audit.h revision 787b48eaa495c619f2cbed6175e0fead6a840516
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* This file contains the declarations of the various data structures
* used by the auditing module(s).
*/
#ifndef _BSM_AUDIT_H
#define _BSM_AUDIT_H
#pragma ident "%Z%%M% %I% %E% SMI"
#ifdef __cplusplus
extern "C" {
#endif
/*
* Audit conditions, statements reguarding what's to be done with
* audit records. Neither AUC_ENABLED, AUC_DISABLED, nor AUC_UNSET
* are returned on an auditconfig -getcond call.
*/
/* global state */
/* local zone state */
/*
* The user id -2 is never audited - in fact, a setauid(AU_NOAUDITID)
* will turn off auditing.
*/
/*
*/
/*
* Defines for event modifier field
*/
/*
* Some typedefs for the fundamentals
*/
typedef uint_t au_class_t;
typedef short au_event_t;
typedef short au_emod_t;
/*
* An audit event mask.
*/
struct au_mask {
unsigned int am_success; /* success bits */
unsigned int am_failure; /* failure bits */
};
#define as_success am_success
#define as_failure am_failure
/*
* The structure of the terminal ID (ipv4)
*/
struct au_tid {
};
#if defined(_SYSCALL32)
struct au_tid32 {
};
typedef struct au_tid32 au_tid32_t;
#endif
/*
* The structure of the terminal ID (ipv6)
*/
struct au_tid_addr {
};
struct au_port_s {
};
struct au_tid_addr64 {
};
typedef struct au_tid_addr64 au_tid64_addr_t;
#if defined(_SYSCALL32)
struct au_tid_addr32 {
};
typedef struct au_tid_addr32 au_tid32_addr_t;
#endif
typedef struct au_tid_addr au_tid_addr_t;
struct au_ip {
};
/*
* Generic network address structure
*/
struct au_generic_tid {
union {
} gt_adr;
};
typedef struct au_generic_tid au_generic_tid_t;
/*
* au_generic_tid_t gt_type values
* 0 is reserved for uninitialized data
*/
#define AU_IPADR 1
#define AU_ETHER 2
#define AU_DEVICE 3
/*
* at_type values - address length used to identify address type
*/
/*
* Compatability with SunOS 4.x BSM module
*
* New code should not contain audit_state_t,
* au_state_t, nor au_termid as these types
* may go away in future releases.
*
* typedef new-5.x-bsm-name old-4.x-bsm-name
*/
typedef au_class_t au_state_t;
typedef au_mask_t audit_state_t;
/*
* Opcodes for bsm system calls
*/
#define BSM_GETAUID 19
#define BSM_SETAUID 20
#define BSM_GETAUDIT 21
#define BSM_SETAUDIT 22
#define BSM_GETUSERAUDIT 23
#define BSM_SETUSERAUDIT 24
#define BSM_AUDIT 25
/* 26 OBSOLETE */
/* 27 EOL announced for Sol 10 */
#define BSM_AUDITON 28
#define BSM_AUDITCTL 29
#define BSM_GETKERNSTATE 30
#define BSM_SETKERNSTATE 31
#define BSM_GETPORTAUDIT 32
#define BSM_REVOKE 33
#define BSM_AUDITSTAT 34
#define BSM_GETAUDIT_ADDR 35
#define BSM_SETAUDIT_ADDR 36
#define BSM_AUDITDOOR 37
/*
* Auditctl(2) commands
*/
/*
* Audit Policy parameters (32 bits)
*/
/*
* If AUDIT_GLOBAL changes, corresponding changes are required in
* audit_syscalls.c's setpolicy().
*/
AUDIT_SEQ | AUDIT_WINDATA |\
/*
* Kernel audit queue control parameters
*
* audit record recording blocks at hiwater # undelived records
* audit record recording resumes at lowwater # undelivered audit records
* bufsz determines how big the data xfers will be to the audit trail
*/
struct au_qctrl {
};
#if defined(_SYSCALL32)
struct au_qctrl32 {
};
#endif
/*
* default values of hiwater and lowater (note hi > lo)
*/
#define AQ_HIWATER 100
#define AQ_MAXHIGH 100000
#define AQ_LOWATER 10
#define AQ_BUFSZ 8192
#define AQ_MAXBUFSZ 1048576
#define AQ_DELAY 20
#define AQ_MAXDELAY 20000
struct auditinfo {
};
#if defined(_SYSCALL32)
struct auditinfo32 {
};
typedef struct auditinfo32 auditinfo32_t;
#endif
typedef struct auditinfo auditinfo_t;
struct auditinfo_addr {
};
struct auditinfo_addr64 {
};
typedef struct auditinfo_addr64 auditinfo64_addr_t;
#if defined(_SYSCALL32)
struct auditinfo_addr32 {
};
typedef struct auditinfo_addr32 auditinfo32_addr_t;
#endif
typedef struct auditinfo_addr auditinfo_addr_t;
struct auditpinfo {
};
#if defined(_SYSCALL32)
struct auditpinfo32 {
};
#endif
struct auditpinfo_addr {
};
#if defined(_SYSCALL32)
struct auditpinfo_addr32 {
};
#endif
struct au_evclass_map {
};
typedef struct au_evclass_map au_evclass_map_t;
/*
* Audit stat structures (used to be in audit_stat.h
*/
struct audit_stat {
unsigned int as_version; /* version of kernel audit code */
unsigned int as_numevent; /* number of kernel audit events */
};
typedef struct audit_stat au_stat_t;
extern int au_naevent;
/*
* Secondary stat structure for file size stuff. The stat structure was
* not combined to preserve the semantics of the 5.1 - 5.3 A_GETSTAT call
*/
struct audit_fstat {
unsigned int af_filesz;
unsigned int af_currsz;
};
typedef struct audit_fstat au_fstat_t;
/* get kernel audit context dependent on AUDIT_PERZONE policy */
/* get kernel audit context of global zone */
/* get kernel audit context of non-global zone */
/*
* audit token IPC types (shm, sem, msg) [for ipc attribute]
*/
#if defined(_KERNEL)
#ifdef __cplusplus
}
#endif
#include <sys/pathname.h>
#include <c2/audit_door_infc.h>
#include <sys/netstack.h>
#ifdef __cplusplus
extern "C" {
#endif
struct fcntla;
struct t_audit_data;
struct audit_path;
struct priv_set;
struct devplcysys;
struct auditcalls {
long code;
long a1;
long a2;
long a3;
long a4;
long a5;
};
void audit_cryptoadm(int, char *, crypto_mech_name_t *,
void audit_init(void);
void audit_newproc(struct proc *);
void audit_pfree(struct proc *);
void audit_thread_create(kthread_id_t);
void audit_thread_free(kthread_id_t);
void audit_addcomponent(struct pathname *);
void audit_anchorpath(struct pathname *, int);
void audit_symlink_create(struct vnode *, char *, char *, int);
int file_is_public(struct vattr *);
void audit_attributes(struct vnode *);
void audit_falloc(struct file *);
void audit_unfalloc(struct file *);
void audit_exit(int, int);
void audit_core_start(int);
void audit_core_finish(int);
int *);
unsigned char *, int *, int);
unsigned char, int, int);
void audit_closef(struct file *);
int audit_getf(int);
void audit_setf(struct file *, int);
void audit_reboot(void);
void audit_vncreate_start(void);
void audit_setfsat_path(int argnum);
void audit_vncreate_finish(struct vnode *, int);
void audit_enterprom(int);
void audit_exitprom(int);
void audit_free(void);
int audit_start(unsigned int, unsigned int, int, klwp_t *);
void audit_finish(unsigned int, unsigned int, int, union rval *);
int audit_async_start(label_t *, int, int);
void audit_async_finish(caddr_t *, int, int);
void audit_async_discard_backend(void *);
void audit_async_done(caddr_t *, int);
void audit_async_drop(caddr_t *, int);
#ifndef AUK_CONTEXT_T
#define AUK_CONTEXT_T
typedef struct au_kcontext au_kcontext_t;
#endif
void audit_fixpath(struct audit_path *, int);
void audit_ipc(int, int, void *);
void audit_ipcget(int, void *);
void audit_lookupname();
void audit_fdsend(int, struct file *, int);
void audit_fdrecv(int, struct file *);
void audit_priv(int, const struct priv_set *, int);
void audit_devpolicy(int, const struct devplcysys *);
void audit_kssl(int, void *, int);
pid_t);
#endif
#ifdef __cplusplus
}
#endif
#endif /* _BSM_AUDIT_H */