1 /*-
2 * Copyright (c) 2006-2007 Robert N. M. Watson
3 * Copyright (c) 2008 Apple Inc.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 /*
29 * Generate a series of BSM token samples in the requested directory.
30 */
31
32 #include <sys/types.h>
33 #include <sys/socket.h>
34 #include <sys/stat.h>
35
36 #include <netinet/in.h>
37 #include <netinet/in_systm.h>
38 #include <netinet/ip.h>
39
40 #include <arpa/inet.h>
41
42 #include <bsm/audit_kevents.h>
43 #include <bsm/libbsm.h>
44
45 #include <err.h>
46 #include <errno.h>
47 #include <fcntl.h>
48 #include <limits.h>
49 #include <stdio.h>
50 #include <stdlib.h>
51 #include <string.h>
52 #include <sysexits.h>
53 #include <unistd.h>
54
55 static int do_records, do_tokens;
56
57 static void
usage(void)58 usage(void)
59 {
60
61 fprintf(stderr, "generate [-rt] path\n");
62 exit(EX_USAGE);
63 }
64
65 static int
open_file(const char * directory,const char * name)66 open_file(const char *directory, const char *name)
67 {
68 char pathname[PATH_MAX];
69 int fd;
70
71 snprintf(pathname, PATH_MAX, "%s/%s", directory, name);
72 (void)unlink(pathname);
73 fd = open(pathname, O_WRONLY | O_CREAT | O_EXCL, 0600);
74 if (fd < 0)
75 err(EX_CANTCREAT, "open: %s", name);
76 return (fd);
77 }
78
79 static void
write_file(int fd,void * buffer,size_t buflen,const char * filename)80 write_file(int fd, void *buffer, size_t buflen, const char *filename)
81 {
82 ssize_t len;
83
84 len = write(fd, buffer, buflen);
85 if (len < 0)
86 err(EX_OSERR, "write_file: %s", filename);
87 if (len < buflen)
88 err(EX_OSERR, "write_file: short write: %s", filename);
89 }
90
91 /*
92 * Write a single token to a file.
93 */
94 static void
write_token(const char * directory,const char * filename,token_t * tok)95 write_token(const char *directory, const char *filename, token_t *tok)
96 {
97 u_char buffer[MAX_AUDIT_RECORD_SIZE];
98 size_t buflen;
99 int fd;
100
101 buflen = MAX_AUDIT_RECORD_SIZE;
102 if (au_close_token(tok, buffer, &buflen) < 0)
103 err(EX_UNAVAILABLE, "au_close_token");
104 fd = open_file(directory, filename);
105 write_file(fd, buffer, buflen, filename);
106 close(fd);
107 }
108
109 /*
110 * Write a token to a file, wrapped in audit record header and trailer.
111 */
112 static void
write_record(const char * directory,const char * filename,token_t * tok,short event)113 write_record(const char *directory, const char *filename, token_t *tok,
114 short event)
115 {
116 u_char buffer[MAX_AUDIT_RECORD_SIZE];
117 size_t buflen;
118 int au, fd;
119
120 au = au_open();
121 if (au < 0)
122 err(EX_UNAVAILABLE, "au_open");
123 if (au_write(au, tok) < 0)
124 err(EX_UNAVAILABLE, "au_write");
125 buflen = MAX_AUDIT_RECORD_SIZE;
126 if (au_close_buffer(au, event, buffer, &buflen) < 0)
127 err(EX_UNAVAILABLE, "au_close_buffer");
128 fd = open_file(directory, filename);
129 write_file(fd, buffer, buflen, filename);
130 close(fd);
131 }
132
133 static struct timeval file_token_timeval = { 0x12345, 0x67890} ;
134
135 static void
generate_file_token(const char * directory,const char * token_filename)136 generate_file_token(const char *directory, const char *token_filename)
137 {
138 token_t *file_token;
139
140 file_token = au_to_file("test", file_token_timeval);
141 if (file_token == NULL)
142 err(EX_UNAVAILABLE, "au_to_file");
143 write_token(directory, token_filename, file_token);
144 }
145
146 static void
generate_file_record(const char * directory,const char * record_filename)147 generate_file_record(const char *directory, const char *record_filename)
148 {
149 token_t *file_token;
150
151 file_token = au_to_file("test", file_token_timeval);
152 if (file_token == NULL)
153 err(EX_UNAVAILABLE, "au_to_file");
154 write_record(directory, record_filename, file_token, AUE_NULL);
155 }
156
157 /*
158 * AUT_OHEADER
159 */
160
161 static int trailer_token_len = 0x12345678;
162
163 static void
generate_trailer_token(const char * directory,const char * token_filename)164 generate_trailer_token(const char *directory, const char *token_filename)
165 {
166 token_t *trailer_token;
167
168 trailer_token = au_to_trailer(trailer_token_len);
169 if (trailer_token == NULL)
170 err(EX_UNAVAILABLE, "au_to_trailer");
171 write_token(directory, token_filename, trailer_token);
172 }
173
174 static int header32_token_len = 0x12345678;
175 static au_event_t header32_e_type = AUE_OPEN;
176 static au_emod_t header32_e_mod = 0x4567;
177 static struct timeval header32_tm = { 0x12345, 0x67890 };
178
179 static void
generate_header32_token(const char * directory,const char * token_filename)180 generate_header32_token(const char *directory, const char *token_filename)
181 {
182 token_t *header32_token;
183
184 header32_token = au_to_header32_tm(header32_token_len,
185 header32_e_type, header32_e_mod, header32_tm);
186 if (header32_token == NULL)
187 err(EX_UNAVAILABLE, "au_to_header32");
188 write_token(directory, token_filename, header32_token);
189 }
190
191 /*
192 * AUT_HEADER32_EX
193 */
194
195 static char data_token_unit_print = AUP_STRING;
196 static char data_token_unit_type = AUR_CHAR;
197 static char *data_token_data = "SomeData";
198 static char data_token_unit_count = sizeof("SomeData") + 1;
199
200 static void
generate_data_token(const char * directory,const char * token_filename)201 generate_data_token(const char *directory, const char *token_filename)
202 {
203 token_t *data_token;
204
205 data_token = au_to_data(data_token_unit_print, data_token_unit_type,
206 data_token_unit_count, data_token_data);
207 if (data_token == NULL)
208 err(EX_UNAVAILABLE, "au_to_data");
209 write_token(directory, token_filename, data_token);
210 }
211
212 static void
generate_data_record(const char * directory,const char * record_filename)213 generate_data_record(const char *directory, const char *record_filename)
214 {
215 token_t *data_token;
216
217 data_token = au_to_data(data_token_unit_print, data_token_unit_type,
218 data_token_unit_count, data_token_data);
219 if (data_token == NULL)
220 err(EX_UNAVAILABLE, "au_to_data");
221 write_record(directory, record_filename, data_token, AUE_NULL);
222 }
223
224 static char ipc_type = AT_IPC_MSG;
225 static int ipc_id = 0x12345678;
226
227 static void
generate_ipc_token(const char * directory,const char * token_filename)228 generate_ipc_token(const char *directory, const char *token_filename)
229 {
230 token_t *ipc_token;
231
232 ipc_token = au_to_ipc(ipc_type, ipc_id);
233 if (ipc_token == NULL)
234 err(EX_UNAVAILABLE, "au_to_ipc");
235 write_token(directory, token_filename, ipc_token);
236 }
237
238 static void
generate_ipc_record(const char * directory,const char * record_filename)239 generate_ipc_record(const char *directory, const char *record_filename)
240 {
241 token_t *ipc_token;
242
243 ipc_token = au_to_ipc(ipc_type, ipc_id);
244 if (ipc_token == NULL)
245 err(EX_UNAVAILABLE, "au_to_ipc");
246 write_record(directory, record_filename, ipc_token, AUE_NULL);
247 }
248
249 static char *path_token_path = "/test/this/is/a/test";
250
251 static void
generate_path_token(const char * directory,const char * token_filename)252 generate_path_token(const char *directory, const char *token_filename)
253 {
254 token_t *path_token;
255
256 path_token = au_to_path(path_token_path);
257 if (path_token == NULL)
258 err(EX_UNAVAILABLE, "au_to_path");
259 write_token(directory, token_filename, path_token);
260 }
261
262 static void
generate_path_record(const char * directory,const char * record_filename)263 generate_path_record(const char *directory, const char *record_filename)
264 {
265 token_t *path_token;
266
267 path_token = au_to_path(path_token_path);
268 if (path_token == NULL)
269 err(EX_UNAVAILABLE, "au_to_path");
270 write_record(directory, record_filename, path_token, AUE_NULL);
271 }
272
273 static au_id_t subject32_auid = 0x12345678;
274 static uid_t subject32_euid = 0x01234567;
275 static gid_t subject32_egid = 0x23456789;
276 static uid_t subject32_ruid = 0x98765432;
277 static gid_t subject32_rgid = 0x09876543;
278 static pid_t subject32_pid = 0x13243546;
279 static au_asid_t subject32_sid = 0x97867564;
280 static au_tid_t subject32_tid = { 0x16593746 };
281 static au_tid_addr_t subject32_tid_addr = { 0x16593746 };
282
283 static void
generate_subject32_token(const char * directory,const char * token_filename)284 generate_subject32_token(const char *directory, const char *token_filename)
285 {
286 token_t *subject32_token;
287
288 subject32_tid.machine = inet_addr("127.0.0.1");
289
290 subject32_token = au_to_subject32(subject32_auid, subject32_euid,
291 subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
292 subject32_sid, &subject32_tid);
293 if (subject32_token == NULL)
294 err(EX_UNAVAILABLE, "au_to_subject32");
295 write_token(directory, token_filename, subject32_token);
296 }
297
298 static void
generate_subject32_record(const char * directory,const char * record_filename)299 generate_subject32_record(const char *directory, const char *record_filename)
300 {
301 token_t *subject32_token;
302
303 subject32_tid.machine = inet_addr("127.0.0.1");
304
305 subject32_token = au_to_subject32(subject32_auid, subject32_euid,
306 subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
307 subject32_sid, &subject32_tid);
308 if (subject32_token == NULL)
309 err(EX_UNAVAILABLE, "au_to_subject32");
310 write_record(directory, record_filename, subject32_token, AUE_NULL);
311 }
312
313 static void
generate_subject32ex_token(const char * directory,const char * token_filename,u_int32_t type)314 generate_subject32ex_token(const char *directory, const char *token_filename,
315 u_int32_t type)
316 {
317 token_t *subject32ex_token;
318 char *buf;
319
320 buf = (char *)malloc(strlen(token_filename) + 6);
321 if (type == AU_IPv6) {
322 inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr);
323 subject32_tid_addr.at_type = AU_IPv6;
324 sprintf(buf, "%s%s", token_filename, "-IPv6");
325 } else {
326 subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
327 subject32_tid_addr.at_type = AU_IPv4;
328 sprintf(buf, "%s%s", token_filename, "-IPv4");
329 }
330
331 subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid,
332 subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
333 subject32_sid, &subject32_tid_addr);
334 if (subject32ex_token == NULL)
335 err(EX_UNAVAILABLE, "au_to_subject32_ex");
336 write_token(directory, buf, subject32ex_token);
337 free(buf);
338 }
339
340 static void
generate_subject32ex_record(const char * directory,const char * record_filename,u_int32_t type)341 generate_subject32ex_record(const char *directory, const char *record_filename,
342 u_int32_t type)
343 {
344 token_t *subject32ex_token;
345 char *buf;
346
347 buf = (char *)malloc(strlen(record_filename) + 6);
348 if (type == AU_IPv6) {
349 inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr);
350 subject32_tid_addr.at_type = AU_IPv6;
351 sprintf(buf, "%s%s", record_filename, "-IPv6");
352 } else {
353 subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
354 subject32_tid_addr.at_type = AU_IPv4;
355 sprintf(buf, "%s%s", record_filename, "-IPv4");
356 }
357
358 subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid,
359 subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
360 subject32_sid, &subject32_tid_addr);
361 if (subject32ex_token == NULL)
362 err(EX_UNAVAILABLE, "au_to_subject32_ex");
363 write_record(directory, record_filename, subject32ex_token, AUE_NULL);
364 free(buf);
365 }
366
367 static au_id_t process32_auid = 0x12345678;
368 static uid_t process32_euid = 0x01234567;
369 static gid_t process32_egid = 0x23456789;
370 static uid_t process32_ruid = 0x98765432;
371 static gid_t process32_rgid = 0x09876543;
372 static pid_t process32_pid = 0x13243546;
373 static au_asid_t process32_sid = 0x97867564;
374 static au_tid_t process32_tid = { 0x16593746 };
375 static au_tid_addr_t process32_tid_addr = { 0x16593746 };
376
377 static void
generate_process32_token(const char * directory,const char * token_filename)378 generate_process32_token(const char *directory, const char *token_filename)
379 {
380 token_t *process32_token;
381
382 process32_tid.machine = inet_addr("127.0.0.1");
383
384 process32_token = au_to_process32(process32_auid, process32_euid,
385 process32_egid, process32_ruid, process32_rgid, process32_pid,
386 process32_sid, &process32_tid);
387 if (process32_token == NULL)
388 err(EX_UNAVAILABLE, "au_to_process32");
389 write_token(directory, token_filename, process32_token);
390 }
391
392 static void
generate_process32_record(const char * directory,const char * record_filename)393 generate_process32_record(const char *directory, const char *record_filename)
394 {
395 token_t *process32_token;
396
397 process32_tid.machine = inet_addr("127.0.0.1");
398
399 process32_token = au_to_process32(process32_auid, process32_euid,
400 process32_egid, process32_ruid, process32_rgid, process32_pid,
401 process32_sid, &process32_tid);
402 if (process32_token == NULL)
403 err(EX_UNAVAILABLE, "au_ti_process32");
404 write_record(directory, record_filename, process32_token, AUE_NULL);
405 }
406
407 static void
generate_process32ex_token(const char * directory,const char * token_filename,u_int32_t type)408 generate_process32ex_token(const char *directory, const char *token_filename,
409 u_int32_t type)
410 {
411 token_t *process32ex_token;
412 char *buf;
413
414 buf = (char *)malloc(strlen(token_filename) + 6);
415 if (type == AU_IPv6) {
416 inet_pton(AF_INET6, "fe80::1", process32_tid_addr.at_addr);
417 process32_tid_addr.at_type = AU_IPv6;
418 sprintf(buf, "%s%s", token_filename, "-IPv6");
419 } else {
420 process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
421 process32_tid_addr.at_type = AU_IPv4;
422 sprintf(buf, "%s%s", token_filename, "-IPv4");
423 }
424
425 process32ex_token = au_to_process32_ex(process32_auid, process32_euid,
426 process32_egid, process32_ruid, process32_rgid, process32_pid,
427 process32_sid, &process32_tid_addr);
428 if (process32ex_token == NULL)
429 err(EX_UNAVAILABLE, "au_to_process32_ex");
430 write_token(directory, buf, process32ex_token);
431 free(buf);
432 }
433
434 static void
generate_process32ex_record(const char * directory,const char * record_filename,u_int32_t type)435 generate_process32ex_record(const char *directory, const char *record_filename,
436 u_int32_t type)
437 {
438 token_t *process32ex_token;
439 char *buf;
440
441 buf = (char *)malloc(strlen(record_filename) + 6);
442 if (type == AU_IPv6) {
443 inet_pton(AF_INET6, "fe80::1", process32_tid_addr.at_addr);
444 process32_tid_addr.at_type = AU_IPv6;
445 sprintf(buf, "%s%s", record_filename, "-IPv6");
446 } else {
447 process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
448 process32_tid_addr.at_type = AU_IPv4;
449 sprintf(buf, "%s%s", record_filename, "-IPv4");
450 }
451
452 process32ex_token = au_to_process32_ex(process32_auid, process32_euid,
453 process32_egid, process32_ruid, process32_rgid, process32_pid,
454 process32_sid, &process32_tid_addr);
455 if (process32ex_token == NULL)
456 err(EX_UNAVAILABLE, "au_to_process32_ex");
457 write_record(directory, buf, process32ex_token, AUE_NULL);
458 free(buf);
459 }
460
461 static au_id_t process64_auid = 0x12345678;
462 static uid_t process64_euid = 0x01234567;
463 static gid_t process64_egid = 0x23456789;
464 static uid_t process64_ruid = 0x98765432;
465 static gid_t process64_rgid = 0x09876543;
466 static pid_t process64_pid = 0x13243546;
467 static au_asid_t process64_sid = 0x97867564;
468 static au_tid_t process64_tid = { 0x16593746 };
469 static au_tid_addr_t process64_tid_addr = { 0x16593746 };
470
471 static void
generate_process64_token(const char * directory,const char * token_filename)472 generate_process64_token(const char *directory, const char *token_filename)
473 {
474 token_t *process64_token;
475
476 process64_tid.machine = inet_addr("127.0.0.1");
477
478 process64_token = au_to_process64(process64_auid, process64_euid,
479 process64_egid, process64_ruid, process64_rgid, process64_pid,
480 process64_sid, &process64_tid);
481 if (process64_token == NULL)
482 err(EX_UNAVAILABLE, "au_to_process64");
483 write_token(directory, token_filename, process64_token);
484 }
485
486 static void
generate_process64_record(const char * directory,const char * record_filename)487 generate_process64_record(const char *directory, const char *record_filename)
488 {
489 token_t *process64_token;
490
491 process64_tid.machine = inet_addr("127.0.0.1");
492
493 process64_token = au_to_process64(process64_auid, process64_euid,
494 process64_egid, process64_ruid, process64_rgid, process64_pid,
495 process64_sid, &process64_tid);
496 if (process64_token == NULL)
497 err(EX_UNAVAILABLE, "au_ti_process64");
498 write_record(directory, record_filename, process64_token, AUE_NULL);
499 }
500
501 static void
generate_process64ex_token(const char * directory,const char * token_filename,u_int32_t type)502 generate_process64ex_token(const char *directory, const char *token_filename,
503 u_int32_t type)
504 {
505 token_t *process64ex_token;
506 char *buf;
507
508 buf = (char *)malloc(strlen(token_filename) + 6);
509 if (type == AU_IPv6) {
510 inet_pton(AF_INET6, "fe80::1", process64_tid_addr.at_addr);
511 process64_tid_addr.at_type = AU_IPv6;
512 sprintf(buf, "%s%s", token_filename, "-IPv6");
513 } else {
514 process64_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
515 process64_tid_addr.at_type = AU_IPv4;
516 sprintf(buf, "%s%s", token_filename, "-IPv4");
517 }
518
519 process64ex_token = au_to_process64_ex(process64_auid, process64_euid,
520 process64_egid, process64_ruid, process64_rgid, process64_pid,
521 process64_sid, &process64_tid_addr);
522 if (process64ex_token == NULL)
523 err(EX_UNAVAILABLE, "au_to_process64_ex");
524 write_token(directory, buf, process64ex_token);
525 free(buf);
526 }
527
528 static void
generate_process64ex_record(const char * directory,const char * record_filename,u_int32_t type)529 generate_process64ex_record(const char *directory, const char *record_filename,
530 u_int32_t type)
531 {
532 token_t *process64ex_token;
533 char *buf;
534
535 buf = (char *)malloc(strlen(record_filename) + 6);
536 if (type == AU_IPv6) {
537 inet_pton(AF_INET6, "fe80::1", process64_tid_addr.at_addr);
538 process64_tid_addr.at_type = AU_IPv6;
539 sprintf(buf, "%s%s", record_filename, "-IPv6");
540 } else {
541 process64_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
542 process64_tid_addr.at_type = AU_IPv4;
543 sprintf(buf, "%s%s", record_filename, "-IPv4");
544 }
545
546 process64ex_token = au_to_process64_ex(process64_auid, process64_euid,
547 process64_egid, process64_ruid, process64_rgid, process64_pid,
548 process64_sid, &process64_tid_addr);
549 if (process64ex_token == NULL)
550 err(EX_UNAVAILABLE, "au_to_process64_ex");
551 write_record(directory, buf, process64ex_token, AUE_NULL);
552 free(buf);
553 }
554
555 static char return32_status = EINVAL;
556 static uint32_t return32_ret = 0x12345678;
557
558 static void
generate_return32_token(const char * directory,const char * token_filename)559 generate_return32_token(const char *directory, const char *token_filename)
560 {
561 token_t *return32_token;
562
563 return32_token = au_to_return32(au_errno_to_bsm(return32_status),
564 return32_ret);
565 if (return32_token == NULL)
566 err(EX_UNAVAILABLE, "au_to_return32");
567 write_token(directory, token_filename, return32_token);
568 }
569
570 static void
generate_return32_record(const char * directory,const char * record_filename)571 generate_return32_record(const char *directory, const char *record_filename)
572 {
573 token_t *return32_token;
574
575 return32_token = au_to_return32(au_errno_to_bsm(return32_status),
576 return32_ret);
577 if (return32_token == NULL)
578 err(EX_UNAVAILABLE, "au_to_return32");
579 write_record(directory, record_filename, return32_token, AUE_NULL);
580 }
581
582 static char *text_token_text = "This is a test.";
583
584 static void
generate_text_token(const char * directory,const char * token_filename)585 generate_text_token(const char *directory, const char *token_filename)
586 {
587 token_t *text_token;
588
589 text_token = au_to_text(text_token_text);
590 if (text_token == NULL)
591 err(EX_UNAVAILABLE, "au_to_text");
592 write_token(directory, token_filename, text_token);
593 }
594
595 static void
generate_text_record(const char * directory,const char * record_filename)596 generate_text_record(const char *directory, const char *record_filename)
597 {
598 token_t *text_token;
599
600 text_token = au_to_text(text_token_text);
601 if (text_token == NULL)
602 err(EX_UNAVAILABLE, "au_to_text");
603 write_record(directory, record_filename, text_token, AUE_NULL);
604 }
605
606 static char opaque_token_data[] = {0xaa, 0xbb, 0xcc, 0xdd};
607 static int opaque_token_bytes = sizeof(opaque_token_data);
608
609 static void
generate_opaque_token(const char * directory,const char * token_filename)610 generate_opaque_token(const char *directory, const char *token_filename)
611 {
612 token_t *opaque_token;
613
614 opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes);
615 if (opaque_token == NULL)
616 err(EX_UNAVAILABLE, "au_to_opaque");
617 write_token(directory, token_filename, opaque_token);
618 }
619
620 static void
generate_opaque_record(const char * directory,const char * record_filename)621 generate_opaque_record(const char *directory, const char *record_filename)
622 {
623 token_t *opaque_token;
624
625 opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes);
626 if (opaque_token == NULL)
627 err(EX_UNAVAILABLE, "au_to_opaque");
628 write_record(directory, record_filename, opaque_token, AUE_NULL);
629 }
630
631 static struct in_addr in_addr_token_addr;
632
633 static void
generate_in_addr_token(const char * directory,const char * token_filename)634 generate_in_addr_token(const char *directory, const char *token_filename)
635 {
636 token_t *in_addr_token;
637
638 in_addr_token_addr.s_addr = inet_addr("192.168.100.15");
639
640 in_addr_token = au_to_in_addr(&in_addr_token_addr);
641 if (in_addr_token == NULL)
642 err(EX_UNAVAILABLE, "au_to_in_addr");
643 write_token(directory, token_filename, in_addr_token);
644 }
645
646 static void
generate_in_addr_record(const char * directory,const char * record_filename)647 generate_in_addr_record(const char *directory, const char *record_filename)
648 {
649 token_t *in_addr_token;
650
651 in_addr_token_addr.s_addr = inet_addr("192.168.100.15");
652
653 in_addr_token = au_to_in_addr(&in_addr_token_addr);
654 if (in_addr_token == NULL)
655 err(EX_UNAVAILABLE, "au_to_in_addr");
656 write_record(directory, record_filename, in_addr_token, AUE_NULL);
657 }
658
659 static struct ip ip_token_ip;
660 static u_char ip_token_ip_v = 4;
661 static uint16_t ip_token_ip_id = 0x5478;
662 static u_char ip_token_ip_ttl = 64;
663 static u_char ip_token_ip_p = IPPROTO_ICMP;
664 static struct in_addr ip_token_ip_src;
665 static struct in_addr ip_token_ip_dst;
666
667 static void
generate_ip_token(const char * directory,const char * token_filename)668 generate_ip_token(const char *directory, const char *token_filename)
669 {
670 token_t *ip_token;
671
672 ip_token_ip_src.s_addr = inet_addr("192.168.100.155");
673 ip_token_ip_dst.s_addr = inet_addr("192.168.110.48");
674
675 memset(&ip_token_ip, 0, sizeof(ip_token_ip));
676 ip_token_ip.ip_v = ip_token_ip_v;
677 ip_token_ip.ip_len = htons(sizeof(ip_token_ip));
678 ip_token_ip.ip_id = htons(ip_token_ip_id);
679 ip_token_ip.ip_ttl = ip_token_ip_ttl;
680 ip_token_ip.ip_p = ip_token_ip_p;
681 ip_token_ip.ip_src = ip_token_ip_src;
682 ip_token_ip.ip_dst = ip_token_ip_dst;
683
684 ip_token = au_to_ip(&ip_token_ip);
685 if (ip_token == NULL)
686 err(EX_UNAVAILABLE, "au_to_ip");
687 write_token(directory, token_filename, ip_token);
688 }
689
690 static void
generate_ip_record(const char * directory,const char * record_filename)691 generate_ip_record(const char *directory, const char *record_filename)
692 {
693 token_t *ip_token;
694
695 ip_token_ip_src.s_addr = inet_addr("192.168.100.155");
696 ip_token_ip_dst.s_addr = inet_addr("192.168.110.48");
697
698 memset(&ip_token_ip, 0, sizeof(ip_token_ip));
699 ip_token_ip.ip_v = ip_token_ip_v;
700 ip_token_ip.ip_len = htons(sizeof(ip_token_ip));
701 ip_token_ip.ip_id = htons(ip_token_ip_id);
702 ip_token_ip.ip_ttl = ip_token_ip_ttl;
703 ip_token_ip.ip_p = ip_token_ip_p;
704 ip_token_ip.ip_src = ip_token_ip_src;
705 ip_token_ip.ip_dst = ip_token_ip_dst;
706
707 ip_token = au_to_ip(&ip_token_ip);
708 if (ip_token == NULL)
709 err(EX_UNAVAILABLE, "au_to_ip");
710 write_record(directory, record_filename, ip_token, AUE_NULL);
711 }
712
713 static u_int16_t iport_token_iport;
714
715 static void
generate_iport_token(const char * directory,const char * token_filename)716 generate_iport_token(const char *directory, const char *token_filename)
717 {
718 token_t *iport_token;
719
720 iport_token_iport = htons(80);
721
722 iport_token = au_to_iport(iport_token_iport);
723 if (iport_token == NULL)
724 err(EX_UNAVAILABLE, "au_to_iport");
725 write_token(directory, token_filename, iport_token);
726 }
727
728 static void
generate_iport_record(const char * directory,const char * record_filename)729 generate_iport_record(const char *directory, const char *record_filename)
730 {
731 token_t *iport_token;
732
733 iport_token_iport = htons(80);
734
735 iport_token = au_to_iport(iport_token_iport);
736 if (iport_token == NULL)
737 err(EX_UNAVAILABLE, "au_to_iport");
738 write_record(directory, record_filename, iport_token, AUE_NULL);
739 }
740
741 static char arg32_token_n = 3;
742 static char *arg32_token_text = "test_arg32_token";
743 static uint32_t arg32_token_v = 0xabcdef00;
744
745 static void
generate_arg32_token(const char * directory,const char * token_filename)746 generate_arg32_token(const char *directory, const char *token_filename)
747 {
748 token_t *arg32_token;
749
750 arg32_token = au_to_arg32(arg32_token_n, arg32_token_text,
751 arg32_token_v);
752 if (arg32_token == NULL)
753 err(EX_UNAVAILABLE, "au_to_arg32");
754 write_token(directory, token_filename, arg32_token);
755 }
756
757 static void
generate_arg32_record(const char * directory,const char * record_filename)758 generate_arg32_record(const char *directory, const char *record_filename)
759 {
760 token_t *arg32_token;
761
762 arg32_token = au_to_arg32(arg32_token_n, arg32_token_text,
763 arg32_token_v);
764 if (arg32_token == NULL)
765 err(EX_UNAVAILABLE, "au_to_arg32");
766 write_record(directory, record_filename, arg32_token, AUE_NULL);
767 }
768
769 static long seq_audit_count = 0x12345678;
770
771 static void
generate_seq_token(const char * directory,const char * token_filename)772 generate_seq_token(const char *directory, const char *token_filename)
773 {
774 token_t *seq_token;
775
776 seq_token = au_to_seq(seq_audit_count);
777 if (seq_token == NULL)
778 err(EX_UNAVAILABLE, "au_to_seq");
779 write_token(directory, token_filename, seq_token);
780 }
781
782 static void
generate_seq_record(const char * directory,const char * record_filename)783 generate_seq_record(const char *directory, const char *record_filename)
784 {
785 token_t *seq_token;
786
787 seq_token = au_to_seq(seq_audit_count);
788 if (seq_token == NULL)
789 err(EX_UNAVAILABLE, "au_to_seq");
790 write_record(directory, record_filename, seq_token, AUE_NULL);
791 }
792
793 #if 0
794 /*
795 * AUT_ACL
796 */
797
798 static void
799 generate_attr_token(const char *directory, const char *token_filename)
800 {
801 token_t *attr_token;
802
803 }
804
805 static void
806 generate_attr_record(const char *directory, const char *record_filename)
807 {
808 token_t *attr_token;
809
810 }
811
812 static void
813 generate_ipc_perm_token(const char *directory, const char *token_filename)
814 {
815 token_t *ipc_perm_token;
816
817 }
818
819 static void
820 generate_ipc_perm_record(const char *directory, const char *record_filename)
821 {
822 token_t *ipc_perm_token;
823
824 }
825 #endif
826
827 #if 0
828 /*
829 * AUT_LABEL
830 */
831
832 static void
833 generate_groups_token(const char *directory, const char *token_filename)
834 {
835 token_t *groups_token;
836
837 }
838
839 static void
840 generate_groups_record(const char *directory, const char *record_filename)
841 {
842 token_t *groups_token;
843
844 }
845 #endif
846
847 /*
848 * AUT_ILABEL
849 */
850
851 /*
852 * AUT_SLABEL
853 */
854
855 /*
856 * AUT_CLEAR
857 */
858
859 /*
860 * AUT_PRIV
861 */
862
863 /*
864 * AUT_UPRIV
865 */
866
867 /*
868 * AUT_LIAISON
869 */
870
871 /*
872 * AUT_NEWGROUPS
873 */
874
875 /*
876 * AUT_EXEC_ARGS
877 */
878
879 /*
880 * AUT_EXEC_ENV
881 */
882
883 #if 0
884 static void
885 generate_attr32_token(const char *directory, const char *token_filename)
886 {
887 token_t *attr32_token;
888
889 }
890
891 static void
892 generate_attr32_record(const char *directory, const char *record_filename)
893 {
894 token_t *attr32_token;
895
896 }
897 #endif
898
899 static char *zonename_sample = "testzone";
900
901 static void
generate_zonename_token(const char * directory,const char * token_filename)902 generate_zonename_token(const char *directory, const char *token_filename)
903 {
904 token_t *zonename_token;
905
906 zonename_token = au_to_zonename(zonename_sample);
907 if (zonename_token == NULL)
908 err(EX_UNAVAILABLE, "au_to_zonename");
909 write_token(directory, token_filename, zonename_token);
910 }
911
912 static void
generate_zonename_record(const char * directory,const char * record_filename)913 generate_zonename_record(const char *directory, const char *record_filename)
914 {
915 token_t *zonename_token;
916
917 zonename_token = au_to_zonename(zonename_sample);
918 if (zonename_token == NULL)
919 err(EX_UNAVAILABLE, "au_to_zonename");
920 write_record(directory, record_filename, zonename_token, AUE_NULL);
921 }
922
923 static u_short socketex_domain = PF_INET;
924 static u_short socketex_type = SOCK_STREAM;
925 static struct sockaddr_in socketex_laddr, socketex_raddr;
926
927 static void
generate_socketex_token(const char * directory,const char * token_filename)928 generate_socketex_token(const char *directory, const char *token_filename)
929 {
930 token_t *socketex_token;
931
932 bzero(&socketex_laddr, sizeof(socketex_laddr));
933 socketex_laddr.sin_family = AF_INET;
934 socketex_laddr.sin_len = sizeof(socketex_laddr);
935 socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
936
937 bzero(&socketex_raddr, sizeof(socketex_raddr));
938 socketex_raddr.sin_family = AF_INET;
939 socketex_raddr.sin_len = sizeof(socketex_raddr);
940 socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
941
942 socketex_token = au_to_socket_ex(au_domain_to_bsm(socketex_domain),
943 au_socket_type_to_bsm(socketex_type),
944 (struct sockaddr *)&socketex_laddr,
945 (struct sockaddr *)&socketex_raddr);
946 if (socketex_token == NULL)
947 err(EX_UNAVAILABLE, "au_to_socket_ex");
948 write_token(directory, token_filename, socketex_token);
949 }
950
951 static void
generate_socketex_record(const char * directory,const char * record_filename)952 generate_socketex_record(const char *directory, const char *record_filename)
953 {
954 token_t *socketex_token;
955
956 bzero(&socketex_laddr, sizeof(socketex_laddr));
957 socketex_laddr.sin_family = AF_INET;
958 socketex_laddr.sin_len = sizeof(socketex_laddr);
959 socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
960
961 bzero(&socketex_raddr, sizeof(socketex_raddr));
962 socketex_raddr.sin_family = AF_INET;
963 socketex_raddr.sin_len = sizeof(socketex_raddr);
964 socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
965
966 socketex_token = au_to_socket_ex(au_domain_to_bsm(socketex_domain),
967 au_socket_type_to_bsm(socketex_type),
968 (struct sockaddr *)&socketex_laddr,
969 (struct sockaddr *)&socketex_raddr);
970 if (socketex_token == NULL)
971 err(EX_UNAVAILABLE, "au_to_socket_ex");
972 write_record(directory, record_filename, socketex_token, AUE_NULL);
973 }
974
975 /*
976 * Generate a series of error-number specific return tokens in records.
977 */
978 static void
generate_error_record(const char * directory,const char * filename,int error)979 generate_error_record(const char *directory, const char *filename, int error)
980 {
981 char pathname[PATH_MAX];
982 token_t *return32_token;
983
984 return32_token = au_to_return32(au_errno_to_bsm(error), -1);
985 if (return32_token == NULL)
986 err(EX_UNAVAILABLE, "au_to_return32");
987 (void)snprintf(pathname, PATH_MAX, "%s_record", filename);
988 write_record(directory, pathname, return32_token, AUE_NULL);
989 }
990
991 /*
992 * Not all the error numbers, just a few present on all platforms for now.
993 */
994 const struct {
995 int error_number;
996 const char *error_name;
997 } error_list[] = {
998 { EPERM, "EPERM" },
999 { ENOENT, "ENOENT" },
1000 { ESRCH, "ESRCH" },
1001 { EINTR, "EINTR" },
1002 { EIO, "EIO" },
1003 { ENXIO, "ENXIO" },
1004 { E2BIG, "E2BIG" },
1005 { ENOEXEC, "ENOEXEC" },
1006 { EBADF, "EBADF" },
1007 { ECHILD, "ECHILD" },
1008 { EDEADLK, "EDEADLK" },
1009 { ENOMEM, "ENOMEM" },
1010 { EACCES, "EACCES" },
1011 { EFAULT, "EFAULT" },
1012 { ENOTBLK, "ENOTBLK" },
1013 { EBUSY, "EBUSY" },
1014 { EEXIST, "EEXIST" },
1015 { EXDEV, "EXDEV" },
1016 { ENODEV, "ENODEV" },
1017 { ENOTDIR, "ENOTDIR" },
1018 { EISDIR, "EISDIR" },
1019 { EINVAL, "EINVAL" },
1020 { ENFILE, "ENFILE" },
1021 { EMFILE, "EMFILE" },
1022 { ENOTTY, "ENOTTY" },
1023 { ETXTBSY, "ETXTBSY" },
1024 { EFBIG, "EFBIG" },
1025 { ENOSPC, "ENOSPC" },
1026 { ESPIPE, "ESPIPE" },
1027 { EROFS, "EROFS" },
1028 { EMLINK, "EMLINK" },
1029 { EPIPE, "EPIPE" }
1030 };
1031 const int error_list_count = sizeof(error_list)/sizeof(error_list[0]);
1032
1033 static void
do_error_records(const char * directory)1034 do_error_records(const char *directory)
1035 {
1036 int i;
1037
1038 for (i = 0; i < error_list_count; i++)
1039 generate_error_record(directory, error_list[i].error_name,
1040 error_list[i].error_number);
1041 }
1042
1043 int
main(int argc,char * argv[])1044 main(int argc, char *argv[])
1045 {
1046 const char *directory;
1047 int ch;
1048
1049 while ((ch = getopt(argc, argv, "rt")) != -1) {
1050 switch (ch) {
1051 case 'r':
1052 do_records++;
1053 break;
1054
1055 case 't':
1056 do_tokens++;
1057 break;
1058
1059 default:
1060 usage();
1061 }
1062 }
1063
1064 argc -= optind;
1065 argv += optind;
1066
1067 if (argc != 1)
1068 usage();
1069
1070 directory = argv[0];
1071
1072 if (mkdir(directory, 0755) < 0 && errno != EEXIST)
1073 err(EX_OSERR, "mkdir: %s", directory);
1074
1075 if (do_tokens) {
1076 generate_file_token(directory, "file_token");
1077 generate_trailer_token(directory, "trailer_token");
1078 generate_header32_token(directory, "header32_token");
1079 generate_data_token(directory, "data_token");
1080 generate_ipc_token(directory, "ipc_token");
1081 generate_path_token(directory, "path_token");
1082 generate_subject32_token(directory, "subject32_token");
1083 generate_subject32ex_token(directory, "subject32ex_token",
1084 AU_IPv4);
1085 generate_subject32ex_token(directory, "subject32ex_token",
1086 AU_IPv6);
1087 generate_process32_token(directory, "process32_token");
1088 generate_process32ex_token(directory, "process32ex_token",
1089 AU_IPv4);
1090 generate_process32ex_token(directory, "process32ex_token",
1091 AU_IPv6);
1092 generate_process64_token(directory, "process64_token");
1093 generate_process64ex_token(directory, "process64ex_token",
1094 AU_IPv4);
1095 generate_process64ex_token(directory, "process64ex_token",
1096 AU_IPv6);
1097 generate_return32_token(directory, "return32_token");
1098 generate_text_token(directory, "text_token");
1099 generate_opaque_token(directory, "opaque_token");
1100 generate_in_addr_token(directory, "in_addr_token");
1101 generate_ip_token(directory, "ip_token");
1102 generate_iport_token(directory, "iport_token");
1103 generate_arg32_token(directory, "arg32_token");
1104 generate_seq_token(directory, "seq_token");
1105 #if 0
1106 generate_attr_token(directory, "attr_token");
1107 generate_ipc_perm_token(directory, "ipc_perm_token");
1108 generate_groups_token(directory, "groups_token");
1109 generate_attr32_token(directory, "attr32_token");
1110 #endif
1111 generate_zonename_token(directory, "zonename_token");
1112 generate_socketex_token(directory, "socketex_token");
1113 }
1114
1115 if (do_records) {
1116 generate_file_record(directory, "file_record");
1117 generate_data_record(directory, "data_record");
1118 generate_ipc_record(directory, "ipc_record");
1119 generate_path_record(directory, "path_record");
1120 generate_subject32_record(directory, "subject32_record");
1121 generate_subject32ex_record(directory, "subject32ex_record",
1122 AU_IPv4);
1123 generate_subject32ex_record(directory, "subject32ex_record",
1124 AU_IPv6);
1125 generate_process32_record(directory, "process32_record");
1126 generate_process32ex_record(directory, "process32ex_record",
1127 AU_IPv4);
1128 generate_process32ex_record(directory, "process32ex_record",
1129 AU_IPv6);
1130 generate_process64_record(directory, "process64_record");
1131 generate_process64ex_record(directory, "process64ex_record",
1132 AU_IPv4);
1133 generate_process64ex_record(directory, "process64ex_record",
1134 AU_IPv6);
1135 generate_return32_record(directory, "return32_record");
1136 generate_text_record(directory, "text_record");
1137 generate_opaque_record(directory, "opaque_record");
1138 generate_in_addr_record(directory, "in_addr_record");
1139 generate_ip_record(directory, "ip_record");
1140 generate_iport_record(directory, "iport_record");
1141 generate_arg32_record(directory, "arg32_record");
1142 generate_seq_record(directory, "seq_record");
1143 #if 0
1144 generate_attr_record(directory, "attr_record");
1145 generate_ipc_perm_record(directory, "ipc_perm_record");
1146 generate_groups_record(directory, "groups_record");
1147 generate_attr32_record(directory, "attr32_record");
1148 #endif
1149 generate_zonename_record(directory, "zonename_record");
1150 generate_socketex_record(directory, "socketex_record");
1151 do_error_records(directory);
1152 }
1153
1154 return (0);
1155 }
1156