xref: /titanic_44/usr/src/lib/libbc/inc/include/sys/audit.h (revision a399b7655a1d835aa8606c2b29e4e777baac8635)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 1988 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 /*
29  * Audit trail structures;
30  */
31 
32 #ifndef _sys_audit_h
33 #define _sys_audit_h
34 
35 /*
36  * Maximum size for audit data passed from the audit system call
37  * This value is arbitrary, so offers of better numbers are invited.
38  */
39 
40 #define AUP_USER	(0x8000)
41 #define MAXAUDITDATA	(AUP_USER - 1)
42 #define AUDITMAGIC	0x00070009
43 
44 /*
45  * Audit conditions, statements reguarding what's to be done with
46  * audit records.
47  */
48 #define AUC_UNSET	0	/* on/off hasn't been decided */
49 #define AUC_AUDITING	1	/* auditing is being done */
50 #define AUC_NOAUDIT	2	/* auditing is not being done */
51 #define AUC_FCHDONE	3	/* no auditing, and you never can */
52 
53 /*
54  * Minimum and maximum record type values.  Change AUR_MAXRECTYPE when
55  * adding new record types.
56  */
57 #define	AUR_MINRECTYPE		1
58 #define	AUR_MAXRECTYPE		63
59 
60 /*
61  * Audit record type codes
62  */
63 #define AUR_ACCESS		1
64 #define AUR_CHMOD		2
65 #define AUR_CHOWN		3
66 #define AUR_CREAT		4
67 #define AUR_FCHMOD		5
68 #define AUR_FCHOWN		6
69 #define AUR_FTRUNCATE		7
70 #define AUR_LINK		8
71 #define AUR_MKDIR		9
72 #define AUR_MKNOD		10
73 #define AUR_OPEN		11
74 #define AUR_RMDIR		12
75 #define AUR_RENAME		13
76 #define AUR_STAT		14
77 #define AUR_SYMLINK		15
78 #define AUR_TRUNCATE		16
79 #define AUR_UNLINK		17
80 #define AUR_UTIMES		18
81 #define AUR_EXECV		19
82 #define AUR_MSGCONV		20
83 #define AUR_MSGCTL		21
84 #define AUR_MSGGET		22
85 #define AUR_MSGRCV		23
86 #define AUR_MSGSND		24
87 #define AUR_SEMCTL		25
88 #define AUR_SEMGET		26
89 #define AUR_SEMOP		27
90 #define AUR_SHMAT		28
91 #define AUR_SHMCTL		29
92 #define AUR_SHMDT		30
93 #define AUR_SHMGET		31
94 #define AUR_SOCKET		32
95 #define AUR_PTRACE		33
96 #define AUR_KILL		34
97 #define AUR_KILLPG		35
98 #define AUR_EXECVE		36
99 #define AUR_CORE		37
100 #define AUR_ADJTIME		38
101 #define AUR_SETTIMEOFDAY	39
102 #define AUR_SETHOSTNAME		40
103 #define AUR_SETDOMAINNAME	41
104 #define AUR_REBOOT		42
105 #define AUR_REBOOTFAIL		43
106 #define AUR_SYSACCT		44
107 #define AUR_MOUNT_UFS		45
108 #define AUR_MOUNT_NFS		46
109 #define AUR_MOUNT		47
110 #define AUR_UNMOUNT		48
111 #define AUR_READLINK		49
112 #define AUR_QUOTA_ON		50
113 #define AUR_QUOTA_OFF		51
114 #define AUR_QUOTA_SET		52
115 #define AUR_QUOTA_LIM		53
116 #define AUR_QUOTA_SYNC		54
117 #define AUR_QUOTA		55
118 #define AUR_STATFS		56
119 #define AUR_CHROOT		57
120 #define AUR_TEXT		58
121 #define AUR_CHDIR		59
122 #define AUR_MSGCTLRMID		60
123 #define AUR_SEMCTL3		61
124 #define AUR_SEMCTLALL		62
125 #define AUR_SHMCTLRMID		63
126 
127 #define AUR_TRAILER		1000
128 
129 /*
130  * The classes of audit events
131  */
132 #define AU_DREAD	0x00000001
133 #define AU_DWRITE	0x00000002
134 #define AU_DACCESS	0x00000004
135 #define AU_DCREATE	0x00000008
136 #define AU_LOGIN	0x00000010
137 #define AU_SREAD	0x00000020
138 #define AU_SCTL		0x00000040
139 #define AU_MINPRIV	0x00000080
140 #define AU_MAJPRIV	0x00000100
141 #define AU_ADMIN	0x00000200
142 #define AU_ASSIGN	0x00000400
143 
144 /*
145  * Success and failure are defined here because not everyone agrees on
146  * which values rate success and which failure.
147  */
148 #define AU_EITHER	-1
149 #define AU_SUCCESS	0
150 #define AU_FAILURE	1
151 
152 /*
153  * The user id -2(0xfffe) is never audited - in fact, a setauid(AU_NOAUDITID)
154  * will turn off auditing.
155  */
156 #define AU_NOAUDITID	-2
157 
158 /*
159  * The sturcture of the audit state
160  */
161 struct audit_state {
162 	unsigned int	as_success;	/* success bits */
163 	unsigned int	as_failure;	/* failure bits */
164 };
165 typedef struct audit_state audit_state_t;
166 
167 /*
168  * The audit file header structure.
169  * In the file it will be followed by a path name, the length of which is
170  * kept in the ah_namelen field.
171  */
172 struct audit_header {
173 	int	ah_magic;	/* magic number */
174 	time_t	ah_time;	/* the time */
175 	short	ah_namelen;	/* length of file name */
176 };
177 typedef struct audit_header audit_header_t;
178 
179 /*
180  * The audit file trailer record structure.
181  * In the file it will be followed by a path name, the length of which is
182  * kept in the at_namelen field.
183  */
184 struct audit_trailer {
185 	short	at_record_size;		/* size of this */
186 	short	at_record_type;		/* its type, a trailer */
187 	time_t	at_time;		/* the time */
188 	short	at_namelen;		/* length of file name */
189 };
190 typedef struct audit_trailer audit_trailer_t;
191 
192 /*
193  * The audit file record structure.
194  * au_record_size is the size of the entire record.
195  * au_param_count is the number of data items which follow the record.
196  * There is a short ( 16 bit ) length for each of the following
197  * parameters, then the parameters themselves. There is no way to know
198  * what the parameters are from the data, unless the au_record_type
199  * is understood.
200  * The first parameter is the group list, hence au_param_count will
201  * always be at least one.
202  */
203 struct audit_record {
204 	short		au_record_size;		/* size of this */
205 	short		au_record_type;		/* its type */
206 	unsigned int	au_event;		/* the event */
207 	time_t		au_time;		/* the time */
208 	uid_t		au_uid;			/* real uid */
209 	uid_t		au_auid;		/* audit uid */
210 	uid_t		au_euid;		/* effective */
211 	gid_t		au_gid;			/* real group */
212 	short		au_pid;			/* process id */
213 	int		au_errno;		/* error code */
214 	int		au_return;		/* a return value */
215 	blabel_t	au_label;		/* also ... */
216 	short		au_param_count;		/* # of parameters */
217 };
218 typedef struct audit_record audit_record_t;
219 
220 /*
221  * This structure controls a buffer for generating full pathnames
222  * for filenames.
223  */
224 struct au_path_s {
225 	u_int		ap_size;		/* Size of buffer	     */
226 	caddr_t		ap_buf;			/* Address of buffer	     */
227 	caddr_t		ap_ptr;			/* Current position	     */
228 };
229 typedef struct au_path_s au_path_t;
230 
231 #define AU_ALIGN(x)	(((x) + 1) & ~1)
232 
233 #endif /*!_sys_audit_h*/
234