4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
33 #include <sys/types.h>
34 #include <bsm/audit.h>
35 #include <bsm/audit_record.h>
42 #define TEXT_DOMAIN "SUNW_OST_OSLIB"
45 extern const char *bsm_dom
;
56 typedef struct au_event_ent au_event_ent_t
;
66 typedef struct au_class_ent au_class_ent_t
;
76 typedef struct au_user_ent au_user_ent_t
;
79 * Internal representation of audit user in libnsl
81 typedef struct au_user_str_s
{
88 * adrf's version of adr_t
90 typedef struct adrf_s
{
96 * Functions that manipulate bytes from an audit file
99 extern void adr_char(adr_t
*, char *, int);
100 extern int adr_count(adr_t
*);
101 extern void adr_int32(adr_t
*, int32_t *, int);
102 extern void adr_uid(adr_t
*, uid_t
*, int);
103 extern void adr_int64(adr_t
*, int64_t *, int);
104 extern void adr_short(adr_t
*, short *, int);
105 extern void adr_ushort(adr_t
*, ushort_t
*, int);
106 extern void adr_start(adr_t
*, char *);
108 extern int adrf_char(adrf_t
*, char *, int);
109 extern int adrf_int32(adrf_t
*, int32_t *, int);
110 extern int adrf_int64(adrf_t
*, int64_t *, int);
111 extern int adrf_short(adrf_t
*, short *, int);
112 extern void adrf_start(adrf_t
*, adr_t
*, FILE *);
113 extern int adrf_u_char(adrf_t
*, uchar_t
*, int);
114 extern int adrf_u_int32(adrf_t
*, uint32_t *, int);
115 extern int adrf_u_int64(adrf_t
*, uint64_t *, int);
116 extern int adrf_u_short(adrf_t
*, ushort_t
*, int);
119 * Functions that manipulate bytes from an audit character stream.
122 extern void adrm_start(adr_t
*, char *);
123 extern void adrm_char(adr_t
*, char *, int);
124 extern void adrm_short(adr_t
*, short *, int);
125 extern void adrm_int64(adr_t
*, int64_t *, int);
126 extern void adrm_int32(adr_t
*, int32_t *, int);
127 extern void adrm_uid(adr_t
*, uid_t
*, int);
128 extern void adrm_u_int32(adr_t
*, uint32_t *, int);
129 extern void adrm_u_char(adr_t
*, uchar_t
*, int);
130 extern void adrm_u_int64(adr_t
*, uint64_t *, int);
131 extern void adrm_u_short(adr_t
*, ushort_t
*, int);
132 extern void adrm_putint32(adr_t
*, int32_t *, int);
135 * Functions that do I/O for audit files
138 extern int au_close(int, int, au_event_t
);
139 extern int au_open(void);
140 extern int au_write(int, token_t
*);
143 * Functions than manipulate audit events
146 extern void setauevent(void);
147 extern void endauevent(void);
149 extern au_event_ent_t
*getauevent(void);
150 extern au_event_ent_t
*getauevent_r(au_event_ent_t
*);
151 extern au_event_ent_t
*getauevnam(char *);
152 extern au_event_ent_t
*getauevnam_r(au_event_ent_t
*, char *);
153 extern au_event_ent_t
*getauevnum(au_event_t
);
154 extern au_event_ent_t
*getauevnum_r(au_event_ent_t
*, au_event_t
);
155 extern au_event_t
getauevnonam(char *);
156 extern int au_preselect(au_event_t
, au_mask_t
*, int, int);
157 extern int cacheauevent(au_event_ent_t
**, au_event_t
);
160 * Functions that manipulate audit classes
163 extern void setauclass(void);
164 extern void endauclass(void);
166 extern int cacheauclass(au_class_ent_t
**, au_class_t
);
167 extern int cacheauclassnam(au_class_ent_t
**, char *);
168 extern au_class_ent_t
*getauclassent(void);
169 extern au_class_ent_t
*getauclassent_r(au_class_ent_t
*);
170 extern au_class_ent_t
*getauclassnam(char *);
171 extern au_class_ent_t
*getauclassnam_r(au_class_ent_t
*, char *);
174 * Functions that manipulate audit masks
177 extern int au_user_mask(char *, au_mask_t
*);
178 extern int getauditflagsbin(char *, au_mask_t
*);
179 extern int getauditflagschar(char *, au_mask_t
*, int);
180 extern int getfauditflags(au_mask_t
*, au_mask_t
*, au_mask_t
*);
181 extern boolean_t
__chkflags(char *, au_mask_t
*, boolean_t
, char **);
184 * Functions that do system calls
187 extern int audit(char *, int);
188 extern int auditon(int, caddr_t
, int);
189 extern int auditdoor(int);
190 extern int getaudit(auditinfo_t
*);
191 extern int getaudit_addr(auditinfo_addr_t
*, int);
192 extern int getauid(au_id_t
*);
193 extern int setaudit(auditinfo_t
*);
194 extern int setaudit_addr(auditinfo_addr_t
*, int);
195 extern int setauid(au_id_t
*);
198 * Defines for au_preselect(3)
200 #define AU_PRS_SUCCESS 1
201 #define AU_PRS_FAILURE 2
202 #define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE)
204 #define AU_PRS_USECACHE 0
205 #define AU_PRS_REREAD 1
208 * Defines for cacheauclass and cacheauevent
210 #define AU_CACHE_FREE 0x0000
211 #define AU_CACHE_NAME 0x0001
212 #define AU_CACHE_NUMBER 0x0002
214 /* Flags for user-level audit routines: au_open, au_close, au_to_ */
215 #define AU_TO_NO_WRITE 0
216 #define AU_TO_WRITE 1
218 /* system audit files for auditd */
219 #define AUDITCLASSFILE "/etc/security/audit_class"
220 #define AUDITEVENTFILE "/etc/security/audit_event"
221 #define AUDITUSERFILE "/etc/security/audit_user"
223 /* array sizes for audit library structures */
224 #define AU_CLASS_NAME_MAX 8
225 #define AU_CLASS_DESC_MAX 72
226 #define AU_EVENT_NAME_MAX 30
227 #define AU_EVENT_DESC_MAX 50
228 #define AU_EVENT_LINE_MAX 256
231 * Some macros used internally by the nsswitch code
233 #define AUDITUSER_FILENAME "/etc/security/audit_user"
234 #define AUDITUSER_DB_NAME "audit_user.org_dir"
235 #define AUDITUSER_DB_NCOL 3 /* total columns */
236 #define AUDITUSER_DB_NKEYCOL 1 /* total searchable columns */
237 #define AUDITUSER_DB_TBLT "audit_user_tbl"
238 #define AUDITUSER_SUCCESS 0
239 #define AUDITUSER_PARSE_ERANGE 1
240 #define AUDITUSER_NOT_FOUND 2
242 #define AUDITUSER_COL0_KW "name"
243 #define AUDITUSER_COL1_KW "always"
244 #define AUDITUSER_COL2_KW "never"
247 * indices of searchable columns
249 #define AUDITUSER_KEYCOL0 0 /* name */
256 #endif /* _BSM_LIBBSM_H */