1185573Srwatson/*-
2186647Srwatson * Copyright (c) 2005-2008 Apple Inc.
3155191Srwatson * Copyright (c) 2005 SPARTA, Inc.
4155191Srwatson * All rights reserved.
5155191Srwatson *
6155191Srwatson * This code was developed in part by Robert N. M. Watson, Senior Principal
7155191Srwatson * Scientist, SPARTA, Inc.
8155191Srwatson *
9155191Srwatson * Redistribution and use in source and binary forms, with or without
10155191Srwatson * modification, are permitted provided that the following conditions
11155191Srwatson * are met:
12155191Srwatson *
13155191Srwatson * 1.  Redistributions of source code must retain the above copyright
14155191Srwatson *     notice, this list of conditions and the following disclaimer.
15155191Srwatson * 2.  Redistributions in binary form must reproduce the above copyright
16155191Srwatson *     notice, this list of conditions and the following disclaimer in the
17155191Srwatson *     documentation and/or other materials provided with the distribution.
18243751Srwatson * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
19155191Srwatson *     its contributors may be used to endorse or promote products derived
20155191Srwatson *     from this software without specific prior written permission.
21155191Srwatson *
22155191Srwatson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
23155191Srwatson * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
24155191Srwatson * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25155191Srwatson * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
26155191Srwatson * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27155191Srwatson * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28155191Srwatson * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29155191Srwatson * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30155191Srwatson * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31155191Srwatson * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32155191Srwatson *
33155191Srwatson * $FreeBSD$
34155191Srwatson */
35155191Srwatson
36156289Srwatson#ifndef _AUDIT_INTERNAL_H
37156289Srwatson#define	_AUDIT_INTERNAL_H
38155191Srwatson
39156289Srwatson#if defined(__linux__) && !defined(__unused)
40156289Srwatson#define	__unused
41156289Srwatson#endif
42156289Srwatson
43155191Srwatson/*
44155191Srwatson * audit_internal.h contains private interfaces that are shared by user space
45155191Srwatson * and the kernel for the purposes of assembling audit records.  Applications
46155191Srwatson * should not include this file or use the APIs found within, or it may be
47155191Srwatson * broken with future releases of OpenBSM, which may delete, modify, or
48155191Srwatson * otherwise break these interfaces or the assumptions they rely on.
49155191Srwatson */
50156289Srwatsonstruct au_token {
51156289Srwatson	u_char			*t_data;
52156289Srwatson	size_t			 len;
53156289Srwatson	TAILQ_ENTRY(au_token)	 tokens;
54156289Srwatson};
55155191Srwatson
56156289Srwatsonstruct au_record {
57156289Srwatson	char			 used;		/* Record currently in use? */
58156289Srwatson	int			 desc;		/* Descriptor for record. */
59156289Srwatson	TAILQ_HEAD(, au_token)	 token_q;	/* Queue of BSM tokens. */
60156289Srwatson	u_char			*data;
61156289Srwatson	size_t			 len;
62156289Srwatson	LIST_ENTRY(au_record)	 au_rec_q;
63156289Srwatson};
64156289Srwatsontypedef	struct au_record	au_record_t;
65156289Srwatson
66156289Srwatson
67161635Srwatson/*
68161635Srwatson * We could determined the header and trailer sizes by defining appropriate
69161870Srwatson * structures.  We hold off that approach until we have a consistent way of
70161635Srwatson * using structures for all tokens.  This is not straightforward since these
71161870Srwatson * token structures may contain pointers of whose contents we do not know the
72161635Srwatson * size (e.g text tokens).
73155191Srwatson */
74184856Scsjp#define	AUDIT_HEADER_EX_SIZE(a)	((a)->ai_termid.at_type+18+sizeof(u_int32_t))
75161635Srwatson#define	AUDIT_HEADER_SIZE	18
76184856Scsjp#define	MAX_AUDIT_HEADER_SIZE	(5*sizeof(u_int32_t)+18)
77161635Srwatson#define	AUDIT_TRAILER_SIZE	7
78155191Srwatson
79155191Srwatson/*
80155191Srwatson * BSM token streams store fields in big endian byte order, so as to be
81155191Srwatson * portable; when encoding and decoding, we must convert byte orders for
82155191Srwatson * typed values.
83155191Srwatson */
84155191Srwatson#define	ADD_U_CHAR(loc, val)						\
85155191Srwatson	do {								\
86155191Srwatson		*(loc) = (val);						\
87155191Srwatson		(loc) += sizeof(u_char);				\
88155191Srwatson	} while(0)
89155191Srwatson
90155191Srwatson
91155191Srwatson#define	ADD_U_INT16(loc, val)						\
92155191Srwatson	do {								\
93155191Srwatson		be16enc((loc), (val));					\
94155191Srwatson		(loc) += sizeof(u_int16_t);				\
95155191Srwatson	} while(0)
96155191Srwatson
97155191Srwatson#define	ADD_U_INT32(loc, val)						\
98155191Srwatson	do {								\
99155191Srwatson		be32enc((loc), (val));					\
100155191Srwatson		(loc) += sizeof(u_int32_t);				\
101155191Srwatson	} while(0)
102155191Srwatson
103155191Srwatson#define	ADD_U_INT64(loc, val)						\
104155191Srwatson	do {								\
105155191Srwatson		be64enc((loc), (val));					\
106155191Srwatson		(loc) += sizeof(u_int64_t); 				\
107155191Srwatson	} while(0)
108155191Srwatson
109155191Srwatson#define	ADD_MEM(loc, data, size)					\
110155191Srwatson	do {								\
111155191Srwatson		memcpy((loc), (data), (size));				\
112155191Srwatson		(loc) += size;						\
113155191Srwatson	} while(0)
114155191Srwatson
115155191Srwatson#define	ADD_STRING(loc, data, size)	ADD_MEM(loc, data, size)
116155191Srwatson
117156289Srwatson#endif /* !_AUDIT_INTERNAL_H_ */
118