usr/src/lib/libbsm/common/adt_xlate.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * adt_xlate.h
  23  *
  24  * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
  25  *
  26  */
  27
  28 #ifndef _BSM_XLATE_H
  29 #define _BSM_XLATE_H
  30
  31 #include <priv.h>
  32
  33 #include <bsm/libbsm.h>
  34
  35 #include <tsol/label.h>
  36
  37 #include "adt_event.h"
  38
  39 #ifdef  __cplusplus
  40 extern "C" {
  41 #endif
  42
  43 #ifndef TEXT_DOMAIN
  44 #define TEXT_DOMAIN     "SYS_TEST"
  45 #endif
  46
  47 /*
  48  * values for adt_session_model
  49  * In the session model, the session and process are unrelated, so
  50  * such things as the supplementary group token make no sense.  In
  51  * the process model, the process and session are the same.
  52  */
  53 #define ADT_SESSION_MODEL       1
  54 #define ADT_PROCESS_MODEL       0
  55
  56 #define ADT_HAVE_MASK   0x01
  57 #define ADT_HAVE_TID    0x02
  58 #define ADT_HAVE_AUID   0x04
  59 #define ADT_HAVE_ASID   0x08
  60 #define ADT_HAVE_IDS    0x10
  61 #define ADT_HAVE_ALL    (uint32_t)\
  62         (ADT_HAVE_MASK | ADT_HAVE_TID | ADT_HAVE_AUID | ADT_HAVE_ASID |\
  63         ADT_HAVE_IDS)
  64
  65 /*
  66  * dummy token types for privilege
  67  */
  68 #define ADT_AUT_PRIV_L  -100    /* limit set */
  69 #define ADT_AUT_PRIV_I  -101    /* inherited set */
  70 #define ADT_AUT_PRIV_E  -102    /* effective set */
  71 #define ADT_CMD_ALT     -103    /* dummy token type for alternate command */
  72 #define ADT_IN_PEER     -104    /* peer address in_addr and in_port */
  73 #define ADT_IN_REMOTE   -105    /* specified address in_addr */
  74
  75 enum adt_generic {ADT_GENERIC}; /* base for text enums */
  76
  77 typedef struct adt_internal_state       adt_internal_state_t;
  78
  79 union union_of_events {
  80         union adt_event_data    d0;
  81 };
  82
  83 /*
  84  * The order of the lists MUST match the order in
  85  * struct msg_text adt_msg_text that is generated by
  86  * auditxml in adt_xlate.c.
  87  */
  88 enum adt_msg_list {
  89         ADT_LIST_FAIL_PAM,
  90         ADT_LIST_FAIL_VALUE,
  91         ADT_LIST_LOGIN_TEXT,
  92         ADT_LIST_TPM_E,
  93         ADT_LIST_UADMIN_FCN};
  94
  95 enum datatype {ADT_UNDEFINED = 0,
  96     ADT_DATE,
  97     ADT_MSG,
  98     ADT_UINT,
  99     ADT_INT,
 100     ADT_INT32,
 101     ADT_UINT16,
 102     ADT_UINT32,
 103     ADT_UINT32STAR,
 104     ADT_UINT32ARRAY,
 105     ADT_UID,
 106     ADT_GID,
 107     ADT_UIDSTAR,
 108     ADT_GIDSTAR,
 109     ADT_UINT64,
 110     ADT_LONG,
 111     ADT_ULONG,
 112     ADT_CHAR,
 113     ADT_CHARSTAR,
 114     ADT_CHAR2STAR,      /* char **                      */
 115     ADT_PID,
 116     ADT_PRIVSTAR,
 117     ADT_TERMIDSTAR,
 118     ADT_MLABELSTAR,
 119     ADT_FD
 120 };
 121 typedef enum datatype datatype_t;
 122
 123 union convert {
 124     enum adt_generic    msg_selector;
 125     boolean_t           tbool;
 126     uint_t              tuint;
 127     int                 tint;
 128     int32_t             tint32;
 129     uint16_t            tuint16;
 130     uint32_t            tuint32;
 131     uint64_t            tuint64;
 132     int32_t             *tint32star;
 133     uint32_t            *tuint32star;
 134     uid_t               tuid;
 135     gid_t               tgid;
 136     uid_t               *tuidstar;
 137     gid_t               *tgidstar;
 138     pid_t               tpid;
 139     long                tlong;
 140     ulong_t             tulong;
 141     char                tchar;
 142     char                *tcharstar;
 143     char                **tchar2star;
 144     au_tid_addr_t       *ttermid;
 145     priv_set_t          *tprivstar;
 146     m_label_t           *tm_label;
 147     fd_t                tfd;
 148 };
 149
 150 struct adt_event_state {
 151         union union_of_events   ae_event_data;
 152
 153         /* above is user's area; below is internal.  Order matters */
 154
 155         uint_t          ae_check;       /* see adt_internal_state       */
 156         int             ae_event_handle;
 157         au_event_t      ae_event_id;    /* external id                  */
 158         au_event_t      ae_internal_id; /* translated                   */
 159         int             ae_rc;          /* exit token rc                */
 160         int             ae_type;        /* exit error type              */
 161         struct adt_internal_state *ae_session;
 162 };
 163
 164 struct datadefs {
 165         datatype_t      dd_datatype;    /* input data type */
 166         size_t          dd_input_size;  /* input data size */
 167 };
 168 typedef struct datadefs datadef;
 169
 170 typedef void (* adt_token_func_t)(datadef *, void *, int,
 171     struct adt_event_state *, char *);
 172
 173 typedef char *(* adt_msg_func_t)(enum adt_generic);
 174
 175 #define ADT_VALID       0xAAAA5555
 176
 177 struct adt_internal_state {
 178         uint32_t        as_check;       /* == ADT_VALID when created,   */
 179                                         /* == zero when freed           */
 180         uid_t           as_euid;
 181         uid_t           as_ruid;
 182         gid_t           as_egid;
 183         gid_t           as_rgid;
 184
 185         struct auditinfo_addr as_info;
 186         /*
 187          * ai_auid                              audit id
 188          * ai_mask.am_success                   pre-selection mask
 189          * ai_mask.am_failure
 190          * ai_termid    .at_port                terminal id
 191          *              .at_type
 192          *              .ai_termid.at_addr[0]
 193          *              .ai_termid.at_addr[1]
 194          *              .ai_termid.at_addr[2]
 195          *              .ai_termid.at_addr[3]
 196          * ai_asid                              session id
 197          */
 198         int             as_audit_state;         /* audit state */
 199         /*
 200          * data above this line is exported / imported
 201          * To maintain upward compatibility, the above structures
 202          * can't change, so for version 2, all changes will need
 203          * to be added here and the old format (above) maintained.
 204          */
 205
 206         uint32_t                as_have_user_data;
 207
 208         uint32_t                as_kernel_audit_policy;
 209         int                     as_session_model;
 210         adt_session_flags_t     as_flags;
 211         pid_t                   as_pid;
 212         m_label_t               *as_label;      /* if is_system_labeled */
 213         adt_translation_t       **as_xlate;
 214         void (*as_preload)(au_event_t, adt_event_data_t *);
 215 };
 216
 217 /*
 218  * export data format
 219  * version number changes when adt_internal_state's export portion
 220  * changes.
 221  */
 222 #define PROTOCOL_VERSION_1      1
 223 #define PROTOCOL_VERSION_2      2
 224
 225 /*
 226  * most recent version is at the top; down level consumers are
 227  * expected to search down via "prev_offsetX" to a version they
 228  * understand.  "v1" is first, "v0" is used to illustrate correct
 229  * order for future use.
 230  */
 231
 232 struct adt_export_v2 {
 233         int32_t         ax_euid;
 234         int32_t         ax_ruid;
 235         int32_t         ax_egid;
 236         int32_t         ax_rgid;
 237         int32_t         ax_auid;
 238         uint32_t        ax_mask_success;
 239         uint32_t        ax_mask_failure;
 240         uint32_t        ax_port;
 241         uint32_t        ax_type;
 242         uint32_t        ax_addr[4];
 243         uint32_t        ax_asid;
 244         int             ax_audit_state;
 245         pid_t           ax_pid;
 246         size32_t        ax_label_len;   /* 0, unlabeled */
 247 /*      char            ax_label[ax_label_len]; if, is_system_labeled */
 248 };
 249 struct adt_export_v1 {
 250         int32_t         ax_euid;
 251         int32_t         ax_ruid;
 252         int32_t         ax_egid;
 253         int32_t         ax_rgid;
 254         int32_t         ax_auid;
 255         uint32_t        ax_mask_success;
 256         uint32_t        ax_mask_failure;
 257         uint32_t        ax_port;
 258         uint32_t        ax_type;
 259         uint32_t        ax_addr[4];
 260         uint32_t        ax_asid;
 261         int             ax_audit_state;
 262         uint32_t        ax_size_of_tsol_data;   /* zero for non-TSOL systems */
 263 };
 264 struct export_link {
 265         int32_t         ax_version;
 266         int32_t         ax_offset;
 267 };
 268 struct export_header {
 269         uint32_t                ax_check;
 270         int32_t                 ax_buffer_length;
 271         struct export_link      ax_link;
 272 };
 273
 274 struct adt_export_data {
 275         struct export_header    ax_header;
 276
 277         struct          adt_export_v2 ax_v2;
 278         /*
 279          * end of version 2 data
 280          */
 281         struct export_link      ax_next_v1;
 282         struct          adt_export_v1 ax_v1;
 283         /*
 284          * end of version 1 data
 285          * struct export_link   ax_next_A;
 286          * data for older version
 287          * struct adt_export_v0 ax_v0;
 288          */
 289         struct export_link      ax_last; /* terminator */
 290 };
 291
 292 /*
 293  * struct entry defines rows in tables defined in adt_xlate.c
 294  */
 295
 296 struct entry {
 297         char            en_token_id;    /* token id */
 298         int             en_count_types; /* # of input fields for this token */
 299         datadef         *en_type_def;   /* field type and size of each input */
 300         struct entry    *en_next_token; /* linked list pointer */
 301         size_t          en_offset;      /* offset into structure for input */
 302         int             en_required;    /* if 1, always output a token */
 303         int             en_tsol;        /* if 1, reserved if for TX */
 304         char            *en_msg_format; /* pointer to sprintf format string */
 305 };
 306
 307 struct translation {
 308         int             tx_offsetsCalculated;   /* eponymous */
 309         au_event_t      tx_external_event;      /* event id, external view */
 310         au_event_t      tx_internal_event;      /* event id, internal view */
 311         int             tx_entries;             /* array size of entry array */
 312         struct entry    *tx_first_entry;        /* start of linked list */
 313         struct entry    *tx_top_entry;          /* first array element */
 314 };
 315
 316 struct token_jmp {
 317         long                    jmp_id;
 318         adt_token_func_t        jmp_to;
 319 };
 320
 321 struct msg_text {
 322         int     ml_min_index;
 323         int     ml_max_index;
 324         char    **ml_msg_list;
 325         int     ml_offset;
 326 };
 327
 328 extern struct msg_text adt_msg_text[];
 329
 330 extern void adt_write_syslog(const char *, int);
 331 extern void adt_token_open(struct adt_event_state *);
 332 extern int adt_token_close(struct adt_event_state *);
 333 extern void adt_generate_token(struct entry *, void *,
 334     struct adt_event_state *);
 335 extern void *adt_adjust_address(void *, size_t, size_t);
 336
 337 #ifdef  __cplusplus
 338 }
 339 #endif
 340
 341 #endif  /* _BSM_XLATE_H */