1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * adt_xlate.h
23 *
24 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
25 *
26 */
27
28#ifndef _BSM_XLATE_H
29#define	_BSM_XLATE_H
30
31#include <priv.h>
32
33#include <bsm/libbsm.h>
34
35#include <tsol/label.h>
36
37#include "adt_event.h"
38
39#ifdef	__cplusplus
40extern "C" {
41#endif
42
43#ifndef TEXT_DOMAIN
44#define	TEXT_DOMAIN	"SYS_TEST"
45#endif
46
47/*
48 * values for adt_session_model
49 * In the session model, the session and process are unrelated, so
50 * such things as the supplementary group token make no sense.  In
51 * the process model, the process and session are the same.
52 */
53#define	ADT_SESSION_MODEL	1
54#define	ADT_PROCESS_MODEL	0
55
56#define	ADT_HAVE_MASK	0x01
57#define	ADT_HAVE_TID	0x02
58#define	ADT_HAVE_AUID	0x04
59#define	ADT_HAVE_ASID	0x08
60#define	ADT_HAVE_IDS	0x10
61#define	ADT_HAVE_ALL	(uint32_t)\
62	(ADT_HAVE_MASK | ADT_HAVE_TID | ADT_HAVE_AUID | ADT_HAVE_ASID |\
63	ADT_HAVE_IDS)
64
65/*
66 * dummy token types for privilege
67 */
68#define	ADT_AUT_PRIV_L	-100	/* limit set */
69#define	ADT_AUT_PRIV_I	-101	/* inherited set */
70#define	ADT_AUT_PRIV_E	-102	/* effective set */
71#define	ADT_CMD_ALT	-103	/* dummy token type for alternate command */
72#define	ADT_IN_PEER	-104	/* peer address in_addr and in_port */
73#define	ADT_IN_REMOTE	-105	/* specified address in_addr */
74
75enum adt_generic {ADT_GENERIC}; /* base for text enums */
76
77typedef struct adt_internal_state	adt_internal_state_t;
78
79union union_of_events {
80	union adt_event_data	d0;
81};
82
83/*
84 * The order of the lists MUST match the order in
85 * struct msg_text adt_msg_text that is generated by
86 * auditxml in adt_xlate.c.
87 */
88enum adt_msg_list {
89	ADT_LIST_FAIL_PAM,
90	ADT_LIST_FAIL_VALUE,
91	ADT_LIST_LOGIN_TEXT,
92	ADT_LIST_TPM_E,
93	ADT_LIST_UADMIN_FCN};
94
95enum datatype {ADT_UNDEFINED = 0,
96    ADT_DATE,
97    ADT_MSG,
98    ADT_UINT,
99    ADT_INT,
100    ADT_INT32,
101    ADT_UINT16,
102    ADT_UINT32,
103    ADT_UINT32STAR,
104    ADT_UINT32ARRAY,
105    ADT_UID,
106    ADT_GID,
107    ADT_UIDSTAR,
108    ADT_GIDSTAR,
109    ADT_UINT64,
110    ADT_LONG,
111    ADT_ULONG,
112    ADT_CHAR,
113    ADT_CHARSTAR,
114    ADT_CHAR2STAR,	/* char **			*/
115    ADT_PID,
116    ADT_PRIVSTAR,
117    ADT_TERMIDSTAR,
118    ADT_MLABELSTAR,
119    ADT_FD
120};
121typedef enum datatype datatype_t;
122
123union convert {
124    enum adt_generic	msg_selector;
125    boolean_t		tbool;
126    uint_t		tuint;
127    int			tint;
128    int32_t		tint32;
129    uint16_t		tuint16;
130    uint32_t		tuint32;
131    uint64_t		tuint64;
132    int32_t		*tint32star;
133    uint32_t		*tuint32star;
134    uid_t		tuid;
135    gid_t		tgid;
136    uid_t		*tuidstar;
137    gid_t		*tgidstar;
138    pid_t		tpid;
139    long		tlong;
140    ulong_t		tulong;
141    char		tchar;
142    char		*tcharstar;
143    char		**tchar2star;
144    au_tid_addr_t 	*ttermid;
145    priv_set_t		*tprivstar;
146    m_label_t		*tm_label;
147    fd_t		tfd;
148};
149
150struct adt_event_state {
151	union union_of_events	ae_event_data;
152
153	/* above is user's area; below is internal.  Order matters */
154
155	uint_t		ae_check;	/* see adt_internal_state	*/
156	int		ae_event_handle;
157	au_event_t	ae_event_id;	/* external id			*/
158	au_event_t	ae_internal_id; /* translated			*/
159	int		ae_rc;		/* exit token rc		*/
160	int		ae_type;	/* exit error type		*/
161	struct adt_internal_state *ae_session;
162};
163
164struct datadefs {
165	datatype_t	dd_datatype;	/* input data type */
166	size_t		dd_input_size;	/* input data size */
167};
168typedef struct datadefs datadef;
169
170typedef void (* adt_token_func_t)(datadef *, void *, int,
171    struct adt_event_state *, char *);
172
173typedef char *(* adt_msg_func_t)(enum adt_generic);
174
175#define	ADT_VALID	0xAAAA5555
176
177struct adt_internal_state {
178	uint32_t	as_check;	/* == ADT_VALID when created,	*/
179					/* == zero when freed		*/
180	uid_t		as_euid;
181	uid_t		as_ruid;
182	gid_t		as_egid;
183	gid_t		as_rgid;
184
185	struct auditinfo_addr as_info;
186	/*
187	 * ai_auid				audit id
188	 * ai_mask.am_success			pre-selection mask
189	 * ai_mask.am_failure
190	 * ai_termid	.at_port		terminal id
191	 *		.at_type
192	 *		.ai_termid.at_addr[0]
193	 *		.ai_termid.at_addr[1]
194	 *		.ai_termid.at_addr[2]
195	 *		.ai_termid.at_addr[3]
196	 * ai_asid				session id
197	 */
198	int		as_audit_state;		/* audit state */
199	/*
200	 * data above this line is exported / imported
201	 * To maintain upward compatibility, the above structures
202	 * can't change, so for version 2, all changes will need
203	 * to be added here and the old format (above) maintained.
204	 */
205
206	uint32_t		as_have_user_data;
207
208	uint32_t		as_kernel_audit_policy;
209	int			as_session_model;
210	adt_session_flags_t	as_flags;
211	pid_t			as_pid;
212	m_label_t		*as_label;	/* if is_system_labeled */
213	adt_translation_t	**as_xlate;
214	void (*as_preload)(au_event_t, adt_event_data_t *);
215};
216
217/*
218 * export data format
219 * version number changes when adt_internal_state's export portion
220 * changes.
221 */
222#define	PROTOCOL_VERSION_1	1
223#define	PROTOCOL_VERSION_2	2
224
225/*
226 * most recent version is at the top; down level consumers are
227 * expected to search down via "prev_offsetX" to a version they
228 * understand.  "v1" is first, "v0" is used to illustrate correct
229 * order for future use.
230 */
231
232struct adt_export_v2 {
233	int32_t		ax_euid;
234	int32_t		ax_ruid;
235	int32_t		ax_egid;
236	int32_t		ax_rgid;
237	int32_t		ax_auid;
238	uint32_t	ax_mask_success;
239	uint32_t	ax_mask_failure;
240	uint32_t	ax_port;
241	uint32_t	ax_type;
242	uint32_t	ax_addr[4];
243	uint32_t	ax_asid;
244	int		ax_audit_state;
245	pid_t		ax_pid;
246	size32_t	ax_label_len;	/* 0, unlabeled */
247/*	char		ax_label[ax_label_len];	if, is_system_labeled */
248};
249struct adt_export_v1 {
250	int32_t		ax_euid;
251	int32_t		ax_ruid;
252	int32_t		ax_egid;
253	int32_t		ax_rgid;
254	int32_t		ax_auid;
255	uint32_t	ax_mask_success;
256	uint32_t	ax_mask_failure;
257	uint32_t	ax_port;
258	uint32_t	ax_type;
259	uint32_t	ax_addr[4];
260	uint32_t	ax_asid;
261	int		ax_audit_state;
262	uint32_t	ax_size_of_tsol_data;	/* zero for non-TSOL systems */
263};
264struct export_link {
265	int32_t		ax_version;
266	int32_t		ax_offset;
267};
268struct export_header {
269	uint32_t		ax_check;
270	int32_t			ax_buffer_length;
271	struct export_link	ax_link;
272};
273
274struct adt_export_data {
275	struct export_header	ax_header;
276
277	struct		adt_export_v2 ax_v2;
278	/*
279	 * end of version 2 data
280	 */
281	struct export_link	ax_next_v1;
282	struct		adt_export_v1 ax_v1;
283	/*
284	 * end of version 1 data
285	 * struct export_link	ax_next_A;
286	 * data for older version
287	 * struct adt_export_v0 ax_v0;
288	 */
289	struct export_link	ax_last; /* terminator */
290};
291
292/*
293 * struct entry defines rows in tables defined in adt_xlate.c
294 */
295
296struct entry {
297	char		en_token_id;	/* token id */
298	int		en_count_types;	/* # of input fields for this token */
299	datadef		*en_type_def;	/* field type and size of each input */
300	struct entry	*en_next_token;	/* linked list pointer */
301	size_t		en_offset;	/* offset into structure for input */
302	int		en_required;	/* if 1, always output a token */
303	int		en_tsol;	/* if 1, reserved if for TX */
304	char		*en_msg_format;	/* pointer to sprintf format string */
305};
306
307struct translation {
308	int		tx_offsetsCalculated;	/* eponymous */
309	au_event_t	tx_external_event;	/* event id, external view */
310	au_event_t	tx_internal_event;	/* event id, internal view */
311	int		tx_entries;		/* array size of entry array */
312	struct entry	*tx_first_entry;	/* start of linked list */
313	struct entry	*tx_top_entry;		/* first array element */
314};
315
316struct token_jmp {
317	long			jmp_id;
318	adt_token_func_t	jmp_to;
319};
320
321struct msg_text {
322	int	ml_min_index;
323	int	ml_max_index;
324	char	**ml_msg_list;
325	int	ml_offset;
326};
327
328extern struct msg_text adt_msg_text[];
329
330extern void adt_write_syslog(const char *, int);
331extern void adt_token_open(struct adt_event_state *);
332extern int adt_token_close(struct adt_event_state *);
333extern void adt_generate_token(struct entry *, void *,
334    struct adt_event_state *);
335extern void *adt_adjust_address(void *, size_t, size_t);
336
337#ifdef	__cplusplus
338}
339#endif
340
341#endif	/* _BSM_XLATE_H */
342