1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate /* 28*7c478bd9Sstevel@tonic-gate * File name: praudit.h 29*7c478bd9Sstevel@tonic-gate * praudit.c defines, globals 30*7c478bd9Sstevel@tonic-gate */ 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gate #ifndef _PRAUDIT_H 33*7c478bd9Sstevel@tonic-gate #define _PRAUDIT_H 34*7c478bd9Sstevel@tonic-gate 35*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 36*7c478bd9Sstevel@tonic-gate 37*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 38*7c478bd9Sstevel@tonic-gate extern "C" { 39*7c478bd9Sstevel@tonic-gate #endif 40*7c478bd9Sstevel@tonic-gate 41*7c478bd9Sstevel@tonic-gate /* DEFINES */ 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gate /* 44*7c478bd9Sstevel@tonic-gate * output value types 45*7c478bd9Sstevel@tonic-gate */ 46*7c478bd9Sstevel@tonic-gate #define PRA_INT32 0 47*7c478bd9Sstevel@tonic-gate #define PRA_UINT32 1 48*7c478bd9Sstevel@tonic-gate #define PRA_INT64 2 49*7c478bd9Sstevel@tonic-gate #define PRA_UINT64 3 50*7c478bd9Sstevel@tonic-gate #define PRA_SHORT 4 51*7c478bd9Sstevel@tonic-gate #define PRA_USHORT 5 52*7c478bd9Sstevel@tonic-gate #define PRA_CHAR 6 53*7c478bd9Sstevel@tonic-gate #define PRA_UCHAR 7 54*7c478bd9Sstevel@tonic-gate #define PRA_STRING 8 55*7c478bd9Sstevel@tonic-gate #define PRA_HEX32 9 56*7c478bd9Sstevel@tonic-gate #define PRA_HEX64 10 57*7c478bd9Sstevel@tonic-gate #define PRA_SHEX 11 58*7c478bd9Sstevel@tonic-gate #define PRA_OCT 12 59*7c478bd9Sstevel@tonic-gate #define PRA_BYTE 13 60*7c478bd9Sstevel@tonic-gate #define PRA_OUTREC 14 61*7c478bd9Sstevel@tonic-gate #define PRA_LOCT 15 62*7c478bd9Sstevel@tonic-gate 63*7c478bd9Sstevel@tonic-gate /* 64*7c478bd9Sstevel@tonic-gate * Formatting flags 65*7c478bd9Sstevel@tonic-gate */ 66*7c478bd9Sstevel@tonic-gate #define PRF_DEFAULTM 0x0000 /* Default mode */ 67*7c478bd9Sstevel@tonic-gate #define PRF_RAWM 0x0001 /* Raw mode */ 68*7c478bd9Sstevel@tonic-gate #define PRF_SHORTM 0x0002 /* Short mode */ 69*7c478bd9Sstevel@tonic-gate #define PRF_XMLM 0x0004 /* XML format */ 70*7c478bd9Sstevel@tonic-gate #define PRF_ONELINE 0x0008 /* one-line output */ 71*7c478bd9Sstevel@tonic-gate #define PRF_NOCACHE 0x0010 /* don't cache event names */ 72*7c478bd9Sstevel@tonic-gate 73*7c478bd9Sstevel@tonic-gate /* 74*7c478bd9Sstevel@tonic-gate * source of audit data (data_mode) 75*7c478bd9Sstevel@tonic-gate */ 76*7c478bd9Sstevel@tonic-gate #define FILEMODE 1 77*7c478bd9Sstevel@tonic-gate #define PIPEMODE 2 78*7c478bd9Sstevel@tonic-gate #define BUFMODE 3 79*7c478bd9Sstevel@tonic-gate 80*7c478bd9Sstevel@tonic-gate /* 81*7c478bd9Sstevel@tonic-gate * max. number of audit file names entered on command line 82*7c478bd9Sstevel@tonic-gate */ 83*7c478bd9Sstevel@tonic-gate #define MAXFILENAMES 100 84*7c478bd9Sstevel@tonic-gate 85*7c478bd9Sstevel@tonic-gate /* 86*7c478bd9Sstevel@tonic-gate * max. size of file name 87*7c478bd9Sstevel@tonic-gate */ 88*7c478bd9Sstevel@tonic-gate #define MAXFILELEN MAXPATHLEN+MAXNAMLEN+1 89*7c478bd9Sstevel@tonic-gate 90*7c478bd9Sstevel@tonic-gate /* 91*7c478bd9Sstevel@tonic-gate * used to store value to be output 92*7c478bd9Sstevel@tonic-gate */ 93*7c478bd9Sstevel@tonic-gate typedef union u_tag { 94*7c478bd9Sstevel@tonic-gate int32_t int32_val; 95*7c478bd9Sstevel@tonic-gate uint32_t uint32_val; 96*7c478bd9Sstevel@tonic-gate int64_t int64_val; 97*7c478bd9Sstevel@tonic-gate uint64_t uint64_val; 98*7c478bd9Sstevel@tonic-gate short short_val; 99*7c478bd9Sstevel@tonic-gate ushort_t ushort_val; 100*7c478bd9Sstevel@tonic-gate char char_val; 101*7c478bd9Sstevel@tonic-gate char uchar_val; 102*7c478bd9Sstevel@tonic-gate char *string_val; 103*7c478bd9Sstevel@tonic-gate } u_tag_t; 104*7c478bd9Sstevel@tonic-gate typedef struct u_val { 105*7c478bd9Sstevel@tonic-gate int uvaltype; 106*7c478bd9Sstevel@tonic-gate u_tag_t tag; 107*7c478bd9Sstevel@tonic-gate } uval_t; 108*7c478bd9Sstevel@tonic-gate #define int32_val tag.int32_val 109*7c478bd9Sstevel@tonic-gate #define uint32_val tag.uint32_val 110*7c478bd9Sstevel@tonic-gate #define int64_val tag.int64_val 111*7c478bd9Sstevel@tonic-gate #define uint64_val tag.uint64_val 112*7c478bd9Sstevel@tonic-gate #define short_val tag.short_val 113*7c478bd9Sstevel@tonic-gate #define ushort_val tag.ushort_val 114*7c478bd9Sstevel@tonic-gate #define char_val tag.char_val 115*7c478bd9Sstevel@tonic-gate #define uchar_val tag.uchar_val 116*7c478bd9Sstevel@tonic-gate #define string_val tag.string_val 117*7c478bd9Sstevel@tonic-gate 118*7c478bd9Sstevel@tonic-gate 119*7c478bd9Sstevel@tonic-gate /* 120*7c478bd9Sstevel@tonic-gate * Strings and things for xml prolog & ending printing. 121*7c478bd9Sstevel@tonic-gate */ 122*7c478bd9Sstevel@tonic-gate #define prolog1 "<?xml version='1.0' encoding='UTF-8' ?>\n" 123*7c478bd9Sstevel@tonic-gate #define prolog2 "\n<!DOCTYPE audit PUBLIC " \ 124*7c478bd9Sstevel@tonic-gate "'-//Sun Microsystems, Inc.//DTD Audit V1//EN' " \ 125*7c478bd9Sstevel@tonic-gate "'file:///usr/share/lib/xml/dtd/adt_record.dtd.1'>\n\n" 126*7c478bd9Sstevel@tonic-gate #define prolog_xsl "<?xml-stylesheet type='text/xsl' " \ 127*7c478bd9Sstevel@tonic-gate "href='file:///usr/share/lib/xml/style/adt_record.xsl.1' ?>\n" 128*7c478bd9Sstevel@tonic-gate 129*7c478bd9Sstevel@tonic-gate /* Special main element: */ 130*7c478bd9Sstevel@tonic-gate #define xml_start "<audit>" 131*7c478bd9Sstevel@tonic-gate #define xml_ending "\n</audit>\n" 132*7c478bd9Sstevel@tonic-gate 133*7c478bd9Sstevel@tonic-gate #define xml_prolog_len (sizeof (prolog1) + sizeof (prolog2) + \ 134*7c478bd9Sstevel@tonic-gate sizeof (prolog_xsl) + sizeof (xml_start) + 1) 135*7c478bd9Sstevel@tonic-gate #define xml_end_len (sizeof (xml_ending) + 1) 136*7c478bd9Sstevel@tonic-gate 137*7c478bd9Sstevel@tonic-gate /* 138*7c478bd9Sstevel@tonic-gate * used to save context for print_audit and related functions. 139*7c478bd9Sstevel@tonic-gate */ 140*7c478bd9Sstevel@tonic-gate 141*7c478bd9Sstevel@tonic-gate #define SEP_SIZE 4 142*7c478bd9Sstevel@tonic-gate 143*7c478bd9Sstevel@tonic-gate struct pr_context { 144*7c478bd9Sstevel@tonic-gate int format; 145*7c478bd9Sstevel@tonic-gate int data_mode; 146*7c478bd9Sstevel@tonic-gate char SEPARATOR[SEP_SIZE]; /* field separator */ 147*7c478bd9Sstevel@tonic-gate signed char tokenid; /* initial token ID */ 148*7c478bd9Sstevel@tonic-gate adr_t *audit_adr; /* audit record */ 149*7c478bd9Sstevel@tonic-gate adrf_t *audit_adrf; /* audit record, file mode */ 150*7c478bd9Sstevel@tonic-gate int audit_rec_len; 151*7c478bd9Sstevel@tonic-gate char *audit_rec_start; 152*7c478bd9Sstevel@tonic-gate 153*7c478bd9Sstevel@tonic-gate char *inbuf_start; 154*7c478bd9Sstevel@tonic-gate char *inbuf_last; /* ptr to byte after latest completed */ 155*7c478bd9Sstevel@tonic-gate /* header or file token in the input */ 156*7c478bd9Sstevel@tonic-gate int inbuf_totalsize; 157*7c478bd9Sstevel@tonic-gate char *outbuf_p; 158*7c478bd9Sstevel@tonic-gate char *outbuf_start; 159*7c478bd9Sstevel@tonic-gate char *outbuf_last; /* ptr to byte after latest completed */ 160*7c478bd9Sstevel@tonic-gate /* header or file token in the output */ 161*7c478bd9Sstevel@tonic-gate int outbuf_remain_len; 162*7c478bd9Sstevel@tonic-gate 163*7c478bd9Sstevel@tonic-gate int pending_flag; /* open of extended tag not completed */ 164*7c478bd9Sstevel@tonic-gate int current_rec; /* id of current record */ 165*7c478bd9Sstevel@tonic-gate }; 166*7c478bd9Sstevel@tonic-gate typedef struct pr_context pr_context_t; 167*7c478bd9Sstevel@tonic-gate 168*7c478bd9Sstevel@tonic-gate 169*7c478bd9Sstevel@tonic-gate extern void init_tokens(void); 170*7c478bd9Sstevel@tonic-gate 171*7c478bd9Sstevel@tonic-gate extern int open_tag(pr_context_t *context, int); 172*7c478bd9Sstevel@tonic-gate extern int finish_open_tag(pr_context_t *context); 173*7c478bd9Sstevel@tonic-gate extern int check_close_rec(pr_context_t *context, int); 174*7c478bd9Sstevel@tonic-gate extern int close_tag(pr_context_t *context, int); 175*7c478bd9Sstevel@tonic-gate extern int process_tag(pr_context_t *context, int, int, int); 176*7c478bd9Sstevel@tonic-gate 177*7c478bd9Sstevel@tonic-gate extern int is_file_token(int); 178*7c478bd9Sstevel@tonic-gate extern int is_header_token(int); 179*7c478bd9Sstevel@tonic-gate extern int is_token(int); 180*7c478bd9Sstevel@tonic-gate extern int do_newline(pr_context_t *context, int); 181*7c478bd9Sstevel@tonic-gate 182*7c478bd9Sstevel@tonic-gate extern char *bu2string(char basic_unit); 183*7c478bd9Sstevel@tonic-gate extern int convert_char_to_string(char printmode, char c, char *p); 184*7c478bd9Sstevel@tonic-gate extern int convert_int32_to_string(char printmode, int32_t c, char *p); 185*7c478bd9Sstevel@tonic-gate extern int convert_int64_to_string(char printmode, int64_t c, char *p); 186*7c478bd9Sstevel@tonic-gate extern int convert_short_to_string(char printmode, short c, char *p); 187*7c478bd9Sstevel@tonic-gate extern int findfieldwidth(char basicunit, char howtoprint); 188*7c478bd9Sstevel@tonic-gate extern void get_Hname(uint32_t addr, char *buf, size_t buflen); 189*7c478bd9Sstevel@tonic-gate extern void get_Hname_ex(uint32_t *addr, char *buf, size_t buflen); 190*7c478bd9Sstevel@tonic-gate extern char *hexconvert(char *c, int size, int chunk); 191*7c478bd9Sstevel@tonic-gate extern char *htp2string(char print_sugg); 192*7c478bd9Sstevel@tonic-gate extern int pa_print(pr_context_t *context, uval_t *uval, int flag); 193*7c478bd9Sstevel@tonic-gate extern int pa_reclen(pr_context_t *context, int status); 194*7c478bd9Sstevel@tonic-gate extern int pa_file_string(pr_context_t *context, int status, int flag); 195*7c478bd9Sstevel@tonic-gate extern int pa_adr_int32(pr_context_t *context, int status, int flag); 196*7c478bd9Sstevel@tonic-gate extern int pa_adr_int64(pr_context_t *context, int status, int flag); 197*7c478bd9Sstevel@tonic-gate extern int pa_utime32(pr_context_t *context, int status, int flag); 198*7c478bd9Sstevel@tonic-gate extern int pa_ntime32(pr_context_t *context, int status, int flag); 199*7c478bd9Sstevel@tonic-gate extern int pa_utime64(pr_context_t *context, int status, int flag); 200*7c478bd9Sstevel@tonic-gate extern int pa_ntime64(pr_context_t *context, int status, int flag); 201*7c478bd9Sstevel@tonic-gate extern int pa_adr_string(pr_context_t *context, int status, int flag); 202*7c478bd9Sstevel@tonic-gate extern int pa_adr_u_int32(pr_context_t *context, int status, int flag); 203*7c478bd9Sstevel@tonic-gate extern int pa_adr_u_int64(pr_context_t *context, int status, int flag); 204*7c478bd9Sstevel@tonic-gate extern int pa_adr_byte(pr_context_t *context, int status, int flag); 205*7c478bd9Sstevel@tonic-gate extern int pa_event_type(pr_context_t *context, int status, int flag); 206*7c478bd9Sstevel@tonic-gate extern int pa_event_modifier(pr_context_t *context, int status, int flag); 207*7c478bd9Sstevel@tonic-gate extern int pa_adr_int32hex(pr_context_t *context, int status, int flag); 208*7c478bd9Sstevel@tonic-gate extern int pa_adr_int64hex(pr_context_t *context, int status, int flag); 209*7c478bd9Sstevel@tonic-gate extern int pa_pw_uid(pr_context_t *context, int status, int flag); 210*7c478bd9Sstevel@tonic-gate extern int pa_gr_uid(pr_context_t *context, int status, int flag); 211*7c478bd9Sstevel@tonic-gate extern int pa_pw_uid_gr_gid(pr_context_t *context, int status, int flag); 212*7c478bd9Sstevel@tonic-gate extern int pa_hostname(pr_context_t *context, int status, int flag); 213*7c478bd9Sstevel@tonic-gate extern int pa_hostname_ex(pr_context_t *context, int status, int flag); 214*7c478bd9Sstevel@tonic-gate extern int pa_hostname_so(pr_context_t *context, int status, int flag); 215*7c478bd9Sstevel@tonic-gate extern int pa_adr_u_short(pr_context_t *context, int status, int flag); 216*7c478bd9Sstevel@tonic-gate extern int pa_tid32(pr_context_t *context, int status, int flag); 217*7c478bd9Sstevel@tonic-gate extern int pa_tid64(pr_context_t *context, int status, int flag); 218*7c478bd9Sstevel@tonic-gate extern int pa_tid32_ex(pr_context_t *context, int status, int flag); 219*7c478bd9Sstevel@tonic-gate extern int pa_tid64_ex(pr_context_t *context, int status, int flag); 220*7c478bd9Sstevel@tonic-gate extern int pa_adr_charhex(pr_context_t *context, int status, int flag); 221*7c478bd9Sstevel@tonic-gate extern int pa_adr_short(pr_context_t *context, int status, int flag); 222*7c478bd9Sstevel@tonic-gate extern int pa_adr_shorthex(pr_context_t *context, int status, int flag); 223*7c478bd9Sstevel@tonic-gate extern int pa_mode(pr_context_t *context, int status, int flag); 224*7c478bd9Sstevel@tonic-gate extern int pa_cmd(pr_context_t *context, int status, int flag); 225*7c478bd9Sstevel@tonic-gate extern int pa_string(pr_context_t *context, int status, int flag); 226*7c478bd9Sstevel@tonic-gate extern int pa_liaison(pr_context_t *context, int status, int flag); 227*7c478bd9Sstevel@tonic-gate extern int pa_xgeneric(pr_context_t *context); 228*7c478bd9Sstevel@tonic-gate extern int pa_xid(pr_context_t *context, int status, int flag); 229*7c478bd9Sstevel@tonic-gate extern void pa_error(const uchar_t err, char *buf, size_t buflen); 230*7c478bd9Sstevel@tonic-gate extern void pa_retval(const int32_t value, char *buf, size_t buflen); 231*7c478bd9Sstevel@tonic-gate extern int pa_ip_addr(pr_context_t *context, int status, int flag); 232*7c478bd9Sstevel@tonic-gate extern int pr_adr_char(pr_context_t *context, char *cp, int count); 233*7c478bd9Sstevel@tonic-gate extern int pr_adr_short(pr_context_t *context, short *sp, int count); 234*7c478bd9Sstevel@tonic-gate extern int pr_adr_int32(pr_context_t *context, int32_t *lp, int count); 235*7c478bd9Sstevel@tonic-gate extern int pr_adr_int64(pr_context_t *context, int64_t *lp, int count); 236*7c478bd9Sstevel@tonic-gate extern int pr_adr_u_int32(pr_context_t *context, uint32_t *cp, int count); 237*7c478bd9Sstevel@tonic-gate extern int pr_adr_u_char(pr_context_t *context, uchar_t *cp, int count); 238*7c478bd9Sstevel@tonic-gate extern int pr_adr_u_int64(pr_context_t *context, uint64_t *lp, int count); 239*7c478bd9Sstevel@tonic-gate extern int pr_adr_u_short(pr_context_t *context, ushort_t *sp, int count); 240*7c478bd9Sstevel@tonic-gate extern int pr_putchar(pr_context_t *context, char); 241*7c478bd9Sstevel@tonic-gate extern int pr_printf(pr_context_t *context, const char *format, ...); 242*7c478bd9Sstevel@tonic-gate extern int pr_input_remaining(pr_context_t *context, size_t size); 243*7c478bd9Sstevel@tonic-gate 244*7c478bd9Sstevel@tonic-gate /* 245*7c478bd9Sstevel@tonic-gate * Functions that format audit data 246*7c478bd9Sstevel@tonic-gate */ 247*7c478bd9Sstevel@tonic-gate extern int print_audit(const int, const char *); 248*7c478bd9Sstevel@tonic-gate extern int print_audit_buf(char **, int *, char **, int *, const int, 249*7c478bd9Sstevel@tonic-gate const char *); 250*7c478bd9Sstevel@tonic-gate extern void print_audit_xml_prolog(void); 251*7c478bd9Sstevel@tonic-gate extern void print_audit_xml_ending(void); 252*7c478bd9Sstevel@tonic-gate extern int print_audit_xml_prolog_buf(char *out_buf, 253*7c478bd9Sstevel@tonic-gate const int out_buf_len); 254*7c478bd9Sstevel@tonic-gate extern int print_audit_xml_ending_buf(char *out_buf, 255*7c478bd9Sstevel@tonic-gate const int out_buf_len); 256*7c478bd9Sstevel@tonic-gate 257*7c478bd9Sstevel@tonic-gate 258*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 259*7c478bd9Sstevel@tonic-gate } 260*7c478bd9Sstevel@tonic-gate #endif 261*7c478bd9Sstevel@tonic-gate 262*7c478bd9Sstevel@tonic-gate #endif /* _PRAUDIT_H */ 263