17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 526fba2a6Sgww * Common Development and Distribution License (the "License"). 626fba2a6Sgww * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 227c478bd9Sstevel@tonic-gate * adt.h 237c478bd9Sstevel@tonic-gate * 24*d132affaSMarek Pospisil * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 257c478bd9Sstevel@tonic-gate * Use is subject to license terms. 267c478bd9Sstevel@tonic-gate * 277c478bd9Sstevel@tonic-gate * This is a contract private interface and is subject to change 287c478bd9Sstevel@tonic-gate */ 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate #ifndef _ADT_H 317c478bd9Sstevel@tonic-gate #define _ADT_H 327c478bd9Sstevel@tonic-gate 337c478bd9Sstevel@tonic-gate #include <bsm/audit.h> 347c478bd9Sstevel@tonic-gate #include <bsm/libbsm.h> 357c478bd9Sstevel@tonic-gate #include <bsm/audit_record.h> 367c478bd9Sstevel@tonic-gate #include <bsm/audit_uevents.h> 377c478bd9Sstevel@tonic-gate #include <door.h> 387c478bd9Sstevel@tonic-gate 397c478bd9Sstevel@tonic-gate #ifdef __cplusplus 407c478bd9Sstevel@tonic-gate extern "C" { 417c478bd9Sstevel@tonic-gate #endif 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate #define ADT_STRING_MAX 511 /* max non-null characters */ 447c478bd9Sstevel@tonic-gate #define ADT_NO_ATTRIB (uid_t)-1 /* unattributed user */ 457c478bd9Sstevel@tonic-gate #define ADT_NO_CHANGE (uid_t)-2 /* no update for this parameter */ 467c478bd9Sstevel@tonic-gate #define ADT_NO_AUDIT (uid_t)-3 /* unaudited user */ 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate /* 497c478bd9Sstevel@tonic-gate * terminal id types 507c478bd9Sstevel@tonic-gate */ 5111bc41c8Sgww #define ADT_IPv4 1 5211bc41c8Sgww #define ADT_IPv6 2 537c478bd9Sstevel@tonic-gate 547c478bd9Sstevel@tonic-gate /* 557c478bd9Sstevel@tonic-gate * for adt_set_user(): ADT_NEW if creating a session for a newly 567c478bd9Sstevel@tonic-gate * authenticated user -- login -- and ADT_UPDATE if an authenticated 577c478bd9Sstevel@tonic-gate * user is changing uid/gid -- e.g., su. ADT_USER changes only the 587c478bd9Sstevel@tonic-gate * ruid / euid / rgid / egid values and is appropriate for login-like 597c478bd9Sstevel@tonic-gate * operations where PAM has already set the audit context in the cred. 607c478bd9Sstevel@tonic-gate * ADT_SETTID is for the special case where it is necessary to store 617c478bd9Sstevel@tonic-gate * the terminal id in the credential before forking to the login or 627c478bd9Sstevel@tonic-gate * login-like process. 637c478bd9Sstevel@tonic-gate */ 647c478bd9Sstevel@tonic-gate enum adt_user_context {ADT_NEW, ADT_UPDATE, ADT_USER, ADT_SETTID}; 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate typedef ulong_t adt_session_flags_t; 677c478bd9Sstevel@tonic-gate typedef struct adt_session_data adt_session_data_t; 687c478bd9Sstevel@tonic-gate typedef struct adt_export_data adt_export_data_t; 697c478bd9Sstevel@tonic-gate typedef union adt_event_data adt_event_data_t; 707c478bd9Sstevel@tonic-gate typedef struct adt_termid adt_termid_t; 710ad2061eSgww typedef struct translation adt_translation_t; 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate /* 747c478bd9Sstevel@tonic-gate * flag defs for the flags argument of adt_start_session() 757c478bd9Sstevel@tonic-gate */ 767c478bd9Sstevel@tonic-gate 7726fba2a6Sgww #define ADT_BUFFER_RECORDS 0x2 /* server buffering */ 787c478bd9Sstevel@tonic-gate #define ADT_USE_PROC_DATA 0x1 /* copy audit char's from proc */ 797c478bd9Sstevel@tonic-gate /* | all of above = ADT_FLAGS_ALL */ 807c478bd9Sstevel@tonic-gate #define ADT_FLAGS_ALL ADT_BUFFER_RECORDS | \ 817c478bd9Sstevel@tonic-gate ADT_USE_PROC_DATA 827c478bd9Sstevel@tonic-gate 837c478bd9Sstevel@tonic-gate /* 847c478bd9Sstevel@tonic-gate * Functions 857c478bd9Sstevel@tonic-gate */ 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate extern int adt_start_session(adt_session_data_t **, 887c478bd9Sstevel@tonic-gate const adt_export_data_t *, 897c478bd9Sstevel@tonic-gate adt_session_flags_t); 907c478bd9Sstevel@tonic-gate extern int adt_end_session(adt_session_data_t *); 917c478bd9Sstevel@tonic-gate extern int adt_dup_session(const adt_session_data_t *, 927c478bd9Sstevel@tonic-gate adt_session_data_t **); 937c478bd9Sstevel@tonic-gate 947c478bd9Sstevel@tonic-gate extern int adt_set_proc(const adt_session_data_t *); 957c478bd9Sstevel@tonic-gate extern int adt_set_user(const adt_session_data_t *, uid_t, gid_t, 967c478bd9Sstevel@tonic-gate uid_t, gid_t, const adt_termid_t *, 977c478bd9Sstevel@tonic-gate enum adt_user_context); 987c478bd9Sstevel@tonic-gate extern int adt_set_from_ucred(const adt_session_data_t *, 997c478bd9Sstevel@tonic-gate const ucred_t *, 1007c478bd9Sstevel@tonic-gate enum adt_user_context); 1017c478bd9Sstevel@tonic-gate 1027c478bd9Sstevel@tonic-gate extern size_t adt_get_session_id(const adt_session_data_t *, char **); 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate extern size_t adt_export_session_data(const adt_session_data_t *, 1057c478bd9Sstevel@tonic-gate adt_export_data_t **); 1067c478bd9Sstevel@tonic-gate 1077c478bd9Sstevel@tonic-gate extern adt_event_data_t 1087c478bd9Sstevel@tonic-gate *adt_alloc_event(const adt_session_data_t *, au_event_t); 1097c478bd9Sstevel@tonic-gate 1107c478bd9Sstevel@tonic-gate extern int adt_put_event(const adt_event_data_t *, int, int); 1117c478bd9Sstevel@tonic-gate extern void adt_free_event(adt_event_data_t *); 1127c478bd9Sstevel@tonic-gate 1137c478bd9Sstevel@tonic-gate extern int adt_load_termid(int, adt_termid_t **); 1147c478bd9Sstevel@tonic-gate extern int adt_load_hostname(const char *, adt_termid_t **); 1157c478bd9Sstevel@tonic-gate extern int adt_load_ttyname(const char *, adt_termid_t **); 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate extern boolean_t adt_audit_enabled(void); 118b08d8a12Sgww extern boolean_t adt_audit_state(int); 1197c478bd9Sstevel@tonic-gate 12069987563Ssabdar /* 12169987563Ssabdar * Special typedefs for translations. 12269987563Ssabdar */ 12369987563Ssabdar 12469987563Ssabdar typedef int fd_t; /* file descriptor */ 12569987563Ssabdar 1267c478bd9Sstevel@tonic-gate #ifdef __cplusplus 1277c478bd9Sstevel@tonic-gate } 1287c478bd9Sstevel@tonic-gate #endif 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate #endif /* _ADT_H */ 131