/*- * Copyright (c) 1999, Andrzej Bialecki * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $Id: spy.h,v 1.1 1999/11/21 19:27:55 root Exp $ */ #ifndef __SPY_H_ #define __SPY_H_ /* this structure is used to set up per-syscall options */ struct spy_ctl { char *name; u_int32_t opt; uid_t uid; gid_t gid; }; /* SPY opt */ #define SPY_NONE 0x0000 #define SPY_USER 0x0001 #define SPY_ROOT 0x0002 #define SPY_UID 0x0004 #define SPY_GID 0x0008 #define SPY_ALL (SPY_USER | SPY_ROOT) #define SPY_ARGS 0x0010 #define SPY_OTHER 0x0020 #define SPY_FULL (SPY_ARGS | SPY_OTHER) #define SPY_OPTNUM 6 char *spy_opt[]={ "user", "root", "uid", "gid", "args", "other" }; struct spy_ent { u_char inuse; /* currently is intercepted */ u_int64_t used; /* how many times it was intercepted */ u_char block; /* disable this syscall, based on opt */ u_int32_t opt; /* log level and opt */ uid_t uid; /* optional value for opt */ gid_t gid; /* optional value for opt */ struct sysent o; /* original sysent */ struct sysent n; /* new sysent */ void (*handler)(struct proc *p, void *arg, u_int32_t opt); /* handler for syscall arguments */ }; #ifdef _KERNEL /* From /sys/kern/syscalls.c */ extern char *syscallnames[]; static sy_call_t spy_dispatch; static void format_opt(char *buf, u_int *opt, uid_t *uid, gid_t *gid); static u_int parse_opt(char *buf, uid_t *uid, gid_t *gid); static int parse_sysc_opt(char *buf, u_int *opt, uid_t *uid, gid_t *gid); static void spy_execve(struct proc *p, void *arg, u_int32_t opt); static void spy_chdir(struct proc *p, void *arg, u_int32_t opt); static void spy_setuid(struct proc *p, void *arg, u_int32_t opt); static void spy_setgid(struct proc *p, void *arg, u_int32_t opt); static void spy_open(struct proc *p, void *arg, u_int32_t opt); static void spy_link(struct proc *p, void *arg, u_int32_t opt); static void spy_unlink(struct proc *p, void *arg, u_int32_t opt); static void spy_chmod(struct proc *p, void *arg, u_int32_t opt); static void spy_chown(struct proc *p, void *arg, u_int32_t opt); static void spy_mount(struct proc *p, void *arg, u_int32_t opt); static void start_spy(u_int64_t); static void stop_spy(u_int64_t); static void sysc_disable(u_int64_t); static void sysc_enable(u_int64_t); #endif #endif