author | jpk |
Fri, 24 Mar 2006 12:29:20 -0800 | |
changeset 1676 | 37f4a3e2bd99 |
parent 1641 | 92e02eae5600 |
child 2835 | f945d5cf0676 |
permissions | -rw-r--r-- |
0 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
1641
92e02eae5600
6385197 libbsm:adt_set_proc() is unable to assign an unaudited context to a process
paulson
parents:
0
diff
changeset
|
5 |
* Common Development and Distribution License (the "License"). |
92e02eae5600
6385197 libbsm:adt_set_proc() is unable to assign an unaudited context to a process
paulson
parents:
0
diff
changeset
|
6 |
* You may not use this file except in compliance with the License. |
0 | 7 |
* |
8 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 |
* or http://www.opensolaris.org/os/licensing. |
|
10 |
* See the License for the specific language governing permissions |
|
11 |
* and limitations under the License. |
|
12 |
* |
|
13 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
14 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 |
* If applicable, add the following below this CDDL HEADER, with the |
|
16 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
17 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 |
* |
|
19 |
* CDDL HEADER END |
|
20 |
*/ |
|
21 |
/* |
|
22 |
* adt_xlate.h |
|
23 |
* |
|
1641
92e02eae5600
6385197 libbsm:adt_set_proc() is unable to assign an unaudited context to a process
paulson
parents:
0
diff
changeset
|
24 |
* Copyright 2006 Sun Microsystems, Inc. All rights reserved. |
0 | 25 |
* Use is subject to license terms. |
26 |
* |
|
27 |
*/ |
|
28 |
||
29 |
#ifndef _BSM_XLATE_H |
|
30 |
#define _BSM_XLATE_H |
|
31 |
||
32 |
#pragma ident "%Z%%M% %I% %E% SMI" |
|
33 |
||
34 |
#include <bsm/libbsm.h> |
|
35 |
#include <priv.h> |
|
36 |
#include <bsm/adt_event.h> |
|
37 |
||
38 |
#ifdef __cplusplus |
|
39 |
extern "C" { |
|
40 |
#endif |
|
41 |
||
42 |
#ifndef TEXT_DOMAIN |
|
43 |
#define TEXT_DOMAIN "SYS_TEST" |
|
44 |
#endif |
|
45 |
||
46 |
/* |
|
47 |
* values for adt_session_model |
|
48 |
* In the session model, the session and process are unrelated, so |
|
49 |
* such things as the supplementary group token make no sense. In |
|
50 |
* the process model, the process and session are the same. |
|
51 |
*/ |
|
52 |
#define ADT_SESSION_MODEL 1 |
|
53 |
#define ADT_PROCESS_MODEL 0 |
|
54 |
||
55 |
#define ADT_HAVE_MASK 0x01 |
|
56 |
#define ADT_HAVE_TID 0x02 |
|
57 |
#define ADT_HAVE_AUID 0x04 |
|
58 |
#define ADT_HAVE_ASID 0x08 |
|
1641
92e02eae5600
6385197 libbsm:adt_set_proc() is unable to assign an unaudited context to a process
paulson
parents:
0
diff
changeset
|
59 |
#define ADT_HAVE_IDS 0x10 |
0 | 60 |
#define ADT_HAVE_ALL (uint32_t)\ |
61 |
(ADT_HAVE_MASK | ADT_HAVE_TID | ADT_HAVE_AUID | ADT_HAVE_ASID |\ |
|
62 |
ADT_HAVE_IDS) |
|
63 |
||
64 |
/* |
|
65 |
* dummy token types for privilege |
|
66 |
*/ |
|
67 |
#define ADT_AUT_PRIV_L -100 /* limit set */ |
|
68 |
#define ADT_AUT_PRIV_I -101 /* inherited set */ |
|
69 |
#define ADT_AUT_PRIV_E -102 /* effective set */ |
|
70 |
/* dummy token type for alternate command */ |
|
71 |
#define ADT_CMD_ALT -103 |
|
72 |
||
73 |
enum adt_generic {ADT_GENERIC}; /* base for text enums */ |
|
74 |
||
75 |
typedef struct adt_internal_state adt_internal_state_t; |
|
76 |
||
77 |
union union_of_events { |
|
78 |
union adt_event_data d0; |
|
79 |
}; |
|
80 |
enum adt_msg_list { |
|
81 |
ADT_LIST_FAIL_PAM, |
|
82 |
ADT_LIST_FAIL_VALUE, |
|
83 |
ADT_LIST_LOGIN_TEXT}; |
|
84 |
||
85 |
enum datatype {ADT_UNDEFINED = 0, |
|
86 |
ADT_DATE, |
|
87 |
ADT_MSG, |
|
88 |
ADT_UINT, |
|
89 |
ADT_INT, |
|
90 |
ADT_INT32, |
|
91 |
ADT_UINT16, |
|
92 |
ADT_UINT32, |
|
93 |
ADT_UINT32STAR, |
|
94 |
ADT_UINT32ARRAY, |
|
95 |
ADT_UID, |
|
96 |
ADT_GID, |
|
97 |
ADT_UIDSTAR, |
|
98 |
ADT_GIDSTAR, |
|
99 |
ADT_UINT64, |
|
100 |
ADT_LONG, |
|
101 |
ADT_ULONG, |
|
102 |
ADT_CHAR, |
|
103 |
ADT_CHARSTAR, |
|
104 |
ADT_CHAR2STAR, /* char ** */ |
|
105 |
ADT_PID, |
|
106 |
ADT_PRIVSTAR, |
|
107 |
ADT_TERMIDSTAR |
|
108 |
}; |
|
109 |
typedef enum datatype datatype_t; |
|
110 |
||
111 |
union convert { |
|
112 |
enum adt_generic msg_selector; |
|
113 |
boolean_t tbool; |
|
114 |
uint_t tuint; |
|
115 |
int tint; |
|
116 |
int32_t tint32; |
|
117 |
uint16_t tuint16; |
|
118 |
uint32_t tuint32; |
|
119 |
uint64_t tuint64; |
|
120 |
int32_t *tint32star; |
|
121 |
uint32_t *tuint32star; |
|
122 |
uid_t tuid; |
|
123 |
gid_t tgid; |
|
124 |
uid_t *tuidstar; |
|
125 |
gid_t *tgidstar; |
|
126 |
pid_t tpid; |
|
127 |
long tlong; |
|
128 |
ulong_t tulong; |
|
129 |
char tchar; |
|
130 |
char *tcharstar; |
|
131 |
char **tchar2star; |
|
132 |
au_tid_addr_t *ttermid; |
|
133 |
priv_set_t *tprivstar; |
|
134 |
}; |
|
135 |
||
136 |
struct adt_event_state { |
|
137 |
union union_of_events ae_event_data; |
|
138 |
||
139 |
/* above is user's area; below is internal. Order matters */ |
|
140 |
||
141 |
uint_t ae_check; /* see adt_internal_state */ |
|
142 |
int ae_event_handle; |
|
143 |
au_event_t ae_event_id; /* external id */ |
|
144 |
au_event_t ae_internal_id; /* translated */ |
|
145 |
int ae_rc; /* exit token rc */ |
|
146 |
int ae_type; /* exit error type */ |
|
147 |
struct adt_internal_state *ae_session; |
|
148 |
}; |
|
149 |
||
150 |
struct datadefs { |
|
151 |
datatype_t dd_datatype; /* input data type */ |
|
152 |
size_t dd_input_size; /* input data size */ |
|
153 |
}; |
|
154 |
typedef struct datadefs datadef; |
|
155 |
||
156 |
typedef void (* adt_token_func_t)(datadef *, void *, int, |
|
157 |
struct adt_event_state *, char *); |
|
158 |
||
159 |
typedef char *(* adt_msg_func_t)(enum adt_generic); |
|
160 |
||
161 |
#define ADT_VALID 0xAAAA5555 |
|
162 |
||
163 |
struct adt_internal_state { |
|
164 |
uint32_t as_check; /* == ADT_VALID when created, */ |
|
165 |
/* == zero when freed */ |
|
166 |
uid_t as_euid; |
|
167 |
uid_t as_ruid; |
|
168 |
gid_t as_egid; |
|
169 |
gid_t as_rgid; |
|
170 |
||
171 |
struct auditinfo_addr as_info; |
|
172 |
/* |
|
173 |
* ai_auid audit id |
|
174 |
* ai_mask.am_success pre-selection mask |
|
175 |
* ai_mask.am_failure |
|
176 |
* ai_termid .at_port terminal id |
|
177 |
* .at_type |
|
178 |
* .ai_termid.at_addr[0] |
|
179 |
* .ai_termid.at_addr[1] |
|
180 |
* .ai_termid.at_addr[2] |
|
181 |
* .ai_termid.at_addr[3] |
|
182 |
* ai_asid session id |
|
183 |
*/ |
|
184 |
int as_audit_enabled; /* audit enable/disable state */ |
|
185 |
/* |
|
186 |
* data above this line is exported / imported |
|
187 |
* To maintain upward compatibility, the above structures |
|
188 |
* can't change, so for version 2, all changes will need |
|
189 |
* to be added here and the old format (above) maintained. |
|
190 |
*/ |
|
191 |
||
192 |
uint32_t as_have_user_data; |
|
193 |
||
194 |
int as_kernel_audit_policy; |
|
195 |
int as_session_model; |
|
196 |
adt_session_flags_t as_flags; |
|
197 |
}; |
|
198 |
||
199 |
/* |
|
200 |
* export data format |
|
201 |
* version number changes when adt_internal_state's export portion |
|
202 |
* changes. |
|
203 |
*/ |
|
204 |
#define PROTOCOL_VERSION 1 |
|
205 |
||
206 |
/* |
|
207 |
* most recent version is at the top; down level consumers are |
|
208 |
* expected to search down via "prev_offsetX" to a version they |
|
209 |
* understand. "v1" is first, "v0" is used to illustrate correct |
|
210 |
* order for future use. |
|
211 |
*/ |
|
212 |
||
213 |
struct adt_export_v1 { |
|
214 |
int32_t ax_euid; |
|
215 |
int32_t ax_ruid; |
|
216 |
int32_t ax_egid; |
|
217 |
int32_t ax_rgid; |
|
218 |
int32_t ax_auid; |
|
219 |
uint32_t ax_mask_success; |
|
220 |
uint32_t ax_mask_failure; |
|
221 |
uint32_t ax_port; |
|
222 |
uint32_t ax_type; |
|
223 |
uint32_t ax_addr[4]; |
|
224 |
uint32_t ax_asid; |
|
225 |
int ax_audit_enabled; |
|
226 |
uint32_t ax_size_of_tsol_data; /* zero for non-TSOL systems */ |
|
227 |
}; |
|
228 |
struct export_link { |
|
229 |
int32_t ax_version; |
|
230 |
int32_t ax_offset; |
|
231 |
}; |
|
232 |
struct export_header { |
|
233 |
uint32_t ax_check; |
|
234 |
int32_t ax_buffer_length; |
|
235 |
struct export_link ax_link; |
|
236 |
}; |
|
237 |
||
238 |
struct adt_export_data { |
|
239 |
struct export_header ax_header; |
|
240 |
||
241 |
struct adt_export_v1 ax_v1; |
|
242 |
/* |
|
243 |
* end of version 1 data |
|
244 |
* struct export_link ax_next_A; |
|
245 |
* data for older version |
|
246 |
* struct adt_export_v0 ax_v0; |
|
247 |
*/ |
|
248 |
struct export_link ax_last; /* terminator */ |
|
249 |
}; |
|
250 |
||
251 |
/* |
|
252 |
* struct entry defines rows in tables defined in adt_xlate.c |
|
253 |
*/ |
|
254 |
||
255 |
struct entry { |
|
256 |
char en_token_id; /* token id */ |
|
257 |
int en_count_types; /* # of input fields for this token */ |
|
258 |
datadef *en_type_def; /* field type and size of each input */ |
|
259 |
struct entry *en_next_token; /* linked list pointer */ |
|
260 |
size_t en_offset; /* offset into structure for input */ |
|
261 |
int en_required; /* if 1, always output a token */ |
|
262 |
int en_tsol; /* if 1, output only #ifdef TSOL */ |
|
263 |
char *en_msg_format; /* pointer to sprintf format string */ |
|
264 |
}; |
|
265 |
||
266 |
struct translation { |
|
267 |
int tx_offsetsCalculated; /* eponymous */ |
|
268 |
au_event_t tx_external_event; /* event id, external view */ |
|
269 |
au_event_t tx_internal_event; /* event id, internal view */ |
|
270 |
int tx_entries; /* array size of entry array */ |
|
271 |
struct entry *tx_first_entry; /* start of linked list */ |
|
272 |
struct entry *tx_top_entry; /* first array element */ |
|
273 |
}; |
|
274 |
||
275 |
extern struct translation *xlate_table[]; |
|
276 |
||
277 |
struct token_jmp { |
|
278 |
long jmp_id; |
|
279 |
adt_token_func_t jmp_to; |
|
280 |
}; |
|
281 |
||
282 |
struct msg_text { |
|
283 |
int ml_min_index; |
|
284 |
int ml_max_index; |
|
285 |
char **ml_msg_list; |
|
286 |
int ml_offset; |
|
287 |
}; |
|
288 |
||
289 |
extern void adt_write_syslog(const char *, int); |
|
290 |
extern void adt_token_open(struct adt_event_state *); |
|
291 |
extern void adt_token_close(struct adt_event_state *); |
|
292 |
extern void adt_generate_token(struct entry *, void *, |
|
293 |
struct adt_event_state *); |
|
294 |
extern void *adt_adjust_address(void *, size_t, size_t); |
|
295 |
extern void adt_preload(au_event_t, adt_event_data_t *); |
|
296 |
||
297 |
extern struct msg_text adt_msg_text[]; |
|
298 |
||
299 |
#ifdef __cplusplus |
|
300 |
} |
|
301 |
#endif |
|
302 |
||
303 |
#endif /* _BSM_XLATE_H */ |