libbsm/common/audit_scf.h

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
 */

#ifndef _AUDIT_SCF_H
#define _AUDIT_SCF_H

#ifdef  __cplusplus
extern "C" {
#endif

/*
 * auditd smf(5)/libscf(3LIB) interface - set and display audit parameters
 */

#include <audit_plugin.h>
#include <bsm/libbsm.h>
#include <ctype.h>
#include <libintl.h>
#include <libscf_priv.h>
#include <remote.h>
#include <stdlib.h>
#include <strings.h>
#include <sys/varargs.h>
#include <ucontext.h>
#include <zone.h>

/* gettext() obfuscation routine for lint */
#ifdef __lint
#define gettext(x)  x
#endif

#ifndef DEBUG
#define DEBUG   0
#endif

#if DEBUG
FILE    *dbfp;        /* debug file pointer */
#define DPRINT(x)   { if (dbfp == NULL) dbfp = __auditd_debug_file_open(); \
                if (dbfp != NULL) { \
                (void) fprintf(dbfp, "%u: ", pthread_self()); \
                (void) fprintf x; \
                (void) fflush(dbfp); \
                } \
            }
#else   /* ! DEBUG */
#define DPRINT(x)
#endif

/* Audit subsystem service instances */
#define AUDITD_FMRI "svc:/system/auditd:default"
#define AUDITSET_FMRI   "svc:/system/auditset:default"

/* (ASI) Audit service instance SCF handles - libscf(3LIB) */
struct asi_scfhandle {
    scf_handle_t        *hndl;  /* base scf handle */
    scf_instance_t      *inst;  /* service instance handle */
    scf_propertygroup_t *pgrp;  /* property group handle */
    scf_property_t      *prop;  /* property handle */
};
typedef struct asi_scfhandle asi_scfhandle_t;

struct asi_scfhandle_iter {
    scf_iter_t  *pgrp;      /* property group iter handle */
    scf_iter_t  *prop;      /* property iter handle */
    scf_value_t *prop_val;  /* property value */
};
typedef struct asi_scfhandle_iter asi_scfhandle_iter_t;

struct asi_scfhandle_iter_prop {
    scf_iter_t  *prop;      /* multi-valued property iter handle */
    scf_value_t *prop_val;  /* iterated property value */
};
typedef struct asi_scfhandle_iter_prop asi_scfhandle_iter_prop_t;

/*
 * (ASI) Audit service instance (svc:/system/auditd:default) related
 * configuration parameters.
 */

#define PGRP_MAXATT 1024    /* max. pgrp attribute string length */

struct scf_pgrp_kva_node {
    struct scf_pgrp_kva_node    *next;
    struct scf_pgrp_kva_node    *prev;
    char                *pgrp_name;
    kva_t               *pgrp_kva;
};
typedef struct scf_pgrp_kva_node scf_pgrp_kva_node_t;

#define ASI_PGROUP_POLICY   "policy"
struct policy_sw {
    char        *policy;
    boolean_t   flag;
};
typedef struct policy_sw policy_sw_t;

#define ASI_PGROUP_QUEUECTRL    "queuectrl"
#define QUEUECTRL_QBUFSZ    "qbufsz"
#define QUEUECTRL_QDELAY    "qdelay"
#define QUEUECTRL_QHIWATER  "qhiwater"
#define QUEUECTRL_QLOWATER  "qlowater"
struct scf_qctrl {
    uint64_t    scf_qhiwater;
    uint64_t    scf_qlowater;
    uint64_t    scf_qbufsz;
    uint64_t    scf_qdelay;
};
typedef struct scf_qctrl scf_qctrl_t;

#define ASI_PGROUP_PRESELECTION "preselection"
#define PRESELECTION_FLAGS  "flags"
#define PRESELECTION_NAFLAGS    "naflags"

/* auditd(1M) plugin related well known properties */
#define ASI_PGROUP_PLUGIN_TYPE  "plugin"
#define PLUGIN_ACTIVE       "active"    /* plugin state */
#define PLUGIN_PATH     "path"      /* plugin shared object */
#define PLUGIN_QSIZE        "qsize"     /* plugin queue size */

#define PLUGIN_MAX      256     /* max. amount of plugins */

/* (ARS) Audit remote server - connection group properties */
#define ASI_PGROUP_CGRP_TYPE    "audit_remote_server"
#define ASI_PGROUP_CGRP_PREFIX  "cgrp_"     /* connection group prefix */
#define ASI_PGROUP_CGRP_DEFAULT "default"   /* default connection group */
#define CGRP_ACTIVE     "active"
#define CGRP_HOSTS      "hosts"
#define CGRP_BINFILE_DIR    "binfile_dir"
#define CGRP_BINFILE_FSIZE  "binfile_fsize"
#define CGRP_BINFILE_MINFREE    "binfile_minfree"

#define CGRP_ACTIVE_DEFAULT     B_FALSE
#define CGRP_HOSTS_DEFAULT      ""
#define CGRP_BINFILE_DIR_DEFAULT    "/var/audit"
#define CGRP_BINFILE_FSIZE_DEFAULT  "0"
#define CGRP_BINFILE_MINFREE_DEFAULT    1

#define CGRP_MAX        256 /* max. amount of connection groups */
struct scf_cgrp {
    boolean_t   scf_active;
    char        *scf_hosts;
    char        *scf_binfile_dir;
    char        *scf_binfile_fsize;
    uint64_t    scf_binfile_minfree;
};
typedef struct scf_cgrp scf_cgrp_t;

/* (ARS) Audit remote server - server properties */
#define ASI_PGROUP_ARS      "audit_remote_server"
#define ARS_ACTIVE      "active"
#define ARS_LOGIN_GRACE_TIME    "login_grace_time"
#define ARS_MAX_STARTUPS    "max_startups"
#define ARS_LISTEN_ADDRESS  "listen_address"
#define ARS_LISTEN_PORT     "listen_port"

#define ARS_PORT_DEFAULT    0

struct scf_ars {
    boolean_t   scf_active;
    uint64_t    scf_login_grace_time;
    char        *scf_max_startups;
    char        *scf_listen_address;
    uint64_t    scf_listen_port;
};
typedef struct scf_ars scf_ars_t;

/* MAX_PROPVECS max of usable scf_propvec_t in prop_vect[] */
#define MAX_PROPVECS    32

boolean_t do_createcgrp_scf(char *);
boolean_t do_destroypgrp_scf(char *);
boolean_t do_getflags_scf(char **);
boolean_t do_getnaflags_scf(char **);
boolean_t do_getpgrp_scf(char *, char *, scf_pgrp_kva_node_t **);
boolean_t do_getpolicy_scf(uint32_t *);
boolean_t do_getqbufsz_scf(size_t *);
boolean_t do_getqctrl_scf(struct au_qctrl *);
boolean_t do_getqdelay_scf(clock_t *);
boolean_t do_getqhiwater_scf(size_t *);
boolean_t do_getqlowater_scf(size_t *);
boolean_t do_getars_scf(ars_config_t *);
boolean_t do_setflags_scf(char *);
boolean_t do_setnaflags_scf(char *);
boolean_t do_setpgrp_scf(char *, char *, char *);
boolean_t do_setpolicy_scf(uint32_t);
boolean_t do_setqbufsz_scf(size_t *);
boolean_t do_setqctrl_scf(struct au_qctrl *);
boolean_t do_setqdelay_scf(clock_t *);
boolean_t do_setqhiwater_scf(size_t *);
boolean_t do_setqlowater_scf(size_t *);
boolean_t get_laudit_cfg_state(void);
uint32_t get_policy(char *);
boolean_t get_raudit_cfg_state(void);
boolean_t pgrp_avail_scf(const char *);
int pgrp_ctr_scf(const char *);
void pgrp_kva_ll_free(scf_pgrp_kva_node_t *);
void prt_error_va(char *, va_list);

#ifdef  __cplusplus
}
#endif

#endif  /* _AUDIT_SCF_H */