diff options
Diffstat (limited to 'contrib/openbsm/bsm/audit_record.h')
-rw-r--r-- | contrib/openbsm/bsm/audit_record.h | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/contrib/openbsm/bsm/audit_record.h b/contrib/openbsm/bsm/audit_record.h index f9c0288..79d13c3 100644 --- a/contrib/openbsm/bsm/audit_record.h +++ b/contrib/openbsm/bsm/audit_record.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#19 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#23 $ */ #ifndef _BSM_AUDIT_RECORD_H_ @@ -184,7 +184,7 @@ #define AUR_CHAR AUR_BYTE #define AUR_SHORT 1 #define AUR_INT32 2 -#define AUR_INT AUR_INT +#define AUR_INT AUR_INT32 #define AUR_INT64 3 /* ... and their sizes */ @@ -199,9 +199,19 @@ #define PAD_NOTATTR 0x4000 /* nonattributable event */ #define PAD_FAILURE 0x8000 /* fail audit event */ +#define AUDIT_MAX_GROUPS 16 -#define BSM_MAX_GROUPS 16 -#define HEADER_VERSION 1 +/* + * A number of BSM versions are floating around and defined. Here are + * constants for them. OpenBSM uses the same token types, etc, used in the + * Solaris BSM version, but has a separate version number in order to + * identify a potentially different event identifier name space. + */ +#define AUDIT_HEADER_VERSION_OLDDARWIN 1 /* In retrospect, a mistake. */ +#define AUDIT_HEADER_VERSION_SOLARIS 2 +#define AUDIT_HEADER_VERSION_TSOL25 3 +#define AUDIT_HEADER_VERSION_TSOL 4 +#define AUDIT_HEADER_VERSION_OPENBSM 10 /* * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we @@ -308,8 +318,13 @@ token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); -token_t *au_to_exec_args(const char **); -token_t *au_to_exec_env(const char **); +#if defined(_KERNEL) || defined(KERNEL) +token_t *au_to_exec_args(char *args, int argc); +token_t *au_to_exec_env(char *envs, int envc); +#else +token_t *au_to_exec_args(char **argv); +token_t *au_to_exec_env(char **envp); +#endif token_t *au_to_text(char *text); token_t *au_to_kevent(struct kevent *kev); token_t *au_to_trailer(int rec_size); |