2 * Copyright 2005,2006,2009,2013-14 Red Hat Inc., Durham, North Carolina.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Steve Grubb <sgrubb@redhat.com>
31 typedef enum { REAL_ERR, HIDE_IT } hide_t;
33 /* Internal syslog messaging */
34 void audit_msg(int priority, const char *fmt, ...)
36 __attribute__ ((format (printf, 2, 3)));
41 /* This structure is for protocol reference only. All fields are
42 packed and in network order (LSB first). */
43 struct auditd_remote_message_wrapper {
44 /* The magic number shall never have LF (0x0a) as one of its bytes. */
46 /* Bumped when the layout of this structure changes. */
47 uint8_t header_version;
48 /* The minimum support needed to understand this message type.
50 uint8_t message_version;
51 /* Upper 8 bits are generic type, see below. */
53 /* Number of bytes that follow this header Must be 0..MAX_AUDIT_MESSAGE_LENGTH. */
55 /* Copied from message to its reply. */
57 /* The message follows for LENGTH bytes. */
60 #define AUDIT_RMW_HEADER_SIZE 16
61 /* The magic number shall never have LF (0x0a) as one of its bytes. */
62 #define AUDIT_RMW_MAGIC 0xff0000feUL
64 #define AUDIT_RMW_HEADER_VERSION 0
66 /* If set, this is a reply. */
67 #define AUDIT_RMW_TYPE_REPLYMASK 0x40000000
68 /* If set, this reply indicates a fatal error of some sort. */
69 #define AUDIT_RMW_TYPE_FATALMASK 0x20000000
70 /* If set, this reply indicates success but with some warnings. */
71 #define AUDIT_RMW_TYPE_WARNMASK 0x10000000
72 /* This part of the message type is the details for the above. */
73 #define AUDIT_RMW_TYPE_DETAILMASK 0x0fffffff
75 /* Version 0 messages. */
76 #define AUDIT_RMW_TYPE_MESSAGE 0x00000000
77 #define AUDIT_RMW_TYPE_HEARTBEAT 0x00000001
78 #define AUDIT_RMW_TYPE_ACK 0x40000000
79 #define AUDIT_RMW_TYPE_ENDING 0x40000001
80 #define AUDIT_RMW_TYPE_DISKLOW 0x50000001
81 #define AUDIT_RMW_TYPE_DISKFULL 0x60000001
82 #define AUDIT_RMW_TYPE_DISKERROR 0x60000002
84 /* These next four should not be called directly. */
85 #define _AUDIT_RMW_PUTN32(header,i,v) \
86 header[i] = v & 0xff; \
87 header[i+1] = (v>>8) & 0xff; \
88 header[i+2] = (v>>16) & 0xff; \
89 header[i+3] = (v>>24) & 0xff;
90 #define _AUDIT_RMW_PUTN16(header,i,v) \
91 header[i] = v & 0xff; \
92 header[i+1] = (v>>8) & 0xff;
93 #define _AUDIT_RMW_GETN32(header,i) \
94 (((uint32_t)(header[i] & 0xFF)) | \
95 (((uint32_t)(header[i+1] & 0xFF))<<8) | \
96 (((uint32_t)(header[i+2] & 0xFF ))<<16) | \
97 (((uint32_t)(header[i+3] & 0xFF))<<24))
98 #define _AUDIT_RMW_GETN16(header,i) \
99 ((uint32_t)(header[i] & 0xFF) | ((uint32_t)(header[i+1] & 0xFF)<<8))
101 /* For these, HEADER must by of type "unsigned char *" or "unsigned
104 #define AUDIT_RMW_PACK_HEADER(header,mver,type,len,seq) \
105 _AUDIT_RMW_PUTN32 (header,0, AUDIT_RMW_MAGIC); \
106 header[4] = AUDIT_RMW_HEADER_VERSION; \
108 _AUDIT_RMW_PUTN32 (header,6, type); \
109 _AUDIT_RMW_PUTN16 (header,10, len); \
110 _AUDIT_RMW_PUTN32 (header,12, seq);
112 #define AUDIT_RMW_IS_MAGIC(header,length) \
113 (length >= 4 && _AUDIT_RMW_GETN32 (header,0) == AUDIT_RMW_MAGIC)
115 #define AUDIT_RMW_UNPACK_HEADER(header,hver,mver,type,len,seq) \
118 type = _AUDIT_RMW_GETN32 (header,6); \
119 len = _AUDIT_RMW_GETN16 (header,10); \
120 seq = _AUDIT_RMW_GETN32 (header,12);
123 extern int audit_send(int fd, int type, const void *data, unsigned int size);
125 // This is the main messaging function used internally
126 // Don't hide it, it used to be a part of the public API!
127 extern int audit_send_user_message(int fd, int type, hide_t hide_err,
128 const char *message);
131 extern int _audit_permadded;
132 extern int _audit_archadded;
133 extern int _audit_syscalladded;
134 extern unsigned int _audit_elf;
136 hidden_proto(audit_send_user_message);
137 hidden_proto(audit_add_watch_dir);
138 hidden_proto(audit_detect_machine);
139 hidden_proto(audit_request_status);
140 hidden_proto(audit_rule_syscall_data);
141 hidden_proto(audit_rule_syscallbyname_data);
142 hidden_proto(audit_set_feature);
143 hidden_proto(audit_request_features);
146 hidden_proto(audit_elf_to_machine);
147 hidden_proto(audit_machine_to_elf);
148 hidden_proto(audit_msg_type_to_name);
149 hidden_proto(audit_name_to_errno);
150 hidden_proto(audit_name_to_field);
151 hidden_proto(audit_name_to_machine);
152 hidden_proto(audit_name_to_msg_type);
153 hidden_proto(audit_name_to_syscall);
154 hidden_proto(audit_operator_to_symbol);
155 hidden_proto(audit_name_to_ftype);
158 hidden_proto(audit_get_reply);
159 hidden_proto(audit_send)
162 hidden_proto(audit_msg)
165 char *audit_strsplit_r(char *s, char **savedpp);
166 char *audit_strsplit(char *s);
167 hidden_proto(audit_strsplit_r)
168 hidden_proto(audit_strsplit)