summaryrefslogtreecommitdiffstats
path: root/contrib/openbsm/bsm/audit_record.h
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/openbsm/bsm/audit_record.h')
-rw-r--r--contrib/openbsm/bsm/audit_record.h27
1 files changed, 21 insertions, 6 deletions
diff --git a/contrib/openbsm/bsm/audit_record.h b/contrib/openbsm/bsm/audit_record.h
index f9c0288..79d13c3 100644
--- a/contrib/openbsm/bsm/audit_record.h
+++ b/contrib/openbsm/bsm/audit_record.h
@@ -30,7 +30,7 @@
*
* @APPLE_BSD_LICENSE_HEADER_END@
*
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#19 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#23 $
*/
#ifndef _BSM_AUDIT_RECORD_H_
@@ -184,7 +184,7 @@
#define AUR_CHAR AUR_BYTE
#define AUR_SHORT 1
#define AUR_INT32 2
-#define AUR_INT AUR_INT
+#define AUR_INT AUR_INT32
#define AUR_INT64 3
/* ... and their sizes */
@@ -199,9 +199,19 @@
#define PAD_NOTATTR 0x4000 /* nonattributable event */
#define PAD_FAILURE 0x8000 /* fail audit event */
+#define AUDIT_MAX_GROUPS 16
-#define BSM_MAX_GROUPS 16
-#define HEADER_VERSION 1
+/*
+ * A number of BSM versions are floating around and defined. Here are
+ * constants for them. OpenBSM uses the same token types, etc, used in the
+ * Solaris BSM version, but has a separate version number in order to
+ * identify a potentially different event identifier name space.
+ */
+#define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */
+#define AUDIT_HEADER_VERSION_SOLARIS 2
+#define AUDIT_HEADER_VERSION_TSOL25 3
+#define AUDIT_HEADER_VERSION_TSOL 4
+#define AUDIT_HEADER_VERSION_OPENBSM 10
/*
* BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we
@@ -308,8 +318,13 @@ token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
-token_t *au_to_exec_args(const char **);
-token_t *au_to_exec_env(const char **);
+#if defined(_KERNEL) || defined(KERNEL)
+token_t *au_to_exec_args(char *args, int argc);
+token_t *au_to_exec_env(char *envs, int envc);
+#else
+token_t *au_to_exec_args(char **argv);
+token_t *au_to_exec_env(char **envp);
+#endif
token_t *au_to_text(char *text);
token_t *au_to_kevent(struct kevent *kev);
token_t *au_to_trailer(int rec_size);
OpenPOWER on IntegriCloud