xref: /freebsd/contrib/openbsm/sys/bsm/audit_internal.h (revision b626f5a73a48f44a31a200291b141e1da408a2ff) 
152267f74SRobert Watson /*-
27a0a89d2SRobert Watson  * Copyright (c) 2005-2008 Apple Inc.
352267f74SRobert Watson  * Copyright (c) 2005 SPARTA, Inc.
452267f74SRobert Watson  * All rights reserved.
552267f74SRobert Watson  *
652267f74SRobert Watson  * This code was developed in part by Robert N. M. Watson, Senior Principal
752267f74SRobert Watson  * Scientist, SPARTA, Inc.
852267f74SRobert Watson  *
952267f74SRobert Watson  * Redistribution and use in source and binary forms, with or without
1052267f74SRobert Watson  * modification, are permitted provided that the following conditions
1152267f74SRobert Watson  * are met:
1252267f74SRobert Watson  *
1352267f74SRobert Watson  * 1.  Redistributions of source code must retain the above copyright
1452267f74SRobert Watson  *     notice, this list of conditions and the following disclaimer.
1552267f74SRobert Watson  * 2.  Redistributions in binary form must reproduce the above copyright
1652267f74SRobert Watson  *     notice, this list of conditions and the following disclaimer in the
1752267f74SRobert Watson  *     documentation and/or other materials provided with the distribution.
18*aa772005SRobert Watson  * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
1952267f74SRobert Watson  *     its contributors may be used to endorse or promote products derived
2052267f74SRobert Watson  *     from this software without specific prior written permission.
2152267f74SRobert Watson  *
2252267f74SRobert Watson  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
2352267f74SRobert Watson  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
2452267f74SRobert Watson  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
2552267f74SRobert Watson  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
2652267f74SRobert Watson  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
2752267f74SRobert Watson  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
2852267f74SRobert Watson  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
2952267f74SRobert Watson  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
3052267f74SRobert Watson  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
3152267f74SRobert Watson  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3252267f74SRobert Watson  */
3352267f74SRobert Watson 
3452267f74SRobert Watson #ifndef _AUDIT_INTERNAL_H
3552267f74SRobert Watson #define	_AUDIT_INTERNAL_H
3652267f74SRobert Watson 
3752267f74SRobert Watson #if defined(__linux__) && !defined(__unused)
3852267f74SRobert Watson #define	__unused
3952267f74SRobert Watson #endif
4052267f74SRobert Watson 
4152267f74SRobert Watson /*
4252267f74SRobert Watson  * audit_internal.h contains private interfaces that are shared by user space
4352267f74SRobert Watson  * and the kernel for the purposes of assembling audit records.  Applications
4452267f74SRobert Watson  * should not include this file or use the APIs found within, or it may be
4552267f74SRobert Watson  * broken with future releases of OpenBSM, which may delete, modify, or
4652267f74SRobert Watson  * otherwise break these interfaces or the assumptions they rely on.
4752267f74SRobert Watson  */
4852267f74SRobert Watson struct au_token {
4952267f74SRobert Watson 	u_char			*t_data;
5052267f74SRobert Watson 	size_t			 len;
5152267f74SRobert Watson 	TAILQ_ENTRY(au_token)	 tokens;
5252267f74SRobert Watson };
5352267f74SRobert Watson 
5452267f74SRobert Watson struct au_record {
5552267f74SRobert Watson 	char			 used;		/* Record currently in use? */
5652267f74SRobert Watson 	int			 desc;		/* Descriptor for record. */
5752267f74SRobert Watson 	TAILQ_HEAD(, au_token)	 token_q;	/* Queue of BSM tokens. */
5852267f74SRobert Watson 	u_char			*data;
5952267f74SRobert Watson 	size_t			 len;
6052267f74SRobert Watson 	LIST_ENTRY(au_record)	 au_rec_q;
6152267f74SRobert Watson };
6252267f74SRobert Watson typedef	struct au_record	au_record_t;
6352267f74SRobert Watson 
6452267f74SRobert Watson 
6552267f74SRobert Watson /*
6652267f74SRobert Watson  * We could determined the header and trailer sizes by defining appropriate
6752267f74SRobert Watson  * structures.  We hold off that approach until we have a consistent way of
6852267f74SRobert Watson  * using structures for all tokens.  This is not straightforward since these
6952267f74SRobert Watson  * token structures may contain pointers of whose contents we do not know the
7052267f74SRobert Watson  * size (e.g text tokens).
7152267f74SRobert Watson  */
7252267f74SRobert Watson #define	AUDIT_HEADER_EX_SIZE(a)	((a)->ai_termid.at_type+18+sizeof(u_int32_t))
7352267f74SRobert Watson #define	AUDIT_HEADER_SIZE	18
7452267f74SRobert Watson #define	MAX_AUDIT_HEADER_SIZE	(5*sizeof(u_int32_t)+18)
7552267f74SRobert Watson #define	AUDIT_TRAILER_SIZE	7
7652267f74SRobert Watson 
7752267f74SRobert Watson /*
7852267f74SRobert Watson  * BSM token streams store fields in big endian byte order, so as to be
7952267f74SRobert Watson  * portable; when encoding and decoding, we must convert byte orders for
8052267f74SRobert Watson  * typed values.
8152267f74SRobert Watson  */
8252267f74SRobert Watson #define	ADD_U_CHAR(loc, val)						\
8352267f74SRobert Watson 	do {								\
8452267f74SRobert Watson 		*(loc) = (val);						\
8552267f74SRobert Watson 		(loc) += sizeof(u_char);				\
8652267f74SRobert Watson 	} while(0)
8752267f74SRobert Watson 
8852267f74SRobert Watson 
8952267f74SRobert Watson #define	ADD_U_INT16(loc, val)						\
9052267f74SRobert Watson 	do {								\
9152267f74SRobert Watson 		be16enc((loc), (val));					\
9252267f74SRobert Watson 		(loc) += sizeof(u_int16_t);				\
9352267f74SRobert Watson 	} while(0)
9452267f74SRobert Watson 
9552267f74SRobert Watson #define	ADD_U_INT32(loc, val)						\
9652267f74SRobert Watson 	do {								\
9752267f74SRobert Watson 		be32enc((loc), (val));					\
9852267f74SRobert Watson 		(loc) += sizeof(u_int32_t);				\
9952267f74SRobert Watson 	} while(0)
10052267f74SRobert Watson 
10152267f74SRobert Watson #define	ADD_U_INT64(loc, val)						\
10252267f74SRobert Watson 	do {								\
10352267f74SRobert Watson 		be64enc((loc), (val));					\
10452267f74SRobert Watson 		(loc) += sizeof(u_int64_t); 				\
10552267f74SRobert Watson 	} while(0)
10652267f74SRobert Watson 
10752267f74SRobert Watson #define	ADD_MEM(loc, data, size)					\
10852267f74SRobert Watson 	do {								\
10952267f74SRobert Watson 		memcpy((loc), (data), (size));				\
11052267f74SRobert Watson 		(loc) += size;						\
11152267f74SRobert Watson 	} while(0)
11252267f74SRobert Watson 
11352267f74SRobert Watson #define	ADD_STRING(loc, data, size)	ADD_MEM(loc, data, size)
11452267f74SRobert Watson 
11552267f74SRobert Watson #endif /* !_AUDIT_INTERNAL_H_ */
116