xref: /freebsd/sys/bsm/audit_internal.h (revision a5c6cfa00d9aad0a0da65a940ac6d782edfa841e) 
1a5c6cfa0SRobert Watson /*-
2a5c6cfa0SRobert Watson  * Copyright (c) 2005 Apple Inc.
3a5c6cfa0SRobert Watson  * Copyright (c) 2005 SPARTA, Inc.
4a5c6cfa0SRobert Watson  * All rights reserved.
5a5c6cfa0SRobert Watson  *
6a5c6cfa0SRobert Watson  * This code was developed in part by Robert N. M. Watson, Senior Principal
7a5c6cfa0SRobert Watson  * Scientist, SPARTA, Inc.
8a5c6cfa0SRobert Watson  *
9a5c6cfa0SRobert Watson  * Redistribution and use in source and binary forms, with or without
10a5c6cfa0SRobert Watson  * modification, are permitted provided that the following conditions
11a5c6cfa0SRobert Watson  * are met:
12a5c6cfa0SRobert Watson  *
13a5c6cfa0SRobert Watson  * 1.  Redistributions of source code must retain the above copyright
14a5c6cfa0SRobert Watson  *     notice, this list of conditions and the following disclaimer.
15a5c6cfa0SRobert Watson  * 2.  Redistributions in binary form must reproduce the above copyright
16a5c6cfa0SRobert Watson  *     notice, this list of conditions and the following disclaimer in the
17a5c6cfa0SRobert Watson  *     documentation and/or other materials provided with the distribution.
18a5c6cfa0SRobert Watson  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
19a5c6cfa0SRobert Watson  *     its contributors may be used to endorse or promote products derived
20a5c6cfa0SRobert Watson  *     from this software without specific prior written permission.
21a5c6cfa0SRobert Watson  *
22a5c6cfa0SRobert Watson  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
23a5c6cfa0SRobert Watson  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
24a5c6cfa0SRobert Watson  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25a5c6cfa0SRobert Watson  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
26a5c6cfa0SRobert Watson  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27a5c6cfa0SRobert Watson  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28a5c6cfa0SRobert Watson  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29a5c6cfa0SRobert Watson  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30a5c6cfa0SRobert Watson  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31a5c6cfa0SRobert Watson  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32a5c6cfa0SRobert Watson  *
33a5c6cfa0SRobert Watson  * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#2 $
34a5c6cfa0SRobert Watson  */
35a5c6cfa0SRobert Watson 
36a5c6cfa0SRobert Watson #ifndef _AUDIT_INTERNAL_H
37a5c6cfa0SRobert Watson #define	_AUDIT_INTERNAL_H
38a5c6cfa0SRobert Watson 
39a5c6cfa0SRobert Watson #if defined(__linux__) && !defined(__unused)
40a5c6cfa0SRobert Watson #define	__unused
41a5c6cfa0SRobert Watson #endif
42a5c6cfa0SRobert Watson 
43a5c6cfa0SRobert Watson /*
44a5c6cfa0SRobert Watson  * audit_internal.h contains private interfaces that are shared by user space
45a5c6cfa0SRobert Watson  * and the kernel for the purposes of assembling audit records.  Applications
46a5c6cfa0SRobert Watson  * should not include this file or use the APIs found within, or it may be
47a5c6cfa0SRobert Watson  * broken with future releases of OpenBSM, which may delete, modify, or
48a5c6cfa0SRobert Watson  * otherwise break these interfaces or the assumptions they rely on.
49a5c6cfa0SRobert Watson  */
50a5c6cfa0SRobert Watson struct au_token {
51a5c6cfa0SRobert Watson 	u_char			*t_data;
52a5c6cfa0SRobert Watson 	size_t			 len;
53a5c6cfa0SRobert Watson 	TAILQ_ENTRY(au_token)	 tokens;
54a5c6cfa0SRobert Watson };
55a5c6cfa0SRobert Watson 
56a5c6cfa0SRobert Watson struct au_record {
57a5c6cfa0SRobert Watson 	char			 used;		/* Record currently in use? */
58a5c6cfa0SRobert Watson 	int			 desc;		/* Descriptor for record. */
59a5c6cfa0SRobert Watson 	TAILQ_HEAD(, au_token)	 token_q;	/* Queue of BSM tokens. */
60a5c6cfa0SRobert Watson 	u_char			*data;
61a5c6cfa0SRobert Watson 	size_t			 len;
62a5c6cfa0SRobert Watson 	LIST_ENTRY(au_record)	 au_rec_q;
63a5c6cfa0SRobert Watson };
64a5c6cfa0SRobert Watson typedef	struct au_record	au_record_t;
65a5c6cfa0SRobert Watson 
66a5c6cfa0SRobert Watson 
67a5c6cfa0SRobert Watson /*
68a5c6cfa0SRobert Watson  * We could determined the header and trailer sizes by defining appropriate
69a5c6cfa0SRobert Watson  * structures.  We hold off that approach until we have a consistent way of
70a5c6cfa0SRobert Watson  * using structures for all tokens.  This is not straightforward since these
71a5c6cfa0SRobert Watson  * token structures may contain pointers of whose contents we do not know the
72a5c6cfa0SRobert Watson  * size (e.g text tokens).
73a5c6cfa0SRobert Watson  */
74a5c6cfa0SRobert Watson #define	AUDIT_HEADER_EX_SIZE(a)	((a)->ai_termid.at_type+18+sizeof(u_int32_t))
75a5c6cfa0SRobert Watson #define	AUDIT_HEADER_SIZE	18
76a5c6cfa0SRobert Watson #define	MAX_AUDIT_HEADER_SIZE	(5*sizeof(u_int32_t)+18)
77a5c6cfa0SRobert Watson #define	AUDIT_TRAILER_SIZE	7
78a5c6cfa0SRobert Watson 
79a5c6cfa0SRobert Watson /*
80a5c6cfa0SRobert Watson  * BSM token streams store fields in big endian byte order, so as to be
81a5c6cfa0SRobert Watson  * portable; when encoding and decoding, we must convert byte orders for
82a5c6cfa0SRobert Watson  * typed values.
83a5c6cfa0SRobert Watson  */
84a5c6cfa0SRobert Watson #define	ADD_U_CHAR(loc, val)						\
85a5c6cfa0SRobert Watson 	do {								\
86a5c6cfa0SRobert Watson 		*(loc) = (val);						\
87a5c6cfa0SRobert Watson 		(loc) += sizeof(u_char);				\
88a5c6cfa0SRobert Watson 	} while(0)
89a5c6cfa0SRobert Watson 
90a5c6cfa0SRobert Watson 
91a5c6cfa0SRobert Watson #define	ADD_U_INT16(loc, val)						\
92a5c6cfa0SRobert Watson 	do {								\
93a5c6cfa0SRobert Watson 		be16enc((loc), (val));					\
94a5c6cfa0SRobert Watson 		(loc) += sizeof(u_int16_t);				\
95a5c6cfa0SRobert Watson 	} while(0)
96a5c6cfa0SRobert Watson 
97a5c6cfa0SRobert Watson #define	ADD_U_INT32(loc, val)						\
98a5c6cfa0SRobert Watson 	do {								\
99a5c6cfa0SRobert Watson 		be32enc((loc), (val));					\
100a5c6cfa0SRobert Watson 		(loc) += sizeof(u_int32_t);				\
101a5c6cfa0SRobert Watson 	} while(0)
102a5c6cfa0SRobert Watson 
103a5c6cfa0SRobert Watson #define	ADD_U_INT64(loc, val)						\
104a5c6cfa0SRobert Watson 	do {								\
105a5c6cfa0SRobert Watson 		be64enc((loc), (val));					\
106a5c6cfa0SRobert Watson 		(loc) += sizeof(u_int64_t); 				\
107a5c6cfa0SRobert Watson 	} while(0)
108a5c6cfa0SRobert Watson 
109a5c6cfa0SRobert Watson #define	ADD_MEM(loc, data, size)					\
110a5c6cfa0SRobert Watson 	do {								\
111a5c6cfa0SRobert Watson 		memcpy((loc), (data), (size));				\
112a5c6cfa0SRobert Watson 		(loc) += size;						\
113a5c6cfa0SRobert Watson 	} while(0)
114a5c6cfa0SRobert Watson 
115a5c6cfa0SRobert Watson #define	ADD_STRING(loc, data, size)	ADD_MEM(loc, data, size)
116a5c6cfa0SRobert Watson 
117a5c6cfa0SRobert Watson #endif /* !_AUDIT_INTERNAL_H_ */
118