1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _BSM_AUDIT_RECORD_H 27 #define _BSM_AUDIT_RECORD_H 28 29 30 #ifdef _KERNEL 31 #include <sys/priv.h> 32 #else 33 #include <priv.h> 34 #endif 35 #include <sys/socket.h> 36 #include <sys/acl.h> 37 38 #include <sys/tsol/label.h> 39 40 #ifdef __cplusplus 41 extern "C" { 42 #endif 43 44 /* 45 * Version of audit attributes 46 * 47 * OS Release Version Number Comments 48 * ========== ============== ======== 49 * SunOS 5.1 2 Unbundled Package 50 * SunOS 5.3 2 Bundled into the base OS 51 * SunOS 5.4-5.x 2 52 * Trusted Solaris 2.5 3 To distinguish potential new tokens 53 * Trusted Solaris 7-8 4 Redefine X tokens that overlap with 54 * SunOS 5.7 55 */ 56 57 #define TOKEN_VERSION 2 58 59 /* 60 * Audit record token type codes 61 */ 62 63 /* 64 * Control token types 65 */ 66 67 #define AUT_INVALID ((char)0x00) 68 #define AUT_OTHER_FILE ((char)0x11) 69 #define AUT_OTHER_FILE32 AUT_OTHER_FILE 70 #define AUT_OHEADER ((char)0x12) 71 #define AUT_TRAILER ((char)0x13) 72 #define AUT_HEADER ((char)0x14) 73 #define AUT_HEADER32 AUT_HEADER 74 #define AUT_HEADER32_EX ((char)0x15) 75 #define AUT_TRAILER_MAGIC ((short)0xB105) 76 77 /* 78 * Data token types 79 */ 80 81 #define AUT_FMRI ((char)0x20) 82 #define AUT_DATA ((char)0x21) 83 #define AUT_IPC ((char)0x22) 84 #define AUT_PATH ((char)0x23) 85 #define AUT_SUBJECT ((char)0x24) 86 #define AUT_SUBJECT32 AUT_SUBJECT 87 #define AUT_XATPATH ((char)0x25) 88 #define AUT_PROCESS ((char)0x26) 89 #define AUT_PROCESS32 AUT_PROCESS 90 #define AUT_RETURN ((char)0x27) 91 #define AUT_RETURN32 AUT_RETURN 92 #define AUT_TEXT ((char)0x28) 93 #define AUT_OPAQUE ((char)0x29) 94 #define AUT_IN_ADDR ((char)0x2A) 95 #define AUT_IP ((char)0x2B) 96 #define AUT_IPORT ((char)0x2C) 97 #define AUT_ARG ((char)0x2D) 98 #define AUT_ARG32 AUT_ARG 99 #define AUT_SOCKET ((char)0x2E) 100 #define AUT_SEQ ((char)0x2F) 101 #define AUT_TID ((char)0x61) 102 103 /* 104 * Modifier token types 105 */ 106 107 #define AUT_ACL ((char)0x30) 108 #define AUT_ATTR ((char)0x31) 109 #define AUT_IPC_PERM ((char)0x32) 110 #define AUT_LABEL ((char)0x33) 111 #define AUT_GROUPS ((char)0x34) 112 #define AUT_ACE ((char)0x35) 113 /* 114 * 0x36, 0x37 unused 115 */ 116 #define AUT_PRIV ((char)0x38) 117 #define AUT_UPRIV ((char)0x39) 118 #define AUT_LIAISON ((char)0x3A) 119 #define AUT_NEWGROUPS ((char)0x3B) 120 #define AUT_EXEC_ARGS ((char)0x3C) 121 #define AUT_EXEC_ENV ((char)0x3D) 122 #define AUT_ATTR32 ((char)0x3E) 123 #define AUT_UAUTH ((char)0x3F) 124 #define AUT_ZONENAME ((char)0x60) 125 126 /* 127 * X windows token types 128 */ 129 130 #define AUT_XATOM ((char)0x40) 131 #define AUT_XOBJ ((char)0x41) 132 #define AUT_XPROTO ((char)0x42) 133 #define AUT_XSELECT ((char)0x43) 134 135 #if TOKEN_VERSION != 3 136 #define AUT_XCOLORMAP ((char)0x44) 137 #define AUT_XCURSOR ((char)0x45) 138 #define AUT_XFONT ((char)0x46) 139 #define AUT_XGC ((char)0x47) 140 #define AUT_XPIXMAP ((char)0x48) 141 #define AUT_XPROPERTY ((char)0x49) 142 #define AUT_XWINDOW ((char)0x4A) 143 #define AUT_XCLIENT ((char)0x4B) 144 #else /* TOKEN_VERSION == 3 */ 145 #define AUT_XCOLORMAP ((char)0x74) 146 #define AUT_XCURSOR ((char)0x75) 147 #define AUT_XFONT ((char)0x76) 148 #define AUT_XGC ((char)0x77) 149 #define AUT_XPIXMAP ((char)0x78) 150 #define AUT_XPROPERTY ((char)0x79) 151 #define AUT_XWINDOW ((char)0x7A) 152 #define AUT_XCLIENT ((char)0x7B) 153 #endif /* TOKEN_VERSION != 3 */ 154 155 /* 156 * Command token types 157 */ 158 159 #define AUT_CMD ((char)0x51) 160 #define AUT_EXIT ((char)0x52) 161 162 /* 163 * Miscellaneous token types 164 */ 165 166 #define AUT_HOST ((char)0x70) 167 168 /* 169 * Solaris64 token types 170 */ 171 172 #define AUT_ARG64 ((char)0x71) 173 #define AUT_RETURN64 ((char)0x72) 174 #define AUT_ATTR64 ((char)0x73) 175 #define AUT_HEADER64 ((char)0x74) 176 #define AUT_SUBJECT64 ((char)0x75) 177 #define AUT_PROCESS64 ((char)0x77) 178 #define AUT_OTHER_FILE64 ((char)0x78) 179 180 /* 181 * Extended network address token types 182 */ 183 184 #define AUT_HEADER64_EX ((char)0x79) 185 #define AUT_SUBJECT32_EX ((char)0x7a) 186 #define AUT_PROCESS32_EX ((char)0x7b) 187 #define AUT_SUBJECT64_EX ((char)0x7c) 188 #define AUT_PROCESS64_EX ((char)0x7d) 189 #define AUT_IN_ADDR_EX ((char)0x7e) 190 #define AUT_SOCKET_EX ((char)0x7f) 191 192 193 /* 194 * Audit print suggestion types. 195 */ 196 197 #define AUP_BINARY ((char)0) 198 #define AUP_OCTAL ((char)1) 199 #define AUP_DECIMAL ((char)2) 200 #define AUP_HEX ((char)3) 201 #define AUP_STRING ((char)4) 202 203 /* 204 * Audit data member types. 205 */ 206 207 #define AUR_BYTE ((char)0) 208 #define AUR_CHAR ((char)0) 209 #define AUR_SHORT ((char)1) 210 #define AUR_INT ((char)2) 211 #define AUR_INT32 ((char)2) 212 #define AUR_INT64 ((char)3) 213 214 /* 215 * Adr structures 216 */ 217 218 struct adr_s { 219 char *adr_stream; /* The base of the stream */ 220 char *adr_now; /* The location within the stream */ 221 }; 222 223 typedef struct adr_s adr_t; 224 225 226 #ifdef _KERNEL 227 228 #include <sys/param.h> 229 #include <sys/systm.h> /* for rval */ 230 #include <sys/time.h> 231 #include <sys/types.h> 232 #include <sys/vnode.h> 233 #include <sys/mode.h> 234 #include <sys/user.h> 235 #include <sys/session.h> 236 #include <sys/ipc_impl.h> 237 #include <netinet/in_systm.h> 238 #include <netinet/in.h> 239 #include <netinet/ip.h> 240 #include <sys/socket.h> 241 #include <net/route.h> 242 #include <netinet/in_pcb.h> 243 244 /* 245 * au_close flag arguments 246 */ 247 248 #define AU_OK 0x1 /* Good audit record */ 249 #define AU_DONTBLOCK 0x2 /* Don't block or discard if queue full */ 250 #define AU_DEFER 0x4 /* Defer record queueing to syscall end */ 251 252 /* 253 * Audit token type is really an au_membuf pointer 254 */ 255 typedef au_buff_t token_t; 256 /* 257 * token generation functions 258 */ 259 token_t *au_append_token(token_t *, token_t *); 260 token_t *au_set(caddr_t, uint_t); 261 262 void au_free_rec(au_buff_t *); 263 264 #define au_getclr() ((token_t *)au_get_buff()) 265 #define au_toss_token(tok) (au_free_rec((au_buff_t *)(tok))) 266 267 token_t *au_to_acl(); 268 token_t *au_to_ace(); 269 token_t *au_to_attr(struct vattr *); 270 token_t *au_to_data(char, char, char, char *); 271 token_t *au_to_header(int, au_event_t, au_emod_t); 272 token_t *au_to_header_ex(int, au_event_t, au_emod_t); 273 token_t *au_to_ipc(char, int); 274 token_t *au_to_ipc_perm(kipc_perm_t *); 275 token_t *au_to_iport(ushort_t); 276 token_t *au_to_in_addr(struct in_addr *); 277 token_t *au_to_in_addr_ex(int32_t *); 278 token_t *au_to_ip(struct ip *); 279 token_t *au_to_groups(const gid_t *, uint_t); 280 token_t *au_to_path(struct audit_path *); 281 token_t *au_to_seq(); 282 token_t *au_to_process(uid_t, gid_t, uid_t, gid_t, pid_t, 283 au_id_t, au_asid_t, const au_tid_addr_t *); 284 token_t *au_to_subject(uid_t, gid_t, uid_t, gid_t, pid_t, 285 au_id_t, au_asid_t, const au_tid_addr_t *); 286 token_t *au_to_return32(int, int32_t); 287 token_t *au_to_return64(int, int64_t); 288 token_t *au_to_text(const char *); 289 /* token_t *au_to_tid(au_generic_tid_t *); no kernel implementation */ 290 token_t *au_to_trailer(int); 291 token_t *au_to_uauth(char *); 292 size_t au_zonename_length(zone_t *); 293 token_t *au_to_zonename(size_t, zone_t *); 294 token_t *au_to_arg32(char, char *, uint32_t); 295 token_t *au_to_arg64(char, char *, uint64_t); 296 token_t *au_to_socket_ex(short, short, char *, char *); 297 token_t *au_to_sock_inet(struct sockaddr_in *); 298 token_t *au_to_exec_args(const char *, ssize_t); 299 token_t *au_to_exec_env(const char *, ssize_t); 300 token_t *au_to_label(bslabel_t *); 301 token_t *au_to_privset(const char *, const priv_set_t *, char, int); 302 303 void au_uwrite(); 304 void au_close(au_kcontext_t *, caddr_t *, int, au_event_t, au_emod_t); 305 void au_close_defer(token_t *, int, au_event_t, au_emod_t); 306 void au_close_time(au_kcontext_t *, token_t *, int, au_event_t, au_emod_t, 307 timestruc_t *); 308 void au_free_rec(au_buff_t *); 309 void au_write(caddr_t *, token_t *); 310 void au_mem_init(void); 311 void au_zone_setup(); 312 void au_enqueue(au_kcontext_t *, au_buff_t *, adr_t *, adr_t *, int, int); 313 int au_doorio(au_kcontext_t *); 314 int au_doormsg(au_kcontext_t *, uint32_t, void *); 315 int au_token_size(token_t *); 316 int au_append_rec(au_buff_t *, au_buff_t *, int); 317 int au_append_buf(const char *, int, au_buff_t *); 318 319 #else /* !_KERNEL */ 320 321 #include <limits.h> 322 #include <sys/types.h> 323 #include <sys/vnode.h> 324 #include <netinet/in_systm.h> 325 #include <netinet/in.h> 326 #include <netinet/ip.h> 327 #include <sys/ipc.h> 328 329 struct token_s { 330 struct token_s *tt_next; /* Next in the list */ 331 short tt_size; /* Size of data */ 332 char *tt_data; /* The data */ 333 }; 334 typedef struct token_s token_t; 335 336 /* 337 * Old socket structure definition, formerly in <sys/socketvar.h> 338 */ 339 struct oldsocket { 340 short so_type; /* generic type, see socket.h */ 341 short so_options; /* from socket call, see socket.h */ 342 short so_linger; /* time to linger while closing */ 343 short so_state; /* internal state flags SS_*, below */ 344 struct inpcb *so_pcb; /* protocol control block */ 345 struct protosw *so_proto; /* protocol handle */ 346 /* 347 * Variables for connection queueing. 348 * Socket where accepts occur is so_head in all subsidiary sockets. 349 * If so_head is 0, socket is not related to an accept. 350 * For head socket so_q0 queues partially completed connections, 351 * while so_q is a queue of connections ready to be accepted. 352 * If a connection is aborted and it has so_head set, then 353 * it has to be pulled out of either so_q0 or so_q. 354 * We allow connections to queue up based on current queue lengths 355 * and limit on number of queued connections for this socket. 356 */ 357 struct oldsocket *so_head; /* back pointer to accept socket */ 358 struct oldsocket *so_q0; /* queue of partial connections */ 359 struct oldsocket *so_q; /* queue of incoming connections */ 360 short so_q0len; /* partials on so_q0 */ 361 short so_qlen; /* number of connections on so_q */ 362 short so_qlimit; /* max number queued connections */ 363 short so_timeo; /* connection timeout */ 364 ushort_t so_error; /* error affecting connection */ 365 short so_pgrp; /* pgrp for signals */ 366 ulong_t so_oobmark; /* chars to oob mark */ 367 /* 368 * Variables for socket buffering. 369 */ 370 struct sockbuf { 371 ulong_t sb_cc; /* actual chars in buffer */ 372 ulong_t sb_hiwat; /* max actual char count */ 373 ulong_t sb_mbcnt; /* chars of mbufs used */ 374 ulong_t sb_mbmax; /* max chars of mbufs to use */ 375 ulong_t sb_lowat; /* low water mark (not used yet) */ 376 struct mbuf *sb_mb; /* the mbuf chain */ 377 struct proc *sb_sel; /* process selecting read/write */ 378 short sb_timeo; /* timeout (not used yet) */ 379 short sb_flags; /* flags, see below */ 380 } so_rcv, so_snd; 381 /* 382 * Hooks for alternative wakeup strategies. 383 * These are used by kernel subsystems wishing to access the socket 384 * abstraction. If so_wupfunc is nonnull, it is called in place of 385 * wakeup any time that wakeup would otherwise be called with an 386 * argument whose value is an address lying within a socket structure. 387 */ 388 struct wupalt *so_wupalt; 389 }; 390 extern token_t *au_to_arg32(char, char *, uint32_t); 391 extern token_t *au_to_arg64(char, char *, uint64_t); 392 extern token_t *au_to_acl(struct acl *); 393 extern token_t *au_to_attr(struct vattr *); 394 extern token_t *au_to_cmd(uint_t, char **, char **); 395 extern token_t *au_to_data(char, char, char, char *); 396 extern token_t *au_to_exec_args(char **); 397 extern token_t *au_to_exec_env(char **); 398 extern token_t *au_to_exit(int, int); 399 extern token_t *au_to_fmri(char *); 400 extern token_t *au_to_groups(int *); 401 extern token_t *au_to_newgroups(int, gid_t *); 402 extern token_t *au_to_header(au_event_t, au_emod_t); 403 extern token_t *au_to_header_ex(au_event_t, au_emod_t); 404 extern token_t *au_to_in_addr(struct in_addr *); 405 extern token_t *au_to_in_addr_ex(struct in6_addr *); 406 extern token_t *au_to_ipc(char, int); 407 extern token_t *au_to_ipc_perm(struct ipc_perm *); 408 extern token_t *au_to_iport(ushort_t); 409 extern token_t *au_to_me(void); 410 extern token_t *au_to_mylabel(void); 411 extern token_t *au_to_opaque(char *, short); 412 extern token_t *au_to_path(char *); 413 extern token_t *au_to_privset(const char *, const priv_set_t *); 414 extern token_t *au_to_process(au_id_t, uid_t, gid_t, uid_t, gid_t, 415 pid_t, au_asid_t, au_tid_t *); 416 extern token_t *au_to_process_ex(au_id_t, uid_t, gid_t, uid_t, gid_t, 417 pid_t, au_asid_t, au_tid_addr_t *); 418 extern token_t *au_to_return32(char, uint32_t); 419 extern token_t *au_to_return64(char, uint64_t); 420 extern token_t *au_to_seq(int); 421 extern token_t *au_to_label(m_label_t *); 422 extern token_t *au_to_socket(struct oldsocket *); 423 extern token_t *au_to_subject(au_id_t, uid_t, gid_t, uid_t, gid_t, 424 pid_t, au_asid_t, au_tid_t *); 425 extern token_t *au_to_subject_ex(au_id_t, uid_t, gid_t, uid_t, gid_t, 426 pid_t, au_asid_t, au_tid_addr_t *); 427 extern token_t *au_to_text(char *); 428 extern token_t *au_to_tid(au_generic_tid_t *); 429 extern token_t *au_to_trailer(void); 430 extern token_t *au_to_uauth(char *); 431 extern token_t *au_to_upriv(char, char *); 432 extern token_t *au_to_xatom(char *); 433 extern token_t *au_to_xselect(char *, char *, char *); 434 extern token_t *au_to_xcolormap(int32_t, uid_t); 435 extern token_t *au_to_xcursor(int32_t, uid_t); 436 extern token_t *au_to_xfont(int32_t, uid_t); 437 extern token_t *au_to_xgc(int32_t, uid_t); 438 extern token_t *au_to_xpixmap(int32_t, uid_t); 439 extern token_t *au_to_xwindow(int32_t, uid_t); 440 extern token_t *au_to_xproperty(int32_t, uid_t, char *); 441 extern token_t *au_to_xclient(uint32_t); 442 extern token_t *au_to_zonename(char *); 443 #endif /* _KERNEL */ 444 445 #ifdef _KERNEL 446 447 void adr_char(adr_t *, char *, int); 448 void adr_int32(adr_t *, int32_t *, int); 449 void adr_uint32(adr_t *, uint32_t *, int); 450 void adr_int64(adr_t *, int64_t *, int); 451 void adr_uint64(adr_t *, uint64_t *, int); 452 void adr_short(adr_t *, short *, int); 453 void adr_ushort(adr_t *, ushort_t *, int); 454 void adr_start(adr_t *, char *); 455 456 char *adr_getchar(adr_t *, char *); 457 char *adr_getshort(adr_t *, short *); 458 char *adr_getushort(adr_t *, ushort_t *); 459 char *adr_getint32(adr_t *, int32_t *); 460 char *adr_getuint32(adr_t *, uint32_t *); 461 char *adr_getint64(adr_t *, int64_t *); 462 char *adr_getuint64(adr_t *, uint64_t *); 463 464 int adr_count(adr_t *); 465 466 #endif /* _KERNEL */ 467 468 #ifdef __cplusplus 469 } 470 #endif 471 472 #endif /* _BSM_AUDIT_RECORD_H */ 473
Indexes created Sun Nov 08 04:09:30 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.