1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * Copyright 2018 Nexenta Systems, Inc. All rights reserved. 26 */ 27 28 #ifndef _BSM_AUDIT_RECORD_H 29 #define _BSM_AUDIT_RECORD_H 30 31 32 #ifdef _KERNEL 33 #include <sys/priv.h> 34 #else 35 #include <priv.h> 36 #endif 37 #include <sys/socket.h> 38 #include <sys/acl.h> 39 40 #include <sys/tsol/label.h> 41 42 #ifdef __cplusplus 43 extern "C" { 44 #endif 45 46 /* 47 * Version of audit attributes 48 * 49 * OS Release Version Number Comments 50 * ========== ============== ======== 51 * SunOS 5.1 2 Unbundled Package 52 * SunOS 5.3 2 Bundled into the base OS 53 * SunOS 5.4-5.x 2 54 * Trusted Solaris 2.5 3 To distinguish potential new tokens 55 * Trusted Solaris 7-8 4 Redefine X tokens that overlap with 56 * SunOS 5.7 57 */ 58 59 #define TOKEN_VERSION 2 60 61 /* 62 * Audit record token type codes 63 */ 64 65 /* 66 * Control token types 67 */ 68 69 #define AUT_INVALID ((char)0x00) 70 #define AUT_OTHER_FILE ((char)0x11) 71 #define AUT_OTHER_FILE32 AUT_OTHER_FILE 72 #define AUT_OHEADER ((char)0x12) 73 #define AUT_TRAILER ((char)0x13) 74 #define AUT_HEADER ((char)0x14) 75 #define AUT_HEADER32 AUT_HEADER 76 #define AUT_HEADER32_EX ((char)0x15) 77 #define AUT_TRAILER_MAGIC ((short)0xB105) 78 79 /* 80 * Data token types 81 */ 82 83 #define AUT_FMRI ((char)0x20) 84 #define AUT_DATA ((char)0x21) 85 #define AUT_IPC ((char)0x22) 86 #define AUT_PATH ((char)0x23) 87 #define AUT_SUBJECT ((char)0x24) 88 #define AUT_SUBJECT32 AUT_SUBJECT 89 #define AUT_XATPATH ((char)0x25) 90 #define AUT_PROCESS ((char)0x26) 91 #define AUT_PROCESS32 AUT_PROCESS 92 #define AUT_RETURN ((char)0x27) 93 #define AUT_RETURN32 AUT_RETURN 94 #define AUT_TEXT ((char)0x28) 95 #define AUT_OPAQUE ((char)0x29) 96 #define AUT_IN_ADDR ((char)0x2A) 97 #define AUT_IP ((char)0x2B) 98 #define AUT_IPORT ((char)0x2C) 99 #define AUT_ARG ((char)0x2D) 100 #define AUT_ARG32 AUT_ARG 101 #define AUT_SOCKET ((char)0x2E) 102 #define AUT_SEQ ((char)0x2F) 103 #define AUT_USER ((char)0x36) /* out of order */ 104 #define AUT_TID ((char)0x61) /* out of order */ 105 106 /* 107 * Modifier token types 108 */ 109 110 #define AUT_ACL ((char)0x30) 111 #define AUT_ATTR ((char)0x31) 112 #define AUT_IPC_PERM ((char)0x32) 113 #define AUT_LABEL ((char)0x33) 114 #define AUT_GROUPS ((char)0x34) 115 #define AUT_ACE ((char)0x35) 116 /* 0x37 unused */ 117 #define AUT_PRIV ((char)0x38) 118 #define AUT_UPRIV ((char)0x39) 119 #define AUT_LIAISON ((char)0x3A) 120 #define AUT_NEWGROUPS ((char)0x3B) 121 #define AUT_EXEC_ARGS ((char)0x3C) 122 #define AUT_EXEC_ENV ((char)0x3D) 123 #define AUT_ATTR32 ((char)0x3E) 124 #define AUT_UAUTH ((char)0x3F) 125 #define AUT_ZONENAME ((char)0x60) /* out of order */ 126 #define AUT_SECFLAGS ((char)0x62) /* out of order */ 127 128 /* 129 * X windows token types 130 */ 131 132 #define AUT_XATOM ((char)0x40) 133 #define AUT_XOBJ ((char)0x41) 134 #define AUT_XPROTO ((char)0x42) 135 #define AUT_XSELECT ((char)0x43) 136 137 #if TOKEN_VERSION != 3 138 #define AUT_XCOLORMAP ((char)0x44) 139 #define AUT_XCURSOR ((char)0x45) 140 #define AUT_XFONT ((char)0x46) 141 #define AUT_XGC ((char)0x47) 142 #define AUT_XPIXMAP ((char)0x48) 143 #define AUT_XPROPERTY ((char)0x49) 144 #define AUT_XWINDOW ((char)0x4A) 145 #define AUT_XCLIENT ((char)0x4B) 146 #else /* TOKEN_VERSION == 3 */ 147 #define AUT_XCOLORMAP ((char)0x74) 148 #define AUT_XCURSOR ((char)0x75) 149 #define AUT_XFONT ((char)0x76) 150 #define AUT_XGC ((char)0x77) 151 #define AUT_XPIXMAP ((char)0x78) 152 #define AUT_XPROPERTY ((char)0x79) 153 #define AUT_XWINDOW ((char)0x7A) 154 #define AUT_XCLIENT ((char)0x7B) 155 #endif /* TOKEN_VERSION != 3 */ 156 157 /* 158 * Command token types 159 */ 160 161 #define AUT_CMD ((char)0x51) 162 #define AUT_EXIT ((char)0x52) 163 164 /* 165 * Miscellaneous token types 166 */ 167 168 #define AUT_HOST ((char)0x70) 169 170 /* 171 * Solaris64 token types 172 */ 173 174 #define AUT_ARG64 ((char)0x71) 175 #define AUT_RETURN64 ((char)0x72) 176 #define AUT_ATTR64 ((char)0x73) 177 #define AUT_HEADER64 ((char)0x74) 178 #define AUT_SUBJECT64 ((char)0x75) 179 #define AUT_PROCESS64 ((char)0x77) 180 #define AUT_OTHER_FILE64 ((char)0x78) 181 182 /* 183 * Extended network address token types 184 */ 185 186 #define AUT_HEADER64_EX ((char)0x79) 187 #define AUT_SUBJECT32_EX ((char)0x7a) 188 #define AUT_PROCESS32_EX ((char)0x7b) 189 #define AUT_SUBJECT64_EX ((char)0x7c) 190 #define AUT_PROCESS64_EX ((char)0x7d) 191 #define AUT_IN_ADDR_EX ((char)0x7e) 192 #define AUT_SOCKET_EX ((char)0x7f) 193 194 /* 195 * Can't do >= 0x80 because these are chars. 0x16/0x17 seem to be free here, 196 * but who knows if they have historical uses 197 */ 198 #define AUT_ACCESS_MASK ((char)0x16) 199 #define AUT_WSID ((char)0x17) 200 201 /* 202 * Audit print suggestion types. 203 */ 204 205 #define AUP_BINARY ((char)0) 206 #define AUP_OCTAL ((char)1) 207 #define AUP_DECIMAL ((char)2) 208 #define AUP_HEX ((char)3) 209 #define AUP_STRING ((char)4) 210 211 /* 212 * Audit data member types. 213 */ 214 215 #define AUR_BYTE ((char)0) 216 #define AUR_CHAR ((char)0) 217 #define AUR_SHORT ((char)1) 218 #define AUR_INT ((char)2) 219 #define AUR_INT32 ((char)2) 220 #define AUR_INT64 ((char)3) 221 222 /* 223 * Adr structures 224 */ 225 226 struct adr_s { 227 char *adr_stream; /* The base of the stream */ 228 char *adr_now; /* The location within the stream */ 229 }; 230 231 typedef struct adr_s adr_t; 232 233 234 #ifdef _KERNEL 235 236 #include <sys/param.h> 237 #include <sys/systm.h> /* for rval */ 238 #include <sys/time.h> 239 #include <sys/types.h> 240 #include <sys/vnode.h> 241 #include <sys/mode.h> 242 #include <sys/user.h> 243 #include <sys/session.h> 244 #include <sys/ipc_impl.h> 245 #include <netinet/in_systm.h> 246 #include <netinet/in.h> 247 #include <netinet/ip.h> 248 #include <sys/socket.h> 249 #include <net/route.h> 250 #include <netinet/in_pcb.h> 251 252 /* 253 * au_close flag arguments 254 */ 255 256 #define AU_OK 0x1 /* Good audit record */ 257 #define AU_DONTBLOCK 0x2 /* Don't block or discard if queue full */ 258 #define AU_DEFER 0x4 /* Defer record queueing to syscall end */ 259 260 /* 261 * Audit token type is really an au_membuf pointer 262 */ 263 typedef au_buff_t token_t; 264 /* 265 * token generation functions 266 */ 267 token_t *au_append_token(token_t *, token_t *); 268 token_t *au_set(caddr_t, uint_t); 269 270 void au_free_rec(au_buff_t *); 271 272 #define au_getclr() ((token_t *)au_get_buff()) 273 #define au_toss_token(tok) (au_free_rec((au_buff_t *)(tok))) 274 275 token_t *au_to_acl(); 276 token_t *au_to_ace(); 277 token_t *au_to_attr(struct vattr *); 278 token_t *au_to_data(char, char, char, char *); 279 token_t *au_to_header(int, au_event_t, au_emod_t); 280 token_t *au_to_header_ex(int, au_event_t, au_emod_t); 281 token_t *au_to_ipc(char, int); 282 token_t *au_to_ipc_perm(kipc_perm_t *); 283 token_t *au_to_iport(ushort_t); 284 token_t *au_to_in_addr(struct in_addr *); 285 token_t *au_to_in_addr_ex(int32_t *); 286 token_t *au_to_ip(struct ip *); 287 token_t *au_to_groups(const gid_t *, uint_t); 288 token_t *au_to_path(struct audit_path *); 289 token_t *au_to_seq(); 290 token_t *au_to_process(uid_t, gid_t, uid_t, gid_t, pid_t, 291 au_id_t, au_asid_t, const au_tid_addr_t *); 292 token_t *au_to_subject(uid_t, gid_t, uid_t, gid_t, pid_t, 293 au_id_t, au_asid_t, const au_tid_addr_t *); 294 token_t *au_to_return32(int, int32_t); 295 token_t *au_to_return64(int, int64_t); 296 token_t *au_to_text(const char *); 297 /* token_t *au_to_tid(au_generic_tid_t *); no kernel implementation */ 298 token_t *au_to_trailer(int); 299 token_t *au_to_uauth(char *); 300 size_t au_zonename_length(zone_t *); 301 token_t *au_to_zonename(size_t, zone_t *); 302 token_t *au_to_arg32(char, char *, uint32_t); 303 token_t *au_to_arg64(char, char *, uint64_t); 304 token_t *au_to_socket_ex(short, short, char *, char *); 305 token_t *au_to_sock_inet(struct sockaddr_in *); 306 token_t *au_to_exec_args(const char *, ssize_t); 307 token_t *au_to_exec_env(const char *, ssize_t); 308 token_t *au_to_label(bslabel_t *); 309 token_t *au_to_privset(const char *, const priv_set_t *, char, int); 310 token_t *au_to_secflags(const char *, secflagset_t); 311 312 void au_uwrite(); 313 void au_close(au_kcontext_t *, caddr_t *, int, au_event_t, au_emod_t, 314 timestruc_t *); 315 void au_close_defer(token_t *, int, au_event_t, au_emod_t, timestruc_t *); 316 void au_close_time(au_kcontext_t *, token_t *, int, au_event_t, au_emod_t, 317 timestruc_t *); 318 void au_free_rec(au_buff_t *); 319 void au_write(caddr_t *, token_t *); 320 void au_mem_init(void); 321 void au_zone_setup(); 322 void au_enqueue(au_kcontext_t *, au_buff_t *, adr_t *, adr_t *, int, int); 323 int au_doorio(au_kcontext_t *); 324 int au_doormsg(au_kcontext_t *, uint32_t, void *); 325 int au_token_size(token_t *); 326 int au_append_rec(au_buff_t *, au_buff_t *, int); 327 int au_append_buf(const char *, int, au_buff_t *); 328 329 #else /* !_KERNEL */ 330 331 #include <limits.h> 332 #include <sys/types.h> 333 #include <sys/vnode.h> 334 #include <netinet/in_systm.h> 335 #include <netinet/in.h> 336 #include <netinet/ip.h> 337 #include <sys/ipc.h> 338 339 struct token_s { 340 struct token_s *tt_next; /* Next in the list */ 341 short tt_size; /* Size of data */ 342 char *tt_data; /* The data */ 343 }; 344 typedef struct token_s token_t; 345 346 /* 347 * Old socket structure definition, formerly in <sys/socketvar.h> 348 */ 349 struct oldsocket { 350 short so_type; /* generic type, see socket.h */ 351 short so_options; /* from socket call, see socket.h */ 352 short so_linger; /* time to linger while closing */ 353 short so_state; /* internal state flags SS_*, below */ 354 struct inpcb *so_pcb; /* protocol control block */ 355 struct protosw *so_proto; /* protocol handle */ 356 /* 357 * Variables for connection queueing. 358 * Socket where accepts occur is so_head in all subsidiary sockets. 359 * If so_head is 0, socket is not related to an accept. 360 * For head socket so_q0 queues partially completed connections, 361 * while so_q is a queue of connections ready to be accepted. 362 * If a connection is aborted and it has so_head set, then 363 * it has to be pulled out of either so_q0 or so_q. 364 * We allow connections to queue up based on current queue lengths 365 * and limit on number of queued connections for this socket. 366 */ 367 struct oldsocket *so_head; /* back pointer to accept socket */ 368 struct oldsocket *so_q0; /* queue of partial connections */ 369 struct oldsocket *so_q; /* queue of incoming connections */ 370 short so_q0len; /* partials on so_q0 */ 371 short so_qlen; /* number of connections on so_q */ 372 short so_qlimit; /* max number queued connections */ 373 short so_timeo; /* connection timeout */ 374 ushort_t so_error; /* error affecting connection */ 375 short so_pgrp; /* pgrp for signals */ 376 ulong_t so_oobmark; /* chars to oob mark */ 377 /* 378 * Variables for socket buffering. 379 */ 380 struct sockbuf { 381 ulong_t sb_cc; /* actual chars in buffer */ 382 ulong_t sb_hiwat; /* max actual char count */ 383 ulong_t sb_mbcnt; /* chars of mbufs used */ 384 ulong_t sb_mbmax; /* max chars of mbufs to use */ 385 ulong_t sb_lowat; /* low water mark (not used yet) */ 386 struct mbuf *sb_mb; /* the mbuf chain */ 387 struct proc *sb_sel; /* process selecting read/write */ 388 short sb_timeo; /* timeout (not used yet) */ 389 short sb_flags; /* flags, see below */ 390 } so_rcv, so_snd; 391 /* 392 * Hooks for alternative wakeup strategies. 393 * These are used by kernel subsystems wishing to access the socket 394 * abstraction. If so_wupfunc is nonnull, it is called in place of 395 * wakeup any time that wakeup would otherwise be called with an 396 * argument whose value is an address lying within a socket structure. 397 */ 398 struct wupalt *so_wupalt; 399 }; 400 extern token_t *au_to_arg32(char, char *, uint32_t); 401 extern token_t *au_to_arg64(char, char *, uint64_t); 402 extern token_t *au_to_acl(struct acl *); 403 extern token_t *au_to_attr(struct vattr *); 404 extern token_t *au_to_cmd(uint_t, char **, char **); 405 extern token_t *au_to_data(char, char, char, char *); 406 extern token_t *au_to_exec_args(char **); 407 extern token_t *au_to_exec_env(char **); 408 extern token_t *au_to_exit(int, int); 409 extern token_t *au_to_fmri(char *); 410 extern token_t *au_to_groups(int *); 411 extern token_t *au_to_newgroups(int, gid_t *); 412 extern token_t *au_to_header(au_event_t, au_emod_t); 413 extern token_t *au_to_header_ex(au_event_t, au_emod_t); 414 extern token_t *au_to_in_addr(struct in_addr *); 415 extern token_t *au_to_in_addr_ex(struct in6_addr *); 416 extern token_t *au_to_ipc(char, int); 417 extern token_t *au_to_ipc_perm(struct ipc_perm *); 418 extern token_t *au_to_iport(ushort_t); 419 extern token_t *au_to_me(void); 420 extern token_t *au_to_mylabel(void); 421 extern token_t *au_to_opaque(char *, short); 422 extern token_t *au_to_path(char *); 423 extern token_t *au_to_privset(const char *, const priv_set_t *); 424 extern token_t *au_to_process(au_id_t, uid_t, gid_t, uid_t, gid_t, 425 pid_t, au_asid_t, au_tid_t *); 426 extern token_t *au_to_process_ex(au_id_t, uid_t, gid_t, uid_t, gid_t, 427 pid_t, au_asid_t, au_tid_addr_t *); 428 extern token_t *au_to_return32(char, uint32_t); 429 extern token_t *au_to_return64(char, uint64_t); 430 extern token_t *au_to_seq(int); 431 extern token_t *au_to_label(m_label_t *); 432 extern token_t *au_to_socket(struct oldsocket *); 433 extern token_t *au_to_subject(au_id_t, uid_t, gid_t, uid_t, gid_t, 434 pid_t, au_asid_t, au_tid_t *); 435 extern token_t *au_to_subject_ex(au_id_t, uid_t, gid_t, uid_t, gid_t, 436 pid_t, au_asid_t, au_tid_addr_t *); 437 extern token_t *au_to_text(char *); 438 extern token_t *au_to_tid(au_generic_tid_t *); 439 extern token_t *au_to_trailer(void); 440 extern token_t *au_to_uauth(char *); 441 extern token_t *au_to_upriv(char, char *); 442 extern token_t *au_to_user(uid_t, char *); 443 extern token_t *au_to_xatom(char *); 444 extern token_t *au_to_xselect(char *, char *, char *); 445 extern token_t *au_to_xcolormap(int32_t, uid_t); 446 extern token_t *au_to_xcursor(int32_t, uid_t); 447 extern token_t *au_to_xfont(int32_t, uid_t); 448 extern token_t *au_to_xgc(int32_t, uid_t); 449 extern token_t *au_to_xpixmap(int32_t, uid_t); 450 extern token_t *au_to_xwindow(int32_t, uid_t); 451 extern token_t *au_to_xproperty(int32_t, uid_t, char *); 452 extern token_t *au_to_xclient(uint32_t); 453 extern token_t *au_to_zonename(char *); 454 #endif /* _KERNEL */ 455 456 #ifdef _KERNEL 457 458 void adr_char(adr_t *, char *, int); 459 void adr_int32(adr_t *, int32_t *, int); 460 void adr_uint32(adr_t *, uint32_t *, int); 461 void adr_int64(adr_t *, int64_t *, int); 462 void adr_uint64(adr_t *, uint64_t *, int); 463 void adr_short(adr_t *, short *, int); 464 void adr_ushort(adr_t *, ushort_t *, int); 465 void adr_start(adr_t *, char *); 466 467 char *adr_getchar(adr_t *, char *); 468 char *adr_getshort(adr_t *, short *); 469 char *adr_getushort(adr_t *, ushort_t *); 470 char *adr_getint32(adr_t *, int32_t *); 471 char *adr_getuint32(adr_t *, uint32_t *); 472 char *adr_getint64(adr_t *, int64_t *); 473 char *adr_getuint64(adr_t *, uint64_t *); 474 475 int adr_count(adr_t *); 476 477 #endif /* _KERNEL */ 478 479 #ifdef __cplusplus 480 } 481 #endif 482 483 #endif /* _BSM_AUDIT_RECORD_H */ 484