xref: /illumos-gate/usr/src/cmd/praudit/praudit.h (revision 8bb3e7e3)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2019 Peter Tribble.
23  */
24 /*
25  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
26  * Use is subject to license terms.
27  */
28 
29 /*
30  * File name: praudit.h
31  * praudit.c defines, globals
32  */
33 
34 #ifndef	_PRAUDIT_H
35 #define	_PRAUDIT_H
36 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
41 /* DEFINES */
42 
43 /*
44  * output value types
45  */
46 #define	PRA_INT32 0
47 #define	PRA_UINT32 1
48 #define	PRA_INT64 2
49 #define	PRA_UINT64 3
50 #define	PRA_SHORT 4
51 #define	PRA_USHORT 5
52 #define	PRA_CHAR 6
53 #define	PRA_UCHAR 7
54 #define	PRA_STRING 8
55 #define	PRA_HEX32 9
56 #define	PRA_HEX64 10
57 #define	PRA_SHEX 11
58 #define	PRA_OCT 12
59 #define	PRA_BYTE 13
60 #define	PRA_OUTREC 14
61 #define	PRA_LOCT 15
62 
63 /*
64  * Formatting flags
65  */
66 #define	PRF_DEFAULTM	0x0000		/* Default mode */
67 #define	PRF_RAWM	0x0001		/* Raw mode */
68 #define	PRF_SHORTM	0x0002		/* Short mode */
69 #define	PRF_XMLM	0x0004		/* XML format */
70 #define	PRF_ONELINE	0x0008		/* one-line output */
71 #define	PRF_NOCACHE	0x0010		/* don't cache event names */
72 
73 /*
74  * source of audit data (data_mode)
75  */
76 #define	FILEMODE	1
77 #define	PIPEMODE	2
78 #define	BUFMODE		3
79 
80 /*
81  * max. number of audit file names entered on command line
82  */
83 #define	MAXFILENAMES 100
84 
85 /*
86  * max. size of file name
87  */
88 #define	MAXFILELEN MAXPATHLEN+MAXNAMLEN+1
89 
90 /*
91  * used to store value to be output
92  */
93 typedef union u_tag {
94 	int32_t		int32_val;
95 	uint32_t	uint32_val;
96 	int64_t		int64_val;
97 	uint64_t	uint64_val;
98 	short		short_val;
99 	ushort_t	ushort_val;
100 	char		char_val;
101 	char		uchar_val;
102 	char		*string_val;
103 } u_tag_t;
104 typedef	struct u_val {
105 	int	uvaltype;
106 	u_tag_t	tag;
107 } uval_t;
108 #define	int32_val tag.int32_val
109 #define	uint32_val tag.uint32_val
110 #define	int64_val tag.int64_val
111 #define	uint64_val tag.uint64_val
112 #define	short_val tag.short_val
113 #define	ushort_val tag.ushort_val
114 #define	char_val tag.char_val
115 #define	uchar_val tag.uchar_val
116 #define	string_val tag.string_val
117 
118 
119 /*
120  * Strings and things for xml prolog & ending printing.
121  */
122 #define	prolog1 "<?xml version='1.0' encoding='UTF-8' ?>\n"
123 #define	prolog2  "\n<!DOCTYPE audit PUBLIC " \
124 	"'-//Sun Microsystems, Inc.//DTD Audit V1//EN' " \
125 	"'file:///usr/share/lib/xml/dtd/adt_record.dtd.1'>\n\n"
126 #define	prolog_xsl "<?xml-stylesheet type='text/xsl' " \
127 	"href='file:///usr/share/lib/xml/style/adt_record.xsl.1' ?>\n"
128 
129 	/* Special main element: */
130 #define	xml_start "<audit>"
131 #define	xml_ending "\n</audit>\n"
132 
133 #define	xml_prolog_len (sizeof (prolog1) + sizeof (prolog2) + \
134     sizeof (prolog_xsl) + sizeof (xml_start) + 1)
135 #define	xml_end_len (sizeof (xml_ending) + 1)
136 
137 /*
138  * used to save context for print_audit and related functions.
139  */
140 
141 #define	SEP_SIZE 4
142 
143 struct pr_context {
144 	int	format;
145 	int	data_mode;
146 	char	SEPARATOR[SEP_SIZE];	/* field separator */
147 	signed char	tokenid;	/* initial token ID */
148 	adr_t	*audit_adr;		/* audit record */
149 	adrf_t	*audit_adrf;		/* audit record, file mode */
150 	int	audit_rec_len;
151 	char	*audit_rec_start;
152 
153 	char	*inbuf_start;
154 	char	*inbuf_last;		/* ptr to byte after latest completed */
155 					/* header or file token in the input */
156 	int	inbuf_totalsize;
157 	char	*outbuf_p;
158 	char	*outbuf_start;
159 	char	*outbuf_last;		/* ptr to byte after latest completed */
160 					/* header or file token in the output */
161 	int	outbuf_remain_len;
162 
163 	int	pending_flag;		/* open of extended tag not completed */
164 	int	current_rec;		/* id of current record */
165 };
166 typedef struct pr_context pr_context_t;
167 
168 
169 extern void	loadgroups(FILE *f);
170 extern void	loadnames(FILE *f);
171 
172 extern void	init_tokens(void);
173 
174 extern int	open_tag(pr_context_t *context, int);
175 extern int	finish_open_tag(pr_context_t *context);
176 extern int	check_close_rec(pr_context_t *context, int);
177 extern int	close_tag(pr_context_t *context, int);
178 extern int	process_tag(pr_context_t *context, int, int, int);
179 
180 extern int	is_file_token(int);
181 extern int	is_header_token(int);
182 extern int	is_token(int);
183 extern int	do_newline(pr_context_t *context, int);
184 
185 extern char	*bu2string(char basic_unit);
186 extern int	convert_char_to_string(char printmode, char c, char *p);
187 extern int	convert_int32_to_string(char printmode, int32_t c, char *p);
188 extern int	convert_int64_to_string(char printmode, int64_t c, char *p);
189 extern int	convert_short_to_string(char printmode, short c, char *p);
190 extern int	findfieldwidth(char basicunit, char howtoprint);
191 extern void	get_Hname(uint32_t addr, char *buf, size_t buflen);
192 extern void	get_Hname_ex(uint32_t *addr, char *buf, size_t buflen);
193 extern char	*hexconvert(char *c, int size, int chunk);
194 extern char	*htp2string(char print_sugg);
195 extern int	pa_print(pr_context_t *context, uval_t *uval, int flag);
196 extern int	pa_reclen(pr_context_t *context, int status);
197 extern int	pa_file_string(pr_context_t *context, int status, int flag);
198 extern int	pa_adr_int32(pr_context_t *context, int status, int flag);
199 extern int	pa_adr_int64(pr_context_t *context, int status, int flag);
200 extern int	pa_utime32(pr_context_t *context, int status, int flag);
201 extern int	pa_ntime32(pr_context_t *context, int status, int flag);
202 extern int	pa_utime64(pr_context_t *context, int status, int flag);
203 extern int	pa_ntime64(pr_context_t *context, int status, int flag);
204 extern int	pa_adr_string(pr_context_t *context, int status, int flag);
205 extern int	pa_adr_u_int32(pr_context_t *context, int status, int flag);
206 extern int	pa_adr_u_int64(pr_context_t *context, int status, int flag);
207 extern int	pa_adr_byte(pr_context_t *context, int status, int flag);
208 extern int	pa_event_type(pr_context_t *context, int status, int flag);
209 extern int	pa_event_modifier(pr_context_t *context, int status, int flag);
210 extern int	pa_adr_int32hex(pr_context_t *context, int status, int flag);
211 extern int	pa_adr_int64hex(pr_context_t *context, int status, int flag);
212 extern int	pa_pw_uid(pr_context_t *context, int status, int flag);
213 extern int	pa_gr_uid(pr_context_t *context, int status, int flag);
214 extern int	pa_pw_uid_gr_gid(pr_context_t *context, int status, int flag);
215 extern int	pa_ace(pr_context_t *context, int status, int flag);
216 extern int	pa_hostname(pr_context_t *context, int status, int flag);
217 extern int	pa_hostname_ex(pr_context_t *context, int status, int flag);
218 extern int	pa_hostname_so(pr_context_t *context, int status, int flag);
219 extern int	pa_adr_u_short(pr_context_t *context, int status, int flag);
220 extern int	pa_tid32(pr_context_t *context, int status, int flag);
221 extern int	pa_tid64(pr_context_t *context, int status, int flag);
222 extern int	pa_tid32_ex(pr_context_t *context, int status, int flag);
223 extern int	pa_tid64_ex(pr_context_t *context, int status, int flag);
224 extern int	pa_adr_charhex(pr_context_t *context, int status, int flag);
225 extern int	pa_adr_short(pr_context_t *context, int status, int flag);
226 extern int	pa_adr_shorthex(pr_context_t *context, int status, int flag);
227 extern int	pa_mode(pr_context_t *context, int status, int flag);
228 extern int	pa_cmd(pr_context_t *context, int status, int flag);
229 extern int	pa_string(pr_context_t *context, int status, int flag);
230 extern int	pa_liaison(pr_context_t *context, int status, int flag);
231 extern int	pa_xgeneric(pr_context_t *context);
232 extern int	pa_xid(pr_context_t *context, int status, int flag);
233 extern void	pa_error(const uchar_t err, char *buf, size_t buflen);
234 extern void	pa_retval(const uchar_t, const int32_t, char *, size_t);
235 extern int	pa_ip_addr(pr_context_t *context, int status, int flag);
236 extern int	pr_adr_char(pr_context_t *context, char *cp, int count);
237 extern int	pr_adr_short(pr_context_t *context, short *sp, int count);
238 extern int	pr_adr_int32(pr_context_t *context, int32_t *lp, int count);
239 extern int	pr_adr_int64(pr_context_t *context, int64_t *lp, int count);
240 extern int	pr_adr_u_int32(pr_context_t *context, uint32_t *cp, int count);
241 extern int	pr_adr_u_char(pr_context_t *context, uchar_t *cp, int count);
242 extern int	pr_adr_u_int64(pr_context_t *context, uint64_t *lp, int count);
243 extern int	pr_adr_u_short(pr_context_t *context, ushort_t *sp, int count);
244 extern int	pr_putchar(pr_context_t *context, char);
245 extern int	pr_printf(pr_context_t *context, const char *format, ...);
246 extern int	pr_input_remaining(pr_context_t *context, size_t size);
247 
248 /*
249  * Functions that format audit data
250  */
251 extern int	print_audit(const int, const char *);
252 extern int	print_audit_buf(char **, int *, char **, int *, const int,
253     const char *);
254 extern void	print_audit_xml_prolog(void);
255 extern void	print_audit_xml_ending(void);
256 extern int	print_audit_xml_prolog_buf(char *out_buf,
257     const int out_buf_len);
258 extern int	print_audit_xml_ending_buf(char *out_buf,
259     const int out_buf_len);
260 
261 
262 #ifdef __cplusplus
263 }
264 #endif
265 
266 #endif	/* _PRAUDIT_H */
267