1*42e22086SApple OSS Distributions /*- 2*42e22086SApple OSS Distributions * Copyright (c) 2005-2008 Apple Inc. 3*42e22086SApple OSS Distributions * Copyright (c) 2005 SPARTA, Inc. 4*42e22086SApple OSS Distributions * All rights reserved. 5*42e22086SApple OSS Distributions * 6*42e22086SApple OSS Distributions * This code was developed in part by Robert N. M. Watson, Senior Principal 7*42e22086SApple OSS Distributions * Scientist, SPARTA, Inc. 8*42e22086SApple OSS Distributions * 9*42e22086SApple OSS Distributions * Redistribution and use in source and binary forms, with or without 10*42e22086SApple OSS Distributions * modification, are permitted provided that the following conditions 11*42e22086SApple OSS Distributions * are met: 12*42e22086SApple OSS Distributions * 13*42e22086SApple OSS Distributions * 1. Redistributions of source code must retain the above copyright 14*42e22086SApple OSS Distributions * notice, this list of conditions and the following disclaimer. 15*42e22086SApple OSS Distributions * 2. Redistributions in binary form must reproduce the above copyright 16*42e22086SApple OSS Distributions * notice, this list of conditions and the following disclaimer in the 17*42e22086SApple OSS Distributions * documentation and/or other materials provided with the distribution. 18*42e22086SApple OSS Distributions * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of 19*42e22086SApple OSS Distributions * its contributors may be used to endorse or promote products derived 20*42e22086SApple OSS Distributions * from this software without specific prior written permission. 21*42e22086SApple OSS Distributions * 22*42e22086SApple OSS Distributions * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 23*42e22086SApple OSS Distributions * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 24*42e22086SApple OSS Distributions * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 25*42e22086SApple OSS Distributions * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 26*42e22086SApple OSS Distributions * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 27*42e22086SApple OSS Distributions * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28*42e22086SApple OSS Distributions * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 29*42e22086SApple OSS Distributions * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30*42e22086SApple OSS Distributions * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31*42e22086SApple OSS Distributions * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32*42e22086SApple OSS Distributions * 33*42e22086SApple OSS Distributions * $P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_internal.h#5 $ 34*42e22086SApple OSS Distributions */ 35*42e22086SApple OSS Distributions 36*42e22086SApple OSS Distributions #ifndef _AUDIT_INTERNAL_H 37*42e22086SApple OSS Distributions #define _AUDIT_INTERNAL_H 38*42e22086SApple OSS Distributions 39*42e22086SApple OSS Distributions #if defined(__linux__) && !defined(__unused) 40*42e22086SApple OSS Distributions #define __unused 41*42e22086SApple OSS Distributions #endif 42*42e22086SApple OSS Distributions 43*42e22086SApple OSS Distributions #include <stddef.h> 44*42e22086SApple OSS Distributions #include <sys/queue.h> 45*42e22086SApple OSS Distributions #include <sys/types.h> 46*42e22086SApple OSS Distributions 47*42e22086SApple OSS Distributions /* 48*42e22086SApple OSS Distributions * audit_internal.h contains private interfaces that are shared by user space 49*42e22086SApple OSS Distributions * and the kernel for the purposes of assembling audit records. Applications 50*42e22086SApple OSS Distributions * should not include this file or use the APIs found within, or it may be 51*42e22086SApple OSS Distributions * broken with future releases of OpenBSM, which may delete, modify, or 52*42e22086SApple OSS Distributions * otherwise break these interfaces or the assumptions they rely on. 53*42e22086SApple OSS Distributions */ 54*42e22086SApple OSS Distributions struct au_token { 55*42e22086SApple OSS Distributions u_char *t_data; 56*42e22086SApple OSS Distributions size_t len; 57*42e22086SApple OSS Distributions TAILQ_ENTRY(au_token) tokens; 58*42e22086SApple OSS Distributions }; 59*42e22086SApple OSS Distributions 60*42e22086SApple OSS Distributions struct au_record { 61*42e22086SApple OSS Distributions char used; /* Record currently in use? */ 62*42e22086SApple OSS Distributions int desc; /* Descriptor for record. */ 63*42e22086SApple OSS Distributions TAILQ_HEAD(, au_token) token_q; /* Queue of BSM tokens. */ 64*42e22086SApple OSS Distributions u_char *data; 65*42e22086SApple OSS Distributions size_t len; 66*42e22086SApple OSS Distributions LIST_ENTRY(au_record) au_rec_q; 67*42e22086SApple OSS Distributions }; 68*42e22086SApple OSS Distributions typedef struct au_record au_record_t; 69*42e22086SApple OSS Distributions 70*42e22086SApple OSS Distributions 71*42e22086SApple OSS Distributions /* 72*42e22086SApple OSS Distributions * We could determined the header and trailer sizes by defining appropriate 73*42e22086SApple OSS Distributions * structures. We hold off that approach until we have a consistent way of 74*42e22086SApple OSS Distributions * using structures for all tokens. This is not straightforward since these 75*42e22086SApple OSS Distributions * token structures may contain pointers of whose contents we do not know the 76*42e22086SApple OSS Distributions * size (e.g text tokens). 77*42e22086SApple OSS Distributions */ 78*42e22086SApple OSS Distributions #define AUDIT_HEADER_EX_SIZE(a) ((a)->ai_termid.at_type+18+sizeof(u_int32_t)) 79*42e22086SApple OSS Distributions #define AUDIT_HEADER_SIZE 18 80*42e22086SApple OSS Distributions #define MAX_AUDIT_HEADER_SIZE (5*sizeof(u_int32_t)+18) 81*42e22086SApple OSS Distributions #define AUDIT_TRAILER_SIZE 7 82*42e22086SApple OSS Distributions #define MAX_AUDIT_IDENTITY_SIZE 179 83*42e22086SApple OSS Distributions 84*42e22086SApple OSS Distributions /* 85*42e22086SApple OSS Distributions * BSM token streams store fields in big endian byte order, so as to be 86*42e22086SApple OSS Distributions * portable; when encoding and decoding, we must convert byte orders for 87*42e22086SApple OSS Distributions * typed values. 88*42e22086SApple OSS Distributions */ 89*42e22086SApple OSS Distributions #define ADD_U_CHAR(loc, val) \ 90*42e22086SApple OSS Distributions do { \ 91*42e22086SApple OSS Distributions *(loc) = (val); \ 92*42e22086SApple OSS Distributions (loc) += sizeof(u_char); \ 93*42e22086SApple OSS Distributions } while(0) 94*42e22086SApple OSS Distributions 95*42e22086SApple OSS Distributions 96*42e22086SApple OSS Distributions #define ADD_U_INT16(loc, val) \ 97*42e22086SApple OSS Distributions do { \ 98*42e22086SApple OSS Distributions be16enc((loc), (val)); \ 99*42e22086SApple OSS Distributions (loc) += sizeof(u_int16_t); \ 100*42e22086SApple OSS Distributions } while(0) 101*42e22086SApple OSS Distributions 102*42e22086SApple OSS Distributions #define ADD_U_INT32(loc, val) \ 103*42e22086SApple OSS Distributions do { \ 104*42e22086SApple OSS Distributions be32enc((loc), (val)); \ 105*42e22086SApple OSS Distributions (loc) += sizeof(u_int32_t); \ 106*42e22086SApple OSS Distributions } while(0) 107*42e22086SApple OSS Distributions 108*42e22086SApple OSS Distributions #define ADD_U_INT64(loc, val) \ 109*42e22086SApple OSS Distributions do { \ 110*42e22086SApple OSS Distributions be64enc((loc), (val)); \ 111*42e22086SApple OSS Distributions (loc) += sizeof(u_int64_t); \ 112*42e22086SApple OSS Distributions } while(0) 113*42e22086SApple OSS Distributions 114*42e22086SApple OSS Distributions #define ADD_MEM(loc, data, size) \ 115*42e22086SApple OSS Distributions do { \ 116*42e22086SApple OSS Distributions memcpy((loc), (data), (size)); \ 117*42e22086SApple OSS Distributions (loc) += size; \ 118*42e22086SApple OSS Distributions } while(0) 119*42e22086SApple OSS Distributions 120*42e22086SApple OSS Distributions #define ADD_STRING(loc, data, size) ADD_MEM(loc, data, size) 121*42e22086SApple OSS Distributions 122*42e22086SApple OSS Distributions #endif /* !_AUDIT_INTERNAL_H_ */ 123