4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #ifndef _BSM_AUDIT_RECORD_H
27 #define _BSM_AUDIT_RECORD_H
28
29
30 #ifdef _KERNEL
31 #include <sys/priv.h>
32 #else
33 #include <priv.h>
34 #endif
35 #include <sys/socket.h>
36 #include <sys/acl.h>
37
38 #include <sys/tsol/label.h>
39
40 #ifdef __cplusplus
41 extern "C" {
42 #endif
43
44 /*
45 * Version of audit attributes
46 *
47 * OS Release Version Number Comments
48 * ========== ============== ========
49 * SunOS 5.1 2 Unbundled Package
50 * SunOS 5.3 2 Bundled into the base OS
51 * SunOS 5.4-5.x 2
52 * Trusted Solaris 2.5 3 To distinguish potential new tokens
53 * Trusted Solaris 7-8 4 Redefine X tokens that overlap with
54 * SunOS 5.7
55 */
56
172 #define AUT_ARG64 ((char)0x71)
173 #define AUT_RETURN64 ((char)0x72)
174 #define AUT_ATTR64 ((char)0x73)
175 #define AUT_HEADER64 ((char)0x74)
176 #define AUT_SUBJECT64 ((char)0x75)
177 #define AUT_PROCESS64 ((char)0x77)
178 #define AUT_OTHER_FILE64 ((char)0x78)
179
180 /*
181 * Extended network address token types
182 */
183
184 #define AUT_HEADER64_EX ((char)0x79)
185 #define AUT_SUBJECT32_EX ((char)0x7a)
186 #define AUT_PROCESS32_EX ((char)0x7b)
187 #define AUT_SUBJECT64_EX ((char)0x7c)
188 #define AUT_PROCESS64_EX ((char)0x7d)
189 #define AUT_IN_ADDR_EX ((char)0x7e)
190 #define AUT_SOCKET_EX ((char)0x7f)
191
192
193 /*
194 * Audit print suggestion types.
195 */
196
197 #define AUP_BINARY ((char)0)
198 #define AUP_OCTAL ((char)1)
199 #define AUP_DECIMAL ((char)2)
200 #define AUP_HEX ((char)3)
201 #define AUP_STRING ((char)4)
202
203 /*
204 * Audit data member types.
205 */
206
207 #define AUR_BYTE ((char)0)
208 #define AUR_CHAR ((char)0)
209 #define AUR_SHORT ((char)1)
210 #define AUR_INT ((char)2)
211 #define AUR_INT32 ((char)2)
249 #define AU_DONTBLOCK 0x2 /* Don't block or discard if queue full */
250 #define AU_DEFER 0x4 /* Defer record queueing to syscall end */
251
252 /*
253 * Audit token type is really an au_membuf pointer
254 */
255 typedef au_buff_t token_t;
256 /*
257 * token generation functions
258 */
259 token_t *au_append_token(token_t *, token_t *);
260 token_t *au_set(caddr_t, uint_t);
261
262 void au_free_rec(au_buff_t *);
263
264 #define au_getclr() ((token_t *)au_get_buff())
265 #define au_toss_token(tok) (au_free_rec((au_buff_t *)(tok)))
266
267 token_t *au_to_acl();
268 token_t *au_to_ace();
269 token_t *au_to_attr(struct vattr *);
270 token_t *au_to_data(char, char, char, char *);
271 token_t *au_to_header(int, au_event_t, au_emod_t);
272 token_t *au_to_header_ex(int, au_event_t, au_emod_t);
273 token_t *au_to_ipc(char, int);
274 token_t *au_to_ipc_perm(kipc_perm_t *);
275 token_t *au_to_iport(ushort_t);
276 token_t *au_to_in_addr(struct in_addr *);
277 token_t *au_to_in_addr_ex(int32_t *);
278 token_t *au_to_ip(struct ip *);
279 token_t *au_to_groups(const gid_t *, uint_t);
280 token_t *au_to_path(struct audit_path *);
281 token_t *au_to_seq();
282 token_t *au_to_process(uid_t, gid_t, uid_t, gid_t, pid_t,
283 au_id_t, au_asid_t, const au_tid_addr_t *);
284 token_t *au_to_subject(uid_t, gid_t, uid_t, gid_t, pid_t,
285 au_id_t, au_asid_t, const au_tid_addr_t *);
286 token_t *au_to_return32(int, int32_t);
287 token_t *au_to_return64(int, int64_t);
288 token_t *au_to_text(const char *);
289 /* token_t *au_to_tid(au_generic_tid_t *); no kernel implementation */
290 token_t *au_to_trailer(int);
291 token_t *au_to_uauth(char *);
292 size_t au_zonename_length(zone_t *);
293 token_t *au_to_zonename(size_t, zone_t *);
294 token_t *au_to_arg32(char, char *, uint32_t);
295 token_t *au_to_arg64(char, char *, uint64_t);
296 token_t *au_to_socket_ex(short, short, char *, char *);
297 token_t *au_to_sock_inet(struct sockaddr_in *);
298 token_t *au_to_exec_args(const char *, ssize_t);
299 token_t *au_to_exec_env(const char *, ssize_t);
300 token_t *au_to_label(bslabel_t *);
|
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
26 */
27
28 #ifndef _BSM_AUDIT_RECORD_H
29 #define _BSM_AUDIT_RECORD_H
30
31
32 #ifdef _KERNEL
33 #include <sys/priv.h>
34 #else
35 #include <priv.h>
36 #endif
37 #include <sys/socket.h>
38 #include <sys/acl.h>
39 #include <sys/sid.h>
40
41 #include <sys/tsol/label.h>
42
43 #ifdef __cplusplus
44 extern "C" {
45 #endif
46
47 /*
48 * Version of audit attributes
49 *
50 * OS Release Version Number Comments
51 * ========== ============== ========
52 * SunOS 5.1 2 Unbundled Package
53 * SunOS 5.3 2 Bundled into the base OS
54 * SunOS 5.4-5.x 2
55 * Trusted Solaris 2.5 3 To distinguish potential new tokens
56 * Trusted Solaris 7-8 4 Redefine X tokens that overlap with
57 * SunOS 5.7
58 */
59
175 #define AUT_ARG64 ((char)0x71)
176 #define AUT_RETURN64 ((char)0x72)
177 #define AUT_ATTR64 ((char)0x73)
178 #define AUT_HEADER64 ((char)0x74)
179 #define AUT_SUBJECT64 ((char)0x75)
180 #define AUT_PROCESS64 ((char)0x77)
181 #define AUT_OTHER_FILE64 ((char)0x78)
182
183 /*
184 * Extended network address token types
185 */
186
187 #define AUT_HEADER64_EX ((char)0x79)
188 #define AUT_SUBJECT32_EX ((char)0x7a)
189 #define AUT_PROCESS32_EX ((char)0x7b)
190 #define AUT_SUBJECT64_EX ((char)0x7c)
191 #define AUT_PROCESS64_EX ((char)0x7d)
192 #define AUT_IN_ADDR_EX ((char)0x7e)
193 #define AUT_SOCKET_EX ((char)0x7f)
194
195 /*
196 * Can't do >= 0x80 because these are chars. 0x16/0x17 seem to be free here,
197 * but who knows if they have historical uses
198 */
199 #define AUT_ACCESS_MASK ((char)0x16)
200 #define AUT_WSID ((char)0x17)
201
202 /*
203 * Audit print suggestion types.
204 */
205
206 #define AUP_BINARY ((char)0)
207 #define AUP_OCTAL ((char)1)
208 #define AUP_DECIMAL ((char)2)
209 #define AUP_HEX ((char)3)
210 #define AUP_STRING ((char)4)
211
212 /*
213 * Audit data member types.
214 */
215
216 #define AUR_BYTE ((char)0)
217 #define AUR_CHAR ((char)0)
218 #define AUR_SHORT ((char)1)
219 #define AUR_INT ((char)2)
220 #define AUR_INT32 ((char)2)
258 #define AU_DONTBLOCK 0x2 /* Don't block or discard if queue full */
259 #define AU_DEFER 0x4 /* Defer record queueing to syscall end */
260
261 /*
262 * Audit token type is really an au_membuf pointer
263 */
264 typedef au_buff_t token_t;
265 /*
266 * token generation functions
267 */
268 token_t *au_append_token(token_t *, token_t *);
269 token_t *au_set(caddr_t, uint_t);
270
271 void au_free_rec(au_buff_t *);
272
273 #define au_getclr() ((token_t *)au_get_buff())
274 #define au_toss_token(tok) (au_free_rec((au_buff_t *)(tok)))
275
276 token_t *au_to_acl();
277 token_t *au_to_ace();
278 token_t *au_to_access_mask(uint32_t);
279 token_t *au_to_wsid(ksid_t *);
280 token_t *au_to_attr(struct vattr *);
281 token_t *au_to_data(char, char, char, char *);
282 token_t *au_to_header(int, au_event_t, au_emod_t);
283 token_t *au_to_header_ex(int, au_event_t, au_emod_t);
284 token_t *au_to_ipc(char, int);
285 token_t *au_to_ipc_perm(kipc_perm_t *);
286 token_t *au_to_iport(ushort_t);
287 token_t *au_to_in_addr(struct in_addr *);
288 token_t *au_to_in_addr_ex(int32_t *);
289 token_t *au_to_ip(struct ip *);
290 token_t *au_to_groups(const gid_t *, uint_t);
291 token_t *au_to_path(struct audit_path *);
292 token_t *au_to_path_string(const char *);
293 token_t *au_to_seq();
294 token_t *au_to_process(uid_t, gid_t, uid_t, gid_t, pid_t,
295 au_id_t, au_asid_t, const au_tid_addr_t *);
296 token_t *au_to_subject(uid_t, gid_t, uid_t, gid_t, pid_t,
297 au_id_t, au_asid_t, const au_tid_addr_t *);
298 token_t *au_to_return32(int, int32_t);
299 token_t *au_to_return64(int, int64_t);
300 token_t *au_to_text(const char *);
301 /* token_t *au_to_tid(au_generic_tid_t *); no kernel implementation */
302 token_t *au_to_trailer(int);
303 token_t *au_to_uauth(char *);
304 size_t au_zonename_length(zone_t *);
305 token_t *au_to_zonename(size_t, zone_t *);
306 token_t *au_to_arg32(char, char *, uint32_t);
307 token_t *au_to_arg64(char, char *, uint64_t);
308 token_t *au_to_socket_ex(short, short, char *, char *);
309 token_t *au_to_sock_inet(struct sockaddr_in *);
310 token_t *au_to_exec_args(const char *, ssize_t);
311 token_t *au_to_exec_env(const char *, ssize_t);
312 token_t *au_to_label(bslabel_t *);
|