xref: /titanic_50/usr/src/lib/libbsm/common/adt.h (revision 7c478bd95313f5f23a4c958a745db2134aa03244)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * adt.h
 *
 * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 * This is a contract private interface and is subject to change
 */

#ifndef _ADT_H
#define	_ADT_H

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include <bsm/audit.h>
#include <bsm/libbsm.h>
#include <bsm/audit_record.h>
#include <bsm/audit_uevents.h>
#include <door.h>

#ifdef	__cplusplus
extern "C" {
#endif

#define	ADT_STRING_MAX	511		/* max non-null characters */
#define	ADT_NO_ATTRIB	(uid_t)-1	/* unattributed user */
#define	ADT_NO_CHANGE	(uid_t)-2	/* no update for this parameter */
#define	ADT_NO_AUDIT	(uid_t)-3	/* unaudited user */

/*
 * terminal id types
 */
#define	ADT_IPv4	0
#define	ADT_IPv6	1

/*
 * for adt_set_user(): ADT_NEW if creating a session for a newly
 * authenticated user -- login -- and ADT_UPDATE if an authenticated
 * user is changing uid/gid -- e.g., su.  ADT_USER changes only the
 * ruid / euid / rgid / egid values and is appropriate for login-like
 * operations where PAM has already set the audit context in the cred.
 * ADT_SETTID is for the special case where it is necessary to store
 * the terminal id in the credential before forking to the login or
 * login-like process.
 */
enum adt_user_context {ADT_NEW, ADT_UPDATE, ADT_USER, ADT_SETTID};

typedef ulong_t			adt_session_flags_t;
typedef struct adt_session_data	adt_session_data_t;
typedef struct adt_export_data	adt_export_data_t;
typedef union adt_event_data	adt_event_data_t;
typedef struct adt_termid	adt_termid_t;

/*
 * flag defs for the flags argument of adt_start_session()
 */

#define	ADT_BUFFER_RECORDS	0x2	/* TSOL buffering */
#define	ADT_USE_PROC_DATA	0x1	/* copy audit char's from proc */
	/* | all of above = ADT_FLAGS_ALL  */
#define	ADT_FLAGS_ALL		ADT_BUFFER_RECORDS | \
    ADT_USE_PROC_DATA

/*
 * Functions
 */

extern	int	adt_start_session(adt_session_data_t **,
		    const adt_export_data_t *,
		    adt_session_flags_t);
extern	int	adt_end_session(adt_session_data_t *);
extern	int	adt_dup_session(const adt_session_data_t *,
    adt_session_data_t **);

extern	int	adt_set_proc(const adt_session_data_t *);
extern	int	adt_set_user(const adt_session_data_t *, uid_t, gid_t,
		    uid_t, gid_t, const adt_termid_t *,
		    enum adt_user_context);
extern	int	adt_set_from_ucred(const adt_session_data_t *,
		    const ucred_t *,
		    enum adt_user_context);

extern	size_t	adt_get_session_id(const adt_session_data_t *, char **);

extern	size_t	adt_export_session_data(const adt_session_data_t *,
		    adt_export_data_t **);
extern	size_t	adt_import_proc(pid_t pid,
		    uid_t euid,
		    gid_t egid,
		    uid_t ruid,
		    gid_t rgid,
		    adt_export_data_t **external);

extern	adt_event_data_t
		*adt_alloc_event(const adt_session_data_t *, au_event_t);

extern	int	adt_put_event(const adt_event_data_t *, int, int);
extern	void	adt_free_event(adt_event_data_t *);

extern	int	adt_load_termid(int, adt_termid_t **);
extern	int	adt_load_hostname(const char *, adt_termid_t **);
extern	int	adt_load_ttyname(const char *, adt_termid_t **);

extern	boolean_t	adt_audit_enabled(void);

#ifdef	__cplusplus
}
#endif

#endif	/* _ADT_H */