xref: /freebsd/contrib/openbsm/bin/auditdistd/auditdistd.h (revision 7d99ab9fd0cc2c1ce2ecef0ed6d0672c2a50b0cb)
1 /*-
2  * Copyright (c) 2012 The FreeBSD Foundation
3  * All rights reserved.
4  *
5  * This software was developed by Pawel Jakub Dawidek under sponsorship from
6  * the FreeBSD Foundation.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/auditdistd.h#2 $
30  */
31 
32 #ifndef	_AUDITDISTD_H_
33 #define	_AUDITDISTD_H_
34 
35 #include <sys/param.h>
36 #include <sys/queue.h>
37 #include <sys/socket.h>
38 
39 #include <arpa/inet.h>
40 
41 #include <netinet/in.h>
42 
43 #include <dirent.h>
44 #include <limits.h>
45 #include <pthread.h>
46 #include <stdbool.h>
47 #include <stdint.h>
48 
49 #include <compat/compat.h>
50 
51 #include "proto.h"
52 
53 /*
54  * Version history:
55  * 0 - initial version
56  */
57 #define	ADIST_VERSION	0
58 
59 #define	ADIST_ROLE_UNDEF	0
60 #define	ADIST_ROLE_SENDER	1
61 #define	ADIST_ROLE_RECEIVER	2
62 
63 #define	ADIST_USER			"auditdistd"
64 #define	ADIST_TIMEOUT			20
65 #define	ADIST_CONFIG			"/etc/security/auditdistd.conf"
66 #define	ADIST_TCP_PORT			"7878"
67 #define	ADIST_LISTEN_TLS_TCP4		"tls://0.0.0.0:" ADIST_TCP_PORT
68 #define	ADIST_LISTEN_TLS_TCP6		"tls://[::]:" ADIST_TCP_PORT
69 #define	ADIST_PIDFILE			"/var/run/auditdistd.pid"
70 #define	ADIST_DIRECTORY_SENDER		"/var/audit/dist"
71 #define	ADIST_DIRECTORY_RECEIVER	"/var/audit/remote"
72 #define	ADIST_CERTFILE			"/etc/security/auditdistd.cert.pem"
73 #define	ADIST_KEYFILE			"/etc/security/auditdistd.key.pem"
74 
75 #define	ADIST_ERROR_WRONG_ORDER		1
76 #define	ADIST_ERROR_INVALID_NAME	2
77 #define	ADIST_ERROR_OPEN_OLD		3
78 #define	ADIST_ERROR_CREATE		4
79 #define	ADIST_ERROR_OPEN		5
80 #define	ADIST_ERROR_READ		6
81 #define	ADIST_ERROR_WRITE		7
82 #define	ADIST_ERROR_RENAME		8
83 
84 #define	ADIST_ADDRSIZE		1024
85 #define	ADIST_HOSTSIZE		256
86 #define	ADIST_PATHSIZE		256
87 #define	ADIST_PASSWORDSIZE	128
88 #define	ADIST_FINGERPRINTSIZE	256
89 
90 /* Number of seconds to sleep between reconnect retries or keepalive packets. */
91 #define	ADIST_KEEPALIVE	10
92 
93 struct adist_listen {
94 	/* Address to listen on. */
95 	char	 adl_addr[ADIST_ADDRSIZE];
96 	/* Protocol-specific data. */
97 	struct proto_conn *adl_conn;
98 	TAILQ_ENTRY(adist_listen) adl_next;
99 };
100 
101 struct adist_config {
102 	/* Our name. */
103 	char	adc_name[ADIST_HOSTSIZE];
104 	/* PID file path. */
105 	char	adc_pidfile[PATH_MAX];
106 	/* Connection timeout. */
107 	int	adc_timeout;
108 	/* Path to receiver's certificate file. */
109 	char	adc_certfile[PATH_MAX];
110 	/* Path to receiver's private key file. */
111 	char	adc_keyfile[PATH_MAX];
112 	/* List of addresses to listen on. */
113 	TAILQ_HEAD(, adist_listen) adc_listen;
114 	/* List of hosts. */
115 	TAILQ_HEAD(, adist_host) adc_hosts;
116 };
117 
118 #define	ADIST_COMPRESSION_NONE	0
119 #define	ADIST_COMPRESSION_LZF	1
120 
121 #define	ADIST_CHECKSUM_NONE	0
122 #define	ADIST_CHECKSUM_CRC32	1
123 #define	ADIST_CHECKSUM_SHA256	2
124 
125 /*
126  * Structure that describes single host (either sender or receiver).
127  */
128 struct adist_host {
129 	/* Host name. */
130 	char	adh_name[ADIST_HOSTSIZE];
131 	/* Host role: ADIST_ROLE_{SENDER,RECEIVER}. */
132 	int	adh_role;
133 	/* Protocol version negotiated. */
134 	int	adh_version;
135 
136 	/* Local address to bind to. */
137 	char	adh_localaddr[ADIST_ADDRSIZE];
138 	/* Address of the remote component. */
139 	char	adh_remoteaddr[ADIST_ADDRSIZE];
140 	/* Connection with remote host. */
141 	struct proto_conn *adh_remote;
142 	/* Connection was reestablished, reset the state. */
143 	bool	adh_reset;
144 
145 	/*
146 	 * Directory from which audit trail files should be send in
147 	 * ADIST_ROLE_SENDER case or stored into in ADIST_ROLE_RECEIVER case.
148 	 */
149 	char	adh_directory[PATH_MAX];
150 	/* Compression algorithm. Currently unused. */
151 	int	adh_compression;
152 	/* Checksum algorithm. Currently unused. */
153 	int	adh_checksum;
154 
155 	/* Sender's password. */
156 	char	adh_password[ADIST_PASSWORDSIZE];
157 	/* Fingerprint of receiver's public key. */
158 	char	adh_fingerprint[ADIST_FINGERPRINTSIZE];
159 
160 	/* PID of child worker process. 0 - no child. */
161 	pid_t	adh_worker_pid;
162 	/* Connection requests from sender to main. */
163 	struct proto_conn *adh_conn;
164 
165 	/* Receiver-specific fields. */
166 	char	 adh_trail_name[ADIST_PATHSIZE];
167 	int	 adh_trail_fd;
168 	int	 adh_trail_dirfd;
169 	DIR	*adh_trail_dirfp;
170 	/* Sender-specific fields. */
171 	uint64_t adh_trail_offset;
172 
173 	/* Next resource. */
174 	TAILQ_ENTRY(adist_host) adh_next;
175 };
176 
177 #define	ADIST_BYTEORDER_UNDEFINED	0
178 #define	ADIST_BYTEORDER_LITTLE_ENDIAN	1
179 #define	ADIST_BYTEORDER_BIG_ENDIAN	2
180 
181 #if _BYTE_ORDER == _LITTLE_ENDIAN
182 #define	ADIST_BYTEORDER	ADIST_BYTEORDER_LITTLE_ENDIAN
183 #elif _BYTE_ORDER == _BIG_ENDIAN
184 #define	ADIST_BYTEORDER	ADIST_BYTEORDER_BIG_ENDIAN
185 #else
186 #error Unknown byte order.
187 #endif
188 
189 struct adpkt {
190 	uint8_t		adp_byteorder;
191 #define	ADIST_CMD_UNDEFINED	0
192 #define	ADIST_CMD_OPEN		1
193 #define	ADIST_CMD_APPEND	2
194 #define	ADIST_CMD_CLOSE		3
195 #define	ADIST_CMD_KEEPALIVE	4
196 #define	ADIST_CMD_ERROR		5
197 	uint8_t		adp_cmd;
198 	uint64_t	adp_seq;
199 	uint32_t	adp_datasize;
200 	unsigned char	adp_data[0];
201 } __packed;
202 
203 struct adreq {
204 	int			adr_error;
205 	TAILQ_ENTRY(adreq)	adr_next;
206 	struct adpkt		adr_packet;
207 };
208 
209 #define	adr_byteorder	adr_packet.adp_byteorder
210 #define	adr_cmd		adr_packet.adp_cmd
211 #define	adr_seq		adr_packet.adp_seq
212 #define	adr_datasize	adr_packet.adp_datasize
213 #define	adr_data	adr_packet.adp_data
214 
215 #define	ADPKT_SIZE(adreq)	(sizeof((adreq)->adr_packet) + (adreq)->adr_datasize)
216 
217 struct adrep {
218 	uint8_t		adrp_byteorder;
219 	uint64_t	adrp_seq;
220 	uint16_t	adrp_error;
221 } __packed;
222 
223 #define	ADIST_QUEUE_SIZE	16
224 #define	ADIST_BUF_SIZE		65536
225 
226 #define	QUEUE_TAKE(adreq, list, timeout)	do {			\
227 	mtx_lock(list##_lock);						\
228 	if ((timeout) == 0) {						\
229 		while (((adreq) = TAILQ_FIRST(list)) == NULL)		\
230 			cv_wait(list##_cond, list##_lock);		\
231 	} else {							\
232 		(adreq) = TAILQ_FIRST(list);				\
233 		if ((adreq) == NULL) {					\
234 			cv_timedwait(list##_cond, list##_lock,		\
235 			    (timeout));					\
236 			(adreq) = TAILQ_FIRST(list);			\
237 		}							\
238 	}								\
239 	if ((adreq) != NULL)						\
240 		TAILQ_REMOVE((list), (adreq), adr_next);		\
241 	mtx_unlock(list##_lock);					\
242 } while (0)
243 #define	QUEUE_INSERT(adreq, list)	do {				\
244 	bool _wakeup;							\
245 									\
246 	mtx_lock(list##_lock);						\
247 	_wakeup = TAILQ_EMPTY(list);					\
248 	TAILQ_INSERT_TAIL((list), (adreq), adr_next);			\
249 	mtx_unlock(list##_lock);					\
250 	if (_wakeup)							\
251 		cv_signal(list##_cond);					\
252 } while (0)
253 #define	QUEUE_WAIT(list)	do {					\
254 	mtx_lock(list##_lock);						\
255 	while (TAILQ_EMPTY(list))					\
256 		cv_wait(list##_cond, list##_lock);			\
257 	mtx_unlock(list##_lock);					\
258 } while (0)
259 
260 extern const char *cfgpath;
261 extern bool sigexit_received;
262 extern struct pidfh *pfh;
263 
264 void descriptors_cleanup(struct adist_host *adhost);
265 void descriptors_assert(const struct adist_host *adhost, int pjdlogmode);
266 
267 void adist_sender(struct adist_config *config, struct adist_host *adhost);
268 void adist_receiver(struct adist_config *config, struct adist_host *adhost);
269 
270 struct adist_config *yy_config_parse(const char *config, bool exitonerror);
271 void yy_config_free(struct adist_config *config);
272 
273 void yyerror(const char *);
274 int yylex(void);
275 
276 #endif	/* !_AUDITDISTD_H_ */
277