xref: /titanic_52/usr/src/cmd/praudit/toktable.c (revision 7bce2ddc44146624206b5daadc6ba603fe8bf58c)
1  /*
2   * CDDL HEADER START
3   *
4   * The contents of this file are subject to the terms of the
5   * Common Development and Distribution License (the "License").
6   * You may not use this file except in compliance with the License.
7   *
8   * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9   * or http://www.opensolaris.org/os/licensing.
10   * See the License for the specific language governing permissions
11   * and limitations under the License.
12   *
13   * When distributing Covered Code, include this CDDL HEADER in each
14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15   * If applicable, add the following below this CDDL HEADER, with the
16   * fields enclosed by brackets "[]" replaced with your own identifying
17   * information: Portions Copyright [yyyy] [name of copyright owner]
18   *
19   * CDDL HEADER END
20   */
21  /*
22   * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23   * Use is subject to license terms.
24   */
25  
26  #pragma ident	"%Z%%M%	%I%	%E% SMI"
27  
28  /*
29   * Solaris Audit Token Table.
30   */
31  
32  #include <locale.h>
33  
34  #include <stdio.h>
35  #include <stdlib.h>
36  #include <string.h>
37  #include <bsm/audit.h>
38  #include <bsm/audit_record.h>
39  #include <bsm/libbsm.h>
40  
41  #include "praudit.h"
42  #include "toktable.h"
43  
44  token_desc_t tokentable[MAXTAG + 1];
45  
46  #define	table_init(i, n, f, t) \
47  	tokentable[(int)(i)].t_name = (n); \
48  	tokentable[(int)(i)].t_tagname = (n); \
49  	tokentable[(int)(i)].func = (f); \
50  	tokentable[(int)(i)].t_type = (t);
51  
52  /* table_initx is for entries which need name different from tagname */
53  #define	table_initx(i, n, tn, f, t) \
54  	tokentable[(int)(i)].t_name = (n); \
55  	tokentable[(int)(i)].t_tagname = (tn); \
56  	tokentable[(int)(i)].func = (f); \
57  	tokentable[(int)(i)].t_type = (t);
58  
59  /*
60   * Initialize the table of tokens & other tags.
61   */
62  void
63  init_tokens(void)
64  {
65  	/*
66  	 * TRANSLATION_NOTE
67  	 * These names refer to different type of audit tokens.
68  	 * To gain a better understanding of each token, read the
69  	 * SunShield BSM Guide, part no. 802-1965-xx.
70  	 */
71  
72  	(void) gettext("file");	/* to force out the translation note */
73  
74  	/*
75  	 * Control token types
76  	 */
77  
78  	table_init(AUT_INVALID, (char *)0, NOFUNC, T_UNKNOWN);
79  	table_init(AUT_OTHER_FILE32, "file", file_token, T_EXTENDED);
80  	table_init(AUT_OHEADER, "old_header", NOFUNC, T_EXTENDED);
81  	table_init(AUT_TRAILER, "trailer", trailer_token, T_UNKNOWN);
82  	table_initx(AUT_HEADER32, "header", "record",
83  	    header_token, T_EXTENDED);
84  	table_initx(AUT_HEADER32_EX, "header", "record",
85  	    header32_ex_token, T_EXTENDED);
86  
87  	/*
88  	 * Data token types
89  	 */
90  
91  	table_init(AUT_DATA, "arbitrary", arbitrary_data_token, T_EXTENDED);
92  	table_init(AUT_FMRI, "fmri", fmri_token, T_ELEMENT);
93  	table_init(AUT_IPC, "IPC", s5_IPC_token, T_ENCLOSED);
94  	table_init(AUT_PATH, "path", path_token, T_ELEMENT);
95  	table_init(AUT_XATPATH, "path_attr", path_attr_token, T_ELEMENT);
96  	table_init(AUT_SUBJECT32, "subject", subject32_token, T_ENCLOSED);
97  	table_init(AUT_PROCESS32, "process", process32_token, T_ENCLOSED);
98  	table_init(AUT_RETURN32, "return", return_value32_token, T_ENCLOSED);
99  	table_init(AUT_TEXT, "text", text_token, T_ELEMENT);
100  	table_init(AUT_OPAQUE, "opaque", opaque_token, T_ELEMENT);
101  	table_initx(AUT_IN_ADDR, "ip address", "ip_address",
102  	    ip_addr_token, T_ELEMENT);
103  	table_init(AUT_IP, "ip", ip_token, T_ENCLOSED);
104  	table_initx(AUT_IPORT, "ip port", "ip_port",
105  	    iport_token, T_ELEMENT);
106  	table_init(AUT_ARG32, "argument", argument32_token, T_ENCLOSED);
107  	table_initx(AUT_SOCKET, "socket", "old_socket",
108  	    socket_token, T_ENCLOSED);
109  	table_init(AUT_SEQ, "sequence", sequence_token, T_ENCLOSED);
110  	table_init(AUT_ZONENAME, "zone", zonename_token, T_ENCLOSED);
111  
112  	/*
113  	 * Modifier token types
114  	 */
115  
116  	table_init(AUT_ACL, "acl", acl_token, T_ENCLOSED);
117  	table_init(AUT_ATTR, "attribute", attribute_token, T_ENCLOSED);
118  	table_init(AUT_IPC_PERM, "IPC_perm", s5_IPC_perm_token, T_ENCLOSED);
119  	table_init(AUT_GROUPS, "group", group_token, T_ELEMENT);
120  	table_initx(AUT_LABEL, "sensitivity label", "sensitivity_label",
121  	    label_token, T_ELEMENT);
122  	table_init(AUT_PRIV, "privilege", privilege_token, T_EXTENDED);
123  	table_initx(AUT_UPRIV, "use of privilege", "use_of_privilege",
124  	    useofpriv_token, T_EXTENDED);
125  	table_init(AUT_LIAISON, "liaison", liaison_token, T_ELEMENT);
126  	table_init(AUT_NEWGROUPS, "group", newgroup_token, T_ELEMENT);
127  	table_init(AUT_EXEC_ARGS, "exec_args", exec_args_token, T_ELEMENT);
128  	table_init(AUT_EXEC_ENV, "exec_env", exec_env_token, T_ELEMENT);
129  	table_init(AUT_ATTR32, "attribute", attribute32_token, T_ENCLOSED);
130  	table_initx(AUT_UAUTH, "use of authorization",
131  	    "use_of_authorization", useofauth_token, T_ELEMENT);
132  	table_init(AUT_TID, "tid", tid_token, T_EXTENDED);
133  
134  	/*
135  	 * X windows token types
136  	 */
137  	table_initx(AUT_XATOM, "X atom", "X_atom", xatom_token, T_ELEMENT);
138  	table_initx(AUT_XOBJ, "X object", "X_object", NOFUNC, T_UNKNOWN);
139  	table_initx(AUT_XPROTO, "X protocol", "X_protocol", NOFUNC, T_UNKNOWN);
140  	table_initx(AUT_XSELECT, "X selection", "X_selection",
141  	    xselect_token, T_ELEMENT);
142  	table_initx(AUT_XCOLORMAP, "X color map", "X_color_map",
143  	    xcolormap_token, T_ENCLOSED);
144  	table_initx(AUT_XCURSOR, "X cursor", "X_cursor",
145  	    xcursor_token, T_ENCLOSED);
146  	table_initx(AUT_XFONT, "X font", "X_font", xfont_token, T_ENCLOSED);
147  	table_initx(AUT_XGC, "X graphic context", "X_graphic_context",
148  	    xgc_token, T_ENCLOSED);
149  	table_initx(AUT_XPIXMAP, "X pixmap", "X_pixmap",
150  	    xpixmap_token, T_ENCLOSED);
151  	table_initx(AUT_XPROPERTY, "X property", "X_property",
152  	    xproperty_token, T_EXTENDED);
153  	table_initx(AUT_XWINDOW, "X window", "X_window",
154  	    xwindow_token, T_ENCLOSED);
155  	table_initx(AUT_XCLIENT, "X client", "X_client",
156  	    xclient_token, T_ELEMENT);
157  
158  	/*
159  	 * Command token types
160  	 */
161  
162  	table_init(AUT_CMD, "cmd", cmd_token, T_ELEMENT);
163  	table_init(AUT_EXIT, "exit", exit_token, T_ENCLOSED);
164  
165  	/*
166  	 * Miscellaneous token types
167  	 */
168  
169  	table_init(AUT_HOST, "host", host_token, T_ELEMENT);
170  
171  	/*
172  	 * Solaris64 token types
173  	 */
174  
175  	table_init(AUT_ARG64, "argument", argument64_token, T_ENCLOSED);
176  	table_init(AUT_RETURN64, "return", return_value64_token, T_ENCLOSED);
177  	table_init(AUT_ATTR64, "attribute", attribute64_token, T_ENCLOSED);
178  	table_initx(AUT_HEADER64, "header", "record",
179  	    header64_token, T_EXTENDED);
180  	table_init(AUT_SUBJECT64, "subject", subject64_token, T_ENCLOSED);
181  	table_init(AUT_PROCESS64, "process", process64_token, T_ENCLOSED);
182  	table_init(AUT_OTHER_FILE64, "file", file64_token, T_EXTENDED);
183  
184  	/*
185  	 * Extended network address token types
186  	 */
187  
188  	table_initx(AUT_HEADER64_EX, "header", "record",
189  	    header64_ex_token, T_EXTENDED);
190  	table_init(AUT_SUBJECT32_EX, "subject", subject32_ex_token, T_ENCLOSED);
191  	table_init(AUT_PROCESS32_EX, "process", process32_ex_token, T_ENCLOSED);
192  	table_init(AUT_SUBJECT64_EX, "subject", subject64_ex_token, T_ENCLOSED);
193  	table_init(AUT_PROCESS64_EX, "process", process64_ex_token, T_ENCLOSED);
194  	table_initx(AUT_IN_ADDR_EX, "ip address", "ip_address",
195  	    ip_addr_ex_token, T_ELEMENT);
196  	table_init(AUT_SOCKET_EX, "socket", socket_ex_token, T_ENCLOSED);
197  
198  #ifdef _PRAUDIT
199  	/*
200  	 * Done with tokens above here. Now do remaining tags.
201  	 */
202  	table_init(TAG_AUID, "audit-uid", pa_pw_uid, T_ATTRIBUTE);
203  	table_init(TAG_UID, "uid", pa_pw_uid, T_ATTRIBUTE);
204  	table_init(TAG_GID, "gid", pa_gr_uid, T_ATTRIBUTE);
205  	table_init(TAG_RUID, "ruid", pa_pw_uid, T_ATTRIBUTE);
206  	table_init(TAG_RGID, "rgid", pa_gr_uid, T_ATTRIBUTE);
207  
208  	table_init(TAG_PID, "pid", pa_adr_u_int32, T_ATTRIBUTE);
209  	table_init(TAG_SID, "sid", pa_adr_u_int32, T_ATTRIBUTE);
210  
211  	table_init(TAG_TID32, "tid", pa_tid32, T_ATTRIBUTE);
212  	table_init(TAG_TID64, "tid", pa_tid64, T_ATTRIBUTE);
213  	table_init(TAG_TID32_EX, "tid", pa_tid32_ex, T_ATTRIBUTE);
214  	table_init(TAG_TID64_EX, "tid", pa_tid64_ex, T_ATTRIBUTE);
215  	table_init(TAG_TID_TYPE, "type", NOFUNC, T_ATTRIBUTE);
216  	table_init(TAG_IP, "ipadr", NOFUNC, T_ENCLOSED);
217  	table_init(TAG_IP_LOCAL, "local-port", pa_adr_u_short, T_ATTRIBUTE);
218  	table_init(TAG_IP_REMOTE, "remote-port", pa_adr_u_short, T_ATTRIBUTE);
219  	table_init(TAG_IP_ADR, "host", pa_ip_addr, T_ATTRIBUTE);
220  
221  	table_initx(TAG_EVMOD, "event-modifier", "modifier",
222  	    pa_event_modifier, T_ATTRIBUTE);
223  	table_initx(TAG_EVTYPE, "event-type", "event",
224  	    pa_event_type, T_ATTRIBUTE);
225  	table_initx(TAG_TOKVERS, "token-version", "version",
226  	    pa_adr_byte, T_ATTRIBUTE);
227  
228  	table_init(TAG_ISO, "iso8601", NOFUNC, T_ATTRIBUTE);
229  
230  	table_init(TAG_ERRVAL, "errval", NOFUNC, T_ATTRIBUTE);
231  	table_init(TAG_RETVAL, "retval", pa_adr_int32, T_ATTRIBUTE);
232  
233  	table_init(TAG_SETTYPE, "set-type", pa_adr_string, T_ATTRIBUTE);
234  	/* Sub-element of groups & newgroups token: */
235  	table_init(TAG_GROUPID, "gid", pa_gr_uid, T_ELEMENT);
236  
237  	table_init(TAG_XID, "xid", pa_xid, T_ATTRIBUTE);
238  	table_init(TAG_XCUID, "xcreator-uid", pa_pw_uid, T_ATTRIBUTE);
239  
240  	table_init(TAG_XSELTEXT, "x_sel_text", pa_adr_string, T_ELEMENT);
241  	table_init(TAG_XSELTYPE, "x_sel_type", pa_adr_string, T_ELEMENT);
242  	table_init(TAG_XSELDATA, "x_sel_data", pa_adr_string, T_ELEMENT);
243  
244  	table_init(TAG_ARGNUM, "arg-num", pa_adr_byte, T_ATTRIBUTE);
245  	table_init(TAG_ARGVAL32, "value", pa_adr_int32hex, T_ATTRIBUTE);
246  	table_init(TAG_ARGVAL64, "value", pa_adr_int64hex, T_ATTRIBUTE);
247  	table_init(TAG_ARGDESC, "desc", pa_adr_string, T_ATTRIBUTE);
248  
249  	table_init(TAG_MODE, "mode", pa_mode, T_ATTRIBUTE);
250  	table_init(TAG_FSID, "fsid", pa_adr_int32, T_ATTRIBUTE);
251  	table_init(TAG_NODEID32, "nodeid", pa_adr_int32, T_ATTRIBUTE);
252  	table_init(TAG_NODEID64, "nodeid", pa_adr_int64, T_ATTRIBUTE);
253  	table_init(TAG_DEVICE32, "device", pa_adr_u_int32, T_ATTRIBUTE);
254  	table_init(TAG_DEVICE64, "device", pa_adr_u_int64, T_ATTRIBUTE);
255  
256  	table_init(TAG_SEQNUM, "seq-num", pa_adr_u_int32, T_ATTRIBUTE);
257  	table_init(TAG_ZONENAME, "name", pa_adr_string, T_ATTRIBUTE);
258  	table_init(TAG_ARGV, "argv", pa_cmd, T_ELEMENT);
259  	table_init(TAG_ARGE, "arge", pa_cmd, T_ELEMENT);
260  	table_init(TAG_ARG, "arg", pa_string, T_ELEMENT);
261  	table_init(TAG_ENV, "env", pa_string, T_ELEMENT);
262  	table_init(TAG_XAT, "xattr", pa_string, T_ELEMENT);
263  
264  	table_init(TAG_RESULT, "result", NOFUNC, T_ATTRIBUTE);
265  	table_init(TAG_CUID, "creator-uid", pa_pw_uid, T_ATTRIBUTE);
266  	table_init(TAG_CGID, "creator-gid", pa_gr_uid, T_ATTRIBUTE);
267  	table_init(TAG_SEQ, "seq", pa_adr_u_int32, T_ATTRIBUTE);
268  	table_init(TAG_KEY, "key", pa_adr_int32hex, T_ATTRIBUTE);
269  
270  	table_init(TAG_IPVERS, "version", pa_adr_charhex, T_ATTRIBUTE);
271  	table_init(TAG_IPSERV, "service_type", pa_adr_charhex, T_ATTRIBUTE);
272  	table_init(TAG_IPLEN, "len", pa_adr_short, T_ATTRIBUTE);
273  	table_init(TAG_IPID, "id", pa_adr_u_short, T_ATTRIBUTE);
274  	table_init(TAG_IPOFFS, "offset", pa_adr_u_short, T_ATTRIBUTE);
275  	table_init(TAG_IPTTL, "time_to_live", pa_adr_charhex, T_ATTRIBUTE);
276  	table_init(TAG_IPPROTO, "protocol", pa_adr_charhex, T_ATTRIBUTE);
277  	table_init(TAG_IPCKSUM, "cksum", pa_adr_u_short, T_ATTRIBUTE);
278  	table_init(TAG_IPSRC, "src_addr", pa_adr_int32hex, T_ATTRIBUTE);
279  	table_init(TAG_IPDEST, "dest_addr", pa_adr_int32hex, T_ATTRIBUTE);
280  
281  	table_init(TAG_ACLTYPE, "type", NOFUNC, T_ATTRIBUTE);
282  	table_init(TAG_ACLVAL, "value", NOFUNC, T_ATTRIBUTE);
283  	table_init(TAG_SOCKTYPE, "type", pa_adr_shorthex, T_ATTRIBUTE);
284  	table_init(TAG_SOCKPORT, "port", pa_adr_shorthex, T_ATTRIBUTE);
285  	table_init(TAG_SOCKADDR, "addr", NOFUNC, T_ATTRIBUTE);
286  
287  	table_init(TAG_SOCKEXDOM, "sock_domain", pa_adr_shorthex, T_ATTRIBUTE);
288  	table_init(TAG_SOCKEXTYPE, "sock_type", pa_adr_shorthex, T_ATTRIBUTE);
289  	table_init(TAG_SOCKEXLPORT, "lport", NOFUNC, T_ATTRIBUTE);
290  	table_init(TAG_SOCKEXLADDR, "laddr", NOFUNC, T_ATTRIBUTE);
291  	table_init(TAG_SOCKEXFPORT, "fport", NOFUNC, T_ATTRIBUTE);
292  	table_init(TAG_SOCKEXFADDR, "faddr", NOFUNC, T_ATTRIBUTE);
293  
294  	table_init(TAG_IPCTYPE, "ipc-type", NOFUNC, T_ATTRIBUTE);
295  	table_init(TAG_IPCID, "ipc-id", pa_adr_int32, T_ATTRIBUTE);
296  
297  	table_init(TAG_ARBPRINT, "print", NOFUNC, T_ATTRIBUTE);
298  	table_init(TAG_ARBTYPE, "type", NOFUNC, T_ATTRIBUTE);
299  	table_init(TAG_ARBCOUNT, "count", NOFUNC, T_ATTRIBUTE);
300  
301  	table_init(TAG_HOSTID, "host", NOFUNC, T_ATTRIBUTE);
302  #endif	/* _PRAUDIT */
303  }
304