xref: /illumos-gate/usr/src/lib/auditd_plugins/auditd.h (revision 13b136d3061155363c62c9f6568d25b8b27da8f6)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * This is an unstable interface; changes may be made without
26  * notice.
27  */
28 
29 #ifndef	_AUDITD_H
30 #define	_AUDITD_H
31 
32 #include <secdb.h>
33 #include <sys/types.h>
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
39 /*
40  * "WARN" errors trigger calls to audit_warn
41  */
42 enum auditd_rc {
43 	AUDITD_SUCCESS,	/*   ok						*/
44 	AUDITD_RETRY,	/*   retry after a delay	(WARN retry)	*/
45 	AUDITD_NO_MEMORY, /* can't allocate memory	(WARN no_memory) */
46 	AUDITD_INVALID,	/*   bad input			(WARN invalid)	*/
47 	AUDITD_COMM_FAIL, /* communications failure			*/
48 	AUDITD_FATAL,	/*   other error		(WARN failure)	*/
49 	AUDITD_FAIL	/*   other non-fatal error			*/
50 };
51 typedef enum auditd_rc auditd_rc_t;
52 
53 /*
54  * auditd_plugin()
55  *	arg 1 - input buffer, binary Solaris audit record
56  *	arg 2 - input buffer length
57  *	arg 3 - record sequence number
58  *	arg 4 - optional explanation of error return (use NULL,
59  *		not an empty string if not used.)
60  */
61 auditd_rc_t	auditd_plugin(const char *, size_t, uint64_t, char **);
62 /*
63  * auditd_plugin_open()
64  *	arg 1 - attr/val struct, use with kva_match()
65  *	arg 2 - attr/value pair string:  attr1=value1;attr2=value2
66  *	arg 3 - optional explanation of error return (use NULL,
67  *		not an empty string if not used.)
68  *
69  *	make local copy of args 1 and 2; they are trashed after return.
70  */
71 auditd_rc_t	auditd_plugin_open(const kva_t *, char **, char **);
72 
73 /*
74  * auditd_plugin_close()
75  *	arg 1 - optional explanation of error return (use NULL,
76  *		not an empty string if not used.)
77  */
78 auditd_rc_t	auditd_plugin_close(char **);
79 
80 #ifdef	__cplusplus
81 }
82 #endif
83 
84 #endif	/* _AUDITD_H */
85