1 /*- 2 * Copyright (c) 2006 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * This software was developed by Robert Watson for the TrustedBSD Project. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #define AUDITFILTERD_CONFFILE "/etc/security/audit_filter" 30 #define AUDITFILTERD_PIPEFILE "/dev/auditpipe" 31 32 /* 33 * Limit on the number of arguments that can appear in an audit_filterd 34 * configuration line. 35 */ 36 #define AUDITFILTERD_CONF_MAXARGS 256 37 38 /* 39 * Data structure description each instantiated module. 40 */ 41 struct auditfilter_module { 42 /* 43 * Fields from configuration file and dynamic linker. 44 */ 45 char *am_modulename; 46 char *am_arg_buffer; 47 int am_argc; 48 char **am_argv; 49 void *am_dlhandle; 50 51 /* 52 * Fields provided by or extracted from the module. 53 */ 54 void *am_cookie; 55 audit_filter_attach_t am_attach; 56 audit_filter_reinit_t am_reinit; 57 audit_filter_record_t am_record; 58 audit_filter_rawrecord_t am_rawrecord; 59 audit_filter_detach_t am_detach; 60 61 /* 62 * Fields for maintaining the list of modules. 63 */ 64 TAILQ_ENTRY(auditfilter_module) am_list; 65 }; 66 TAILQ_HEAD(auditfilter_module_list, auditfilter_module); 67 68 /* 69 * List of currently registered modules. 70 */ 71 extern struct auditfilter_module_list filter_list; 72 73 /* 74 * Function definitions. 75 */ 76 int auditfilterd_conf(const char *filename, FILE *fp); 77 void auditfilterd_conf_shutdown(void); 78