Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ././../../../../../../usr/include/security/libaudit.h
Real path: /usr/include/security/libaudit.h
Zurück

/*
 * Copyright (c) 2007, 2020, Oracle and/or its affiliates. All rights reserved.
 */

#ifndef	_LIBAUDIT_H
#define	_LIBAUDIT_H

#ifdef __cplusplus
extern "C" {
#endif

#include <assert.h>
#include <libnvpair.h>
#include <pcre/pcre.h>
#include <bsm/libbsm.h>

struct au_targettype {
	char		*targettype_name;	/* name of target type */
	char		*targettype_desc;	/* description of target type */
	char		*targettype_prefix;	/* ssid(7) prefix string */
};
typedef struct au_targettype au_targettype_t;

/*
 * target object is specified by either a fixed value, or via
 * the contents of a token in the audit record.  If a fixed value
 * is specified then other attributes (token/field/format/instance)
 * are n/a.
 */
struct au_target {
	char		*target_eventid;	/* audit event id */
	char		*target_typestr;	/* name of target type */
	char		*target_tokenid;	/* name of token */
	char		*target_value;		/* fixed target resource id */
	char		*target_field;		/* which part of the token */
	char		*target_format;		/* output formatting for ... */
						/* ...target resource */
	au_targettype_t	*target_typeptr;	/* ptr to target type info */
	ushort_t	target_instance;	/* instance # of token type */
};
typedef struct au_target au_target_t;

/*
 * For audit_tags(5)
 */
typedef union u_tagval {
	char		*tagval_string;
	char		*tagval_priv;
	char		*tagval_auth;
	char		*tagval_path;
	au_event_t	tagval_event;
	au_class_t	tagval_class;
} u_tagval_t;
struct au_tags_ent {
	int		at_type;
	char		*at_provider;
	char		*at_name;
	pcre		*at_pcre;	/* compiled PCRE if any */
	u_tagval_t	at_value;
};
typedef struct au_tags_ent au_tags_ent_t;
#define	at_valstr at_value.tagval_string
#define	at_priv at_value.tagval_priv
#define	at_auth at_value.tagval_auth
#define	at_path at_value.tagval_path
#define	at_event at_value.tagval_event
#define	at_class at_value.tagval_class

/* DEFINES */

/* array sizes for audit structures */

#define	AU_TAGS_NAME_MAX	50
#define	AU_TAGS_TYPE_MAX	30
#define	AU_TAGS_VALUE_MAX	72
#define	AU_TAGS_LINE_MAX	256

/*
 * Formatting flags
 */
#define	PRF_DEFAULTM	0x0000		/* Default mode */
#define	PRF_RAWM	0x0001		/* Raw mode */
#define	PRF_SHORTM	0x0002		/* Short mode */
#define	PRF_XMLM	0x0004		/* XML format */
#define	PRF_ONELINE	0x0008		/* one-line output */
#define	PRF_NOCACHE	0x0010		/* don't cache event names */
#define	PRF_NVLM	0x0020		/* nvlist mode */

/*
 * source of audit data (data_mode)
 */
#define	FILEMODE	1
#define	PIPEMODE	2
#define	BUFMODE		3

/* Audit event xml processing */
#define	AUDIT_EVENT_ELEMENT		"event"
#define	AUDIT_EVENTID_ATTR		"id"
#define	AUDIT_TARGET_ELEMENT		"target"
#define	AUDIT_TARGETOBJ_ELEM		"targetObj"
#define	AUDIT_TOKENID_ATTR		"tokenid"
#define	AUDIT_FIELD_ATTR		"field"
#define	AUDIT_FORMAT_ATTR		"format"
#define	AUDIT_INSTANCE_ATTR		"instance"
#define	AUDIT_NAME_ATTR			"name"
#define	AUDIT_TARGETTYPE_ELEM		"targetType"
#define	AUDIT_TARGETVALUE_ELEM		"targetValue"

#define	AUDIT_TARGETTYPEDATA_ELEMENT	"targetTypeData"
#define	AUDIT_TARGETTYPEDESC_ELEMENT	"targetTypeDesc"
#define	AUDIT_TARGETTYPEPREFIX_ELEMENT	"targetTypePrefix"

/* Keywords to be passed as input to get_audit_record_summary_nvl() */
#define	AU_KEYWORD_SUMMARY	"summary"
#define	AU_KEYWORD_DESC		"event_description"
#define	AU_KEYWORD_ADMHIST	"admhist"
#define	AU_KEYWORD_ADMHIST_V	"admhist_v"
#define	AU_KEYWORD_TS		"timestamp"

/* Types for audit tag entries: */
#define	AU_TAG_TYPE_UNKNOWN	0x0000		/* invalid type */
#define	AU_TAG_TYPE_CLASS	0x0001		/* class type */
#define	AU_TAG_TYPE_EVENT	0x0002		/* event type */
#define	AU_TAG_TYPE_PRIV	0x0004		/* privilege type */
#define	AU_TAG_TYPE_AUTH	0x0008		/* authorization type */
#define	AU_TAG_TYPE_PATH	0x0010		/* path type */

#define	AU_TAG_STRING_TYPES	(AU_TAG_TYPE_PRIV|\
				AU_TAG_TYPE_AUTH|\
				AU_TAG_TYPE_PATH)
typedef uint_t   au_tag_type_t;

/* dir for system audit tags */
#define	AUDITTAGSDIR		"/etc/security/audit_tags.d"

#define	AUDITTGTXML		"/usr/lib/audit/audit_target.xml"

/*
 * Functions that format audit data
 */
extern int	print_audit(const int, const char *);
extern int	print_audit_buf(char **, int *, char **, int *, const int,
		    const char *);
extern int	print_audit_nvl(char **, int *, nvlist_t **);
extern void	print_audit_xml_prolog(void);
extern void	print_audit_xml_epilog(void);
extern int	print_audit_xml_prolog_buf(char *__out_buf,
		    const int __out_buf_len);
extern int	print_audit_xml_epilog_buf(char *__out_buf,
		    const int __out_buf_len);

/* Functions related to audit tags */
extern int check_autags(char *, size_t, char *);
extern nvlist_t *list_autags(char *);
extern nvlist_t *get_matching_autag_info(void *, char *);

/* Functions for target resource */
extern nvlist_t *get_audit_target_info(void *);

/* Private APIs */
extern int getautagsnam_r(int, au_tags_ent_t **, char *, char *, boolean_t);
extern boolean_t matchautag(char *, au_tag_type_t, void *, char *);
extern int get_audit_record_summary_nvl(const char *, size_t, nvlist_t **);

extern boolean_t is_file_token(int);
extern boolean_t is_header_token(int);
extern uint32_t	get_audit_reclen(char *);

#ifdef __cplusplus
}
#endif

#endif	/* _LIBAUDIT_H */