Print this page
NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/praudit/praudit.h
+++ new/usr/src/cmd/praudit/praudit.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 + *
25 + * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
24 26 */
25 27
26 28 /*
27 29 * File name: praudit.h
28 30 * praudit.c defines, globals
29 31 */
30 32
31 33 #ifndef _PRAUDIT_H
32 34 #define _PRAUDIT_H
33 35
34 -#pragma ident "%Z%%M% %I% %E% SMI"
35 -
36 36 #ifdef __cplusplus
37 37 extern "C" {
38 38 #endif
39 39
40 40 /* DEFINES */
41 41
42 42 /*
43 43 * output value types
44 44 */
45 45 #define PRA_INT32 0
46 46 #define PRA_UINT32 1
47 47 #define PRA_INT64 2
48 48 #define PRA_UINT64 3
49 49 #define PRA_SHORT 4
50 50 #define PRA_USHORT 5
51 51 #define PRA_CHAR 6
52 52 #define PRA_UCHAR 7
53 53 #define PRA_STRING 8
54 54 #define PRA_HEX32 9
55 55 #define PRA_HEX64 10
56 56 #define PRA_SHEX 11
57 57 #define PRA_OCT 12
58 58 #define PRA_BYTE 13
59 59 #define PRA_OUTREC 14
60 60 #define PRA_LOCT 15
61 61
62 62 /*
63 63 * Formatting flags
64 64 */
65 65 #define PRF_DEFAULTM 0x0000 /* Default mode */
66 66 #define PRF_RAWM 0x0001 /* Raw mode */
67 67 #define PRF_SHORTM 0x0002 /* Short mode */
68 68 #define PRF_XMLM 0x0004 /* XML format */
69 69 #define PRF_ONELINE 0x0008 /* one-line output */
70 70 #define PRF_NOCACHE 0x0010 /* don't cache event names */
71 71
72 72 /*
73 73 * source of audit data (data_mode)
74 74 */
75 75 #define FILEMODE 1
76 76 #define PIPEMODE 2
77 77 #define BUFMODE 3
78 78
79 79 /*
80 80 * max. number of audit file names entered on command line
81 81 */
82 82 #define MAXFILENAMES 100
83 83
84 84 /*
85 85 * max. size of file name
86 86 */
87 87 #define MAXFILELEN MAXPATHLEN+MAXNAMLEN+1
88 88
89 89 /*
90 90 * used to store value to be output
91 91 */
92 92 typedef union u_tag {
93 93 int32_t int32_val;
94 94 uint32_t uint32_val;
95 95 int64_t int64_val;
96 96 uint64_t uint64_val;
97 97 short short_val;
98 98 ushort_t ushort_val;
99 99 char char_val;
100 100 char uchar_val;
101 101 char *string_val;
102 102 } u_tag_t;
103 103 typedef struct u_val {
104 104 int uvaltype;
105 105 u_tag_t tag;
106 106 } uval_t;
107 107 #define int32_val tag.int32_val
108 108 #define uint32_val tag.uint32_val
109 109 #define int64_val tag.int64_val
110 110 #define uint64_val tag.uint64_val
111 111 #define short_val tag.short_val
112 112 #define ushort_val tag.ushort_val
113 113 #define char_val tag.char_val
114 114 #define uchar_val tag.uchar_val
115 115 #define string_val tag.string_val
116 116
117 117
118 118 /*
119 119 * Strings and things for xml prolog & ending printing.
120 120 */
121 121 #define prolog1 "<?xml version='1.0' encoding='UTF-8' ?>\n"
122 122 #define prolog2 "\n<!DOCTYPE audit PUBLIC " \
123 123 "'-//Sun Microsystems, Inc.//DTD Audit V1//EN' " \
124 124 "'file:///usr/share/lib/xml/dtd/adt_record.dtd.1'>\n\n"
125 125 #define prolog_xsl "<?xml-stylesheet type='text/xsl' " \
126 126 "href='file:///usr/share/lib/xml/style/adt_record.xsl.1' ?>\n"
127 127
128 128 /* Special main element: */
129 129 #define xml_start "<audit>"
130 130 #define xml_ending "\n</audit>\n"
131 131
132 132 #define xml_prolog_len (sizeof (prolog1) + sizeof (prolog2) + \
133 133 sizeof (prolog_xsl) + sizeof (xml_start) + 1)
134 134 #define xml_end_len (sizeof (xml_ending) + 1)
135 135
136 136 /*
137 137 * used to save context for print_audit and related functions.
138 138 */
139 139
140 140 #define SEP_SIZE 4
141 141
142 142 struct pr_context {
143 143 int format;
144 144 int data_mode;
145 145 char SEPARATOR[SEP_SIZE]; /* field separator */
146 146 signed char tokenid; /* initial token ID */
147 147 adr_t *audit_adr; /* audit record */
148 148 adrf_t *audit_adrf; /* audit record, file mode */
149 149 int audit_rec_len;
150 150 char *audit_rec_start;
151 151
152 152 char *inbuf_start;
153 153 char *inbuf_last; /* ptr to byte after latest completed */
154 154 /* header or file token in the input */
155 155 int inbuf_totalsize;
156 156 char *outbuf_p;
157 157 char *outbuf_start;
158 158 char *outbuf_last; /* ptr to byte after latest completed */
159 159 /* header or file token in the output */
160 160 int outbuf_remain_len;
161 161
162 162 int pending_flag; /* open of extended tag not completed */
163 163 int current_rec; /* id of current record */
164 164 };
165 165 typedef struct pr_context pr_context_t;
166 166
167 167
168 168 extern void init_tokens(void);
169 169
170 170 extern int open_tag(pr_context_t *context, int);
171 171 extern int finish_open_tag(pr_context_t *context);
172 172 extern int check_close_rec(pr_context_t *context, int);
173 173 extern int close_tag(pr_context_t *context, int);
174 174 extern int process_tag(pr_context_t *context, int, int, int);
175 175
176 176 extern int is_file_token(int);
177 177 extern int is_header_token(int);
178 178 extern int is_token(int);
179 179 extern int do_newline(pr_context_t *context, int);
180 180
181 181 extern char *bu2string(char basic_unit);
182 182 extern int convert_char_to_string(char printmode, char c, char *p);
183 183 extern int convert_int32_to_string(char printmode, int32_t c, char *p);
184 184 extern int convert_int64_to_string(char printmode, int64_t c, char *p);
185 185 extern int convert_short_to_string(char printmode, short c, char *p);
186 186 extern int findfieldwidth(char basicunit, char howtoprint);
187 187 extern void get_Hname(uint32_t addr, char *buf, size_t buflen);
188 188 extern void get_Hname_ex(uint32_t *addr, char *buf, size_t buflen);
189 189 extern char *hexconvert(char *c, int size, int chunk);
190 190 extern char *htp2string(char print_sugg);
191 191 extern int pa_print(pr_context_t *context, uval_t *uval, int flag);
192 192 extern int pa_reclen(pr_context_t *context, int status);
193 193 extern int pa_file_string(pr_context_t *context, int status, int flag);
194 194 extern int pa_adr_int32(pr_context_t *context, int status, int flag);
195 195 extern int pa_adr_int64(pr_context_t *context, int status, int flag);
196 196 extern int pa_utime32(pr_context_t *context, int status, int flag);
197 197 extern int pa_ntime32(pr_context_t *context, int status, int flag);
198 198 extern int pa_utime64(pr_context_t *context, int status, int flag);
199 199 extern int pa_ntime64(pr_context_t *context, int status, int flag);
200 200 extern int pa_adr_string(pr_context_t *context, int status, int flag);
201 201 extern int pa_adr_u_int32(pr_context_t *context, int status, int flag);
|
↓ open down ↓ |
156 lines elided |
↑ open up ↑ |
202 202 extern int pa_adr_u_int64(pr_context_t *context, int status, int flag);
203 203 extern int pa_adr_byte(pr_context_t *context, int status, int flag);
204 204 extern int pa_event_type(pr_context_t *context, int status, int flag);
205 205 extern int pa_event_modifier(pr_context_t *context, int status, int flag);
206 206 extern int pa_adr_int32hex(pr_context_t *context, int status, int flag);
207 207 extern int pa_adr_int64hex(pr_context_t *context, int status, int flag);
208 208 extern int pa_pw_uid(pr_context_t *context, int status, int flag);
209 209 extern int pa_gr_uid(pr_context_t *context, int status, int flag);
210 210 extern int pa_pw_uid_gr_gid(pr_context_t *context, int status, int flag);
211 211 extern int pa_ace(pr_context_t *context, int status, int flag);
212 +extern int pa_access_mask(pr_context_t *context, int status, int flag);
212 213 extern int pa_hostname(pr_context_t *context, int status, int flag);
213 214 extern int pa_hostname_ex(pr_context_t *context, int status, int flag);
214 215 extern int pa_hostname_so(pr_context_t *context, int status, int flag);
216 +extern int pa_wsid(pr_context_t *context, int status, int flag);
215 217 extern int pa_adr_u_short(pr_context_t *context, int status, int flag);
216 218 extern int pa_tid32(pr_context_t *context, int status, int flag);
217 219 extern int pa_tid64(pr_context_t *context, int status, int flag);
218 220 extern int pa_tid32_ex(pr_context_t *context, int status, int flag);
219 221 extern int pa_tid64_ex(pr_context_t *context, int status, int flag);
220 222 extern int pa_adr_charhex(pr_context_t *context, int status, int flag);
221 223 extern int pa_adr_short(pr_context_t *context, int status, int flag);
222 224 extern int pa_adr_shorthex(pr_context_t *context, int status, int flag);
223 225 extern int pa_mode(pr_context_t *context, int status, int flag);
224 226 extern int pa_cmd(pr_context_t *context, int status, int flag);
225 227 extern int pa_string(pr_context_t *context, int status, int flag);
226 228 extern int pa_liaison(pr_context_t *context, int status, int flag);
227 229 extern int pa_xgeneric(pr_context_t *context);
228 230 extern int pa_xid(pr_context_t *context, int status, int flag);
229 231 extern void pa_error(const uchar_t err, char *buf, size_t buflen);
230 232 extern void pa_retval(const uchar_t, const int32_t, char *, size_t);
231 233 extern int pa_ip_addr(pr_context_t *context, int status, int flag);
232 234 extern int pr_adr_char(pr_context_t *context, char *cp, int count);
233 235 extern int pr_adr_short(pr_context_t *context, short *sp, int count);
234 236 extern int pr_adr_int32(pr_context_t *context, int32_t *lp, int count);
235 237 extern int pr_adr_int64(pr_context_t *context, int64_t *lp, int count);
236 238 extern int pr_adr_u_int32(pr_context_t *context, uint32_t *cp, int count);
237 239 extern int pr_adr_u_char(pr_context_t *context, uchar_t *cp, int count);
238 240 extern int pr_adr_u_int64(pr_context_t *context, uint64_t *lp, int count);
239 241 extern int pr_adr_u_short(pr_context_t *context, ushort_t *sp, int count);
240 242 extern int pr_putchar(pr_context_t *context, char);
241 243 extern int pr_printf(pr_context_t *context, const char *format, ...);
242 244 extern int pr_input_remaining(pr_context_t *context, size_t size);
243 245
244 246 /*
245 247 * Functions that format audit data
246 248 */
247 249 extern int print_audit(const int, const char *);
248 250 extern int print_audit_buf(char **, int *, char **, int *, const int,
249 251 const char *);
250 252 extern void print_audit_xml_prolog(void);
251 253 extern void print_audit_xml_ending(void);
252 254 extern int print_audit_xml_prolog_buf(char *out_buf,
253 255 const int out_buf_len);
254 256 extern int print_audit_xml_ending_buf(char *out_buf,
255 257 const int out_buf_len);
256 258
257 259
258 260 #ifdef __cplusplus
259 261 }
260 262 #endif
261 263
262 264 #endif /* _PRAUDIT_H */
|
↓ open down ↓ |
38 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX