xref: /titanic_52/usr/src/lib/libbsm/common/adt_xlate.h (revision bda1f129971950880940a17bab0bf096d5744b0c)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * adt_xlate.h
23  *
24  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25  * Use is subject to license terms.
26  *
27  */
28 
29 #ifndef _BSM_XLATE_H
30 #define	_BSM_XLATE_H
31 
32 #include <priv.h>
33 
34 #include <bsm/libbsm.h>
35 
36 #include <tsol/label.h>
37 
38 #include "adt_event.h"
39 
40 #ifdef	__cplusplus
41 extern "C" {
42 #endif
43 
44 #ifndef TEXT_DOMAIN
45 #define	TEXT_DOMAIN	"SYS_TEST"
46 #endif
47 
48 /*
49  * values for adt_session_model
50  * In the session model, the session and process are unrelated, so
51  * such things as the supplementary group token make no sense.  In
52  * the process model, the process and session are the same.
53  */
54 #define	ADT_SESSION_MODEL	1
55 #define	ADT_PROCESS_MODEL	0
56 
57 #define	ADT_HAVE_MASK	0x01
58 #define	ADT_HAVE_TID	0x02
59 #define	ADT_HAVE_AUID	0x04
60 #define	ADT_HAVE_ASID	0x08
61 #define	ADT_HAVE_IDS	0x10
62 #define	ADT_HAVE_ALL	(uint32_t)\
63 	(ADT_HAVE_MASK | ADT_HAVE_TID | ADT_HAVE_AUID | ADT_HAVE_ASID |\
64 	ADT_HAVE_IDS)
65 
66 /*
67  * dummy token types for privilege
68  */
69 #define	ADT_AUT_PRIV_L	-100	/* limit set */
70 #define	ADT_AUT_PRIV_I	-101	/* inherited set */
71 #define	ADT_AUT_PRIV_E	-102	/* effective set */
72 /* dummy token type for alternate command */
73 #define	ADT_CMD_ALT	-103
74 #define	ADT_IN_PEER	-104	/* peer address in_addr and in_port */
75 
76 enum adt_generic {ADT_GENERIC}; /* base for text enums */
77 
78 typedef struct adt_internal_state	adt_internal_state_t;
79 
80 union union_of_events {
81 	union adt_event_data	d0;
82 };
83 enum adt_msg_list {
84 	ADT_LIST_FAIL_PAM,
85 	ADT_LIST_FAIL_VALUE,
86 	ADT_LIST_LOGIN_TEXT,
87 	ADT_LIST_UADMIN_FCN};
88 
89 enum datatype {ADT_UNDEFINED = 0,
90     ADT_DATE,
91     ADT_MSG,
92     ADT_UINT,
93     ADT_INT,
94     ADT_INT32,
95     ADT_UINT16,
96     ADT_UINT32,
97     ADT_UINT32STAR,
98     ADT_UINT32ARRAY,
99     ADT_UID,
100     ADT_GID,
101     ADT_UIDSTAR,
102     ADT_GIDSTAR,
103     ADT_UINT64,
104     ADT_LONG,
105     ADT_ULONG,
106     ADT_CHAR,
107     ADT_CHARSTAR,
108     ADT_CHAR2STAR,	/* char **			*/
109     ADT_PID,
110     ADT_PRIVSTAR,
111     ADT_TERMIDSTAR,
112     ADT_MLABELSTAR,
113     ADT_FD
114 };
115 typedef enum datatype datatype_t;
116 
117 union convert {
118     enum adt_generic	msg_selector;
119     boolean_t		tbool;
120     uint_t		tuint;
121     int			tint;
122     int32_t		tint32;
123     uint16_t		tuint16;
124     uint32_t		tuint32;
125     uint64_t		tuint64;
126     int32_t		*tint32star;
127     uint32_t		*tuint32star;
128     uid_t		tuid;
129     gid_t		tgid;
130     uid_t		*tuidstar;
131     gid_t		*tgidstar;
132     pid_t		tpid;
133     long		tlong;
134     ulong_t		tulong;
135     char		tchar;
136     char		*tcharstar;
137     char		**tchar2star;
138     au_tid_addr_t 	*ttermid;
139     priv_set_t		*tprivstar;
140     m_label_t		*tm_label;
141     fd_t		tfd;
142 };
143 
144 struct adt_event_state {
145 	union union_of_events	ae_event_data;
146 
147 	/* above is user's area; below is internal.  Order matters */
148 
149 	uint_t		ae_check;	/* see adt_internal_state	*/
150 	int		ae_event_handle;
151 	au_event_t	ae_event_id;	/* external id			*/
152 	au_event_t	ae_internal_id; /* translated			*/
153 	int		ae_rc;		/* exit token rc		*/
154 	int		ae_type;	/* exit error type		*/
155 	struct adt_internal_state *ae_session;
156 };
157 
158 struct datadefs {
159 	datatype_t	dd_datatype;	/* input data type */
160 	size_t		dd_input_size;	/* input data size */
161 };
162 typedef struct datadefs datadef;
163 
164 typedef void (* adt_token_func_t)(datadef *, void *, int,
165     struct adt_event_state *, char *);
166 
167 typedef char *(* adt_msg_func_t)(enum adt_generic);
168 
169 #define	ADT_VALID	0xAAAA5555
170 
171 struct adt_internal_state {
172 	uint32_t	as_check;	/* == ADT_VALID when created,	*/
173 					/* == zero when freed		*/
174 	uid_t		as_euid;
175 	uid_t		as_ruid;
176 	gid_t		as_egid;
177 	gid_t		as_rgid;
178 
179 	struct auditinfo_addr as_info;
180 	/*
181 	 * ai_auid				audit id
182 	 * ai_mask.am_success			pre-selection mask
183 	 * ai_mask.am_failure
184 	 * ai_termid	.at_port		terminal id
185 	 *		.at_type
186 	 *		.ai_termid.at_addr[0]
187 	 *		.ai_termid.at_addr[1]
188 	 *		.ai_termid.at_addr[2]
189 	 *		.ai_termid.at_addr[3]
190 	 * ai_asid				session id
191 	 */
192 	int		as_audit_enabled;	/* audit enable/disable state */
193 	/*
194 	 * data above this line is exported / imported
195 	 * To maintain upward compatibility, the above structures
196 	 * can't change, so for version 2, all changes will need
197 	 * to be added here and the old format (above) maintained.
198 	 */
199 
200 	uint32_t		as_have_user_data;
201 
202 	int			as_kernel_audit_policy;
203 	int			as_session_model;
204 	adt_session_flags_t	as_flags;
205 	pid_t			as_pid;
206 	m_label_t		*as_label;	/* if is_system_labeled */
207 	adt_translation_t	**as_xlate;
208 	void (*as_preload)(au_event_t, adt_event_data_t *);
209 };
210 
211 /*
212  * export data format
213  * version number changes when adt_internal_state's export portion
214  * changes.
215  */
216 #define	PROTOCOL_VERSION_1	1
217 #define	PROTOCOL_VERSION_2	2
218 
219 /*
220  * most recent version is at the top; down level consumers are
221  * expected to search down via "prev_offsetX" to a version they
222  * understand.  "v1" is first, "v0" is used to illustrate correct
223  * order for future use.
224  */
225 
226 struct adt_export_v2 {
227 	int32_t		ax_euid;
228 	int32_t		ax_ruid;
229 	int32_t		ax_egid;
230 	int32_t		ax_rgid;
231 	int32_t		ax_auid;
232 	uint32_t	ax_mask_success;
233 	uint32_t	ax_mask_failure;
234 	uint32_t	ax_port;
235 	uint32_t	ax_type;
236 	uint32_t	ax_addr[4];
237 	uint32_t	ax_asid;
238 	int		ax_audit_enabled;
239 	pid_t		ax_pid;
240 	size32_t	ax_label_len;	/* 0, unlabeled */
241 /*	char		ax_label[ax_label_len];	if, is_system_labeled */
242 };
243 struct adt_export_v1 {
244 	int32_t		ax_euid;
245 	int32_t		ax_ruid;
246 	int32_t		ax_egid;
247 	int32_t		ax_rgid;
248 	int32_t		ax_auid;
249 	uint32_t	ax_mask_success;
250 	uint32_t	ax_mask_failure;
251 	uint32_t	ax_port;
252 	uint32_t	ax_type;
253 	uint32_t	ax_addr[4];
254 	uint32_t	ax_asid;
255 	int		ax_audit_enabled;
256 	uint32_t	ax_size_of_tsol_data;	/* zero for non-TSOL systems */
257 };
258 struct export_link {
259 	int32_t		ax_version;
260 	int32_t		ax_offset;
261 };
262 struct export_header {
263 	uint32_t		ax_check;
264 	int32_t			ax_buffer_length;
265 	struct export_link	ax_link;
266 };
267 
268 struct adt_export_data {
269 	struct export_header	ax_header;
270 
271 	struct		adt_export_v2 ax_v2;
272 	/*
273 	 * end of version 2 data
274 	 */
275 	struct export_link	ax_next_v1;
276 	struct		adt_export_v1 ax_v1;
277 	/*
278 	 * end of version 1 data
279 	 * struct export_link	ax_next_A;
280 	 * data for older version
281 	 * struct adt_export_v0 ax_v0;
282 	 */
283 	struct export_link	ax_last; /* terminator */
284 };
285 
286 /*
287  * struct entry defines rows in tables defined in adt_xlate.c
288  */
289 
290 struct entry {
291 	char		en_token_id;	/* token id */
292 	int		en_count_types;	/* # of input fields for this token */
293 	datadef		*en_type_def;	/* field type and size of each input */
294 	struct entry	*en_next_token;	/* linked list pointer */
295 	size_t		en_offset;	/* offset into structure for input */
296 	int		en_required;	/* if 1, always output a token */
297 	int		en_tsol;	/* if 1, reserved if for TX */
298 	char		*en_msg_format;	/* pointer to sprintf format string */
299 };
300 
301 struct translation {
302 	int		tx_offsetsCalculated;	/* eponymous */
303 	au_event_t	tx_external_event;	/* event id, external view */
304 	au_event_t	tx_internal_event;	/* event id, internal view */
305 	int		tx_entries;		/* array size of entry array */
306 	struct entry	*tx_first_entry;	/* start of linked list */
307 	struct entry	*tx_top_entry;		/* first array element */
308 };
309 
310 struct token_jmp {
311 	long			jmp_id;
312 	adt_token_func_t	jmp_to;
313 };
314 
315 struct msg_text {
316 	int	ml_min_index;
317 	int	ml_max_index;
318 	char	**ml_msg_list;
319 	int	ml_offset;
320 };
321 
322 extern struct msg_text adt_msg_text[];
323 
324 extern void adt_write_syslog(const char *, int);
325 extern void adt_token_open(struct adt_event_state *);
326 extern int adt_token_close(struct adt_event_state *);
327 extern void adt_generate_token(struct entry *, void *,
328     struct adt_event_state *);
329 extern void *adt_adjust_address(void *, size_t, size_t);
330 
331 #ifdef	__cplusplus
332 }
333 #endif
334 
335 #endif	/* _BSM_XLATE_H */
336