/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
/*
*/
#include <stdio.h>
#include <stdlib.h>
#include <bsm/audit_kevents.h>
#include <bsm/audit_kevents.h>
#include <synch.h>
/* in ALLOC_INCR increments */
static int alloc_map();
static int load_map();
static int realloc_map();
typedef struct event_map {
} event_map_t;
/*
* au_preselect:
*
* Keep a dynamic array of event<-->class mappings.
* Refresh the map when the value of flag is AU_PRS_REREAD.
* Return:
* 0: event is not preselected.
* 1: event is normal preselected.
* 2: event is forced preselected.
* -1: There was an error:
* Couldn't allocate memory.
* Couldn't find event.
*/
int
{
int i;
(void) mutex_lock(&mutex_au_preselect);
if (!been_here_before) {
if (alloc_map() == -1) {
(void) mutex_unlock(&mutex_au_preselect);
return (-1);
}
if (load_map() == -1) {
(void) mutex_unlock(&mutex_au_preselect);
return (-1);
}
/*
* We have just loaded the map. Disable reloading for now, no
* matter if 'flag' is AU_PRS_REREAD or not.
*/
}
/*
* Don't use the cache. Re-read the audit_event(4) db.
*/
if (flag == AU_PRS_REREAD) {
if (load_map() == -1) {
(void) mutex_unlock(&mutex_au_preselect);
return (-1);
}
}
/* Determine what portion of the preselection mask to check. */
if (sorf == AU_PRS_SUCCESS) {
} else if (sorf == AU_PRS_FAILURE) {
} else {
}
for (i = 0; i < event_count; i++) {
(void) mutex_unlock(&mutex_au_preselect);
return (1);
/* force this event */
(void) mutex_unlock(&mutex_au_preselect);
return (2);
}
(void) mutex_unlock(&mutex_au_preselect);
return (0);
}
}
(void) mutex_unlock(&mutex_au_preselect);
return (-1); /* could not find event in the table */
}
/*
* Initially allocate about as many map entries as are there
* are audit events shipped with the system. For sites
* that don't add audit events, this should be enough.
*/
static int
{
if ((event_map = (event_map_t *)
return (-1);
else
return (0);
}
/*
* load the event<->class map into memory
*/
static int
load_map()
{
/*
* Check if audit_class(4) has changed since the last call. If
* so, refresh the forced preselection class and the event to
* class mappings even if audit_event(4) hasn't changed.
*/
/* get the "frcp" class definition */
} else {
}
clf_timestamp = st;
}
}
/*
* Check if audit_event(4) has changed since the last call. If not, do
* nothing as the map is up to date and there is no reason to refresh
* it. When an error occurs, we are in a "don't know" state, st remains
* zeroed and the map will be again reloaded next time we call
* load_map(), just in case.
*/
return (0);
}
}
/* Load the map */
event_count = 0;
setauevent();
/*
* Skip kernel audit events (event numbers 0-2047 are reserved
* for them, actual number in use is MAX_KEVENTS) since they
* aren't needed here for userland event lookups.
*/
if (event_count >= alloc_count) {
if (realloc_map() == -1) {
endauevent();
return (-1);
}
}
++event_count;
}
}
endauevent();
/* Update the timestamp to avoid unnecessary reloads. */
evf_timestamp = st;
return (0);
}
/*
* realloc the event map in ALLOC_INCR increments
*/
static int
{
return (-1);
return (0);
}