From df5afa4fcd9725380f94ca6476248d4cc24f889a Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Sun, 29 Nov 2015 08:22:13 -0800 Subject: v2.4.4 audit sources Change-Id: I9315a7408817db51edf084fb4d27fbb492785084 Signed-off-by: Ashlee Young --- framework/src/audit/auparse/internal.h | 86 ++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 framework/src/audit/auparse/internal.h (limited to 'framework/src/audit/auparse/internal.h') diff --git a/framework/src/audit/auparse/internal.h b/framework/src/audit/auparse/internal.h new file mode 100644 index 00000000..56c0bf9f --- /dev/null +++ b/framework/src/audit/auparse/internal.h @@ -0,0 +1,86 @@ +/* internal.h -- + * Copyright 2006-07,2013-14 Red Hat Inc., Durham, North Carolina. + * All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Authors: + * Steve Grubb + */ +#ifndef AUPARSE_INTERNAL_HEADER +#define AUPARSE_INTERNAL_HEADER + +#include "auparse-defs.h" +#include "ellist.h" +#include "auditd-config.h" +#include "data_buf.h" +#include "dso.h" +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* This is what state the parser is in */ +typedef enum { EVENT_EMPTY, EVENT_ACCUMULATING, EVENT_EMITTED } auparser_state_t; + +/* This is the name/value pair used by search tables */ +struct nv_pair { + int value; + const char *name; +}; + +struct opaque +{ + ausource_t source; // Source type + char **source_list; // Array of buffers, or array of + // file names + int list_idx; // The index into the source list + FILE *in; // If source is file, this is the fd + unsigned int line_number; // line number of current file, zero + // if invalid + char *next_buf; // The current buffer being broken down + unsigned int off; // The current offset into next_buf + char *cur_buf; // The current buffer being parsed + int line_pushed; // True if retrieve_next_line() + // returns same input + event_list_t le; // Linked list of record in same event + struct expr *expr; // Search expression or NULL + char *find_field; // Used to store field name when + // searching + austop_t search_where; // Where to put the cursors on a match + auparser_state_t parse_state; // parsing state + DataBuf databuf; // input data + + // function to call to notify user of parsing changes + void (*callback)(struct opaque *au, auparse_cb_event_t cb_event_type, void *user_data); + + void *callback_user_data; // user data supplied to callback + + // function to call when user_data is destroyed + void (*callback_user_data_destroy)(void *user_data); +}; + +// auditd-config.c +void clear_config(struct daemon_conf *config) hidden; +int load_config(struct daemon_conf *config, log_test_t lt) hidden; +void free_config(struct daemon_conf *config) hidden; + +#ifdef __cplusplus +} +#endif + +#endif + -- cgit 1.2.3-korg