audit_scf.h revision 12918:32a41a5f8110
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25#ifndef _AUDIT_SCF_H 26#define _AUDIT_SCF_H 27 28#ifdef __cplusplus 29extern "C" { 30#endif 31 32/* 33 * auditd smf(5)/libscf(3LIB) interface - set and display audit parameters 34 */ 35 36#include <audit_plugin.h> 37#include <bsm/libbsm.h> 38#include <ctype.h> 39#include <libintl.h> 40#include <libscf_priv.h> 41#include <stdlib.h> 42#include <strings.h> 43#include <sys/varargs.h> 44#include <ucontext.h> 45#include <zone.h> 46 47/* gettext() obfuscation routine for lint */ 48#ifdef __lint 49#define gettext(x) x 50#endif 51 52#ifndef DEBUG 53#define DEBUG 0 54#endif 55 56#if DEBUG 57FILE *dbfp; /* debug file pointer */ 58#define DPRINT(x) { if (dbfp == NULL) dbfp = __auditd_debug_file_open(); \ 59 (void) fprintf x; (void) fflush(dbfp); } 60#else /* ! DEBUG */ 61#define DPRINT(x) 62#endif 63 64/* Audit subsystem service instances */ 65#define AUDITD_FMRI "svc:/system/auditd:default" 66#define AUDITSET_FMRI "svc:/system/auditset:default" 67 68/* (ASI) Audit service instance SCF handles - libscf(3LIB) */ 69struct asi_scfhandle { 70 scf_handle_t *hndl; /* base scf handle */ 71 scf_instance_t *inst; /* service instance handle */ 72 scf_propertygroup_t *pgrp; /* property group handle */ 73 scf_property_t *prop; /* property handle */ 74}; 75typedef struct asi_scfhandle asi_scfhandle_t; 76 77struct asi_scfhandle_iter { 78 scf_iter_t *pgrp; /* property group iter handle */ 79 scf_iter_t *prop; /* property iter handle */ 80 scf_value_t *prop_val; /* property value */ 81}; 82typedef struct asi_scfhandle_iter asi_scfhandle_iter_t; 83 84/* 85 * (ASI) Audit service instance (svc:/system/auditd:default) related 86 * configuration parameters. 87 */ 88#define ASI_PGROUP_POLICY "policy" 89struct policy_sw { 90 char *policy; 91 boolean_t flag; 92}; 93typedef struct policy_sw policy_sw_t; 94 95#define ASI_PGROUP_QUEUECTRL "queuectrl" 96#define QUEUECTRL_QBUFSZ "qbufsz" 97#define QUEUECTRL_QDELAY "qdelay" 98#define QUEUECTRL_QHIWATER "qhiwater" 99#define QUEUECTRL_QLOWATER "qlowater" 100struct scf_qctrl { 101 uint64_t scf_qhiwater; 102 uint64_t scf_qlowater; 103 uint64_t scf_qbufsz; 104 uint64_t scf_qdelay; 105}; 106typedef struct scf_qctrl scf_qctrl_t; 107 108#define ASI_PGROUP_PRESELECTION "preselection" 109#define PRESELECTION_FLAGS "flags" 110#define PRESELECTION_NAFLAGS "naflags" 111#define PRESELECTION_MAXBUF 256 /* max. length of na/flags */ 112 113/* auditd(1M) plugin related well known properties */ 114#define PLUGIN_ACTIVE "active" /* plugin state */ 115#define PLUGIN_PATH "path" /* plugin shared object */ 116#define PLUGIN_QSIZE "qsize" /* plugin queue size */ 117 118#define PLUGIN_MAX 256 /* max. amount of plugins */ 119#define PLUGIN_MAXBUF 256 /* max. length of plugin name */ 120#define PLUGIN_MAXATT 256 /* max. length of plugin attr */ 121#define PLUGIN_MAXKEY 256 /* max. length of plugin key */ 122#define PLUGIN_MAXVAL 256 /* max. length of plugin val */ 123struct scf_plugin_kva_node { 124 struct scf_plugin_kva_node *next; 125 struct scf_plugin_kva_node *prev; 126 char plugin_name[PLUGIN_MAXBUF]; 127 kva_t *plugin_kva; 128}; 129typedef struct scf_plugin_kva_node scf_plugin_kva_node_t; 130 131/* Boundary checking macros for the queuectrl parameters. */ 132#define AQ_MINLOW 1 133#define CHK_BDRY_QBUFSZ(x) !((x) < AQ_BUFSZ || (x) > AQ_MAXBUFSZ) 134#define CHK_BDRY_QDELAY(x) !((x) == 0 || (x) > AQ_MAXDELAY) 135#define CHK_BDRY_QLOWATER(low, high) !((low) < AQ_MINLOW || (low) >= (high)) 136#define CHK_BDRY_QHIWATER(low, high) !((high) <= (low) || \ 137 (high) < AQ_LOWATER || \ 138 (high) > AQ_MAXHIGH) 139 140/* 141 * MAX_PROPVECS maximum number of audit properties that will 142 * fit in the uint32_t audit policy mask. 143 */ 144#define MAX_PROPVECS 32 145 146boolean_t do_getflags_scf(char **); 147boolean_t do_getnaflags_scf(char **); 148boolean_t do_getpluginconfig_scf(char *, scf_plugin_kva_node_t **); 149boolean_t do_getpolicy_scf(uint32_t *); 150boolean_t do_getqbufsz_scf(size_t *); 151boolean_t do_getqctrl_scf(struct au_qctrl *); 152boolean_t do_getqdelay_scf(clock_t *); 153boolean_t do_getqhiwater_scf(size_t *); 154boolean_t do_getqlowater_scf(size_t *); 155boolean_t do_setflags_scf(char *); 156boolean_t do_setnaflags_scf(char *); 157boolean_t do_setpluginconfig_scf(char *, boolean_t, char *, int); 158boolean_t do_setpolicy_scf(uint32_t); 159boolean_t do_setqbufsz_scf(size_t *); 160boolean_t do_setqctrl_scf(struct au_qctrl *); 161boolean_t do_setqdelay_scf(clock_t *); 162boolean_t do_setqhiwater_scf(size_t *); 163boolean_t do_setqlowater_scf(size_t *); 164void free_static_att_kva(kva_t *); 165uint32_t get_policy(char *); 166boolean_t plugin_avail_scf(const char *); 167void plugin_kva_ll_free(scf_plugin_kva_node_t *); 168void prt_error_va(char *, va_list); 169 170#ifdef __cplusplus 171} 172#endif 173 174#endif /* _AUDIT_SCF_H */ 175