/A *(loc) = (val); \ 8616500Sserb (loc) += sizeof(u_char); \ 8716500Sserb } while(0) 885116SN/A 895116SN/A 905116SN/A#define ADD_U_INT16(loc, val) \ 9116500Sserb do { \ 9216500Sserb be16enc((loc), (val)); \ 935116SN/A (loc) += sizeof(u_int16_t); \ 945116SN/A } while(0) 955116SN/A 965116SN/A#define ADD_U_INT32(loc, val) \ 975116SN/A do { \ 985116SN/A be32enc((loc), (val)); \ 9916500Sserb (loc) += sizeof(u_int32_t); \ 10016500Sserb } while(0) 1015116SN/A 1025116SN/A#define ADD_U_INT64(loc, val) \ 1035116SN/A do { \ 10416500Sserb be64enc((loc), (val)); \ 10516500Sserb (loc) += sizeof(u_int64_t); \ 1065116SN/A } while(0) 1075116SN/A 1085116SN/A#define ADD_MEM(loc, data, size) \ 1095116SN/A do { \ 1105116SN/A memcpy((loc), (data), (size)); \ 1115116SN/A (loc) += size; \ 1125116SN/A } while(0) 1135116SN/A 1145116SN/A#define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size) 1155116SN/A 1165116SN/A#endif /* !_AUDIT_INTERNAL_H_ */ 1175116SN/A