libbsm/common/audit_scf.h

2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A/*
2N/A * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A#ifndef _AUDIT_SCF_H
2N/A#define _AUDIT_SCF_H
2N/A
2N/A#ifdef  __cplusplus
2N/Aextern "C" {
2N/A#endif
2N/A
2N/A/*
2N/A * auditd smf(5)/libscf(3LIB) interface - set and display audit parameters
2N/A */
2N/A
2N/A#include <audit_plugin.h>
2N/A#include <bsm/libbsm.h>
2N/A#include <ctype.h>
2N/A#include <libintl.h>
2N/A#include <libscf_priv.h>
2N/A#include <remote.h>
2N/A#include <stdlib.h>
2N/A#include <strings.h>
2N/A#include <sys/varargs.h>
2N/A#include <ucontext.h>
2N/A#include <zone.h>
2N/A
2N/A/* gettext() obfuscation routine for lint */
2N/A#ifdef __lint
2N/A#define gettext(x)  x
2N/A#endif
2N/A
2N/A#ifndef DEBUG
2N/A#define DEBUG   0
2N/A#endif
2N/A
2N/A#if DEBUG
2N/AFILE    *dbfp;        /* debug file pointer */
2N/A#define DPRINT(x)   { if (dbfp == NULL) dbfp = __auditd_debug_file_open(); \
2N/A                if (dbfp != NULL) { \
2N/A                (void) fprintf(dbfp, "%u: ", pthread_self()); \
2N/A                (void) fprintf x; \
2N/A                (void) fflush(dbfp); \
2N/A                } \
2N/A            }
2N/A#else   /* ! DEBUG */
2N/A#define DPRINT(x)
2N/A#endif
2N/A
2N/A/* Audit subsystem service instances */
2N/A#define AUDITD_FMRI "svc:/system/auditd:default"
2N/A#define AUDITSET_FMRI   "svc:/system/auditset:default"
2N/A
2N/A/* (ASI) Audit service instance SCF handles - libscf(3LIB) */
2N/Astruct asi_scfhandle {
2N/A    scf_handle_t        *hndl;  /* base scf handle */
2N/A    scf_instance_t      *inst;  /* service instance handle */
2N/A    scf_propertygroup_t *pgrp;  /* property group handle */
2N/A    scf_property_t      *prop;  /* property handle */
2N/A};
2N/Atypedef struct asi_scfhandle asi_scfhandle_t;
2N/A
2N/Astruct asi_scfhandle_iter {
2N/A    scf_iter_t  *pgrp;      /* property group iter handle */
2N/A    scf_iter_t  *prop;      /* property iter handle */
2N/A    scf_value_t *prop_val;  /* property value */
2N/A};
2N/Atypedef struct asi_scfhandle_iter asi_scfhandle_iter_t;
2N/A
2N/Astruct asi_scfhandle_iter_prop {
2N/A    scf_iter_t  *prop;      /* multi-valued property iter handle */
2N/A    scf_value_t *prop_val;  /* iterated property value */
2N/A};
2N/Atypedef struct asi_scfhandle_iter_prop asi_scfhandle_iter_prop_t;
2N/A
2N/A/*
2N/A * (ASI) Audit service instance (svc:/system/auditd:default) related
2N/A * configuration parameters.
2N/A */
2N/A
2N/A#define PGRP_MAXATT 1024    /* max. pgrp attribute string length */
2N/A
2N/Astruct scf_pgrp_kva_node {
2N/A    struct scf_pgrp_kva_node    *next;
2N/A    struct scf_pgrp_kva_node    *prev;
2N/A    char                *pgrp_name;
2N/A    kva_t               *pgrp_kva;
2N/A};
2N/Atypedef struct scf_pgrp_kva_node scf_pgrp_kva_node_t;
2N/A
2N/A#define ASI_PGROUP_POLICY   "policy"
2N/Astruct policy_sw {
2N/A    char        *policy;
2N/A    boolean_t   flag;
2N/A};
2N/Atypedef struct policy_sw policy_sw_t;
2N/A
2N/A#define ASI_PGROUP_QUEUECTRL    "queuectrl"
2N/A#define QUEUECTRL_QBUFSZ    "qbufsz"
2N/A#define QUEUECTRL_QDELAY    "qdelay"
2N/A#define QUEUECTRL_QHIWATER  "qhiwater"
2N/A#define QUEUECTRL_QLOWATER  "qlowater"
2N/Astruct scf_qctrl {
2N/A    uint64_t    scf_qhiwater;
2N/A    uint64_t    scf_qlowater;
2N/A    uint64_t    scf_qbufsz;
2N/A    uint64_t    scf_qdelay;
2N/A};
2N/Atypedef struct scf_qctrl scf_qctrl_t;
2N/A
2N/A#define ASI_PGROUP_PRESELECTION "preselection"
2N/A#define PRESELECTION_FLAGS  "flags"
2N/A#define PRESELECTION_NAFLAGS    "naflags"
2N/A
2N/A/* auditd(1M) plugin related well known properties */
2N/A#define ASI_PGROUP_PLUGIN_TYPE  "plugin"
2N/A#define PLUGIN_ACTIVE       "active"    /* plugin state */
2N/A#define PLUGIN_PATH     "path"      /* plugin shared object */
2N/A#define PLUGIN_QSIZE        "qsize"     /* plugin queue size */
2N/A
2N/A#define PLUGIN_MAX      256     /* max. amount of plugins */
2N/A
2N/A/* (ARS) Audit remote server - connection group properties */
2N/A#define ASI_PGROUP_CGRP_TYPE    "audit_remote_server"
2N/A#define ASI_PGROUP_CGRP_PREFIX  "cgrp_"     /* connection group prefix */
2N/A#define ASI_PGROUP_CGRP_DEFAULT "default"   /* default connection group */
2N/A#define CGRP_ACTIVE     "active"
2N/A#define CGRP_HOSTS      "hosts"
2N/A#define CGRP_BINFILE_DIR    "binfile_dir"
2N/A#define CGRP_BINFILE_FSIZE  "binfile_fsize"
2N/A#define CGRP_BINFILE_MINFREE    "binfile_minfree"
2N/A
2N/A#define CGRP_ACTIVE_DEFAULT     B_FALSE
2N/A#define CGRP_HOSTS_DEFAULT      ""
2N/A#define CGRP_BINFILE_DIR_DEFAULT    "/var/audit"
2N/A#define CGRP_BINFILE_FSIZE_DEFAULT  "0"
2N/A#define CGRP_BINFILE_MINFREE_DEFAULT    1
2N/A
2N/A#define CGRP_MAX        256 /* max. amount of connection groups */
2N/Astruct scf_cgrp {
2N/A    boolean_t   scf_active;
2N/A    char        *scf_hosts;
2N/A    char        *scf_binfile_dir;
2N/A    char        *scf_binfile_fsize;
2N/A    uint64_t    scf_binfile_minfree;
2N/A};
2N/Atypedef struct scf_cgrp scf_cgrp_t;
2N/A
2N/A/* (ARS) Audit remote server - server properties */
2N/A#define ASI_PGROUP_ARS      "audit_remote_server"
2N/A#define ARS_ACTIVE      "active"
2N/A#define ARS_LOGIN_GRACE_TIME    "login_grace_time"
2N/A#define ARS_MAX_STARTUPS    "max_startups"
2N/A#define ARS_LISTEN_ADDRESS  "listen_address"
2N/A#define ARS_LISTEN_PORT     "listen_port"
2N/A
2N/A#define ARS_PORT_DEFAULT    0
2N/A
2N/Astruct scf_ars {
2N/A    boolean_t   scf_active;
2N/A    uint64_t    scf_login_grace_time;
2N/A    char        *scf_max_startups;
2N/A    char        *scf_listen_address;
2N/A    uint64_t    scf_listen_port;
2N/A};
2N/Atypedef struct scf_ars scf_ars_t;
2N/A
2N/A/* MAX_PROPVECS max of usable scf_propvec_t in prop_vect[] */
2N/A#define MAX_PROPVECS    32
2N/A
2N/Aboolean_t do_createcgrp_scf(char *);
2N/Aboolean_t do_destroypgrp_scf(char *);
2N/Aboolean_t do_getflags_scf(char **);
2N/Aboolean_t do_getnaflags_scf(char **);
2N/Aboolean_t do_getpgrp_scf(char *, char *, scf_pgrp_kva_node_t **);
2N/Aboolean_t do_getpolicy_scf(uint32_t *);
2N/Aboolean_t do_getqbufsz_scf(size_t *);
2N/Aboolean_t do_getqctrl_scf(struct au_qctrl *);
2N/Aboolean_t do_getqdelay_scf(clock_t *);
2N/Aboolean_t do_getqhiwater_scf(size_t *);
2N/Aboolean_t do_getqlowater_scf(size_t *);
2N/Aboolean_t do_getars_scf(ars_config_t *);
2N/Aboolean_t do_setflags_scf(char *);
2N/Aboolean_t do_setnaflags_scf(char *);
2N/Aboolean_t do_setpgrp_scf(char *, char *, char *);
2N/Aboolean_t do_setpolicy_scf(uint32_t);
2N/Aboolean_t do_setqbufsz_scf(size_t *);
2N/Aboolean_t do_setqctrl_scf(struct au_qctrl *);
2N/Aboolean_t do_setqdelay_scf(clock_t *);
2N/Aboolean_t do_setqhiwater_scf(size_t *);
2N/Aboolean_t do_setqlowater_scf(size_t *);
2N/Aboolean_t get_laudit_cfg_state(void);
2N/Auint32_t get_policy(char *);
2N/Aboolean_t get_raudit_cfg_state(void);
2N/Aboolean_t pgrp_avail_scf(const char *);
2N/Aint pgrp_ctr_scf(const char *);
2N/Avoid pgrp_kva_ll_free(scf_pgrp_kva_node_t *);
2N/Avoid prt_error_va(char *, va_list);
2N/A
2N/A#ifdef  __cplusplus
2N/A}
2N/A#endif
2N/A
2N/A#endif  /* _AUDIT_SCF_H */