1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * File name: praudit.h
28 * praudit.c defines, globals
29 */
30
31 #ifndef _PRAUDIT_H
32 #define _PRAUDIT_H
33
34 #pragma ident "%Z%%M% %I% %E% SMI"
35
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39
40 /* DEFINES */
41
42 /*
43 * output value types
44 */
45 #define PRA_INT32 0
46 #define PRA_UINT32 1
47 #define PRA_INT64 2
48 #define PRA_UINT64 3
49 #define PRA_SHORT 4
50 #define PRA_USHORT 5
51 #define PRA_CHAR 6
52 #define PRA_UCHAR 7
53 #define PRA_STRING 8
54 #define PRA_HEX32 9
55 #define PRA_HEX64 10
56 #define PRA_SHEX 11
57 #define PRA_OCT 12
58 #define PRA_BYTE 13
59 #define PRA_OUTREC 14
60 #define PRA_LOCT 15
61
62 /*
63 * Formatting flags
64 */
65 #define PRF_DEFAULTM 0x0000 /* Default mode */
66 #define PRF_RAWM 0x0001 /* Raw mode */
67 #define PRF_SHORTM 0x0002 /* Short mode */
68 #define PRF_XMLM 0x0004 /* XML format */
69 #define PRF_ONELINE 0x0008 /* one-line output */
70 #define PRF_NOCACHE 0x0010 /* don't cache event names */
71
72 /*
73 * source of audit data (data_mode)
74 */
75 #define FILEMODE 1
76 #define PIPEMODE 2
77 #define BUFMODE 3
78
79 /*
80 * max. number of audit file names entered on command line
81 */
82 #define MAXFILENAMES 100
83
84 /*
85 * max. size of file name
86 */
87 #define MAXFILELEN MAXPATHLEN+MAXNAMLEN+1
88
89 /*
90 * used to store value to be output
91 */
92 typedef union u_tag {
93 int32_t int32_val;
94 uint32_t uint32_val;
95 int64_t int64_val;
96 uint64_t uint64_val;
97 short short_val;
98 ushort_t ushort_val;
99 char char_val;
100 char uchar_val;
101 char *string_val;
102 } u_tag_t;
103 typedef struct u_val {
104 int uvaltype;
105 u_tag_t tag;
106 } uval_t;
107 #define int32_val tag.int32_val
108 #define uint32_val tag.uint32_val
109 #define int64_val tag.int64_val
110 #define uint64_val tag.uint64_val
111 #define short_val tag.short_val
112 #define ushort_val tag.ushort_val
113 #define char_val tag.char_val
114 #define uchar_val tag.uchar_val
115 #define string_val tag.string_val
116
117
118 /*
119 * Strings and things for xml prolog & ending printing.
120 */
121 #define prolog1 "<?xml version='1.0' encoding='UTF-8' ?>\n"
122 #define prolog2 "\n<!DOCTYPE audit PUBLIC " \
123 "'-//Sun Microsystems, Inc.//DTD Audit V1//EN' " \
124 "'file:///usr/share/lib/xml/dtd/adt_record.dtd.1'>\n\n"
125 #define prolog_xsl "<?xml-stylesheet type='text/xsl' " \
126 "href='file:///usr/share/lib/xml/style/adt_record.xsl.1' ?>\n"
127
128 /* Special main element: */
129 #define xml_start "<audit>"
130 #define xml_ending "\n</audit>\n"
131
132 #define xml_prolog_len (sizeof (prolog1) + sizeof (prolog2) + \
133 sizeof (prolog_xsl) + sizeof (xml_start) + 1)
134 #define xml_end_len (sizeof (xml_ending) + 1)
135
136 /*
137 * used to save context for print_audit and related functions.
138 */
139
140 #define SEP_SIZE 4
141
142 struct pr_context {
143 int format;
144 int data_mode;
145 char SEPARATOR[SEP_SIZE]; /* field separator */
146 signed char tokenid; /* initial token ID */
147 adr_t *audit_adr; /* audit record */
148 adrf_t *audit_adrf; /* audit record, file mode */
149 int audit_rec_len;
150 char *audit_rec_start;
151
152 char *inbuf_start;
153 char *inbuf_last; /* ptr to byte after latest completed */
154 /* header or file token in the input */
155 int inbuf_totalsize;
156 char *outbuf_p;
157 char *outbuf_start;
158 char *outbuf_last; /* ptr to byte after latest completed */
159 /* header or file token in the output */
160 int outbuf_remain_len;
161
162 int pending_flag; /* open of extended tag not completed */
163 int current_rec; /* id of current record */
164 };
165 typedef struct pr_context pr_context_t;
166
167
168 extern void init_tokens(void);
169
170 extern int open_tag(pr_context_t *context, int);
171 extern int finish_open_tag(pr_context_t *context);
172 extern int check_close_rec(pr_context_t *context, int);
173 extern int close_tag(pr_context_t *context, int);
174 extern int process_tag(pr_context_t *context, int, int, int);
175
176 extern int is_file_token(int);
177 extern int is_header_token(int);
178 extern int is_token(int);
179 extern int do_newline(pr_context_t *context, int);
180
181 extern char *bu2string(char basic_unit);
182 extern int convert_char_to_string(char printmode, char c, char *p);
183 extern int convert_int32_to_string(char printmode, int32_t c, char *p);
184 extern int convert_int64_to_string(char printmode, int64_t c, char *p);
185 extern int convert_short_to_string(char printmode, short c, char *p);
186 extern int findfieldwidth(char basicunit, char howtoprint);
187 extern void get_Hname(uint32_t addr, char *buf, size_t buflen);
188 extern void get_Hname_ex(uint32_t *addr, char *buf, size_t buflen);
189 extern char *hexconvert(char *c, int size, int chunk);
190 extern char *htp2string(char print_sugg);
191 extern int pa_print(pr_context_t *context, uval_t *uval, int flag);
192 extern int pa_reclen(pr_context_t *context, int status);
193 extern int pa_file_string(pr_context_t *context, int status, int flag);
194 extern int pa_adr_int32(pr_context_t *context, int status, int flag);
195 extern int pa_adr_int64(pr_context_t *context, int status, int flag);
196 extern int pa_utime32(pr_context_t *context, int status, int flag);
197 extern int pa_ntime32(pr_context_t *context, int status, int flag);
198 extern int pa_utime64(pr_context_t *context, int status, int flag);
199 extern int pa_ntime64(pr_context_t *context, int status, int flag);
200 extern int pa_adr_string(pr_context_t *context, int status, int flag);
201 extern int pa_adr_u_int32(pr_context_t *context, int status, int flag);
202 extern int pa_adr_u_int64(pr_context_t *context, int status, int flag);
203 extern int pa_adr_byte(pr_context_t *context, int status, int flag);
204 extern int pa_event_type(pr_context_t *context, int status, int flag);
205 extern int pa_event_modifier(pr_context_t *context, int status, int flag);
206 extern int pa_adr_int32hex(pr_context_t *context, int status, int flag);
207 extern int pa_adr_int64hex(pr_context_t *context, int status, int flag);
208 extern int pa_pw_uid(pr_context_t *context, int status, int flag);
209 extern int pa_gr_uid(pr_context_t *context, int status, int flag);
210 extern int pa_pw_uid_gr_gid(pr_context_t *context, int status, int flag);
211 extern int pa_ace(pr_context_t *context, int status, int flag);
212 extern int pa_hostname(pr_context_t *context, int status, int flag);
213 extern int pa_hostname_ex(pr_context_t *context, int status, int flag);
214 extern int pa_hostname_so(pr_context_t *context, int status, int flag);
215 extern int pa_adr_u_short(pr_context_t *context, int status, int flag);
216 extern int pa_tid32(pr_context_t *context, int status, int flag);
217 extern int pa_tid64(pr_context_t *context, int status, int flag);
218 extern int pa_tid32_ex(pr_context_t *context, int status, int flag);
219 extern int pa_tid64_ex(pr_context_t *context, int status, int flag);
220 extern int pa_adr_charhex(pr_context_t *context, int status, int flag);
221 extern int pa_adr_short(pr_context_t *context, int status, int flag);
222 extern int pa_adr_shorthex(pr_context_t *context, int status, int flag);
223 extern int pa_mode(pr_context_t *context, int status, int flag);
224 extern int pa_cmd(pr_context_t *context, int status, int flag);
225 extern int pa_string(pr_context_t *context, int status, int flag);
226 extern int pa_liaison(pr_context_t *context, int status, int flag);
227 extern int pa_xgeneric(pr_context_t *context);
228 extern int pa_xid(pr_context_t *context, int status, int flag);
229 extern void pa_error(const uchar_t err, char *buf, size_t buflen);
230 extern void pa_retval(const uchar_t, const int32_t, char *, size_t);
231 extern int pa_ip_addr(pr_context_t *context, int status, int flag);
232 extern int pr_adr_char(pr_context_t *context, char *cp, int count);
233 extern int pr_adr_short(pr_context_t *context, short *sp, int count);
234 extern int pr_adr_int32(pr_context_t *context, int32_t *lp, int count);
235 extern int pr_adr_int64(pr_context_t *context, int64_t *lp, int count);
236 extern int pr_adr_u_int32(pr_context_t *context, uint32_t *cp, int count);
237 extern int pr_adr_u_char(pr_context_t *context, uchar_t *cp, int count);
238 extern int pr_adr_u_int64(pr_context_t *context, uint64_t *lp, int count);
239 extern int pr_adr_u_short(pr_context_t *context, ushort_t *sp, int count);
240 extern int pr_putchar(pr_context_t *context, char);
241 extern int pr_printf(pr_context_t *context, const char *format, ...);
242 extern int pr_input_remaining(pr_context_t *context, size_t size);
243
244 /*
245 * Functions that format audit data
246 */
247 extern int print_audit(const int, const char *);
248 extern int print_audit_buf(char **, int *, char **, int *, const int,
249 const char *);
250 extern void print_audit_xml_prolog(void);
251 extern void print_audit_xml_ending(void);
252 extern int print_audit_xml_prolog_buf(char *out_buf,
253 const int out_buf_len);
254 extern int print_audit_xml_ending_buf(char *out_buf,
255 const int out_buf_len);
256
257
258 #ifdef __cplusplus
259 }
260 #endif
261
262 #endif /* _PRAUDIT_H */