Changeset View
Changeset View
Standalone View
Standalone View
sys/security/audit/audit_private.h
Show First 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | |||||
/* | /* | ||||
* Success/failure conditions for the conversion of a kernel audit record to | * Success/failure conditions for the conversion of a kernel audit record to | ||||
* BSM format. | * BSM format. | ||||
*/ | */ | ||||
#define BSM_SUCCESS 0 | #define BSM_SUCCESS 0 | ||||
#define BSM_FAILURE 1 | #define BSM_FAILURE 1 | ||||
#define BSM_NOAUDIT 2 | #define BSM_NOAUDIT 2 | ||||
/* Audit record type to differentiate between syscall and NFS record. */ | |||||
#define AUDIT_SYSCALL_RECORD 0 | |||||
#define AUDIT_NFSRPC_RECORD 1 | |||||
/* | /* | ||||
* Defines for the kernel audit record k_ar_commit field. Flags are set to | * Defines for the kernel audit record k_ar_commit field. Flags are set to | ||||
* indicate what sort of record it is, and which preselection mechanism | * indicate what sort of record it is, and which preselection mechanism | ||||
* selected it. | * selected it. | ||||
*/ | */ | ||||
#define AR_COMMIT_KERNEL 0x00000001U | #define AR_COMMIT_KERNEL 0x00000001U | ||||
#define AR_COMMIT_USER 0x00000010U | #define AR_COMMIT_USER 0x00000010U | ||||
▲ Show 20 Lines • Show All 232 Lines • ▼ Show 20 Lines | |||||
*/ | */ | ||||
struct kaudit_record { | struct kaudit_record { | ||||
struct audit_record k_ar; | struct audit_record k_ar; | ||||
u_int32_t k_ar_commit; | u_int32_t k_ar_commit; | ||||
void *k_udata; /* User data. */ | void *k_udata; /* User data. */ | ||||
u_int k_ulen; /* User data length. */ | u_int k_ulen; /* User data length. */ | ||||
struct uthread *k_uthread; /* Audited thread. */ | struct uthread *k_uthread; /* Audited thread. */ | ||||
void *k_dtaudit_state; | void *k_dtaudit_state; | ||||
int kaudit_record_type; | |||||
TAILQ_ENTRY(kaudit_record) k_q; | TAILQ_ENTRY(kaudit_record) k_q; | ||||
}; | }; | ||||
TAILQ_HEAD(kaudit_queue, kaudit_record); | TAILQ_HEAD(kaudit_queue, kaudit_record); | ||||
/* | /* | ||||
* Functions to manage the allocation, release, and commit of kernel audit | * Functions to manage the allocation, release, and commit of kernel audit | ||||
* records. | * records. | ||||
*/ | */ | ||||
void audit_abort(struct kaudit_record *ar); | void audit_abort(struct kaudit_record *ar); | ||||
void audit_commit(struct kaudit_record *ar, int error, | void audit_commit(struct kaudit_record *ar, int error, | ||||
int retval); | int retval); | ||||
struct kaudit_record *audit_new(int event, struct thread *td); | struct kaudit_record *audit_new(int event, struct thread *td); | ||||
struct kaudit_record *audit_nfs_new(int event, struct nfsrv_descript *nd); | |||||
/* | /* | ||||
* Function to update the audit_syscalls_enabled flag, whose value is affected | * Function to update the audit_syscalls_enabled flag, whose value is affected | ||||
* by configuration of the audit trail/pipe mechanism and DTrace. Call this | * by configuration of the audit trail/pipe mechanism and DTrace. Call this | ||||
* function when any of the inputs to that policy change. | * function when any of the inputs to that policy change. | ||||
*/ | */ | ||||
void audit_syscalls_enabled_update(void); | void audit_syscalls_enabled_update(void); | ||||
▲ Show 20 Lines • Show All 159 Lines • Show Last 20 Lines |