1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26
27 #include <sys/types.h>
28 #include <unistd.h>
29 #include <bsm/audit.h>
30 #include <bsm/audit_record.h>
31 #include <bsm/libbsm.h>
32 #include <priv.h>
33 #include <sys/ipc.h>
34 #include <sys/param.h>
35 #include <sys/socket.h>
36 #include <sys/time.h>
37 #include <sys/vnode.h>
38 #include <malloc.h>
39 #include <net/route.h>
40 #include <netinet/in.h>
41 #include <netinet/in_pcb.h>
42 #include <string.h>
43 #include <ucred.h>
44 #include <zone.h>
45 #include <sys/tsol/label.h>
46
47 #define NGROUPS 16 /* XXX - temporary */
48
49 token_t *au_to_arg(char n, char *text, uint32_t v);
50 #pragma weak au_to_arg = au_to_arg32
51 token_t *au_to_return(char number, uint32_t value);
52 #pragma weak au_to_return = au_to_return32
53
54 static token_t *au_to_exec(char **, char);
55
56 static token_t *
get_token(int s)57 get_token(int s)
58 {
59 token_t *token; /* Resultant token */
60
61 if ((token = (token_t *)malloc(sizeof (token_t))) == NULL)
62 return (NULL);
63 if ((token->tt_data = malloc(s)) == NULL) {
64 free(token);
65 return (NULL);
66 }
67 token->tt_size = s;
68 token->tt_next = NULL;
69 return (token);
70 }
71
72 /*
73 * au_to_header
74 * return s:
75 * pointer to header token.
76 */
77 token_t *
au_to_header(au_event_t e_type,au_emod_t e_mod)78 au_to_header(au_event_t e_type, au_emod_t e_mod)
79 {
80 adr_t adr; /* adr memory stream header */
81 token_t *token; /* token pointer */
82 char version = TOKEN_VERSION; /* version of token family */
83 int32_t byte_count;
84 struct timeval tv;
85 #ifdef _LP64
86 char data_header = AUT_HEADER64; /* header for this token */
87
88 token = get_token(2 * sizeof (char) + sizeof (int32_t) +
89 2 * sizeof (int64_t) + 2 * sizeof (short));
90 #else
91 char data_header = AUT_HEADER32;
92
93 token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) +
94 2 * sizeof (short));
95 #endif
96
97 if (token == NULL)
98 return (NULL);
99 adr_start(&adr, token->tt_data);
100 adr_char(&adr, &data_header, 1); /* token ID */
101 adr_int32(&adr, &byte_count, 1); /* length of audit record */
102 adr_char(&adr, &version, 1); /* version of audit tokens */
103 adr_ushort(&adr, &e_type, 1); /* event ID */
104 adr_ushort(&adr, &e_mod, 1); /* event ID modifier */
105 #ifdef _LP64
106 adr_int64(&adr, (int64_t *)&tv, 2); /* time & date */
107 #else
108 adr_int32(&adr, (int32_t *)&tv, 2); /* time & date */
109 #endif
110 return (token);
111 }
112
113 /*
114 * au_to_header_ex
115 * return s:
116 * pointer to header token.
117 */
118 token_t *
au_to_header_ex(au_event_t e_type,au_emod_t e_mod)119 au_to_header_ex(au_event_t e_type, au_emod_t e_mod)
120 {
121 adr_t adr; /* adr memory stream header */
122 token_t *token; /* token pointer */
123 char version = TOKEN_VERSION; /* version of token family */
124 int32_t byte_count;
125 struct timeval tv;
126 auditinfo_addr_t audit_info;
127 au_tid_addr_t *host_info = &audit_info.ai_termid;
128 #ifdef _LP64
129 char data_header = AUT_HEADER64_EX; /* header for this token */
130 #else
131 char data_header = AUT_HEADER32_EX;
132 #endif
133
134 /* If our host address can't be determined, revert to un-extended hdr */
135
136 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
137 sizeof (audit_info)) < 0)
138 return (au_to_header(e_type, e_mod));
139
140 if (host_info->at_type == AU_IPv6)
141 if (IN6_IS_ADDR_UNSPECIFIED((in6_addr_t *)host_info->at_addr))
142 return (au_to_header(e_type, e_mod));
143 else
144 if (host_info->at_addr[0] == htonl(INADDR_ANY))
145 return (au_to_header(e_type, e_mod));
146
147 #ifdef _LP64
148 token = get_token(2 * sizeof (char) + sizeof (int32_t) +
149 2 * sizeof (int64_t) + 2 * sizeof (short) +
150 sizeof (int32_t) + host_info->at_type);
151 #else
152 token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) +
153 2 * sizeof (short) + sizeof (int32_t) + host_info->at_type);
154 #endif
155
156 if (token == NULL)
157 return (NULL);
158 adr_start(&adr, token->tt_data);
159 adr_char(&adr, &data_header, 1); /* token ID */
160 adr_int32(&adr, &byte_count, 1); /* length of audit record */
161 adr_char(&adr, &version, 1); /* version of audit tokens */
162 adr_ushort(&adr, &e_type, 1); /* event ID */
163 adr_ushort(&adr, &e_mod, 1); /* event ID modifier */
164 adr_int32(&adr, (int32_t *)&host_info->at_type, 1);
165 adr_char(&adr, (char *)host_info->at_addr,
166 (int)host_info->at_type);
167 #ifdef _LP64
168 adr_int64(&adr, (int64_t *)&tv, 2); /* time & date */
169 #else
170 adr_int32(&adr, (int32_t *)&tv, 2); /* time & date */
171 #endif
172 return (token);
173 }
174
175 /*
176 * au_to_trailer
177 * return s:
178 * pointer to a trailer token.
179 */
180 token_t *
au_to_trailer(void)181 au_to_trailer(void)
182 {
183 adr_t adr; /* adr memory stream header */
184 token_t *token; /* token pointer */
185 char data_header = AUT_TRAILER; /* header for this token */
186 short magic = (short)AUT_TRAILER_MAGIC; /* trailer magic number */
187 int32_t byte_count;
188
189 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (short));
190 if (token == NULL)
191 return (NULL);
192 adr_start(&adr, token->tt_data);
193 adr_char(&adr, &data_header, 1); /* token ID */
194 adr_short(&adr, &magic, 1); /* magic number */
195 adr_int32(&adr, &byte_count, 1); /* length of audit record */
196
197 return (token);
198 }
199
200 /*
201 * au_to_arg32
202 * return s:
203 * pointer to an argument token.
204 */
205 token_t *
au_to_arg32(char n,char * text,uint32_t v)206 au_to_arg32(char n, char *text, uint32_t v)
207 {
208 token_t *token; /* local token */
209 adr_t adr; /* adr memory stream header */
210 char data_header = AUT_ARG32; /* header for this token */
211 short bytes; /* length of string */
212
213 bytes = strlen(text) + 1;
214
215 token = get_token((int)(2 * sizeof (char) + sizeof (int32_t) +
216 sizeof (short) + bytes));
217 if (token == NULL)
218 return (NULL);
219 adr_start(&adr, token->tt_data);
220 adr_char(&adr, &data_header, 1); /* token type */
221 adr_char(&adr, &n, 1); /* argument id */
222 adr_int32(&adr, (int32_t *)&v, 1); /* argument value */
223 adr_short(&adr, &bytes, 1);
224 adr_char(&adr, text, bytes);
225
226 return (token);
227 }
228
229 /*
230 * au_to_arg64
231 * return s:
232 * pointer to an argument token.
233 */
234 token_t *
au_to_arg64(char n,char * text,uint64_t v)235 au_to_arg64(char n, char *text, uint64_t v)
236 {
237 token_t *token; /* local token */
238 adr_t adr; /* adr memory stream header */
239 char data_header = AUT_ARG64; /* header for this token */
240 short bytes; /* length of string */
241
242 bytes = strlen(text) + 1;
243
244 token = get_token((int)(2 * sizeof (char) + sizeof (int64_t) +
245 sizeof (short) + bytes));
246 if (token == NULL)
247 return (NULL);
248 adr_start(&adr, token->tt_data);
249 adr_char(&adr, &data_header, 1); /* token type */
250 adr_char(&adr, &n, 1); /* argument id */
251 adr_int64(&adr, (int64_t *)&v, 1); /* argument value */
252 adr_short(&adr, &bytes, 1);
253 adr_char(&adr, text, bytes);
254
255 return (token);
256 }
257
258
259 /*
260 * au_to_attr
261 * return s:
262 * pointer to an attribute token.
263 */
264 token_t *
au_to_attr(struct vattr * attr)265 au_to_attr(struct vattr *attr)
266 {
267 token_t *token; /* local token */
268 adr_t adr; /* adr memory stream header */
269 int32_t value;
270 #ifdef _LP64
271 char data_header = AUT_ATTR64; /* header for this token */
272
273 token = get_token(sizeof (char) +
274 sizeof (int32_t) * 4 +
275 sizeof (int64_t) * 2);
276 #else
277 char data_header = AUT_ATTR32;
278
279 token = get_token(sizeof (char) + sizeof (int32_t) * 5 +
280 sizeof (int64_t));
281 #endif
282
283 if (token == NULL)
284 return (NULL);
285 adr_start(&adr, token->tt_data);
286 adr_char(&adr, &data_header, 1);
287 value = (int32_t)attr->va_mode;
288 adr_int32(&adr, &value, 1);
289 value = (int32_t)attr->va_uid;
290 adr_int32(&adr, &value, 1);
291 value = (int32_t)attr->va_gid;
292 adr_int32(&adr, &value, 1);
293 adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1);
294 adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1);
295 #ifdef _LP64
296 adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1);
297 #else
298 adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1);
299 #endif
300
301 return (token);
302 }
303
304 /*
305 * au_to_data
306 * return s:
307 * pointer to a data token.
308 */
309 token_t *
au_to_data(char unit_print,char unit_type,char unit_count,char * p)310 au_to_data(char unit_print, char unit_type, char unit_count, char *p)
311 {
312 adr_t adr; /* adr memory stream header */
313 token_t *token; /* token pointer */
314 char data_header = AUT_DATA; /* header for this token */
315 int byte_count; /* number of bytes */
316
317 if (p == NULL || unit_count < 1)
318 return (NULL);
319
320 /*
321 * Check validity of print type
322 */
323 if (unit_print < AUP_BINARY || unit_print > AUP_STRING)
324 return (NULL);
325
326 switch (unit_type) {
327 case AUR_SHORT:
328 byte_count = unit_count * sizeof (short);
329 break;
330 case AUR_INT32:
331 byte_count = unit_count * sizeof (int32_t);
332 break;
333 case AUR_INT64:
334 byte_count = unit_count * sizeof (int64_t);
335 break;
336 /* case AUR_CHAR: */
337 case AUR_BYTE:
338 byte_count = unit_count * sizeof (char);
339 break;
340 default:
341 return (NULL);
342 }
343
344 token = get_token((int)(4 * sizeof (char) + byte_count));
345 if (token == NULL)
346 return (NULL);
347 adr_start(&adr, token->tt_data);
348 adr_char(&adr, &data_header, 1);
349 adr_char(&adr, &unit_print, 1);
350 adr_char(&adr, &unit_type, 1);
351 adr_char(&adr, &unit_count, 1);
352
353 switch (unit_type) {
354 case AUR_SHORT:
355 /* LINTED */
356 adr_short(&adr, (short *)p, unit_count);
357 break;
358 case AUR_INT32:
359 /* LINTED */
360 adr_int32(&adr, (int32_t *)p, unit_count);
361 break;
362 case AUR_INT64:
363 /* LINTED */
364 adr_int64(&adr, (int64_t *)p, unit_count);
365 break;
366 /* case AUR_CHAR: */
367 case AUR_BYTE:
368 adr_char(&adr, p, unit_count);
369 break;
370 }
371
372 return (token);
373 }
374
375 /*
376 * au_to_privset
377 *
378 * priv_type (LIMIT, INHERIT...) is the first string and privilege
379 * in translated into the second string. The format is as follows:
380 *
381 * token id adr_char
382 * priv type adr_string (short, string)
383 * priv set adr_string (short, string)
384 *
385 * return s:
386 * pointer to a AUT_PRIV token.
387 */
388 token_t *
au_to_privset(const char * priv_type,const priv_set_t * privilege)389 au_to_privset(const char *priv_type, const priv_set_t *privilege)
390 {
391 token_t *token; /* local token */
392 adr_t adr; /* adr memory stream header */
393 char data_header = AUT_PRIV; /* header for this token */
394 short t_bytes; /* length of type string */
395 short p_bytes; /* length of privilege string */
396 char *priv_string; /* privilege string */
397
398 t_bytes = strlen(priv_type) + 1;
399
400 if ((privilege == NULL) || (priv_string =
401 priv_set_to_str(privilege, ',',
402 PRIV_STR_LIT)) == NULL)
403 return (NULL);
404
405 p_bytes = strlen(priv_string) + 1;
406
407 token = get_token((int)(sizeof (char) + (2 * sizeof (short)) + t_bytes
408 + p_bytes));
409 if (token == NULL)
410 return (NULL);
411
412 adr_start(&adr, token->tt_data);
413 adr_char(&adr, &data_header, 1);
414 adr_short(&adr, &t_bytes, 1);
415 adr_char(&adr, (char *)priv_type, t_bytes);
416 adr_short(&adr, &p_bytes, 1);
417 adr_char(&adr, priv_string, p_bytes);
418
419 free(priv_string);
420
421 return (token);
422 }
423
424 /*
425 * au_to_process
426 * return s:
427 * pointer to a process token.
428 */
429
430 token_t *
au_to_process(au_id_t auid,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,pid_t pid,au_asid_t sid,au_tid_t * tid)431 au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
432 pid_t pid, au_asid_t sid, au_tid_t *tid)
433 {
434 token_t *token; /* local token */
435 adr_t adr; /* adr memory stream header */
436 #ifdef _LP64
437 char data_header = AUT_PROCESS64; /* header for this token */
438
439 token = get_token(sizeof (char) + 8 * sizeof (int32_t) +
440 sizeof (int64_t));
441 #else
442 char data_header = AUT_PROCESS32;
443
444 token = get_token(sizeof (char) + 9 * sizeof (int32_t));
445 #endif
446
447 if (token == NULL)
448 return (NULL);
449 adr_start(&adr, token->tt_data);
450 adr_char(&adr, &data_header, 1);
451 adr_int32(&adr, (int32_t *)&auid, 1);
452 adr_int32(&adr, (int32_t *)&euid, 1);
453 adr_int32(&adr, (int32_t *)&egid, 1);
454 adr_int32(&adr, (int32_t *)&ruid, 1);
455 adr_int32(&adr, (int32_t *)&rgid, 1);
456 adr_int32(&adr, (int32_t *)&pid, 1);
457 adr_int32(&adr, (int32_t *)&sid, 1);
458 #ifdef _LP64
459 adr_int64(&adr, (int64_t *)&tid->port, 1);
460 #else
461 adr_int32(&adr, (int32_t *)&tid->port, 1);
462 #endif
463 adr_int32(&adr, (int32_t *)&tid->machine, 1);
464
465 return (token);
466 }
467
468 /*
469 * au_to_process_ex
470 * return s:
471 * pointer to a process_ex token.
472 */
473 token_t *
au_to_process_ex(au_id_t auid,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,pid_t pid,au_asid_t sid,au_tid_addr_t * tid)474 au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
475 pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
476 {
477 token_t *token; /* local token */
478 adr_t adr; /* adr memory stream header */
479 char data_header; /* header for this token */
480
481 #ifdef _LP64
482 if (tid->at_type == AU_IPv6) {
483 data_header = AUT_PROCESS64_EX;
484 token = get_token(sizeof (char) + sizeof (int64_t) +
485 12 * sizeof (int32_t));
486 } else {
487 data_header = AUT_PROCESS64;
488 token = get_token(sizeof (char) + sizeof (int64_t) +
489 8 * sizeof (int32_t));
490 }
491 #else
492 if (tid->at_type == AU_IPv6) {
493 data_header = AUT_PROCESS32_EX;
494 token = get_token(sizeof (char) + 13 * sizeof (int32_t));
495 } else {
496 data_header = AUT_PROCESS32;
497 token = get_token(sizeof (char) + 9 * sizeof (int32_t));
498 }
499 #endif
500 if (token == NULL)
501 return (NULL);
502 adr_start(&adr, token->tt_data);
503 adr_char(&adr, &data_header, 1);
504 adr_int32(&adr, (int32_t *)&auid, 1);
505 adr_int32(&adr, (int32_t *)&euid, 1);
506 adr_int32(&adr, (int32_t *)&egid, 1);
507 adr_int32(&adr, (int32_t *)&ruid, 1);
508 adr_int32(&adr, (int32_t *)&rgid, 1);
509 adr_int32(&adr, (int32_t *)&pid, 1);
510 adr_int32(&adr, (int32_t *)&sid, 1);
511 #ifdef _LP64
512 adr_int64(&adr, (int64_t *)&tid->at_port, 1);
513 #else
514 adr_int32(&adr, (int32_t *)&tid->at_port, 1);
515 #endif
516 if (tid->at_type == AU_IPv6) {
517 adr_int32(&adr, (int32_t *)&tid->at_type, 1);
518 adr_char(&adr, (char *)tid->at_addr, 16);
519 } else {
520 adr_char(&adr, (char *)tid->at_addr, 4);
521 }
522
523 return (token);
524 }
525
526 /*
527 * au_to_seq
528 * return s:
529 * pointer to token chain containing a sequence token
530 */
531 token_t *
au_to_seq(int audit_count)532 au_to_seq(int audit_count)
533 {
534 token_t *token; /* local token */
535 adr_t adr; /* adr memory stream header */
536 char data_header = AUT_SEQ; /* header for this token */
537
538 token = get_token(sizeof (char) + sizeof (int32_t));
539 if (token == NULL)
540 return (NULL);
541 adr_start(&adr, token->tt_data);
542 adr_char(&adr, &data_header, 1);
543 adr_int32(&adr, (int32_t *)&audit_count, 1);
544
545 return (token);
546 }
547
548 /*
549 * au_to_socket
550 * return s:
551 * pointer to mbuf chain containing a socket token.
552 */
553 token_t *
au_to_socket(struct oldsocket * so)554 au_to_socket(struct oldsocket *so)
555 {
556 adr_t adr;
557 token_t *token;
558 char data_header = AUT_SOCKET;
559 struct inpcb *inp = so->so_pcb;
560
561 token = get_token(sizeof (char) + sizeof (short) * 3 +
562 sizeof (int32_t) * 2);
563 if (token == NULL)
564 return (NULL);
565 adr_start(&adr, token->tt_data);
566 adr_char(&adr, &data_header, 1);
567 adr_short(&adr, (short *)&so->so_type, 1);
568 adr_short(&adr, (short *)&inp->inp_lport, 1);
569 adr_int32(&adr, (int32_t *)&inp->inp_laddr, 1);
570 adr_short(&adr, (short *)&inp->inp_fport, 1);
571 adr_int32(&adr, (int32_t *)&inp->inp_faddr, 1);
572
573 return (token);
574 }
575
576 /*
577 * au_to_subject
578 * return s:
579 * pointer to a process token.
580 */
581
582 token_t *
au_to_subject(au_id_t auid,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,pid_t pid,au_asid_t sid,au_tid_t * tid)583 au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
584 pid_t pid, au_asid_t sid, au_tid_t *tid)
585 {
586 token_t *token; /* local token */
587 adr_t adr; /* adr memory stream header */
588 #ifdef _LP64
589 char data_header = AUT_SUBJECT64; /* header for this token */
590
591 token = get_token(sizeof (char) + sizeof (int64_t) +
592 8 * sizeof (int32_t));
593 #else
594 char data_header = AUT_SUBJECT32;
595
596 token = get_token(sizeof (char) + 9 * sizeof (int32_t));
597 #endif
598
599 if (token == NULL)
600 return (NULL);
601 adr_start(&adr, token->tt_data);
602 adr_char(&adr, &data_header, 1);
603 adr_int32(&adr, (int32_t *)&auid, 1);
604 adr_int32(&adr, (int32_t *)&euid, 1);
605 adr_int32(&adr, (int32_t *)&egid, 1);
606 adr_int32(&adr, (int32_t *)&ruid, 1);
607 adr_int32(&adr, (int32_t *)&rgid, 1);
608 adr_int32(&adr, (int32_t *)&pid, 1);
609 adr_int32(&adr, (int32_t *)&sid, 1);
610 #ifdef _LP64
611 adr_int64(&adr, (int64_t *)&tid->port, 1);
612 #else
613 adr_int32(&adr, (int32_t *)&tid->port, 1);
614 #endif
615 adr_int32(&adr, (int32_t *)&tid->machine, 1);
616
617 return (token);
618 }
619
620 /*
621 * au_to_subject_ex
622 * return s:
623 * pointer to a process token.
624 */
625
626 token_t *
au_to_subject_ex(au_id_t auid,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,pid_t pid,au_asid_t sid,au_tid_addr_t * tid)627 au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
628 pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
629 {
630 token_t *token; /* local token */
631 adr_t adr; /* adr memory stream header */
632 #ifdef _LP64
633 char data_header; /* header for this token */
634
635 if (tid->at_type == AU_IPv6) {
636 data_header = AUT_SUBJECT64_EX;
637 token = get_token(sizeof (char) + sizeof (int64_t) +
638 12 * sizeof (int32_t));
639 } else {
640 data_header = AUT_SUBJECT64;
641 token = get_token(sizeof (char) + sizeof (int64_t) +
642 8 * sizeof (int32_t));
643 }
644 #else
645 char data_header; /* header for this token */
646
647 if (tid->at_type == AU_IPv6) {
648 data_header = AUT_SUBJECT32_EX;
649 token = get_token(sizeof (char) + 13 * sizeof (int32_t));
650 } else {
651 data_header = AUT_SUBJECT32;
652 token = get_token(sizeof (char) + 9 * sizeof (int32_t));
653 }
654 #endif
655
656 if (token == NULL)
657 return (NULL);
658 adr_start(&adr, token->tt_data);
659 adr_char(&adr, &data_header, 1);
660 adr_int32(&adr, (int32_t *)&auid, 1);
661 adr_int32(&adr, (int32_t *)&euid, 1);
662 adr_int32(&adr, (int32_t *)&egid, 1);
663 adr_int32(&adr, (int32_t *)&ruid, 1);
664 adr_int32(&adr, (int32_t *)&rgid, 1);
665 adr_int32(&adr, (int32_t *)&pid, 1);
666 adr_int32(&adr, (int32_t *)&sid, 1);
667 #ifdef _LP64
668 adr_int64(&adr, (int64_t *)&tid->at_port, 1);
669 #else
670 adr_int32(&adr, (int32_t *)&tid->at_port, 1);
671 #endif
672 if (tid->at_type == AU_IPv6) {
673 adr_int32(&adr, (int32_t *)&tid->at_type, 1);
674 adr_char(&adr, (char *)tid->at_addr, 16);
675 } else {
676 adr_char(&adr, (char *)tid->at_addr, 4);
677 }
678
679 return (token);
680 }
681
682 /*
683 * au_to_me
684 * return s:
685 * pointer to a process token.
686 */
687
688 token_t *
au_to_me(void)689 au_to_me(void)
690 {
691 auditinfo_addr_t info;
692
693 if (getaudit_addr(&info, sizeof (info)))
694 return (NULL);
695 return (au_to_subject_ex(info.ai_auid, geteuid(), getegid(), getuid(),
696 getgid(), getpid(), info.ai_asid, &info.ai_termid));
697 }
698 /*
699 * au_to_text
700 * return s:
701 * pointer to a text token.
702 */
703 token_t *
au_to_text(char * text)704 au_to_text(char *text)
705 {
706 token_t *token; /* local token */
707 adr_t adr; /* adr memory stream header */
708 char data_header = AUT_TEXT; /* header for this token */
709 short bytes; /* length of string */
710
711 bytes = strlen(text) + 1;
712 token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
713 if (token == NULL)
714 return (NULL);
715 adr_start(&adr, token->tt_data);
716 adr_char(&adr, &data_header, 1);
717 adr_short(&adr, &bytes, 1);
718 adr_char(&adr, text, bytes);
719
720 return (token);
721 }
722
723 /*
724 * au_to_path
725 * return s:
726 * pointer to a path token.
727 */
728 token_t *
au_to_path(char * path)729 au_to_path(char *path)
730 {
731 token_t *token; /* local token */
732 adr_t adr; /* adr memory stream header */
733 char data_header = AUT_PATH; /* header for this token */
734 short bytes; /* length of string */
735
736 bytes = (short)strlen(path) + 1;
737
738 token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
739 if (token == NULL)
740 return (NULL);
741 adr_start(&adr, token->tt_data);
742 adr_char(&adr, &data_header, 1);
743 adr_short(&adr, &bytes, 1);
744 adr_char(&adr, path, bytes);
745
746 return (token);
747 }
748
749 /*
750 * au_to_cmd
751 * return s:
752 * pointer to an command line argument token
753 */
754 token_t *
au_to_cmd(uint_t argc,char ** argv,char ** envp)755 au_to_cmd(uint_t argc, char **argv, char **envp)
756 {
757 token_t *token; /* local token */
758 adr_t adr; /* adr memory stream header */
759 char data_header = AUT_CMD; /* header for this token */
760 short len = 0;
761 short cnt = 0;
762 short envc = 0;
763 short largc = (short)argc;
764
765 /*
766 * one char for the header, one short for argc,
767 * one short for # envp strings.
768 */
769 len = sizeof (char) + sizeof (short) + sizeof (short);
770
771 /* get sizes of strings */
772
773 for (cnt = 0; cnt < argc; cnt++) {
774 len += (short)sizeof (short) + (short)(strlen(argv[cnt]) + 1);
775 }
776
777 if (envp != NULL) {
778 for (envc = 0; envp[envc] != NULL; envc++) {
779 len += (short)sizeof (short) +
780 (short)(strlen(envp[envc]) + 1);
781 }
782 }
783
784 token = get_token(len);
785 if (token == NULL)
786 return (NULL);
787
788 adr_start(&adr, token->tt_data);
789 adr_char(&adr, &data_header, 1);
790
791 adr_short(&adr, &largc, 1);
792
793 for (cnt = 0; cnt < argc; cnt++) {
794 len = (short)(strlen(argv[cnt]) + 1);
795 adr_short(&adr, &len, 1);
796 adr_char(&adr, argv[cnt], len);
797 }
798
799 adr_short(&adr, &envc, 1);
800
801 for (cnt = 0; cnt < envc; cnt++) {
802 len = (short)(strlen(envp[cnt]) + 1);
803 adr_short(&adr, &len, 1);
804 adr_char(&adr, envp[cnt], len);
805 }
806
807 return (token);
808 }
809
810 /*
811 * au_to_exit
812 * return s:
813 * pointer to a exit value token.
814 */
815 token_t *
au_to_exit(int retval,int err)816 au_to_exit(int retval, int err)
817 {
818 token_t *token; /* local token */
819 adr_t adr; /* adr memory stream header */
820 char data_header = AUT_EXIT; /* header for this token */
821
822 token = get_token(sizeof (char) + (2 * sizeof (int32_t)));
823 if (token == NULL)
824 return (NULL);
825 adr_start(&adr, token->tt_data);
826 adr_char(&adr, &data_header, 1);
827 adr_int32(&adr, (int32_t *)&retval, 1);
828 adr_int32(&adr, (int32_t *)&err, 1);
829
830 return (token);
831 }
832
833 /*
834 * au_to_return
835 * return s:
836 * pointer to a return value token.
837 */
838 token_t *
au_to_return32(char number,uint32_t value)839 au_to_return32(char number, uint32_t value)
840 {
841 token_t *token; /* local token */
842 adr_t adr; /* adr memory stream header */
843 char data_header = AUT_RETURN32; /* header for this token */
844
845 token = get_token(2 * sizeof (char) + sizeof (int32_t));
846 if (token == NULL)
847 return (NULL);
848 adr_start(&adr, token->tt_data);
849 adr_char(&adr, &data_header, 1);
850 adr_char(&adr, &number, 1);
851 adr_int32(&adr, (int32_t *)&value, 1);
852
853 return (token);
854 }
855
856 /*
857 * au_to_return
858 * return s:
859 * pointer to a return value token.
860 */
861 token_t *
au_to_return64(char number,uint64_t value)862 au_to_return64(char number, uint64_t value)
863 {
864 token_t *token; /* local token */
865 adr_t adr; /* adr memory stream header */
866 char data_header = AUT_RETURN64; /* header for this token */
867
868 token = get_token(2 * sizeof (char) + sizeof (int64_t));
869 if (token == NULL)
870 return (NULL);
871 adr_start(&adr, token->tt_data);
872 adr_char(&adr, &data_header, 1);
873 adr_char(&adr, &number, 1);
874 adr_int64(&adr, (int64_t *)&value, 1);
875
876 return (token);
877 }
878
879
880 /*
881 * au_to_opaque
882 * return s:
883 * pointer to a opaque token.
884 */
885 token_t *
au_to_opaque(char * opaque,short bytes)886 au_to_opaque(char *opaque, short bytes)
887 {
888 token_t *token; /* local token */
889 adr_t adr; /* adr memory stream header */
890 char data_header = AUT_OPAQUE; /* header for this token */
891
892 if (bytes < 1)
893 return (NULL);
894
895 token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
896 if (token == NULL)
897 return (NULL);
898 adr_start(&adr, token->tt_data);
899 adr_char(&adr, &data_header, 1);
900 adr_short(&adr, &bytes, 1);
901 adr_char(&adr, opaque, bytes);
902
903 return (token);
904 }
905
906 /*
907 * au_to_in_addr
908 * return s:
909 * pointer to an internet address token
910 */
911 token_t *
au_to_in_addr(struct in_addr * internet_addr)912 au_to_in_addr(struct in_addr *internet_addr)
913 {
914 token_t *token; /* local token */
915 adr_t adr; /* adr memory stream header */
916 char data_header = AUT_IN_ADDR; /* header for this token */
917
918 token = get_token(sizeof (char) + sizeof (struct in_addr));
919 if (token == NULL)
920 return (NULL);
921 adr_start(&adr, token->tt_data);
922 adr_char(&adr, &data_header, 1);
923 adr_char(&adr, (char *)internet_addr, sizeof (struct in_addr));
924
925 return (token);
926 }
927
928 /*
929 * au_to_in_addr_ex
930 * return s:
931 * pointer to an internet extended token
932 */
933 token_t *
au_to_in_addr_ex(struct in6_addr * addr)934 au_to_in_addr_ex(struct in6_addr *addr)
935 {
936 token_t *token;
937 adr_t adr;
938
939 if (IN6_IS_ADDR_V4MAPPED(addr)) {
940 ipaddr_t in4;
941
942 /*
943 * An IPv4-mapped IPv6 address is really an IPv4 address
944 * in IPv6 format.
945 */
946
947 IN6_V4MAPPED_TO_IPADDR(addr, in4);
948 return (au_to_in_addr((struct in_addr *)&in4));
949
950 } else {
951 char data_header = AUT_IN_ADDR_EX;
952 int32_t type = AU_IPv6;
953
954 if ((token = get_token(sizeof (char) + sizeof (int32_t) +
955 sizeof (struct in6_addr))) == NULL) {
956 return (NULL);
957 }
958
959 adr_start(&adr, token->tt_data);
960 adr_char(&adr, &data_header, 1);
961 adr_int32(&adr, &type, 1);
962 adr_char(&adr, (char *)addr, sizeof (struct in6_addr));
963 }
964
965 return (token);
966 }
967
968 /*
969 * au_to_iport
970 * return s:
971 * pointer to token chain containing a ip port address token
972 */
973 token_t *
au_to_iport(ushort_t iport)974 au_to_iport(ushort_t iport)
975 {
976 token_t *token; /* local token */
977 adr_t adr; /* adr memory stream header */
978 char data_header = AUT_IPORT; /* header for this token */
979
980 token = get_token(sizeof (char) + sizeof (short));
981 if (token == NULL)
982 return (NULL);
983 adr_start(&adr, token->tt_data);
984 adr_char(&adr, &data_header, 1);
985 adr_short(&adr, (short *)&iport, 1);
986
987 return (token);
988 }
989
990 token_t *
au_to_ipc(char type,int id)991 au_to_ipc(char type, int id)
992 {
993 token_t *token; /* local token */
994 adr_t adr; /* adr memory stream header */
995 char data_header = AUT_IPC; /* header for this token */
996
997 token = get_token((2 * sizeof (char)) + sizeof (int32_t));
998 if (token == NULL)
999 return (NULL);
1000 adr_start(&adr, token->tt_data);
1001 adr_char(&adr, &data_header, 1);
1002 adr_char(&adr, &type, 1);
1003 adr_int32(&adr, (int32_t *)&id, 1);
1004
1005 return (token);
1006 }
1007
1008 /*
1009 * au_to_tid
1010 *
1011 * output format depends on type; at present only IP v4 and v6 addresses
1012 * are defined.
1013 *
1014 * IPv4 -- tid type, 16 bit remote port, 16 bit local port, ip type,
1015 * 32 bit IP address.
1016 * IPv6 -- tid type, 16 bit remote port, 16 bit local port, ip type,
1017 * 4 x 32 bit IP address.
1018 *
1019 */
1020 token_t *
au_to_tid(au_generic_tid_t * tid)1021 au_to_tid(au_generic_tid_t *tid)
1022 {
1023 char data_header = AUT_TID; /* header for this token */
1024 adr_t adr; /* adr memory stream header */
1025 token_t *token; /* local token */
1026 au_ip_t *ip;
1027
1028 switch (tid->gt_type) {
1029 case AU_IPADR:
1030 ip = &(tid->gt_adr.at_ip);
1031 token = get_token((int)(2 * sizeof (char) + 2 * sizeof (short) +
1032 sizeof (uint32_t) + ip->at_type));
1033 if (token == NULL)
1034 return (NULL);
1035
1036 adr_start(&adr, token->tt_data);
1037 adr_char(&adr, &data_header, 1);
1038 adr_char(&adr, (char *)&(tid->gt_type), 1);
1039 adr_short(&adr, (short *)&(ip->at_r_port), 1);
1040 adr_short(&adr, (short *)&(ip->at_l_port), 1);
1041 adr_int32(&adr, (int32_t *)&(ip->at_type), 1);
1042
1043 adr_char(&adr, (char *)ip->at_addr, ip->at_type);
1044
1045 break;
1046 default:
1047 return (NULL);
1048 }
1049 return (token);
1050 }
1051
1052 /*
1053 * The Modifier tokens
1054 */
1055
1056 /*
1057 * au_to_groups
1058 * return s:
1059 * pointer to a group list token.
1060 *
1061 * This function is obsolete. Please use au_to_newgroups.
1062 */
1063 token_t *
au_to_groups(int * groups)1064 au_to_groups(int *groups)
1065 {
1066 token_t *token; /* local token */
1067 adr_t adr; /* adr memory stream header */
1068 char data_header = AUT_GROUPS; /* header for this token */
1069
1070 token = get_token(sizeof (char) + NGROUPS * sizeof (int32_t));
1071 if (token == NULL)
1072 return (NULL);
1073 adr_start(&adr, token->tt_data);
1074 adr_char(&adr, &data_header, 1);
1075 adr_int32(&adr, (int32_t *)groups, NGROUPS);
1076
1077 return (token);
1078 }
1079
1080 /*
1081 * au_to_newgroups
1082 * return s:
1083 * pointer to a group list token.
1084 */
1085 token_t *
au_to_newgroups(int n,gid_t * groups)1086 au_to_newgroups(int n, gid_t *groups)
1087 {
1088 token_t *token; /* local token */
1089 adr_t adr; /* adr memory stream header */
1090 char data_header = AUT_NEWGROUPS; /* header for this token */
1091 short n_groups;
1092
1093 if (n < 0 || n > SHRT_MAX || groups == NULL)
1094 return (NULL);
1095 token = get_token(sizeof (char) + sizeof (short) + n * sizeof (gid_t));
1096 if (token == NULL)
1097 return (NULL);
1098 n_groups = (short)n;
1099 adr_start(&adr, token->tt_data);
1100 adr_char(&adr, &data_header, 1);
1101 adr_short(&adr, &n_groups, 1);
1102 adr_int32(&adr, (int32_t *)groups, n_groups);
1103
1104 return (token);
1105 }
1106
1107 /*
1108 * au_to_exec_args
1109 * returns:
1110 * pointer to an exec args token.
1111 */
1112 token_t *
au_to_exec_args(char ** argv)1113 au_to_exec_args(char **argv)
1114 {
1115 return (au_to_exec(argv, AUT_EXEC_ARGS));
1116 }
1117
1118 /*
1119 * au_to_exec_env
1120 * returns:
1121 * pointer to an exec args token.
1122 */
1123 token_t *
au_to_exec_env(char ** envp)1124 au_to_exec_env(char **envp)
1125 {
1126 return (au_to_exec(envp, AUT_EXEC_ENV));
1127 }
1128
1129 /*
1130 * au_to_exec
1131 * returns:
1132 * pointer to an exec args token.
1133 */
1134 static token_t *
au_to_exec(char ** v,char data_header)1135 au_to_exec(char **v, char data_header)
1136 {
1137 token_t *token;
1138 adr_t adr;
1139 char **p;
1140 int32_t n = 0;
1141 int len = 0;
1142
1143 for (p = v; *p != NULL; p++) {
1144 len += strlen(*p) + 1;
1145 n++;
1146 }
1147 token = get_token(sizeof (char) + sizeof (int32_t) + len);
1148 if (token == (token_t *)NULL)
1149 return ((token_t *)NULL);
1150 adr_start(&adr, token->tt_data);
1151 adr_char(&adr, &data_header, 1);
1152 adr_int32(&adr, &n, 1);
1153 for (p = v; *p != NULL; p++) {
1154 adr_char(&adr, *p, strlen(*p) + 1);
1155 }
1156 return (token);
1157 }
1158
1159 /*
1160 * au_to_uauth
1161 * return s:
1162 * pointer to a uauth token.
1163 */
1164 token_t *
au_to_uauth(char * text)1165 au_to_uauth(char *text)
1166 {
1167 token_t *token; /* local token */
1168 adr_t adr; /* adr memory stream header */
1169 char data_header = AUT_UAUTH; /* header for this token */
1170 short bytes; /* length of string */
1171
1172 bytes = strlen(text) + 1;
1173
1174 token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1175 if (token == NULL)
1176 return (NULL);
1177 adr_start(&adr, token->tt_data);
1178 adr_char(&adr, &data_header, 1);
1179 adr_short(&adr, &bytes, 1);
1180 adr_char(&adr, text, bytes);
1181
1182 return (token);
1183 }
1184
1185 /*
1186 * au_to_upriv
1187 * return s:
1188 * pointer to a use of privilege token.
1189 */
1190 token_t *
au_to_upriv(char sorf,char * priv)1191 au_to_upriv(char sorf, char *priv)
1192 {
1193 token_t *token; /* local token */
1194 adr_t adr; /* adr memory stream header */
1195 char data_header = AUT_UAUTH; /* header for this token */
1196 short bytes; /* length of string */
1197
1198 bytes = strlen(priv) + 1;
1199
1200 token = get_token(sizeof (char) + sizeof (char) + sizeof (short) +
1201 bytes);
1202 if (token == NULL)
1203 return (NULL);
1204 adr_start(&adr, token->tt_data);
1205 adr_char(&adr, &data_header, 1);
1206 adr_char(&adr, &sorf, 1); /* success/failure */
1207 adr_short(&adr, &bytes, 1);
1208 adr_char(&adr, priv, bytes);
1209
1210 return (token);
1211 }
1212
1213 /*
1214 * au_to_user
1215 * return s:
1216 * pointer to a user token.
1217 */
1218 token_t *
au_to_user(uid_t uid,char * username)1219 au_to_user(uid_t uid, char *username)
1220 {
1221 token_t *token; /* local token */
1222 adr_t adr; /* adr memory stream header */
1223 char data_header = AUT_USER; /* header for this token */
1224 short bytes; /* length of string */
1225
1226 bytes = (short)strlen(username) + 1;
1227
1228 token = get_token(sizeof (char) + sizeof (uid_t) + sizeof (short) +
1229 bytes);
1230 if (token == NULL)
1231 return (NULL);
1232 adr_start(&adr, token->tt_data);
1233 adr_char(&adr, &data_header, 1);
1234 adr_uid(&adr, &uid, 1);
1235 adr_short(&adr, &bytes, 1);
1236 adr_char(&adr, username, bytes);
1237
1238 return (token);
1239 }
1240
1241 /*
1242 * au_to_xatom
1243 * return s:
1244 * pointer to a xatom token.
1245 */
1246 token_t *
au_to_xatom(char * atom)1247 au_to_xatom(char *atom)
1248 {
1249 token_t *token; /* local token */
1250 adr_t adr; /* adr memory stream header */
1251 char data_header = AUT_XATOM; /* header for this token */
1252 short len;
1253
1254 len = strlen(atom) + 1;
1255
1256 token = get_token(sizeof (char) + sizeof (short) + len);
1257 if (token == NULL)
1258 return (NULL);
1259 adr_start(&adr, token->tt_data);
1260 adr_char(&adr, &data_header, 1);
1261 adr_short(&adr, (short *)&len, 1);
1262 adr_char(&adr, atom, len);
1263
1264 return (token);
1265 }
1266
1267 /*
1268 * au_to_xselect
1269 * return s:
1270 * pointer to a X select token.
1271 */
1272 token_t *
au_to_xselect(char * propname,char * proptype,char * windata)1273 au_to_xselect(char *propname, char *proptype, char *windata)
1274 {
1275 token_t *token; /* local token */
1276 adr_t adr; /* adr memory stream header */
1277 char data_header = AUT_XSELECT; /* header for this token */
1278 short proplen;
1279 short typelen;
1280 short datalen;
1281
1282 proplen = strlen(propname) + 1;
1283 typelen = strlen(proptype) + 1;
1284 datalen = strlen(windata) + 1;
1285
1286 token = get_token(sizeof (char) + (sizeof (short) * 3) +
1287 proplen + typelen + datalen);
1288 if (token == NULL)
1289 return (NULL);
1290 adr_start(&adr, token->tt_data);
1291 adr_char(&adr, &data_header, 1);
1292 adr_short(&adr, &proplen, 1);
1293 adr_char(&adr, propname, proplen);
1294 adr_short(&adr, &typelen, 1);
1295 adr_char(&adr, proptype, typelen);
1296 adr_short(&adr, &datalen, 1);
1297 adr_char(&adr, windata, datalen);
1298
1299 return (token);
1300 }
1301
1302 /*
1303 * x_common
1304 * return s:
1305 * pointer to a common X token.
1306 */
1307
1308 static token_t *
x_common(char data_header,int32_t xid,uid_t cuid)1309 x_common(char data_header, int32_t xid, uid_t cuid)
1310 {
1311 token_t *token; /* local token */
1312 adr_t adr; /* adr memory stream header */
1313
1314 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (uid_t));
1315 if (token == NULL)
1316 return (NULL);
1317 adr_start(&adr, token->tt_data);
1318 adr_char(&adr, &data_header, 1);
1319 adr_int32(&adr, &xid, 1);
1320 adr_uid(&adr, &cuid, 1);
1321
1322 return (token);
1323 }
1324
1325 /*
1326 * au_to_xcolormap
1327 * return s:
1328 * pointer to a X Colormap token.
1329 */
1330
1331 token_t *
au_to_xcolormap(int32_t xid,uid_t cuid)1332 au_to_xcolormap(int32_t xid, uid_t cuid)
1333 {
1334 return (x_common(AUT_XCOLORMAP, xid, cuid));
1335 }
1336
1337 /*
1338 * au_to_xcursor
1339 * return s:
1340 * pointer to a X Cursor token.
1341 */
1342
1343 token_t *
au_to_xcursor(int32_t xid,uid_t cuid)1344 au_to_xcursor(int32_t xid, uid_t cuid)
1345 {
1346 return (x_common(AUT_XCURSOR, xid, cuid));
1347 }
1348
1349 /*
1350 * au_to_xfont
1351 * return s:
1352 * pointer to a X Font token.
1353 */
1354
1355 token_t *
au_to_xfont(int32_t xid,uid_t cuid)1356 au_to_xfont(int32_t xid, uid_t cuid)
1357 {
1358 return (x_common(AUT_XFONT, xid, cuid));
1359 }
1360
1361 /*
1362 * au_to_xgc
1363 * return s:
1364 * pointer to a X Graphic Context token.
1365 */
1366
1367 token_t *
au_to_xgc(int32_t xid,uid_t cuid)1368 au_to_xgc(int32_t xid, uid_t cuid)
1369 {
1370 return (x_common(AUT_XGC, xid, cuid));
1371 }
1372
1373 /*
1374 * au_to_xpixmap
1375 * return s:
1376 * pointer to a X Pixal Map token.
1377 */
1378
1379 token_t *
au_to_xpixmap(int32_t xid,uid_t cuid)1380 au_to_xpixmap(int32_t xid, uid_t cuid)
1381 {
1382 return (x_common(AUT_XPIXMAP, xid, cuid));
1383 }
1384
1385 /*
1386 * au_to_xwindow
1387 * return s:
1388 * pointer to a X Window token.
1389 */
1390
1391 token_t *
au_to_xwindow(int32_t xid,uid_t cuid)1392 au_to_xwindow(int32_t xid, uid_t cuid)
1393 {
1394 return (x_common(AUT_XWINDOW, xid, cuid));
1395 }
1396
1397 /*
1398 * au_to_xproperty
1399 * return s:
1400 * pointer to a X Property token.
1401 */
1402
1403 token_t *
au_to_xproperty(int32_t xid,uid_t cuid,char * propname)1404 au_to_xproperty(int32_t xid, uid_t cuid, char *propname)
1405 {
1406 token_t *token; /* local token */
1407 adr_t adr; /* adr memory stream header */
1408 char data_header = AUT_XPROPERTY; /* header for this token */
1409 short proplen;
1410
1411 proplen = strlen(propname) + 1;
1412
1413 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (uid_t) +
1414 sizeof (short) + proplen);
1415 if (token == NULL)
1416 return (NULL);
1417 adr_start(&adr, token->tt_data);
1418 adr_char(&adr, &data_header, 1);
1419 adr_int32(&adr, &xid, 1);
1420 adr_uid(&adr, &cuid, 1);
1421 adr_short(&adr, &proplen, 1);
1422 adr_char(&adr, propname, proplen);
1423
1424 return (token);
1425 }
1426
1427 /*
1428 * au_to_xclient
1429 * return s:
1430 * pointer to a X Client token
1431 */
1432
1433 token_t *
au_to_xclient(uint32_t client)1434 au_to_xclient(uint32_t client)
1435 {
1436 token_t *token; /* local token */
1437 adr_t adr; /* adr memory stream header */
1438 char data_header = AUT_XCLIENT; /* header for this token */
1439
1440 token = get_token(sizeof (char) + sizeof (uint32_t));
1441 if (token == NULL)
1442 return (NULL);
1443 adr_start(&adr, token->tt_data);
1444 adr_char(&adr, &data_header, 1);
1445 adr_int32(&adr, (int32_t *)&client, 1);
1446
1447 return (token);
1448 }
1449
1450 /*
1451 * au_to_label
1452 * return s:
1453 * pointer to a label token.
1454 */
1455 token_t *
au_to_label(m_label_t * label)1456 au_to_label(m_label_t *label)
1457 {
1458 token_t *token; /* local token */
1459 adr_t adr; /* adr memory stream header */
1460 char data_header = AUT_LABEL; /* header for this token */
1461 size32_t llen = blabel_size();
1462
1463 token = get_token(sizeof (char) + llen);
1464 if (token == NULL) {
1465 return (NULL);
1466 } else if (label == NULL) {
1467 free(token);
1468 return (NULL);
1469 }
1470 adr_start(&adr, token->tt_data);
1471 adr_char(&adr, &data_header, 1);
1472 adr_char(&adr, (char *)label, llen);
1473
1474 return (token);
1475 }
1476
1477 /*
1478 * au_to_mylabel
1479 * return s:
1480 * pointer to a label token.
1481 */
1482 token_t *
au_to_mylabel(void)1483 au_to_mylabel(void)
1484 {
1485 ucred_t *uc;
1486 token_t *token;
1487
1488 if ((uc = ucred_get(P_MYID)) == NULL) {
1489 return (NULL);
1490 }
1491
1492 token = au_to_label(ucred_getlabel(uc));
1493 ucred_free(uc);
1494 return (token);
1495 }
1496
1497 /*
1498 * au_to_zonename
1499 * return s:
1500 * pointer to a zonename token.
1501 */
1502 token_t *
au_to_zonename(char * name)1503 au_to_zonename(char *name)
1504 {
1505 token_t *token; /* local token */
1506 adr_t adr; /* adr memory stream header */
1507 char data_header = AUT_ZONENAME; /* header for this token */
1508 short bytes; /* length of string */
1509
1510 if (name == NULL)
1511 return (NULL);
1512
1513 bytes = strlen(name) + 1;
1514 token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1515 if (token == NULL)
1516 return (NULL);
1517 adr_start(&adr, token->tt_data);
1518 adr_char(&adr, &data_header, 1);
1519 adr_short(&adr, &bytes, 1);
1520 adr_char(&adr, name, bytes);
1521
1522 return (token);
1523 }
1524
1525 /*
1526 * au_to_fmri
1527 * return s:
1528 * pointer to a fmri token.
1529 */
1530 token_t *
au_to_fmri(char * fmri)1531 au_to_fmri(char *fmri)
1532 {
1533 token_t *token; /* local token */
1534 adr_t adr; /* adr memory stream header */
1535 char data_header = AUT_FMRI; /* header for this token */
1536 short bytes; /* length of string */
1537
1538 if (fmri == NULL)
1539 return (NULL);
1540
1541 bytes = strlen(fmri) + 1;
1542 token = get_token((int)(sizeof (char) + sizeof (short) + bytes));
1543 if (token == NULL)
1544 return (NULL);
1545 adr_start(&adr, token->tt_data);
1546 adr_char(&adr, &data_header, 1);
1547 adr_short(&adr, &bytes, 1);
1548 adr_char(&adr, fmri, bytes);
1549
1550 return (token);
1551 }
1552