1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * adt_xlate.h 23 * 24 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 25 * Use is subject to license terms. 26 * 27 */ 28 29 #ifndef _BSM_XLATE_H 30 #define _BSM_XLATE_H 31 32 #pragma ident "%Z%%M% %I% %E% SMI" 33 34 #include <bsm/libbsm.h> 35 #include <priv.h> 36 #include <bsm/adt_event.h> 37 38 #ifdef __cplusplus 39 extern "C" { 40 #endif 41 42 #ifndef TEXT_DOMAIN 43 #define TEXT_DOMAIN "SYS_TEST" 44 #endif 45 46 /* 47 * values for adt_session_model 48 * In the session model, the session and process are unrelated, so 49 * such things as the supplementary group token make no sense. In 50 * the process model, the process and session are the same. 51 */ 52 #define ADT_SESSION_MODEL 1 53 #define ADT_PROCESS_MODEL 0 54 55 #define ADT_HAVE_MASK 0x01 56 #define ADT_HAVE_TID 0x02 57 #define ADT_HAVE_AUID 0x04 58 #define ADT_HAVE_ASID 0x08 59 #define ADT_HAVE_IDS 0x10 60 #define ADT_HAVE_ALL (uint32_t)\ 61 (ADT_HAVE_MASK | ADT_HAVE_TID | ADT_HAVE_AUID | ADT_HAVE_ASID |\ 62 ADT_HAVE_IDS) 63 64 /* 65 * dummy token types for privilege 66 */ 67 #define ADT_AUT_PRIV_L -100 /* limit set */ 68 #define ADT_AUT_PRIV_I -101 /* inherited set */ 69 #define ADT_AUT_PRIV_E -102 /* effective set */ 70 /* dummy token type for alternate command */ 71 #define ADT_CMD_ALT -103 72 73 enum adt_generic {ADT_GENERIC}; /* base for text enums */ 74 75 typedef struct adt_internal_state adt_internal_state_t; 76 77 union union_of_events { 78 union adt_event_data d0; 79 }; 80 enum adt_msg_list { 81 ADT_LIST_FAIL_PAM, 82 ADT_LIST_FAIL_VALUE, 83 ADT_LIST_LOGIN_TEXT}; 84 85 enum datatype {ADT_UNDEFINED = 0, 86 ADT_DATE, 87 ADT_MSG, 88 ADT_UINT, 89 ADT_INT, 90 ADT_INT32, 91 ADT_UINT16, 92 ADT_UINT32, 93 ADT_UINT32STAR, 94 ADT_UINT32ARRAY, 95 ADT_UID, 96 ADT_GID, 97 ADT_UIDSTAR, 98 ADT_GIDSTAR, 99 ADT_UINT64, 100 ADT_LONG, 101 ADT_ULONG, 102 ADT_CHAR, 103 ADT_CHARSTAR, 104 ADT_CHAR2STAR, /* char ** */ 105 ADT_PID, 106 ADT_PRIVSTAR, 107 ADT_TERMIDSTAR 108 }; 109 typedef enum datatype datatype_t; 110 111 union convert { 112 enum adt_generic msg_selector; 113 boolean_t tbool; 114 uint_t tuint; 115 int tint; 116 int32_t tint32; 117 uint16_t tuint16; 118 uint32_t tuint32; 119 uint64_t tuint64; 120 int32_t *tint32star; 121 uint32_t *tuint32star; 122 uid_t tuid; 123 gid_t tgid; 124 uid_t *tuidstar; 125 gid_t *tgidstar; 126 pid_t tpid; 127 long tlong; 128 ulong_t tulong; 129 char tchar; 130 char *tcharstar; 131 char **tchar2star; 132 au_tid_addr_t *ttermid; 133 priv_set_t *tprivstar; 134 }; 135 136 struct adt_event_state { 137 union union_of_events ae_event_data; 138 139 /* above is user's area; below is internal. Order matters */ 140 141 uint_t ae_check; /* see adt_internal_state */ 142 int ae_event_handle; 143 au_event_t ae_event_id; /* external id */ 144 au_event_t ae_internal_id; /* translated */ 145 int ae_rc; /* exit token rc */ 146 int ae_type; /* exit error type */ 147 struct adt_internal_state *ae_session; 148 }; 149 150 struct datadefs { 151 datatype_t dd_datatype; /* input data type */ 152 size_t dd_input_size; /* input data size */ 153 }; 154 typedef struct datadefs datadef; 155 156 typedef void (* adt_token_func_t)(datadef *, void *, int, 157 struct adt_event_state *, char *); 158 159 typedef char *(* adt_msg_func_t)(enum adt_generic); 160 161 #define ADT_VALID 0xAAAA5555 162 163 struct adt_internal_state { 164 uint32_t as_check; /* == ADT_VALID when created, */ 165 /* == zero when freed */ 166 uid_t as_euid; 167 uid_t as_ruid; 168 gid_t as_egid; 169 gid_t as_rgid; 170 171 struct auditinfo_addr as_info; 172 /* 173 * ai_auid audit id 174 * ai_mask.am_success pre-selection mask 175 * ai_mask.am_failure 176 * ai_termid .at_port terminal id 177 * .at_type 178 * .ai_termid.at_addr[0] 179 * .ai_termid.at_addr[1] 180 * .ai_termid.at_addr[2] 181 * .ai_termid.at_addr[3] 182 * ai_asid session id 183 */ 184 int as_audit_enabled; /* audit enable/disable state */ 185 /* 186 * data above this line is exported / imported 187 * To maintain upward compatibility, the above structures 188 * can't change, so for version 2, all changes will need 189 * to be added here and the old format (above) maintained. 190 */ 191 192 uint32_t as_have_user_data; 193 194 int as_kernel_audit_policy; 195 int as_session_model; 196 adt_session_flags_t as_flags; 197 }; 198 199 /* 200 * export data format 201 * version number changes when adt_internal_state's export portion 202 * changes. 203 */ 204 #define PROTOCOL_VERSION 1 205 206 /* 207 * most recent version is at the top; down level consumers are 208 * expected to search down via "prev_offsetX" to a version they 209 * understand. "v1" is first, "v0" is used to illustrate correct 210 * order for future use. 211 */ 212 213 struct adt_export_v1 { 214 int32_t ax_euid; 215 int32_t ax_ruid; 216 int32_t ax_egid; 217 int32_t ax_rgid; 218 int32_t ax_auid; 219 uint32_t ax_mask_success; 220 uint32_t ax_mask_failure; 221 uint32_t ax_port; 222 uint32_t ax_type; 223 uint32_t ax_addr[4]; 224 uint32_t ax_asid; 225 int ax_audit_enabled; 226 uint32_t ax_size_of_tsol_data; /* zero for non-TSOL systems */ 227 }; 228 struct export_link { 229 int32_t ax_version; 230 int32_t ax_offset; 231 }; 232 struct export_header { 233 uint32_t ax_check; 234 int32_t ax_buffer_length; 235 struct export_link ax_link; 236 }; 237 238 struct adt_export_data { 239 struct export_header ax_header; 240 241 struct adt_export_v1 ax_v1; 242 /* 243 * end of version 1 data 244 * struct export_link ax_next_A; 245 * data for older version 246 * struct adt_export_v0 ax_v0; 247 */ 248 struct export_link ax_last; /* terminator */ 249 }; 250 251 /* 252 * struct entry defines rows in tables defined in adt_xlate.c 253 */ 254 255 struct entry { 256 char en_token_id; /* token id */ 257 int en_count_types; /* # of input fields for this token */ 258 datadef *en_type_def; /* field type and size of each input */ 259 struct entry *en_next_token; /* linked list pointer */ 260 size_t en_offset; /* offset into structure for input */ 261 int en_required; /* if 1, always output a token */ 262 int en_tsol; /* if 1, output only #ifdef TSOL */ 263 char *en_msg_format; /* pointer to sprintf format string */ 264 }; 265 266 struct translation { 267 int tx_offsetsCalculated; /* eponymous */ 268 au_event_t tx_external_event; /* event id, external view */ 269 au_event_t tx_internal_event; /* event id, internal view */ 270 int tx_entries; /* array size of entry array */ 271 struct entry *tx_first_entry; /* start of linked list */ 272 struct entry *tx_top_entry; /* first array element */ 273 }; 274 275 extern struct translation *xlate_table[]; 276 277 struct token_jmp { 278 long jmp_id; 279 adt_token_func_t jmp_to; 280 }; 281 282 struct msg_text { 283 int ml_min_index; 284 int ml_max_index; 285 char **ml_msg_list; 286 int ml_offset; 287 }; 288 289 extern void adt_write_syslog(const char *, int); 290 extern void adt_token_open(struct adt_event_state *); 291 extern void adt_token_close(struct adt_event_state *); 292 extern void adt_generate_token(struct entry *, void *, 293 struct adt_event_state *); 294 extern void *adt_adjust_address(void *, size_t, size_t); 295 extern void adt_preload(au_event_t, adt_event_data_t *); 296 297 extern struct msg_text adt_msg_text[]; 298 299 #ifdef __cplusplus 300 } 301 #endif 302 303 #endif /* _BSM_XLATE_H */ 304