1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License").  You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22/*
23 * Copyright 1988 Sun Microsystems, Inc.  All rights reserved.
24 * Use is subject to license terms.
25 */
26
27#pragma ident	"%Z%%M%	%I%	%E% SMI"
28/*
29 * Audit trail structures;
30 */
31
32#ifndef _sys_audit_h
33#define _sys_audit_h
34
35/*
36 * Maximum size for audit data passed from the audit system call
37 * This value is arbitrary, so offers of better numbers are invited.
38 */
39
40#define AUP_USER	(0x8000)
41#define MAXAUDITDATA	(AUP_USER - 1)
42#define AUDITMAGIC	0x00070009
43
44/*
45 * Audit conditions, statements reguarding what's to be done with
46 * audit records.
47 */
48#define AUC_UNSET	0	/* on/off hasn't been decided */
49#define AUC_AUDITING	1	/* auditing is being done */
50#define AUC_NOAUDIT	2	/* auditing is not being done */
51#define AUC_FCHDONE	3	/* no auditing, and you never can */
52
53/*
54 * Minimum and maximum record type values.  Change AUR_MAXRECTYPE when
55 * adding new record types.
56 */
57#define	AUR_MINRECTYPE		1
58#define	AUR_MAXRECTYPE		63
59
60/*
61 * Audit record type codes
62 */
63#define AUR_ACCESS		1
64#define AUR_CHMOD		2
65#define AUR_CHOWN		3
66#define AUR_CREAT		4
67#define AUR_FCHMOD		5
68#define AUR_FCHOWN		6
69#define AUR_FTRUNCATE		7
70#define AUR_LINK		8
71#define AUR_MKDIR		9
72#define AUR_MKNOD		10
73#define AUR_OPEN		11
74#define AUR_RMDIR		12
75#define AUR_RENAME		13
76#define AUR_STAT		14
77#define AUR_SYMLINK		15
78#define AUR_TRUNCATE		16
79#define AUR_UNLINK		17
80#define AUR_UTIMES		18
81#define AUR_EXECV		19
82#define AUR_MSGCONV		20
83#define AUR_MSGCTL		21
84#define AUR_MSGGET		22
85#define AUR_MSGRCV		23
86#define AUR_MSGSND		24
87#define AUR_SEMCTL		25
88#define AUR_SEMGET		26
89#define AUR_SEMOP		27
90#define AUR_SHMAT		28
91#define AUR_SHMCTL		29
92#define AUR_SHMDT		30
93#define AUR_SHMGET		31
94#define AUR_SOCKET		32
95#define AUR_PTRACE		33
96#define AUR_KILL		34
97#define AUR_KILLPG		35
98#define AUR_EXECVE		36
99#define AUR_CORE		37
100#define AUR_ADJTIME		38
101#define AUR_SETTIMEOFDAY	39
102#define AUR_SETHOSTNAME		40
103#define AUR_SETDOMAINNAME	41
104#define AUR_REBOOT		42
105#define AUR_REBOOTFAIL		43
106#define AUR_SYSACCT		44
107#define AUR_MOUNT_UFS		45
108#define AUR_MOUNT_NFS		46
109#define AUR_MOUNT		47
110#define AUR_UNMOUNT		48
111#define AUR_READLINK		49
112#define AUR_QUOTA_ON		50
113#define AUR_QUOTA_OFF		51
114#define AUR_QUOTA_SET		52
115#define AUR_QUOTA_LIM		53
116#define AUR_QUOTA_SYNC		54
117#define AUR_QUOTA		55
118#define AUR_STATFS		56
119#define AUR_CHROOT		57
120#define AUR_TEXT		58
121#define AUR_CHDIR		59
122#define AUR_MSGCTLRMID		60
123#define AUR_SEMCTL3		61
124#define AUR_SEMCTLALL		62
125#define AUR_SHMCTLRMID		63
126
127#define AUR_TRAILER		1000
128
129/*
130 * The classes of audit events
131 */
132#define AU_DREAD	0x00000001
133#define AU_DWRITE	0x00000002
134#define AU_DACCESS	0x00000004
135#define AU_DCREATE	0x00000008
136#define AU_LOGIN	0x00000010
137#define AU_SREAD	0x00000020
138#define AU_SCTL		0x00000040
139#define AU_MINPRIV	0x00000080
140#define AU_MAJPRIV	0x00000100
141#define AU_ADMIN	0x00000200
142#define AU_ASSIGN	0x00000400
143
144/*
145 * Success and failure are defined here because not everyone agrees on
146 * which values rate success and which failure.
147 */
148#define AU_EITHER	-1
149#define AU_SUCCESS	0
150#define AU_FAILURE	1
151
152/*
153 * The user id -2(0xfffe) is never audited - in fact, a setauid(AU_NOAUDITID)
154 * will turn off auditing.
155 */
156#define AU_NOAUDITID	-2
157
158/*
159 * The sturcture of the audit state
160 */
161struct audit_state {
162	unsigned int	as_success;	/* success bits */
163	unsigned int	as_failure;	/* failure bits */
164};
165typedef struct audit_state audit_state_t;
166
167/*
168 * The audit file header structure.
169 * In the file it will be followed by a path name, the length of which is
170 * kept in the ah_namelen field.
171 */
172struct audit_header {
173	int	ah_magic;	/* magic number */
174	time_t	ah_time;	/* the time */
175	short	ah_namelen;	/* length of file name */
176};
177typedef struct audit_header audit_header_t;
178
179/*
180 * The audit file trailer record structure.
181 * In the file it will be followed by a path name, the length of which is
182 * kept in the at_namelen field.
183 */
184struct audit_trailer {
185	short	at_record_size;		/* size of this */
186	short	at_record_type;		/* its type, a trailer */
187	time_t	at_time;		/* the time */
188	short	at_namelen;		/* length of file name */
189};
190typedef struct audit_trailer audit_trailer_t;
191
192/*
193 * The audit file record structure.
194 * au_record_size is the size of the entire record.
195 * au_param_count is the number of data items which follow the record.
196 * There is a short ( 16 bit ) length for each of the following
197 * parameters, then the parameters themselves. There is no way to know
198 * what the parameters are from the data, unless the au_record_type
199 * is understood.
200 * The first parameter is the group list, hence au_param_count will
201 * always be at least one.
202 */
203struct audit_record {
204	short		au_record_size;		/* size of this */
205	short		au_record_type;		/* its type */
206	unsigned int	au_event;		/* the event */
207	time_t		au_time;		/* the time */
208	uid_t		au_uid;			/* real uid */
209	uid_t		au_auid;		/* audit uid */
210	uid_t		au_euid;		/* effective */
211	gid_t		au_gid;			/* real group */
212	short		au_pid;			/* process id */
213	int		au_errno;		/* error code */
214	int		au_return;		/* a return value */
215	blabel_t	au_label;		/* also ... */
216	short		au_param_count;		/* # of parameters */
217};
218typedef struct audit_record audit_record_t;
219
220/*
221 * This structure controls a buffer for generating full pathnames
222 * for filenames.
223 */
224struct au_path_s {
225	u_int		ap_size;		/* Size of buffer	     */
226	caddr_t		ap_buf;			/* Address of buffer	     */
227	caddr_t		ap_ptr;			/* Current position	     */
228};
229typedef struct au_path_s au_path_t;
230
231#define AU_ALIGN(x)	(((x) + 1) & ~1)
232
233#endif /*!_sys_audit_h*/
234