17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c1a0576Sgww * Common Development and Distribution License (the "License"). 6*7c1a0576Sgww * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*7c1a0576Sgww * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #ifndef _BSM_LIBBSM_H 277c478bd9Sstevel@tonic-gate #define _BSM_LIBBSM_H 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate #include <secdb.h> 327c478bd9Sstevel@tonic-gate #include <stdio.h> 337c478bd9Sstevel@tonic-gate #include <errno.h> 347c478bd9Sstevel@tonic-gate #include <sys/types.h> 357c478bd9Sstevel@tonic-gate #include <bsm/audit.h> 367c478bd9Sstevel@tonic-gate #include <bsm/audit_record.h> 377c478bd9Sstevel@tonic-gate 387c478bd9Sstevel@tonic-gate #ifdef __cplusplus 397c478bd9Sstevel@tonic-gate extern "C" { 407c478bd9Sstevel@tonic-gate #endif 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate #ifndef TEXT_DOMAIN 437c478bd9Sstevel@tonic-gate #define TEXT_DOMAIN "SUNW_OST_OSLIB" 447c478bd9Sstevel@tonic-gate #endif 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate extern const char *bsm_dom; 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate /* 497c478bd9Sstevel@tonic-gate * For audit_event(5) 507c478bd9Sstevel@tonic-gate */ 517c478bd9Sstevel@tonic-gate struct au_event_ent { 527c478bd9Sstevel@tonic-gate au_event_t ae_number; 537c478bd9Sstevel@tonic-gate char *ae_name; 547c478bd9Sstevel@tonic-gate char *ae_desc; 557c478bd9Sstevel@tonic-gate au_class_t ae_class; 567c478bd9Sstevel@tonic-gate }; 577c478bd9Sstevel@tonic-gate typedef struct au_event_ent au_event_ent_t; 587c478bd9Sstevel@tonic-gate 597c478bd9Sstevel@tonic-gate /* 607c478bd9Sstevel@tonic-gate * For audit_class(5) 617c478bd9Sstevel@tonic-gate */ 627c478bd9Sstevel@tonic-gate struct au_class_ent { 637c478bd9Sstevel@tonic-gate char *ac_name; 647c478bd9Sstevel@tonic-gate au_class_t ac_class; 657c478bd9Sstevel@tonic-gate char *ac_desc; 667c478bd9Sstevel@tonic-gate }; 677c478bd9Sstevel@tonic-gate typedef struct au_class_ent au_class_ent_t; 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gate /* 707c478bd9Sstevel@tonic-gate * For audit_user(5) 717c478bd9Sstevel@tonic-gate */ 727c478bd9Sstevel@tonic-gate struct au_user_ent { 737c478bd9Sstevel@tonic-gate char *au_name; 747c478bd9Sstevel@tonic-gate au_mask_t au_always; 757c478bd9Sstevel@tonic-gate au_mask_t au_never; 767c478bd9Sstevel@tonic-gate }; 777c478bd9Sstevel@tonic-gate typedef struct au_user_ent au_user_ent_t; 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate /* 807c478bd9Sstevel@tonic-gate * Internal representation of audit user in libnsl 817c478bd9Sstevel@tonic-gate */ 827c478bd9Sstevel@tonic-gate typedef struct au_user_str_s { 837c478bd9Sstevel@tonic-gate char *au_name; 847c478bd9Sstevel@tonic-gate char *au_always; 857c478bd9Sstevel@tonic-gate char *au_never; 867c478bd9Sstevel@tonic-gate } au_user_str_t; 877c478bd9Sstevel@tonic-gate 887c478bd9Sstevel@tonic-gate /* 897c478bd9Sstevel@tonic-gate * opaque context value for getacval.c 907c478bd9Sstevel@tonic-gate */ 917c478bd9Sstevel@tonic-gate typedef struct au_acinfo au_acinfo_t; 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate /* 947c478bd9Sstevel@tonic-gate * adrf's version of adr_t 957c478bd9Sstevel@tonic-gate */ 967c478bd9Sstevel@tonic-gate typedef struct adrf_s { 977c478bd9Sstevel@tonic-gate adr_t *adrf_adr; 987c478bd9Sstevel@tonic-gate FILE *adrf_fp; 997c478bd9Sstevel@tonic-gate } adrf_t; 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate /* 1027c478bd9Sstevel@tonic-gate * Functions that manipulate bytes from an audit file 1037c478bd9Sstevel@tonic-gate */ 1047c478bd9Sstevel@tonic-gate 1057c478bd9Sstevel@tonic-gate extern void adr_char(adr_t *, char *, int); 1067c478bd9Sstevel@tonic-gate extern int adr_count(adr_t *); 1077c478bd9Sstevel@tonic-gate extern void adr_int32(adr_t *, int32_t *, int); 1087c478bd9Sstevel@tonic-gate extern void adr_int64(adr_t *, int64_t *, int); 1097c478bd9Sstevel@tonic-gate extern void adr_short(adr_t *, short *, int); 1107c478bd9Sstevel@tonic-gate extern void adr_start(adr_t *, char *); 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate extern int adrf_char(adrf_t *, char *, int); 1137c478bd9Sstevel@tonic-gate extern int adrf_int32(adrf_t *, int32_t *, int); 1147c478bd9Sstevel@tonic-gate extern int adrf_int64(adrf_t *, int64_t *, int); 1157c478bd9Sstevel@tonic-gate extern int adrf_short(adrf_t *, short *, int); 1167c478bd9Sstevel@tonic-gate extern void adrf_start(adrf_t *, adr_t *, FILE *); 1177c478bd9Sstevel@tonic-gate extern int adrf_u_char(adrf_t *, uchar_t *, int); 1187c478bd9Sstevel@tonic-gate extern int adrf_u_int32(adrf_t *, uint32_t *, int); 1197c478bd9Sstevel@tonic-gate extern int adrf_u_int64(adrf_t *, uint64_t *, int); 1207c478bd9Sstevel@tonic-gate extern int adrf_u_short(adrf_t *, ushort_t *, int); 1217c478bd9Sstevel@tonic-gate 1227c478bd9Sstevel@tonic-gate /* 1237c478bd9Sstevel@tonic-gate * Functions that manipulate bytes from an audit character stream. 1247c478bd9Sstevel@tonic-gate */ 1257c478bd9Sstevel@tonic-gate 1267c478bd9Sstevel@tonic-gate extern void adrm_start(adr_t *, char *); 1277c478bd9Sstevel@tonic-gate extern void adrm_char(adr_t *, char *, int); 1287c478bd9Sstevel@tonic-gate extern void adrm_short(adr_t *, short *, int); 1297c478bd9Sstevel@tonic-gate extern void adrm_int64(adr_t *, int64_t *, int); 1307c478bd9Sstevel@tonic-gate extern void adrm_int32(adr_t *, int32_t *, int); 1317c478bd9Sstevel@tonic-gate extern void adrm_u_int32(adr_t *, uint32_t *, int); 1327c478bd9Sstevel@tonic-gate extern void adrm_u_char(adr_t *, uchar_t *, int); 1337c478bd9Sstevel@tonic-gate extern void adrm_u_int64(adr_t *, uint64_t *, int); 1347c478bd9Sstevel@tonic-gate extern void adrm_u_short(adr_t *, ushort_t *, int); 1357c478bd9Sstevel@tonic-gate extern void adrm_putint32(adr_t *, int32_t *, int); 1367c478bd9Sstevel@tonic-gate 1377c478bd9Sstevel@tonic-gate /* 1387c478bd9Sstevel@tonic-gate * Functions that do I/O for audit files 1397c478bd9Sstevel@tonic-gate */ 1407c478bd9Sstevel@tonic-gate 1417c478bd9Sstevel@tonic-gate extern int au_close(int, int, short); 1427c478bd9Sstevel@tonic-gate extern int au_open(void); 1437c478bd9Sstevel@tonic-gate extern int au_write(int, token_t *); 1447c478bd9Sstevel@tonic-gate 1457c478bd9Sstevel@tonic-gate /* 1467c478bd9Sstevel@tonic-gate * Functions than manipulate audit events 1477c478bd9Sstevel@tonic-gate */ 1487c478bd9Sstevel@tonic-gate 1497c478bd9Sstevel@tonic-gate extern void setauevent(void); 1507c478bd9Sstevel@tonic-gate extern void endauevent(void); 1517c478bd9Sstevel@tonic-gate extern int setaueventfile(char *); 1527c478bd9Sstevel@tonic-gate 1537c478bd9Sstevel@tonic-gate extern au_event_ent_t *getauevent(void); 1547c478bd9Sstevel@tonic-gate extern au_event_ent_t *getauevent_r(au_event_ent_t *); 1557c478bd9Sstevel@tonic-gate extern au_event_ent_t *getauevnam(char *); 1567c478bd9Sstevel@tonic-gate extern au_event_ent_t *getauevnam_r(au_event_ent_t *, char *); 1577c478bd9Sstevel@tonic-gate extern au_event_ent_t *getauevnum(au_event_t); 1587c478bd9Sstevel@tonic-gate extern au_event_ent_t *getauevnum_r(au_event_ent_t *, au_event_t); 1597c478bd9Sstevel@tonic-gate extern au_event_t getauevnonam(char *); 1607c478bd9Sstevel@tonic-gate extern int au_preselect(au_event_t, au_mask_t *, int, int); 1617c478bd9Sstevel@tonic-gate extern int cacheauevent(au_event_ent_t **, au_event_t); 1627c478bd9Sstevel@tonic-gate 1637c478bd9Sstevel@tonic-gate /* 1647c478bd9Sstevel@tonic-gate * Functions that manipulate audit classes 1657c478bd9Sstevel@tonic-gate */ 1667c478bd9Sstevel@tonic-gate 1677c478bd9Sstevel@tonic-gate extern void setauclass(void); 1687c478bd9Sstevel@tonic-gate extern void endauclass(void); 1697c478bd9Sstevel@tonic-gate extern int setauclassfile(char *); 1707c478bd9Sstevel@tonic-gate 1717c478bd9Sstevel@tonic-gate extern int cacheauclass(au_class_ent_t **, au_class_t); 1727c478bd9Sstevel@tonic-gate extern int cacheauclassnam(au_class_ent_t **, char *); 1737c478bd9Sstevel@tonic-gate extern au_class_ent_t *getauclassent(void); 1747c478bd9Sstevel@tonic-gate extern au_class_ent_t *getauclassent_r(au_class_ent_t *); 1757c478bd9Sstevel@tonic-gate extern au_class_ent_t *getauclassnam(char *); 1767c478bd9Sstevel@tonic-gate extern au_class_ent_t *getauclassnam_r(au_class_ent_t *, char *); 1777c478bd9Sstevel@tonic-gate 1787c478bd9Sstevel@tonic-gate /* 1797c478bd9Sstevel@tonic-gate * Functions that manipulate audit attributes of users 1807c478bd9Sstevel@tonic-gate */ 1817c478bd9Sstevel@tonic-gate 1827c478bd9Sstevel@tonic-gate void setauuser(void); 1837c478bd9Sstevel@tonic-gate void endauuser(void); 1847c478bd9Sstevel@tonic-gate int setauuserfile(char *); 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate au_user_ent_t *getauuserent(void); 1877c478bd9Sstevel@tonic-gate au_user_ent_t *getauuserent_r(au_user_ent_t *); 1887c478bd9Sstevel@tonic-gate au_user_ent_t *getauusernam(char *); 1897c478bd9Sstevel@tonic-gate au_user_ent_t *getauusernam_r(au_user_ent_t *, char *); 1907c478bd9Sstevel@tonic-gate 1917c478bd9Sstevel@tonic-gate /* 1927c478bd9Sstevel@tonic-gate * Functions that manipulate the audit control file 1937c478bd9Sstevel@tonic-gate */ 1947c478bd9Sstevel@tonic-gate 1957c478bd9Sstevel@tonic-gate void endac(void); 1967c478bd9Sstevel@tonic-gate void setac(void); 1977c478bd9Sstevel@tonic-gate int testac(void); 1987c478bd9Sstevel@tonic-gate 1997c478bd9Sstevel@tonic-gate int getacdir(char *, int); 2007c478bd9Sstevel@tonic-gate int getacmin(int *); 2017c478bd9Sstevel@tonic-gate int getacna(char *, int); 2027c478bd9Sstevel@tonic-gate int getacflg(char *, int); 2037c478bd9Sstevel@tonic-gate 2047c478bd9Sstevel@tonic-gate /* 2057c478bd9Sstevel@tonic-gate * Functions that manipulate the audit control file 2067c478bd9Sstevel@tonic-gate */ 2077c478bd9Sstevel@tonic-gate 2087c478bd9Sstevel@tonic-gate 2097c478bd9Sstevel@tonic-gate au_acinfo_t *_openac(char *); 2107c478bd9Sstevel@tonic-gate void _endac(au_acinfo_t *); 2117c478bd9Sstevel@tonic-gate void _rewindac(au_acinfo_t *); 2127c478bd9Sstevel@tonic-gate 2137c478bd9Sstevel@tonic-gate int _getacdir(au_acinfo_t *, char *, int); 2147c478bd9Sstevel@tonic-gate int _getaclib(au_acinfo_t *, kva_t **); 2157c478bd9Sstevel@tonic-gate int _getacmin(au_acinfo_t *, int *); 2167c478bd9Sstevel@tonic-gate int _getacna(au_acinfo_t *, char *, int); 2177c478bd9Sstevel@tonic-gate int _getacflg(au_acinfo_t *, char *, int); 2187c478bd9Sstevel@tonic-gate int _getacplug(au_acinfo_t *, kva_t **); 2197c478bd9Sstevel@tonic-gate 2207c478bd9Sstevel@tonic-gate /* 2217c478bd9Sstevel@tonic-gate * Functions that manipulate audit masks 2227c478bd9Sstevel@tonic-gate */ 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate extern int au_user_mask(char *, au_mask_t *); 2257c478bd9Sstevel@tonic-gate extern int getauditflagsbin(char *, au_mask_t *); 2267c478bd9Sstevel@tonic-gate extern int getauditflagschar(char *, au_mask_t *, int); 2277c478bd9Sstevel@tonic-gate extern int getfauditflags(au_mask_t *, au_mask_t *, au_mask_t *); 2287c478bd9Sstevel@tonic-gate 2297c478bd9Sstevel@tonic-gate /* 2307c478bd9Sstevel@tonic-gate * Functions that do system calls 2317c478bd9Sstevel@tonic-gate */ 2327c478bd9Sstevel@tonic-gate 2337c478bd9Sstevel@tonic-gate extern int audit(char *, int); 2347c478bd9Sstevel@tonic-gate extern int auditon(int, caddr_t, int); 2357c478bd9Sstevel@tonic-gate extern int auditstat(au_stat_t *); 2367c478bd9Sstevel@tonic-gate extern int auditsvc(int, int); 2377c478bd9Sstevel@tonic-gate extern int auditdoor(int); 2387c478bd9Sstevel@tonic-gate extern int audituser(char *); 2397c478bd9Sstevel@tonic-gate extern int getaudit(auditinfo_t *); 2407c478bd9Sstevel@tonic-gate extern int getaudit_addr(auditinfo_addr_t *, int); 2417c478bd9Sstevel@tonic-gate extern int getauid(au_id_t *); 2427c478bd9Sstevel@tonic-gate extern int getkernstate(au_mask_t *); 2437c478bd9Sstevel@tonic-gate extern int getuseraudit(au_id_t, au_mask_t *); 2447c478bd9Sstevel@tonic-gate extern int setaudit(auditinfo_t *); 2457c478bd9Sstevel@tonic-gate extern int setaudit_addr(auditinfo_addr_t *, int); 2467c478bd9Sstevel@tonic-gate extern int setauid(au_id_t *); 2477c478bd9Sstevel@tonic-gate extern int setkernstate(au_mask_t *); 2487c478bd9Sstevel@tonic-gate extern int setuseraudit(au_id_t, au_mask_t *); 2497c478bd9Sstevel@tonic-gate 2507c478bd9Sstevel@tonic-gate #define BSM_TEXTBUFSZ 256 /* size of string for generic text token */ 2517c478bd9Sstevel@tonic-gate 2527c478bd9Sstevel@tonic-gate /* 2537c478bd9Sstevel@tonic-gate * Defines for au_preselect(3) 2547c478bd9Sstevel@tonic-gate */ 2557c478bd9Sstevel@tonic-gate #define AU_PRS_SUCCESS 1 2567c478bd9Sstevel@tonic-gate #define AU_PRS_FAILURE 2 2577c478bd9Sstevel@tonic-gate #define AU_PRS_BOTH (AU_PRS_SUCCESS|AU_PRS_FAILURE) 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gate #define AU_PRS_USECACHE 0 2607c478bd9Sstevel@tonic-gate #define AU_PRS_REREAD 1 2617c478bd9Sstevel@tonic-gate 2627c478bd9Sstevel@tonic-gate /* 2637c478bd9Sstevel@tonic-gate * Defines for cacheauclass and cacheauevent 2647c478bd9Sstevel@tonic-gate */ 2657c478bd9Sstevel@tonic-gate #define AU_CACHE_FREE 0x0000 2667c478bd9Sstevel@tonic-gate #define AU_CACHE_NAME 0x0001 2677c478bd9Sstevel@tonic-gate #define AU_CACHE_NUMBER 0x0002 2687c478bd9Sstevel@tonic-gate 2697c478bd9Sstevel@tonic-gate /* Flags for user-level audit routines: au_open, au_close, au_to_ */ 2707c478bd9Sstevel@tonic-gate #define AU_TO_NO_WRITE 0 2717c478bd9Sstevel@tonic-gate #define AU_TO_WRITE 1 2727c478bd9Sstevel@tonic-gate 2737c478bd9Sstevel@tonic-gate /* system audit files for auditd */ 2747c478bd9Sstevel@tonic-gate #define AUDITCLASSFILE "/etc/security/audit_class" 2757c478bd9Sstevel@tonic-gate #define AUDITCONTROLFILE "/etc/security/audit_control" 2767c478bd9Sstevel@tonic-gate #define AUDITDATAFILE "/etc/security/audit_data" 2777c478bd9Sstevel@tonic-gate #define AUDITEVENTFILE "/etc/security/audit_event" 2787c478bd9Sstevel@tonic-gate #define AUDITUSERFILE "/etc/security/audit_user" 2797c478bd9Sstevel@tonic-gate 2807c478bd9Sstevel@tonic-gate /* array sizes for audit library structures */ 2817c478bd9Sstevel@tonic-gate #define AU_CLASS_NAME_MAX 8 2827c478bd9Sstevel@tonic-gate #define AU_CLASS_DESC_MAX 72 2837c478bd9Sstevel@tonic-gate #define AU_EVENT_NAME_MAX 30 2847c478bd9Sstevel@tonic-gate #define AU_EVENT_DESC_MAX 50 2857c478bd9Sstevel@tonic-gate #define AU_EVENT_LINE_MAX 256 2867c478bd9Sstevel@tonic-gate 2877c478bd9Sstevel@tonic-gate /* 2887c478bd9Sstevel@tonic-gate * Some macros used internally by the nsswitch code 2897c478bd9Sstevel@tonic-gate */ 2907c478bd9Sstevel@tonic-gate #define AUDITUSER_FILENAME "/etc/security/audit_user" 2917c478bd9Sstevel@tonic-gate #define AUDITUSER_DB_NAME "audit_user.org_dir" 2927c478bd9Sstevel@tonic-gate #define AUDITUSER_DB_NCOL 3 /* total columns */ 2937c478bd9Sstevel@tonic-gate #define AUDITUSER_DB_NKEYCOL 1 /* total searchable columns */ 2947c478bd9Sstevel@tonic-gate #define AUDITUSER_DB_TBLT "audit_user_tbl" 2957c478bd9Sstevel@tonic-gate #define AUDITUSER_SUCCESS 0 2967c478bd9Sstevel@tonic-gate #define AUDITUSER_PARSE_ERANGE 1 2977c478bd9Sstevel@tonic-gate #define AUDITUSER_NOT_FOUND 2 2987c478bd9Sstevel@tonic-gate 2997c478bd9Sstevel@tonic-gate #define AUDITUSER_COL0_KW "name" 3007c478bd9Sstevel@tonic-gate #define AUDITUSER_COL1_KW "always" 3017c478bd9Sstevel@tonic-gate #define AUDITUSER_COL2_KW "never" 3027c478bd9Sstevel@tonic-gate 3037c478bd9Sstevel@tonic-gate /* 3047c478bd9Sstevel@tonic-gate * indices of searchable columns 3057c478bd9Sstevel@tonic-gate */ 3067c478bd9Sstevel@tonic-gate #define AUDITUSER_KEYCOL0 0 /* name */ 3077c478bd9Sstevel@tonic-gate 3087c478bd9Sstevel@tonic-gate 3097c478bd9Sstevel@tonic-gate #ifdef __cplusplus 3107c478bd9Sstevel@tonic-gate } 3117c478bd9Sstevel@tonic-gate #endif 3127c478bd9Sstevel@tonic-gate 3137c478bd9Sstevel@tonic-gate #endif /* _BSM_LIBBSM_H */ 314