1185573Srwatson/*-
2186647Srwatson * Copyright (c) 2005-2008 Apple Inc.
3155191Srwatson * Copyright (c) 2005 SPARTA, Inc.
4155191Srwatson * All rights reserved.
5155191Srwatson *
6155191Srwatson * This code was developed in part by Robert N. M. Watson, Senior Principal
7155191Srwatson * Scientist, SPARTA, Inc.
8155191Srwatson *
9155191Srwatson * Redistribution and use in source and binary forms, with or without
10155191Srwatson * modification, are permitted provided that the following conditions
11155191Srwatson * are met:
12155191Srwatson *
13155191Srwatson * 1.  Redistributions of source code must retain the above copyright
14155191Srwatson *     notice, this list of conditions and the following disclaimer.
15155191Srwatson * 2.  Redistributions in binary form must reproduce the above copyright
16155191Srwatson *     notice, this list of conditions and the following disclaimer in the
17155191Srwatson *     documentation and/or other materials provided with the distribution.
18244391Srwatson * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
19155191Srwatson *     its contributors may be used to endorse or promote products derived
20155191Srwatson *     from this software without specific prior written permission.
21155191Srwatson *
22155191Srwatson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
23155191Srwatson * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
24155191Srwatson * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25155191Srwatson * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
26155191Srwatson * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27155191Srwatson * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28155191Srwatson * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29155191Srwatson * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30155191Srwatson * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31155191Srwatson * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32155191Srwatson *
33244391Srwatson * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#6
34155191Srwatson * $FreeBSD$
35155191Srwatson */
36155191Srwatson
37156289Srwatson#ifndef _AUDIT_INTERNAL_H
38156289Srwatson#define	_AUDIT_INTERNAL_H
39155191Srwatson
40156289Srwatson#if defined(__linux__) && !defined(__unused)
41156289Srwatson#define	__unused
42156289Srwatson#endif
43156289Srwatson
44155191Srwatson/*
45155191Srwatson * audit_internal.h contains private interfaces that are shared by user space
46155191Srwatson * and the kernel for the purposes of assembling audit records.  Applications
47155191Srwatson * should not include this file or use the APIs found within, or it may be
48155191Srwatson * broken with future releases of OpenBSM, which may delete, modify, or
49155191Srwatson * otherwise break these interfaces or the assumptions they rely on.
50155191Srwatson */
51156289Srwatsonstruct au_token {
52156289Srwatson	u_char			*t_data;
53156289Srwatson	size_t			 len;
54156289Srwatson	TAILQ_ENTRY(au_token)	 tokens;
55156289Srwatson};
56155191Srwatson
57156289Srwatsonstruct au_record {
58156289Srwatson	char			 used;		/* Record currently in use? */
59156289Srwatson	int			 desc;		/* Descriptor for record. */
60156289Srwatson	TAILQ_HEAD(, au_token)	 token_q;	/* Queue of BSM tokens. */
61156289Srwatson	u_char			*data;
62156289Srwatson	size_t			 len;
63156289Srwatson	LIST_ENTRY(au_record)	 au_rec_q;
64156289Srwatson};
65156289Srwatsontypedef	struct au_record	au_record_t;
66156289Srwatson
67156289Srwatson
68161635Srwatson/*
69161635Srwatson * We could determined the header and trailer sizes by defining appropriate
70161870Srwatson * structures.  We hold off that approach until we have a consistent way of
71161635Srwatson * using structures for all tokens.  This is not straightforward since these
72161870Srwatson * token structures may contain pointers of whose contents we do not know the
73161635Srwatson * size (e.g text tokens).
74155191Srwatson */
75184856Scsjp#define	AUDIT_HEADER_EX_SIZE(a)	((a)->ai_termid.at_type+18+sizeof(u_int32_t))
76161635Srwatson#define	AUDIT_HEADER_SIZE	18
77184856Scsjp#define	MAX_AUDIT_HEADER_SIZE	(5*sizeof(u_int32_t)+18)
78161635Srwatson#define	AUDIT_TRAILER_SIZE	7
79155191Srwatson
80155191Srwatson/*
81155191Srwatson * BSM token streams store fields in big endian byte order, so as to be
82155191Srwatson * portable; when encoding and decoding, we must convert byte orders for
83155191Srwatson * typed values.
84155191Srwatson */
85155191Srwatson#define	ADD_U_CHAR(loc, val)						\
86155191Srwatson	do {								\
87155191Srwatson		*(loc) = (val);						\
88155191Srwatson		(loc) += sizeof(u_char);				\
89155191Srwatson	} while(0)
90155191Srwatson
91155191Srwatson
92155191Srwatson#define	ADD_U_INT16(loc, val)						\
93155191Srwatson	do {								\
94155191Srwatson		be16enc((loc), (val));					\
95155191Srwatson		(loc) += sizeof(u_int16_t);				\
96155191Srwatson	} while(0)
97155191Srwatson
98155191Srwatson#define	ADD_U_INT32(loc, val)						\
99155191Srwatson	do {								\
100155191Srwatson		be32enc((loc), (val));					\
101155191Srwatson		(loc) += sizeof(u_int32_t);				\
102155191Srwatson	} while(0)
103155191Srwatson
104155191Srwatson#define	ADD_U_INT64(loc, val)						\
105155191Srwatson	do {								\
106155191Srwatson		be64enc((loc), (val));					\
107155191Srwatson		(loc) += sizeof(u_int64_t); 				\
108155191Srwatson	} while(0)
109155191Srwatson
110155191Srwatson#define	ADD_MEM(loc, data, size)					\
111155191Srwatson	do {								\
112155191Srwatson		memcpy((loc), (data), (size));				\
113155191Srwatson		(loc) += size;						\
114155191Srwatson	} while(0)
115155191Srwatson
116155191Srwatson#define	ADD_STRING(loc, data, size)	ADD_MEM(loc, data, size)
117155191Srwatson
118156289Srwatson#endif /* !_AUDIT_INTERNAL_H_ */
119