Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/bsd/sys/audit.h
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. 7 * 8 * This file contains Original Code and/or Modifications of Original Code 9 * as defined in and that are subject to the Apple Public Source License 10 * Version 2.0 (the 'License'). You may not use this file except in 11 * compliance with the License. Please obtain a copy of the License at 12 * http://www.opensource.apple.com/apsl/ and read it before using this 13 * file. 14 * 15 * The Original Code and all software distributed under the License are 16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 20 * Please see the License for the specific language governing rights and 21 * limitations under the License. 22 * 23 * @APPLE_LICENSE_HEADER_END@ 24 */ 25 26 #ifndef _SYS_AUDIT_H 27 #define _SYS_AUDIT_H 28 29 #include <sys/queue.h> 30 #include <sys/ucred.h> 31 #include <sys/param.h> 32 #include <sys/ipc.h> 33 #include <sys/socket.h> 34 35 #define AUDIT_RECORD_MAGIC 0x828a0f1b 36 #define MAX_AUDIT_RECORDS 20 37 #define MAX_AUDIT_RECORD_SIZE 4096 38 39 /* 40 * Define the masks for the classes of audit events. 41 */ 42 #define AU_NULL 0x00000000 43 #define AU_FREAD 0x00000001 44 #define AU_FWRITE 0x00000002 45 #define AU_FACCESS 0x00000004 46 #define AU_FMODIFY 0x00000008 47 #define AU_FCREATE 0x00000010 48 #define AU_FDELETE 0x00000020 49 #define AU_CLOSE 0x00000040 50 #define AU_PROCESS 0x00000080 51 #define AU_NET 0x00000100 52 #define AU_IPC 0x00000200 53 #define AU_NONAT 0x00000400 54 #define AU_ADMIN 0x00000800 55 #define AU_LOGIN 0x00001000 56 #define AU_TFM 0x00002000 57 #define AU_APPL 0x00004000 58 #define AU_SETL 0x00008000 59 #define AU_IFLOAT 0x00010000 60 #define AU_PRIV 0x00020000 61 #define AU_MAC_RW 0x00040000 62 #define AU_XCONN 0x00080000 63 #define AU_XCREATE 0x00100000 64 #define AU_XDELETE 0x00200000 65 #define AU_XIFLOAT 0x00400000 66 #define AU_XPRIVS 0x00800000 67 #define AU_XPRIVF 0x01000000 68 #define AU_XMOVE 0x02000000 69 #define AU_XDACF 0x04000000 70 #define AU_XMACF 0x08000000 71 #define AU_XSECATTR 0x10000000 72 #define AU_IOCTL 0x20000000 73 #define AU_EXEC 0x40000000 74 #define AU_OTHER 0x80000000 75 #define AU_ALL 0xffffffff 76 77 /* 78 * IPC types 79 */ 80 #define AT_IPC_MSG ((u_char)1) /* message IPC id */ 81 #define AT_IPC_SEM ((u_char)2) /* semaphore IPC id */ 82 #define AT_IPC_SHM ((u_char)3) /* shared mem IPC id */ 83 84 /* 85 * Audit conditions. 86 */ 87 #define AUC_UNSET 0 88 #define AUC_AUDITING 1 89 #define AUC_NOAUDIT 2 90 #define AUC_DISABLED -1 91 92 /* 93 * auditon(2) commands. 94 */ 95 #define A_GETPOLICY 2 96 #define A_SETPOLICY 3 97 #define A_GETKMASK 4 98 #define A_SETKMASK 5 99 #define A_GETQCTRL 6 100 #define A_SETQCTRL 7 101 #define A_GETCWD 8 102 #define A_GETCAR 9 103 #define A_GETSTAT 12 104 #define A_SETSTAT 13 105 #define A_SETUMASK 14 106 #define A_SETSMASK 15 107 #define A_GETCOND 20 108 #define A_SETCOND 21 109 #define A_GETCLASS 22 110 #define A_SETCLASS 23 111 #define A_GETPINFO 24 112 #define A_SETPMASK 25 113 #define A_SETFSIZE 26 114 #define A_GETFSIZE 27 115 #define A_GETPINFO_ADDR 28 116 #define A_GETKAUDIT 29 117 #define A_SETKAUDIT 30 118 119 /* 120 * Audit policy controls. 121 */ 122 #define AUDIT_CNT 0x0001 123 #define AUDIT_AHLT 0x0002 124 #define AUDIT_ARGV 0x0004 125 #define AUDIT_ARGE 0x0008 126 #define AUDIT_PASSWD 0x0010 127 #define AUDIT_SEQ 0x0020 128 #define AUDIT_WINDATA 0x0040 129 #define AUDIT_USER 0x0080 130 #define AUDIT_GROUP 0x0100 131 #define AUDIT_TRAIL 0x0200 132 #define AUDIT_PATH 0x0400 133 134 typedef uid_t au_id_t; 135 typedef pid_t au_asid_t; 136 typedef u_int16_t au_event_t; 137 typedef u_int16_t au_emod_t; 138 typedef u_int32_t au_class_t; 139 140 struct au_tid { 141 dev_t port; 142 u_int32_t machine; 143 }; 144 typedef struct au_tid au_tid_t; 145 146 struct au_tid_addr { 147 dev_t at_port; 148 u_int32_t at_type; 149 u_int32_t at_addr[4]; 150 }; 151 typedef struct au_tid_addr au_tid_addr_t; 152 153 struct au_mask { 154 unsigned int am_success; /* success bits */ 155 unsigned int am_failure; /* failure bits */ 156 }; 157 typedef struct au_mask au_mask_t; 158 159 struct auditinfo { 160 au_id_t ai_auid; /* Audit user ID */ 161 au_mask_t ai_mask; /* Audit masks */ 162 au_tid_t ai_termid; /* Terminal ID */ 163 au_asid_t ai_asid; /* Audit session ID */ 164 }; 165 typedef struct auditinfo auditinfo_t; 166 167 struct auditinfo_addr { 168 au_id_t ai_auid; /* Audit user ID */ 169 au_mask_t ai_mask; /* Audit masks */ 170 au_tid_addr_t ai_termid; /* Terminal ID */ 171 au_asid_t ai_asid; /* Audit session ID */ 172 }; 173 typedef struct auditinfo_addr auditinfo_addr_t; 174 175 /* Token and record structures */ 176 177 struct au_token { 178 u_char *t_data; 179 size_t len; 180 TAILQ_ENTRY(au_token) tokens; 181 }; 182 typedef struct au_token token_t; 183 184 struct au_record { 185 char used; /* Is this record currently being used */ 186 int desc; /* The descriptor associated with this record */ 187 TAILQ_HEAD(, au_token) token_q; /* queue of BSM tokens */ 188 u_char *data; 189 size_t len; 190 LIST_ENTRY(au_record) au_rec_q; 191 }; 192 typedef struct au_record au_record_t; 193 194 #ifndef KERNEL 195 #include <sys/cdefs.h> 196 197 __BEGIN_DECLS 198 int audit (const void *, int); 199 int auditon (int, void *, int); 200 int auditsvc (int, int); 201 int auditctl (const char *); 202 int getauid (au_id_t *); 203 int setauid (const au_id_t *); 204 int getaudit (struct auditinfo *); 205 int setaudit (const struct auditinfo *); 206 int getaudit_addr (struct auditinfo_addr *, int); 207 int setaudit_addr (const struct auditinfo_addr *, int); 208 __END_DECLS 209 #endif /* !KERNEL */ 210 211 #endif /* !_SYS_AUDIT_H */
Cache object: 9f2947211f69436c235d2599f9620ba2
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]