17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5a7746f66Stz * Common Development and Distribution License (the "License"). 6a7746f66Stz * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 21*8bb3e7e3SPeter Tribble /* 22*8bb3e7e3SPeter Tribble * Copyright (c) 2019 Peter Tribble. 23*8bb3e7e3SPeter Tribble */ 247c478bd9Sstevel@tonic-gate /* 25a7746f66Stz * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 267c478bd9Sstevel@tonic-gate * Use is subject to license terms. 277c478bd9Sstevel@tonic-gate */ 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate /* 307c478bd9Sstevel@tonic-gate * File name: praudit.h 317c478bd9Sstevel@tonic-gate * praudit.c defines, globals 327c478bd9Sstevel@tonic-gate */ 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate #ifndef _PRAUDIT_H 357c478bd9Sstevel@tonic-gate #define _PRAUDIT_H 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate #ifdef __cplusplus 387c478bd9Sstevel@tonic-gate extern "C" { 397c478bd9Sstevel@tonic-gate #endif 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate /* DEFINES */ 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate /* 447c478bd9Sstevel@tonic-gate * output value types 457c478bd9Sstevel@tonic-gate */ 467c478bd9Sstevel@tonic-gate #define PRA_INT32 0 477c478bd9Sstevel@tonic-gate #define PRA_UINT32 1 487c478bd9Sstevel@tonic-gate #define PRA_INT64 2 497c478bd9Sstevel@tonic-gate #define PRA_UINT64 3 507c478bd9Sstevel@tonic-gate #define PRA_SHORT 4 517c478bd9Sstevel@tonic-gate #define PRA_USHORT 5 527c478bd9Sstevel@tonic-gate #define PRA_CHAR 6 537c478bd9Sstevel@tonic-gate #define PRA_UCHAR 7 547c478bd9Sstevel@tonic-gate #define PRA_STRING 8 557c478bd9Sstevel@tonic-gate #define PRA_HEX32 9 567c478bd9Sstevel@tonic-gate #define PRA_HEX64 10 577c478bd9Sstevel@tonic-gate #define PRA_SHEX 11 587c478bd9Sstevel@tonic-gate #define PRA_OCT 12 597c478bd9Sstevel@tonic-gate #define PRA_BYTE 13 607c478bd9Sstevel@tonic-gate #define PRA_OUTREC 14 617c478bd9Sstevel@tonic-gate #define PRA_LOCT 15 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate /* 647c478bd9Sstevel@tonic-gate * Formatting flags 657c478bd9Sstevel@tonic-gate */ 667c478bd9Sstevel@tonic-gate #define PRF_DEFAULTM 0x0000 /* Default mode */ 677c478bd9Sstevel@tonic-gate #define PRF_RAWM 0x0001 /* Raw mode */ 687c478bd9Sstevel@tonic-gate #define PRF_SHORTM 0x0002 /* Short mode */ 697c478bd9Sstevel@tonic-gate #define PRF_XMLM 0x0004 /* XML format */ 707c478bd9Sstevel@tonic-gate #define PRF_ONELINE 0x0008 /* one-line output */ 717c478bd9Sstevel@tonic-gate #define PRF_NOCACHE 0x0010 /* don't cache event names */ 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate /* 747c478bd9Sstevel@tonic-gate * source of audit data (data_mode) 757c478bd9Sstevel@tonic-gate */ 767c478bd9Sstevel@tonic-gate #define FILEMODE 1 777c478bd9Sstevel@tonic-gate #define PIPEMODE 2 787c478bd9Sstevel@tonic-gate #define BUFMODE 3 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate /* 817c478bd9Sstevel@tonic-gate * max. number of audit file names entered on command line 827c478bd9Sstevel@tonic-gate */ 837c478bd9Sstevel@tonic-gate #define MAXFILENAMES 100 847c478bd9Sstevel@tonic-gate 857c478bd9Sstevel@tonic-gate /* 867c478bd9Sstevel@tonic-gate * max. size of file name 877c478bd9Sstevel@tonic-gate */ 887c478bd9Sstevel@tonic-gate #define MAXFILELEN MAXPATHLEN+MAXNAMLEN+1 897c478bd9Sstevel@tonic-gate 907c478bd9Sstevel@tonic-gate /* 917c478bd9Sstevel@tonic-gate * used to store value to be output 927c478bd9Sstevel@tonic-gate */ 937c478bd9Sstevel@tonic-gate typedef union u_tag { 947c478bd9Sstevel@tonic-gate int32_t int32_val; 957c478bd9Sstevel@tonic-gate uint32_t uint32_val; 967c478bd9Sstevel@tonic-gate int64_t int64_val; 977c478bd9Sstevel@tonic-gate uint64_t uint64_val; 987c478bd9Sstevel@tonic-gate short short_val; 997c478bd9Sstevel@tonic-gate ushort_t ushort_val; 1007c478bd9Sstevel@tonic-gate char char_val; 1017c478bd9Sstevel@tonic-gate char uchar_val; 1027c478bd9Sstevel@tonic-gate char *string_val; 1037c478bd9Sstevel@tonic-gate } u_tag_t; 1047c478bd9Sstevel@tonic-gate typedef struct u_val { 1057c478bd9Sstevel@tonic-gate int uvaltype; 1067c478bd9Sstevel@tonic-gate u_tag_t tag; 1077c478bd9Sstevel@tonic-gate } uval_t; 1087c478bd9Sstevel@tonic-gate #define int32_val tag.int32_val 1097c478bd9Sstevel@tonic-gate #define uint32_val tag.uint32_val 1107c478bd9Sstevel@tonic-gate #define int64_val tag.int64_val 1117c478bd9Sstevel@tonic-gate #define uint64_val tag.uint64_val 1127c478bd9Sstevel@tonic-gate #define short_val tag.short_val 1137c478bd9Sstevel@tonic-gate #define ushort_val tag.ushort_val 1147c478bd9Sstevel@tonic-gate #define char_val tag.char_val 1157c478bd9Sstevel@tonic-gate #define uchar_val tag.uchar_val 1167c478bd9Sstevel@tonic-gate #define string_val tag.string_val 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate /* 1207c478bd9Sstevel@tonic-gate * Strings and things for xml prolog & ending printing. 1217c478bd9Sstevel@tonic-gate */ 1227c478bd9Sstevel@tonic-gate #define prolog1 "<?xml version='1.0' encoding='UTF-8' ?>\n" 1237c478bd9Sstevel@tonic-gate #define prolog2 "\n<!DOCTYPE audit PUBLIC " \ 1247c478bd9Sstevel@tonic-gate "'-//Sun Microsystems, Inc.//DTD Audit V1//EN' " \ 1257c478bd9Sstevel@tonic-gate "'file:///usr/share/lib/xml/dtd/adt_record.dtd.1'>\n\n" 1267c478bd9Sstevel@tonic-gate #define prolog_xsl "<?xml-stylesheet type='text/xsl' " \ 1277c478bd9Sstevel@tonic-gate "href='file:///usr/share/lib/xml/style/adt_record.xsl.1' ?>\n" 1287c478bd9Sstevel@tonic-gate 1297c478bd9Sstevel@tonic-gate /* Special main element: */ 1307c478bd9Sstevel@tonic-gate #define xml_start "<audit>" 1317c478bd9Sstevel@tonic-gate #define xml_ending "\n</audit>\n" 1327c478bd9Sstevel@tonic-gate 1337c478bd9Sstevel@tonic-gate #define xml_prolog_len (sizeof (prolog1) + sizeof (prolog2) + \ 1347c478bd9Sstevel@tonic-gate sizeof (prolog_xsl) + sizeof (xml_start) + 1) 1357c478bd9Sstevel@tonic-gate #define xml_end_len (sizeof (xml_ending) + 1) 1367c478bd9Sstevel@tonic-gate 1377c478bd9Sstevel@tonic-gate /* 1387c478bd9Sstevel@tonic-gate * used to save context for print_audit and related functions. 1397c478bd9Sstevel@tonic-gate */ 1407c478bd9Sstevel@tonic-gate 1417c478bd9Sstevel@tonic-gate #define SEP_SIZE 4 1427c478bd9Sstevel@tonic-gate 1437c478bd9Sstevel@tonic-gate struct pr_context { 1447c478bd9Sstevel@tonic-gate int format; 1457c478bd9Sstevel@tonic-gate int data_mode; 1467c478bd9Sstevel@tonic-gate char SEPARATOR[SEP_SIZE]; /* field separator */ 1477c478bd9Sstevel@tonic-gate signed char tokenid; /* initial token ID */ 1487c478bd9Sstevel@tonic-gate adr_t *audit_adr; /* audit record */ 1497c478bd9Sstevel@tonic-gate adrf_t *audit_adrf; /* audit record, file mode */ 1507c478bd9Sstevel@tonic-gate int audit_rec_len; 1517c478bd9Sstevel@tonic-gate char *audit_rec_start; 1527c478bd9Sstevel@tonic-gate 1537c478bd9Sstevel@tonic-gate char *inbuf_start; 1547c478bd9Sstevel@tonic-gate char *inbuf_last; /* ptr to byte after latest completed */ 1557c478bd9Sstevel@tonic-gate /* header or file token in the input */ 1567c478bd9Sstevel@tonic-gate int inbuf_totalsize; 1577c478bd9Sstevel@tonic-gate char *outbuf_p; 1587c478bd9Sstevel@tonic-gate char *outbuf_start; 1597c478bd9Sstevel@tonic-gate char *outbuf_last; /* ptr to byte after latest completed */ 1607c478bd9Sstevel@tonic-gate /* header or file token in the output */ 1617c478bd9Sstevel@tonic-gate int outbuf_remain_len; 1627c478bd9Sstevel@tonic-gate 1637c478bd9Sstevel@tonic-gate int pending_flag; /* open of extended tag not completed */ 1647c478bd9Sstevel@tonic-gate int current_rec; /* id of current record */ 1657c478bd9Sstevel@tonic-gate }; 1667c478bd9Sstevel@tonic-gate typedef struct pr_context pr_context_t; 1677c478bd9Sstevel@tonic-gate 1687c478bd9Sstevel@tonic-gate 169*8bb3e7e3SPeter Tribble extern void loadgroups(FILE *f); 170*8bb3e7e3SPeter Tribble extern void loadnames(FILE *f); 171*8bb3e7e3SPeter Tribble 1727c478bd9Sstevel@tonic-gate extern void init_tokens(void); 1737c478bd9Sstevel@tonic-gate 1747c478bd9Sstevel@tonic-gate extern int open_tag(pr_context_t *context, int); 1757c478bd9Sstevel@tonic-gate extern int finish_open_tag(pr_context_t *context); 1767c478bd9Sstevel@tonic-gate extern int check_close_rec(pr_context_t *context, int); 1777c478bd9Sstevel@tonic-gate extern int close_tag(pr_context_t *context, int); 1787c478bd9Sstevel@tonic-gate extern int process_tag(pr_context_t *context, int, int, int); 1797c478bd9Sstevel@tonic-gate 1807c478bd9Sstevel@tonic-gate extern int is_file_token(int); 1817c478bd9Sstevel@tonic-gate extern int is_header_token(int); 1827c478bd9Sstevel@tonic-gate extern int is_token(int); 1837c478bd9Sstevel@tonic-gate extern int do_newline(pr_context_t *context, int); 1847c478bd9Sstevel@tonic-gate 1857c478bd9Sstevel@tonic-gate extern char *bu2string(char basic_unit); 1867c478bd9Sstevel@tonic-gate extern int convert_char_to_string(char printmode, char c, char *p); 1877c478bd9Sstevel@tonic-gate extern int convert_int32_to_string(char printmode, int32_t c, char *p); 1887c478bd9Sstevel@tonic-gate extern int convert_int64_to_string(char printmode, int64_t c, char *p); 1897c478bd9Sstevel@tonic-gate extern int convert_short_to_string(char printmode, short c, char *p); 1907c478bd9Sstevel@tonic-gate extern int findfieldwidth(char basicunit, char howtoprint); 1917c478bd9Sstevel@tonic-gate extern void get_Hname(uint32_t addr, char *buf, size_t buflen); 1927c478bd9Sstevel@tonic-gate extern void get_Hname_ex(uint32_t *addr, char *buf, size_t buflen); 1937c478bd9Sstevel@tonic-gate extern char *hexconvert(char *c, int size, int chunk); 1947c478bd9Sstevel@tonic-gate extern char *htp2string(char print_sugg); 1957c478bd9Sstevel@tonic-gate extern int pa_print(pr_context_t *context, uval_t *uval, int flag); 1967c478bd9Sstevel@tonic-gate extern int pa_reclen(pr_context_t *context, int status); 1977c478bd9Sstevel@tonic-gate extern int pa_file_string(pr_context_t *context, int status, int flag); 1987c478bd9Sstevel@tonic-gate extern int pa_adr_int32(pr_context_t *context, int status, int flag); 1997c478bd9Sstevel@tonic-gate extern int pa_adr_int64(pr_context_t *context, int status, int flag); 2007c478bd9Sstevel@tonic-gate extern int pa_utime32(pr_context_t *context, int status, int flag); 2017c478bd9Sstevel@tonic-gate extern int pa_ntime32(pr_context_t *context, int status, int flag); 2027c478bd9Sstevel@tonic-gate extern int pa_utime64(pr_context_t *context, int status, int flag); 2037c478bd9Sstevel@tonic-gate extern int pa_ntime64(pr_context_t *context, int status, int flag); 2047c478bd9Sstevel@tonic-gate extern int pa_adr_string(pr_context_t *context, int status, int flag); 2057c478bd9Sstevel@tonic-gate extern int pa_adr_u_int32(pr_context_t *context, int status, int flag); 2067c478bd9Sstevel@tonic-gate extern int pa_adr_u_int64(pr_context_t *context, int status, int flag); 2077c478bd9Sstevel@tonic-gate extern int pa_adr_byte(pr_context_t *context, int status, int flag); 2087c478bd9Sstevel@tonic-gate extern int pa_event_type(pr_context_t *context, int status, int flag); 2097c478bd9Sstevel@tonic-gate extern int pa_event_modifier(pr_context_t *context, int status, int flag); 2107c478bd9Sstevel@tonic-gate extern int pa_adr_int32hex(pr_context_t *context, int status, int flag); 2117c478bd9Sstevel@tonic-gate extern int pa_adr_int64hex(pr_context_t *context, int status, int flag); 2127c478bd9Sstevel@tonic-gate extern int pa_pw_uid(pr_context_t *context, int status, int flag); 2137c478bd9Sstevel@tonic-gate extern int pa_gr_uid(pr_context_t *context, int status, int flag); 2147c478bd9Sstevel@tonic-gate extern int pa_pw_uid_gr_gid(pr_context_t *context, int status, int flag); 215a7746f66Stz extern int pa_ace(pr_context_t *context, int status, int flag); 2167c478bd9Sstevel@tonic-gate extern int pa_hostname(pr_context_t *context, int status, int flag); 2177c478bd9Sstevel@tonic-gate extern int pa_hostname_ex(pr_context_t *context, int status, int flag); 2187c478bd9Sstevel@tonic-gate extern int pa_hostname_so(pr_context_t *context, int status, int flag); 2197c478bd9Sstevel@tonic-gate extern int pa_adr_u_short(pr_context_t *context, int status, int flag); 2207c478bd9Sstevel@tonic-gate extern int pa_tid32(pr_context_t *context, int status, int flag); 2217c478bd9Sstevel@tonic-gate extern int pa_tid64(pr_context_t *context, int status, int flag); 2227c478bd9Sstevel@tonic-gate extern int pa_tid32_ex(pr_context_t *context, int status, int flag); 2237c478bd9Sstevel@tonic-gate extern int pa_tid64_ex(pr_context_t *context, int status, int flag); 2247c478bd9Sstevel@tonic-gate extern int pa_adr_charhex(pr_context_t *context, int status, int flag); 2257c478bd9Sstevel@tonic-gate extern int pa_adr_short(pr_context_t *context, int status, int flag); 2267c478bd9Sstevel@tonic-gate extern int pa_adr_shorthex(pr_context_t *context, int status, int flag); 2277c478bd9Sstevel@tonic-gate extern int pa_mode(pr_context_t *context, int status, int flag); 2287c478bd9Sstevel@tonic-gate extern int pa_cmd(pr_context_t *context, int status, int flag); 2297c478bd9Sstevel@tonic-gate extern int pa_string(pr_context_t *context, int status, int flag); 2307c478bd9Sstevel@tonic-gate extern int pa_liaison(pr_context_t *context, int status, int flag); 2317c478bd9Sstevel@tonic-gate extern int pa_xgeneric(pr_context_t *context); 2327c478bd9Sstevel@tonic-gate extern int pa_xid(pr_context_t *context, int status, int flag); 2337c478bd9Sstevel@tonic-gate extern void pa_error(const uchar_t err, char *buf, size_t buflen); 234f72effdeSgww extern void pa_retval(const uchar_t, const int32_t, char *, size_t); 2357c478bd9Sstevel@tonic-gate extern int pa_ip_addr(pr_context_t *context, int status, int flag); 2367c478bd9Sstevel@tonic-gate extern int pr_adr_char(pr_context_t *context, char *cp, int count); 2377c478bd9Sstevel@tonic-gate extern int pr_adr_short(pr_context_t *context, short *sp, int count); 2387c478bd9Sstevel@tonic-gate extern int pr_adr_int32(pr_context_t *context, int32_t *lp, int count); 2397c478bd9Sstevel@tonic-gate extern int pr_adr_int64(pr_context_t *context, int64_t *lp, int count); 2407c478bd9Sstevel@tonic-gate extern int pr_adr_u_int32(pr_context_t *context, uint32_t *cp, int count); 2417c478bd9Sstevel@tonic-gate extern int pr_adr_u_char(pr_context_t *context, uchar_t *cp, int count); 2427c478bd9Sstevel@tonic-gate extern int pr_adr_u_int64(pr_context_t *context, uint64_t *lp, int count); 2437c478bd9Sstevel@tonic-gate extern int pr_adr_u_short(pr_context_t *context, ushort_t *sp, int count); 2447c478bd9Sstevel@tonic-gate extern int pr_putchar(pr_context_t *context, char); 2457c478bd9Sstevel@tonic-gate extern int pr_printf(pr_context_t *context, const char *format, ...); 2467c478bd9Sstevel@tonic-gate extern int pr_input_remaining(pr_context_t *context, size_t size); 2477c478bd9Sstevel@tonic-gate 2487c478bd9Sstevel@tonic-gate /* 2497c478bd9Sstevel@tonic-gate * Functions that format audit data 2507c478bd9Sstevel@tonic-gate */ 2517c478bd9Sstevel@tonic-gate extern int print_audit(const int, const char *); 2527c478bd9Sstevel@tonic-gate extern int print_audit_buf(char **, int *, char **, int *, const int, 2537c478bd9Sstevel@tonic-gate const char *); 2547c478bd9Sstevel@tonic-gate extern void print_audit_xml_prolog(void); 2557c478bd9Sstevel@tonic-gate extern void print_audit_xml_ending(void); 2567c478bd9Sstevel@tonic-gate extern int print_audit_xml_prolog_buf(char *out_buf, 2577c478bd9Sstevel@tonic-gate const int out_buf_len); 2587c478bd9Sstevel@tonic-gate extern int print_audit_xml_ending_buf(char *out_buf, 2597c478bd9Sstevel@tonic-gate const int out_buf_len); 2607c478bd9Sstevel@tonic-gate 2617c478bd9Sstevel@tonic-gate 2627c478bd9Sstevel@tonic-gate #ifdef __cplusplus 2637c478bd9Sstevel@tonic-gate } 2647c478bd9Sstevel@tonic-gate #endif 2657c478bd9Sstevel@tonic-gate 2667c478bd9Sstevel@tonic-gate #endif /* _PRAUDIT_H */ 267