1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 #ifndef _BSM_LIBBSM_H 26 #define _BSM_LIBBSM_H 27 28 29 #include <ctype.h> 30 #include <secdb.h> 31 #include <stdio.h> 32 #include <errno.h> 33 #include <sys/types.h> 34 #include <bsm/audit.h> 35 #include <bsm/audit_record.h> 36 37 #ifdef __cplusplus 38 extern "C" { 39 #endif 40 41 #ifndef TEXT_DOMAIN 42 #define TEXT_DOMAIN "SUNW_OST_OSLIB" 43 #endif 44 45 extern const char *bsm_dom; 46 47 /* 48 * For audit_event(5) 49 */ 50 struct au_event_ent { 51 au_event_t ae_number; 52 char *ae_name; 53 char *ae_desc; 54 au_class_t ae_class; 55 }; 56 typedef struct au_event_ent au_event_ent_t; 57 58 /* 59 * For audit_class(5) 60 */ 61 struct au_class_ent { 62 char *ac_name; 63 au_class_t ac_class; 64 char *ac_desc; 65 }; 66 typedef struct au_class_ent au_class_ent_t; 67 68 /* 69 * For audit_user(5) 70 */ 71 struct au_user_ent { 72 char *au_name; 73 au_mask_t au_always; 74 au_mask_t au_never; 75 }; 76 typedef struct au_user_ent au_user_ent_t; 77 78 /* 79 * Internal representation of audit user in libnsl 80 */ 81 typedef struct au_user_str_s { 82 char *au_name; 83 char *au_always; 84 char *au_never; 85 } au_user_str_t; 86 87 /* 88 * adrf's version of adr_t 89 */ 90 typedef struct adrf_s { 91 adr_t *adrf_adr; 92 FILE *adrf_fp; 93 } adrf_t; 94 95 /* 96 * Functions that manipulate bytes from an audit file 97 */ 98 99 extern void adr_char(adr_t *, char *, int); 100 extern int adr_count(adr_t *); 101 extern void adr_int32(adr_t *, int32_t *, int); 102 extern void adr_uid(adr_t *, uid_t *, int); 103 extern void adr_int64(adr_t *, int64_t *, int); 104 extern void adr_short(adr_t *, short *, int); 105 extern void adr_ushort(adr_t *, ushort_t *, int); 106 extern void adr_start(adr_t *, char *); 107 108 extern int adrf_char(adrf_t *, char *, int); 109 extern int adrf_int32(adrf_t *, int32_t *, int); 110 extern int adrf_int64(adrf_t *, int64_t *, int); 111 extern int adrf_short(adrf_t *, short *, int); 112 extern void adrf_start(adrf_t *, adr_t *, FILE *); 113 extern int adrf_u_char(adrf_t *, uchar_t *, int); 114 extern int adrf_u_int32(adrf_t *, uint32_t *, int); 115 extern int adrf_u_int64(adrf_t *, uint64_t *, int); 116 extern int adrf_u_short(adrf_t *, ushort_t *, int); 117 118 /* 119 * Functions that manipulate bytes from an audit character stream. 120 */ 121 122 extern void adrm_start(adr_t *, char *); 123 extern void adrm_char(adr_t *, char *, int); 124 extern void adrm_short(adr_t *, short *, int); 125 extern void adrm_int64(adr_t *, int64_t *, int); 126 extern void adrm_int32(adr_t *, int32_t *, int); 127 extern void adrm_uid(adr_t *, uid_t *, int); 128 extern void adrm_u_int32(adr_t *, uint32_t *, int); 129 extern void adrm_u_char(adr_t *, uchar_t *, int); 130 extern void adrm_u_int64(adr_t *, uint64_t *, int); 131 extern void adrm_u_short(adr_t *, ushort_t *, int); 132 extern void adrm_putint32(adr_t *, int32_t *, int); 133 134 /* 135 * Functions that do I/O for audit files 136 */ 137 138 extern int au_close(int, int, au_event_t); 139 extern int au_open(void); 140 extern int au_write(int, token_t *); 141 142 /* 143 * Functions than manipulate audit events 144 */ 145 146 extern void setauevent(void); 147 extern void endauevent(void); 148 149 extern au_event_ent_t *getauevent(void); 150 extern au_event_ent_t *getauevent_r(au_event_ent_t *); 151 extern au_event_ent_t *getauevnam(char *); 152 extern au_event_ent_t *getauevnam_r(au_event_ent_t *, char *); 153 extern au_event_ent_t *getauevnum(au_event_t); 154 extern au_event_ent_t *getauevnum_r(au_event_ent_t *, au_event_t); 155 extern au_event_t getauevnonam(char *); 156 extern int au_preselect(au_event_t, au_mask_t *, int, int); 157 extern int cacheauevent(au_event_ent_t **, au_event_t); 158 159 /* 160 * Functions that manipulate audit classes 161 */ 162 163 extern void setauclass(void); 164 extern void endauclass(void); 165 166 extern int cacheauclass(au_class_ent_t **, au_class_t); 167 extern int cacheauclassnam(au_class_ent_t **, char *); 168 extern au_class_ent_t *getauclassent(void); 169 extern au_class_ent_t *getauclassent_r(au_class_ent_t *); 170 extern au_class_ent_t *getauclassnam(char *); 171 extern au_class_ent_t *getauclassnam_r(au_class_ent_t *, char *); 172 173 /* 174 * Functions that manipulate audit masks 175 */ 176 177 extern int au_user_mask(char *, au_mask_t *); 178 extern int getauditflagsbin(char *, au_mask_t *); 179 extern int getauditflagschar(char *, au_mask_t *, int); 180 extern int getfauditflags(au_mask_t *, au_mask_t *, au_mask_t *); 181 extern boolean_t __chkflags(char *, au_mask_t *, boolean_t, char **); 182 183 /* 184 * Functions that do system calls 185 */ 186 187 extern int audit(char *, int); 188 extern int auditon(int, caddr_t, int); 189 extern int auditdoor(int); 190 extern int getaudit(auditinfo_t *); 191 extern int getaudit_addr(auditinfo_addr_t *, int); 192 extern int getauid(au_id_t *); 193 extern int setaudit(auditinfo_t *); 194 extern int setaudit_addr(auditinfo_addr_t *, int); 195 extern int setauid(au_id_t *); 196 197 /* 198 * Defines for au_preselect(3) 199 */ 200 #define AU_PRS_SUCCESS 1 201 #define AU_PRS_FAILURE 2 202 #define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) 203 204 #define AU_PRS_USECACHE 0 205 #define AU_PRS_REREAD 1 206 207 /* 208 * Defines for cacheauclass and cacheauevent 209 */ 210 #define AU_CACHE_FREE 0x0000 211 #define AU_CACHE_NAME 0x0001 212 #define AU_CACHE_NUMBER 0x0002 213 214 /* Flags for user-level audit routines: au_open, au_close, au_to_ */ 215 #define AU_TO_NO_WRITE 0 216 #define AU_TO_WRITE 1 217 218 /* system audit files for auditd */ 219 #define AUDITCLASSFILE "/etc/security/audit_class" 220 #define AUDITEVENTFILE "/etc/security/audit_event" 221 #define AUDITUSERFILE "/etc/security/audit_user" 222 223 /* array sizes for audit library structures */ 224 #define AU_CLASS_NAME_MAX 8 225 #define AU_CLASS_DESC_MAX 72 226 #define AU_EVENT_NAME_MAX 30 227 #define AU_EVENT_DESC_MAX 50 228 #define AU_EVENT_LINE_MAX 256 229 230 /* 231 * Some macros used internally by the nsswitch code 232 */ 233 #define AUDITUSER_FILENAME "/etc/security/audit_user" 234 #define AUDITUSER_DB_NAME "audit_user.org_dir" 235 #define AUDITUSER_DB_NCOL 3 /* total columns */ 236 #define AUDITUSER_DB_NKEYCOL 1 /* total searchable columns */ 237 #define AUDITUSER_DB_TBLT "audit_user_tbl" 238 #define AUDITUSER_SUCCESS 0 239 #define AUDITUSER_PARSE_ERANGE 1 240 #define AUDITUSER_NOT_FOUND 2 241 242 #define AUDITUSER_COL0_KW "name" 243 #define AUDITUSER_COL1_KW "always" 244 #define AUDITUSER_COL2_KW "never" 245 246 /* 247 * indices of searchable columns 248 */ 249 #define AUDITUSER_KEYCOL0 0 /* name */ 250 251 252 #ifdef __cplusplus 253 } 254 #endif 255 256 #endif /* _BSM_LIBBSM_H */ 257