/* <nsarecdef.h>
 *
 *	Security auditing record definitions
 */
#ifndef _NSARECDEF_H
#define _NSARECDEF_H

#define NSA$C_REC_MAXLENGTH	1024	/* maximum record size */
#define NSA$K_REC_MAXLENGTH	1024
#define NSA$S_REC_MAXLENGTH	1024
/* audit record type definitions */
#define NSA$K_RECTYP_FIL	1	/* file access */
#define NSA$K_RECTYP_SYSUAF	2	/* system UAF */
#define NSA$K_RECTYP_NETUAF	3	/* network UAF */
#define NSA$K_RECTYP_LOGB	4	/* login breakin detection */
#define NSA$K_RECTYP_LOGI	5	/* successful login */
#define NSA$K_RECTYP_LOGF	6	/* login failure */
#define NSA$K_RECTYP_LOGO	7	/* logout */
#define NSA$K_RECTYP_VOL	8	/* volume operations */
#define NSA$K_RECTYP_GBL	9	/* global section access */
#define NSA$K_RECTYP_INSTAL	10	/* INSTALL operations */
#define NSA$K_RECTYP_RIGHTS	11	/* rights database operations */
#define NSA$K_RECTYP_AUDIT	12	/* SET AUDIT operations */
#define NSA$K_RECTYPNUM		12
/* audit record subtype and id definitions */
/* file access */
#define NSA$K_RECTYP_FIL_SUCC	1	/* successful file access */
#define NSA$K_RECTYP_FIL_FAIL	2	/* file access failure */
#define NSA$K_RECTYPNUM_FIL	2
#define NSA$K_RECID_FIL_SUCC	65537
#define NSA$K_RECID_FIL_FAIL	131073
/* global section access */
#define NSA$K_RECTYP_GBL_SUCC	1	/* successful Global section access */
#define NSA$K_RECTYP_GBL_FAIL	2	/* global section access failure */
#define NSA$K_RECTYPNUM_GBL	2
#define NSA$K_RECID_GBL_SUCC	65545
#define NSA$K_RECID_GBL_FAIL	131081
/* system uaf */
#define NSA$K_RECTYP_SYSUAF_ADD 1	/* system UAF record addition */
#define NSA$K_RECTYP_SYSUAF_DEL 2	/* system UAF record deletion */
#define NSA$K_RECTYP_SYSUAF_MOD 3	/* system UAF record modification */
#define NSA$K_RECTYP_SYSUAF_COP 4	/* system UAF record copied */
#define NSA$K_RECTYP_SYSUAF_REN 5	/* system UAF record renamed */
#define NSA$K_RECTYPNUM_SYSUAF	5
#define NSA$K_RECID_SYSUAF_ADD	65538
#define NSA$K_RECID_SYSUAF_DEL	131074
#define NSA$K_RECID_SYSUAF_MOD	196610
#define NSA$K_RECID_SYSUAF_COP	262146
#define NSA$K_RECID_SYSUAF_REN	327682
/* network uaf */
#define NSA$K_RECTYP_NETUAF_ADD 1	/* network UAF record addition */
#define NSA$K_RECTYP_NETUAF_DEL 2	/* network UAF record deletion */
#define NSA$K_RECTYP_NETUAF_MOD 3	/* network UAF record modification */
#define NSA$K_RECTYPNUM_NETUAF	3
#define NSA$K_RECID_NETUAF_ADD	65539
#define NSA$K_RECID_NETUAF_DEL	131075
#define NSA$K_RECID_NETUAF_MOD	196611
/* login breakin detection */
#define NSA$K_RECTYP_LOGB_DIA	1	/* dialup interactive breakin detection */
#define NSA$K_RECTYP_LOGB_LOC	2	/* local interactive breakin detection */
#define NSA$K_RECTYP_LOGB_REM	3	/* remote interactive breakin detection */
#define NSA$K_RECTYP_LOGB_NET	4	/* network breakin detection */
#define NSA$K_RECTYP_LOGB_DET	5	/* detached process breakin detection */
#define NSA$K_RECTYPNUM_LOGB	5
#define NSA$K_RECID_LOGB_DIA	65540
#define NSA$K_RECID_LOGB_LOC	131076
#define NSA$K_RECID_LOGB_REM	196612
#define NSA$K_RECID_LOGB_NET	262148
#define NSA$K_RECID_LOGB_DET	327684
/* successful login */
#define NSA$K_RECTYP_LOGI_BAT	1	/* batch process login */
#define NSA$K_RECTYP_LOGI_DIA	2	/* dialup interactive login */
#define NSA$K_RECTYP_LOGI_LOC	3	/* local interactive login */
#define NSA$K_RECTYP_LOGI_REM	4	/* remote interactive login */
#define NSA$K_RECTYP_LOGI_NET	5	/* network login */
#define NSA$K_RECTYP_LOGI_SUB	6	/* subprocess login */
#define NSA$K_RECTYP_LOGI_DET	7	/* detached process login */
#define NSA$K_RECTYPNUM_LOGI	7
#define NSA$K_RECID_LOGI_BAT	65541
#define NSA$K_RECID_LOGI_DIA	131077
#define NSA$K_RECID_LOGI_LOC	196613
#define NSA$K_RECID_LOGI_REM	262149
#define NSA$K_RECID_LOGI_NET	327685
#define NSA$K_RECID_LOGI_SUB	393221
#define NSA$K_RECID_LOGI_DET	458757
/* login failure */
#define NSA$K_RECTYP_LOGF_BAT	1	/* batch process login failure */
#define NSA$K_RECTYP_LOGF_DIA	2	/* dialup interactive login failure */
#define NSA$K_RECTYP_LOGF_LOC	3	/* local interactive login failure */
#define NSA$K_RECTYP_LOGF_REM	4	/* remote interactive login failure */
#define NSA$K_RECTYP_LOGF_NET	5	/* network login failure */
#define NSA$K_RECTYP_LOGF_SUB	6	/* subprocess login failure */
#define NSA$K_RECTYP_LOGF_DET	7	/* detached process login failure */
#define NSA$K_RECTYPNUM_LOGF	7
#define NSA$K_RECID_LOGF_BAT	65542
#define NSA$K_RECID_LOGF_DIA	131078
#define NSA$K_RECID_LOGF_LOC	196614
#define NSA$K_RECID_LOGF_REM	262150
#define NSA$K_RECID_LOGF_NET	327686
#define NSA$K_RECID_LOGF_SUB	393222
#define NSA$K_RECID_LOGF_DET	458758
/* logout */
#define NSA$K_RECTYP_LOGO_BAT	1	/* batch process logout */
#define NSA$K_RECTYP_LOGO_DIA	2	/* dialup interactive logout */
#define NSA$K_RECTYP_LOGO_LOC	3	/* local interactive logout */
#define NSA$K_RECTYP_LOGO_REM	4	/* remote interactive logout */
#define NSA$K_RECTYP_LOGO_NET	5	/* network logout */
#define NSA$K_RECTYP_LOGO_SUB	6	/* subprocess logout */
#define NSA$K_RECTYP_LOGO_DET	7	/* detached process logout */
#define NSA$K_RECTYPNUM_LOGO	7
#define NSA$K_RECID_LOGO_BAT	65543
#define NSA$K_RECID_LOGO_DIA	131079
#define NSA$K_RECID_LOGO_LOC	196615
#define NSA$K_RECID_LOGO_REM	262151
#define NSA$K_RECID_LOGO_NET	327687
#define NSA$K_RECID_LOGO_SUB	393223
#define NSA$K_RECID_LOGO_DET	458759
/* volume operations */
#define NSA$K_RECTYP_VOL_MOU	1	/* volume mounts */
#define NSA$K_RECTYP_VOL_DMOU	2	/* volume dismounts */
#define NSA$K_RECTYPNUM_VOL	2
#define NSA$K_RECID_VOL_MOU	65544
#define NSA$K_RECID_VOL_DMOU	131080
/* install operations */
#define NSA$K_RECTYP_INSTAL_ADD 1	/* add known file */
#define NSA$K_RECTYP_INSTAL_REM 2	/* remove known file */
#define NSA$K_RECTYPNUM_INSTAL	2
/* rights database operations */
#define NSA$K_RECTYP_RIGHTS_CRE 1	/* create rights database */
#define NSA$K_RECTYP_RIGHTS_ADD 2	/* add identifier */
#define NSA$K_RECTYP_RIGHTS_REM 3	/* remove identifier */
#define NSA$K_RECTYP_RIGHTS_MOD_ID 4	/* modify identifier */
#define NSA$K_RECTYP_RIGHTS_MOD_HO 5	/* modify identifier holder */
#define NSA$K_RECTYP_RIGHTS_GRANT 6	/* grant identifier */
#define NSA$K_RECTYP_RIGHTS_REVOK 7	/* revoke identifier */
#define NSA$K_RECTYPNUM_RIGHTS	7
/* set audit operations */
#define NSA$K_RECTYP_AUDIT_ENA_AL 1	/* enable alarm */
#define NSA$K_RECTYP_AUDIT_DIS_AL 2	/* disable alarm */
#define NSA$K_RECTYP_AUDIT_ENA_JL 3	/* enable journal */
#define NSA$K_RECTYP_AUDIT_DIS_JL 4	/* disable journal */
#define NSA$K_RECTYPNUM_AUDIT	4
/* sysuaff stuff */
struct nsa$sysuaff_bits {
    union {
	unsigned int nsa$q_sysuaff[2]; /* SYSUAFF flags: */
	struct {
	    unsigned nsa$v_access	: 1; /*  ACCESS modified */
	    unsigned nsa$v_account	: 1; /*  ACCOUNT modified */
	    unsigned nsa$v_astlm	: 1; /*  ASTLM modified */
	    unsigned nsa$v_batch	: 1; /*  BATCH modified */
	    unsigned nsa$v_biolm	: 1; /*  BIOLM modified */
	    unsigned nsa$v_bytlm	: 1; /*  BYTLM modified */
	    unsigned nsa$v_cli		: 1; /*  CLI modified */
	    unsigned nsa$v_clitables	: 1; /*  CLITABLES modified */
	    unsigned nsa$v_cputime	: 1; /*  CPUTIME modified */
	    unsigned nsa$v_defprivileges: 1; /*  DEFPRIVILEGES modified */
	    unsigned nsa$v_device	: 1; /*  DEVICE modified */
	    unsigned nsa$v_dialup	: 1; /*  DIALUP modified */
	    unsigned nsa$v_diolm	: 1; /*  DIOLM modified */
	    unsigned nsa$v_directory	: 1; /*  DIRECTORY modified */
	    unsigned nsa$v_enqlm	: 1; /*  ENQLM modified */
	    unsigned nsa$v_expiration	: 1; /*  EXPIRATION modified */
	    unsigned nsa$v_fillm	: 1; /*  FILLM modified */
	    unsigned nsa$v_flags	: 1; /*  FLAGS modified */
	    unsigned nsa$v_interactive	: 1; /*  INTERACTIVE modified */
	    unsigned nsa$v_jtquota	: 1; /*  JTQUOTA modified */
	    unsigned nsa$v_lgicmd	: 1; /*  LGICMD modified */
	    unsigned nsa$v_local	: 1; /*  LOCAL modified */
	    unsigned nsa$v_maxdetach	: 1; /*  MAXDETACH modified */
	    unsigned nsa$v_maxjobs	: 1; /*  MAXJOBS modified */
	    unsigned nsa$v_maxacctjobs	: 1; /*  MAXACCTJOBS modified */
	    unsigned nsa$v_network	: 1; /*  NETWORK modified */
	    unsigned nsa$v_owner	: 1; /*  OWNER modified */
	    unsigned nsa$v_password	: 1; /*  PASSWORD modified */
	    unsigned nsa$v_pbytlm	: 1; /*  PBYTLM modified */
	    unsigned nsa$v_pflags	: 1; /*  PFLAGS modified */
	    unsigned nsa$v_p_restrict	: 1; /*  P_RESTRICT modified */
	    unsigned nsa$v_pgflquota	: 1; /*  PGFLQUOTA modified */
 /* */
	    unsigned nsa$v_prclm	: 1; /*  PRCLM modified */
	    unsigned nsa$v_primedays	: 1; /*  PRIMEDAYS modified */
	    unsigned nsa$v_priority	: 1; /*  PRIORITY modified */
	    unsigned nsa$v_privileges	: 1; /*  PRIVILEGES modified */
	    unsigned nsa$v_pwdlifetime	: 1; /*  PWDLIFETIME modified */
	    unsigned nsa$v_pwdminimum	: 1; /*  PWDMINIMUM modified */
	    unsigned nsa$v_quepriority	: 1; /*  QUEPRIORITY modified */
	    unsigned nsa$v_remote	: 1; /*  REMOTE modified */
	    unsigned nsa$v_sflags	: 1; /*  SFLAGS modified */
	    unsigned nsa$v_s_restrict	: 1; /*  S_RESTRICT modified */
	    unsigned nsa$v_shrfillm	: 1; /*  SHRFILLM modified */
	    unsigned nsa$v_tqelm	: 1; /*  TQELM modified */
	    unsigned nsa$v_uic		: 1; /*  UIC modified */
	    unsigned nsa$v_wsdefault	: 1; /*  WSDEFAULT modified */
	    unsigned nsa$v_wsextent	: 1; /*  WSEXTENT modified */
	    unsigned nsa$v_wsquota	: 1; /*  WSQUOTA modified */
	} nsa$r_sysuaff_bits;
    } nsa$r_sysuaff_overlay;
};
/* record header offset definitions */
#define NSA$V_REC_FLAGS_PKTCON	0
#define NSA$M_REC_FLAGS_PKTCON	(1<<NSA$V_REC_FLAGS_PKTCON)	/* 0x01 */
#define NSA$C_RECHDR_LENGTH	76
#define NSA$K_RECHDR_LENGTH	76
struct nsarechdrdef {
    union {
	unsigned long nsa$l_rec_id;	/* record identification longword */
	struct {
	    unsigned short nsa$w_rec_type;	/* record type */
	    unsigned short nsa$w_rec_subtype;	/* record subtype */
	} nsa$r_rec_id_fields;
    } nsa$r_rec_id_overlay;
    unsigned char nsa$b_rec_seqnum;	/* this records sequence number */
    unsigned char nsa$b_rec_seqlast;	/* last records sequence number */
    union {
	unsigned char nsa$b_rec_flags;	/* record flags byte */
	struct {
	    unsigned nsa$v_rec_flags_pktcon: 1; /* last packet in record is */
						/* continued in next record */
	    unsigned			   : 7;
	} nsa$r_rec_flags_bits;
    } nsa$r_rec_flags_overlay;
    unsigned char nsa$b_rec_pktnum;	/* number of data packets in record */
    unsigned short nsa$w_rec_pktoff;	/* offset to first packet */
    unsigned short nsa$w_rec_pkthdrsiz; /* data packet header size */
    unsigned long nsa$l_rec_epid;	/* extended PID */
    unsigned int nsa$q_rec_time[2];	/* event time (EXE$GQ_SYSTIME) */
    char nsa$t_rec_clusnam[16];		/* cluster node name */
    char nsa$t_rec_procnam[16];		/* process name */
    char nsa$t_rec_usernam[12];		/* username */
    char nsa$t_rec_acctnam[8];		/* account name */
};
/* data packet type definitions */
#define NSA$K_PKTTYP_IMGNAM	1	/* image name packet */
#define NSA$K_PKTTYP_FACMOD	2	/* file access mode */
#define NSA$K_PKTTYP_PRIVUSED	3	/* privilege used to access file */
#define NSA$K_PKTTYP_FILNAM	4	/* file name */
#define NSA$K_PKTTYP_DEVNAM	5	/* device name */
#define NSA$K_PKTTYP_LOGNAM	6	/* logical name */
#define NSA$K_PKTTYP_VOLNAM	7	/* volume name */
#define NSA$K_PKTTYP_VOLSNAM	8	/* volume set name */
#define NSA$K_PKTTYP_NODENAM	9	/* node name */
#define NSA$K_PKTTYP_USERNAM	10	/* user name */
#define NSA$K_PKTTYP_PASSWORD	11	/* password */
#define NSA$K_PKTTYP_UIC	12	/* user identification code */
#define NSA$K_PKTTYP_VOLPRO	13	/* volume protection */
#define NSA$K_PKTTYP_MOUFLG	14	/* mount flags */
#define NSA$K_PKTTYP_DMOUFLG	15	/* dismount flags */
#define NSA$K_PKTTYP_NODEID	16	/* node ID */
#define NSA$K_PKTTYP_EPID	17	/* extended PID */
#define NSA$K_PKTTYP_SYSUAFF	18	/* system UAF record fields */
#define NSA$K_PKTTYP_STATUS	19	/* status longword */
#define NSA$K_PKTTYP_SECNAM	20	/* global section name */
#define NSA$K_PKTTYP_PRIVS	21	/* full privilege mask */
#define NSA$K_PKTTYP_INSFLG	22	/* install flags */
#define NSA$K_PKTTYP_IDNAME	23	/* identifier name */
#define NSA$K_PKTTYP_IDVAL	24	/* identifier value */
#define NSA$K_PKTTYP_IDATTR	25	/* identifier attributes */
#define NSA$K_PKTTYP_HOLDER	26	/* identifier holder */
#define NSA$K_PKTTYP_AUDIT	27	/* audit item */
#define NSA$K_PKTTYP_DEFUSERNAM 28	/* default proxy name */
#define NSA$K_PKTTYP_OLDUSERNAM 29	/* old proxy name */
#define NSA$K_PKTTYP_OLDDEFUNAM 30	/* old default local proxy name */
#define NSA$K_PKTTYP_OLDNODENAM 31	/* old remote node name */
#define NSA$K_PKTTYPNUM		31
/* data packet offset definitions */
#define NSA$C_PKTHDR_LENGTH	4
#define NSA$K_PKTHDR_LENGTH	4
#define NSA$V_PKT_INS_OPEN	1
#define NSA$V_PKT_INS_HDR	2
#define NSA$V_PKT_INS_SHARE	3
#define NSA$V_PKT_INS_EXEC	4
#define NSA$V_PKT_INS_WRITE	5
#define NSA$V_PKT_INS_PRIV	6
#define NSA$V_PKT_INS_PROT	7
#define NSA$V_PKT_INS_NOPRG	8
#define NSA$V_PKT_INS_ACC	9
#define NSA$M_PKT_INS_OPEN	(1<<NSA$V_PKT_INS_OPEN)		/* 0x02 */
#define NSA$M_PKT_INS_HDR	(1<<NSA$V_PKT_INS_HDR)		/* 0x04 */
#define NSA$M_PKT_INS_SHARE	(1<<NSA$V_PKT_INS_SHARE)	/* 0x08 */
#define NSA$M_PKT_INS_EXEC	(1<<NSA$V_PKT_INS_EXEC)		/* 0x10 */
#define NSA$M_PKT_INS_WRITE	(1<<NSA$V_PKT_INS_WRITE)	/* 0x20 */
#define NSA$M_PKT_INS_PRIV	(1<<NSA$V_PKT_INS_PRIV)		/* 0x40 */
#define NSA$M_PKT_INS_PROT	(1<<NSA$V_PKT_INS_PROT)		/* 0x80 */
#define NSA$M_PKT_INS_NOPRG	(1<<NSA$V_PKT_INS_NOPRG)	/* 0x0100 */
#define NSA$M_PKT_INS_ACC	(1<<NSA$V_PKT_INS_ACC)		/* 0x0200 */
struct nsapktdef {	/* WARNING: aggregate has origin of -4 */
    unsigned short nsa$w_pkt_type;	/* packet data type */
    unsigned short nsa$w_pkt_size;	/* packet size */
    union {
	char nsa$t_pkt_data[ 1 ];
	char nsa$t_pkt_imgnam[444];		/* image name */
	unsigned long nsa$l_pkt_facmod;		/* file access mode */
	unsigned long nsa$l_pkt_privused;	/* privilege used to access file */
	char nsa$t_pkt_filnam[444];		/* file name */
	char nsa$t_pkt_devnam[64];		/* device and access port name */
	char nsa$t_pkt_lognam[255];		/* logical name */
	char nsa$t_pkt_volnam[12];		/* volume name */
	char nsa$t_pkt_volsnam[12];		/* volume set name */
	char nsa$t_pkt_nodenam[6];		/* node name */
	char nsa$t_pkt_usernam[32];		/* user name */
	char nsa$t_pkt_password[32];		/* password */
	unsigned long nsa$l_pkt_uic;		/* volume UIC */
	unsigned short nsa$w_pkt_volpro;	/* volume protection */
	unsigned long nsa$l_pkt_mouflg;		/* mount flags */
	unsigned short nsa$w_pkt_dmouflg;	/* dismount flags */
	unsigned int nsa$q_pkt_nodeid[2];	/* node ID */
	unsigned long nsa$l_pkt_epid;		/* extended PID */
	unsigned int nsa$q_pkt_sysuaff[2];	/* system UAF record fields */
	unsigned long nsa$l_pkt_status;		/* status longword */
	char nsa$t_pkt_secnam[54];		/* global section name */
	unsigned int nsa$q_pkt_privs[2];	/* full privilege mask */
	union {
	    unsigned long nsa$l_pkt_insflg;	/* install flags */
	    struct {
		unsigned nsa$v_pkt_ins_fill : 1; /* bit 0 must be unused */
		unsigned nsa$v_pkt_ins_open : 1; /* /OPEN */
		unsigned nsa$v_pkt_ins_hdr  : 1; /* /HEADER_RESIDENT */
		unsigned nsa$v_pkt_ins_share: 1; /* /SHARE */
		unsigned nsa$v_pkt_ins_exec : 1; /* /EXECUTE */
		unsigned nsa$v_pkt_ins_write: 1; /* /WRITE */
		unsigned nsa$v_pkt_ins_priv : 1; /* /PRIVILEGE */
		unsigned nsa$v_pkt_ins_prot : 1; /* /PROTECTED */
		unsigned nsa$v_pkt_ins_noprg: 1; /* /NOPURGE */
		unsigned nsa$v_pkt_ins_acc  : 1; /* /ACCOUNTING */
		unsigned		    : 6;
	    } nsa$r_pkt_ins_bits;
	} nsa$r_pkt_ins_overlay;
	char nsa$t_pkt_idname[32];		/* identifier name */
	unsigned long nsa$l_pkt_idval;		/* identifier value */
	unsigned long nsa$l_pkt_idattr;		/* identifier attributes */
	unsigned int nsa$q_pkt_holder[2];	/* identifier holder */
	char nsa$r_pkt_audit[ 1 ];		/* audit item (not used) */
	char nsa$t_pkt_defusernam[32];		/* default proxy name */
	char nsa$t_pkt_oldusernam[32];		/* old proxy name */
	char nsa$t_pkt_olddefunam[32];		/* old default local proxy name */
	char nsa$t_pkt_oldnodenam[6];		/* old remote node name */
    } nsa$r_pkt_data_overlay;
};

#endif	/*_NSARECDEF_H*/