xref: /titanic_51/usr/src/lib/libbsm/common/adt_xlate.h (revision 91b2cbb33f0dcb9fb5a72db1795003e07afeded9)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * adt_xlate.h
 *
 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
 *
 */

#ifndef _BSM_XLATE_H
#define	_BSM_XLATE_H

#include <priv.h>

#include <bsm/libbsm.h>

#include <tsol/label.h>

#include "adt_event.h"

#ifdef	__cplusplus
extern "C" {
#endif

#ifndef TEXT_DOMAIN
#define	TEXT_DOMAIN	"SYS_TEST"
#endif

/*
 * values for adt_session_model
 * In the session model, the session and process are unrelated, so
 * such things as the supplementary group token make no sense.  In
 * the process model, the process and session are the same.
 */
#define	ADT_SESSION_MODEL	1
#define	ADT_PROCESS_MODEL	0

#define	ADT_HAVE_MASK	0x01
#define	ADT_HAVE_TID	0x02
#define	ADT_HAVE_AUID	0x04
#define	ADT_HAVE_ASID	0x08
#define	ADT_HAVE_IDS	0x10
#define	ADT_HAVE_ALL	(uint32_t)\
	(ADT_HAVE_MASK | ADT_HAVE_TID | ADT_HAVE_AUID | ADT_HAVE_ASID |\
	ADT_HAVE_IDS)

/*
 * dummy token types for privilege
 */
#define	ADT_AUT_PRIV_L	-100	/* limit set */
#define	ADT_AUT_PRIV_I	-101	/* inherited set */
#define	ADT_AUT_PRIV_E	-102	/* effective set */
#define	ADT_CMD_ALT	-103	/* dummy token type for alternate command */
#define	ADT_IN_PEER	-104	/* peer address in_addr and in_port */
#define	ADT_IN_REMOTE	-105	/* specified address in_addr */

enum adt_generic {ADT_GENERIC}; /* base for text enums */

typedef struct adt_internal_state	adt_internal_state_t;

union union_of_events {
	union adt_event_data	d0;
};

/*
 * The order of the lists MUST match the order in
 * struct msg_text adt_msg_text that is generated by
 * auditxml in adt_xlate.c.
 */
enum adt_msg_list {
	ADT_LIST_FAIL_PAM,
	ADT_LIST_FAIL_VALUE,
	ADT_LIST_LOGIN_TEXT,
	ADT_LIST_TPM_E,
	ADT_LIST_UADMIN_FCN};

enum datatype {ADT_UNDEFINED = 0,
    ADT_DATE,
    ADT_MSG,
    ADT_UINT,
    ADT_INT,
    ADT_INT32,
    ADT_UINT16,
    ADT_UINT32,
    ADT_UINT32STAR,
    ADT_UINT32ARRAY,
    ADT_UID,
    ADT_GID,
    ADT_UIDSTAR,
    ADT_GIDSTAR,
    ADT_UINT64,
    ADT_LONG,
    ADT_ULONG,
    ADT_CHAR,
    ADT_CHARSTAR,
    ADT_CHAR2STAR,	/* char **			*/
    ADT_PID,
    ADT_PRIVSTAR,
    ADT_TERMIDSTAR,
    ADT_MLABELSTAR,
    ADT_FD
};
typedef enum datatype datatype_t;

union convert {
    enum adt_generic	msg_selector;
    boolean_t		tbool;
    uint_t		tuint;
    int			tint;
    int32_t		tint32;
    uint16_t		tuint16;
    uint32_t		tuint32;
    uint64_t		tuint64;
    int32_t		*tint32star;
    uint32_t		*tuint32star;
    uid_t		tuid;
    gid_t		tgid;
    uid_t		*tuidstar;
    gid_t		*tgidstar;
    pid_t		tpid;
    long		tlong;
    ulong_t		tulong;
    char		tchar;
    char		*tcharstar;
    char		**tchar2star;
    au_tid_addr_t 	*ttermid;
    priv_set_t		*tprivstar;
    m_label_t		*tm_label;
    fd_t		tfd;
};

struct adt_event_state {
	union union_of_events	ae_event_data;

	/* above is user's area; below is internal.  Order matters */

	uint_t		ae_check;	/* see adt_internal_state	*/
	int		ae_event_handle;
	au_event_t	ae_event_id;	/* external id			*/
	au_event_t	ae_internal_id; /* translated			*/
	int		ae_rc;		/* exit token rc		*/
	int		ae_type;	/* exit error type		*/
	struct adt_internal_state *ae_session;
};

struct datadefs {
	datatype_t	dd_datatype;	/* input data type */
	size_t		dd_input_size;	/* input data size */
};
typedef struct datadefs datadef;

typedef void (* adt_token_func_t)(datadef *, void *, int,
    struct adt_event_state *, char *);

typedef char *(* adt_msg_func_t)(enum adt_generic);

#define	ADT_VALID	0xAAAA5555

struct adt_internal_state {
	uint32_t	as_check;	/* == ADT_VALID when created,	*/
					/* == zero when freed		*/
	uid_t		as_euid;
	uid_t		as_ruid;
	gid_t		as_egid;
	gid_t		as_rgid;

	struct auditinfo_addr as_info;
	/*
	 * ai_auid				audit id
	 * ai_mask.am_success			pre-selection mask
	 * ai_mask.am_failure
	 * ai_termid	.at_port		terminal id
	 *		.at_type
	 *		.ai_termid.at_addr[0]
	 *		.ai_termid.at_addr[1]
	 *		.ai_termid.at_addr[2]
	 *		.ai_termid.at_addr[3]
	 * ai_asid				session id
	 */
	int		as_audit_state;		/* audit state */
	/*
	 * data above this line is exported / imported
	 * To maintain upward compatibility, the above structures
	 * can't change, so for version 2, all changes will need
	 * to be added here and the old format (above) maintained.
	 */

	uint32_t		as_have_user_data;

	uint32_t		as_kernel_audit_policy;
	int			as_session_model;
	adt_session_flags_t	as_flags;
	pid_t			as_pid;
	m_label_t		*as_label;	/* if is_system_labeled */
	adt_translation_t	**as_xlate;
	void (*as_preload)(au_event_t, adt_event_data_t *);
};

/*
 * export data format
 * version number changes when adt_internal_state's export portion
 * changes.
 */
#define	PROTOCOL_VERSION_1	1
#define	PROTOCOL_VERSION_2	2

/*
 * most recent version is at the top; down level consumers are
 * expected to search down via "prev_offsetX" to a version they
 * understand.  "v1" is first, "v0" is used to illustrate correct
 * order for future use.
 */

struct adt_export_v2 {
	int32_t		ax_euid;
	int32_t		ax_ruid;
	int32_t		ax_egid;
	int32_t		ax_rgid;
	int32_t		ax_auid;
	uint32_t	ax_mask_success;
	uint32_t	ax_mask_failure;
	uint32_t	ax_port;
	uint32_t	ax_type;
	uint32_t	ax_addr[4];
	uint32_t	ax_asid;
	int		ax_audit_state;
	pid_t		ax_pid;
	size32_t	ax_label_len;	/* 0, unlabeled */
/*	char		ax_label[ax_label_len];	if, is_system_labeled */
};
struct adt_export_v1 {
	int32_t		ax_euid;
	int32_t		ax_ruid;
	int32_t		ax_egid;
	int32_t		ax_rgid;
	int32_t		ax_auid;
	uint32_t	ax_mask_success;
	uint32_t	ax_mask_failure;
	uint32_t	ax_port;
	uint32_t	ax_type;
	uint32_t	ax_addr[4];
	uint32_t	ax_asid;
	int		ax_audit_state;
	uint32_t	ax_size_of_tsol_data;	/* zero for non-TSOL systems */
};
struct export_link {
	int32_t		ax_version;
	int32_t		ax_offset;
};
struct export_header {
	uint32_t		ax_check;
	int32_t			ax_buffer_length;
	struct export_link	ax_link;
};

struct adt_export_data {
	struct export_header	ax_header;

	struct		adt_export_v2 ax_v2;
	/*
	 * end of version 2 data
	 */
	struct export_link	ax_next_v1;
	struct		adt_export_v1 ax_v1;
	/*
	 * end of version 1 data
	 * struct export_link	ax_next_A;
	 * data for older version
	 * struct adt_export_v0 ax_v0;
	 */
	struct export_link	ax_last; /* terminator */
};

/*
 * struct entry defines rows in tables defined in adt_xlate.c
 */

struct entry {
	char		en_token_id;	/* token id */
	int		en_count_types;	/* # of input fields for this token */
	datadef		*en_type_def;	/* field type and size of each input */
	struct entry	*en_next_token;	/* linked list pointer */
	size_t		en_offset;	/* offset into structure for input */
	int		en_required;	/* if 1, always output a token */
	int		en_tsol;	/* if 1, reserved if for TX */
	char		*en_msg_format;	/* pointer to sprintf format string */
};

struct translation {
	int		tx_offsetsCalculated;	/* eponymous */
	au_event_t	tx_external_event;	/* event id, external view */
	au_event_t	tx_internal_event;	/* event id, internal view */
	int		tx_entries;		/* array size of entry array */
	struct entry	*tx_first_entry;	/* start of linked list */
	struct entry	*tx_top_entry;		/* first array element */
};

struct token_jmp {
	long			jmp_id;
	adt_token_func_t	jmp_to;
};

struct msg_text {
	int	ml_min_index;
	int	ml_max_index;
	char	**ml_msg_list;
	int	ml_offset;
};

extern struct msg_text adt_msg_text[];

extern void adt_write_syslog(const char *, int);
extern void adt_token_open(struct adt_event_state *);
extern int adt_token_close(struct adt_event_state *);
extern void adt_generate_token(struct entry *, void *,
    struct adt_event_state *);
extern void *adt_adjust_address(void *, size_t, size_t);

#ifdef	__cplusplus
}
#endif

#endif	/* _BSM_XLATE_H */