bin/auditdistd/auditdistd.h

/*-
 * Copyright (c) 2012 The FreeBSD Foundation
 * All rights reserved.
 *
 * This software was developed by Pawel Jakub Dawidek under sponsorship from
 * the FreeBSD Foundation.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/auditdistd.h#2 $
 */

#ifndef	_AUDITDISTD_H_
#define	_AUDITDISTD_H_

#include <sys/param.h>
#include <sys/queue.h>
#include <sys/socket.h>

#include <arpa/inet.h>

#include <netinet/in.h>

#include <dirent.h>
#include <limits.h>
#include <pthread.h>
#include <stdbool.h>
#include <stdint.h>

#include <compat/compat.h>

#include "proto.h"

/*
 * Version history:
 * 0 - initial version
 */
#define	ADIST_VERSION	0

#define	ADIST_ROLE_UNDEF	0
#define	ADIST_ROLE_SENDER	1
#define	ADIST_ROLE_RECEIVER	2

#define	ADIST_USER			"auditdistd"
#define	ADIST_TIMEOUT			20
#define	ADIST_CONFIG			"/etc/security/auditdistd.conf"
#define	ADIST_TCP_PORT			"7878"
#define	ADIST_LISTEN_TLS_TCP4		"tls://0.0.0.0:" ADIST_TCP_PORT
#define	ADIST_LISTEN_TLS_TCP6		"tls://[::]:" ADIST_TCP_PORT
#define	ADIST_PIDFILE			"/var/run/auditdistd.pid"
#define	ADIST_DIRECTORY_SENDER		"/var/audit/dist"
#define	ADIST_DIRECTORY_RECEIVER	"/var/audit/remote"
#define	ADIST_CERTFILE			"/etc/security/auditdistd.cert.pem"
#define	ADIST_KEYFILE			"/etc/security/auditdistd.key.pem"

#define	ADIST_ERROR_WRONG_ORDER		1
#define	ADIST_ERROR_INVALID_NAME	2
#define	ADIST_ERROR_OPEN_OLD		3
#define	ADIST_ERROR_CREATE		4
#define	ADIST_ERROR_OPEN		5
#define	ADIST_ERROR_READ		6
#define	ADIST_ERROR_WRITE		7
#define	ADIST_ERROR_RENAME		8

#define	ADIST_ADDRSIZE		1024
#define	ADIST_HOSTSIZE		256
#define	ADIST_PATHSIZE		256
#define	ADIST_PASSWORDSIZE	128
#define	ADIST_FINGERPRINTSIZE	256

/* Number of seconds to sleep between reconnect retries or keepalive packets. */
#define	ADIST_KEEPALIVE	10

struct adist_listen {
	/* Address to listen on. */
	char	 adl_addr[ADIST_ADDRSIZE];
	/* Protocol-specific data. */
	struct proto_conn *adl_conn;
	TAILQ_ENTRY(adist_listen) adl_next;
};

struct adist_config {
	/* Our name. */
	char	adc_name[ADIST_HOSTSIZE];
	/* PID file path. */
	char	adc_pidfile[PATH_MAX];
	/* Connection timeout. */
	int	adc_timeout;
	/* Path to receiver's certificate file. */
	char	adc_certfile[PATH_MAX];
	/* Path to receiver's private key file. */
	char	adc_keyfile[PATH_MAX];
	/* List of addresses to listen on. */
	TAILQ_HEAD(, adist_listen) adc_listen;
	/* List of hosts. */
	TAILQ_HEAD(, adist_host) adc_hosts;
};

#define	ADIST_COMPRESSION_NONE	0
#define	ADIST_COMPRESSION_LZF	1

#define	ADIST_CHECKSUM_NONE	0
#define	ADIST_CHECKSUM_CRC32	1
#define	ADIST_CHECKSUM_SHA256	2

/*
 * Structure that describes single host (either sender or receiver).
 */
struct adist_host {
	/* Host name. */
	char	adh_name[ADIST_HOSTSIZE];
	/* Host role: ADIST_ROLE_{SENDER,RECEIVER}. */
	int	adh_role;
	/* Protocol version negotiated. */
	int	adh_version;

	/* Local address to bind to. */
	char	adh_localaddr[ADIST_ADDRSIZE];
	/* Address of the remote component. */
	char	adh_remoteaddr[ADIST_ADDRSIZE];
	/* Connection with remote host. */
	struct proto_conn *adh_remote;
	/* Connection was reestablished, reset the state. */
	bool	adh_reset;

	/*
	 * Directory from which audit trail files should be send in
	 * ADIST_ROLE_SENDER case or stored into in ADIST_ROLE_RECEIVER case.
	 */
	char	adh_directory[PATH_MAX];
	/* Compression algorithm. Currently unused. */
	int	adh_compression;
	/* Checksum algorithm. Currently unused. */
	int	adh_checksum;

	/* Sender's password. */
	char	adh_password[ADIST_PASSWORDSIZE];
	/* Fingerprint of receiver's public key. */
	char	adh_fingerprint[ADIST_FINGERPRINTSIZE];

	/* PID of child worker process. 0 - no child. */
	pid_t	adh_worker_pid;
	/* Connection requests from sender to main. */
	struct proto_conn *adh_conn;

	/* Receiver-specific fields. */
	char	 adh_trail_name[ADIST_PATHSIZE];
	int	 adh_trail_fd;
	int	 adh_trail_dirfd;
	DIR	*adh_trail_dirfp;
	/* Sender-specific fields. */
	uint64_t adh_trail_offset;

	/* Next resource. */
	TAILQ_ENTRY(adist_host) adh_next;
};

#define	ADIST_BYTEORDER_UNDEFINED	0
#define	ADIST_BYTEORDER_LITTLE_ENDIAN	1
#define	ADIST_BYTEORDER_BIG_ENDIAN	2

#if _BYTE_ORDER == _LITTLE_ENDIAN
#define	ADIST_BYTEORDER	ADIST_BYTEORDER_LITTLE_ENDIAN
#elif _BYTE_ORDER == _BIG_ENDIAN
#define	ADIST_BYTEORDER	ADIST_BYTEORDER_BIG_ENDIAN
#else
#error Unknown byte order.
#endif

struct adpkt {
	uint8_t		adp_byteorder;
#define	ADIST_CMD_UNDEFINED	0
#define	ADIST_CMD_OPEN		1
#define	ADIST_CMD_APPEND	2
#define	ADIST_CMD_CLOSE		3
#define	ADIST_CMD_KEEPALIVE	4
#define	ADIST_CMD_ERROR		5
	uint8_t		adp_cmd;
	uint64_t	adp_seq;
	uint32_t	adp_datasize;
	unsigned char	adp_data[0];
} __packed;

struct adreq {
	int			adr_error;
	TAILQ_ENTRY(adreq)	adr_next;
	struct adpkt		adr_packet;
};

#define	adr_byteorder	adr_packet.adp_byteorder
#define	adr_cmd		adr_packet.adp_cmd
#define	adr_seq		adr_packet.adp_seq
#define	adr_datasize	adr_packet.adp_datasize
#define	adr_data	adr_packet.adp_data

#define	ADPKT_SIZE(adreq)	(sizeof((adreq)->adr_packet) + (adreq)->adr_datasize)

struct adrep {
	uint8_t		adrp_byteorder;
	uint64_t	adrp_seq;
	uint16_t	adrp_error;
} __packed;

#define	ADIST_QUEUE_SIZE	16
#define	ADIST_BUF_SIZE		65536

#define	QUEUE_TAKE(adreq, list, timeout)	do {			\
	mtx_lock(list##_lock);						\
	if ((timeout) == 0) {						\
		while (((adreq) = TAILQ_FIRST(list)) == NULL)		\
			cv_wait(list##_cond, list##_lock);		\
	} else {							\
		(adreq) = TAILQ_FIRST(list);				\
		if ((adreq) == NULL) {					\
			cv_timedwait(list##_cond, list##_lock,		\
			    (timeout));					\
			(adreq) = TAILQ_FIRST(list);			\
		}							\
	}								\
	if ((adreq) != NULL)						\
		TAILQ_REMOVE((list), (adreq), adr_next);		\
	mtx_unlock(list##_lock);					\
} while (0)
#define	QUEUE_INSERT(adreq, list)	do {				\
	bool _wakeup;							\
									\
	mtx_lock(list##_lock);						\
	_wakeup = TAILQ_EMPTY(list);					\
	TAILQ_INSERT_TAIL((list), (adreq), adr_next);			\
	mtx_unlock(list##_lock);					\
	if (_wakeup)							\
		cv_signal(list##_cond);					\
} while (0)
#define	QUEUE_WAIT(list)	do {					\
	mtx_lock(list##_lock);						\
	while (TAILQ_EMPTY(list))					\
		cv_wait(list##_cond, list##_lock);			\
	mtx_unlock(list##_lock);					\
} while (0)

extern const char *cfgpath;
extern bool sigexit_received;
extern struct pidfh *pfh;

void descriptors_cleanup(struct adist_host *adhost);
void descriptors_assert(const struct adist_host *adhost, int pjdlogmode);

void adist_sender(struct adist_config *config, struct adist_host *adhost);
void adist_receiver(struct adist_config *config, struct adist_host *adhost);

struct adist_config *yy_config_parse(const char *config, bool exitonerror);
void yy_config_free(struct adist_config *config);

void yyerror(const char *);
int yylex(void);

#endif	/* !_AUDITDISTD_H_ */