bsm_token.c revision 161630
1155131Srwatson/* 2155131Srwatson * Copyright (c) 2004 Apple Computer, Inc. 3155131Srwatson * Copyright (c) 2005 SPARTA, Inc. 4155131Srwatson * All rights reserved. 5155131Srwatson * 6155131Srwatson * This code was developed in part by Robert N. M. Watson, Senior Principal 7155131Srwatson * Scientist, SPARTA, Inc. 8155131Srwatson * 9155131Srwatson * Redistribution and use in source and binary forms, with or without 10155131Srwatson * modification, are permitted provided that the following conditions 11155131Srwatson * are met: 12155131Srwatson * 1. Redistributions of source code must retain the above copyright 13155131Srwatson * notice, this list of conditions and the following disclaimer. 14155131Srwatson * 2. Redistributions in binary form must reproduce the above copyright 15155131Srwatson * notice, this list of conditions and the following disclaimer in the 16155131Srwatson * documentation and/or other materials provided with the distribution. 17155131Srwatson * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of 18155131Srwatson * its contributors may be used to endorse or promote products derived 19155131Srwatson * from this software without specific prior written permission. 20155131Srwatson * 21155131Srwatson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 22155131Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23155131Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24155131Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 25155131Srwatson * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26155131Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27155131Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28155131Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 29155131Srwatson * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 30155131Srwatson * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31155131Srwatson * POSSIBILITY OF SUCH DAMAGE. 32155131Srwatson * 33161630Srwatson * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#51 $ 34155131Srwatson */ 35155131Srwatson 36155131Srwatson#include <sys/types.h> 37156283Srwatson 38156283Srwatson#include <config/config.h> 39156283Srwatson#ifdef HAVE_SYS_ENDIAN_H 40156283Srwatson#include <sys/endian.h> 41156283Srwatson#else /* !HAVE_SYS_ENDIAN_H */ 42156283Srwatson#ifdef HAVE_MACHINE_ENDIAN_H 43156283Srwatson#include <machine/endian.h> 44156283Srwatson#else /* !HAVE_MACHINE_ENDIAN_H */ 45156283Srwatson#ifdef HAVE_ENDIAN_H 46156283Srwatson#include <endian.h> 47156283Srwatson#else /* !HAVE_ENDIAN_H */ 48156283Srwatson#error "No supported endian.h" 49156283Srwatson#endif /* !HAVE_ENDIAN_H */ 50156283Srwatson#endif /* !HAVE_MACHINE_ENDIAN_H */ 51155131Srwatson#include <compat/endian.h> 52156283Srwatson#endif /* !HAVE_SYS_ENDIAN_H */ 53156283Srwatson#ifdef HAVE_FULL_QUEUE_H 54156283Srwatson#include <sys/queue.h> 55156283Srwatson#else /* !HAVE_FULL_QUEUE_H */ 56156283Srwatson#include <compat/queue.h> 57156283Srwatson#endif /* !HAVE_FULL_QUEUE_H */ 58156283Srwatson 59155131Srwatson#include <sys/socket.h> 60155131Srwatson#include <sys/time.h> 61155131Srwatson#include <sys/un.h> 62155131Srwatson 63155131Srwatson#include <sys/ipc.h> 64155131Srwatson 65155131Srwatson#include <netinet/in.h> 66155131Srwatson#include <netinet/in_systm.h> 67155131Srwatson#include <netinet/ip.h> 68155131Srwatson 69155131Srwatson#include <assert.h> 70155131Srwatson#include <errno.h> 71155131Srwatson#include <string.h> 72155131Srwatson#include <stdlib.h> 73155131Srwatson#include <unistd.h> 74155131Srwatson#include <sys/socketvar.h> 75155131Srwatson 76155131Srwatson#include <bsm/audit_internal.h> 77155131Srwatson#include <bsm/libbsm.h> 78155131Srwatson 79155131Srwatson#define GET_TOKEN_AREA(t, dptr, length) do { \ 80155131Srwatson (t) = malloc(sizeof(token_t)); \ 81155131Srwatson if ((t) != NULL) { \ 82155131Srwatson (t)->len = (length); \ 83155131Srwatson (dptr) = (t->t_data) = malloc((length) * sizeof(u_char)); \ 84155131Srwatson if ((dptr) == NULL) { \ 85155131Srwatson free(t); \ 86155131Srwatson (t) = NULL; \ 87155131Srwatson } else \ 88155131Srwatson memset((dptr), 0, (length)); \ 89155131Srwatson } else \ 90155131Srwatson (dptr) = NULL; \ 91155131Srwatson assert(t == NULL || dptr != NULL); \ 92155131Srwatson} while (0) 93155131Srwatson 94155131Srwatson/* 95155131Srwatson * token ID 1 byte 96155131Srwatson * argument # 1 byte 97155131Srwatson * argument value 4 bytes/8 bytes (32-bit/64-bit value) 98155131Srwatson * text length 2 bytes 99155131Srwatson * text N bytes + 1 terminating NULL byte 100155131Srwatson */ 101155131Srwatsontoken_t * 102155131Srwatsonau_to_arg32(char n, char *text, u_int32_t v) 103155131Srwatson{ 104155131Srwatson token_t *t; 105155131Srwatson u_char *dptr = NULL; 106155131Srwatson u_int16_t textlen; 107155131Srwatson 108155131Srwatson textlen = strlen(text); 109155131Srwatson textlen += 1; 110155131Srwatson 111155131Srwatson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t) + 112155131Srwatson sizeof(u_int16_t) + textlen); 113155131Srwatson if (t == NULL) 114155131Srwatson return (NULL); 115155131Srwatson 116155131Srwatson ADD_U_CHAR(dptr, AUT_ARG32); 117155131Srwatson ADD_U_CHAR(dptr, n); 118155131Srwatson ADD_U_INT32(dptr, v); 119155131Srwatson ADD_U_INT16(dptr, textlen); 120155131Srwatson ADD_STRING(dptr, text, textlen); 121155131Srwatson 122155131Srwatson return (t); 123155131Srwatson 124155131Srwatson} 125155131Srwatson 126155131Srwatsontoken_t * 127155131Srwatsonau_to_arg64(char n, char *text, u_int64_t v) 128155131Srwatson{ 129155131Srwatson token_t *t; 130155131Srwatson u_char *dptr = NULL; 131155131Srwatson u_int16_t textlen; 132155131Srwatson 133155131Srwatson textlen = strlen(text); 134155131Srwatson textlen += 1; 135155131Srwatson 136155131Srwatson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t) + 137155131Srwatson sizeof(u_int16_t) + textlen); 138155131Srwatson if (t == NULL) 139155131Srwatson return (NULL); 140155131Srwatson 141155131Srwatson ADD_U_CHAR(dptr, AUT_ARG64); 142155131Srwatson ADD_U_CHAR(dptr, n); 143155131Srwatson ADD_U_INT64(dptr, v); 144155131Srwatson ADD_U_INT16(dptr, textlen); 145155131Srwatson ADD_STRING(dptr, text, textlen); 146155131Srwatson 147155131Srwatson return (t); 148155131Srwatson 149155131Srwatson} 150155131Srwatson 151155131Srwatsontoken_t * 152155131Srwatsonau_to_arg(char n, char *text, u_int32_t v) 153155131Srwatson{ 154155131Srwatson 155155131Srwatson return (au_to_arg32(n, text, v)); 156155131Srwatson} 157155131Srwatson 158155131Srwatson#if defined(_KERNEL) || defined(KERNEL) 159155131Srwatson/* 160155131Srwatson * token ID 1 byte 161155131Srwatson * file access mode 4 bytes 162155131Srwatson * owner user ID 4 bytes 163155131Srwatson * owner group ID 4 bytes 164155131Srwatson * file system ID 4 bytes 165155131Srwatson * node ID 8 bytes 166155131Srwatson * device 4 bytes/8 bytes (32-bit/64-bit) 167155131Srwatson */ 168155131Srwatsontoken_t * 169155131Srwatsonau_to_attr32(struct vnode_au_info *vni) 170155131Srwatson{ 171155131Srwatson token_t *t; 172155131Srwatson u_char *dptr = NULL; 173155131Srwatson u_int16_t pad0_16 = 0; 174155131Srwatson u_int16_t pad0_32 = 0; 175155131Srwatson 176155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 177155131Srwatson 3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); 178155131Srwatson if (t == NULL) 179155131Srwatson return (NULL); 180155131Srwatson 181155131Srwatson ADD_U_CHAR(dptr, AUT_ATTR32); 182155131Srwatson 183155131Srwatson /* 184155131Srwatson * Darwin defines the size for the file mode 185155131Srwatson * as 2 bytes; BSM defines 4 so pad with 0 186155131Srwatson */ 187155131Srwatson ADD_U_INT16(dptr, pad0_16); 188155131Srwatson ADD_U_INT16(dptr, vni->vn_mode); 189155131Srwatson 190155131Srwatson ADD_U_INT32(dptr, vni->vn_uid); 191155131Srwatson ADD_U_INT32(dptr, vni->vn_gid); 192155131Srwatson ADD_U_INT32(dptr, vni->vn_fsid); 193155131Srwatson 194155131Srwatson /* 195155131Srwatson * Some systems use 32-bit file ID's, other's use 64-bit file IDs. 196155131Srwatson * Attempt to handle both, and let the compiler sort it out. If we 197155131Srwatson * could pick this out at compile-time, it would be better, so as to 198155131Srwatson * avoid the else case below. 199155131Srwatson */ 200155131Srwatson if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { 201155131Srwatson ADD_U_INT32(dptr, pad0_32); 202155131Srwatson ADD_U_INT32(dptr, vni->vn_fileid); 203155131Srwatson } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) 204155131Srwatson ADD_U_INT64(dptr, vni->vn_fileid); 205155131Srwatson else 206155131Srwatson ADD_U_INT64(dptr, 0LL); 207155131Srwatson 208155131Srwatson ADD_U_INT32(dptr, vni->vn_dev); 209155131Srwatson 210155131Srwatson return (t); 211155131Srwatson} 212155131Srwatson 213155131Srwatsontoken_t * 214155131Srwatsonau_to_attr64(struct vnode_au_info *vni) 215155131Srwatson{ 216155131Srwatson 217155131Srwatson errno = ENOTSUP; 218155131Srwatson return (NULL); 219155131Srwatson} 220155131Srwatson 221155131Srwatsontoken_t * 222155131Srwatsonau_to_attr(struct vnode_au_info *vni) 223155131Srwatson{ 224155131Srwatson 225155131Srwatson return (au_to_attr32(vni)); 226155131Srwatson} 227155131Srwatson#endif /* !(defined(_KERNEL) || defined(KERNEL) */ 228155131Srwatson 229155131Srwatson/* 230155131Srwatson * token ID 1 byte 231155131Srwatson * how to print 1 byte 232155131Srwatson * basic unit 1 byte 233155131Srwatson * unit count 1 byte 234155131Srwatson * data items (depends on basic unit) 235155131Srwatson */ 236155131Srwatsontoken_t * 237155131Srwatsonau_to_data(char unit_print, char unit_type, char unit_count, char *p) 238155131Srwatson{ 239155131Srwatson token_t *t; 240155131Srwatson u_char *dptr = NULL; 241155131Srwatson size_t datasize, totdata; 242155131Srwatson 243155131Srwatson /* Determine the size of the basic unit. */ 244155131Srwatson switch (unit_type) { 245155131Srwatson case AUR_BYTE: 246159248Srwatson /* case AUR_CHAR: */ 247155131Srwatson datasize = AUR_BYTE_SIZE; 248155131Srwatson break; 249155131Srwatson 250155131Srwatson case AUR_SHORT: 251155131Srwatson datasize = AUR_SHORT_SIZE; 252155131Srwatson break; 253155131Srwatson 254159248Srwatson case AUR_INT32: 255159248Srwatson /* case AUR_INT: */ 256159248Srwatson datasize = AUR_INT32_SIZE; 257155131Srwatson break; 258155131Srwatson 259159248Srwatson case AUR_INT64: 260159248Srwatson datasize = AUR_INT64_SIZE; 261159248Srwatson break; 262159248Srwatson 263155131Srwatson default: 264155131Srwatson errno = EINVAL; 265155131Srwatson return (NULL); 266155131Srwatson } 267155131Srwatson 268155131Srwatson totdata = datasize * unit_count; 269155131Srwatson 270159248Srwatson GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); 271155131Srwatson if (t == NULL) 272155131Srwatson return (NULL); 273155131Srwatson 274155131Srwatson ADD_U_CHAR(dptr, AUT_DATA); 275155131Srwatson ADD_U_CHAR(dptr, unit_print); 276155131Srwatson ADD_U_CHAR(dptr, unit_type); 277155131Srwatson ADD_U_CHAR(dptr, unit_count); 278155131Srwatson ADD_MEM(dptr, p, totdata); 279155131Srwatson 280155131Srwatson return (t); 281155131Srwatson} 282155131Srwatson 283155131Srwatson 284155131Srwatson/* 285155131Srwatson * token ID 1 byte 286155131Srwatson * status 4 bytes 287155131Srwatson * return value 4 bytes 288155131Srwatson */ 289155131Srwatsontoken_t * 290155131Srwatsonau_to_exit(int retval, int err) 291155131Srwatson{ 292155131Srwatson token_t *t; 293155131Srwatson u_char *dptr = NULL; 294155131Srwatson 295155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t)); 296155131Srwatson if (t == NULL) 297155131Srwatson return (NULL); 298155131Srwatson 299155131Srwatson ADD_U_CHAR(dptr, AUT_EXIT); 300155131Srwatson ADD_U_INT32(dptr, err); 301155131Srwatson ADD_U_INT32(dptr, retval); 302155131Srwatson 303155131Srwatson return (t); 304155131Srwatson} 305155131Srwatson 306155131Srwatson/* 307155131Srwatson */ 308155131Srwatsontoken_t * 309155131Srwatsonau_to_groups(int *groups) 310155131Srwatson{ 311155131Srwatson 312161630Srwatson return (au_to_newgroups(AUDIT_MAX_GROUPS, groups)); 313155131Srwatson} 314155131Srwatson 315155131Srwatson/* 316155131Srwatson * token ID 1 byte 317155131Srwatson * number groups 2 bytes 318155131Srwatson * group list count * 4 bytes 319155131Srwatson */ 320155131Srwatsontoken_t * 321155131Srwatsonau_to_newgroups(u_int16_t n, gid_t *groups) 322155131Srwatson{ 323155131Srwatson token_t *t; 324155131Srwatson u_char *dptr = NULL; 325155131Srwatson int i; 326155131Srwatson 327155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 328155131Srwatson n * sizeof(u_int32_t)); 329155131Srwatson if (t == NULL) 330155131Srwatson return (NULL); 331155131Srwatson 332155131Srwatson ADD_U_CHAR(dptr, AUT_NEWGROUPS); 333155131Srwatson ADD_U_INT16(dptr, n); 334155131Srwatson for (i = 0; i < n; i++) 335155131Srwatson ADD_U_INT32(dptr, groups[i]); 336155131Srwatson 337155131Srwatson return (t); 338155131Srwatson} 339155131Srwatson 340155131Srwatson/* 341155131Srwatson * token ID 1 byte 342155131Srwatson * internet address 4 bytes 343155131Srwatson */ 344155131Srwatsontoken_t * 345155131Srwatsonau_to_in_addr(struct in_addr *internet_addr) 346155131Srwatson{ 347155131Srwatson token_t *t; 348155131Srwatson u_char *dptr = NULL; 349155131Srwatson 350159248Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); 351155131Srwatson if (t == NULL) 352155131Srwatson return (NULL); 353155131Srwatson 354155131Srwatson ADD_U_CHAR(dptr, AUT_IN_ADDR); 355159248Srwatson ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); 356155131Srwatson 357155131Srwatson return (t); 358155131Srwatson} 359155131Srwatson 360155131Srwatson/* 361155131Srwatson * token ID 1 byte 362155131Srwatson * address type/length 4 bytes 363155131Srwatson * Address 16 bytes 364155131Srwatson */ 365155131Srwatsontoken_t * 366155131Srwatsonau_to_in_addr_ex(struct in6_addr *internet_addr) 367155131Srwatson{ 368155131Srwatson token_t *t; 369155131Srwatson u_char *dptr = NULL; 370155131Srwatson u_int32_t type = AF_INET6; 371155131Srwatson 372159248Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); 373155131Srwatson if (t == NULL) 374155131Srwatson return (NULL); 375155131Srwatson 376155131Srwatson ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); 377155131Srwatson ADD_U_INT32(dptr, type); 378159248Srwatson ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t)); 379155131Srwatson 380155131Srwatson return (t); 381155131Srwatson} 382155131Srwatson 383155131Srwatson/* 384155131Srwatson * token ID 1 byte 385155131Srwatson * ip header 20 bytes 386155131Srwatson */ 387155131Srwatsontoken_t * 388155131Srwatsonau_to_ip(struct ip *ip) 389155131Srwatson{ 390155131Srwatson token_t *t; 391155131Srwatson u_char *dptr = NULL; 392155131Srwatson 393155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip)); 394155131Srwatson if (t == NULL) 395155131Srwatson return (NULL); 396155131Srwatson 397155131Srwatson ADD_U_CHAR(dptr, AUT_IP); 398155131Srwatson /* 399155131Srwatson * XXXRW: Any byte order work needed on the IP header before writing? 400155131Srwatson */ 401155131Srwatson ADD_MEM(dptr, ip, sizeof(struct ip)); 402155131Srwatson 403155131Srwatson return (t); 404155131Srwatson} 405155131Srwatson 406155131Srwatson/* 407155131Srwatson * token ID 1 byte 408155131Srwatson * object ID type 1 byte 409155131Srwatson * object ID 4 bytes 410155131Srwatson */ 411155131Srwatsontoken_t * 412155131Srwatsonau_to_ipc(char type, int id) 413155131Srwatson{ 414155131Srwatson token_t *t; 415155131Srwatson u_char *dptr = NULL; 416155131Srwatson 417155131Srwatson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); 418155131Srwatson if (t == NULL) 419155131Srwatson return (NULL); 420155131Srwatson 421155131Srwatson ADD_U_CHAR(dptr, AUT_IPC); 422155131Srwatson ADD_U_CHAR(dptr, type); 423155131Srwatson ADD_U_INT32(dptr, id); 424155131Srwatson 425155131Srwatson return (t); 426155131Srwatson} 427155131Srwatson 428155131Srwatson/* 429155131Srwatson * token ID 1 byte 430155131Srwatson * owner user ID 4 bytes 431155131Srwatson * owner group ID 4 bytes 432155131Srwatson * creator user ID 4 bytes 433155131Srwatson * creator group ID 4 bytes 434155131Srwatson * access mode 4 bytes 435155131Srwatson * slot sequence # 4 bytes 436155131Srwatson * key 4 bytes 437155131Srwatson */ 438155131Srwatsontoken_t * 439155131Srwatsonau_to_ipc_perm(struct ipc_perm *perm) 440155131Srwatson{ 441155131Srwatson token_t *t; 442155131Srwatson u_char *dptr = NULL; 443155131Srwatson u_int16_t pad0 = 0; 444155131Srwatson 445155131Srwatson GET_TOKEN_AREA(t, dptr, 12 * sizeof(u_int16_t) + sizeof(u_int32_t)); 446155131Srwatson if (t == NULL) 447155131Srwatson return (NULL); 448155131Srwatson 449155131Srwatson ADD_U_CHAR(dptr, AUT_IPC_PERM); 450155131Srwatson 451155131Srwatson /* 452155131Srwatson * Darwin defines the sizes for ipc_perm members 453155131Srwatson * as 2 bytes; BSM defines 4 so pad with 0 454155131Srwatson */ 455155131Srwatson ADD_U_INT16(dptr, pad0); 456155131Srwatson ADD_U_INT16(dptr, perm->uid); 457155131Srwatson 458155131Srwatson ADD_U_INT16(dptr, pad0); 459155131Srwatson ADD_U_INT16(dptr, perm->gid); 460155131Srwatson 461155131Srwatson ADD_U_INT16(dptr, pad0); 462155131Srwatson ADD_U_INT16(dptr, perm->cuid); 463155131Srwatson 464155131Srwatson ADD_U_INT16(dptr, pad0); 465155131Srwatson ADD_U_INT16(dptr, perm->cgid); 466155131Srwatson 467155131Srwatson ADD_U_INT16(dptr, pad0); 468155131Srwatson ADD_U_INT16(dptr, perm->mode); 469155131Srwatson 470155131Srwatson ADD_U_INT16(dptr, pad0); 471156283Srwatson 472156283Srwatson#ifdef HAVE_IPC_PERM___SEQ 473156283Srwatson ADD_U_INT16(dptr, perm->__seq); 474156283Srwatson#else 475155131Srwatson ADD_U_INT16(dptr, perm->seq); 476156283Srwatson#endif 477155131Srwatson 478156283Srwatson#ifdef HAVE_IPC_PERM___KEY 479156283Srwatson ADD_U_INT32(dptr, perm->__key); 480156283Srwatson#else 481155131Srwatson ADD_U_INT32(dptr, perm->key); 482156283Srwatson#endif 483155131Srwatson 484155131Srwatson return (t); 485155131Srwatson} 486155131Srwatson 487155131Srwatson/* 488155131Srwatson * token ID 1 byte 489155131Srwatson * port IP address 2 bytes 490155131Srwatson */ 491155131Srwatsontoken_t * 492155131Srwatsonau_to_iport(u_int16_t iport) 493155131Srwatson{ 494155131Srwatson token_t *t; 495155131Srwatson u_char *dptr = NULL; 496155131Srwatson 497155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t)); 498155131Srwatson if (t == NULL) 499155131Srwatson return (NULL); 500155131Srwatson 501155131Srwatson ADD_U_CHAR(dptr, AUT_IPORT); 502155131Srwatson ADD_U_INT16(dptr, iport); 503155131Srwatson 504155131Srwatson return (t); 505155131Srwatson} 506155131Srwatson 507155131Srwatson/* 508155131Srwatson * token ID 1 byte 509155131Srwatson * size 2 bytes 510155131Srwatson * data size bytes 511155131Srwatson */ 512155131Srwatsontoken_t * 513155131Srwatsonau_to_opaque(char *data, u_int16_t bytes) 514155131Srwatson{ 515155131Srwatson token_t *t; 516155131Srwatson u_char *dptr = NULL; 517155131Srwatson 518155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + bytes); 519155131Srwatson if (t == NULL) 520155131Srwatson return (NULL); 521155131Srwatson 522155131Srwatson ADD_U_CHAR(dptr, AUT_OPAQUE); 523155131Srwatson ADD_U_INT16(dptr, bytes); 524155131Srwatson ADD_MEM(dptr, data, bytes); 525155131Srwatson 526155131Srwatson return (t); 527155131Srwatson} 528155131Srwatson 529155131Srwatson/* 530155131Srwatson * token ID 1 byte 531155131Srwatson * seconds of time 4 bytes 532155131Srwatson * milliseconds of time 4 bytes 533155131Srwatson * file name len 2 bytes 534155131Srwatson * file pathname N bytes + 1 terminating NULL byte 535155131Srwatson */ 536155131Srwatsontoken_t * 537155131Srwatsonau_to_file(char *file, struct timeval tm) 538155131Srwatson{ 539155131Srwatson token_t *t; 540155131Srwatson u_char *dptr = NULL; 541155131Srwatson u_int16_t filelen; 542155131Srwatson u_int32_t timems; 543155131Srwatson 544155131Srwatson filelen = strlen(file); 545155131Srwatson filelen += 1; 546155131Srwatson 547155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t) + 548155131Srwatson sizeof(u_int16_t) + filelen); 549155131Srwatson if (t == NULL) 550155131Srwatson return (NULL); 551155131Srwatson 552155131Srwatson timems = tm.tv_usec/1000; 553155131Srwatson 554155131Srwatson ADD_U_CHAR(dptr, AUT_OTHER_FILE32); 555155131Srwatson ADD_U_INT32(dptr, tm.tv_sec); 556155131Srwatson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 557155131Srwatson ADD_U_INT16(dptr, filelen); 558155131Srwatson ADD_STRING(dptr, file, filelen); 559155131Srwatson 560155131Srwatson return (t); 561155131Srwatson} 562155131Srwatson 563155131Srwatson/* 564155131Srwatson * token ID 1 byte 565155131Srwatson * text length 2 bytes 566155131Srwatson * text N bytes + 1 terminating NULL byte 567155131Srwatson */ 568155131Srwatsontoken_t * 569155131Srwatsonau_to_text(char *text) 570155131Srwatson{ 571155131Srwatson token_t *t; 572155131Srwatson u_char *dptr = NULL; 573155131Srwatson u_int16_t textlen; 574155131Srwatson 575155131Srwatson textlen = strlen(text); 576155131Srwatson textlen += 1; 577155131Srwatson 578155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 579155131Srwatson if (t == NULL) 580155131Srwatson return (NULL); 581155131Srwatson 582155131Srwatson ADD_U_CHAR(dptr, AUT_TEXT); 583155131Srwatson ADD_U_INT16(dptr, textlen); 584155131Srwatson ADD_STRING(dptr, text, textlen); 585155131Srwatson 586155131Srwatson return (t); 587155131Srwatson} 588155131Srwatson 589155131Srwatson/* 590155131Srwatson * token ID 1 byte 591155131Srwatson * path length 2 bytes 592155131Srwatson * path N bytes + 1 terminating NULL byte 593155131Srwatson */ 594155131Srwatsontoken_t * 595155131Srwatsonau_to_path(char *text) 596155131Srwatson{ 597155131Srwatson token_t *t; 598155131Srwatson u_char *dptr = NULL; 599155131Srwatson u_int16_t textlen; 600155131Srwatson 601155131Srwatson textlen = strlen(text); 602155131Srwatson textlen += 1; 603155131Srwatson 604155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 605155131Srwatson if (t == NULL) 606155131Srwatson return (NULL); 607155131Srwatson 608155131Srwatson ADD_U_CHAR(dptr, AUT_PATH); 609155131Srwatson ADD_U_INT16(dptr, textlen); 610155131Srwatson ADD_STRING(dptr, text, textlen); 611155131Srwatson 612155131Srwatson return (t); 613155131Srwatson} 614155131Srwatson 615155131Srwatson/* 616155131Srwatson * token ID 1 byte 617155131Srwatson * audit ID 4 bytes 618155131Srwatson * effective user ID 4 bytes 619155131Srwatson * effective group ID 4 bytes 620155131Srwatson * real user ID 4 bytes 621155131Srwatson * real group ID 4 bytes 622155131Srwatson * process ID 4 bytes 623155131Srwatson * session ID 4 bytes 624155131Srwatson * terminal ID 625155131Srwatson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 626155131Srwatson * machine address 4 bytes 627155131Srwatson */ 628155131Srwatsontoken_t * 629155131Srwatsonau_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 630155131Srwatson pid_t pid, au_asid_t sid, au_tid_t *tid) 631155131Srwatson{ 632155131Srwatson token_t *t; 633155131Srwatson u_char *dptr = NULL; 634155131Srwatson 635155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); 636155131Srwatson if (t == NULL) 637155131Srwatson return (NULL); 638155131Srwatson 639155131Srwatson ADD_U_CHAR(dptr, AUT_PROCESS32); 640155131Srwatson ADD_U_INT32(dptr, auid); 641155131Srwatson ADD_U_INT32(dptr, euid); 642155131Srwatson ADD_U_INT32(dptr, egid); 643155131Srwatson ADD_U_INT32(dptr, ruid); 644155131Srwatson ADD_U_INT32(dptr, rgid); 645155131Srwatson ADD_U_INT32(dptr, pid); 646155131Srwatson ADD_U_INT32(dptr, sid); 647155131Srwatson ADD_U_INT32(dptr, tid->port); 648159248Srwatson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 649155131Srwatson 650155131Srwatson return (t); 651155131Srwatson} 652155131Srwatson 653155131Srwatsontoken_t * 654155131Srwatsonau_to_process64(__unused au_id_t auid, __unused uid_t euid, 655155131Srwatson __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid, 656155131Srwatson __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid) 657155131Srwatson{ 658155131Srwatson 659155131Srwatson errno = ENOTSUP; 660155131Srwatson return (NULL); 661155131Srwatson} 662155131Srwatson 663155131Srwatsontoken_t * 664155131Srwatsonau_to_process(__unused au_id_t auid, __unused uid_t euid, 665155131Srwatson __unused gid_t egid, __unused uid_t ruid, __unused gid_t rgid, 666155131Srwatson __unused pid_t pid, __unused au_asid_t sid, __unused au_tid_t *tid) 667155131Srwatson{ 668155131Srwatson 669155131Srwatson return (au_to_process32(auid, euid, egid, ruid, rgid, pid, sid, 670155131Srwatson tid)); 671155131Srwatson} 672155131Srwatson 673155131Srwatson/* 674155131Srwatson * token ID 1 byte 675155131Srwatson * audit ID 4 bytes 676155131Srwatson * effective user ID 4 bytes 677155131Srwatson * effective group ID 4 bytes 678155131Srwatson * real user ID 4 bytes 679155131Srwatson * real group ID 4 bytes 680155131Srwatson * process ID 4 bytes 681155131Srwatson * session ID 4 bytes 682155131Srwatson * terminal ID 683155131Srwatson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 684155131Srwatson * address type-len 4 bytes 685155131Srwatson * machine address 16 bytes 686155131Srwatson */ 687155131Srwatsontoken_t * 688155131Srwatsonau_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 689155131Srwatson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 690155131Srwatson{ 691155131Srwatson token_t *t; 692155131Srwatson u_char *dptr = NULL; 693155131Srwatson 694159985Srwatson if (tid->at_type == AU_IPv4) 695159985Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 696159985Srwatson 10 * sizeof(u_int32_t)); 697159985Srwatson else if (tid->at_type == AU_IPv6) 698159985Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 699159985Srwatson 13 * sizeof(u_int32_t)); 700159985Srwatson else { 701159985Srwatson errno = EINVAL; 702159985Srwatson return (NULL); 703159985Srwatson } 704155131Srwatson if (t == NULL) 705155131Srwatson return (NULL); 706155131Srwatson 707155131Srwatson ADD_U_CHAR(dptr, AUT_PROCESS32_EX); 708155131Srwatson ADD_U_INT32(dptr, auid); 709155131Srwatson ADD_U_INT32(dptr, euid); 710155131Srwatson ADD_U_INT32(dptr, egid); 711155131Srwatson ADD_U_INT32(dptr, ruid); 712155131Srwatson ADD_U_INT32(dptr, rgid); 713155131Srwatson ADD_U_INT32(dptr, pid); 714155131Srwatson ADD_U_INT32(dptr, sid); 715155131Srwatson ADD_U_INT32(dptr, tid->at_port); 716155131Srwatson ADD_U_INT32(dptr, tid->at_type); 717155131Srwatson ADD_U_INT32(dptr, tid->at_addr[0]); 718159985Srwatson if (tid->at_type == AU_IPv6) { 719159985Srwatson ADD_U_INT32(dptr, tid->at_addr[1]); 720159985Srwatson ADD_U_INT32(dptr, tid->at_addr[2]); 721159985Srwatson ADD_U_INT32(dptr, tid->at_addr[3]); 722159985Srwatson } 723155131Srwatson 724155131Srwatson return (t); 725155131Srwatson} 726155131Srwatson 727155131Srwatsontoken_t * 728155131Srwatsonau_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 729155131Srwatson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 730155131Srwatson{ 731155131Srwatson 732155131Srwatson errno = ENOTSUP; 733155131Srwatson return (NULL); 734155131Srwatson} 735155131Srwatson 736155131Srwatsontoken_t * 737155131Srwatsonau_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 738155131Srwatson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 739155131Srwatson{ 740155131Srwatson 741155131Srwatson return (au_to_process32_ex(auid, euid, egid, ruid, rgid, pid, sid, 742155131Srwatson tid)); 743155131Srwatson} 744155131Srwatson 745155131Srwatson/* 746155131Srwatson * token ID 1 byte 747155131Srwatson * error status 1 byte 748155131Srwatson * return value 4 bytes/8 bytes (32-bit/64-bit value) 749155131Srwatson */ 750155131Srwatsontoken_t * 751155131Srwatsonau_to_return32(char status, u_int32_t ret) 752155131Srwatson{ 753155131Srwatson token_t *t; 754155131Srwatson u_char *dptr = NULL; 755155131Srwatson 756155131Srwatson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); 757155131Srwatson if (t == NULL) 758155131Srwatson return (NULL); 759155131Srwatson 760155131Srwatson ADD_U_CHAR(dptr, AUT_RETURN32); 761155131Srwatson ADD_U_CHAR(dptr, status); 762155131Srwatson ADD_U_INT32(dptr, ret); 763155131Srwatson 764155131Srwatson return (t); 765155131Srwatson} 766155131Srwatson 767155131Srwatsontoken_t * 768155131Srwatsonau_to_return64(char status, u_int64_t ret) 769155131Srwatson{ 770155131Srwatson token_t *t; 771155131Srwatson u_char *dptr = NULL; 772155131Srwatson 773155131Srwatson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t)); 774155131Srwatson if (t == NULL) 775155131Srwatson return (NULL); 776155131Srwatson 777155131Srwatson ADD_U_CHAR(dptr, AUT_RETURN64); 778155131Srwatson ADD_U_CHAR(dptr, status); 779155131Srwatson ADD_U_INT64(dptr, ret); 780155131Srwatson 781155131Srwatson return (t); 782155131Srwatson} 783155131Srwatson 784155131Srwatsontoken_t * 785155131Srwatsonau_to_return(char status, u_int32_t ret) 786155131Srwatson{ 787155131Srwatson 788155131Srwatson return (au_to_return32(status, ret)); 789155131Srwatson} 790155131Srwatson 791155131Srwatson/* 792155131Srwatson * token ID 1 byte 793155131Srwatson * sequence number 4 bytes 794155131Srwatson */ 795155131Srwatsontoken_t * 796155131Srwatsonau_to_seq(long audit_count) 797155131Srwatson{ 798155131Srwatson token_t *t; 799155131Srwatson u_char *dptr = NULL; 800155131Srwatson 801155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); 802155131Srwatson if (t == NULL) 803155131Srwatson return (NULL); 804155131Srwatson 805155131Srwatson ADD_U_CHAR(dptr, AUT_SEQ); 806155131Srwatson ADD_U_INT32(dptr, audit_count); 807155131Srwatson 808155131Srwatson return (t); 809155131Srwatson} 810155131Srwatson 811155131Srwatson/* 812155131Srwatson * token ID 1 byte 813155131Srwatson * socket family 2 bytes 814155131Srwatson * path 104 bytes 815155131Srwatson */ 816155131Srwatsontoken_t * 817155131Srwatsonau_to_sock_unix(struct sockaddr_un *so) 818155131Srwatson{ 819155131Srwatson token_t *t; 820155131Srwatson u_char *dptr; 821155131Srwatson 822155131Srwatson GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + strlen(so->sun_path) + 1); 823155131Srwatson if (t == NULL) 824155131Srwatson return (NULL); 825155131Srwatson 826155131Srwatson ADD_U_CHAR(dptr, AU_SOCK_UNIX_TOKEN); 827155131Srwatson /* BSM token has two bytes for family */ 828155131Srwatson ADD_U_CHAR(dptr, 0); 829155131Srwatson ADD_U_CHAR(dptr, so->sun_family); 830155131Srwatson ADD_STRING(dptr, so->sun_path, strlen(so->sun_path) + 1); 831155131Srwatson 832155131Srwatson return (t); 833155131Srwatson} 834155131Srwatson 835155131Srwatson/* 836155131Srwatson * token ID 1 byte 837155131Srwatson * socket family 2 bytes 838155131Srwatson * local port 2 bytes 839155131Srwatson * socket address 4 bytes 840155131Srwatson */ 841155131Srwatsontoken_t * 842155131Srwatsonau_to_sock_inet32(struct sockaddr_in *so) 843155131Srwatson{ 844155131Srwatson token_t *t; 845155131Srwatson u_char *dptr = NULL; 846159248Srwatson uint16_t family; 847155131Srwatson 848159248Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + 849159248Srwatson sizeof(uint32_t)); 850155131Srwatson if (t == NULL) 851155131Srwatson return (NULL); 852155131Srwatson 853155131Srwatson ADD_U_CHAR(dptr, AUT_SOCKINET32); 854155131Srwatson /* 855159248Srwatson * BSM defines the family field as 16 bits, but many operating 856159248Srwatson * systems have an 8-bit sin_family field. Extend to 16 bits before 857159248Srwatson * writing into the token. Assume that both the port and the address 858159248Srwatson * in the sockaddr_in are already in network byte order, but family 859159248Srwatson * is in local byte order. 860159248Srwatson * 861159248Srwatson * XXXRW: Should a name space conversion be taking place on the value 862159248Srwatson * of sin_family? 863155131Srwatson */ 864159248Srwatson family = so->sin_family; 865159248Srwatson ADD_U_INT16(dptr, family); 866159248Srwatson ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); 867159248Srwatson ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); 868155131Srwatson 869155131Srwatson return (t); 870155131Srwatson 871155131Srwatson} 872155131Srwatson 873155131Srwatsontoken_t * 874155131Srwatsonau_to_sock_inet128(struct sockaddr_in6 *so) 875155131Srwatson{ 876155131Srwatson token_t *t; 877155131Srwatson u_char *dptr = NULL; 878155131Srwatson 879155131Srwatson GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + 880155131Srwatson 4 * sizeof(u_int32_t)); 881155131Srwatson if (t == NULL) 882155131Srwatson return (NULL); 883155131Srwatson 884155131Srwatson ADD_U_CHAR(dptr, AUT_SOCKINET128); 885155131Srwatson /* 886155131Srwatson * In Darwin, sin6_family is one octet, but BSM defines the token 887155131Srwatson * to store two. So we copy in a 0 first. 888155131Srwatson */ 889155131Srwatson ADD_U_CHAR(dptr, 0); 890155131Srwatson ADD_U_CHAR(dptr, so->sin6_family); 891155131Srwatson 892155131Srwatson ADD_U_INT16(dptr, so->sin6_port); 893159248Srwatson ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); 894155131Srwatson 895155131Srwatson return (t); 896155131Srwatson 897155131Srwatson} 898155131Srwatson 899155131Srwatsontoken_t * 900155131Srwatsonau_to_sock_inet(struct sockaddr_in *so) 901155131Srwatson{ 902155131Srwatson 903155131Srwatson return (au_to_sock_inet32(so)); 904155131Srwatson} 905155131Srwatson 906155131Srwatson/* 907155131Srwatson * token ID 1 byte 908155131Srwatson * audit ID 4 bytes 909155131Srwatson * effective user ID 4 bytes 910155131Srwatson * effective group ID 4 bytes 911155131Srwatson * real user ID 4 bytes 912155131Srwatson * real group ID 4 bytes 913155131Srwatson * process ID 4 bytes 914155131Srwatson * session ID 4 bytes 915155131Srwatson * terminal ID 916155131Srwatson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 917155131Srwatson * machine address 4 bytes 918155131Srwatson */ 919155131Srwatsontoken_t * 920155131Srwatsonau_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 921155131Srwatson pid_t pid, au_asid_t sid, au_tid_t *tid) 922155131Srwatson{ 923155131Srwatson token_t *t; 924155131Srwatson u_char *dptr = NULL; 925155131Srwatson 926155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); 927155131Srwatson if (t == NULL) 928155131Srwatson return (NULL); 929155131Srwatson 930155131Srwatson ADD_U_CHAR(dptr, AUT_SUBJECT32); 931155131Srwatson ADD_U_INT32(dptr, auid); 932155131Srwatson ADD_U_INT32(dptr, euid); 933155131Srwatson ADD_U_INT32(dptr, egid); 934155131Srwatson ADD_U_INT32(dptr, ruid); 935155131Srwatson ADD_U_INT32(dptr, rgid); 936155131Srwatson ADD_U_INT32(dptr, pid); 937155131Srwatson ADD_U_INT32(dptr, sid); 938155131Srwatson ADD_U_INT32(dptr, tid->port); 939159248Srwatson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 940155131Srwatson 941155131Srwatson return (t); 942155131Srwatson} 943155131Srwatson 944155131Srwatsontoken_t * 945155131Srwatsonau_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 946155131Srwatson pid_t pid, au_asid_t sid, au_tid_t *tid) 947155131Srwatson{ 948155131Srwatson 949155131Srwatson errno = ENOTSUP; 950155131Srwatson return (NULL); 951155131Srwatson} 952155131Srwatson 953155131Srwatsontoken_t * 954155131Srwatsonau_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 955155131Srwatson pid_t pid, au_asid_t sid, au_tid_t *tid) 956155131Srwatson{ 957155131Srwatson 958155131Srwatson return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 959155131Srwatson tid)); 960155131Srwatson} 961155131Srwatson 962155131Srwatson/* 963155131Srwatson * token ID 1 byte 964155131Srwatson * audit ID 4 bytes 965155131Srwatson * effective user ID 4 bytes 966155131Srwatson * effective group ID 4 bytes 967155131Srwatson * real user ID 4 bytes 968155131Srwatson * real group ID 4 bytes 969155131Srwatson * process ID 4 bytes 970155131Srwatson * session ID 4 bytes 971155131Srwatson * terminal ID 972155131Srwatson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 973155131Srwatson * address type/length 4 bytes 974155131Srwatson * machine address 16 bytes 975155131Srwatson */ 976155131Srwatsontoken_t * 977155131Srwatsonau_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 978155131Srwatson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 979155131Srwatson{ 980155131Srwatson token_t *t; 981155131Srwatson u_char *dptr = NULL; 982155131Srwatson 983159985Srwatson if (tid->at_type == AU_IPv4) 984159985Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * 985159985Srwatson sizeof(u_int32_t)); 986159985Srwatson else if (tid->at_type == AU_IPv6) 987159985Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * 988159985Srwatson sizeof(u_int32_t)); 989159985Srwatson else { 990159985Srwatson errno = EINVAL; 991159985Srwatson return (NULL); 992159985Srwatson } 993155131Srwatson if (t == NULL) 994155131Srwatson return (NULL); 995155131Srwatson 996155131Srwatson ADD_U_CHAR(dptr, AUT_SUBJECT32_EX); 997155131Srwatson ADD_U_INT32(dptr, auid); 998155131Srwatson ADD_U_INT32(dptr, euid); 999155131Srwatson ADD_U_INT32(dptr, egid); 1000155131Srwatson ADD_U_INT32(dptr, ruid); 1001155131Srwatson ADD_U_INT32(dptr, rgid); 1002155131Srwatson ADD_U_INT32(dptr, pid); 1003155131Srwatson ADD_U_INT32(dptr, sid); 1004155131Srwatson ADD_U_INT32(dptr, tid->at_port); 1005155131Srwatson ADD_U_INT32(dptr, tid->at_type); 1006155131Srwatson ADD_U_INT32(dptr, tid->at_addr[0]); 1007159985Srwatson if (tid->at_type == AU_IPv6) { 1008159985Srwatson ADD_U_INT32(dptr, tid->at_addr[1]); 1009159985Srwatson ADD_U_INT32(dptr, tid->at_addr[2]); 1010159985Srwatson ADD_U_INT32(dptr, tid->at_addr[3]); 1011159985Srwatson } 1012155131Srwatson 1013155131Srwatson return (t); 1014155131Srwatson} 1015155131Srwatson 1016155131Srwatsontoken_t * 1017155131Srwatsonau_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 1018155131Srwatson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 1019155131Srwatson{ 1020155131Srwatson 1021155131Srwatson errno = ENOTSUP; 1022155131Srwatson return (NULL); 1023155131Srwatson} 1024155131Srwatson 1025155131Srwatsontoken_t * 1026155131Srwatsonau_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 1027155131Srwatson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 1028155131Srwatson{ 1029155131Srwatson 1030155131Srwatson return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid, 1031155131Srwatson tid)); 1032155131Srwatson} 1033155131Srwatson 1034156283Srwatson#if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) 1035155131Srwatson/* 1036155131Srwatson * Collects audit information for the current process 1037155131Srwatson * and creates a subject token from it 1038155131Srwatson */ 1039155131Srwatsontoken_t * 1040155131Srwatsonau_to_me(void) 1041155131Srwatson{ 1042155131Srwatson auditinfo_t auinfo; 1043155131Srwatson 1044155131Srwatson if (getaudit(&auinfo) != 0) 1045155131Srwatson return (NULL); 1046155131Srwatson 1047155131Srwatson return (au_to_subject32(auinfo.ai_auid, geteuid(), getegid(), 1048155131Srwatson getuid(), getgid(), getpid(), auinfo.ai_asid, &auinfo.ai_termid)); 1049155131Srwatson} 1050155131Srwatson#endif 1051155131Srwatson 1052155131Srwatson/* 1053155131Srwatson * token ID 1 byte 1054155131Srwatson * count 4 bytes 1055155131Srwatson * text count null-terminated strings 1056155131Srwatson */ 1057155131Srwatsontoken_t * 1058161630Srwatsonau_to_exec_args(char **argv) 1059155131Srwatson{ 1060155131Srwatson token_t *t; 1061155131Srwatson u_char *dptr = NULL; 1062155131Srwatson const char *nextarg; 1063155131Srwatson int i, count = 0; 1064155131Srwatson size_t totlen = 0; 1065155131Srwatson 1066161630Srwatson nextarg = *argv; 1067155131Srwatson 1068155131Srwatson while (nextarg != NULL) { 1069155131Srwatson int nextlen; 1070155131Srwatson 1071155131Srwatson nextlen = strlen(nextarg); 1072155131Srwatson totlen += nextlen + 1; 1073155131Srwatson count++; 1074161630Srwatson nextarg = *(argv + count); 1075155131Srwatson } 1076155131Srwatson 1077155131Srwatson totlen += count * sizeof(char); /* nul terminations. */ 1078155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 1079155131Srwatson if (t == NULL) 1080155131Srwatson return (NULL); 1081155131Srwatson 1082155131Srwatson ADD_U_CHAR(dptr, AUT_EXEC_ARGS); 1083155131Srwatson ADD_U_INT32(dptr, count); 1084155131Srwatson 1085155131Srwatson for (i = 0; i < count; i++) { 1086161630Srwatson nextarg = *(argv + i); 1087155131Srwatson ADD_MEM(dptr, nextarg, strlen(nextarg) + 1); 1088155131Srwatson } 1089155131Srwatson 1090155131Srwatson return (t); 1091155131Srwatson} 1092155131Srwatson 1093155131Srwatson/* 1094155131Srwatson * token ID 1 byte 1095155131Srwatson * count 4 bytes 1096155131Srwatson * text count null-terminated strings 1097155131Srwatson */ 1098155131Srwatsontoken_t * 1099161630Srwatsonau_to_exec_env(char **envp) 1100155131Srwatson{ 1101155131Srwatson token_t *t; 1102155131Srwatson u_char *dptr = NULL; 1103155131Srwatson int i, count = 0; 1104155131Srwatson size_t totlen = 0; 1105155131Srwatson const char *nextenv; 1106155131Srwatson 1107161630Srwatson nextenv = *envp; 1108155131Srwatson 1109155131Srwatson while (nextenv != NULL) { 1110155131Srwatson int nextlen; 1111155131Srwatson 1112155131Srwatson nextlen = strlen(nextenv); 1113155131Srwatson totlen += nextlen + 1; 1114155131Srwatson count++; 1115161630Srwatson nextenv = *(envp + count); 1116155131Srwatson } 1117155131Srwatson 1118155131Srwatson totlen += sizeof(char) * count; 1119155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 1120155131Srwatson if (t == NULL) 1121155131Srwatson return (NULL); 1122155131Srwatson 1123155131Srwatson ADD_U_CHAR(dptr, AUT_EXEC_ENV); 1124155131Srwatson ADD_U_INT32(dptr, count); 1125155131Srwatson 1126155131Srwatson for (i = 0; i < count; i++) { 1127161630Srwatson nextenv = *(envp + i); 1128155131Srwatson ADD_MEM(dptr, nextenv, strlen(nextenv) + 1); 1129155131Srwatson } 1130155131Srwatson 1131155131Srwatson return (t); 1132155131Srwatson} 1133155131Srwatson 1134155131Srwatson/* 1135155131Srwatson * token ID 1 byte 1136155131Srwatson * record byte count 4 bytes 1137155131Srwatson * version # 1 byte [2] 1138155131Srwatson * event type 2 bytes 1139155131Srwatson * event modifier 2 bytes 1140155131Srwatson * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1141155131Srwatson * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1142155131Srwatson */ 1143155131Srwatsontoken_t * 1144159248Srwatsonau_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 1145155131Srwatson struct timeval tm) 1146155131Srwatson{ 1147155131Srwatson token_t *t; 1148155131Srwatson u_char *dptr = NULL; 1149155131Srwatson u_int32_t timems; 1150155131Srwatson 1151155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 1152155131Srwatson sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); 1153155131Srwatson if (t == NULL) 1154155131Srwatson return (NULL); 1155155131Srwatson 1156155131Srwatson ADD_U_CHAR(dptr, AUT_HEADER32); 1157155131Srwatson ADD_U_INT32(dptr, rec_size); 1158161630Srwatson ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 1159155131Srwatson ADD_U_INT16(dptr, e_type); 1160155131Srwatson ADD_U_INT16(dptr, e_mod); 1161155131Srwatson 1162155131Srwatson timems = tm.tv_usec/1000; 1163155131Srwatson /* Add the timestamp */ 1164155131Srwatson ADD_U_INT32(dptr, tm.tv_sec); 1165155131Srwatson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 1166155131Srwatson 1167155131Srwatson return (t); 1168155131Srwatson} 1169155131Srwatson 1170159248Srwatson#if !defined(KERNEL) && !defined(_KERNEL) 1171155131Srwatsontoken_t * 1172159248Srwatsonau_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) 1173159248Srwatson{ 1174159248Srwatson struct timeval tm; 1175159248Srwatson 1176159248Srwatson if (gettimeofday(&tm, NULL) == -1) 1177159248Srwatson return (NULL); 1178159248Srwatson return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); 1179159248Srwatson} 1180159248Srwatson 1181159248Srwatsontoken_t * 1182155131Srwatsonau_to_header64(__unused int rec_size, __unused au_event_t e_type, 1183155131Srwatson __unused au_emod_t e_mod) 1184155131Srwatson{ 1185155131Srwatson 1186155131Srwatson errno = ENOTSUP; 1187155131Srwatson return (NULL); 1188155131Srwatson} 1189155131Srwatson 1190155131Srwatsontoken_t * 1191155131Srwatsonau_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) 1192155131Srwatson{ 1193155131Srwatson 1194155131Srwatson return (au_to_header32(rec_size, e_type, e_mod)); 1195155131Srwatson} 1196159248Srwatson#endif 1197155131Srwatson 1198155131Srwatson/* 1199155131Srwatson * token ID 1 byte 1200155131Srwatson * trailer magic number 2 bytes 1201155131Srwatson * record byte count 4 bytes 1202155131Srwatson */ 1203155131Srwatsontoken_t * 1204155131Srwatsonau_to_trailer(int rec_size) 1205155131Srwatson{ 1206155131Srwatson token_t *t; 1207155131Srwatson u_char *dptr = NULL; 1208155131Srwatson u_int16_t magic = TRAILER_PAD_MAGIC; 1209155131Srwatson 1210155131Srwatson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 1211155131Srwatson sizeof(u_int32_t)); 1212155131Srwatson if (t == NULL) 1213155131Srwatson return (NULL); 1214155131Srwatson 1215155131Srwatson ADD_U_CHAR(dptr, AUT_TRAILER); 1216155131Srwatson ADD_U_INT16(dptr, magic); 1217155131Srwatson ADD_U_INT32(dptr, rec_size); 1218155131Srwatson 1219155131Srwatson return (t); 1220155131Srwatson} 1221