17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 545916cd2Sjpk * Common Development and Distribution License (the "License"). 645916cd2Sjpk * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22005d3febSMarek Pospisil * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #ifndef _BSM_AUDIT_RECORD_H 277c478bd9Sstevel@tonic-gate #define _BSM_AUDIT_RECORD_H 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate #ifdef _KERNEL 317c478bd9Sstevel@tonic-gate #include <sys/priv.h> 327c478bd9Sstevel@tonic-gate #else 337c478bd9Sstevel@tonic-gate #include <priv.h> 347c478bd9Sstevel@tonic-gate #endif 357c478bd9Sstevel@tonic-gate #include <sys/socket.h> 367c478bd9Sstevel@tonic-gate #include <sys/acl.h> 377c478bd9Sstevel@tonic-gate 387c478bd9Sstevel@tonic-gate #include <sys/tsol/label.h> 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate #ifdef __cplusplus 417c478bd9Sstevel@tonic-gate extern "C" { 427c478bd9Sstevel@tonic-gate #endif 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate /* 457c478bd9Sstevel@tonic-gate * Version of audit attributes 467c478bd9Sstevel@tonic-gate * 477c478bd9Sstevel@tonic-gate * OS Release Version Number Comments 487c478bd9Sstevel@tonic-gate * ========== ============== ======== 497c478bd9Sstevel@tonic-gate * SunOS 5.1 2 Unbundled Package 507c478bd9Sstevel@tonic-gate * SunOS 5.3 2 Bundled into the base OS 517c478bd9Sstevel@tonic-gate * SunOS 5.4-5.x 2 527c478bd9Sstevel@tonic-gate * Trusted Solaris 2.5 3 To distinguish potential new tokens 537c478bd9Sstevel@tonic-gate * Trusted Solaris 7-8 4 Redefine X tokens that overlap with 547c478bd9Sstevel@tonic-gate * SunOS 5.7 557c478bd9Sstevel@tonic-gate */ 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gate #define TOKEN_VERSION 2 587c478bd9Sstevel@tonic-gate 597c478bd9Sstevel@tonic-gate /* 607c478bd9Sstevel@tonic-gate * Audit record token type codes 617c478bd9Sstevel@tonic-gate */ 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate /* 647c478bd9Sstevel@tonic-gate * Control token types 657c478bd9Sstevel@tonic-gate */ 667c478bd9Sstevel@tonic-gate 677c478bd9Sstevel@tonic-gate #define AUT_INVALID ((char)0x00) 687c478bd9Sstevel@tonic-gate #define AUT_OTHER_FILE ((char)0x11) 697c478bd9Sstevel@tonic-gate #define AUT_OTHER_FILE32 AUT_OTHER_FILE 707c478bd9Sstevel@tonic-gate #define AUT_OHEADER ((char)0x12) 717c478bd9Sstevel@tonic-gate #define AUT_TRAILER ((char)0x13) 727c478bd9Sstevel@tonic-gate #define AUT_HEADER ((char)0x14) 737c478bd9Sstevel@tonic-gate #define AUT_HEADER32 AUT_HEADER 747c478bd9Sstevel@tonic-gate #define AUT_HEADER32_EX ((char)0x15) 757c478bd9Sstevel@tonic-gate #define AUT_TRAILER_MAGIC ((short)0xB105) 767c478bd9Sstevel@tonic-gate 777c478bd9Sstevel@tonic-gate /* 787c478bd9Sstevel@tonic-gate * Data token types 797c478bd9Sstevel@tonic-gate */ 807c478bd9Sstevel@tonic-gate 81103b2b15Sgww #define AUT_FMRI ((char)0x20) 827c478bd9Sstevel@tonic-gate #define AUT_DATA ((char)0x21) 837c478bd9Sstevel@tonic-gate #define AUT_IPC ((char)0x22) 847c478bd9Sstevel@tonic-gate #define AUT_PATH ((char)0x23) 857c478bd9Sstevel@tonic-gate #define AUT_SUBJECT ((char)0x24) 867c478bd9Sstevel@tonic-gate #define AUT_SUBJECT32 AUT_SUBJECT 877c478bd9Sstevel@tonic-gate #define AUT_XATPATH ((char)0x25) 887c478bd9Sstevel@tonic-gate #define AUT_PROCESS ((char)0x26) 897c478bd9Sstevel@tonic-gate #define AUT_PROCESS32 AUT_PROCESS 907c478bd9Sstevel@tonic-gate #define AUT_RETURN ((char)0x27) 917c478bd9Sstevel@tonic-gate #define AUT_RETURN32 AUT_RETURN 927c478bd9Sstevel@tonic-gate #define AUT_TEXT ((char)0x28) 937c478bd9Sstevel@tonic-gate #define AUT_OPAQUE ((char)0x29) 947c478bd9Sstevel@tonic-gate #define AUT_IN_ADDR ((char)0x2A) 957c478bd9Sstevel@tonic-gate #define AUT_IP ((char)0x2B) 967c478bd9Sstevel@tonic-gate #define AUT_IPORT ((char)0x2C) 977c478bd9Sstevel@tonic-gate #define AUT_ARG ((char)0x2D) 987c478bd9Sstevel@tonic-gate #define AUT_ARG32 AUT_ARG 997c478bd9Sstevel@tonic-gate #define AUT_SOCKET ((char)0x2E) 1007c478bd9Sstevel@tonic-gate #define AUT_SEQ ((char)0x2F) 101*047f6e6fSgww #define AUT_USER ((char)0x36) /* out of order */ 102*047f6e6fSgww #define AUT_TID ((char)0x61) /* out of order */ 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate /* 1057c478bd9Sstevel@tonic-gate * Modifier token types 1067c478bd9Sstevel@tonic-gate */ 1077c478bd9Sstevel@tonic-gate 1087c478bd9Sstevel@tonic-gate #define AUT_ACL ((char)0x30) 1097c478bd9Sstevel@tonic-gate #define AUT_ATTR ((char)0x31) 1107c478bd9Sstevel@tonic-gate #define AUT_IPC_PERM ((char)0x32) 1117c478bd9Sstevel@tonic-gate #define AUT_LABEL ((char)0x33) 1127c478bd9Sstevel@tonic-gate #define AUT_GROUPS ((char)0x34) 113a7746f66Stz #define AUT_ACE ((char)0x35) 114*047f6e6fSgww /* 0x37 unused */ 1157c478bd9Sstevel@tonic-gate #define AUT_PRIV ((char)0x38) 1167c478bd9Sstevel@tonic-gate #define AUT_UPRIV ((char)0x39) 1177c478bd9Sstevel@tonic-gate #define AUT_LIAISON ((char)0x3A) 1187c478bd9Sstevel@tonic-gate #define AUT_NEWGROUPS ((char)0x3B) 1197c478bd9Sstevel@tonic-gate #define AUT_EXEC_ARGS ((char)0x3C) 1207c478bd9Sstevel@tonic-gate #define AUT_EXEC_ENV ((char)0x3D) 1217c478bd9Sstevel@tonic-gate #define AUT_ATTR32 ((char)0x3E) 1227c478bd9Sstevel@tonic-gate #define AUT_UAUTH ((char)0x3F) 123*047f6e6fSgww #define AUT_ZONENAME ((char)0x60) /* out of order */ 1247c478bd9Sstevel@tonic-gate 1257c478bd9Sstevel@tonic-gate /* 1267c478bd9Sstevel@tonic-gate * X windows token types 1277c478bd9Sstevel@tonic-gate */ 1287c478bd9Sstevel@tonic-gate 1297c478bd9Sstevel@tonic-gate #define AUT_XATOM ((char)0x40) 1307c478bd9Sstevel@tonic-gate #define AUT_XOBJ ((char)0x41) 1317c478bd9Sstevel@tonic-gate #define AUT_XPROTO ((char)0x42) 1327c478bd9Sstevel@tonic-gate #define AUT_XSELECT ((char)0x43) 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate #if TOKEN_VERSION != 3 1357c478bd9Sstevel@tonic-gate #define AUT_XCOLORMAP ((char)0x44) 1367c478bd9Sstevel@tonic-gate #define AUT_XCURSOR ((char)0x45) 1377c478bd9Sstevel@tonic-gate #define AUT_XFONT ((char)0x46) 1387c478bd9Sstevel@tonic-gate #define AUT_XGC ((char)0x47) 1397c478bd9Sstevel@tonic-gate #define AUT_XPIXMAP ((char)0x48) 1407c478bd9Sstevel@tonic-gate #define AUT_XPROPERTY ((char)0x49) 1417c478bd9Sstevel@tonic-gate #define AUT_XWINDOW ((char)0x4A) 1427c478bd9Sstevel@tonic-gate #define AUT_XCLIENT ((char)0x4B) 1437c478bd9Sstevel@tonic-gate #else /* TOKEN_VERSION == 3 */ 1447c478bd9Sstevel@tonic-gate #define AUT_XCOLORMAP ((char)0x74) 1457c478bd9Sstevel@tonic-gate #define AUT_XCURSOR ((char)0x75) 1467c478bd9Sstevel@tonic-gate #define AUT_XFONT ((char)0x76) 1477c478bd9Sstevel@tonic-gate #define AUT_XGC ((char)0x77) 1487c478bd9Sstevel@tonic-gate #define AUT_XPIXMAP ((char)0x78) 1497c478bd9Sstevel@tonic-gate #define AUT_XPROPERTY ((char)0x79) 1507c478bd9Sstevel@tonic-gate #define AUT_XWINDOW ((char)0x7A) 1517c478bd9Sstevel@tonic-gate #define AUT_XCLIENT ((char)0x7B) 1527c478bd9Sstevel@tonic-gate #endif /* TOKEN_VERSION != 3 */ 1537c478bd9Sstevel@tonic-gate 1547c478bd9Sstevel@tonic-gate /* 1557c478bd9Sstevel@tonic-gate * Command token types 1567c478bd9Sstevel@tonic-gate */ 1577c478bd9Sstevel@tonic-gate 1587c478bd9Sstevel@tonic-gate #define AUT_CMD ((char)0x51) 1597c478bd9Sstevel@tonic-gate #define AUT_EXIT ((char)0x52) 1607c478bd9Sstevel@tonic-gate 1617c478bd9Sstevel@tonic-gate /* 1627c478bd9Sstevel@tonic-gate * Miscellaneous token types 1637c478bd9Sstevel@tonic-gate */ 1647c478bd9Sstevel@tonic-gate 1657c478bd9Sstevel@tonic-gate #define AUT_HOST ((char)0x70) 1667c478bd9Sstevel@tonic-gate 1677c478bd9Sstevel@tonic-gate /* 1687c478bd9Sstevel@tonic-gate * Solaris64 token types 1697c478bd9Sstevel@tonic-gate */ 1707c478bd9Sstevel@tonic-gate 1717c478bd9Sstevel@tonic-gate #define AUT_ARG64 ((char)0x71) 1727c478bd9Sstevel@tonic-gate #define AUT_RETURN64 ((char)0x72) 1737c478bd9Sstevel@tonic-gate #define AUT_ATTR64 ((char)0x73) 1747c478bd9Sstevel@tonic-gate #define AUT_HEADER64 ((char)0x74) 1757c478bd9Sstevel@tonic-gate #define AUT_SUBJECT64 ((char)0x75) 1767c478bd9Sstevel@tonic-gate #define AUT_PROCESS64 ((char)0x77) 1777c478bd9Sstevel@tonic-gate #define AUT_OTHER_FILE64 ((char)0x78) 1787c478bd9Sstevel@tonic-gate 1797c478bd9Sstevel@tonic-gate /* 1807c478bd9Sstevel@tonic-gate * Extended network address token types 1817c478bd9Sstevel@tonic-gate */ 1827c478bd9Sstevel@tonic-gate 1837c478bd9Sstevel@tonic-gate #define AUT_HEADER64_EX ((char)0x79) 1847c478bd9Sstevel@tonic-gate #define AUT_SUBJECT32_EX ((char)0x7a) 1857c478bd9Sstevel@tonic-gate #define AUT_PROCESS32_EX ((char)0x7b) 1867c478bd9Sstevel@tonic-gate #define AUT_SUBJECT64_EX ((char)0x7c) 1877c478bd9Sstevel@tonic-gate #define AUT_PROCESS64_EX ((char)0x7d) 1887c478bd9Sstevel@tonic-gate #define AUT_IN_ADDR_EX ((char)0x7e) 1897c478bd9Sstevel@tonic-gate #define AUT_SOCKET_EX ((char)0x7f) 1907c478bd9Sstevel@tonic-gate 1917c478bd9Sstevel@tonic-gate 1927c478bd9Sstevel@tonic-gate /* 1937c478bd9Sstevel@tonic-gate * Audit print suggestion types. 1947c478bd9Sstevel@tonic-gate */ 1957c478bd9Sstevel@tonic-gate 1967c478bd9Sstevel@tonic-gate #define AUP_BINARY ((char)0) 1977c478bd9Sstevel@tonic-gate #define AUP_OCTAL ((char)1) 1987c478bd9Sstevel@tonic-gate #define AUP_DECIMAL ((char)2) 1997c478bd9Sstevel@tonic-gate #define AUP_HEX ((char)3) 2007c478bd9Sstevel@tonic-gate #define AUP_STRING ((char)4) 2017c478bd9Sstevel@tonic-gate 2027c478bd9Sstevel@tonic-gate /* 2037c478bd9Sstevel@tonic-gate * Audit data member types. 2047c478bd9Sstevel@tonic-gate */ 2057c478bd9Sstevel@tonic-gate 2067c478bd9Sstevel@tonic-gate #define AUR_BYTE ((char)0) 2077c478bd9Sstevel@tonic-gate #define AUR_CHAR ((char)0) 2087c478bd9Sstevel@tonic-gate #define AUR_SHORT ((char)1) 2097c478bd9Sstevel@tonic-gate #define AUR_INT ((char)2) 2107c478bd9Sstevel@tonic-gate #define AUR_INT32 ((char)2) 2117c478bd9Sstevel@tonic-gate #define AUR_INT64 ((char)3) 2127c478bd9Sstevel@tonic-gate 2137c478bd9Sstevel@tonic-gate /* 2147c478bd9Sstevel@tonic-gate * Adr structures 2157c478bd9Sstevel@tonic-gate */ 2167c478bd9Sstevel@tonic-gate 2177c478bd9Sstevel@tonic-gate struct adr_s { 2187c478bd9Sstevel@tonic-gate char *adr_stream; /* The base of the stream */ 2197c478bd9Sstevel@tonic-gate char *adr_now; /* The location within the stream */ 2207c478bd9Sstevel@tonic-gate }; 2217c478bd9Sstevel@tonic-gate 2227c478bd9Sstevel@tonic-gate typedef struct adr_s adr_t; 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate 2257c478bd9Sstevel@tonic-gate #ifdef _KERNEL 2267c478bd9Sstevel@tonic-gate 2277c478bd9Sstevel@tonic-gate #include <sys/param.h> 2287c478bd9Sstevel@tonic-gate #include <sys/systm.h> /* for rval */ 2297c478bd9Sstevel@tonic-gate #include <sys/time.h> 2307c478bd9Sstevel@tonic-gate #include <sys/types.h> 2317c478bd9Sstevel@tonic-gate #include <sys/vnode.h> 2327c478bd9Sstevel@tonic-gate #include <sys/mode.h> 2337c478bd9Sstevel@tonic-gate #include <sys/user.h> 2347c478bd9Sstevel@tonic-gate #include <sys/session.h> 2357c478bd9Sstevel@tonic-gate #include <sys/ipc_impl.h> 2367c478bd9Sstevel@tonic-gate #include <netinet/in_systm.h> 2377c478bd9Sstevel@tonic-gate #include <netinet/in.h> 2387c478bd9Sstevel@tonic-gate #include <netinet/ip.h> 2397c478bd9Sstevel@tonic-gate #include <sys/socket.h> 2407c478bd9Sstevel@tonic-gate #include <net/route.h> 2417c478bd9Sstevel@tonic-gate #include <netinet/in_pcb.h> 2427c478bd9Sstevel@tonic-gate 2437c478bd9Sstevel@tonic-gate /* 2447c478bd9Sstevel@tonic-gate * au_close flag arguments 2457c478bd9Sstevel@tonic-gate */ 2467c478bd9Sstevel@tonic-gate 2477c478bd9Sstevel@tonic-gate #define AU_OK 0x1 /* Good audit record */ 2487c478bd9Sstevel@tonic-gate #define AU_DONTBLOCK 0x2 /* Don't block or discard if queue full */ 2497c478bd9Sstevel@tonic-gate #define AU_DEFER 0x4 /* Defer record queueing to syscall end */ 2507c478bd9Sstevel@tonic-gate 2517c478bd9Sstevel@tonic-gate /* 2527c478bd9Sstevel@tonic-gate * Audit token type is really an au_membuf pointer 2537c478bd9Sstevel@tonic-gate */ 2547c478bd9Sstevel@tonic-gate typedef au_buff_t token_t; 2557c478bd9Sstevel@tonic-gate /* 2567c478bd9Sstevel@tonic-gate * token generation functions 2577c478bd9Sstevel@tonic-gate */ 2587c478bd9Sstevel@tonic-gate token_t *au_append_token(token_t *, token_t *); 2597c478bd9Sstevel@tonic-gate token_t *au_set(caddr_t, uint_t); 2607c478bd9Sstevel@tonic-gate 2617c478bd9Sstevel@tonic-gate void au_free_rec(au_buff_t *); 2627c478bd9Sstevel@tonic-gate 2637c478bd9Sstevel@tonic-gate #define au_getclr() ((token_t *)au_get_buff()) 2647c478bd9Sstevel@tonic-gate #define au_toss_token(tok) (au_free_rec((au_buff_t *)(tok))) 2657c478bd9Sstevel@tonic-gate 2667c478bd9Sstevel@tonic-gate token_t *au_to_acl(); 267a7746f66Stz token_t *au_to_ace(); 2687c478bd9Sstevel@tonic-gate token_t *au_to_attr(struct vattr *); 2697c478bd9Sstevel@tonic-gate token_t *au_to_data(char, char, char, char *); 2707c478bd9Sstevel@tonic-gate token_t *au_to_header(int, au_event_t, au_emod_t); 2717c478bd9Sstevel@tonic-gate token_t *au_to_header_ex(int, au_event_t, au_emod_t); 2727c478bd9Sstevel@tonic-gate token_t *au_to_ipc(char, int); 2737c478bd9Sstevel@tonic-gate token_t *au_to_ipc_perm(kipc_perm_t *); 2747c478bd9Sstevel@tonic-gate token_t *au_to_iport(ushort_t); 2757c478bd9Sstevel@tonic-gate token_t *au_to_in_addr(struct in_addr *); 2767c478bd9Sstevel@tonic-gate token_t *au_to_in_addr_ex(int32_t *); 2777c478bd9Sstevel@tonic-gate token_t *au_to_ip(struct ip *); 2787c478bd9Sstevel@tonic-gate token_t *au_to_groups(const gid_t *, uint_t); 2797c478bd9Sstevel@tonic-gate token_t *au_to_path(struct audit_path *); 2807c478bd9Sstevel@tonic-gate token_t *au_to_seq(); 2817c478bd9Sstevel@tonic-gate token_t *au_to_process(uid_t, gid_t, uid_t, gid_t, pid_t, 2827c478bd9Sstevel@tonic-gate au_id_t, au_asid_t, const au_tid_addr_t *); 2837c478bd9Sstevel@tonic-gate token_t *au_to_subject(uid_t, gid_t, uid_t, gid_t, pid_t, 2847c478bd9Sstevel@tonic-gate au_id_t, au_asid_t, const au_tid_addr_t *); 2857c478bd9Sstevel@tonic-gate token_t *au_to_return32(int, int32_t); 2867c478bd9Sstevel@tonic-gate token_t *au_to_return64(int, int64_t); 2877c478bd9Sstevel@tonic-gate token_t *au_to_text(const char *); 2887c478bd9Sstevel@tonic-gate /* token_t *au_to_tid(au_generic_tid_t *); no kernel implementation */ 2897c478bd9Sstevel@tonic-gate token_t *au_to_trailer(int); 2907c478bd9Sstevel@tonic-gate token_t *au_to_uauth(char *); 2911d7bfecdStz size_t au_zonename_length(zone_t *); 2921d7bfecdStz token_t *au_to_zonename(size_t, zone_t *); 2937c478bd9Sstevel@tonic-gate token_t *au_to_arg32(char, char *, uint32_t); 2947c478bd9Sstevel@tonic-gate token_t *au_to_arg64(char, char *, uint64_t); 2957c478bd9Sstevel@tonic-gate token_t *au_to_socket_ex(short, short, char *, char *); 2967c478bd9Sstevel@tonic-gate token_t *au_to_sock_inet(struct sockaddr_in *); 2977c478bd9Sstevel@tonic-gate token_t *au_to_exec_args(const char *, ssize_t); 2987c478bd9Sstevel@tonic-gate token_t *au_to_exec_env(const char *, ssize_t); 29945916cd2Sjpk token_t *au_to_label(bslabel_t *); 3007c478bd9Sstevel@tonic-gate token_t *au_to_privset(const char *, const priv_set_t *, char, int); 3017c478bd9Sstevel@tonic-gate 3027c478bd9Sstevel@tonic-gate void au_uwrite(); 303005d3febSMarek Pospisil void au_close(au_kcontext_t *, caddr_t *, int, au_event_t, au_emod_t, 304005d3febSMarek Pospisil timestruc_t *); 305005d3febSMarek Pospisil void au_close_defer(token_t *, int, au_event_t, au_emod_t, timestruc_t *); 3067c478bd9Sstevel@tonic-gate void au_close_time(au_kcontext_t *, token_t *, int, au_event_t, au_emod_t, 3077c478bd9Sstevel@tonic-gate timestruc_t *); 3087c478bd9Sstevel@tonic-gate void au_free_rec(au_buff_t *); 3097c478bd9Sstevel@tonic-gate void au_write(caddr_t *, token_t *); 3107c478bd9Sstevel@tonic-gate void au_mem_init(void); 3117c478bd9Sstevel@tonic-gate void au_zone_setup(); 3127c478bd9Sstevel@tonic-gate void au_enqueue(au_kcontext_t *, au_buff_t *, adr_t *, adr_t *, int, int); 3137c478bd9Sstevel@tonic-gate int au_doorio(au_kcontext_t *); 3147c478bd9Sstevel@tonic-gate int au_doormsg(au_kcontext_t *, uint32_t, void *); 3157c478bd9Sstevel@tonic-gate int au_token_size(token_t *); 3167c478bd9Sstevel@tonic-gate int au_append_rec(au_buff_t *, au_buff_t *, int); 3177c478bd9Sstevel@tonic-gate int au_append_buf(const char *, int, au_buff_t *); 3187c478bd9Sstevel@tonic-gate 3197c478bd9Sstevel@tonic-gate #else /* !_KERNEL */ 3207c478bd9Sstevel@tonic-gate 3217c478bd9Sstevel@tonic-gate #include <limits.h> 3227c478bd9Sstevel@tonic-gate #include <sys/types.h> 3237c478bd9Sstevel@tonic-gate #include <sys/vnode.h> 3247c478bd9Sstevel@tonic-gate #include <netinet/in_systm.h> 3257c478bd9Sstevel@tonic-gate #include <netinet/in.h> 3267c478bd9Sstevel@tonic-gate #include <netinet/ip.h> 3277c478bd9Sstevel@tonic-gate #include <sys/ipc.h> 3287c478bd9Sstevel@tonic-gate 3297c478bd9Sstevel@tonic-gate struct token_s { 3307c478bd9Sstevel@tonic-gate struct token_s *tt_next; /* Next in the list */ 3317c478bd9Sstevel@tonic-gate short tt_size; /* Size of data */ 3327c478bd9Sstevel@tonic-gate char *tt_data; /* The data */ 3337c478bd9Sstevel@tonic-gate }; 3347c478bd9Sstevel@tonic-gate typedef struct token_s token_t; 3357c478bd9Sstevel@tonic-gate 3367c478bd9Sstevel@tonic-gate /* 3377c478bd9Sstevel@tonic-gate * Old socket structure definition, formerly in <sys/socketvar.h> 3387c478bd9Sstevel@tonic-gate */ 3397c478bd9Sstevel@tonic-gate struct oldsocket { 3407c478bd9Sstevel@tonic-gate short so_type; /* generic type, see socket.h */ 3417c478bd9Sstevel@tonic-gate short so_options; /* from socket call, see socket.h */ 3427c478bd9Sstevel@tonic-gate short so_linger; /* time to linger while closing */ 3437c478bd9Sstevel@tonic-gate short so_state; /* internal state flags SS_*, below */ 3447c478bd9Sstevel@tonic-gate struct inpcb *so_pcb; /* protocol control block */ 3457c478bd9Sstevel@tonic-gate struct protosw *so_proto; /* protocol handle */ 3467c478bd9Sstevel@tonic-gate /* 3477c478bd9Sstevel@tonic-gate * Variables for connection queueing. 3487c478bd9Sstevel@tonic-gate * Socket where accepts occur is so_head in all subsidiary sockets. 3497c478bd9Sstevel@tonic-gate * If so_head is 0, socket is not related to an accept. 3507c478bd9Sstevel@tonic-gate * For head socket so_q0 queues partially completed connections, 3517c478bd9Sstevel@tonic-gate * while so_q is a queue of connections ready to be accepted. 3527c478bd9Sstevel@tonic-gate * If a connection is aborted and it has so_head set, then 3537c478bd9Sstevel@tonic-gate * it has to be pulled out of either so_q0 or so_q. 3547c478bd9Sstevel@tonic-gate * We allow connections to queue up based on current queue lengths 3557c478bd9Sstevel@tonic-gate * and limit on number of queued connections for this socket. 3567c478bd9Sstevel@tonic-gate */ 3577c478bd9Sstevel@tonic-gate struct oldsocket *so_head; /* back pointer to accept socket */ 3587c478bd9Sstevel@tonic-gate struct oldsocket *so_q0; /* queue of partial connections */ 3597c478bd9Sstevel@tonic-gate struct oldsocket *so_q; /* queue of incoming connections */ 3607c478bd9Sstevel@tonic-gate short so_q0len; /* partials on so_q0 */ 3617c478bd9Sstevel@tonic-gate short so_qlen; /* number of connections on so_q */ 3627c478bd9Sstevel@tonic-gate short so_qlimit; /* max number queued connections */ 3637c478bd9Sstevel@tonic-gate short so_timeo; /* connection timeout */ 3647c478bd9Sstevel@tonic-gate ushort_t so_error; /* error affecting connection */ 3657c478bd9Sstevel@tonic-gate short so_pgrp; /* pgrp for signals */ 3667c478bd9Sstevel@tonic-gate ulong_t so_oobmark; /* chars to oob mark */ 3677c478bd9Sstevel@tonic-gate /* 3687c478bd9Sstevel@tonic-gate * Variables for socket buffering. 3697c478bd9Sstevel@tonic-gate */ 3707c478bd9Sstevel@tonic-gate struct sockbuf { 3717c478bd9Sstevel@tonic-gate ulong_t sb_cc; /* actual chars in buffer */ 3727c478bd9Sstevel@tonic-gate ulong_t sb_hiwat; /* max actual char count */ 3737c478bd9Sstevel@tonic-gate ulong_t sb_mbcnt; /* chars of mbufs used */ 3747c478bd9Sstevel@tonic-gate ulong_t sb_mbmax; /* max chars of mbufs to use */ 3757c478bd9Sstevel@tonic-gate ulong_t sb_lowat; /* low water mark (not used yet) */ 3767c478bd9Sstevel@tonic-gate struct mbuf *sb_mb; /* the mbuf chain */ 3777c478bd9Sstevel@tonic-gate struct proc *sb_sel; /* process selecting read/write */ 3787c478bd9Sstevel@tonic-gate short sb_timeo; /* timeout (not used yet) */ 3797c478bd9Sstevel@tonic-gate short sb_flags; /* flags, see below */ 3807c478bd9Sstevel@tonic-gate } so_rcv, so_snd; 3817c478bd9Sstevel@tonic-gate /* 3827c478bd9Sstevel@tonic-gate * Hooks for alternative wakeup strategies. 3837c478bd9Sstevel@tonic-gate * These are used by kernel subsystems wishing to access the socket 3847c478bd9Sstevel@tonic-gate * abstraction. If so_wupfunc is nonnull, it is called in place of 3857c478bd9Sstevel@tonic-gate * wakeup any time that wakeup would otherwise be called with an 3867c478bd9Sstevel@tonic-gate * argument whose value is an address lying within a socket structure. 3877c478bd9Sstevel@tonic-gate */ 3887c478bd9Sstevel@tonic-gate struct wupalt *so_wupalt; 3897c478bd9Sstevel@tonic-gate }; 3907c478bd9Sstevel@tonic-gate extern token_t *au_to_arg32(char, char *, uint32_t); 3917c478bd9Sstevel@tonic-gate extern token_t *au_to_arg64(char, char *, uint64_t); 3927c478bd9Sstevel@tonic-gate extern token_t *au_to_acl(struct acl *); 3937c478bd9Sstevel@tonic-gate extern token_t *au_to_attr(struct vattr *); 3947c478bd9Sstevel@tonic-gate extern token_t *au_to_cmd(uint_t, char **, char **); 3957c478bd9Sstevel@tonic-gate extern token_t *au_to_data(char, char, char, char *); 3967c478bd9Sstevel@tonic-gate extern token_t *au_to_exec_args(char **); 3977c478bd9Sstevel@tonic-gate extern token_t *au_to_exec_env(char **); 3987c478bd9Sstevel@tonic-gate extern token_t *au_to_exit(int, int); 399103b2b15Sgww extern token_t *au_to_fmri(char *); 4007c478bd9Sstevel@tonic-gate extern token_t *au_to_groups(int *); 4017c478bd9Sstevel@tonic-gate extern token_t *au_to_newgroups(int, gid_t *); 4027c478bd9Sstevel@tonic-gate extern token_t *au_to_header(au_event_t, au_emod_t); 4037c478bd9Sstevel@tonic-gate extern token_t *au_to_header_ex(au_event_t, au_emod_t); 4047c478bd9Sstevel@tonic-gate extern token_t *au_to_in_addr(struct in_addr *); 405f72effdeSgww extern token_t *au_to_in_addr_ex(struct in6_addr *); 4067c478bd9Sstevel@tonic-gate extern token_t *au_to_ipc(char, int); 4077c478bd9Sstevel@tonic-gate extern token_t *au_to_ipc_perm(struct ipc_perm *); 4087c478bd9Sstevel@tonic-gate extern token_t *au_to_iport(ushort_t); 4097c478bd9Sstevel@tonic-gate extern token_t *au_to_me(void); 41045916cd2Sjpk extern token_t *au_to_mylabel(void); 4117c478bd9Sstevel@tonic-gate extern token_t *au_to_opaque(char *, short); 4127c478bd9Sstevel@tonic-gate extern token_t *au_to_path(char *); 4137c478bd9Sstevel@tonic-gate extern token_t *au_to_privset(const char *, const priv_set_t *); 4147c478bd9Sstevel@tonic-gate extern token_t *au_to_process(au_id_t, uid_t, gid_t, uid_t, gid_t, 4157c478bd9Sstevel@tonic-gate pid_t, au_asid_t, au_tid_t *); 4167c478bd9Sstevel@tonic-gate extern token_t *au_to_process_ex(au_id_t, uid_t, gid_t, uid_t, gid_t, 4177c478bd9Sstevel@tonic-gate pid_t, au_asid_t, au_tid_addr_t *); 4187c478bd9Sstevel@tonic-gate extern token_t *au_to_return32(char, uint32_t); 4197c478bd9Sstevel@tonic-gate extern token_t *au_to_return64(char, uint64_t); 4207c478bd9Sstevel@tonic-gate extern token_t *au_to_seq(int); 42181490fd2Sgww extern token_t *au_to_label(m_label_t *); 4227c478bd9Sstevel@tonic-gate extern token_t *au_to_socket(struct oldsocket *); 4237c478bd9Sstevel@tonic-gate extern token_t *au_to_subject(au_id_t, uid_t, gid_t, uid_t, gid_t, 4247c478bd9Sstevel@tonic-gate pid_t, au_asid_t, au_tid_t *); 4257c478bd9Sstevel@tonic-gate extern token_t *au_to_subject_ex(au_id_t, uid_t, gid_t, uid_t, gid_t, 4267c478bd9Sstevel@tonic-gate pid_t, au_asid_t, au_tid_addr_t *); 4277c478bd9Sstevel@tonic-gate extern token_t *au_to_text(char *); 4287c478bd9Sstevel@tonic-gate extern token_t *au_to_tid(au_generic_tid_t *); 4297c478bd9Sstevel@tonic-gate extern token_t *au_to_trailer(void); 4307c478bd9Sstevel@tonic-gate extern token_t *au_to_uauth(char *); 43161e717d6Sgww extern token_t *au_to_upriv(char, char *); 432*047f6e6fSgww extern token_t *au_to_user(uid_t, char *); 43361e717d6Sgww extern token_t *au_to_xatom(char *); 43461e717d6Sgww extern token_t *au_to_xselect(char *, char *, char *); 43561e717d6Sgww extern token_t *au_to_xcolormap(int32_t, uid_t); 43661e717d6Sgww extern token_t *au_to_xcursor(int32_t, uid_t); 43761e717d6Sgww extern token_t *au_to_xfont(int32_t, uid_t); 43861e717d6Sgww extern token_t *au_to_xgc(int32_t, uid_t); 43961e717d6Sgww extern token_t *au_to_xpixmap(int32_t, uid_t); 44061e717d6Sgww extern token_t *au_to_xwindow(int32_t, uid_t); 44161e717d6Sgww extern token_t *au_to_xproperty(int32_t, uid_t, char *); 44261e717d6Sgww extern token_t *au_to_xclient(uint32_t); 4437c478bd9Sstevel@tonic-gate extern token_t *au_to_zonename(char *); 4447c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 4457c478bd9Sstevel@tonic-gate 4467c478bd9Sstevel@tonic-gate #ifdef _KERNEL 4477c478bd9Sstevel@tonic-gate 4487c478bd9Sstevel@tonic-gate void adr_char(adr_t *, char *, int); 4497c478bd9Sstevel@tonic-gate void adr_int32(adr_t *, int32_t *, int); 4507c478bd9Sstevel@tonic-gate void adr_uint32(adr_t *, uint32_t *, int); 4517c478bd9Sstevel@tonic-gate void adr_int64(adr_t *, int64_t *, int); 4527c478bd9Sstevel@tonic-gate void adr_uint64(adr_t *, uint64_t *, int); 4537c478bd9Sstevel@tonic-gate void adr_short(adr_t *, short *, int); 4547c478bd9Sstevel@tonic-gate void adr_ushort(adr_t *, ushort_t *, int); 4557c478bd9Sstevel@tonic-gate void adr_start(adr_t *, char *); 4567c478bd9Sstevel@tonic-gate 4577c478bd9Sstevel@tonic-gate char *adr_getchar(adr_t *, char *); 4587c478bd9Sstevel@tonic-gate char *adr_getshort(adr_t *, short *); 4597c478bd9Sstevel@tonic-gate char *adr_getushort(adr_t *, ushort_t *); 4607c478bd9Sstevel@tonic-gate char *adr_getint32(adr_t *, int32_t *); 4617c478bd9Sstevel@tonic-gate char *adr_getuint32(adr_t *, uint32_t *); 4627c478bd9Sstevel@tonic-gate char *adr_getint64(adr_t *, int64_t *); 4637c478bd9Sstevel@tonic-gate char *adr_getuint64(adr_t *, uint64_t *); 4647c478bd9Sstevel@tonic-gate 4657c478bd9Sstevel@tonic-gate int adr_count(adr_t *); 4667c478bd9Sstevel@tonic-gate 4677c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 4687c478bd9Sstevel@tonic-gate 4697c478bd9Sstevel@tonic-gate #ifdef __cplusplus 4707c478bd9Sstevel@tonic-gate } 4717c478bd9Sstevel@tonic-gate #endif 4727c478bd9Sstevel@tonic-gate 4737c478bd9Sstevel@tonic-gate #endif /* _BSM_AUDIT_RECORD_H */ 474