| /* |
| * CDDL HEADER START |
| * |
| * The contents of this file are subject to the terms of the |
| * Common Development and Distribution License (the "License"). |
| * You may not use this file except in compliance with the License. |
| * |
| * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
| * or http://www.opensolaris.org/os/licensing. |
| * See the License for the specific language governing permissions |
| * and limitations under the License. |
| * |
| * When distributing Covered Code, include this CDDL HEADER in each |
| * file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
| * If applicable, add the following below this CDDL HEADER, with the |
| * fields enclosed by brackets "[]" replaced with your own identifying |
| * information: Portions Copyright [yyyy] [name of copyright owner] |
| * |
| * CDDL HEADER END |
| */ |
| /* |
| * Copyright 2010 Sun Microsystems, Inc. All rights reserved. |
| * Use is subject to license terms. |
| */ |
| |
| #ifndef _AUDITRT_H |
| #define _AUDITRT_H |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| /* |
| * Auditreduce data structures. |
| */ |
| |
| /* |
| * File Control Block |
| * Controls a single file. |
| * These are held by the pcb's in audit_pcbs[] in a linked list. |
| * There is one fcb for each file controlled by the pcb, |
| * and all of the files in a list have the same suffix in their names. |
| */ |
| struct audit_fcb { |
| struct audit_fcb *fcb_next; /* ptr to next fcb in list */ |
| int fcb_flags; /* flags - see below */ |
| time_t fcb_start; /* start time from filename */ |
| time_t fcb_end; /* end time from filename */ |
| char *fcb_suffix; /* ptr to suffix in fcb_file */ |
| char *fcb_name; /* ptr to name in fcb_file */ |
| char fcb_file[1]; /* full path and name string */ |
| }; |
| |
| typedef struct audit_fcb audit_fcb_t; |
| |
| /* |
| * Flags for fcb_flags. |
| */ |
| #define FF_NOTTERM 0x01 /* file is "not_terminated" */ |
| #define FF_DELETE 0x02 /* we may delete this file if requested */ |
| |
| /* |
| * Process Control Block |
| * A pcb comes in two types: |
| * It controls either: |
| * |
| * 1. A single group of pcbs (processes that are lower on the process tree). |
| * These are the pcb's that the process tree is built from. |
| * These are allocated as needed while the process tree is being built. |
| * |
| * 2. A single group of files (fcbs). |
| * All of the files in one pcb have the same suffix in their filename. |
| * They are controlled by the leaf nodes of the process tree. |
| * They are found in audit_pcbs[]. |
| * They are initially setup by process_fileopt() when the files to be |
| * processes are gathered together. Then they are parsed out to |
| * the leaf nodes by mfork(). |
| * A particular leaf node's range of audit_pcbs[] is determined |
| * in the call to mfork() by the lo and hi paramters. |
| */ |
| struct audit_pcb { |
| struct audit_pcb *pcb_below; /* ptr to group of pcb's */ |
| struct audit_pcb *pcb_next; /* ptr to next - for list in mproc() */ |
| int pcb_procno; /* subprocess # */ |
| int pcb_nrecs; /* how many records read (current pcb/file) */ |
| int pcb_nprecs; /* how many records put (current pcb/file) */ |
| int pcb_flags; /* flags - see below */ |
| int pcb_count; /* count of active pcb's */ |
| int pcb_lo; /* low index for pcb's */ |
| int pcb_hi; /* hi index for pcb's */ |
| int pcb_size; /* size of current record buffer */ |
| time_t pcb_time; /* time of current record */ |
| time_t pcb_otime; /* time of previous record */ |
| char *pcb_rec; /* ptr to current record buffer */ |
| char *pcb_suffix; /* ptr to suffix name (string) */ |
| audit_fcb_t *pcb_first; /* ptr to first fcb_ */ |
| audit_fcb_t *pcb_last; /* ptr to last fcb_ */ |
| audit_fcb_t *pcb_cur; /* ptr to current fcb_ */ |
| audit_fcb_t *pcb_dfirst; /* ptr to first fcb_ for deleting */ |
| audit_fcb_t *pcb_dlast; /* ptr to last fcb_ for deleting */ |
| FILE *pcb_fpr; /* read stream */ |
| FILE *pcb_fpw; /* write stream */ |
| }; |
| |
| typedef struct audit_pcb audit_pcb_t; |
| |
| /* |
| * Flags for pcb_flags |
| */ |
| #define PF_ROOT 0x01 /* current pcb is the root of process tree */ |
| #define PF_LEAF 0x02 /* current pcb is a leaf of process tree */ |
| #define PF_USEFILE 0x04 /* current pcb uses files as input, not pipes */ |
| |
| /* |
| * Message selection options |
| */ |
| #define M_AFTER 0x0001 /* 'a' after a time */ |
| #define M_BEFORE 0x0002 /* 'b' before a time */ |
| #define M_CLASS 0x0004 /* 'c' event class */ |
| #define M_GROUPE 0x0008 /* 'f' effective group-id */ |
| #define M_GROUPR 0x0010 /* 'g' real group-id */ |
| #define M_OBJECT 0x0020 /* 'o' object */ |
| #define M_SUBJECT 0x0040 /* 'j' subject */ |
| #define M_TYPE 0x0080 /* 'm' event type */ |
| #define M_USERA 0x0100 /* 'u' audit user */ |
| #define M_USERE 0x0200 /* 'e' effective user */ |
| #define M_USERR 0x0400 /* 'r' real user */ |
| #define M_LABEL 0x0800 /* 'l' mandatory label range */ |
| #define M_ZONENAME 0x1000 /* 'z' zone name */ |
| #define M_SID 0x2000 /* 's' session ID */ |
| #define M_SORF 0x4000 /* success or failure of event */ |
| #define M_TID 0x8000 /* 't' terminal ID */ |
| /* |
| * object types |
| */ |
| |
| /* XXX Why is this a bit map? There can be only one M_OBJECT. */ |
| |
| #define OBJ_LP 0x00001 /* 'o' lp object */ |
| #define OBJ_MSG 0x00002 /* 'o' msgq object */ |
| #define OBJ_PATH 0x00004 /* 'o' file system object */ |
| #define OBJ_PROC 0x00008 /* 'o' process object */ |
| #define OBJ_SEM 0x00010 /* 'o' semaphore object */ |
| #define OBJ_SHM 0x00020 /* 'o' shared memory object */ |
| #define OBJ_SOCK 0x00040 /* 'o' socket object */ |
| #define OBJ_FGROUP 0x00080 /* 'o' file group */ |
| #define OBJ_FOWNER 0x00100 /* 'o' file owner */ |
| #define OBJ_MSGGROUP 0x00200 /* 'o' msgq [c]group */ |
| #define OBJ_MSGOWNER 0x00400 /* 'o' msgq [c]owner */ |
| #define OBJ_PGROUP 0x00800 /* 'o' process [e]group */ |
| #define OBJ_POWNER 0x01000 /* 'o' process [e]owner */ |
| #define OBJ_SEMGROUP 0x02000 /* 'o' semaphore [c]group */ |
| #define OBJ_SEMOWNER 0x04000 /* 'o' semaphore [c]owner */ |
| #define OBJ_SHMGROUP 0x08000 /* 'o' shared memory [c]group */ |
| #define OBJ_SHMOWNER 0x10000 /* 'o' shared memory [c]owner */ |
| #define OBJ_FMRI 0x20000 /* 'o' fmri object */ |
| #define OBJ_USER 0x40000 /* 'o' user object */ |
| |
| #define SOCKFLG_MACHINE 0 /* search socket token by machine name */ |
| #define SOCKFLG_PORT 1 /* search socket token by port number */ |
| |
| /* |
| * Global variables |
| */ |
| extern unsigned short m_type; /* 'm' message type */ |
| extern gid_t m_groupr; /* 'g' real group-id */ |
| extern gid_t m_groupe; /* 'f' effective group-id */ |
| extern uid_t m_usera; /* 'u' audit user */ |
| extern uid_t m_userr; /* 'r' real user */ |
| extern uid_t m_usere; /* 'f' effective user */ |
| extern au_asid_t m_sid; /* 's' session-id */ |
| extern time_t m_after; /* 'a' after a time */ |
| extern time_t m_before; /* 'b' before a time */ |
| extern audit_state_t mask; /* used with m_class */ |
| extern char *zonename; /* 'z' zonename */ |
| |
| extern m_range_t *m_label; /* 'l' mandatory label range */ |
| extern int flags; |
| extern int checkflags; |
| extern int socket_flag; |
| extern int ip_type; |
| extern uchar_t ip_ipv6[16]; /* ip ipv6 object identifier */ |
| extern int obj_flag; /* 'o' object type */ |
| extern int obj_id; /* object identifier */ |
| extern gid_t obj_group; /* object group */ |
| extern uid_t obj_owner; /* object owner */ |
| extern int subj_id; /* subject identifier */ |
| extern char ipc_type; /* 'o' object type - tell what type of IPC */ |
| extern scf_pattern_t fmri; /* 'o' fmri value */ |
| extern uid_t obj_user; /* 'o' user value */ |
| |
| /* |
| * File selection options |
| */ |
| extern char *f_machine; /* 'M' machine (suffix) type */ |
| extern char *f_root; /* 'R' audit root */ |
| extern char *f_server; /* 'S' server */ |
| extern char *f_outfile; /* 'W' output file */ |
| extern int f_all; /* 'A' all records from a file */ |
| extern int f_complete; /* 'C' only completed files */ |
| extern int f_delete; /* 'D' delete when done */ |
| extern int f_quiet; /* 'Q' sshhhh! */ |
| extern int f_verbose; /* 'V' verbose */ |
| extern int f_stdin; /* '-' read from stdin */ |
| extern int f_cmdline; /* files specified on the command line */ |
| extern int new_mode; /* 'N' new object selection mode */ |
| |
| /* |
| * Error reporting |
| * Error_str is set whenever an error occurs to point to a string describing |
| * the error. When the error message is printed error_str is also |
| * printed to describe exactly what went wrong. |
| * Errbuf is used to build messages with variables in them. |
| */ |
| extern char *error_str; /* current error message */ |
| extern char errbuf[]; /* buffer for building error message */ |
| extern char *ar; /* => "auditreduce:" */ |
| |
| /* |
| * Control blocks |
| * Audit_pcbs[] is an array of pcbs that control files directly. |
| * In the program's initialization phase it will gather all of the input |
| * files it needs to process. Each file will have one fcb allocated for it, |
| * and each fcb will belong to one pcb from audit_pcbs[]. All of the files |
| * in a single pcb will have the same suffix in their filenames. If the |
| * number of active pcbs in audit_pcbs[] is greater that the number of open |
| * files a single process can have then the program will need to fork |
| * subprocesses to handle all of the files. |
| */ |
| extern audit_pcb_t *audit_pcbs; /* file-holding pcb's */ |
| extern int pcbsize; /* current size of audit_pcbs[] */ |
| extern int pcbnum; /* total # of active pcbs in audit_pcbs[] */ |
| |
| /* |
| * Time values |
| */ |
| extern time_t f_start; /* time of start rec for outfile */ |
| extern time_t f_end; /* time of end rec for outfile */ |
| extern time_t time_now; /* time program began */ |
| |
| /* |
| * Counting vars |
| */ |
| extern int filenum; /* number of files total */ |
| |
| /* |
| * Global variable, class of current record being processed. |
| */ |
| extern int global_class; |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* _AUDITRT_H */ |