xref: /illumos-gate/usr/src/lib/libbsm/common/libbsm.h (revision 7c478bd9)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#ifndef _BSM_LIBBSM_H
#define	_BSM_LIBBSM_H

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include <secdb.h>
#include <stdio.h>
#include <errno.h>
#include <sys/types.h>
#include <bsm/audit.h>
#include <bsm/audit_record.h>

#ifdef	__cplusplus
extern "C" {
#endif

#ifndef TEXT_DOMAIN
#define	TEXT_DOMAIN	"SUNW_OST_OSLIB"
#endif

extern const char *bsm_dom;

/*
 * For audit_event(5)
 */
struct au_event_ent {
	au_event_t ae_number;
	char	*ae_name;
	char	*ae_desc;
	au_class_t ae_class;
};
typedef struct au_event_ent au_event_ent_t;

/*
 * For audit_class(5)
 */
struct au_class_ent {
	char	*ac_name;
	au_class_t ac_class;
	char	*ac_desc;
};
typedef struct au_class_ent au_class_ent_t;

/*
 * For audit_user(5)
 */
struct au_user_ent {
	char	*au_name;
	au_mask_t au_always;
	au_mask_t au_never;
};
typedef struct au_user_ent au_user_ent_t;

/*
 * Internal representation of audit user in libnsl
 */
typedef struct au_user_str_s {
	char	*au_name;
	char	*au_always;
	char	*au_never;
} au_user_str_t;

/*
 * opaque context value for getacval.c
 */
typedef struct au_acinfo au_acinfo_t;

/*
 * adrf's version of adr_t
 */
typedef struct adrf_s {
	adr_t	*adrf_adr;
	FILE	*adrf_fp;
} adrf_t;

/*
 * Functions that manipulate bytes from an audit file
 */

extern void	adr_char(adr_t *, char *, int);
extern int	adr_count(adr_t *);
extern void	adr_int32(adr_t *, int32_t *, int);
extern void	adr_int64(adr_t *, int64_t *, int);
extern void	adr_short(adr_t *, short *, int);
extern void	adr_start(adr_t *, char *);

extern int	adrf_char(adrf_t *, char *, int);
extern int	adrf_int32(adrf_t *, int32_t *, int);
extern int	adrf_int64(adrf_t *, int64_t *, int);
extern int	adrf_short(adrf_t *, short *, int);
extern void	adrf_start(adrf_t *, adr_t *, FILE *);
extern int	adrf_u_char(adrf_t *, uchar_t *, int);
extern int	adrf_u_int32(adrf_t *, uint32_t *, int);
extern int	adrf_u_int64(adrf_t *, uint64_t *, int);
extern int	adrf_u_short(adrf_t *, ushort_t *, int);

/*
 * Functions that manipulate bytes from an audit character stream.
 */

extern void	adrm_start(adr_t *, char *);
extern void	adrm_char(adr_t *, char *, int);
extern void	adrm_short(adr_t *, short *, int);
extern void	adrm_int64(adr_t *, int64_t *, int);
extern void	adrm_int32(adr_t *, int32_t *, int);
extern void	adrm_u_int32(adr_t *, uint32_t *, int);
extern void	adrm_u_char(adr_t *, uchar_t *, int);
extern void	adrm_u_int64(adr_t *, uint64_t *, int);
extern void	adrm_u_short(adr_t *, ushort_t *, int);
extern void	adrm_putint32(adr_t *, int32_t *, int);

/*
 * Functions that do I/O for audit files
 */

extern int	au_close(int, int, short);
extern int	au_open(void);
extern int	au_write(int, token_t *);
extern int	au_read_rec(FILE *, char **);
extern int	au_fetch_tok(au_token_t *, char *, int);
extern int	au_print_tok(FILE *, au_token_t *, char *, char *, char *, int);

/*
 * Functions than manipulate audit events
 */

extern void	setauevent(void);
extern void	endauevent(void);
extern int	setaueventfile(char *);

extern au_event_ent_t	*getauevent(void);
extern au_event_ent_t	*getauevent_r(au_event_ent_t *);
extern au_event_ent_t	*getauevnam(char *);
extern au_event_ent_t	*getauevnam_r(au_event_ent_t *, char *);
extern au_event_ent_t	*getauevnum(au_event_t);
extern au_event_ent_t	*getauevnum_r(au_event_ent_t *, au_event_t);
extern au_event_t	getauevnonam(char *);
extern int		au_preselect(au_event_t, au_mask_t *, int, int);
extern int		cacheauevent(au_event_ent_t **, au_event_t);

/*
 * Functions that manipulate audit classes
 */

extern void	setauclass(void);
extern void	endauclass(void);
extern int	setauclassfile(char *);

extern int	cacheauclass(au_class_ent_t **, au_class_t);
extern int	cacheauclassnam(au_class_ent_t **, char *);
extern au_class_ent_t *getauclassent(void);
extern au_class_ent_t *getauclassent_r(au_class_ent_t *);
extern au_class_ent_t *getauclassnam(char *);
extern au_class_ent_t *getauclassnam_r(au_class_ent_t *, char *);

/*
 * Functions that manipulate audit attributes of users
 */

void	setauuser(void);
void	endauuser(void);
int	setauuserfile(char *);

au_user_ent_t *getauuserent(void);
au_user_ent_t *getauuserent_r(au_user_ent_t *);
au_user_ent_t *getauusernam(char *);
au_user_ent_t *getauusernam_r(au_user_ent_t *, char *);

/*
 * Functions that manipulate the audit control file
 */

void	endac(void);
void	setac(void);
int	testac(void);

int	getacdir(char *, int);
int	getacmin(int *);
int	getacna(char *, int);
int	getacflg(char *, int);

/*
 * Functions that manipulate the audit control file
 */


au_acinfo_t	*_openac(char *);
void		_endac(au_acinfo_t *);
void		_rewindac(au_acinfo_t *);

int		_getacdir(au_acinfo_t *, char *, int);
int		_getaclib(au_acinfo_t *, kva_t **);
int		_getacmin(au_acinfo_t *, int *);
int		_getacna(au_acinfo_t *, char *, int);
int		_getacflg(au_acinfo_t *, char *, int);
int		_getacplug(au_acinfo_t *, kva_t **);

/*
 * Functions that manipulate audit masks
 */

extern int	au_user_mask(char *, au_mask_t *);
extern int	getauditflagsbin(char *, au_mask_t *);
extern int	getauditflagschar(char *, au_mask_t *, int);
extern int	getfauditflags(au_mask_t *, au_mask_t *, au_mask_t *);

/*
 * Functions that do system calls
 */

extern int	audit(char *, int);
extern int	auditon(int, caddr_t, int);
extern int	auditstat(au_stat_t *);
extern int	auditsvc(int, int);
extern int	auditdoor(int);
extern int	audituser(char *);
extern int	getaudit(auditinfo_t *);
extern int	getaudit_addr(auditinfo_addr_t *, int);
extern int	getauid(au_id_t *);
extern int	getkernstate(au_mask_t *);
extern int	getuseraudit(au_id_t, au_mask_t *);
extern int	setaudit(auditinfo_t *);
extern int	setaudit_addr(auditinfo_addr_t *, int);
extern int	setauid(au_id_t *);
extern int	setkernstate(au_mask_t *);
extern int	setuseraudit(au_id_t, au_mask_t *);

#define	BSM_TEXTBUFSZ	256 /* size of string for generic text token */

/*
 * Defines for au_preselect(3)
 */
#define	AU_PRS_SUCCESS	1
#define	AU_PRS_FAILURE	2
#define	AU_PRS_BOTH	(AU_PRS_SUCCESS|AU_PRS_FAILURE)

#define	AU_PRS_USECACHE	0
#define	AU_PRS_REREAD	1

/*
 * Defines for cacheauclass and cacheauevent
 */
#define	AU_CACHE_FREE	0x0000
#define	AU_CACHE_NAME	0x0001
#define	AU_CACHE_NUMBER	0x0002

/* Flags for user-level audit routines: au_open, au_close, au_to_ */
#define	AU_TO_NO_WRITE	0
#define	AU_TO_WRITE	1

/* Flags for user-level audit routine: au_fetch_tok */
#define	AUF_NOOP	0x0000
#define	AUF_POINT	0x0001
#define	AUF_DUP		0x0002
#define	AUF_COPY_IN	0x0004
#define	AUF_SKIP	0x0008

/* system audit files for auditd */
#define	AUDITCLASSFILE		"/etc/security/audit_class"
#define	AUDITCONTROLFILE	"/etc/security/audit_control"
#define	AUDITDATAFILE		"/etc/security/audit_data"
#define	AUDITEVENTFILE		"/etc/security/audit_event"
#define	AUDITUSERFILE		"/etc/security/audit_user"

/* array sizes for audit library structures */
#define	AU_CLASS_NAME_MAX	8
#define	AU_CLASS_DESC_MAX	72
#define	AU_EVENT_NAME_MAX	30
#define	AU_EVENT_DESC_MAX	50
#define	AU_EVENT_LINE_MAX	256

/*
 * Some macros used internally by the nsswitch code
 */
#define	AUDITUSER_FILENAME		"/etc/security/audit_user"
#define	AUDITUSER_DB_NAME		"audit_user.org_dir"
#define	AUDITUSER_DB_NCOL		3	/* total columns */
#define	AUDITUSER_DB_NKEYCOL		1	/* total searchable columns */
#define	AUDITUSER_DB_TBLT		"audit_user_tbl"
#define	AUDITUSER_SUCCESS		0
#define	AUDITUSER_PARSE_ERANGE		1
#define	AUDITUSER_NOT_FOUND		2

#define	AUDITUSER_COL0_KW		"name"
#define	AUDITUSER_COL1_KW		"always"
#define	AUDITUSER_COL2_KW		"never"

/*
 * indices of searchable columns
 */
#define	AUDITUSER_KEYCOL0		0	/* name */


#ifdef	__cplusplus
}
#endif

#endif	/* _BSM_LIBBSM_H */