xref: /illumos-gate/usr/src/lib/libbsm/common/libbsm.h (revision 6a634c9d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 #ifndef _BSM_LIBBSM_H
26 #define	_BSM_LIBBSM_H
27 
28 
29 #include <ctype.h>
30 #include <secdb.h>
31 #include <stdio.h>
32 #include <errno.h>
33 #include <sys/types.h>
34 #include <bsm/audit.h>
35 #include <bsm/audit_record.h>
36 
37 #ifdef	__cplusplus
38 extern "C" {
39 #endif
40 
41 #ifndef TEXT_DOMAIN
42 #define	TEXT_DOMAIN	"SUNW_OST_OSLIB"
43 #endif
44 
45 extern const char *bsm_dom;
46 
47 /*
48  * For audit_event(5)
49  */
50 struct au_event_ent {
51 	au_event_t ae_number;
52 	char	*ae_name;
53 	char	*ae_desc;
54 	au_class_t ae_class;
55 };
56 typedef struct au_event_ent au_event_ent_t;
57 
58 /*
59  * For audit_class(5)
60  */
61 struct au_class_ent {
62 	char	*ac_name;
63 	au_class_t ac_class;
64 	char	*ac_desc;
65 };
66 typedef struct au_class_ent au_class_ent_t;
67 
68 /*
69  * For audit_user(5)
70  */
71 struct au_user_ent {
72 	char	*au_name;
73 	au_mask_t au_always;
74 	au_mask_t au_never;
75 };
76 typedef struct au_user_ent au_user_ent_t;
77 
78 /*
79  * Internal representation of audit user in libnsl
80  */
81 typedef struct au_user_str_s {
82 	char	*au_name;
83 	char	*au_always;
84 	char	*au_never;
85 } au_user_str_t;
86 
87 /*
88  * adrf's version of adr_t
89  */
90 typedef struct adrf_s {
91 	adr_t	*adrf_adr;
92 	FILE	*adrf_fp;
93 } adrf_t;
94 
95 /*
96  * Functions that manipulate bytes from an audit file
97  */
98 
99 extern void	adr_char(adr_t *, char *, int);
100 extern int	adr_count(adr_t *);
101 extern void	adr_int32(adr_t *, int32_t *, int);
102 extern void	adr_uid(adr_t *, uid_t *, int);
103 extern void	adr_int64(adr_t *, int64_t *, int);
104 extern void	adr_short(adr_t *, short *, int);
105 extern void	adr_ushort(adr_t *, ushort_t *, int);
106 extern void	adr_start(adr_t *, char *);
107 
108 extern int	adrf_char(adrf_t *, char *, int);
109 extern int	adrf_int32(adrf_t *, int32_t *, int);
110 extern int	adrf_int64(adrf_t *, int64_t *, int);
111 extern int	adrf_short(adrf_t *, short *, int);
112 extern void	adrf_start(adrf_t *, adr_t *, FILE *);
113 extern int	adrf_u_char(adrf_t *, uchar_t *, int);
114 extern int	adrf_u_int32(adrf_t *, uint32_t *, int);
115 extern int	adrf_u_int64(adrf_t *, uint64_t *, int);
116 extern int	adrf_u_short(adrf_t *, ushort_t *, int);
117 
118 /*
119  * Functions that manipulate bytes from an audit character stream.
120  */
121 
122 extern void	adrm_start(adr_t *, char *);
123 extern void	adrm_char(adr_t *, char *, int);
124 extern void	adrm_short(adr_t *, short *, int);
125 extern void	adrm_int64(adr_t *, int64_t *, int);
126 extern void	adrm_int32(adr_t *, int32_t *, int);
127 extern void	adrm_uid(adr_t *, uid_t *, int);
128 extern void	adrm_u_int32(adr_t *, uint32_t *, int);
129 extern void	adrm_u_char(adr_t *, uchar_t *, int);
130 extern void	adrm_u_int64(adr_t *, uint64_t *, int);
131 extern void	adrm_u_short(adr_t *, ushort_t *, int);
132 extern void	adrm_putint32(adr_t *, int32_t *, int);
133 
134 /*
135  * Functions that do I/O for audit files
136  */
137 
138 extern int	au_close(int, int, au_event_t);
139 extern int	au_open(void);
140 extern int	au_write(int, token_t *);
141 
142 /*
143  * Functions than manipulate audit events
144  */
145 
146 extern void	setauevent(void);
147 extern void	endauevent(void);
148 
149 extern au_event_ent_t	*getauevent(void);
150 extern au_event_ent_t	*getauevent_r(au_event_ent_t *);
151 extern au_event_ent_t	*getauevnam(char *);
152 extern au_event_ent_t	*getauevnam_r(au_event_ent_t *, char *);
153 extern au_event_ent_t	*getauevnum(au_event_t);
154 extern au_event_ent_t	*getauevnum_r(au_event_ent_t *, au_event_t);
155 extern au_event_t	getauevnonam(char *);
156 extern int		au_preselect(au_event_t, au_mask_t *, int, int);
157 extern int		cacheauevent(au_event_ent_t **, au_event_t);
158 
159 /*
160  * Functions that manipulate audit classes
161  */
162 
163 extern void	setauclass(void);
164 extern void	endauclass(void);
165 
166 extern int	cacheauclass(au_class_ent_t **, au_class_t);
167 extern int	cacheauclassnam(au_class_ent_t **, char *);
168 extern au_class_ent_t *getauclassent(void);
169 extern au_class_ent_t *getauclassent_r(au_class_ent_t *);
170 extern au_class_ent_t *getauclassnam(char *);
171 extern au_class_ent_t *getauclassnam_r(au_class_ent_t *, char *);
172 
173 /*
174  * Functions that manipulate audit masks
175  */
176 
177 extern int	au_user_mask(char *, au_mask_t *);
178 extern int	getauditflagsbin(char *, au_mask_t *);
179 extern int	getauditflagschar(char *, au_mask_t *, int);
180 extern int	getfauditflags(au_mask_t *, au_mask_t *, au_mask_t *);
181 extern boolean_t __chkflags(char *, au_mask_t *, boolean_t, char **);
182 
183 /*
184  * Functions that do system calls
185  */
186 
187 extern int	audit(char *, int);
188 extern int	auditon(int, caddr_t, int);
189 extern int	auditdoor(int);
190 extern int	getaudit(auditinfo_t *);
191 extern int	getaudit_addr(auditinfo_addr_t *, int);
192 extern int	getauid(au_id_t *);
193 extern int	setaudit(auditinfo_t *);
194 extern int	setaudit_addr(auditinfo_addr_t *, int);
195 extern int	setauid(au_id_t *);
196 
197 /*
198  * Defines for au_preselect(3)
199  */
200 #define	AU_PRS_SUCCESS	1
201 #define	AU_PRS_FAILURE	2
202 #define	AU_PRS_BOTH	(AU_PRS_SUCCESS|AU_PRS_FAILURE)
203 
204 #define	AU_PRS_USECACHE	0
205 #define	AU_PRS_REREAD	1
206 
207 /*
208  * Defines for cacheauclass and cacheauevent
209  */
210 #define	AU_CACHE_FREE	0x0000
211 #define	AU_CACHE_NAME	0x0001
212 #define	AU_CACHE_NUMBER	0x0002
213 
214 /* Flags for user-level audit routines: au_open, au_close, au_to_ */
215 #define	AU_TO_NO_WRITE	0
216 #define	AU_TO_WRITE	1
217 
218 /* system audit files for auditd */
219 #define	AUDITCLASSFILE		"/etc/security/audit_class"
220 #define	AUDITEVENTFILE		"/etc/security/audit_event"
221 #define	AUDITUSERFILE		"/etc/security/audit_user"
222 
223 /* array sizes for audit library structures */
224 #define	AU_CLASS_NAME_MAX	8
225 #define	AU_CLASS_DESC_MAX	72
226 #define	AU_EVENT_NAME_MAX	30
227 #define	AU_EVENT_DESC_MAX	50
228 #define	AU_EVENT_LINE_MAX	256
229 
230 /*
231  * Some macros used internally by the nsswitch code
232  */
233 #define	AUDITUSER_FILENAME		"/etc/security/audit_user"
234 #define	AUDITUSER_DB_NAME		"audit_user.org_dir"
235 #define	AUDITUSER_DB_NCOL		3	/* total columns */
236 #define	AUDITUSER_DB_NKEYCOL		1	/* total searchable columns */
237 #define	AUDITUSER_DB_TBLT		"audit_user_tbl"
238 #define	AUDITUSER_SUCCESS		0
239 #define	AUDITUSER_PARSE_ERANGE		1
240 #define	AUDITUSER_NOT_FOUND		2
241 
242 #define	AUDITUSER_COL0_KW		"name"
243 #define	AUDITUSER_COL1_KW		"always"
244 #define	AUDITUSER_COL2_KW		"never"
245 
246 /*
247  * indices of searchable columns
248  */
249 #define	AUDITUSER_KEYCOL0		0	/* name */
250 
251 
252 #ifdef	__cplusplus
253 }
254 #endif
255 
256 #endif	/* _BSM_LIBBSM_H */
257