The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/bsm/audit.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*
    2  * Copyright (c) 2005 Apple Computer, Inc.
    3  * All rights reserved.
    4  *
    5  * Redistribution and use in source and binary forms, with or without
    6  * modification, are permitted provided that the following conditions
    7  * are met:
    8  *
    9  * 1.  Redistributions of source code must retain the above copyright
   10  *     notice, this list of conditions and the following disclaimer.
   11  * 2.  Redistributions in binary form must reproduce the above copyright
   12  *     notice, this list of conditions and the following disclaimer in the
   13  *     documentation and/or other materials provided with the distribution.
   14  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
   15  *     its contributors may be used to endorse or promote products derived
   16  *     from this software without specific prior written permission.
   17  *
   18  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
   19  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
   20  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   21  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
   22  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   23  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   24  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   25  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   26  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   27  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   28  *
   29  * P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40
   30  * $FreeBSD$
   31  */
   32 
   33 #ifndef _BSM_AUDIT_H
   34 #define _BSM_AUDIT_H
   35 
   36 #include <sys/param.h>
   37 #include <sys/cdefs.h>
   38 #include <sys/queue.h>
   39 
   40 #define AUDIT_RECORD_MAGIC      0x828a0f1b
   41 #define MAX_AUDIT_RECORDS       20
   42 #define MAXAUDITDATA            (0x8000 - 1)
   43 #define MAX_AUDIT_RECORD_SIZE   MAXAUDITDATA
   44 #define MIN_AUDIT_FILE_SIZE     (512 * 1024)
   45 
   46 /*
   47  * Minimum noumber of free blocks on the filesystem containing the audit
   48  * log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0
   49  * as the kernel does an unsigned compare, plus we want to leave a few blocks
   50  * free so userspace can terminate the log, etc.
   51  */
   52 #define AUDIT_HARD_LIMIT_FREE_BLOCKS    4
   53 
   54 /*
   55  * Triggers for the audit daemon.
   56  */
   57 #define AUDIT_TRIGGER_MIN               1
   58 #define AUDIT_TRIGGER_LOW_SPACE         1       /* Below low watermark. */
   59 #define AUDIT_TRIGGER_ROTATE_KERNEL     2       /* Kernel requests rotate. */
   60 #define AUDIT_TRIGGER_READ_FILE         3       /* Re-read config file. */
   61 #define AUDIT_TRIGGER_CLOSE_AND_DIE     4       /* Terminate audit. */
   62 #define AUDIT_TRIGGER_NO_SPACE          5       /* Below min free space. */
   63 #define AUDIT_TRIGGER_ROTATE_USER       6       /* User requests roate. */
   64 #define AUDIT_TRIGGER_MAX               6
   65 
   66 /*
   67  * The special device filename (FreeBSD).
   68  */
   69 #define AUDITDEV_FILENAME       "audit"
   70 #define AUDIT_TRIGGER_FILE      ("/dev/" AUDITDEV_FILENAME)
   71 
   72 /*
   73  * Pre-defined audit IDs
   74  */
   75 #define AU_DEFAUDITID   -1
   76 
   77 /*
   78  * IPC types.
   79  */
   80 #define AT_IPC_MSG      ((u_char)1)     /* Message IPC id. */
   81 #define AT_IPC_SEM      ((u_char)2)     /* Semaphore IPC id. */
   82 #define AT_IPC_SHM      ((u_char)3)     /* Shared mem IPC id. */
   83 
   84 /*
   85  * Audit conditions.
   86  */
   87 #define AUC_UNSET               0
   88 #define AUC_AUDITING            1
   89 #define AUC_NOAUDIT             2
   90 #define AUC_DISABLED            -1
   91 
   92 /*
   93  * auditon(2) commands.
   94  */
   95 #define A_GETPOLICY     2
   96 #define A_SETPOLICY     3
   97 #define A_GETKMASK      4
   98 #define A_SETKMASK      5
   99 #define A_GETQCTRL      6
  100 #define A_SETQCTRL      7
  101 #define A_GETCWD        8
  102 #define A_GETCAR        9
  103 #define A_GETSTAT       12
  104 #define A_SETSTAT       13
  105 #define A_SETUMASK      14
  106 #define A_SETSMASK      15
  107 #define A_GETCOND       20
  108 #define A_SETCOND       21
  109 #define A_GETCLASS      22
  110 #define A_SETCLASS      23
  111 #define A_GETPINFO      24
  112 #define A_SETPMASK      25
  113 #define A_SETFSIZE      26
  114 #define A_GETFSIZE      27
  115 #define A_GETPINFO_ADDR 28
  116 #define A_GETKAUDIT     29
  117 #define A_SETKAUDIT     30
  118 #define A_SENDTRIGGER   31
  119 
  120 /*
  121  * Audit policy controls.
  122  */
  123 #define AUDIT_CNT       0x0001
  124 #define AUDIT_AHLT      0x0002
  125 #define AUDIT_ARGV      0x0004
  126 #define AUDIT_ARGE      0x0008
  127 #define AUDIT_SEQ       0x0010
  128 #define AUDIT_WINDATA   0x0020
  129 #define AUDIT_USER      0x0040
  130 #define AUDIT_GROUP     0x0080
  131 #define AUDIT_TRAIL     0x0100
  132 #define AUDIT_PATH      0x0200
  133 #define AUDIT_SCNT      0x0400
  134 #define AUDIT_PUBLIC    0x0800
  135 #define AUDIT_ZONENAME  0x1000
  136 #define AUDIT_PERZONE   0x2000
  137 
  138 /*
  139  * Default audit queue control parameters.
  140  */
  141 #define AQ_HIWATER      100
  142 #define AQ_MAXHIGH      10000
  143 #define AQ_LOWATER      10
  144 #define AQ_BUFSZ        MAXAUDITDATA
  145 #define AQ_MAXBUFSZ     1048576
  146 
  147 /*
  148  * Default minimum percentage free space on file system.
  149  */
  150 #define AU_FS_MINFREE   20
  151 
  152 /*
  153  * Type definitions used indicating the length of variable length addresses
  154  * in tokens containing addresses, such as header fields.
  155  */
  156 #define AU_IPv4         4
  157 #define AU_IPv6         16
  158 
  159 __BEGIN_DECLS
  160 
  161 typedef uid_t           au_id_t;
  162 typedef pid_t           au_asid_t;
  163 typedef u_int16_t       au_event_t;
  164 typedef u_int16_t       au_emod_t;
  165 typedef u_int32_t       au_class_t;
  166 
  167 struct au_tid {
  168         dev_t           port;
  169         u_int32_t       machine;
  170 };
  171 typedef struct au_tid   au_tid_t;
  172 
  173 struct au_tid_addr {
  174         dev_t           at_port;
  175         u_int32_t       at_type;
  176         u_int32_t       at_addr[4];
  177 };
  178 typedef struct au_tid_addr      au_tid_addr_t;
  179 
  180 struct au_mask {
  181         unsigned int    am_success;     /* Success bits. */
  182         unsigned int    am_failure;     /* Failure bits. */
  183 };
  184 typedef struct au_mask  au_mask_t;
  185 
  186 struct auditinfo {
  187         au_id_t         ai_auid;        /* Audit user ID. */
  188         au_mask_t       ai_mask;        /* Audit masks. */
  189         au_tid_t        ai_termid;      /* Terminal ID. */
  190         au_asid_t       ai_asid;        /* Audit session ID. */
  191 };
  192 typedef struct auditinfo        auditinfo_t;
  193 
  194 struct auditinfo_addr {
  195         au_id_t         ai_auid;        /* Audit user ID. */
  196         au_mask_t       ai_mask;        /* Audit masks. */
  197         au_tid_addr_t   ai_termid;      /* Terminal ID. */
  198         au_asid_t       ai_asid;        /* Audit session ID. */
  199 };
  200 typedef struct auditinfo_addr   auditinfo_addr_t;
  201 
  202 struct auditpinfo {
  203         pid_t           ap_pid;         /* ID of target process. */
  204         au_id_t         ap_auid;        /* Audit user ID. */
  205         au_mask_t       ap_mask;        /* Audit masks. */
  206         au_tid_t        ap_termid;      /* Terminal ID. */
  207         au_asid_t       ap_asid;        /* Audit session ID. */
  208 };
  209 typedef struct auditpinfo       auditpinfo_t;
  210 
  211 struct auditpinfo_addr {
  212         pid_t           ap_pid;         /* ID of target process. */
  213         au_id_t         ap_auid;        /* Audit user ID. */
  214         au_mask_t       ap_mask;        /* Audit masks. */
  215         au_tid_addr_t   ap_termid;      /* Terminal ID. */
  216         au_asid_t       ap_asid;        /* Audit session ID. */
  217 };
  218 typedef struct auditpinfo_addr  auditpinfo_addr_t;
  219 
  220 /*
  221  * Contents of token_t are opaque outside of libbsm.
  222  */
  223 typedef struct au_token token_t;
  224 
  225 /*
  226  * Kernel audit queue control parameters.
  227  */
  228 struct au_qctrl {
  229         size_t  aq_hiwater;
  230         size_t  aq_lowater;
  231         size_t  aq_bufsz;
  232         clock_t aq_delay;
  233         int     aq_minfree;     /* Minimum filesystem percent free space. */
  234 };
  235 typedef struct au_qctrl au_qctrl_t;
  236 
  237 /*
  238  * Structure for the audit statistics.
  239  */
  240 struct audit_stat {
  241         unsigned int    as_version;
  242         unsigned int    as_numevent;
  243         int             as_generated;
  244         int             as_nonattrib;
  245         int             as_kernel;
  246         int             as_audit;
  247         int             as_auditctl;
  248         int             as_enqueue;
  249         int             as_written;
  250         int             as_wblocked;
  251         int             as_rblocked;
  252         int             as_dropped;
  253         int             as_totalsize;
  254         unsigned int    as_memused;
  255 };
  256 typedef struct audit_stat       au_stat_t;
  257 
  258 /*
  259  * Structure for the audit file statistics.
  260  */
  261 struct audit_fstat {
  262         u_quad_t        af_filesz;
  263         u_quad_t        af_currsz;
  264 };
  265 typedef struct audit_fstat      au_fstat_t;
  266 
  267 /*
  268  * Audit to event class mapping.
  269  */
  270 struct au_evclass_map {
  271         au_event_t      ec_number;
  272         au_class_t      ec_class;
  273 };
  274 typedef struct au_evclass_map   au_evclass_map_t;
  275 
  276 /*
  277  * Audit system calls.
  278  */
  279 #if !defined(_KERNEL) && !defined(KERNEL)
  280 int     audit(const void *, int);
  281 int     auditon(int, void *, int);
  282 int     auditctl(const char *);
  283 int     getauid(au_id_t *);
  284 int     setauid(const au_id_t *);
  285 int     getaudit(struct auditinfo *);
  286 int     setaudit(const struct auditinfo *);
  287 int     getaudit_addr(struct auditinfo_addr *, int);
  288 int     setaudit_addr(const struct auditinfo_addr *, int);
  289 #endif /* defined(_KERNEL) || defined(KERNEL) */
  290 
  291 __END_DECLS
  292 
  293 #endif /* !_BSM_AUDIT_H */

Cache object: 5979373a6d5480dada9a4e42bd04509a


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.