1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _AUDITRT_H 27 #define _AUDITRT_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 /* 36 * Auditreduce data structures. 37 */ 38 39 /* 40 * File Control Block 41 * Controls a single file. 42 * These are held by the pcb's in audit_pcbs[] in a linked list. 43 * There is one fcb for each file controlled by the pcb, 44 * and all of the files in a list have the same suffix in their names. 45 */ 46 struct audit_fcb { 47 struct audit_fcb *fcb_next; /* ptr to next fcb in list */ 48 int fcb_flags; /* flags - see below */ 49 time_t fcb_start; /* start time from filename */ 50 time_t fcb_end; /* end time from filename */ 51 char *fcb_suffix; /* ptr to suffix in fcb_file */ 52 char *fcb_name; /* ptr to name in fcb_file */ 53 char fcb_file[1]; /* full path and name string */ 54 }; 55 56 typedef struct audit_fcb audit_fcb_t; 57 58 /* 59 * Flags for fcb_flags. 60 */ 61 #define FF_NOTTERM 0x01 /* file is "not_terminated" */ 62 #define FF_DELETE 0x02 /* we may delete this file if requested */ 63 64 /* 65 * Process Control Block 66 * A pcb comes in two types: 67 * It controls either: 68 * 69 * 1. A single group of pcbs (processes that are lower on the process tree). 70 * These are the pcb's that the process tree is built from. 71 * These are allocated as needed while the process tree is being built. 72 * 73 * 2. A single group of files (fcbs). 74 * All of the files in one pcb have the same suffix in their filename. 75 * They are controlled by the leaf nodes of the process tree. 76 * They are found in audit_pcbs[]. 77 * They are initially setup by process_fileopt() when the files to be 78 * processes are gathered together. Then they are parsed out to 79 * the leaf nodes by mfork(). 80 * A particular leaf node's range of audit_pcbs[] is determined 81 * in the call to mfork() by the lo and hi paramters. 82 */ 83 struct audit_pcb { 84 struct audit_pcb *pcb_below; /* ptr to group of pcb's */ 85 struct audit_pcb *pcb_next; /* ptr to next - for list in mproc() */ 86 int pcb_procno; /* subprocess # */ 87 int pcb_nrecs; /* how many records read (current pcb/file) */ 88 int pcb_nprecs; /* how many records put (current pcb/file) */ 89 int pcb_flags; /* flags - see below */ 90 int pcb_count; /* count of active pcb's */ 91 int pcb_lo; /* low index for pcb's */ 92 int pcb_hi; /* hi index for pcb's */ 93 int pcb_size; /* size of current record buffer */ 94 time_t pcb_time; /* time of current record */ 95 time_t pcb_otime; /* time of previous record */ 96 char *pcb_rec; /* ptr to current record buffer */ 97 char *pcb_suffix; /* ptr to suffix name (string) */ 98 audit_fcb_t *pcb_first; /* ptr to first fcb_ */ 99 audit_fcb_t *pcb_last; /* ptr to last fcb_ */ 100 audit_fcb_t *pcb_cur; /* ptr to current fcb_ */ 101 audit_fcb_t *pcb_dfirst; /* ptr to first fcb_ for deleting */ 102 audit_fcb_t *pcb_dlast; /* ptr to last fcb_ for deleting */ 103 FILE *pcb_fpr; /* read stream */ 104 FILE *pcb_fpw; /* write stream */ 105 }; 106 107 typedef struct audit_pcb audit_pcb_t; 108 109 /* 110 * Flags for pcb_flags 111 */ 112 #define PF_ROOT 0x01 /* current pcb is the root of process tree */ 113 #define PF_LEAF 0x02 /* current pcb is a leaf of process tree */ 114 #define PF_FILE 0x04 /* current pcb uses files as input, not pipes */ 115 116 /* 117 * Message selection options 118 */ 119 #define M_AFTER 0x0001 /* 'a' after a time */ 120 #define M_BEFORE 0x0002 /* 'b' before a time */ 121 #define M_CLASS 0x0004 /* 'c' event class */ 122 #define M_GROUPE 0x0008 /* 'f' effective group-id */ 123 #define M_GROUPR 0x0010 /* 'g' real group-id */ 124 #define M_OBJECT 0x0020 /* 'o' object */ 125 #define M_SUBJECT 0x0040 /* 'j' subject */ 126 #define M_TYPE 0x0080 /* 'm' event type */ 127 #define M_USERA 0x0100 /* 'u' audit user */ 128 #define M_USERE 0x0200 /* 'e' effective user */ 129 #define M_USERR 0x0400 /* 'r' real user */ 130 #define M_LABEL 0x0800 /* 'l' mandatory label range */ 131 #define M_ZONENAME 0x1000 /* 'z' zone name */ 132 #define M_SID 0x2000 /* 's' session ID */ 133 #define M_SORF 0x4000 /* success or failure of event */ 134 #define M_TID 0x8000 /* 't' terminal ID */ 135 /* 136 * object types 137 */ 138 139 /* XXX Why is this a bit map? There can be only one M_OBJECT. */ 140 141 #define OBJ_LP 0x00001 /* 'o' lp object */ 142 #define OBJ_MSG 0x00002 /* 'o' msgq object */ 143 #define OBJ_PATH 0x00004 /* 'o' file system object */ 144 #define OBJ_PROC 0x00008 /* 'o' process object */ 145 #define OBJ_SEM 0x00010 /* 'o' semaphore object */ 146 #define OBJ_SHM 0x00020 /* 'o' shared memory object */ 147 #define OBJ_SOCK 0x00040 /* 'o' socket object */ 148 #define OBJ_FGROUP 0x00080 /* 'o' file group */ 149 #define OBJ_FOWNER 0x00100 /* 'o' file owner */ 150 #define OBJ_MSGGROUP 0x00200 /* 'o' msgq [c]group */ 151 #define OBJ_MSGOWNER 0x00400 /* 'o' msgq [c]owner */ 152 #define OBJ_PGROUP 0x00800 /* 'o' process [e]group */ 153 #define OBJ_POWNER 0x01000 /* 'o' process [e]owner */ 154 #define OBJ_SEMGROUP 0x02000 /* 'o' semaphore [c]group */ 155 #define OBJ_SEMOWNER 0x04000 /* 'o' semaphore [c]owner */ 156 #define OBJ_SHMGROUP 0x08000 /* 'o' shared memory [c]group */ 157 #define OBJ_SHMOWNER 0x10000 /* 'o' shared memory [c]owner */ 158 #define OBJ_FMRI 0x20000 /* 'o' fmri object */ 159 160 #define SOCKFLG_MACHINE 0 /* search socket token by machine name */ 161 #define SOCKFLG_PORT 1 /* search socket token by port number */ 162 163 /* 164 * Global variables 165 */ 166 extern unsigned short m_type; /* 'm' message type */ 167 extern gid_t m_groupr; /* 'g' real group-id */ 168 extern gid_t m_groupe; /* 'f' effective group-id */ 169 extern uid_t m_usera; /* 'u' audit user */ 170 extern uid_t m_userr; /* 'r' real user */ 171 extern uid_t m_usere; /* 'f' effective user */ 172 extern au_asid_t m_sid; /* 's' session-id */ 173 extern time_t m_after; /* 'a' after a time */ 174 extern time_t m_before; /* 'b' before a time */ 175 extern audit_state_t mask; /* used with m_class */ 176 extern char *zonename; /* 'z' zonename */ 177 178 extern m_range_t *m_label; /* 'l' mandatory label range */ 179 extern int flags; 180 extern int checkflags; 181 extern int socket_flag; 182 extern int ip_type; 183 extern int ip_ipv6[4]; /* ip ipv6 object identifier */ 184 extern int obj_flag; /* 'o' object type */ 185 extern int obj_id; /* object identifier */ 186 extern gid_t obj_group; /* object group */ 187 extern uid_t obj_owner; /* object owner */ 188 extern int subj_id; /* subject identifier */ 189 extern char ipc_type; /* 'o' object type - tell what type of IPC */ 190 extern scf_pattern_t fmri; /* 'o' fmri value */ 191 192 /* 193 * File selection options 194 */ 195 extern char *f_machine; /* 'M' machine (suffix) type */ 196 extern char *f_root; /* 'R' audit root */ 197 extern char *f_server; /* 'S' server */ 198 extern char *f_outfile; /* 'W' output file */ 199 extern int f_all; /* 'A' all records from a file */ 200 extern int f_complete; /* 'C' only completed files */ 201 extern int f_delete; /* 'D' delete when done */ 202 extern int f_quiet; /* 'Q' sshhhh! */ 203 extern int f_verbose; /* 'V' verbose */ 204 extern int f_stdin; /* '-' read from stdin */ 205 extern int f_cmdline; /* files specified on the command line */ 206 extern int new_mode; /* 'N' new object selection mode */ 207 208 /* 209 * Error reporting 210 * Error_str is set whenever an error occurs to point to a string describing 211 * the error. When the error message is printed error_str is also 212 * printed to describe exactly what went wrong. 213 * Errbuf is used to build messages with variables in them. 214 */ 215 extern char *error_str; /* current error message */ 216 extern char errbuf[]; /* buffer for building error message */ 217 extern char *ar; /* => "auditreduce:" */ 218 219 /* 220 * Control blocks 221 * Audit_pcbs[] is an array of pcbs that control files directly. 222 * In the program's initialization phase it will gather all of the input 223 * files it needs to process. Each file will have one fcb allocated for it, 224 * and each fcb will belong to one pcb from audit_pcbs[]. All of the files 225 * in a single pcb will have the same suffix in their filenames. If the 226 * number of active pcbs in audit_pcbs[] is greater that the number of open 227 * files a single process can have then the program will need to fork 228 * subprocesses to handle all of the files. 229 */ 230 extern audit_pcb_t *audit_pcbs; /* file-holding pcb's */ 231 extern int pcbsize; /* current size of audit_pcbs[] */ 232 extern int pcbnum; /* total # of active pcbs in audit_pcbs[] */ 233 234 /* 235 * Time values 236 */ 237 extern time_t f_start; /* time of start rec for outfile */ 238 extern time_t f_end; /* time of end rec for outfile */ 239 extern time_t time_now; /* time program began */ 240 241 /* 242 * Counting vars 243 */ 244 extern int filenum; /* number of files total */ 245 246 /* 247 * Global variable, class of current record being processed. 248 */ 249 extern int global_class; 250 251 #ifdef __cplusplus 252 } 253 #endif 254 255 #endif /* _AUDITRT_H */ 256
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.