8354 sync regcomp(3C) with upstream (fix make catalog)
[unleashed/tickless.git] / usr / src / lib / libbc / inc / include / sys / audit.h
bloba3ba237f20a37cc100016222011d0f357e3e67a7
1 /*
2 * CDDL HEADER START
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
20 * CDDL HEADER END
23 * Copyright 1988 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
27 #pragma ident "%Z%%M% %I% %E% SMI"
29 * Audit trail structures;
32 #ifndef _sys_audit_h
33 #define _sys_audit_h
36 * Maximum size for audit data passed from the audit system call
37 * This value is arbitrary, so offers of better numbers are invited.
40 #define AUP_USER (0x8000)
41 #define MAXAUDITDATA (AUP_USER - 1)
42 #define AUDITMAGIC 0x00070009
45 * Audit conditions, statements reguarding what's to be done with
46 * audit records.
48 #define AUC_UNSET 0 /* on/off hasn't been decided */
49 #define AUC_AUDITING 1 /* auditing is being done */
50 #define AUC_NOAUDIT 2 /* auditing is not being done */
51 #define AUC_FCHDONE 3 /* no auditing, and you never can */
54 * Minimum and maximum record type values. Change AUR_MAXRECTYPE when
55 * adding new record types.
57 #define AUR_MINRECTYPE 1
58 #define AUR_MAXRECTYPE 63
61 * Audit record type codes
63 #define AUR_ACCESS 1
64 #define AUR_CHMOD 2
65 #define AUR_CHOWN 3
66 #define AUR_CREAT 4
67 #define AUR_FCHMOD 5
68 #define AUR_FCHOWN 6
69 #define AUR_FTRUNCATE 7
70 #define AUR_LINK 8
71 #define AUR_MKDIR 9
72 #define AUR_MKNOD 10
73 #define AUR_OPEN 11
74 #define AUR_RMDIR 12
75 #define AUR_RENAME 13
76 #define AUR_STAT 14
77 #define AUR_SYMLINK 15
78 #define AUR_TRUNCATE 16
79 #define AUR_UNLINK 17
80 #define AUR_UTIMES 18
81 #define AUR_EXECV 19
82 #define AUR_MSGCONV 20
83 #define AUR_MSGCTL 21
84 #define AUR_MSGGET 22
85 #define AUR_MSGRCV 23
86 #define AUR_MSGSND 24
87 #define AUR_SEMCTL 25
88 #define AUR_SEMGET 26
89 #define AUR_SEMOP 27
90 #define AUR_SHMAT 28
91 #define AUR_SHMCTL 29
92 #define AUR_SHMDT 30
93 #define AUR_SHMGET 31
94 #define AUR_SOCKET 32
95 #define AUR_PTRACE 33
96 #define AUR_KILL 34
97 #define AUR_KILLPG 35
98 #define AUR_EXECVE 36
99 #define AUR_CORE 37
100 #define AUR_ADJTIME 38
101 #define AUR_SETTIMEOFDAY 39
102 #define AUR_SETHOSTNAME 40
103 #define AUR_SETDOMAINNAME 41
104 #define AUR_REBOOT 42
105 #define AUR_REBOOTFAIL 43
106 #define AUR_SYSACCT 44
107 #define AUR_MOUNT_UFS 45
108 #define AUR_MOUNT_NFS 46
109 #define AUR_MOUNT 47
110 #define AUR_UNMOUNT 48
111 #define AUR_READLINK 49
112 #define AUR_QUOTA_ON 50
113 #define AUR_QUOTA_OFF 51
114 #define AUR_QUOTA_SET 52
115 #define AUR_QUOTA_LIM 53
116 #define AUR_QUOTA_SYNC 54
117 #define AUR_QUOTA 55
118 #define AUR_STATFS 56
119 #define AUR_CHROOT 57
120 #define AUR_TEXT 58
121 #define AUR_CHDIR 59
122 #define AUR_MSGCTLRMID 60
123 #define AUR_SEMCTL3 61
124 #define AUR_SEMCTLALL 62
125 #define AUR_SHMCTLRMID 63
127 #define AUR_TRAILER 1000
130 * The classes of audit events
132 #define AU_DREAD 0x00000001
133 #define AU_DWRITE 0x00000002
134 #define AU_DACCESS 0x00000004
135 #define AU_DCREATE 0x00000008
136 #define AU_LOGIN 0x00000010
137 #define AU_SREAD 0x00000020
138 #define AU_SCTL 0x00000040
139 #define AU_MINPRIV 0x00000080
140 #define AU_MAJPRIV 0x00000100
141 #define AU_ADMIN 0x00000200
142 #define AU_ASSIGN 0x00000400
145 * Success and failure are defined here because not everyone agrees on
146 * which values rate success and which failure.
148 #define AU_EITHER -1
149 #define AU_SUCCESS 0
150 #define AU_FAILURE 1
153 * The user id -2(0xfffe) is never audited - in fact, a setauid(AU_NOAUDITID)
154 * will turn off auditing.
156 #define AU_NOAUDITID -2
159 * The sturcture of the audit state
161 struct audit_state {
162 unsigned int as_success; /* success bits */
163 unsigned int as_failure; /* failure bits */
165 typedef struct audit_state audit_state_t;
168 * The audit file header structure.
169 * In the file it will be followed by a path name, the length of which is
170 * kept in the ah_namelen field.
172 struct audit_header {
173 int ah_magic; /* magic number */
174 time_t ah_time; /* the time */
175 short ah_namelen; /* length of file name */
177 typedef struct audit_header audit_header_t;
180 * The audit file trailer record structure.
181 * In the file it will be followed by a path name, the length of which is
182 * kept in the at_namelen field.
184 struct audit_trailer {
185 short at_record_size; /* size of this */
186 short at_record_type; /* its type, a trailer */
187 time_t at_time; /* the time */
188 short at_namelen; /* length of file name */
190 typedef struct audit_trailer audit_trailer_t;
193 * The audit file record structure.
194 * au_record_size is the size of the entire record.
195 * au_param_count is the number of data items which follow the record.
196 * There is a short ( 16 bit ) length for each of the following
197 * parameters, then the parameters themselves. There is no way to know
198 * what the parameters are from the data, unless the au_record_type
199 * is understood.
200 * The first parameter is the group list, hence au_param_count will
201 * always be at least one.
203 struct audit_record {
204 short au_record_size; /* size of this */
205 short au_record_type; /* its type */
206 unsigned int au_event; /* the event */
207 time_t au_time; /* the time */
208 uid_t au_uid; /* real uid */
209 uid_t au_auid; /* audit uid */
210 uid_t au_euid; /* effective */
211 gid_t au_gid; /* real group */
212 short au_pid; /* process id */
213 int au_errno; /* error code */
214 int au_return; /* a return value */
215 blabel_t au_label; /* also ... */
216 short au_param_count; /* # of parameters */
218 typedef struct audit_record audit_record_t;
221 * This structure controls a buffer for generating full pathnames
222 * for filenames.
224 struct au_path_s {
225 u_int ap_size; /* Size of buffer */
226 caddr_t ap_buf; /* Address of buffer */
227 caddr_t ap_ptr; /* Current position */
229 typedef struct au_path_s au_path_t;
231 #define AU_ALIGN(x) (((x) + 1) & ~1)
233 #endif /*!_sys_audit_h*/