usr/src/lib/libbsm/common/adt_xlate.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * adt_xlate.h
  23  *
  24  * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
  25  *
  26  */
  27
  28 #ifndef _BSM_XLATE_H
  29 #define _BSM_XLATE_H
  30
  31 #include <sys/types32.h>
  32 #include <priv.h>
  33 #include <bsm/libbsm.h>
  34
  35 #include "adt_event.h"
  36
  37 #ifdef  __cplusplus
  38 extern "C" {
  39 #endif
  40
  41 #ifndef TEXT_DOMAIN
  42 #define TEXT_DOMAIN     "SYS_TEST"
  43 #endif
  44
  45 /*
  46  * values for adt_session_model
  47  * In the session model, the session and process are unrelated, so
  48  * such things as the supplementary group token make no sense.  In
  49  * the process model, the process and session are the same.
  50  */
  51 #define ADT_SESSION_MODEL       1
  52 #define ADT_PROCESS_MODEL       0
  53
  54 #define ADT_HAVE_MASK   0x01
  55 #define ADT_HAVE_TID    0x02
  56 #define ADT_HAVE_AUID   0x04
  57 #define ADT_HAVE_ASID   0x08
  58 #define ADT_HAVE_IDS    0x10
  59 #define ADT_HAVE_ALL    (uint32_t)\
  60         (ADT_HAVE_MASK | ADT_HAVE_TID | ADT_HAVE_AUID | ADT_HAVE_ASID |\
  61         ADT_HAVE_IDS)
  62
  63 /*
  64  * dummy token types for privilege
  65  */
  66 #define ADT_AUT_PRIV_L  -100    /* limit set */
  67 #define ADT_AUT_PRIV_I  -101    /* inherited set */
  68 #define ADT_AUT_PRIV_E  -102    /* effective set */
  69 #define ADT_CMD_ALT     -103    /* dummy token type for alternate command */
  70 #define ADT_IN_PEER     -104    /* peer address in_addr and in_port */
  71 #define ADT_IN_REMOTE   -105    /* specified address in_addr */
  72
  73 enum adt_generic {ADT_GENERIC}; /* base for text enums */
  74
  75 typedef struct adt_internal_state       adt_internal_state_t;
  76
  77 union union_of_events {
  78         union adt_event_data    d0;
  79 };
  80
  81 /*
  82  * The order of the lists MUST match the order in
  83  * struct msg_text adt_msg_text that is generated by
  84  * auditxml in adt_xlate.c.
  85  */
  86 enum adt_msg_list {
  87         ADT_LIST_FAIL_PAM,
  88         ADT_LIST_FAIL_VALUE,
  89         ADT_LIST_LOGIN_TEXT,
  90         ADT_LIST_TPM_E,
  91         ADT_LIST_UADMIN_FCN};
  92
  93 enum datatype {ADT_UNDEFINED = 0,
  94     ADT_DATE,
  95     ADT_MSG,
  96     ADT_UINT,
  97     ADT_INT,
  98     ADT_INT32,
  99     ADT_UINT16,
 100     ADT_UINT32,
 101     ADT_UINT32STAR,
 102     ADT_UINT32ARRAY,
 103     ADT_UID,
 104     ADT_GID,
 105     ADT_UIDSTAR,
 106     ADT_GIDSTAR,
 107     ADT_UINT64,
 108     ADT_LONG,
 109     ADT_ULONG,
 110     ADT_CHAR,
 111     ADT_CHARSTAR,
 112     ADT_CHAR2STAR,      /* char **                      */
 113     ADT_PID,
 114     ADT_PRIVSTAR,
 115     ADT_TERMIDSTAR,
 116     ADT_FD
 117 };
 118 typedef enum datatype datatype_t;
 119
 120 union convert {
 121     enum adt_generic    msg_selector;
 122     boolean_t           tbool;
 123     uint_t              tuint;
 124     int                 tint;
 125     int32_t             tint32;
 126     uint16_t            tuint16;
 127     uint32_t            tuint32;
 128     uint64_t            tuint64;
 129     int32_t             *tint32star;
 130     uint32_t            *tuint32star;
 131     uid_t               tuid;
 132     gid_t               tgid;
 133     uid_t               *tuidstar;
 134     gid_t               *tgidstar;
 135     pid_t               tpid;
 136     long                tlong;
 137     ulong_t             tulong;
 138     char                tchar;
 139     char                *tcharstar;
 140     char                **tchar2star;
 141     au_tid_addr_t       *ttermid;
 142     priv_set_t          *tprivstar;
 143     fd_t                tfd;
 144 };
 145
 146 struct adt_event_state {
 147         union union_of_events   ae_event_data;
 148
 149         /* above is user's area; below is internal.  Order matters */
 150
 151         uint_t          ae_check;       /* see adt_internal_state       */
 152         int             ae_event_handle;
 153         au_event_t      ae_event_id;    /* external id                  */
 154         au_event_t      ae_internal_id; /* translated                   */
 155         int             ae_rc;          /* exit token rc                */
 156         int             ae_type;        /* exit error type              */
 157         struct adt_internal_state *ae_session;
 158 };
 159
 160 struct datadefs {
 161         datatype_t      dd_datatype;    /* input data type */
 162         size_t          dd_input_size;  /* input data size */
 163 };
 164 typedef struct datadefs datadef;
 165
 166 typedef void (* adt_token_func_t)(datadef *, void *, int,
 167     struct adt_event_state *, char *);
 168
 169 typedef char *(* adt_msg_func_t)(enum adt_generic);
 170
 171 #define ADT_VALID       0xAAAA5555
 172
 173 struct adt_internal_state {
 174         uint32_t        as_check;       /* == ADT_VALID when created,   */
 175                                         /* == zero when freed           */
 176         uid_t           as_euid;
 177         uid_t           as_ruid;
 178         gid_t           as_egid;
 179         gid_t           as_rgid;
 180
 181         struct auditinfo_addr as_info;
 182         /*
 183          * ai_auid                              audit id
 184          * ai_mask.am_success                   pre-selection mask
 185          * ai_mask.am_failure
 186          * ai_termid    .at_port                terminal id
 187          *              .at_type
 188          *              .ai_termid.at_addr[0]
 189          *              .ai_termid.at_addr[1]
 190          *              .ai_termid.at_addr[2]
 191          *              .ai_termid.at_addr[3]
 192          * ai_asid                              session id
 193          */
 194         int             as_audit_state;         /* audit state */
 195         /*
 196          * data above this line is exported / imported
 197          * To maintain upward compatibility, the above structures
 198          * can't change, so for version 2, all changes will need
 199          * to be added here and the old format (above) maintained.
 200          */
 201
 202         uint32_t                as_have_user_data;
 203
 204         uint32_t                as_kernel_audit_policy;
 205         int                     as_session_model;
 206         adt_session_flags_t     as_flags;
 207         pid_t                   as_pid;
 208         adt_translation_t       **as_xlate;
 209         void (*as_preload)(au_event_t, adt_event_data_t *);
 210 };
 211
 212 /*
 213  * export data format
 214  * version number changes when adt_internal_state's export portion
 215  * changes.
 216  */
 217 #define PROTOCOL_VERSION_1      1
 218 #define PROTOCOL_VERSION_2      2
 219
 220 /*
 221  * most recent version is at the top; down level consumers are
 222  * expected to search down via "prev_offsetX" to a version they
 223  * understand.  "v1" is first, "v0" is used to illustrate correct
 224  * order for future use.
 225  */
 226
 227 struct adt_export_v2 {
 228         int32_t         ax_euid;
 229         int32_t         ax_ruid;
 230         int32_t         ax_egid;
 231         int32_t         ax_rgid;
 232         int32_t         ax_auid;
 233         uint32_t        ax_mask_success;
 234         uint32_t        ax_mask_failure;
 235         uint32_t        ax_port;
 236         uint32_t        ax_type;
 237         uint32_t        ax_addr[4];
 238         uint32_t        ax_asid;
 239         int             ax_audit_state;
 240         pid_t           ax_pid;
 241 };
 242 struct adt_export_v1 {
 243         int32_t         ax_euid;
 244         int32_t         ax_ruid;
 245         int32_t         ax_egid;
 246         int32_t         ax_rgid;
 247         int32_t         ax_auid;
 248         uint32_t        ax_mask_success;
 249         uint32_t        ax_mask_failure;
 250         uint32_t        ax_port;
 251         uint32_t        ax_type;
 252         uint32_t        ax_addr[4];
 253         uint32_t        ax_asid;
 254         int             ax_audit_state;
 255 };
 256 struct export_link {
 257         int32_t         ax_version;
 258         int32_t         ax_offset;
 259 };
 260 struct export_header {
 261         uint32_t                ax_check;
 262         int32_t                 ax_buffer_length;
 263         struct export_link      ax_link;
 264 };
 265
 266 struct adt_export_data {
 267         struct export_header    ax_header;
 268
 269         struct          adt_export_v2 ax_v2;
 270         /*
 271          * end of version 2 data
 272          */
 273         struct export_link      ax_next_v1;
 274         struct          adt_export_v1 ax_v1;
 275         /*
 276          * end of version 1 data
 277          * struct export_link   ax_next_A;
 278          * data for older version
 279          * struct adt_export_v0 ax_v0;
 280          */
 281         struct export_link      ax_last; /* terminator */
 282 };
 283
 284 /*
 285  * struct entry defines rows in tables defined in adt_xlate.c
 286  */
 287
 288 struct entry {
 289         char            en_token_id;    /* token id */
 290         int             en_count_types; /* # of input fields for this token */
 291         datadef         *en_type_def;   /* field type and size of each input */
 292         struct entry    *en_next_token; /* linked list pointer */
 293         size_t          en_offset;      /* offset into structure for input */
 294         int             en_required;    /* if 1, always output a token */
 295         char            *en_msg_format; /* pointer to sprintf format string */
 296 };
 297
 298 struct translation {
 299         int             tx_offsetsCalculated;   /* eponymous */
 300         au_event_t      tx_external_event;      /* event id, external view */
 301         au_event_t      tx_internal_event;      /* event id, internal view */
 302         int             tx_entries;             /* array size of entry array */
 303         struct entry    *tx_first_entry;        /* start of linked list */
 304         struct entry    *tx_top_entry;          /* first array element */
 305 };
 306
 307 struct token_jmp {
 308         long                    jmp_id;
 309         adt_token_func_t        jmp_to;
 310 };
 311
 312 struct msg_text {
 313         int     ml_min_index;
 314         int     ml_max_index;
 315         char    **ml_msg_list;
 316         int     ml_offset;
 317 };
 318
 319 extern struct msg_text adt_msg_text[];
 320
 321 extern void adt_write_syslog(const char *, int);
 322 extern void adt_token_open(struct adt_event_state *);
 323 extern int adt_token_close(struct adt_event_state *);
 324 extern void adt_generate_token(struct entry *, void *,
 325     struct adt_event_state *);
 326 extern void *adt_adjust_address(void *, size_t, size_t);
 327
 328 #ifdef  __cplusplus
 329 }
 330 #endif
 331
 332 #endif  /* _BSM_XLATE_H */