1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _BSM_LIBBSM_H 28 #define _BSM_LIBBSM_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #include <secdb.h> 33 #include <stdio.h> 34 #include <errno.h> 35 #include <sys/types.h> 36 #include <bsm/audit.h> 37 #include <bsm/audit_record.h> 38 39 #ifdef __cplusplus 40 extern "C" { 41 #endif 42 43 #ifndef TEXT_DOMAIN 44 #define TEXT_DOMAIN "SUNW_OST_OSLIB" 45 #endif 46 47 extern const char *bsm_dom; 48 49 /* 50 * For audit_event(5) 51 */ 52 struct au_event_ent { 53 au_event_t ae_number; 54 char *ae_name; 55 char *ae_desc; 56 au_class_t ae_class; 57 }; 58 typedef struct au_event_ent au_event_ent_t; 59 60 /* 61 * For audit_class(5) 62 */ 63 struct au_class_ent { 64 char *ac_name; 65 au_class_t ac_class; 66 char *ac_desc; 67 }; 68 typedef struct au_class_ent au_class_ent_t; 69 70 /* 71 * For audit_user(5) 72 */ 73 struct au_user_ent { 74 char *au_name; 75 au_mask_t au_always; 76 au_mask_t au_never; 77 }; 78 typedef struct au_user_ent au_user_ent_t; 79 80 /* 81 * Internal representation of audit user in libnsl 82 */ 83 typedef struct au_user_str_s { 84 char *au_name; 85 char *au_always; 86 char *au_never; 87 } au_user_str_t; 88 89 /* 90 * opaque context value for getacval.c 91 */ 92 typedef struct au_acinfo au_acinfo_t; 93 94 /* 95 * adrf's version of adr_t 96 */ 97 typedef struct adrf_s { 98 adr_t *adrf_adr; 99 FILE *adrf_fp; 100 } adrf_t; 101 102 /* 103 * Functions that manipulate bytes from an audit file 104 */ 105 106 extern void adr_char(adr_t *, char *, int); 107 extern int adr_count(adr_t *); 108 extern void adr_int32(adr_t *, int32_t *, int); 109 extern void adr_int64(adr_t *, int64_t *, int); 110 extern void adr_short(adr_t *, short *, int); 111 extern void adr_start(adr_t *, char *); 112 113 extern int adrf_char(adrf_t *, char *, int); 114 extern int adrf_int32(adrf_t *, int32_t *, int); 115 extern int adrf_int64(adrf_t *, int64_t *, int); 116 extern int adrf_short(adrf_t *, short *, int); 117 extern void adrf_start(adrf_t *, adr_t *, FILE *); 118 extern int adrf_u_char(adrf_t *, uchar_t *, int); 119 extern int adrf_u_int32(adrf_t *, uint32_t *, int); 120 extern int adrf_u_int64(adrf_t *, uint64_t *, int); 121 extern int adrf_u_short(adrf_t *, ushort_t *, int); 122 123 /* 124 * Functions that manipulate bytes from an audit character stream. 125 */ 126 127 extern void adrm_start(adr_t *, char *); 128 extern void adrm_char(adr_t *, char *, int); 129 extern void adrm_short(adr_t *, short *, int); 130 extern void adrm_int64(adr_t *, int64_t *, int); 131 extern void adrm_int32(adr_t *, int32_t *, int); 132 extern void adrm_u_int32(adr_t *, uint32_t *, int); 133 extern void adrm_u_char(adr_t *, uchar_t *, int); 134 extern void adrm_u_int64(adr_t *, uint64_t *, int); 135 extern void adrm_u_short(adr_t *, ushort_t *, int); 136 extern void adrm_putint32(adr_t *, int32_t *, int); 137 138 /* 139 * Functions that do I/O for audit files 140 */ 141 142 extern int au_close(int, int, short); 143 extern int au_open(void); 144 extern int au_write(int, token_t *); 145 extern int au_read_rec(FILE *, char **); 146 extern int au_fetch_tok(au_token_t *, char *, int); 147 extern int au_print_tok(FILE *, au_token_t *, char *, char *, char *, int); 148 149 /* 150 * Functions than manipulate audit events 151 */ 152 153 extern void setauevent(void); 154 extern void endauevent(void); 155 extern int setaueventfile(char *); 156 157 extern au_event_ent_t *getauevent(void); 158 extern au_event_ent_t *getauevent_r(au_event_ent_t *); 159 extern au_event_ent_t *getauevnam(char *); 160 extern au_event_ent_t *getauevnam_r(au_event_ent_t *, char *); 161 extern au_event_ent_t *getauevnum(au_event_t); 162 extern au_event_ent_t *getauevnum_r(au_event_ent_t *, au_event_t); 163 extern au_event_t getauevnonam(char *); 164 extern int au_preselect(au_event_t, au_mask_t *, int, int); 165 extern int cacheauevent(au_event_ent_t **, au_event_t); 166 167 /* 168 * Functions that manipulate audit classes 169 */ 170 171 extern void setauclass(void); 172 extern void endauclass(void); 173 extern int setauclassfile(char *); 174 175 extern int cacheauclass(au_class_ent_t **, au_class_t); 176 extern int cacheauclassnam(au_class_ent_t **, char *); 177 extern au_class_ent_t *getauclassent(void); 178 extern au_class_ent_t *getauclassent_r(au_class_ent_t *); 179 extern au_class_ent_t *getauclassnam(char *); 180 extern au_class_ent_t *getauclassnam_r(au_class_ent_t *, char *); 181 182 /* 183 * Functions that manipulate audit attributes of users 184 */ 185 186 void setauuser(void); 187 void endauuser(void); 188 int setauuserfile(char *); 189 190 au_user_ent_t *getauuserent(void); 191 au_user_ent_t *getauuserent_r(au_user_ent_t *); 192 au_user_ent_t *getauusernam(char *); 193 au_user_ent_t *getauusernam_r(au_user_ent_t *, char *); 194 195 /* 196 * Functions that manipulate the audit control file 197 */ 198 199 void endac(void); 200 void setac(void); 201 int testac(void); 202 203 int getacdir(char *, int); 204 int getacmin(int *); 205 int getacna(char *, int); 206 int getacflg(char *, int); 207 208 /* 209 * Functions that manipulate the audit control file 210 */ 211 212 213 au_acinfo_t *_openac(char *); 214 void _endac(au_acinfo_t *); 215 void _rewindac(au_acinfo_t *); 216 217 int _getacdir(au_acinfo_t *, char *, int); 218 int _getaclib(au_acinfo_t *, kva_t **); 219 int _getacmin(au_acinfo_t *, int *); 220 int _getacna(au_acinfo_t *, char *, int); 221 int _getacflg(au_acinfo_t *, char *, int); 222 int _getacplug(au_acinfo_t *, kva_t **); 223 224 /* 225 * Functions that manipulate audit masks 226 */ 227 228 extern int au_user_mask(char *, au_mask_t *); 229 extern int getauditflagsbin(char *, au_mask_t *); 230 extern int getauditflagschar(char *, au_mask_t *, int); 231 extern int getfauditflags(au_mask_t *, au_mask_t *, au_mask_t *); 232 233 /* 234 * Functions that do system calls 235 */ 236 237 extern int audit(char *, int); 238 extern int auditon(int, caddr_t, int); 239 extern int auditstat(au_stat_t *); 240 extern int auditsvc(int, int); 241 extern int auditdoor(int); 242 extern int audituser(char *); 243 extern int getaudit(auditinfo_t *); 244 extern int getaudit_addr(auditinfo_addr_t *, int); 245 extern int getauid(au_id_t *); 246 extern int getkernstate(au_mask_t *); 247 extern int getuseraudit(au_id_t, au_mask_t *); 248 extern int setaudit(auditinfo_t *); 249 extern int setaudit_addr(auditinfo_addr_t *, int); 250 extern int setauid(au_id_t *); 251 extern int setkernstate(au_mask_t *); 252 extern int setuseraudit(au_id_t, au_mask_t *); 253 254 #define BSM_TEXTBUFSZ 256 /* size of string for generic text token */ 255 256 /* 257 * Defines for au_preselect(3) 258 */ 259 #define AU_PRS_SUCCESS 1 260 #define AU_PRS_FAILURE 2 261 #define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) 262 263 #define AU_PRS_USECACHE 0 264 #define AU_PRS_REREAD 1 265 266 /* 267 * Defines for cacheauclass and cacheauevent 268 */ 269 #define AU_CACHE_FREE 0x0000 270 #define AU_CACHE_NAME 0x0001 271 #define AU_CACHE_NUMBER 0x0002 272 273 /* Flags for user-level audit routines: au_open, au_close, au_to_ */ 274 #define AU_TO_NO_WRITE 0 275 #define AU_TO_WRITE 1 276 277 /* Flags for user-level audit routine: au_fetch_tok */ 278 #define AUF_NOOP 0x0000 279 #define AUF_POINT 0x0001 280 #define AUF_DUP 0x0002 281 #define AUF_COPY_IN 0x0004 282 #define AUF_SKIP 0x0008 283 284 /* system audit files for auditd */ 285 #define AUDITCLASSFILE "/etc/security/audit_class" 286 #define AUDITCONTROLFILE "/etc/security/audit_control" 287 #define AUDITDATAFILE "/etc/security/audit_data" 288 #define AUDITEVENTFILE "/etc/security/audit_event" 289 #define AUDITUSERFILE "/etc/security/audit_user" 290 291 /* array sizes for audit library structures */ 292 #define AU_CLASS_NAME_MAX 8 293 #define AU_CLASS_DESC_MAX 72 294 #define AU_EVENT_NAME_MAX 30 295 #define AU_EVENT_DESC_MAX 50 296 #define AU_EVENT_LINE_MAX 256 297 298 /* 299 * Some macros used internally by the nsswitch code 300 */ 301 #define AUDITUSER_FILENAME "/etc/security/audit_user" 302 #define AUDITUSER_DB_NAME "audit_user.org_dir" 303 #define AUDITUSER_DB_NCOL 3 /* total columns */ 304 #define AUDITUSER_DB_NKEYCOL 1 /* total searchable columns */ 305 #define AUDITUSER_DB_TBLT "audit_user_tbl" 306 #define AUDITUSER_SUCCESS 0 307 #define AUDITUSER_PARSE_ERANGE 1 308 #define AUDITUSER_NOT_FOUND 2 309 310 #define AUDITUSER_COL0_KW "name" 311 #define AUDITUSER_COL1_KW "always" 312 #define AUDITUSER_COL2_KW "never" 313 314 /* 315 * indices of searchable columns 316 */ 317 #define AUDITUSER_KEYCOL0 0 /* name */ 318 319 320 #ifdef __cplusplus 321 } 322 #endif 323 324 #endif /* _BSM_LIBBSM_H */ 325