1/* quick and dirty hack to grab all credentials in the cred hash table 2 * from kernel via sysctl. 3 * sysctl is only defined if xnu is built with DEBUG_CRED defined. 4 */ 5 6#include <stdio.h> 7#include <stdlib.h> 8#include <fcntl.h> 9#include <limits.h> 10#include <string.h> 11#include <errno.h> 12#include <unistd.h> 13#include <sys/stat.h> 14#include <sys/types.h> 15#include <sys/sysctl.h> 16#include <bsm/audit.h> 17 18/* bad! this is replicated in kern_credential.c. make sure they stay in sync! 19 * Or better yet have commone header file? 20 */ 21struct debug_ucred { 22 uint32_t credp; 23 uint32_t cr_ref; /* reference count */ 24 uid_t cr_uid; /* effective user id */ 25 uid_t cr_ruid; /* real user id */ 26 uid_t cr_svuid; /* saved user id */ 27 short cr_ngroups; /* number of groups in advisory list */ 28 gid_t cr_groups[NGROUPS]; /* advisory group list */ 29 gid_t cr_rgid; /* real group id */ 30 gid_t cr_svgid; /* saved group id */ 31 uid_t cr_gmuid; /* UID for group membership purposes */ 32 struct auditinfo_addr cr_audit; /* user auditing data */ 33 uint32_t cr_label; /* MACF label */ 34 int cr_flags; /* flags on credential */ 35}; 36typedef struct debug_ucred debug_ucred; 37 38void dump_cred_hash_table( debug_ucred * credp, size_t buf_size ); 39void dump_cred( debug_ucred * credp ); 40 41 42main( int argc, char *argv[] ) 43{ 44 int err; 45 size_t len; 46 char *my_bufferp = NULL; 47 48 /* get size of buffer we will need */ 49 len = 0; 50 err = sysctlbyname( "kern.dump_creds", NULL, &len, NULL, 0 ); 51 if ( err != 0 ) { 52 printf( "sysctl failed \n" ); 53 printf( "\terrno %d - \"%s\" \n", errno, strerror( errno ) ); 54 return; 55 } 56 57 /* get a buffer for our credentials. need some spare room since table could have grown */ 58 my_bufferp = malloc( len ); 59 if ( my_bufferp == NULL ) { 60 printf( "malloc error %d - \"%s\" \n", errno, strerror( errno ) ); 61 return; 62 } 63 err = sysctlbyname( "kern.dump_creds", my_bufferp, &len, NULL, 0 ); 64 if ( err != 0 ) { 65 printf( "sysctl 2 failed \n" ); 66 printf( "\terrno %d - \"%s\" \n", errno, strerror( errno ) ); 67 return; 68 } 69 dump_cred_hash_table( (debug_ucred *)my_bufferp, len ); 70 71 return; 72} 73 74void dump_cred_hash_table( debug_ucred * credp, size_t buf_size ) 75{ 76 int i, my_count = (buf_size / sizeof(debug_ucred)); 77 78 printf("\n\t dumping credential hash table - total creds %d \n", 79 my_count); 80 for (i = 0; i < my_count; i++) { 81 printf("[%02d] ", i); 82 dump_cred( credp ); 83 credp++; 84 } 85 return; 86} 87 88void dump_cred( debug_ucred * credp ) 89{ 90 int i; 91 printf("%p ", credp->credp); 92 printf("%lu ", credp->cr_ref); 93 printf("%d ", credp->cr_uid); 94 printf("%d ", credp->cr_ruid); 95 printf("%d ", credp->cr_svuid); 96 printf("%d g[", credp->cr_ngroups); 97 for (i = 0; i < credp->cr_ngroups; i++) { 98 printf("%d", credp->cr_groups[i]); 99 if ( (i + 1) < credp->cr_ngroups ) { 100 printf(" "); 101 } 102 } 103 printf("] %d ", credp->cr_rgid); 104 printf("%d ", credp->cr_svgid); 105 printf("%d ", credp->cr_gmuid); 106 printf("a[%d ", credp->cr_audit.ai_auid); 107 printf("%d ", credp->cr_audit.ai_mask.am_success); 108 printf("%d ", credp->cr_audit.ai_mask.am_failure); 109 printf("%d ", credp->cr_audit.ai_termid.at_port); 110 printf("%d ", credp->cr_audit.ai_termid.at_addr[0]); 111 printf("%d ", credp->cr_audit.ai_asid); 112 printf("] "); 113 printf("%p ", credp->cr_label); 114 printf("0x%08x \n", credp->cr_flags); 115 printf("\n"); 116 return; 117} 118