1/*- 2 * Copyright (c) 2012 The FreeBSD Foundation 3 * All rights reserved. 4 * 5 * This software was developed by Pawel Jakub Dawidek under sponsorship from 6 * the FreeBSD Foundation. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $P4: //depot/projects/trustedbsd/openbsm/bin/auditdistd/auditdistd.h#2 $ 30 */ 31 32#ifndef _AUDITDISTD_H_ 33#define _AUDITDISTD_H_ 34 35#include <sys/param.h> 36#include <sys/queue.h> 37#include <sys/socket.h> 38 39#include <arpa/inet.h> 40 41#include <netinet/in.h> 42 43#include <dirent.h> 44#include <limits.h> 45#include <pthread.h> 46#include <stdbool.h> 47#include <stdint.h> 48 49#include <compat/compat.h> 50 51#include "proto.h" 52 53/* 54 * Version history: 55 * 0 - initial version 56 */ 57#define ADIST_VERSION 0 58 59#define ADIST_ROLE_UNDEF 0 60#define ADIST_ROLE_SENDER 1 61#define ADIST_ROLE_RECEIVER 2 62 63#define ADIST_USER "auditdistd" 64#define ADIST_TIMEOUT 20 65#define ADIST_CONFIG "/etc/security/auditdistd.conf" 66#define ADIST_TCP_PORT "7878" 67#define ADIST_LISTEN_TLS_TCP4 "tls://0.0.0.0:" ADIST_TCP_PORT 68#define ADIST_LISTEN_TLS_TCP6 "tls://[::]:" ADIST_TCP_PORT 69#define ADIST_PIDFILE "/var/run/auditdistd.pid" 70#define ADIST_DIRECTORY_SENDER "/var/audit/dist" 71#define ADIST_DIRECTORY_RECEIVER "/var/audit/remote" 72#define ADIST_CERTFILE "/etc/security/auditdistd.cert.pem" 73#define ADIST_KEYFILE "/etc/security/auditdistd.key.pem" 74 75#define ADIST_ERROR_WRONG_ORDER 1 76#define ADIST_ERROR_INVALID_NAME 2 77#define ADIST_ERROR_OPEN_OLD 3 78#define ADIST_ERROR_CREATE 4 79#define ADIST_ERROR_OPEN 5 80#define ADIST_ERROR_READ 6 81#define ADIST_ERROR_WRITE 7 82#define ADIST_ERROR_RENAME 8 83 84#define ADIST_ADDRSIZE 1024 85#define ADIST_HOSTSIZE 256 86#define ADIST_PATHSIZE 256 87#define ADIST_PASSWORDSIZE 128 88#define ADIST_FINGERPRINTSIZE 256 89 90/* Number of seconds to sleep between reconnect retries or keepalive packets. */ 91#define ADIST_KEEPALIVE 10 92 93struct adist_listen { 94 /* Address to listen on. */ 95 char adl_addr[ADIST_ADDRSIZE]; 96 /* Protocol-specific data. */ 97 struct proto_conn *adl_conn; 98 TAILQ_ENTRY(adist_listen) adl_next; 99}; 100 101struct adist_config { 102 /* Our name. */ 103 char adc_name[ADIST_HOSTSIZE]; 104 /* PID file path. */ 105 char adc_pidfile[PATH_MAX]; 106 /* Connection timeout. */ 107 int adc_timeout; 108 /* Path to receiver's certificate file. */ 109 char adc_certfile[PATH_MAX]; 110 /* Path to receiver's private key file. */ 111 char adc_keyfile[PATH_MAX]; 112 /* List of addresses to listen on. */ 113 TAILQ_HEAD(, adist_listen) adc_listen; 114 /* List of hosts. */ 115 TAILQ_HEAD(, adist_host) adc_hosts; 116}; 117 118#define ADIST_COMPRESSION_NONE 0 119#define ADIST_COMPRESSION_LZF 1 120 121#define ADIST_CHECKSUM_NONE 0 122#define ADIST_CHECKSUM_CRC32 1 123#define ADIST_CHECKSUM_SHA256 2 124 125/* 126 * Structure that describes single host (either sender or receiver). 127 */ 128struct adist_host { 129 /* Host name. */ 130 char adh_name[ADIST_HOSTSIZE]; 131 /* Host role: ADIST_ROLE_{SENDER,RECEIVER}. */ 132 int adh_role; 133 /* Protocol version negotiated. */ 134 int adh_version; 135 136 /* Local address to bind to. */ 137 char adh_localaddr[ADIST_ADDRSIZE]; 138 /* Address of the remote component. */ 139 char adh_remoteaddr[ADIST_ADDRSIZE]; 140 /* Connection with remote host. */ 141 struct proto_conn *adh_remote; 142 /* Connection was reestablished, reset the state. */ 143 bool adh_reset; 144 145 /* 146 * Directory from which audit trail files should be send in 147 * ADIST_ROLE_SENDER case or stored into in ADIST_ROLE_RECEIVER case. 148 */ 149 char adh_directory[PATH_MAX]; 150 /* Compression algorithm. Currently unused. */ 151 int adh_compression; 152 /* Checksum algorithm. Currently unused. */ 153 int adh_checksum; 154 155 /* Sender's password. */ 156 char adh_password[ADIST_PASSWORDSIZE]; 157 /* Fingerprint of receiver's public key. */ 158 char adh_fingerprint[ADIST_FINGERPRINTSIZE]; 159 160 /* PID of child worker process. 0 - no child. */ 161 pid_t adh_worker_pid; 162 /* Connection requests from sender to main. */ 163 struct proto_conn *adh_conn; 164 165 /* Receiver-specific fields. */ 166 char adh_trail_name[ADIST_PATHSIZE]; 167 int adh_trail_fd; 168 int adh_trail_dirfd; 169 DIR *adh_trail_dirfp; 170 /* Sender-specific fields. */ 171 uint64_t adh_trail_offset; 172 173 /* Next resource. */ 174 TAILQ_ENTRY(adist_host) adh_next; 175}; 176 177#define ADIST_BYTEORDER_UNDEFINED 0 178#define ADIST_BYTEORDER_LITTLE_ENDIAN 1 179#define ADIST_BYTEORDER_BIG_ENDIAN 2 180 181#if _BYTE_ORDER == _LITTLE_ENDIAN 182#define ADIST_BYTEORDER ADIST_BYTEORDER_LITTLE_ENDIAN 183#elif _BYTE_ORDER == _BIG_ENDIAN 184#define ADIST_BYTEORDER ADIST_BYTEORDER_BIG_ENDIAN 185#else 186#error Unknown byte order. 187#endif 188 189struct adpkt { 190 uint8_t adp_byteorder; 191#define ADIST_CMD_UNDEFINED 0 192#define ADIST_CMD_OPEN 1 193#define ADIST_CMD_APPEND 2 194#define ADIST_CMD_CLOSE 3 195#define ADIST_CMD_KEEPALIVE 4 196#define ADIST_CMD_ERROR 5 197 uint8_t adp_cmd; 198 uint64_t adp_seq; 199 uint32_t adp_datasize; 200 unsigned char adp_data[0]; 201} __packed; 202 203struct adreq { 204 int adr_error; 205 TAILQ_ENTRY(adreq) adr_next; 206 struct adpkt adr_packet; 207}; 208 209#define adr_byteorder adr_packet.adp_byteorder 210#define adr_cmd adr_packet.adp_cmd 211#define adr_seq adr_packet.adp_seq 212#define adr_datasize adr_packet.adp_datasize 213#define adr_data adr_packet.adp_data 214 215#define ADPKT_SIZE(adreq) (sizeof((adreq)->adr_packet) + (adreq)->adr_datasize) 216 217struct adrep { 218 uint8_t adrp_byteorder; 219 uint64_t adrp_seq; 220 uint16_t adrp_error; 221} __packed; 222 223#define ADIST_QUEUE_SIZE 16 224#define ADIST_BUF_SIZE 65536 225 226#define QUEUE_TAKE(adreq, list, timeout) do { \ 227 mtx_lock(list##_lock); \ 228 if ((timeout) == 0) { \ 229 while (((adreq) = TAILQ_FIRST(list)) == NULL) \ 230 cv_wait(list##_cond, list##_lock); \ 231 } else { \ 232 (adreq) = TAILQ_FIRST(list); \ 233 if ((adreq) == NULL) { \ 234 cv_timedwait(list##_cond, list##_lock, \ 235 (timeout)); \ 236 (adreq) = TAILQ_FIRST(list); \ 237 } \ 238 } \ 239 if ((adreq) != NULL) \ 240 TAILQ_REMOVE((list), (adreq), adr_next); \ 241 mtx_unlock(list##_lock); \ 242} while (0) 243#define QUEUE_INSERT(adreq, list) do { \ 244 bool _wakeup; \ 245 \ 246 mtx_lock(list##_lock); \ 247 _wakeup = TAILQ_EMPTY(list); \ 248 TAILQ_INSERT_TAIL((list), (adreq), adr_next); \ 249 mtx_unlock(list##_lock); \ 250 if (_wakeup) \ 251 cv_signal(list##_cond); \ 252} while (0) 253#define QUEUE_WAIT(list) do { \ 254 mtx_lock(list##_lock); \ 255 while (TAILQ_EMPTY(list)) \ 256 cv_wait(list##_cond, list##_lock); \ 257 mtx_unlock(list##_lock); \ 258} while (0) 259 260extern const char *cfgpath; 261extern bool sigexit_received; 262extern struct pidfh *pfh; 263 264void descriptors_cleanup(struct adist_host *adhost); 265void descriptors_assert(const struct adist_host *adhost, int pjdlogmode); 266 267void adist_sender(struct adist_config *config, struct adist_host *adhost); 268void adist_receiver(struct adist_config *config, struct adist_host *adhost); 269 270struct adist_config *yy_config_parse(const char *config, bool exitonerror); 271void yy_config_free(struct adist_config *config); 272 273void yyerror(const char *); 274int yylex(void); 275 276#endif /* !_AUDITDISTD_H_ */ 277