xref: /titanic_41/usr/src/lib/libbsm/common/libbsm.h (revision 54925bf60766fbb4f1f2d7c843721406a7b7a3fb) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _BSM_LIBBSM_H
27 #define	_BSM_LIBBSM_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #include <secdb.h>
32 #include <stdio.h>
33 #include <errno.h>
34 #include <sys/types.h>
35 #include <bsm/audit.h>
36 #include <bsm/audit_record.h>
37 
38 #ifdef	__cplusplus
39 extern "C" {
40 #endif
41 
42 #ifndef TEXT_DOMAIN
43 #define	TEXT_DOMAIN	"SUNW_OST_OSLIB"
44 #endif
45 
46 extern const char *bsm_dom;
47 
48 /*
49  * For audit_event(5)
50  */
51 struct au_event_ent {
52 	au_event_t ae_number;
53 	char	*ae_name;
54 	char	*ae_desc;
55 	au_class_t ae_class;
56 };
57 typedef struct au_event_ent au_event_ent_t;
58 
59 /*
60  * For audit_class(5)
61  */
62 struct au_class_ent {
63 	char	*ac_name;
64 	au_class_t ac_class;
65 	char	*ac_desc;
66 };
67 typedef struct au_class_ent au_class_ent_t;
68 
69 /*
70  * For audit_user(5)
71  */
72 struct au_user_ent {
73 	char	*au_name;
74 	au_mask_t au_always;
75 	au_mask_t au_never;
76 };
77 typedef struct au_user_ent au_user_ent_t;
78 
79 /*
80  * Internal representation of audit user in libnsl
81  */
82 typedef struct au_user_str_s {
83 	char	*au_name;
84 	char	*au_always;
85 	char	*au_never;
86 } au_user_str_t;
87 
88 /*
89  * opaque context value for getacval.c
90  */
91 typedef struct au_acinfo au_acinfo_t;
92 
93 /*
94  * adrf's version of adr_t
95  */
96 typedef struct adrf_s {
97 	adr_t	*adrf_adr;
98 	FILE	*adrf_fp;
99 } adrf_t;
100 
101 /*
102  * Functions that manipulate bytes from an audit file
103  */
104 
105 extern void	adr_char(adr_t *, char *, int);
106 extern int	adr_count(adr_t *);
107 extern void	adr_int32(adr_t *, int32_t *, int);
108 extern void	adr_int64(adr_t *, int64_t *, int);
109 extern void	adr_short(adr_t *, short *, int);
110 extern void	adr_start(adr_t *, char *);
111 
112 extern int	adrf_char(adrf_t *, char *, int);
113 extern int	adrf_int32(adrf_t *, int32_t *, int);
114 extern int	adrf_int64(adrf_t *, int64_t *, int);
115 extern int	adrf_short(adrf_t *, short *, int);
116 extern void	adrf_start(adrf_t *, adr_t *, FILE *);
117 extern int	adrf_u_char(adrf_t *, uchar_t *, int);
118 extern int	adrf_u_int32(adrf_t *, uint32_t *, int);
119 extern int	adrf_u_int64(adrf_t *, uint64_t *, int);
120 extern int	adrf_u_short(adrf_t *, ushort_t *, int);
121 
122 /*
123  * Functions that manipulate bytes from an audit character stream.
124  */
125 
126 extern void	adrm_start(adr_t *, char *);
127 extern void	adrm_char(adr_t *, char *, int);
128 extern void	adrm_short(adr_t *, short *, int);
129 extern void	adrm_int64(adr_t *, int64_t *, int);
130 extern void	adrm_int32(adr_t *, int32_t *, int);
131 extern void	adrm_u_int32(adr_t *, uint32_t *, int);
132 extern void	adrm_u_char(adr_t *, uchar_t *, int);
133 extern void	adrm_u_int64(adr_t *, uint64_t *, int);
134 extern void	adrm_u_short(adr_t *, ushort_t *, int);
135 extern void	adrm_putint32(adr_t *, int32_t *, int);
136 
137 /*
138  * Functions that do I/O for audit files
139  */
140 
141 extern int	au_close(int, int, short);
142 extern int	au_open(void);
143 extern int	au_write(int, token_t *);
144 
145 /*
146  * Functions than manipulate audit events
147  */
148 
149 extern void	setauevent(void);
150 extern void	endauevent(void);
151 
152 extern au_event_ent_t	*getauevent(void);
153 extern au_event_ent_t	*getauevent_r(au_event_ent_t *);
154 extern au_event_ent_t	*getauevnam(char *);
155 extern au_event_ent_t	*getauevnam_r(au_event_ent_t *, char *);
156 extern au_event_ent_t	*getauevnum(au_event_t);
157 extern au_event_ent_t	*getauevnum_r(au_event_ent_t *, au_event_t);
158 extern au_event_t	getauevnonam(char *);
159 extern int		au_preselect(au_event_t, au_mask_t *, int, int);
160 extern int		cacheauevent(au_event_ent_t **, au_event_t);
161 
162 /*
163  * Functions that manipulate audit classes
164  */
165 
166 extern void	setauclass(void);
167 extern void	endauclass(void);
168 
169 extern int	cacheauclass(au_class_ent_t **, au_class_t);
170 extern int	cacheauclassnam(au_class_ent_t **, char *);
171 extern au_class_ent_t *getauclassent(void);
172 extern au_class_ent_t *getauclassent_r(au_class_ent_t *);
173 extern au_class_ent_t *getauclassnam(char *);
174 extern au_class_ent_t *getauclassnam_r(au_class_ent_t *, char *);
175 
176 /*
177  * Functions that manipulate audit attributes of users
178  */
179 
180 void	setauuser(void);
181 void	endauuser(void);
182 
183 au_user_ent_t *getauuserent(void);
184 au_user_ent_t *getauuserent_r(au_user_ent_t *);
185 au_user_ent_t *getauusernam(char *);
186 au_user_ent_t *getauusernam_r(au_user_ent_t *, char *);
187 
188 /*
189  * Functions that manipulate the audit control file
190  */
191 
192 void	endac(void);
193 void	setac(void);
194 
195 int	getacdir(char *, int);
196 int	getacmin(int *);
197 int	getacna(char *, int);
198 int	getacflg(char *, int);
199 
200 /*
201  * Functions that manipulate the audit control file
202  */
203 
204 
205 au_acinfo_t	*_openac(char *);
206 void		_endac(au_acinfo_t *);
207 void		_rewindac(au_acinfo_t *);
208 
209 int		_getacdir(au_acinfo_t *, char *, int);
210 int		_getaclib(au_acinfo_t *, kva_t **);
211 int		_getacmin(au_acinfo_t *, int *);
212 int		_getacna(au_acinfo_t *, char *, int);
213 int		_getacflg(au_acinfo_t *, char *, int);
214 int		_getacplug(au_acinfo_t *, kva_t **);
215 
216 /*
217  * Functions that manipulate audit masks
218  */
219 
220 extern int	au_user_mask(char *, au_mask_t *);
221 extern int	getauditflagsbin(char *, au_mask_t *);
222 extern int	getauditflagschar(char *, au_mask_t *, int);
223 extern int	getfauditflags(au_mask_t *, au_mask_t *, au_mask_t *);
224 
225 /*
226  * Functions that do system calls
227  */
228 
229 extern int	audit(char *, int);
230 extern int	auditon(int, caddr_t, int);
231 extern int	auditstat(au_stat_t *);
232 extern int	auditsvc(int, int);
233 extern int	auditdoor(int);
234 extern int	getaudit(auditinfo_t *);
235 extern int	getaudit_addr(auditinfo_addr_t *, int);
236 extern int	getauid(au_id_t *);
237 extern int	getkernstate(au_mask_t *);
238 extern int	getuseraudit(au_id_t, au_mask_t *);
239 extern int	setaudit(auditinfo_t *);
240 extern int	setaudit_addr(auditinfo_addr_t *, int);
241 extern int	setauid(au_id_t *);
242 extern int	setkernstate(au_mask_t *);
243 extern int	setuseraudit(au_id_t, au_mask_t *);
244 
245 #define	BSM_TEXTBUFSZ	256 /* size of string for generic text token */
246 
247 /*
248  * Defines for au_preselect(3)
249  */
250 #define	AU_PRS_SUCCESS	1
251 #define	AU_PRS_FAILURE	2
252 #define	AU_PRS_BOTH	(AU_PRS_SUCCESS|AU_PRS_FAILURE)
253 
254 #define	AU_PRS_USECACHE	0
255 #define	AU_PRS_REREAD	1
256 
257 /*
258  * Defines for cacheauclass and cacheauevent
259  */
260 #define	AU_CACHE_FREE	0x0000
261 #define	AU_CACHE_NAME	0x0001
262 #define	AU_CACHE_NUMBER	0x0002
263 
264 /* Flags for user-level audit routines: au_open, au_close, au_to_ */
265 #define	AU_TO_NO_WRITE	0
266 #define	AU_TO_WRITE	1
267 
268 /* system audit files for auditd */
269 #define	AUDITCLASSFILE		"/etc/security/audit_class"
270 #define	AUDITCONTROLFILE	"/etc/security/audit_control"
271 #define	AUDITDATAFILE		"/etc/security/audit_data"
272 #define	AUDITEVENTFILE		"/etc/security/audit_event"
273 #define	AUDITUSERFILE		"/etc/security/audit_user"
274 
275 /* array sizes for audit library structures */
276 #define	AU_CLASS_NAME_MAX	8
277 #define	AU_CLASS_DESC_MAX	72
278 #define	AU_EVENT_NAME_MAX	30
279 #define	AU_EVENT_DESC_MAX	50
280 #define	AU_EVENT_LINE_MAX	256
281 
282 /*
283  * Some macros used internally by the nsswitch code
284  */
285 #define	AUDITUSER_FILENAME		"/etc/security/audit_user"
286 #define	AUDITUSER_DB_NAME		"audit_user.org_dir"
287 #define	AUDITUSER_DB_NCOL		3	/* total columns */
288 #define	AUDITUSER_DB_NKEYCOL		1	/* total searchable columns */
289 #define	AUDITUSER_DB_TBLT		"audit_user_tbl"
290 #define	AUDITUSER_SUCCESS		0
291 #define	AUDITUSER_PARSE_ERANGE		1
292 #define	AUDITUSER_NOT_FOUND		2
293 
294 #define	AUDITUSER_COL0_KW		"name"
295 #define	AUDITUSER_COL1_KW		"always"
296 #define	AUDITUSER_COL2_KW		"never"
297 
298 /*
299  * indices of searchable columns
300  */
301 #define	AUDITUSER_KEYCOL0		0	/* name */
302 
303 
304 #ifdef	__cplusplus
305 }
306 #endif
307 
308 #endif	/* _BSM_LIBBSM_H */
309