au_to.c revision 11134:8aa0c4ca6639
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27#include <sys/types.h> 28#include <unistd.h> 29#include <bsm/audit.h> 30#include <bsm/audit_record.h> 31#include <bsm/libbsm.h> 32#include <priv.h> 33#include <sys/ipc.h> 34#include <sys/param.h> 35#include <sys/socket.h> 36#include <sys/time.h> 37#include <sys/vnode.h> 38#include <malloc.h> 39#include <net/route.h> 40#include <netinet/in.h> 41#include <netinet/in_pcb.h> 42#include <string.h> 43#include <ucred.h> 44#include <zone.h> 45#include <sys/tsol/label.h> 46 47#define NGROUPS 16 /* XXX - temporary */ 48 49token_t *au_to_arg(char n, char *text, uint32_t v); 50#pragma weak au_to_arg = au_to_arg32 51token_t *au_to_return(char number, uint32_t value); 52#pragma weak au_to_return = au_to_return32 53 54static token_t *au_to_exec(char **, char); 55 56static token_t * 57get_token(int s) 58{ 59 token_t *token; /* Resultant token */ 60 61 if ((token = (token_t *)malloc(sizeof (token_t))) == NULL) 62 return (NULL); 63 if ((token->tt_data = malloc(s)) == NULL) { 64 free(token); 65 return (NULL); 66 } 67 token->tt_size = s; 68 token->tt_next = NULL; 69 return (token); 70} 71 72/* 73 * au_to_header 74 * return s: 75 * pointer to header token. 76 */ 77token_t * 78au_to_header(au_event_t e_type, au_emod_t e_mod) 79{ 80 adr_t adr; /* adr memory stream header */ 81 token_t *token; /* token pointer */ 82 char version = TOKEN_VERSION; /* version of token family */ 83 int32_t byte_count; 84 struct timeval tv; 85#ifdef _LP64 86 char data_header = AUT_HEADER64; /* header for this token */ 87 88 token = get_token(2 * sizeof (char) + sizeof (int32_t) + 89 2 * sizeof (int64_t) + 2 * sizeof (short)); 90#else 91 char data_header = AUT_HEADER32; 92 93 token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) + 94 2 * sizeof (short)); 95#endif 96 97 if (token == NULL) 98 return (NULL); 99 adr_start(&adr, token->tt_data); 100 adr_char(&adr, &data_header, 1); /* token ID */ 101 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 102 adr_char(&adr, &version, 1); /* version of audit tokens */ 103 adr_ushort(&adr, &e_type, 1); /* event ID */ 104 adr_ushort(&adr, &e_mod, 1); /* event ID modifier */ 105#ifdef _LP64 106 adr_int64(&adr, (int64_t *)&tv, 2); /* time & date */ 107#else 108 adr_int32(&adr, (int32_t *)&tv, 2); /* time & date */ 109#endif 110 return (token); 111} 112 113/* 114 * au_to_header_ex 115 * return s: 116 * pointer to header token. 117 */ 118token_t * 119au_to_header_ex(au_event_t e_type, au_emod_t e_mod) 120{ 121 adr_t adr; /* adr memory stream header */ 122 token_t *token; /* token pointer */ 123 char version = TOKEN_VERSION; /* version of token family */ 124 int32_t byte_count; 125 struct timeval tv; 126 auditinfo_addr_t audit_info; 127 au_tid_addr_t *host_info = &audit_info.ai_termid; 128#ifdef _LP64 129 char data_header = AUT_HEADER64_EX; /* header for this token */ 130#else 131 char data_header = AUT_HEADER32_EX; 132#endif 133 134 /* If our host address can't be determined, revert to un-extended hdr */ 135 136 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info, 137 sizeof (audit_info)) < 0) 138 return (au_to_header(e_type, e_mod)); 139 140 if (host_info->at_type == AU_IPv6) 141 if (IN6_IS_ADDR_UNSPECIFIED((in6_addr_t *)host_info->at_addr)) 142 return (au_to_header(e_type, e_mod)); 143 else 144 if (host_info->at_addr[0] == htonl(INADDR_ANY)) 145 return (au_to_header(e_type, e_mod)); 146 147#ifdef _LP64 148 token = get_token(2 * sizeof (char) + sizeof (int32_t) + 149 2 * sizeof (int64_t) + 2 * sizeof (short) + 150 sizeof (int32_t) + host_info->at_type); 151#else 152 token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) + 153 2 * sizeof (short) + sizeof (int32_t) + host_info->at_type); 154#endif 155 156 if (token == NULL) 157 return (NULL); 158 adr_start(&adr, token->tt_data); 159 adr_char(&adr, &data_header, 1); /* token ID */ 160 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 161 adr_char(&adr, &version, 1); /* version of audit tokens */ 162 adr_ushort(&adr, &e_type, 1); /* event ID */ 163 adr_ushort(&adr, &e_mod, 1); /* event ID modifier */ 164 adr_int32(&adr, (int32_t *)&host_info->at_type, 1); 165 adr_char(&adr, (char *)host_info->at_addr, 166 (int)host_info->at_type); 167#ifdef _LP64 168 adr_int64(&adr, (int64_t *)&tv, 2); /* time & date */ 169#else 170 adr_int32(&adr, (int32_t *)&tv, 2); /* time & date */ 171#endif 172 return (token); 173} 174 175/* 176 * au_to_trailer 177 * return s: 178 * pointer to a trailer token. 179 */ 180token_t * 181au_to_trailer(void) 182{ 183 adr_t adr; /* adr memory stream header */ 184 token_t *token; /* token pointer */ 185 char data_header = AUT_TRAILER; /* header for this token */ 186 short magic = (short)AUT_TRAILER_MAGIC; /* trailer magic number */ 187 int32_t byte_count; 188 189 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (short)); 190 if (token == NULL) 191 return (NULL); 192 adr_start(&adr, token->tt_data); 193 adr_char(&adr, &data_header, 1); /* token ID */ 194 adr_short(&adr, &magic, 1); /* magic number */ 195 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 196 197 return (token); 198} 199 200/* 201 * au_to_arg32 202 * return s: 203 * pointer to an argument token. 204 */ 205token_t * 206au_to_arg32(char n, char *text, uint32_t v) 207{ 208 token_t *token; /* local token */ 209 adr_t adr; /* adr memory stream header */ 210 char data_header = AUT_ARG32; /* header for this token */ 211 short bytes; /* length of string */ 212 213 bytes = strlen(text) + 1; 214 215 token = get_token((int)(2 * sizeof (char) + sizeof (int32_t) + 216 sizeof (short) + bytes)); 217 if (token == NULL) 218 return (NULL); 219 adr_start(&adr, token->tt_data); 220 adr_char(&adr, &data_header, 1); /* token type */ 221 adr_char(&adr, &n, 1); /* argument id */ 222 adr_int32(&adr, (int32_t *)&v, 1); /* argument value */ 223 adr_short(&adr, &bytes, 1); 224 adr_char(&adr, text, bytes); 225 226 return (token); 227} 228 229/* 230 * au_to_arg64 231 * return s: 232 * pointer to an argument token. 233 */ 234token_t * 235au_to_arg64(char n, char *text, uint64_t v) 236{ 237 token_t *token; /* local token */ 238 adr_t adr; /* adr memory stream header */ 239 char data_header = AUT_ARG64; /* header for this token */ 240 short bytes; /* length of string */ 241 242 bytes = strlen(text) + 1; 243 244 token = get_token((int)(2 * sizeof (char) + sizeof (int64_t) + 245 sizeof (short) + bytes)); 246 if (token == NULL) 247 return (NULL); 248 adr_start(&adr, token->tt_data); 249 adr_char(&adr, &data_header, 1); /* token type */ 250 adr_char(&adr, &n, 1); /* argument id */ 251 adr_int64(&adr, (int64_t *)&v, 1); /* argument value */ 252 adr_short(&adr, &bytes, 1); 253 adr_char(&adr, text, bytes); 254 255 return (token); 256} 257 258 259/* 260 * au_to_attr 261 * return s: 262 * pointer to an attribute token. 263 */ 264token_t * 265au_to_attr(struct vattr *attr) 266{ 267 token_t *token; /* local token */ 268 adr_t adr; /* adr memory stream header */ 269 int32_t value; 270#ifdef _LP64 271 char data_header = AUT_ATTR64; /* header for this token */ 272 273 token = get_token(sizeof (char) + 274 sizeof (int32_t) * 4 + 275 sizeof (int64_t) * 2); 276#else 277 char data_header = AUT_ATTR32; 278 279 token = get_token(sizeof (char) + sizeof (int32_t) * 5 + 280 sizeof (int64_t)); 281#endif 282 283 if (token == NULL) 284 return (NULL); 285 adr_start(&adr, token->tt_data); 286 adr_char(&adr, &data_header, 1); 287 value = (int32_t)attr->va_mode; 288 adr_int32(&adr, &value, 1); 289 value = (int32_t)attr->va_uid; 290 adr_int32(&adr, &value, 1); 291 value = (int32_t)attr->va_gid; 292 adr_int32(&adr, &value, 1); 293 adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1); 294 adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1); 295#ifdef _LP64 296 adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1); 297#else 298 adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1); 299#endif 300 301 return (token); 302} 303 304/* 305 * au_to_data 306 * return s: 307 * pointer to a data token. 308 */ 309token_t * 310au_to_data(char unit_print, char unit_type, char unit_count, char *p) 311{ 312 adr_t adr; /* adr memory stream header */ 313 token_t *token; /* token pointer */ 314 char data_header = AUT_DATA; /* header for this token */ 315 int byte_count; /* number of bytes */ 316 317 if (p == NULL || unit_count < 1) 318 return (NULL); 319 320 /* 321 * Check validity of print type 322 */ 323 if (unit_print < AUP_BINARY || unit_print > AUP_STRING) 324 return (NULL); 325 326 switch (unit_type) { 327 case AUR_SHORT: 328 byte_count = unit_count * sizeof (short); 329 break; 330 case AUR_INT32: 331 byte_count = unit_count * sizeof (int32_t); 332 break; 333 case AUR_INT64: 334 byte_count = unit_count * sizeof (int64_t); 335 break; 336 /* case AUR_CHAR: */ 337 case AUR_BYTE: 338 byte_count = unit_count * sizeof (char); 339 break; 340 default: 341 return (NULL); 342 } 343 344 token = get_token((int)(4 * sizeof (char) + byte_count)); 345 if (token == NULL) 346 return (NULL); 347 adr_start(&adr, token->tt_data); 348 adr_char(&adr, &data_header, 1); 349 adr_char(&adr, &unit_print, 1); 350 adr_char(&adr, &unit_type, 1); 351 adr_char(&adr, &unit_count, 1); 352 353 switch (unit_type) { 354 case AUR_SHORT: 355 /* LINTED */ 356 adr_short(&adr, (short *)p, unit_count); 357 break; 358 case AUR_INT32: 359 /* LINTED */ 360 adr_int32(&adr, (int32_t *)p, unit_count); 361 break; 362 case AUR_INT64: 363 /* LINTED */ 364 adr_int64(&adr, (int64_t *)p, unit_count); 365 break; 366 /* case AUR_CHAR: */ 367 case AUR_BYTE: 368 adr_char(&adr, p, unit_count); 369 break; 370 } 371 372 return (token); 373} 374 375/* 376 * au_to_privset 377 * 378 * priv_type (LIMIT, INHERIT...) is the first string and privilege 379 * in translated into the second string. The format is as follows: 380 * 381 * token id adr_char 382 * priv type adr_string (short, string) 383 * priv set adr_string (short, string) 384 * 385 * return s: 386 * pointer to a AUT_PRIV token. 387 */ 388token_t * 389au_to_privset(const char *priv_type, const priv_set_t *privilege) 390{ 391 token_t *token; /* local token */ 392 adr_t adr; /* adr memory stream header */ 393 char data_header = AUT_PRIV; /* header for this token */ 394 short t_bytes; /* length of type string */ 395 short p_bytes; /* length of privilege string */ 396 char *priv_string; /* privilege string */ 397 398 t_bytes = strlen(priv_type) + 1; 399 400 if ((privilege == NULL) || (priv_string = 401 priv_set_to_str(privilege, ',', 402 PRIV_STR_LIT)) == NULL) 403 return (NULL); 404 405 p_bytes = strlen(priv_string) + 1; 406 407 token = get_token((int)(sizeof (char) + (2 * sizeof (short)) + t_bytes 408 + p_bytes)); 409 if (token == NULL) 410 return (NULL); 411 412 adr_start(&adr, token->tt_data); 413 adr_char(&adr, &data_header, 1); 414 adr_short(&adr, &t_bytes, 1); 415 adr_char(&adr, (char *)priv_type, t_bytes); 416 adr_short(&adr, &p_bytes, 1); 417 adr_char(&adr, priv_string, p_bytes); 418 419 free(priv_string); 420 421 return (token); 422} 423 424/* 425 * au_to_process 426 * return s: 427 * pointer to a process token. 428 */ 429 430token_t * 431au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 432 pid_t pid, au_asid_t sid, au_tid_t *tid) 433{ 434 token_t *token; /* local token */ 435 adr_t adr; /* adr memory stream header */ 436#ifdef _LP64 437 char data_header = AUT_PROCESS64; /* header for this token */ 438 439 token = get_token(sizeof (char) + 8 * sizeof (int32_t) + 440 sizeof (int64_t)); 441#else 442 char data_header = AUT_PROCESS32; 443 444 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 445#endif 446 447 if (token == NULL) 448 return (NULL); 449 adr_start(&adr, token->tt_data); 450 adr_char(&adr, &data_header, 1); 451 adr_int32(&adr, (int32_t *)&auid, 1); 452 adr_int32(&adr, (int32_t *)&euid, 1); 453 adr_int32(&adr, (int32_t *)&egid, 1); 454 adr_int32(&adr, (int32_t *)&ruid, 1); 455 adr_int32(&adr, (int32_t *)&rgid, 1); 456 adr_int32(&adr, (int32_t *)&pid, 1); 457 adr_int32(&adr, (int32_t *)&sid, 1); 458#ifdef _LP64 459 adr_int64(&adr, (int64_t *)&tid->port, 1); 460#else 461 adr_int32(&adr, (int32_t *)&tid->port, 1); 462#endif 463 adr_int32(&adr, (int32_t *)&tid->machine, 1); 464 465 return (token); 466} 467 468/* 469 * au_to_process_ex 470 * return s: 471 * pointer to a process_ex token. 472 */ 473token_t * 474au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 475 pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 476{ 477 token_t *token; /* local token */ 478 adr_t adr; /* adr memory stream header */ 479 char data_header; /* header for this token */ 480 481#ifdef _LP64 482 if (tid->at_type == AU_IPv6) { 483 data_header = AUT_PROCESS64_EX; 484 token = get_token(sizeof (char) + sizeof (int64_t) + 485 12 * sizeof (int32_t)); 486 } else { 487 data_header = AUT_PROCESS64; 488 token = get_token(sizeof (char) + sizeof (int64_t) + 489 8 * sizeof (int32_t)); 490 } 491#else 492 if (tid->at_type == AU_IPv6) { 493 data_header = AUT_PROCESS32_EX; 494 token = get_token(sizeof (char) + 13 * sizeof (int32_t)); 495 } else { 496 data_header = AUT_PROCESS32; 497 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 498 } 499#endif 500 if (token == NULL) 501 return (NULL); 502 adr_start(&adr, token->tt_data); 503 adr_char(&adr, &data_header, 1); 504 adr_int32(&adr, (int32_t *)&auid, 1); 505 adr_int32(&adr, (int32_t *)&euid, 1); 506 adr_int32(&adr, (int32_t *)&egid, 1); 507 adr_int32(&adr, (int32_t *)&ruid, 1); 508 adr_int32(&adr, (int32_t *)&rgid, 1); 509 adr_int32(&adr, (int32_t *)&pid, 1); 510 adr_int32(&adr, (int32_t *)&sid, 1); 511#ifdef _LP64 512 adr_int64(&adr, (int64_t *)&tid->at_port, 1); 513#else 514 adr_int32(&adr, (int32_t *)&tid->at_port, 1); 515#endif 516 if (tid->at_type == AU_IPv6) { 517 adr_int32(&adr, (int32_t *)&tid->at_type, 1); 518 adr_char(&adr, (char *)tid->at_addr, 16); 519 } else { 520 adr_char(&adr, (char *)tid->at_addr, 4); 521 } 522 523 return (token); 524} 525 526/* 527 * au_to_seq 528 * return s: 529 * pointer to token chain containing a sequence token 530 */ 531token_t * 532au_to_seq(int audit_count) 533{ 534 token_t *token; /* local token */ 535 adr_t adr; /* adr memory stream header */ 536 char data_header = AUT_SEQ; /* header for this token */ 537 538 token = get_token(sizeof (char) + sizeof (int32_t)); 539 if (token == NULL) 540 return (NULL); 541 adr_start(&adr, token->tt_data); 542 adr_char(&adr, &data_header, 1); 543 adr_int32(&adr, (int32_t *)&audit_count, 1); 544 545 return (token); 546} 547 548/* 549 * au_to_socket 550 * return s: 551 * pointer to mbuf chain containing a socket token. 552 */ 553token_t * 554au_to_socket(struct oldsocket *so) 555{ 556 adr_t adr; 557 token_t *token; 558 char data_header = AUT_SOCKET; 559 struct inpcb *inp = so->so_pcb; 560 561 token = get_token(sizeof (char) + sizeof (short) * 3 + 562 sizeof (int32_t) * 2); 563 if (token == NULL) 564 return (NULL); 565 adr_start(&adr, token->tt_data); 566 adr_char(&adr, &data_header, 1); 567 adr_short(&adr, (short *)&so->so_type, 1); 568 adr_short(&adr, (short *)&inp->inp_lport, 1); 569 adr_int32(&adr, (int32_t *)&inp->inp_laddr, 1); 570 adr_short(&adr, (short *)&inp->inp_fport, 1); 571 adr_int32(&adr, (int32_t *)&inp->inp_faddr, 1); 572 573 return (token); 574} 575 576/* 577 * au_to_subject 578 * return s: 579 * pointer to a process token. 580 */ 581 582token_t * 583au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 584 pid_t pid, au_asid_t sid, au_tid_t *tid) 585{ 586 token_t *token; /* local token */ 587 adr_t adr; /* adr memory stream header */ 588#ifdef _LP64 589 char data_header = AUT_SUBJECT64; /* header for this token */ 590 591 token = get_token(sizeof (char) + sizeof (int64_t) + 592 8 * sizeof (int32_t)); 593#else 594 char data_header = AUT_SUBJECT32; 595 596 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 597#endif 598 599 if (token == NULL) 600 return (NULL); 601 adr_start(&adr, token->tt_data); 602 adr_char(&adr, &data_header, 1); 603 adr_int32(&adr, (int32_t *)&auid, 1); 604 adr_int32(&adr, (int32_t *)&euid, 1); 605 adr_int32(&adr, (int32_t *)&egid, 1); 606 adr_int32(&adr, (int32_t *)&ruid, 1); 607 adr_int32(&adr, (int32_t *)&rgid, 1); 608 adr_int32(&adr, (int32_t *)&pid, 1); 609 adr_int32(&adr, (int32_t *)&sid, 1); 610#ifdef _LP64 611 adr_int64(&adr, (int64_t *)&tid->port, 1); 612#else 613 adr_int32(&adr, (int32_t *)&tid->port, 1); 614#endif 615 adr_int32(&adr, (int32_t *)&tid->machine, 1); 616 617 return (token); 618} 619 620/* 621 * au_to_subject_ex 622 * return s: 623 * pointer to a process token. 624 */ 625 626token_t * 627au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 628 pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 629{ 630 token_t *token; /* local token */ 631 adr_t adr; /* adr memory stream header */ 632#ifdef _LP64 633 char data_header; /* header for this token */ 634 635 if (tid->at_type == AU_IPv6) { 636 data_header = AUT_SUBJECT64_EX; 637 token = get_token(sizeof (char) + sizeof (int64_t) + 638 12 * sizeof (int32_t)); 639 } else { 640 data_header = AUT_SUBJECT64; 641 token = get_token(sizeof (char) + sizeof (int64_t) + 642 8 * sizeof (int32_t)); 643 } 644#else 645 char data_header; /* header for this token */ 646 647 if (tid->at_type == AU_IPv6) { 648 data_header = AUT_SUBJECT32_EX; 649 token = get_token(sizeof (char) + 13 * sizeof (int32_t)); 650 } else { 651 data_header = AUT_SUBJECT32; 652 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 653 } 654#endif 655 656 if (token == NULL) 657 return (NULL); 658 adr_start(&adr, token->tt_data); 659 adr_char(&adr, &data_header, 1); 660 adr_int32(&adr, (int32_t *)&auid, 1); 661 adr_int32(&adr, (int32_t *)&euid, 1); 662 adr_int32(&adr, (int32_t *)&egid, 1); 663 adr_int32(&adr, (int32_t *)&ruid, 1); 664 adr_int32(&adr, (int32_t *)&rgid, 1); 665 adr_int32(&adr, (int32_t *)&pid, 1); 666 adr_int32(&adr, (int32_t *)&sid, 1); 667#ifdef _LP64 668 adr_int64(&adr, (int64_t *)&tid->at_port, 1); 669#else 670 adr_int32(&adr, (int32_t *)&tid->at_port, 1); 671#endif 672 if (tid->at_type == AU_IPv6) { 673 adr_int32(&adr, (int32_t *)&tid->at_type, 1); 674 adr_char(&adr, (char *)tid->at_addr, 16); 675 } else { 676 adr_char(&adr, (char *)tid->at_addr, 4); 677 } 678 679 return (token); 680} 681 682/* 683 * au_to_me 684 * return s: 685 * pointer to a process token. 686 */ 687 688token_t * 689au_to_me(void) 690{ 691 auditinfo_addr_t info; 692 693 if (getaudit_addr(&info, sizeof (info))) 694 return (NULL); 695 return (au_to_subject_ex(info.ai_auid, geteuid(), getegid(), getuid(), 696 getgid(), getpid(), info.ai_asid, &info.ai_termid)); 697} 698/* 699 * au_to_text 700 * return s: 701 * pointer to a text token. 702 */ 703token_t * 704au_to_text(char *text) 705{ 706 token_t *token; /* local token */ 707 adr_t adr; /* adr memory stream header */ 708 char data_header = AUT_TEXT; /* header for this token */ 709 short bytes; /* length of string */ 710 711 bytes = strlen(text) + 1; 712 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 713 if (token == NULL) 714 return (NULL); 715 adr_start(&adr, token->tt_data); 716 adr_char(&adr, &data_header, 1); 717 adr_short(&adr, &bytes, 1); 718 adr_char(&adr, text, bytes); 719 720 return (token); 721} 722 723/* 724 * au_to_path 725 * return s: 726 * pointer to a path token. 727 */ 728token_t * 729au_to_path(char *path) 730{ 731 token_t *token; /* local token */ 732 adr_t adr; /* adr memory stream header */ 733 char data_header = AUT_PATH; /* header for this token */ 734 short bytes; /* length of string */ 735 736 bytes = (short)strlen(path) + 1; 737 738 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 739 if (token == NULL) 740 return (NULL); 741 adr_start(&adr, token->tt_data); 742 adr_char(&adr, &data_header, 1); 743 adr_short(&adr, &bytes, 1); 744 adr_char(&adr, path, bytes); 745 746 return (token); 747} 748 749/* 750 * au_to_cmd 751 * return s: 752 * pointer to an command line argument token 753 */ 754token_t * 755au_to_cmd(uint_t argc, char **argv, char **envp) 756{ 757 token_t *token; /* local token */ 758 adr_t adr; /* adr memory stream header */ 759 char data_header = AUT_CMD; /* header for this token */ 760 short len = 0; 761 short cnt = 0; 762 short envc = 0; 763 short largc = (short)argc; 764 765 /* 766 * one char for the header, one short for argc, 767 * one short for # envp strings. 768 */ 769 len = sizeof (char) + sizeof (short) + sizeof (short); 770 771 /* get sizes of strings */ 772 773 for (cnt = 0; cnt < argc; cnt++) { 774 len += (short)sizeof (short) + (short)(strlen(argv[cnt]) + 1); 775 } 776 777 if (envp != NULL) { 778 for (envc = 0; envp[envc] != NULL; envc++) { 779 len += (short)sizeof (short) + 780 (short)(strlen(envp[envc]) + 1); 781 } 782 } 783 784 token = get_token(len); 785 if (token == NULL) 786 return (NULL); 787 788 adr_start(&adr, token->tt_data); 789 adr_char(&adr, &data_header, 1); 790 791 adr_short(&adr, &largc, 1); 792 793 for (cnt = 0; cnt < argc; cnt++) { 794 len = (short)(strlen(argv[cnt]) + 1); 795 adr_short(&adr, &len, 1); 796 adr_char(&adr, argv[cnt], len); 797 } 798 799 adr_short(&adr, &envc, 1); 800 801 for (cnt = 0; cnt < envc; cnt++) { 802 len = (short)(strlen(envp[cnt]) + 1); 803 adr_short(&adr, &len, 1); 804 adr_char(&adr, envp[cnt], len); 805 } 806 807 return (token); 808} 809 810/* 811 * au_to_exit 812 * return s: 813 * pointer to a exit value token. 814 */ 815token_t * 816au_to_exit(int retval, int err) 817{ 818 token_t *token; /* local token */ 819 adr_t adr; /* adr memory stream header */ 820 char data_header = AUT_EXIT; /* header for this token */ 821 822 token = get_token(sizeof (char) + (2 * sizeof (int32_t))); 823 if (token == NULL) 824 return (NULL); 825 adr_start(&adr, token->tt_data); 826 adr_char(&adr, &data_header, 1); 827 adr_int32(&adr, (int32_t *)&retval, 1); 828 adr_int32(&adr, (int32_t *)&err, 1); 829 830 return (token); 831} 832 833/* 834 * au_to_return 835 * return s: 836 * pointer to a return value token. 837 */ 838token_t * 839au_to_return32(char number, uint32_t value) 840{ 841 token_t *token; /* local token */ 842 adr_t adr; /* adr memory stream header */ 843 char data_header = AUT_RETURN32; /* header for this token */ 844 845 token = get_token(2 * sizeof (char) + sizeof (int32_t)); 846 if (token == NULL) 847 return (NULL); 848 adr_start(&adr, token->tt_data); 849 adr_char(&adr, &data_header, 1); 850 adr_char(&adr, &number, 1); 851 adr_int32(&adr, (int32_t *)&value, 1); 852 853 return (token); 854} 855 856/* 857 * au_to_return 858 * return s: 859 * pointer to a return value token. 860 */ 861token_t * 862au_to_return64(char number, uint64_t value) 863{ 864 token_t *token; /* local token */ 865 adr_t adr; /* adr memory stream header */ 866 char data_header = AUT_RETURN64; /* header for this token */ 867 868 token = get_token(2 * sizeof (char) + sizeof (int64_t)); 869 if (token == NULL) 870 return (NULL); 871 adr_start(&adr, token->tt_data); 872 adr_char(&adr, &data_header, 1); 873 adr_char(&adr, &number, 1); 874 adr_int64(&adr, (int64_t *)&value, 1); 875 876 return (token); 877} 878 879 880/* 881 * au_to_opaque 882 * return s: 883 * pointer to a opaque token. 884 */ 885token_t * 886au_to_opaque(char *opaque, short bytes) 887{ 888 token_t *token; /* local token */ 889 adr_t adr; /* adr memory stream header */ 890 char data_header = AUT_OPAQUE; /* header for this token */ 891 892 if (bytes < 1) 893 return (NULL); 894 895 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 896 if (token == NULL) 897 return (NULL); 898 adr_start(&adr, token->tt_data); 899 adr_char(&adr, &data_header, 1); 900 adr_short(&adr, &bytes, 1); 901 adr_char(&adr, opaque, bytes); 902 903 return (token); 904} 905 906/* 907 * au_to_in_addr 908 * return s: 909 * pointer to an internet address token 910 */ 911token_t * 912au_to_in_addr(struct in_addr *internet_addr) 913{ 914 token_t *token; /* local token */ 915 adr_t adr; /* adr memory stream header */ 916 char data_header = AUT_IN_ADDR; /* header for this token */ 917 918 token = get_token(sizeof (char) + sizeof (struct in_addr)); 919 if (token == NULL) 920 return (NULL); 921 adr_start(&adr, token->tt_data); 922 adr_char(&adr, &data_header, 1); 923 adr_char(&adr, (char *)internet_addr, sizeof (struct in_addr)); 924 925 return (token); 926} 927 928/* 929 * au_to_in_addr_ex 930 * return s: 931 * pointer to an internet extended token 932 */ 933token_t * 934au_to_in_addr_ex(struct in6_addr *addr) 935{ 936 token_t *token; 937 adr_t adr; 938 939 if (IN6_IS_ADDR_V4MAPPED(addr)) { 940 ipaddr_t in4; 941 942 /* 943 * An IPv4-mapped IPv6 address is really an IPv4 address 944 * in IPv6 format. 945 */ 946 947 IN6_V4MAPPED_TO_IPADDR(addr, in4); 948 return (au_to_in_addr((struct in_addr *)&in4)); 949 950 } else { 951 char data_header = AUT_IN_ADDR_EX; 952 int32_t type = AU_IPv6; 953 954 if ((token = get_token(sizeof (char) + sizeof (int32_t) + 955 sizeof (struct in6_addr))) == NULL) { 956 return (NULL); 957 } 958 959 adr_start(&adr, token->tt_data); 960 adr_char(&adr, &data_header, 1); 961 adr_int32(&adr, &type, 1); 962 adr_char(&adr, (char *)addr, sizeof (struct in6_addr)); 963 } 964 965 return (token); 966} 967 968/* 969 * au_to_iport 970 * return s: 971 * pointer to token chain containing a ip port address token 972 */ 973token_t * 974au_to_iport(ushort_t iport) 975{ 976 token_t *token; /* local token */ 977 adr_t adr; /* adr memory stream header */ 978 char data_header = AUT_IPORT; /* header for this token */ 979 980 token = get_token(sizeof (char) + sizeof (short)); 981 if (token == NULL) 982 return (NULL); 983 adr_start(&adr, token->tt_data); 984 adr_char(&adr, &data_header, 1); 985 adr_short(&adr, (short *)&iport, 1); 986 987 return (token); 988} 989 990token_t * 991au_to_ipc(char type, int id) 992{ 993 token_t *token; /* local token */ 994 adr_t adr; /* adr memory stream header */ 995 char data_header = AUT_IPC; /* header for this token */ 996 997 token = get_token((2 * sizeof (char)) + sizeof (int32_t)); 998 if (token == NULL) 999 return (NULL); 1000 adr_start(&adr, token->tt_data); 1001 adr_char(&adr, &data_header, 1); 1002 adr_char(&adr, &type, 1); 1003 adr_int32(&adr, (int32_t *)&id, 1); 1004 1005 return (token); 1006} 1007 1008/* 1009 * au_to_tid 1010 * 1011 * output format depends on type; at present only IP v4 and v6 addresses 1012 * are defined. 1013 * 1014 * IPv4 -- tid type, 16 bit remote port, 16 bit local port, ip type, 1015 * 32 bit IP address. 1016 * IPv6 -- tid type, 16 bit remote port, 16 bit local port, ip type, 1017 * 4 x 32 bit IP address. 1018 * 1019 */ 1020token_t * 1021au_to_tid(au_generic_tid_t *tid) 1022{ 1023 char data_header = AUT_TID; /* header for this token */ 1024 adr_t adr; /* adr memory stream header */ 1025 token_t *token; /* local token */ 1026 au_ip_t *ip; 1027 1028 switch (tid->gt_type) { 1029 case AU_IPADR: 1030 ip = &(tid->gt_adr.at_ip); 1031 token = get_token((int)(2 * sizeof (char) + 2 * sizeof (short) + 1032 sizeof (uint32_t) + ip->at_type)); 1033 if (token == NULL) 1034 return (NULL); 1035 1036 adr_start(&adr, token->tt_data); 1037 adr_char(&adr, &data_header, 1); 1038 adr_char(&adr, (char *)&(tid->gt_type), 1); 1039 adr_short(&adr, (short *)&(ip->at_r_port), 1); 1040 adr_short(&adr, (short *)&(ip->at_l_port), 1); 1041 adr_int32(&adr, (int32_t *)&(ip->at_type), 1); 1042 1043 adr_char(&adr, (char *)ip->at_addr, ip->at_type); 1044 1045 break; 1046 default: 1047 return (NULL); 1048 } 1049 return (token); 1050} 1051 1052/* 1053 * The Modifier tokens 1054 */ 1055 1056/* 1057 * au_to_groups 1058 * return s: 1059 * pointer to a group list token. 1060 * 1061 * This function is obsolete. Please use au_to_newgroups. 1062 */ 1063token_t * 1064au_to_groups(int *groups) 1065{ 1066 token_t *token; /* local token */ 1067 adr_t adr; /* adr memory stream header */ 1068 char data_header = AUT_GROUPS; /* header for this token */ 1069 1070 token = get_token(sizeof (char) + NGROUPS * sizeof (int32_t)); 1071 if (token == NULL) 1072 return (NULL); 1073 adr_start(&adr, token->tt_data); 1074 adr_char(&adr, &data_header, 1); 1075 adr_int32(&adr, (int32_t *)groups, NGROUPS); 1076 1077 return (token); 1078} 1079 1080/* 1081 * au_to_newgroups 1082 * return s: 1083 * pointer to a group list token. 1084 */ 1085token_t * 1086au_to_newgroups(int n, gid_t *groups) 1087{ 1088 token_t *token; /* local token */ 1089 adr_t adr; /* adr memory stream header */ 1090 char data_header = AUT_NEWGROUPS; /* header for this token */ 1091 short n_groups; 1092 1093 if (n < 0 || n > SHRT_MAX || groups == NULL) 1094 return (NULL); 1095 token = get_token(sizeof (char) + sizeof (short) + n * sizeof (gid_t)); 1096 if (token == NULL) 1097 return (NULL); 1098 n_groups = (short)n; 1099 adr_start(&adr, token->tt_data); 1100 adr_char(&adr, &data_header, 1); 1101 adr_short(&adr, &n_groups, 1); 1102 adr_int32(&adr, (int32_t *)groups, n_groups); 1103 1104 return (token); 1105} 1106 1107/* 1108 * au_to_exec_args 1109 * returns: 1110 * pointer to an exec args token. 1111 */ 1112token_t * 1113au_to_exec_args(char **argv) 1114{ 1115 return (au_to_exec(argv, AUT_EXEC_ARGS)); 1116} 1117 1118/* 1119 * au_to_exec_env 1120 * returns: 1121 * pointer to an exec args token. 1122 */ 1123token_t * 1124au_to_exec_env(char **envp) 1125{ 1126 return (au_to_exec(envp, AUT_EXEC_ENV)); 1127} 1128 1129/* 1130 * au_to_exec 1131 * returns: 1132 * pointer to an exec args token. 1133 */ 1134static token_t * 1135au_to_exec(char **v, char data_header) 1136{ 1137 token_t *token; 1138 adr_t adr; 1139 char **p; 1140 int32_t n = 0; 1141 int len = 0; 1142 1143 for (p = v; *p != NULL; p++) { 1144 len += strlen(*p) + 1; 1145 n++; 1146 } 1147 token = get_token(sizeof (char) + sizeof (int32_t) + len); 1148 if (token == (token_t *)NULL) 1149 return ((token_t *)NULL); 1150 adr_start(&adr, token->tt_data); 1151 adr_char(&adr, &data_header, 1); 1152 adr_int32(&adr, &n, 1); 1153 for (p = v; *p != NULL; p++) { 1154 adr_char(&adr, *p, strlen(*p) + 1); 1155 } 1156 return (token); 1157} 1158 1159/* 1160 * au_to_uauth 1161 * return s: 1162 * pointer to a uauth token. 1163 */ 1164token_t * 1165au_to_uauth(char *text) 1166{ 1167 token_t *token; /* local token */ 1168 adr_t adr; /* adr memory stream header */ 1169 char data_header = AUT_UAUTH; /* header for this token */ 1170 short bytes; /* length of string */ 1171 1172 bytes = strlen(text) + 1; 1173 1174 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1175 if (token == NULL) 1176 return (NULL); 1177 adr_start(&adr, token->tt_data); 1178 adr_char(&adr, &data_header, 1); 1179 adr_short(&adr, &bytes, 1); 1180 adr_char(&adr, text, bytes); 1181 1182 return (token); 1183} 1184 1185/* 1186 * au_to_upriv 1187 * return s: 1188 * pointer to a use of privilege token. 1189 */ 1190token_t * 1191au_to_upriv(char sorf, char *priv) 1192{ 1193 token_t *token; /* local token */ 1194 adr_t adr; /* adr memory stream header */ 1195 char data_header = AUT_UAUTH; /* header for this token */ 1196 short bytes; /* length of string */ 1197 1198 bytes = strlen(priv) + 1; 1199 1200 token = get_token(sizeof (char) + sizeof (char) + sizeof (short) + 1201 bytes); 1202 if (token == NULL) 1203 return (NULL); 1204 adr_start(&adr, token->tt_data); 1205 adr_char(&adr, &data_header, 1); 1206 adr_char(&adr, &sorf, 1); /* success/failure */ 1207 adr_short(&adr, &bytes, 1); 1208 adr_char(&adr, priv, bytes); 1209 1210 return (token); 1211} 1212 1213/* 1214 * au_to_xatom 1215 * return s: 1216 * pointer to a xatom token. 1217 */ 1218token_t * 1219au_to_xatom(char *atom) 1220{ 1221 token_t *token; /* local token */ 1222 adr_t adr; /* adr memory stream header */ 1223 char data_header = AUT_XATOM; /* header for this token */ 1224 short len; 1225 1226 len = strlen(atom) + 1; 1227 1228 token = get_token(sizeof (char) + sizeof (short) + len); 1229 if (token == NULL) 1230 return (NULL); 1231 adr_start(&adr, token->tt_data); 1232 adr_char(&adr, &data_header, 1); 1233 adr_short(&adr, (short *)&len, 1); 1234 adr_char(&adr, atom, len); 1235 1236 return (token); 1237} 1238 1239/* 1240 * au_to_xselect 1241 * return s: 1242 * pointer to a X select token. 1243 */ 1244token_t * 1245au_to_xselect(char *propname, char *proptype, char *windata) 1246{ 1247 token_t *token; /* local token */ 1248 adr_t adr; /* adr memory stream header */ 1249 char data_header = AUT_XSELECT; /* header for this token */ 1250 short proplen; 1251 short typelen; 1252 short datalen; 1253 1254 proplen = strlen(propname) + 1; 1255 typelen = strlen(proptype) + 1; 1256 datalen = strlen(windata) + 1; 1257 1258 token = get_token(sizeof (char) + (sizeof (short) * 3) + 1259 proplen + typelen + datalen); 1260 if (token == NULL) 1261 return (NULL); 1262 adr_start(&adr, token->tt_data); 1263 adr_char(&adr, &data_header, 1); 1264 adr_short(&adr, &proplen, 1); 1265 adr_char(&adr, propname, proplen); 1266 adr_short(&adr, &typelen, 1); 1267 adr_char(&adr, proptype, typelen); 1268 adr_short(&adr, &datalen, 1); 1269 adr_char(&adr, windata, datalen); 1270 1271 return (token); 1272} 1273 1274/* 1275 * x_common 1276 * return s: 1277 * pointer to a common X token. 1278 */ 1279 1280static token_t * 1281x_common(char data_header, int32_t xid, uid_t cuid) 1282{ 1283 token_t *token; /* local token */ 1284 adr_t adr; /* adr memory stream header */ 1285 1286 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (uid_t)); 1287 if (token == NULL) 1288 return (NULL); 1289 adr_start(&adr, token->tt_data); 1290 adr_char(&adr, &data_header, 1); 1291 adr_int32(&adr, &xid, 1); 1292 adr_uid(&adr, &cuid, 1); 1293 1294 return (token); 1295} 1296 1297/* 1298 * au_to_xcolormap 1299 * return s: 1300 * pointer to a X Colormap token. 1301 */ 1302 1303token_t * 1304au_to_xcolormap(int32_t xid, uid_t cuid) 1305{ 1306 return (x_common(AUT_XCOLORMAP, xid, cuid)); 1307} 1308 1309/* 1310 * au_to_xcursor 1311 * return s: 1312 * pointer to a X Cursor token. 1313 */ 1314 1315token_t * 1316au_to_xcursor(int32_t xid, uid_t cuid) 1317{ 1318 return (x_common(AUT_XCURSOR, xid, cuid)); 1319} 1320 1321/* 1322 * au_to_xfont 1323 * return s: 1324 * pointer to a X Font token. 1325 */ 1326 1327token_t * 1328au_to_xfont(int32_t xid, uid_t cuid) 1329{ 1330 return (x_common(AUT_XFONT, xid, cuid)); 1331} 1332 1333/* 1334 * au_to_xgc 1335 * return s: 1336 * pointer to a X Graphic Context token. 1337 */ 1338 1339token_t * 1340au_to_xgc(int32_t xid, uid_t cuid) 1341{ 1342 return (x_common(AUT_XGC, xid, cuid)); 1343} 1344 1345/* 1346 * au_to_xpixmap 1347 * return s: 1348 * pointer to a X Pixal Map token. 1349 */ 1350 1351token_t * 1352au_to_xpixmap(int32_t xid, uid_t cuid) 1353{ 1354 return (x_common(AUT_XPIXMAP, xid, cuid)); 1355} 1356 1357/* 1358 * au_to_xwindow 1359 * return s: 1360 * pointer to a X Window token. 1361 */ 1362 1363token_t * 1364au_to_xwindow(int32_t xid, uid_t cuid) 1365{ 1366 return (x_common(AUT_XWINDOW, xid, cuid)); 1367} 1368 1369/* 1370 * au_to_xproperty 1371 * return s: 1372 * pointer to a X Property token. 1373 */ 1374 1375token_t * 1376au_to_xproperty(int32_t xid, uid_t cuid, char *propname) 1377{ 1378 token_t *token; /* local token */ 1379 adr_t adr; /* adr memory stream header */ 1380 char data_header = AUT_XPROPERTY; /* header for this token */ 1381 short proplen; 1382 1383 proplen = strlen(propname) + 1; 1384 1385 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (uid_t) + 1386 sizeof (short) + proplen); 1387 if (token == NULL) 1388 return (NULL); 1389 adr_start(&adr, token->tt_data); 1390 adr_char(&adr, &data_header, 1); 1391 adr_int32(&adr, &xid, 1); 1392 adr_uid(&adr, &cuid, 1); 1393 adr_short(&adr, &proplen, 1); 1394 adr_char(&adr, propname, proplen); 1395 1396 return (token); 1397} 1398 1399/* 1400 * au_to_xclient 1401 * return s: 1402 * pointer to a X Client token 1403 */ 1404 1405token_t * 1406au_to_xclient(uint32_t client) 1407{ 1408 token_t *token; /* local token */ 1409 adr_t adr; /* adr memory stream header */ 1410 char data_header = AUT_XCLIENT; /* header for this token */ 1411 1412 token = get_token(sizeof (char) + sizeof (uint32_t)); 1413 if (token == NULL) 1414 return (NULL); 1415 adr_start(&adr, token->tt_data); 1416 adr_char(&adr, &data_header, 1); 1417 adr_int32(&adr, (int32_t *)&client, 1); 1418 1419 return (token); 1420} 1421 1422/* 1423 * au_to_label 1424 * return s: 1425 * pointer to a label token. 1426 */ 1427token_t * 1428au_to_label(m_label_t *label) 1429{ 1430 token_t *token; /* local token */ 1431 adr_t adr; /* adr memory stream header */ 1432 char data_header = AUT_LABEL; /* header for this token */ 1433 size32_t llen = blabel_size(); 1434 1435 token = get_token(sizeof (char) + llen); 1436 if (token == NULL) { 1437 return (NULL); 1438 } else if (label == NULL) { 1439 free(token); 1440 return (NULL); 1441 } 1442 adr_start(&adr, token->tt_data); 1443 adr_char(&adr, &data_header, 1); 1444 adr_char(&adr, (char *)label, llen); 1445 1446 return (token); 1447} 1448 1449/* 1450 * au_to_mylabel 1451 * return s: 1452 * pointer to a label token. 1453 */ 1454token_t * 1455au_to_mylabel(void) 1456{ 1457 ucred_t *uc; 1458 token_t *token; 1459 1460 if ((uc = ucred_get(P_MYID)) == NULL) { 1461 return (NULL); 1462 } 1463 1464 token = au_to_label(ucred_getlabel(uc)); 1465 ucred_free(uc); 1466 return (token); 1467} 1468 1469/* 1470 * au_to_zonename 1471 * return s: 1472 * pointer to a zonename token. 1473 */ 1474token_t * 1475au_to_zonename(char *name) 1476{ 1477 token_t *token; /* local token */ 1478 adr_t adr; /* adr memory stream header */ 1479 char data_header = AUT_ZONENAME; /* header for this token */ 1480 short bytes; /* length of string */ 1481 1482 if (name == NULL) 1483 return (NULL); 1484 1485 bytes = strlen(name) + 1; 1486 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1487 if (token == NULL) 1488 return (NULL); 1489 adr_start(&adr, token->tt_data); 1490 adr_char(&adr, &data_header, 1); 1491 adr_short(&adr, &bytes, 1); 1492 adr_char(&adr, name, bytes); 1493 1494 return (token); 1495} 1496 1497/* 1498 * au_to_fmri 1499 * return s: 1500 * pointer to a fmri token. 1501 */ 1502token_t * 1503au_to_fmri(char *fmri) 1504{ 1505 token_t *token; /* local token */ 1506 adr_t adr; /* adr memory stream header */ 1507 char data_header = AUT_FMRI; /* header for this token */ 1508 short bytes; /* length of string */ 1509 1510 if (fmri == NULL) 1511 return (NULL); 1512 1513 bytes = strlen(fmri) + 1; 1514 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1515 if (token == NULL) 1516 return (NULL); 1517 adr_start(&adr, token->tt_data); 1518 adr_char(&adr, &data_header, 1); 1519 adr_short(&adr, &bytes, 1); 1520 adr_char(&adr, fmri, bytes); 1521 1522 return (token); 1523} 1524