1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2019 Peter Tribble. 23 */ 24 /* 25 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 26 * Use is subject to license terms. 27 */ 28 29 /* 30 * File name: praudit.h 31 * praudit.c defines, globals 32 */ 33 34 #ifndef _PRAUDIT_H 35 #define _PRAUDIT_H 36 37 #ifdef __cplusplus 38 extern "C" { 39 #endif 40 41 /* DEFINES */ 42 43 /* 44 * output value types 45 */ 46 #define PRA_INT32 0 47 #define PRA_UINT32 1 48 #define PRA_INT64 2 49 #define PRA_UINT64 3 50 #define PRA_SHORT 4 51 #define PRA_USHORT 5 52 #define PRA_CHAR 6 53 #define PRA_UCHAR 7 54 #define PRA_STRING 8 55 #define PRA_HEX32 9 56 #define PRA_HEX64 10 57 #define PRA_SHEX 11 58 #define PRA_OCT 12 59 #define PRA_BYTE 13 60 #define PRA_OUTREC 14 61 #define PRA_LOCT 15 62 63 /* 64 * Formatting flags 65 */ 66 #define PRF_DEFAULTM 0x0000 /* Default mode */ 67 #define PRF_RAWM 0x0001 /* Raw mode */ 68 #define PRF_SHORTM 0x0002 /* Short mode */ 69 #define PRF_XMLM 0x0004 /* XML format */ 70 #define PRF_ONELINE 0x0008 /* one-line output */ 71 #define PRF_NOCACHE 0x0010 /* don't cache event names */ 72 73 /* 74 * source of audit data (data_mode) 75 */ 76 #define FILEMODE 1 77 #define PIPEMODE 2 78 #define BUFMODE 3 79 80 /* 81 * max. number of audit file names entered on command line 82 */ 83 #define MAXFILENAMES 100 84 85 /* 86 * max. size of file name 87 */ 88 #define MAXFILELEN MAXPATHLEN+MAXNAMLEN+1 89 90 /* 91 * used to store value to be output 92 */ 93 typedef union u_tag { 94 int32_t int32_val; 95 uint32_t uint32_val; 96 int64_t int64_val; 97 uint64_t uint64_val; 98 short short_val; 99 ushort_t ushort_val; 100 char char_val; 101 char uchar_val; 102 char *string_val; 103 } u_tag_t; 104 typedef struct u_val { 105 int uvaltype; 106 u_tag_t tag; 107 } uval_t; 108 #define int32_val tag.int32_val 109 #define uint32_val tag.uint32_val 110 #define int64_val tag.int64_val 111 #define uint64_val tag.uint64_val 112 #define short_val tag.short_val 113 #define ushort_val tag.ushort_val 114 #define char_val tag.char_val 115 #define uchar_val tag.uchar_val 116 #define string_val tag.string_val 117 118 119 /* 120 * Strings and things for xml prolog & ending printing. 121 */ 122 #define prolog1 "<?xml version='1.0' encoding='UTF-8' ?>\n" 123 #define prolog2 "\n<!DOCTYPE audit PUBLIC " \ 124 "'-//Sun Microsystems, Inc.//DTD Audit V1//EN' " \ 125 "'file:///usr/share/lib/xml/dtd/adt_record.dtd.1'>\n\n" 126 #define prolog_xsl "<?xml-stylesheet type='text/xsl' " \ 127 "href='file:///usr/share/lib/xml/style/adt_record.xsl.1' ?>\n" 128 129 /* Special main element: */ 130 #define xml_start "<audit>" 131 #define xml_ending "\n</audit>\n" 132 133 #define xml_prolog_len (sizeof (prolog1) + sizeof (prolog2) + \ 134 sizeof (prolog_xsl) + sizeof (xml_start) + 1) 135 #define xml_end_len (sizeof (xml_ending) + 1) 136 137 /* 138 * used to save context for print_audit and related functions. 139 */ 140 141 #define SEP_SIZE 4 142 143 struct pr_context { 144 int format; 145 int data_mode; 146 char SEPARATOR[SEP_SIZE]; /* field separator */ 147 signed char tokenid; /* initial token ID */ 148 adr_t *audit_adr; /* audit record */ 149 adrf_t *audit_adrf; /* audit record, file mode */ 150 int audit_rec_len; 151 char *audit_rec_start; 152 153 char *inbuf_start; 154 char *inbuf_last; /* ptr to byte after latest completed */ 155 /* header or file token in the input */ 156 int inbuf_totalsize; 157 char *outbuf_p; 158 char *outbuf_start; 159 char *outbuf_last; /* ptr to byte after latest completed */ 160 /* header or file token in the output */ 161 int outbuf_remain_len; 162 163 int pending_flag; /* open of extended tag not completed */ 164 int current_rec; /* id of current record */ 165 }; 166 typedef struct pr_context pr_context_t; 167 168 169 extern void loadgroups(FILE *f); 170 extern void loadnames(FILE *f); 171 172 extern void init_tokens(void); 173 174 extern int open_tag(pr_context_t *context, int); 175 extern int finish_open_tag(pr_context_t *context); 176 extern int check_close_rec(pr_context_t *context, int); 177 extern int close_tag(pr_context_t *context, int); 178 extern int process_tag(pr_context_t *context, int, int, int); 179 180 extern int is_file_token(int); 181 extern int is_header_token(int); 182 extern int is_token(int); 183 extern int do_newline(pr_context_t *context, int); 184 185 extern char *bu2string(char basic_unit); 186 extern int convert_char_to_string(char printmode, char c, char *p); 187 extern int convert_int32_to_string(char printmode, int32_t c, char *p); 188 extern int convert_int64_to_string(char printmode, int64_t c, char *p); 189 extern int convert_short_to_string(char printmode, short c, char *p); 190 extern int findfieldwidth(char basicunit, char howtoprint); 191 extern void get_Hname(uint32_t addr, char *buf, size_t buflen); 192 extern void get_Hname_ex(uint32_t *addr, char *buf, size_t buflen); 193 extern char *hexconvert(char *c, int size, int chunk); 194 extern char *htp2string(char print_sugg); 195 extern int pa_print(pr_context_t *context, uval_t *uval, int flag); 196 extern int pa_reclen(pr_context_t *context, int status); 197 extern int pa_file_string(pr_context_t *context, int status, int flag); 198 extern int pa_adr_int32(pr_context_t *context, int status, int flag); 199 extern int pa_adr_int64(pr_context_t *context, int status, int flag); 200 extern int pa_utime32(pr_context_t *context, int status, int flag); 201 extern int pa_ntime32(pr_context_t *context, int status, int flag); 202 extern int pa_utime64(pr_context_t *context, int status, int flag); 203 extern int pa_ntime64(pr_context_t *context, int status, int flag); 204 extern int pa_adr_string(pr_context_t *context, int status, int flag); 205 extern int pa_adr_u_int32(pr_context_t *context, int status, int flag); 206 extern int pa_adr_u_int64(pr_context_t *context, int status, int flag); 207 extern int pa_adr_byte(pr_context_t *context, int status, int flag); 208 extern int pa_event_type(pr_context_t *context, int status, int flag); 209 extern int pa_event_modifier(pr_context_t *context, int status, int flag); 210 extern int pa_adr_int32hex(pr_context_t *context, int status, int flag); 211 extern int pa_adr_int64hex(pr_context_t *context, int status, int flag); 212 extern int pa_pw_uid(pr_context_t *context, int status, int flag); 213 extern int pa_gr_uid(pr_context_t *context, int status, int flag); 214 extern int pa_pw_uid_gr_gid(pr_context_t *context, int status, int flag); 215 extern int pa_ace(pr_context_t *context, int status, int flag); 216 extern int pa_hostname(pr_context_t *context, int status, int flag); 217 extern int pa_hostname_ex(pr_context_t *context, int status, int flag); 218 extern int pa_hostname_so(pr_context_t *context, int status, int flag); 219 extern int pa_adr_u_short(pr_context_t *context, int status, int flag); 220 extern int pa_tid32(pr_context_t *context, int status, int flag); 221 extern int pa_tid64(pr_context_t *context, int status, int flag); 222 extern int pa_tid32_ex(pr_context_t *context, int status, int flag); 223 extern int pa_tid64_ex(pr_context_t *context, int status, int flag); 224 extern int pa_adr_charhex(pr_context_t *context, int status, int flag); 225 extern int pa_adr_short(pr_context_t *context, int status, int flag); 226 extern int pa_adr_shorthex(pr_context_t *context, int status, int flag); 227 extern int pa_mode(pr_context_t *context, int status, int flag); 228 extern int pa_cmd(pr_context_t *context, int status, int flag); 229 extern int pa_string(pr_context_t *context, int status, int flag); 230 extern int pa_liaison(pr_context_t *context, int status, int flag); 231 extern int pa_xgeneric(pr_context_t *context); 232 extern int pa_xid(pr_context_t *context, int status, int flag); 233 extern void pa_error(const uchar_t err, char *buf, size_t buflen); 234 extern void pa_retval(const uchar_t, const int32_t, char *, size_t); 235 extern int pa_ip_addr(pr_context_t *context, int status, int flag); 236 extern int pr_adr_char(pr_context_t *context, char *cp, int count); 237 extern int pr_adr_short(pr_context_t *context, short *sp, int count); 238 extern int pr_adr_int32(pr_context_t *context, int32_t *lp, int count); 239 extern int pr_adr_int64(pr_context_t *context, int64_t *lp, int count); 240 extern int pr_adr_u_int32(pr_context_t *context, uint32_t *cp, int count); 241 extern int pr_adr_u_char(pr_context_t *context, uchar_t *cp, int count); 242 extern int pr_adr_u_int64(pr_context_t *context, uint64_t *lp, int count); 243 extern int pr_adr_u_short(pr_context_t *context, ushort_t *sp, int count); 244 extern int pr_putchar(pr_context_t *context, char); 245 extern int pr_printf(pr_context_t *context, const char *format, ...); 246 extern int pr_input_remaining(pr_context_t *context, size_t size); 247 248 /* 249 * Functions that format audit data 250 */ 251 extern int print_audit(const int, const char *); 252 extern int print_audit_buf(char **, int *, char **, int *, const int, 253 const char *); 254 extern void print_audit_xml_prolog(void); 255 extern void print_audit_xml_ending(void); 256 extern int print_audit_xml_prolog_buf(char *out_buf, 257 const int out_buf_len); 258 extern int print_audit_xml_ending_buf(char *out_buf, 259 const int out_buf_len); 260 261 262 #ifdef __cplusplus 263 } 264 #endif 265 266 #endif /* _PRAUDIT_H */ 267