NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>

          --- old/usr/src/lib/auditd_plugins/syslog/systoken.h
          +++ new/usr/src/lib/auditd_plugins/syslog/systoken.h

   1    1  /*
   2    2   * CDDL HEADER START
   3    3   *
   4    4   * The contents of this file are subject to the terms of the
   5    5   * Common Development and Distribution License (the "License").
   6    6   * You may not use this file except in compliance with the License.
   7    7   *
   8    8   * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9    9   * or http://www.opensolaris.org/os/licensing.
  10   10   * See the License for the specific language governing permissions
  11   11   * and limitations under the License.
  12   12   *
  13   13   * When distributing Covered Code, include this CDDL HEADER in each

  14   14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  /*
  22   22   * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23   23   * Use is subject to license terms.
       24 + *
       25 + * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  24   26   */
  25   27  
  26   28  #ifndef _SYSTOKEN_H
  27   29  #define _SYSTOKEN_H
  28   30  
  29   31  #ifdef __cplusplus
  30   32  extern "C" {
  31   33  #endif
  32   34  
  33   35  #include "sysplugin.h"

  34   36  #include <bsm/adt.h>
  35   37  
  36   38  /*
  37   39   * parse_context -- doc and cur are for XML input, chunk and
  38   40   * remaining for "plain text input, i.e., the traditiona
  39   41   * output from praudit
  40   42   */
  41   43  
  42   44  struct parse_context {
  43   45          adr_t           adr;    /* input buffer pointers */
  44   46          uint64_t        id;     /* message sequence number */
  45   47          tosyslog_t      out;    /* output data */
  46   48  };
  47   49  typedef struct parse_context parse_context_t;
  48   50  
  49   51  #define AU_TEXT_NAME    " text "
  50   52  
  51   53  #ifdef useless
  52   54  /*
  53   55   * the following *_ar_token() functions parallel the *_token()(
  54   56   * functions defined in praudit/toktable.h
  55   57   */
  56   58  
  57   59  /*
  58   60   * These tokens are the same for all versions of Solaris
  59   61   */
  60   62  
  61   63  /*
  62   64   * Control tokens
  63   65   */
  64   66  
  65   67  extern void     file_token(adr_t *, uint64_t, uint64_t);
  66   68  extern void     trailer_token(adr_t *, parse_context_t *);
  67   69  extern void     header_token(adr_t *, parse_context_t *);
  68   70  extern void     header32_ex_token(adr_t *, parse_context_t *);
  69   71  
  70   72  /*
  71   73   * Data tokens
  72   74   */
  73   75  
  74   76  extern void     arbitrary_data_token(adr_t *, parse_context_t *);
  75   77  extern void     fmri_token(adr_t *, parse_context_t *);
  76   78  extern void     s5_IPC_token(adr_t *, parse_context_t *);
  77   79  extern void     path_token(adr_t *, parse_context_t *);
  78   80  extern void     subject32_token();
  79   81  extern void     process32_token();
  80   82  extern void     return_value32_token();
  81   83  extern void     text_token(adr_t *, parse_context_t *);
  82   84  extern void     opaque_token(adr_t *, parse_context_t *);
  83   85  extern void     ip_addr_token();
  84   86  extern void     ip_token(adr_t *, parse_context_t *);
  85   87  extern void     iport_token(adr_t *, parse_context_t *);
  86   88  extern void     argument32_token();
  87   89  extern void     socket_token();
  88   90  extern void     sequence_token(adr_t *, parse_context_t *);
  89   91  
  90   92  /*
  91   93   * Modifier tokens
  92   94   */
  93   95  
  94   96  extern void     acl_token(adr_t *, parse_context_t *);
  95   97  extern void     attribute_token(adr_t *, parse_context_t *);
  96   98  extern void     s5_IPC_perm_token(adr_t *, parse_context_t *);
  97   99  extern void     group_token();
  98  100  extern void     label_token(adr_t *, parse_context_t *);
  99  101  extern void     privilege_token(adr_t *, parse_context_t *);
 100  102  extern void     useofpriv_token(adr_t *, parse_context_t *);
 101  103  extern void     secflags_token(adr_t *, parse_context_t *);
 102  104  extern void     zonename_token(adr_t *, parse_context_t *);
 103  105  extern void     liaison_token(adr_t *, parse_context_t *);
 104  106  extern void     newgroup_token(adr_t *, parse_context_t *);
 105  107  extern void     exec_args_token(adr_t *, parse_context_t *);
 106  108  extern void     exec_env_token(adr_t *, parse_context_t *);
 107  109  extern void     attribute32_token(adr_t *, parse_context_t *);
 108  110  extern void     useofauth_token(adr_t *, parse_context_t *);
 109  111  extern void     user_token(adr_t *, parse_context_t *);
 110  112  
 111  113  /*
 112  114   * X windows tokens
 113  115   */
 114  116  
 115  117  extern void     xatom_token(adr_t *, parse_context_t *);
 116  118  extern void     xselect_token(adr_t *, parse_context_t *);
 117  119  extern void     xcolormap_token(adr_t *, parse_context_t *);
 118  120  extern void     xcursor_token(adr_t *, parse_context_t *);
 119  121  extern void     xfont_token(adr_t *, parse_context_t *);
 120  122  extern void     xgc_token(adr_t *, parse_context_t *);
 121  123  extern void     xpixmap_token(adr_t *, parse_context_t *);
 122  124  extern void     xproperty_token(adr_t *, parse_context_t *);
 123  125  extern void     xwindow_token(adr_t *, parse_context_t *);
 124  126  extern void     xclient_token(adr_t *, parse_context_t *);
 125  127  
 126  128  /*
 127  129   * Command tokens
 128  130   */
 129  131  
 130  132  extern void     cmd_token(adr_t *, parse_context_t *);
 131  133  extern void     exit_token(adr_t *, parse_context_t *);
 132  134  
 133  135  /*
 134  136   * Miscellaneous tokens
 135  137   */
 136  138  
 137  139  extern void     host_token(adr_t *, parse_context_t *);
 138  140  
 139  141  /*
 140  142   * Solaris64 tokens
 141  143   */
 142  144  
 143  145  extern void     argument64_token(adr_t *, parse_context_t *);
 144  146  extern void     return64_token(adr_t *, parse_context_t *);
 145  147  extern void     attribute64_token(adr_t *, parse_context_t *);
 146  148  extern void     header64_token(adr_t *, parse_context_t *);
 147  149  extern void     subject64_token(adr_t *, parse_context_t *);
 148  150  extern void     process64_token(adr_t *, parse_context_t *);
 149  151  extern void     file64_token(adr_t *, parse_context_t *);
 150  152  
 151  153  /*
 152  154   * Extended network address tokens

 153  155   */
 154  156  
 155  157  extern void     header64_ex_token();
 156  158  extern void     subject32_ex_token();
 157  159  extern void     process32_ex_token();
 158  160  extern void     subject64_ex_token(adr_t *, parse_context_t *);
 159  161  extern void     process64_ex_token(adr_t *, parse_context_t *);
 160  162  extern void     ip_addr_ex_token(adr_t *, parse_context_t *);
 161  163  extern void     socket_ex_token(adr_t *, parse_context_t *);
 162  164  extern void     tid_token(adr_t *, parse_context_t *);
      165 +extern void     access_mask_token(parse_context_t *)
      166 +extern void     wsid_token(parse_context_t *)
 163  167  #endif
 164  168  
 165  169  #ifdef __cplusplus
 166  170  }
 167  171  #endif
 168  172  
 169  173  #endif  /* _SYSTOKEN_H */
    

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX