auditrt.h revision 047f6e6f42a3d50d3e38a05c00bf7dd3fafac726
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _AUDITRT_H
#define _AUDITRT_H
#ifdef __cplusplus
extern "C" {
#endif
/*
* Auditreduce data structures.
*/
/*
* File Control Block
* Controls a single file.
* These are held by the pcb's in audit_pcbs[] in a linked list.
* There is one fcb for each file controlled by the pcb,
* and all of the files in a list have the same suffix in their names.
*/
struct audit_fcb {
int fcb_flags; /* flags - see below */
char *fcb_suffix; /* ptr to suffix in fcb_file */
char *fcb_name; /* ptr to name in fcb_file */
};
typedef struct audit_fcb audit_fcb_t;
/*
* Flags for fcb_flags.
*/
/*
* Process Control Block
* A pcb comes in two types:
* It controls either:
*
* 1. A single group of pcbs (processes that are lower on the process tree).
* These are the pcb's that the process tree is built from.
* These are allocated as needed while the process tree is being built.
*
* 2. A single group of files (fcbs).
* All of the files in one pcb have the same suffix in their filename.
* They are controlled by the leaf nodes of the process tree.
* They are found in audit_pcbs[].
* They are initially setup by process_fileopt() when the files to be
* processes are gathered together. Then they are parsed out to
* the leaf nodes by mfork().
* A particular leaf node's range of audit_pcbs[] is determined
* in the call to mfork() by the lo and hi paramters.
*/
struct audit_pcb {
int pcb_procno; /* subprocess # */
int pcb_nprecs; /* how many records put (current pcb/file) */
int pcb_flags; /* flags - see below */
int pcb_count; /* count of active pcb's */
int pcb_lo; /* low index for pcb's */
int pcb_hi; /* hi index for pcb's */
int pcb_size; /* size of current record buffer */
char *pcb_rec; /* ptr to current record buffer */
char *pcb_suffix; /* ptr to suffix name (string) */
};
typedef struct audit_pcb audit_pcb_t;
/*
* Flags for pcb_flags
*/
/*
* Message selection options
*/
/*
* object types
*/
/* XXX Why is this a bit map? There can be only one M_OBJECT. */
#define SOCKFLG_MACHINE 0 /* search socket token by machine name */
/*
* Global variables
*/
extern unsigned short m_type; /* 'm' message type */
extern char *zonename; /* 'z' zonename */
extern int flags;
extern int checkflags;
extern int socket_flag;
extern int ip_type;
extern int obj_flag; /* 'o' object type */
extern int obj_id; /* object identifier */
extern int subj_id; /* subject identifier */
extern char ipc_type; /* 'o' object type - tell what type of IPC */
/*
* File selection options
*/
extern char *f_machine; /* 'M' machine (suffix) type */
extern char *f_root; /* 'R' audit root */
extern char *f_server; /* 'S' server */
extern char *f_outfile; /* 'W' output file */
extern int f_all; /* 'A' all records from a file */
extern int f_complete; /* 'C' only completed files */
extern int f_delete; /* 'D' delete when done */
extern int f_quiet; /* 'Q' sshhhh! */
extern int f_verbose; /* 'V' verbose */
extern int f_stdin; /* '-' read from stdin */
extern int f_cmdline; /* files specified on the command line */
extern int new_mode; /* 'N' new object selection mode */
/*
* Error reporting
* Error_str is set whenever an error occurs to point to a string describing
* the error. When the error message is printed error_str is also
* printed to describe exactly what went wrong.
* Errbuf is used to build messages with variables in them.
*/
extern char *error_str; /* current error message */
extern char errbuf[]; /* buffer for building error message */
extern char *ar; /* => "auditreduce:" */
/*
* Control blocks
* Audit_pcbs[] is an array of pcbs that control files directly.
* In the program's initialization phase it will gather all of the input
* files it needs to process. Each file will have one fcb allocated for it,
* and each fcb will belong to one pcb from audit_pcbs[]. All of the files
* in a single pcb will have the same suffix in their filenames. If the
* number of active pcbs in audit_pcbs[] is greater that the number of open
* files a single process can have then the program will need to fork
* subprocesses to handle all of the files.
*/
extern int pcbsize; /* current size of audit_pcbs[] */
extern int pcbnum; /* total # of active pcbs in audit_pcbs[] */
/*
* Time values
*/
/*
* Counting vars
*/
extern int filenum; /* number of files total */
/*
* Global variable, class of current record being processed.
*/
extern int global_class;
#ifdef __cplusplus
}
#endif
#endif /* _AUDITRT_H */