2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A/*
2N/A * adt_xlate.h
2N/A *
2N/A * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
2N/A *
2N/A */
2N/A
2N/A#ifndef _BSM_XLATE_H
2N/A#define _BSM_XLATE_H
2N/A
2N/A#include <priv.h>
2N/A
2N/A#include <bsm/libbsm.h>
2N/A
2N/A#include <tsol/label.h>
2N/A
2N/A#include "adt_event.h"
2N/A
2N/A#ifdef __cplusplus
2N/Aextern "C" {
2N/A#endif
2N/A
2N/A#ifndef TEXT_DOMAIN
2N/A#define TEXT_DOMAIN "SYS_TEST"
2N/A#endif
2N/A
2N/A/*
2N/A * values for adt_session_model
2N/A * In the session model, the session and process are unrelated, so
2N/A * such things as the supplementary group token make no sense. In
2N/A * the process model, the process and session are the same.
2N/A */
2N/A#define ADT_SESSION_MODEL 1
2N/A#define ADT_PROCESS_MODEL 0
2N/A
2N/A#define ADT_HAVE_MASK 0x01
2N/A#define ADT_HAVE_TID 0x02
2N/A#define ADT_HAVE_AUID 0x04
2N/A#define ADT_HAVE_ASID 0x08
2N/A#define ADT_HAVE_IDS 0x10
2N/A#define ADT_HAVE_ALL (uint32_t)\
2N/A (ADT_HAVE_MASK | ADT_HAVE_TID | ADT_HAVE_AUID | ADT_HAVE_ASID |\
2N/A ADT_HAVE_IDS)
2N/A
2N/A/*
2N/A * dummy token types for privilege
2N/A */
2N/A#define ADT_AUT_PRIV_L -100 /* limit set */
2N/A#define ADT_AUT_PRIV_I -101 /* inherited set */
2N/A#define ADT_AUT_PRIV_E -102 /* effective set */
2N/A#define ADT_CMD_ALT -103 /* dummy token type for alternate command */
2N/A#define ADT_IN_PEER -104 /* peer address in_addr and in_port */
2N/A#define ADT_IN_REMOTE -105 /* specified address in_addr */
2N/A
2N/Aenum adt_generic {ADT_GENERIC}; /* base for text enums */
2N/A
2N/Atypedef struct adt_internal_state adt_internal_state_t;
2N/A
2N/Aunion union_of_events {
2N/A union adt_event_data d0;
2N/A};
2N/A
2N/A/*
2N/A * The order of the lists MUST match the order in
2N/A * struct msg_text adt_msg_text that is generated by
2N/A * auditxml in adt_xlate.c.
2N/A */
2N/Aenum adt_msg_list {
2N/A ADT_LIST_DA_ERROR,
2N/A ADT_LIST_FAIL_PAM,
2N/A ADT_LIST_FAIL_VALUE,
2N/A ADT_LIST_LOGIN_TEXT,
2N/A ADT_LIST_TPM_E,
2N/A ADT_LIST_UADMIN_FCN
2N/A};
2N/A
2N/Aenum datatype {ADT_UNDEFINED = 0,
2N/A ADT_DATE,
2N/A ADT_MSG,
2N/A ADT_UINT,
2N/A ADT_INT,
2N/A ADT_INT32,
2N/A ADT_UINT16,
2N/A ADT_UINT32,
2N/A ADT_UINT32STAR,
2N/A ADT_UINT32ARRAY,
2N/A ADT_UID,
2N/A ADT_GID,
2N/A ADT_UIDSTAR,
2N/A ADT_GIDSTAR,
2N/A ADT_UINT64,
2N/A ADT_LONG,
2N/A ADT_ULONG,
2N/A ADT_CHAR,
2N/A ADT_CHARSTAR,
2N/A ADT_CHAR2STAR, /* char ** */
2N/A ADT_PID,
2N/A ADT_PRIVSTAR,
2N/A ADT_TERMIDSTAR,
2N/A ADT_MLABELSTAR,
2N/A ADT_FD,
2N/A ADT_STATSTAR /* (adt_stat_t *) equal to (struct stat64 *) */
2N/A};
2N/Atypedef enum datatype datatype_t;
2N/A
2N/Aunion convert {
2N/A enum adt_generic msg_selector;
2N/A boolean_t tbool;
2N/A uint_t tuint;
2N/A int tint;
2N/A int32_t tint32;
2N/A uint16_t tuint16;
2N/A uint32_t tuint32;
2N/A uint64_t tuint64;
2N/A int32_t *tint32star;
2N/A uint32_t *tuint32star;
2N/A uid_t tuid;
2N/A gid_t tgid;
2N/A uid_t *tuidstar;
2N/A gid_t *tgidstar;
2N/A pid_t tpid;
2N/A long tlong;
2N/A ulong_t tulong;
2N/A char tchar;
2N/A char *tcharstar;
2N/A char **tchar2star;
2N/A au_tid_addr_t *ttermid;
2N/A priv_set_t *tprivstar;
2N/A m_label_t *tm_label;
2N/A fd_t tfd;
2N/A adt_stat_t *tstatstar;
2N/A};
2N/A
2N/Astruct adt_event_state {
2N/A union union_of_events ae_event_data;
2N/A
2N/A /* above is user's area; below is internal. Order matters */
2N/A
2N/A uint_t ae_check; /* see adt_internal_state */
2N/A int ae_event_handle;
2N/A au_event_t ae_event_id; /* external id */
2N/A au_event_t ae_internal_id; /* translated */
2N/A int ae_rc; /* return token status succ/fail */
2N/A int ae_type; /* return token value */
2N/A au_emod_t ae_emod; /* event modifier */
2N/A struct adt_internal_state *ae_session;
2N/A};
2N/A
2N/Astruct datadefs {
2N/A datatype_t dd_datatype; /* input data type */
2N/A size_t dd_input_size; /* input data size */
2N/A};
2N/Atypedef struct datadefs datadef;
2N/A
2N/Atypedef void (* adt_token_func_t)(datadef *, void *, int,
2N/A struct adt_event_state *, char *);
2N/A
2N/Atypedef char *(* adt_msg_func_t)(enum adt_generic);
2N/A
2N/A#define ADT_VALID 0xAAAA5555
2N/A
2N/Astruct adt_internal_state {
2N/A uint32_t as_check; /* == ADT_VALID when created, */
2N/A /* == zero when freed */
2N/A uid_t as_euid;
2N/A uid_t as_ruid;
2N/A gid_t as_egid;
2N/A gid_t as_rgid;
2N/A
2N/A struct auditinfo_addr as_info;
2N/A /*
2N/A * ai_auid audit id
2N/A * ai_mask.am_success pre-selection mask
2N/A * ai_mask.am_failure
2N/A * ai_termid .at_port terminal id
2N/A * .at_type
2N/A * .ai_termid.at_addr[0]
2N/A * .ai_termid.at_addr[1]
2N/A * .ai_termid.at_addr[2]
2N/A * .ai_termid.at_addr[3]
2N/A * ai_asid session id
2N/A */
2N/A int as_audit_state; /* audit state */
2N/A /*
2N/A * data above this line is exported / imported
2N/A * To maintain upward compatibility, the above structures
2N/A * can't change, so for version 2, all changes will need
2N/A * to be added here and the old format (above) maintained.
2N/A */
2N/A
2N/A uint32_t as_have_user_data;
2N/A
2N/A uint32_t as_kernel_audit_policy;
2N/A int as_session_model;
2N/A adt_session_flags_t as_flags;
2N/A pid_t as_pid;
2N/A m_label_t *as_label; /* if is_system_labeled */
2N/A adt_translation_t **as_xlate;
2N/A void (*as_preload)(au_event_t, adt_event_data_t *);
2N/A};
2N/A
2N/A/*
2N/A * export data format
2N/A * version number changes when adt_internal_state's export portion
2N/A * changes.
2N/A */
2N/A#define PROTOCOL_VERSION_1 1
2N/A#define PROTOCOL_VERSION_2 2
2N/A
2N/A/*
2N/A * most recent version is at the top; down level consumers are
2N/A * expected to search down via "prev_offsetX" to a version they
2N/A * understand. "v1" is first, "v0" is used to illustrate correct
2N/A * order for future use.
2N/A */
2N/A
2N/Astruct adt_export_v2 {
2N/A int32_t ax_euid;
2N/A int32_t ax_ruid;
2N/A int32_t ax_egid;
2N/A int32_t ax_rgid;
2N/A int32_t ax_auid;
2N/A uint64_t ax_mask_success;
2N/A uint64_t ax_mask_failure;
2N/A uint32_t ax_port;
2N/A uint32_t ax_type;
2N/A uint32_t ax_addr[4];
2N/A uint32_t ax_asid;
2N/A int ax_audit_state;
2N/A pid_t ax_pid;
2N/A size32_t ax_label_len; /* 0, unlabeled */
2N/A/* char ax_label[ax_label_len]; if, is_system_labeled */
2N/A};
2N/Astruct adt_export_v1 {
2N/A int32_t ax_euid;
2N/A int32_t ax_ruid;
2N/A int32_t ax_egid;
2N/A int32_t ax_rgid;
2N/A int32_t ax_auid;
2N/A uint32_t ax_mask_success;
2N/A uint32_t ax_mask_failure;
2N/A uint32_t ax_port;
2N/A uint32_t ax_type;
2N/A uint32_t ax_addr[4];
2N/A uint32_t ax_asid;
2N/A int ax_audit_state;
2N/A uint32_t ax_size_of_tsol_data; /* zero for non-TSOL systems */
2N/A};
2N/Astruct export_link {
2N/A int32_t ax_version;
2N/A int32_t ax_offset;
2N/A};
2N/Astruct export_header {
2N/A uint32_t ax_check;
2N/A int32_t ax_buffer_length;
2N/A struct export_link ax_link;
2N/A};
2N/A
2N/Astruct adt_export_data {
2N/A struct export_header ax_header;
2N/A
2N/A struct adt_export_v2 ax_v2;
2N/A /*
2N/A * end of version 2 data
2N/A */
2N/A struct export_link ax_next_v1;
2N/A struct adt_export_v1 ax_v1;
2N/A /*
2N/A * end of version 1 data
2N/A * struct export_link ax_next_A;
2N/A * data for older version
2N/A * struct adt_export_v0 ax_v0;
2N/A */
2N/A struct export_link ax_last; /* terminator */
2N/A};
2N/A
2N/A/*
2N/A * struct entry defines rows in tables defined in adt_xlate.c
2N/A */
2N/A
2N/Astruct entry {
2N/A char en_token_id; /* token id */
2N/A int en_count_types; /* # of input fields for this token */
2N/A datadef *en_type_def; /* field type and size of each input */
2N/A struct entry *en_next_token; /* linked list pointer */
2N/A size_t en_offset; /* offset into structure for input */
2N/A int en_required; /* if 1, always output a token */
2N/A int en_tsol; /* if 1, reserved if for TX */
2N/A char *en_msg_format; /* pointer to sprintf format string */
2N/A};
2N/A
2N/Astruct translation {
2N/A int tx_offsetsCalculated; /* eponymous */
2N/A au_event_t tx_external_event; /* event id, external view */
2N/A au_event_t tx_internal_event; /* event id, internal view */
2N/A int tx_entries; /* array size of entry array */
2N/A struct entry *tx_first_entry; /* start of linked list */
2N/A struct entry *tx_top_entry; /* first array element */
2N/A};
2N/A
2N/Astruct token_jmp {
2N/A long jmp_id;
2N/A adt_token_func_t jmp_to;
2N/A};
2N/A
2N/Astruct msg_text {
2N/A int ml_min_index;
2N/A int ml_max_index;
2N/A char **ml_msg_list;
2N/A int ml_offset;
2N/A};
2N/A
2N/Aextern struct msg_text adt_msg_text[];
2N/A
2N/Aextern void adt_write_syslog(const char *, int);
2N/Aextern int adt_token_open(struct adt_event_state *);
2N/Aextern int adt_token_close(struct adt_event_state *);
2N/Aextern void adt_generate_token(struct entry *, void *,
2N/A struct adt_event_state *);
2N/Aextern void *adt_adjust_address(void *, size_t, size_t);
2N/A
2N/A#ifdef __cplusplus
2N/A}
2N/A#endif
2N/A
2N/A#endif /* _BSM_XLATE_H */