xref: /titanic_41/usr/src/lib/libbsm/common/adt_xlate.h (revision 7800901e60d340b6af88e94a2149805dcfcaaf56) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * adt_xlate.h
23  *
24  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
25  * Use is subject to license terms.
26  *
27  */
28 
29 #ifndef _BSM_XLATE_H
30 #define	_BSM_XLATE_H
31 
32 #pragma ident	"%Z%%M%	%I%	%E% SMI"
33 
34 #include <bsm/libbsm.h>
35 #include <priv.h>
36 #include <bsm/adt_event.h>
37 #include <tsol/label.h>
38 
39 #ifdef	__cplusplus
40 extern "C" {
41 #endif
42 
43 #ifndef TEXT_DOMAIN
44 #define	TEXT_DOMAIN	"SYS_TEST"
45 #endif
46 
47 /*
48  * values for adt_session_model
49  * In the session model, the session and process are unrelated, so
50  * such things as the supplementary group token make no sense.  In
51  * the process model, the process and session are the same.
52  */
53 #define	ADT_SESSION_MODEL	1
54 #define	ADT_PROCESS_MODEL	0
55 
56 #define	ADT_HAVE_MASK	0x01
57 #define	ADT_HAVE_TID	0x02
58 #define	ADT_HAVE_AUID	0x04
59 #define	ADT_HAVE_ASID	0x08
60 #define	ADT_HAVE_IDS	0x10
61 #define	ADT_HAVE_ALL	(uint32_t)\
62 	(ADT_HAVE_MASK | ADT_HAVE_TID | ADT_HAVE_AUID | ADT_HAVE_ASID |\
63 	ADT_HAVE_IDS)
64 
65 /*
66  * dummy token types for privilege
67  */
68 #define	ADT_AUT_PRIV_L	-100	/* limit set */
69 #define	ADT_AUT_PRIV_I	-101	/* inherited set */
70 #define	ADT_AUT_PRIV_E	-102	/* effective set */
71 /* dummy token type for alternate command */
72 #define	ADT_CMD_ALT	-103
73 
74 enum adt_generic {ADT_GENERIC}; /* base for text enums */
75 
76 typedef struct adt_internal_state	adt_internal_state_t;
77 
78 union union_of_events {
79 	union adt_event_data	d0;
80 };
81 enum adt_msg_list {
82 	ADT_LIST_FAIL_PAM,
83 	ADT_LIST_FAIL_VALUE,
84 	ADT_LIST_LOGIN_TEXT,
85 	ADT_LIST_UADMIN_FCN};
86 
87 enum datatype {ADT_UNDEFINED = 0,
88     ADT_DATE,
89     ADT_MSG,
90     ADT_UINT,
91     ADT_INT,
92     ADT_INT32,
93     ADT_UINT16,
94     ADT_UINT32,
95     ADT_UINT32STAR,
96     ADT_UINT32ARRAY,
97     ADT_UID,
98     ADT_GID,
99     ADT_UIDSTAR,
100     ADT_GIDSTAR,
101     ADT_UINT64,
102     ADT_LONG,
103     ADT_ULONG,
104     ADT_CHAR,
105     ADT_CHARSTAR,
106     ADT_CHAR2STAR,	/* char **			*/
107     ADT_PID,
108     ADT_PRIVSTAR,
109     ADT_TERMIDSTAR,
110     ADT_MLABELSTAR
111 };
112 typedef enum datatype datatype_t;
113 
114 union convert {
115     enum adt_generic	msg_selector;
116     boolean_t		tbool;
117     uint_t		tuint;
118     int			tint;
119     int32_t		tint32;
120     uint16_t		tuint16;
121     uint32_t		tuint32;
122     uint64_t		tuint64;
123     int32_t		*tint32star;
124     uint32_t		*tuint32star;
125     uid_t		tuid;
126     gid_t		tgid;
127     uid_t		*tuidstar;
128     gid_t		*tgidstar;
129     pid_t		tpid;
130     long		tlong;
131     ulong_t		tulong;
132     char		tchar;
133     char		*tcharstar;
134     char		**tchar2star;
135     au_tid_addr_t 	*ttermid;
136     priv_set_t		*tprivstar;
137     m_label_t		*tm_label;
138 };
139 
140 struct adt_event_state {
141 	union union_of_events	ae_event_data;
142 
143 	/* above is user's area; below is internal.  Order matters */
144 
145 	uint_t		ae_check;	/* see adt_internal_state	*/
146 	int		ae_event_handle;
147 	au_event_t	ae_event_id;	/* external id			*/
148 	au_event_t	ae_internal_id; /* translated			*/
149 	int		ae_rc;		/* exit token rc		*/
150 	int		ae_type;	/* exit error type		*/
151 	struct adt_internal_state *ae_session;
152 };
153 
154 struct datadefs {
155 	datatype_t	dd_datatype;	/* input data type */
156 	size_t		dd_input_size;	/* input data size */
157 };
158 typedef struct datadefs datadef;
159 
160 typedef void (* adt_token_func_t)(datadef *, void *, int,
161     struct adt_event_state *, char *);
162 
163 typedef char *(* adt_msg_func_t)(enum adt_generic);
164 
165 #define	ADT_VALID	0xAAAA5555
166 
167 struct adt_internal_state {
168 	uint32_t	as_check;	/* == ADT_VALID when created,	*/
169 					/* == zero when freed		*/
170 	uid_t		as_euid;
171 	uid_t		as_ruid;
172 	gid_t		as_egid;
173 	gid_t		as_rgid;
174 
175 	struct auditinfo_addr as_info;
176 	/*
177 	 * ai_auid				audit id
178 	 * ai_mask.am_success			pre-selection mask
179 	 * ai_mask.am_failure
180 	 * ai_termid	.at_port		terminal id
181 	 *		.at_type
182 	 *		.ai_termid.at_addr[0]
183 	 *		.ai_termid.at_addr[1]
184 	 *		.ai_termid.at_addr[2]
185 	 *		.ai_termid.at_addr[3]
186 	 * ai_asid				session id
187 	 */
188 	int		as_audit_enabled;	/* audit enable/disable state */
189 	/*
190 	 * data above this line is exported / imported
191 	 * To maintain upward compatibility, the above structures
192 	 * can't change, so for version 2, all changes will need
193 	 * to be added here and the old format (above) maintained.
194 	 */
195 
196 	uint32_t		as_have_user_data;
197 
198 	int			as_kernel_audit_policy;
199 	int			as_session_model;
200 	adt_session_flags_t	as_flags;
201 	pid_t			as_pid;
202 	m_label_t		*as_label;	/* if is_system_labeled */
203 };
204 
205 /*
206  * export data format
207  * version number changes when adt_internal_state's export portion
208  * changes.
209  */
210 #define	PROTOCOL_VERSION_1	1
211 #define	PROTOCOL_VERSION_2	2
212 
213 /*
214  * most recent version is at the top; down level consumers are
215  * expected to search down via "prev_offsetX" to a version they
216  * understand.  "v1" is first, "v0" is used to illustrate correct
217  * order for future use.
218  */
219 
220 struct adt_export_v2 {
221 	int32_t		ax_euid;
222 	int32_t		ax_ruid;
223 	int32_t		ax_egid;
224 	int32_t		ax_rgid;
225 	int32_t		ax_auid;
226 	uint32_t	ax_mask_success;
227 	uint32_t	ax_mask_failure;
228 	uint32_t	ax_port;
229 	uint32_t	ax_type;
230 	uint32_t	ax_addr[4];
231 	uint32_t	ax_asid;
232 	int		ax_audit_enabled;
233 	pid_t		ax_pid;
234 	size_t		ax_label_len;	/* 0, unlabeled */
235 /*	char		ax_label[ax_label_len];	if, is_system_labeled */
236 };
237 struct adt_export_v1 {
238 	int32_t		ax_euid;
239 	int32_t		ax_ruid;
240 	int32_t		ax_egid;
241 	int32_t		ax_rgid;
242 	int32_t		ax_auid;
243 	uint32_t	ax_mask_success;
244 	uint32_t	ax_mask_failure;
245 	uint32_t	ax_port;
246 	uint32_t	ax_type;
247 	uint32_t	ax_addr[4];
248 	uint32_t	ax_asid;
249 	int		ax_audit_enabled;
250 	uint32_t	ax_size_of_tsol_data;	/* zero for non-TSOL systems */
251 };
252 struct export_link {
253 	int32_t		ax_version;
254 	int32_t		ax_offset;
255 };
256 struct export_header {
257 	uint32_t		ax_check;
258 	int32_t			ax_buffer_length;
259 	struct export_link	ax_link;
260 };
261 
262 struct adt_export_data {
263 	struct export_header	ax_header;
264 
265 	struct		adt_export_v2 ax_v2;
266 	/*
267 	 * end of version 2 data
268 	 */
269 	struct export_link	ax_next_v1;
270 	struct		adt_export_v1 ax_v1;
271 	/*
272 	 * end of version 1 data
273 	 * struct export_link	ax_next_A;
274 	 * data for older version
275 	 * struct adt_export_v0 ax_v0;
276 	 */
277 	struct export_link	ax_last; /* terminator */
278 };
279 
280 /*
281  * struct entry defines rows in tables defined in adt_xlate.c
282  */
283 
284 struct entry {
285 	char		en_token_id;	/* token id */
286 	int		en_count_types;	/* # of input fields for this token */
287 	datadef		*en_type_def;	/* field type and size of each input */
288 	struct entry	*en_next_token;	/* linked list pointer */
289 	size_t		en_offset;	/* offset into structure for input */
290 	int		en_required;	/* if 1, always output a token */
291 	int		en_tsol;	/* if 1, reserved if for TX */
292 	char		*en_msg_format;	/* pointer to sprintf format string */
293 };
294 
295 struct translation {
296 	int		tx_offsetsCalculated;	/* eponymous */
297 	au_event_t	tx_external_event;	/* event id, external view */
298 	au_event_t	tx_internal_event;	/* event id, internal view */
299 	int		tx_entries;		/* array size of entry array */
300 	struct entry	*tx_first_entry;	/* start of linked list */
301 	struct entry	*tx_top_entry;		/* first array element */
302 };
303 
304 extern struct translation *xlate_table[];
305 
306 struct token_jmp {
307 	long			jmp_id;
308 	adt_token_func_t	jmp_to;
309 };
310 
311 struct msg_text {
312 	int	ml_min_index;
313 	int	ml_max_index;
314 	char	**ml_msg_list;
315 	int	ml_offset;
316 };
317 
318 extern void adt_write_syslog(const char *, int);
319 extern void adt_token_open(struct adt_event_state *);
320 extern void adt_token_close(struct adt_event_state *);
321 extern void adt_generate_token(struct entry *, void *,
322     struct adt_event_state *);
323 extern void *adt_adjust_address(void *, size_t, size_t);
324 extern void adt_preload(au_event_t, adt_event_data_t *);
325 
326 extern struct msg_text adt_msg_text[];
327 
328 #ifdef	__cplusplus
329 }
330 #endif
331 
332 #endif	/* _BSM_XLATE_H */
333