1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26/* 27 * File name: praudit.h 28 * praudit.c defines, globals 29 */ 30 31#ifndef _PRAUDIT_H 32#define _PRAUDIT_H 33 34#pragma ident "%Z%%M% %I% %E% SMI" 35 36#ifdef __cplusplus 37extern "C" { 38#endif 39 40/* DEFINES */ 41 42/* 43 * output value types 44 */ 45#define PRA_INT32 0 46#define PRA_UINT32 1 47#define PRA_INT64 2 48#define PRA_UINT64 3 49#define PRA_SHORT 4 50#define PRA_USHORT 5 51#define PRA_CHAR 6 52#define PRA_UCHAR 7 53#define PRA_STRING 8 54#define PRA_HEX32 9 55#define PRA_HEX64 10 56#define PRA_SHEX 11 57#define PRA_OCT 12 58#define PRA_BYTE 13 59#define PRA_OUTREC 14 60#define PRA_LOCT 15 61 62/* 63 * Formatting flags 64 */ 65#define PRF_DEFAULTM 0x0000 /* Default mode */ 66#define PRF_RAWM 0x0001 /* Raw mode */ 67#define PRF_SHORTM 0x0002 /* Short mode */ 68#define PRF_XMLM 0x0004 /* XML format */ 69#define PRF_ONELINE 0x0008 /* one-line output */ 70#define PRF_NOCACHE 0x0010 /* don't cache event names */ 71 72/* 73 * source of audit data (data_mode) 74 */ 75#define FILEMODE 1 76#define PIPEMODE 2 77#define BUFMODE 3 78 79/* 80 * max. number of audit file names entered on command line 81 */ 82#define MAXFILENAMES 100 83 84/* 85 * max. size of file name 86 */ 87#define MAXFILELEN MAXPATHLEN+MAXNAMLEN+1 88 89/* 90 * used to store value to be output 91 */ 92typedef union u_tag { 93 int32_t int32_val; 94 uint32_t uint32_val; 95 int64_t int64_val; 96 uint64_t uint64_val; 97 short short_val; 98 ushort_t ushort_val; 99 char char_val; 100 char uchar_val; 101 char *string_val; 102} u_tag_t; 103typedef struct u_val { 104 int uvaltype; 105 u_tag_t tag; 106} uval_t; 107#define int32_val tag.int32_val 108#define uint32_val tag.uint32_val 109#define int64_val tag.int64_val 110#define uint64_val tag.uint64_val 111#define short_val tag.short_val 112#define ushort_val tag.ushort_val 113#define char_val tag.char_val 114#define uchar_val tag.uchar_val 115#define string_val tag.string_val 116 117 118/* 119 * Strings and things for xml prolog & ending printing. 120 */ 121#define prolog1 "<?xml version='1.0' encoding='UTF-8' ?>\n" 122#define prolog2 "\n<!DOCTYPE audit PUBLIC " \ 123 "'-//Sun Microsystems, Inc.//DTD Audit V1//EN' " \ 124 "'file:///usr/share/lib/xml/dtd/adt_record.dtd.1'>\n\n" 125#define prolog_xsl "<?xml-stylesheet type='text/xsl' " \ 126 "href='file:///usr/share/lib/xml/style/adt_record.xsl.1' ?>\n" 127 128 /* Special main element: */ 129#define xml_start "<audit>" 130#define xml_ending "\n</audit>\n" 131 132#define xml_prolog_len (sizeof (prolog1) + sizeof (prolog2) + \ 133 sizeof (prolog_xsl) + sizeof (xml_start) + 1) 134#define xml_end_len (sizeof (xml_ending) + 1) 135 136/* 137 * used to save context for print_audit and related functions. 138 */ 139 140#define SEP_SIZE 4 141 142struct pr_context { 143 int format; 144 int data_mode; 145 char SEPARATOR[SEP_SIZE]; /* field separator */ 146 signed char tokenid; /* initial token ID */ 147 adr_t *audit_adr; /* audit record */ 148 adrf_t *audit_adrf; /* audit record, file mode */ 149 int audit_rec_len; 150 char *audit_rec_start; 151 152 char *inbuf_start; 153 char *inbuf_last; /* ptr to byte after latest completed */ 154 /* header or file token in the input */ 155 int inbuf_totalsize; 156 char *outbuf_p; 157 char *outbuf_start; 158 char *outbuf_last; /* ptr to byte after latest completed */ 159 /* header or file token in the output */ 160 int outbuf_remain_len; 161 162 int pending_flag; /* open of extended tag not completed */ 163 int current_rec; /* id of current record */ 164}; 165typedef struct pr_context pr_context_t; 166 167 168extern void init_tokens(void); 169 170extern int open_tag(pr_context_t *context, int); 171extern int finish_open_tag(pr_context_t *context); 172extern int check_close_rec(pr_context_t *context, int); 173extern int close_tag(pr_context_t *context, int); 174extern int process_tag(pr_context_t *context, int, int, int); 175 176extern int is_file_token(int); 177extern int is_header_token(int); 178extern int is_token(int); 179extern int do_newline(pr_context_t *context, int); 180 181extern char *bu2string(char basic_unit); 182extern int convert_char_to_string(char printmode, char c, char *p); 183extern int convert_int32_to_string(char printmode, int32_t c, char *p); 184extern int convert_int64_to_string(char printmode, int64_t c, char *p); 185extern int convert_short_to_string(char printmode, short c, char *p); 186extern int findfieldwidth(char basicunit, char howtoprint); 187extern void get_Hname(uint32_t addr, char *buf, size_t buflen); 188extern void get_Hname_ex(uint32_t *addr, char *buf, size_t buflen); 189extern char *hexconvert(char *c, int size, int chunk); 190extern char *htp2string(char print_sugg); 191extern int pa_print(pr_context_t *context, uval_t *uval, int flag); 192extern int pa_reclen(pr_context_t *context, int status); 193extern int pa_file_string(pr_context_t *context, int status, int flag); 194extern int pa_adr_int32(pr_context_t *context, int status, int flag); 195extern int pa_adr_int64(pr_context_t *context, int status, int flag); 196extern int pa_utime32(pr_context_t *context, int status, int flag); 197extern int pa_ntime32(pr_context_t *context, int status, int flag); 198extern int pa_utime64(pr_context_t *context, int status, int flag); 199extern int pa_ntime64(pr_context_t *context, int status, int flag); 200extern int pa_adr_string(pr_context_t *context, int status, int flag); 201extern int pa_adr_u_int32(pr_context_t *context, int status, int flag); 202extern int pa_adr_u_int64(pr_context_t *context, int status, int flag); 203extern int pa_adr_byte(pr_context_t *context, int status, int flag); 204extern int pa_event_type(pr_context_t *context, int status, int flag); 205extern int pa_event_modifier(pr_context_t *context, int status, int flag); 206extern int pa_adr_int32hex(pr_context_t *context, int status, int flag); 207extern int pa_adr_int64hex(pr_context_t *context, int status, int flag); 208extern int pa_pw_uid(pr_context_t *context, int status, int flag); 209extern int pa_gr_uid(pr_context_t *context, int status, int flag); 210extern int pa_pw_uid_gr_gid(pr_context_t *context, int status, int flag); 211extern int pa_ace(pr_context_t *context, int status, int flag); 212extern int pa_hostname(pr_context_t *context, int status, int flag); 213extern int pa_hostname_ex(pr_context_t *context, int status, int flag); 214extern int pa_hostname_so(pr_context_t *context, int status, int flag); 215extern int pa_adr_u_short(pr_context_t *context, int status, int flag); 216extern int pa_tid32(pr_context_t *context, int status, int flag); 217extern int pa_tid64(pr_context_t *context, int status, int flag); 218extern int pa_tid32_ex(pr_context_t *context, int status, int flag); 219extern int pa_tid64_ex(pr_context_t *context, int status, int flag); 220extern int pa_adr_charhex(pr_context_t *context, int status, int flag); 221extern int pa_adr_short(pr_context_t *context, int status, int flag); 222extern int pa_adr_shorthex(pr_context_t *context, int status, int flag); 223extern int pa_mode(pr_context_t *context, int status, int flag); 224extern int pa_cmd(pr_context_t *context, int status, int flag); 225extern int pa_string(pr_context_t *context, int status, int flag); 226extern int pa_liaison(pr_context_t *context, int status, int flag); 227extern int pa_xgeneric(pr_context_t *context); 228extern int pa_xid(pr_context_t *context, int status, int flag); 229extern void pa_error(const uchar_t err, char *buf, size_t buflen); 230extern void pa_retval(const uchar_t, const int32_t, char *, size_t); 231extern int pa_ip_addr(pr_context_t *context, int status, int flag); 232extern int pr_adr_char(pr_context_t *context, char *cp, int count); 233extern int pr_adr_short(pr_context_t *context, short *sp, int count); 234extern int pr_adr_int32(pr_context_t *context, int32_t *lp, int count); 235extern int pr_adr_int64(pr_context_t *context, int64_t *lp, int count); 236extern int pr_adr_u_int32(pr_context_t *context, uint32_t *cp, int count); 237extern int pr_adr_u_char(pr_context_t *context, uchar_t *cp, int count); 238extern int pr_adr_u_int64(pr_context_t *context, uint64_t *lp, int count); 239extern int pr_adr_u_short(pr_context_t *context, ushort_t *sp, int count); 240extern int pr_putchar(pr_context_t *context, char); 241extern int pr_printf(pr_context_t *context, const char *format, ...); 242extern int pr_input_remaining(pr_context_t *context, size_t size); 243 244/* 245 * Functions that format audit data 246 */ 247extern int print_audit(const int, const char *); 248extern int print_audit_buf(char **, int *, char **, int *, const int, 249 const char *); 250extern void print_audit_xml_prolog(void); 251extern void print_audit_xml_ending(void); 252extern int print_audit_xml_prolog_buf(char *out_buf, 253 const int out_buf_len); 254extern int print_audit_xml_ending_buf(char *out_buf, 255 const int out_buf_len); 256 257 258#ifdef __cplusplus 259} 260#endif 261 262#endif /* _PRAUDIT_H */ 263