usr/src/cmd/auditreduce/auditrt.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 #ifndef _AUDITRT_H
  27 #define _AUDITRT_H
  28
  29 #ifdef  __cplusplus
  30 extern "C" {
  31 #endif
  32
  33 /*
  34  * Auditreduce data structures.
  35  */
  36
  37 /*
  38  * File Control Block
  39  * Controls a single file.
  40  * These are held by the pcb's in audit_pcbs[] in a linked list.
  41  * There is one fcb for each file controlled by the pcb,
  42  * and all of the files in a list have the same suffix in their names.
  43  */
  44 struct audit_fcb {
  45         struct audit_fcb *fcb_next;     /* ptr to next fcb in list */
  46         int     fcb_flags;      /* flags - see below */
  47         time_t  fcb_start;      /* start time from filename */
  48         time_t  fcb_end;        /* end time from filename */
  49         char    *fcb_suffix;    /* ptr to suffix in fcb_file */
  50         char    *fcb_name;      /* ptr to name in fcb_file */
  51         char    fcb_file[1];    /* full path and name string */
  52 };
  53
  54 typedef struct audit_fcb audit_fcb_t;
  55
  56 /*
  57  * Flags for fcb_flags.
  58  */
  59 #define FF_NOTTERM      0x01    /* file is "not_terminated" */
  60 #define FF_DELETE       0x02    /* we may delete this file if requested */
  61
  62 /*
  63  * Process Control Block
  64  * A pcb comes in two types:
  65  * It controls either:
  66  *
  67  * 1.   A single group of pcbs (processes that are lower on the process tree).
  68  *      These are the pcb's that the process tree is built from.
  69  *      These are allocated as needed while the process tree is being built.
  70  *
  71  * 2.   A single group of files (fcbs).
  72  *      All of the files in one pcb have the same suffix in their filename.
  73  *      They are controlled by the leaf nodes of the process tree.
  74  *      They are found in audit_pcbs[].
  75  *      They are initially setup by process_fileopt() when the files to be
  76  *      processes are gathered together. Then they are parsed out to
  77  *      the leaf nodes by mfork().
  78  *      A particular leaf node's range of audit_pcbs[] is determined
  79  *      in the call to mfork() by the lo and hi paramters.
  80  */
  81 struct audit_pcb {
  82         struct audit_pcb *pcb_below;    /* ptr to group of pcb's */
  83         struct audit_pcb *pcb_next;     /* ptr to next - for list in mproc() */
  84         int     pcb_procno;     /* subprocess # */
  85         int     pcb_nrecs;      /* how many records read (current pcb/file) */
  86         int     pcb_nprecs;     /* how many records put (current pcb/file) */
  87         int     pcb_flags;      /* flags - see below */
  88         int     pcb_count;      /* count of active pcb's */
  89         int     pcb_lo;         /* low index for pcb's */
  90         int     pcb_hi;         /* hi index for pcb's */
  91         int     pcb_size;       /* size of current record buffer */
  92         time_t  pcb_time;       /* time of current record */
  93         time_t  pcb_otime;      /* time of previous record */
  94         char    *pcb_rec;       /* ptr to current record buffer */
  95         char    *pcb_suffix;    /* ptr to suffix name (string) */
  96         audit_fcb_t *pcb_first; /* ptr to first fcb_ */
  97         audit_fcb_t *pcb_last;  /* ptr to last fcb_ */
  98         audit_fcb_t *pcb_cur;   /* ptr to current fcb_ */
  99         audit_fcb_t *pcb_dfirst; /* ptr to first fcb_ for deleting */
 100         audit_fcb_t *pcb_dlast; /* ptr to last fcb_ for deleting */
 101         FILE     *pcb_fpr;      /* read stream */
 102         FILE     *pcb_fpw;      /* write stream */
 103 };
 104
 105 typedef struct audit_pcb audit_pcb_t;
 106
 107 /*
 108  * Flags for pcb_flags
 109  */
 110 #define PF_ROOT         0x01    /* current pcb is the root of process tree */
 111 #define PF_LEAF         0x02    /* current pcb is a leaf of process tree */
 112 #define PF_USEFILE      0x04    /* current pcb uses files as input, not pipes */
 113
 114 /*
 115  * Message selection options
 116  */
 117 #define M_AFTER         0x0001  /* 'a' after a time */
 118 #define M_BEFORE        0x0002  /* 'b' before a time */
 119 #define M_CLASS         0x0004  /* 'c' event class */
 120 #define M_GROUPE        0x0008  /* 'f' effective group-id */
 121 #define M_GROUPR        0x0010  /* 'g' real group-id */
 122 #define M_OBJECT        0x0020  /* 'o' object */
 123 #define M_SUBJECT       0x0040  /* 'j' subject */
 124 #define M_TYPE          0x0080  /* 'm' event type */
 125 #define M_USERA         0x0100  /* 'u' audit user */
 126 #define M_USERE         0x0200  /* 'e' effective user */
 127 #define M_USERR         0x0400  /* 'r' real user */
 128 #define M_ZONENAME      0x1000  /* 'z' zone name */
 129 #define M_SID           0x2000  /* 's' session ID */
 130 #define M_SORF          0x4000  /* success or failure of event */
 131 #define M_TID           0x8000  /* 't' terminal ID */
 132 /*
 133  * object types
 134  */
 135
 136 /* XXX Why is this a bit map?  There can be only one M_OBJECT. */
 137
 138 #define OBJ_LP          0x00001  /* 'o' lp object */
 139 #define OBJ_MSG         0x00002  /* 'o' msgq object */
 140 #define OBJ_PATH        0x00004  /* 'o' file system object */
 141 #define OBJ_PROC        0x00008  /* 'o' process object */
 142 #define OBJ_SEM         0x00010  /* 'o' semaphore object */
 143 #define OBJ_SHM         0x00020  /* 'o' shared memory object */
 144 #define OBJ_SOCK        0x00040  /* 'o' socket object */
 145 #define OBJ_FGROUP      0x00080  /* 'o' file group */
 146 #define OBJ_FOWNER      0x00100  /* 'o' file owner */
 147 #define OBJ_MSGGROUP    0x00200  /* 'o' msgq [c]group */
 148 #define OBJ_MSGOWNER    0x00400  /* 'o' msgq [c]owner */
 149 #define OBJ_PGROUP      0x00800  /* 'o' process [e]group */
 150 #define OBJ_POWNER      0x01000  /* 'o' process [e]owner */
 151 #define OBJ_SEMGROUP    0x02000  /* 'o' semaphore [c]group */
 152 #define OBJ_SEMOWNER    0x04000  /* 'o' semaphore [c]owner */
 153 #define OBJ_SHMGROUP    0x08000  /* 'o' shared memory [c]group */
 154 #define OBJ_SHMOWNER    0x10000  /* 'o' shared memory [c]owner */
 155 #define OBJ_FMRI        0x20000  /* 'o' fmri object */
 156 #define OBJ_USER        0x40000  /* 'o' user object */
 157
 158 #define SOCKFLG_MACHINE 0       /* search socket token by machine name */
 159 #define SOCKFLG_PORT    1       /* search socket token by port number */
 160
 161 /*
 162  * Global variables
 163  */
 164 extern unsigned short m_type;   /* 'm' message type */
 165 extern gid_t    m_groupr;       /* 'g' real group-id */
 166 extern gid_t    m_groupe;       /* 'f' effective group-id */
 167 extern uid_t    m_usera;        /* 'u' audit user */
 168 extern uid_t    m_userr;        /* 'r' real user */
 169 extern uid_t    m_usere;        /* 'f' effective user */
 170 extern au_asid_t m_sid;         /* 's' session-id */
 171 extern time_t   m_after;        /* 'a' after a time */
 172 extern time_t   m_before;       /* 'b' before a time */
 173 extern audit_state_t mask;      /* used with m_class */
 174 extern char     *zonename;      /* 'z' zonename */
 175
 176 extern int      flags;
 177 extern int      checkflags;
 178 extern int      socket_flag;
 179 extern int      ip_type;
 180 extern uchar_t  ip_ipv6[16];    /* ip ipv6 object identifier */
 181 extern int      obj_flag;       /* 'o' object type */
 182 extern int      obj_id;         /* object identifier */
 183 extern gid_t    obj_group;      /* object group */
 184 extern uid_t    obj_owner;      /* object owner */
 185 extern int      subj_id;        /* subject identifier */
 186 extern char     ipc_type;       /* 'o' object type - tell what type of IPC */
 187 extern scf_pattern_t fmri;      /* 'o' fmri value */
 188 extern uid_t    obj_user;       /* 'o' user value */
 189
 190 /*
 191  * File selection options
 192  */
 193 extern char     *f_machine;     /* 'M' machine (suffix) type */
 194 extern char     *f_root;        /* 'R' audit root */
 195 extern char     *f_server;      /* 'S' server */
 196 extern char     *f_outfile;     /* 'W' output file */
 197 extern int      f_all;          /* 'A' all records from a file */
 198 extern int      f_complete;     /* 'C' only completed files */
 199 extern int      f_delete;       /* 'D' delete when done */
 200 extern int      f_quiet;        /* 'Q' sshhhh! */
 201 extern int      f_verbose;      /* 'V' verbose */
 202 extern int      f_stdin;        /* '-' read from stdin */
 203 extern int      f_cmdline;      /*      files specified on the command line */
 204 extern int      new_mode;       /* 'N' new object selection mode */
 205
 206 /*
 207  * Error reporting
 208  * Error_str is set whenever an error occurs to point to a string describing
 209  * the error. When the error message is printed error_str is also
 210  * printed to describe exactly what went wrong.
 211  * Errbuf is used to build messages with variables in them.
 212  */
 213 extern char     *error_str;     /* current error message */
 214 extern char     errbuf[];       /* buffer for building error message */
 215 extern char     *ar;            /* => "auditreduce:" */
 216
 217 /*
 218  * Control blocks
 219  * Audit_pcbs[] is an array of pcbs that control files directly.
 220  * In the program's initialization phase it will gather all of the input
 221  * files it needs to process. Each file will have one fcb allocated for it,
 222  * and each fcb will belong to one pcb from audit_pcbs[]. All of the files
 223  * in a single pcb will have the same suffix in their filenames. If the
 224  * number of active pcbs in audit_pcbs[] is greater that the number of open
 225  * files a single process can have then the program will need to fork
 226  * subprocesses to handle all of the files.
 227  */
 228 extern audit_pcb_t *audit_pcbs; /* file-holding pcb's */
 229 extern int      pcbsize;        /* current size of audit_pcbs[] */
 230 extern int      pcbnum;         /* total # of active pcbs in audit_pcbs[] */
 231
 232 /*
 233  * Time values
 234  */
 235 extern time_t f_start;          /* time of start rec for outfile */
 236 extern time_t f_end;            /* time of end rec for outfile */
 237 extern time_t time_now;         /* time program began */
 238
 239 /*
 240  * Counting vars
 241  */
 242 extern int      filenum;        /* number of files total */
 243
 244 /*
 245  * Global variable, class of current record being processed.
 246  */
 247 extern int      global_class;
 248
 249 #ifdef  __cplusplus
 250 }
 251 #endif
 252
 253 #endif /* _AUDITRT_H */