152267f74SRobert Watson /*- 206edd2f1SRobert Watson * Copyright (c) 2004-2009 Apple Inc. 3ca0716f5SRobert Watson * Copyright (c) 2005 SPARTA, Inc. 4ca0716f5SRobert Watson * All rights reserved. 5ca0716f5SRobert Watson * 6ca0716f5SRobert Watson * This code was developed in part by Robert N. M. Watson, Senior Principal 7ca0716f5SRobert Watson * Scientist, SPARTA, Inc. 8ca0716f5SRobert Watson * 9ca0716f5SRobert Watson * Redistribution and use in source and binary forms, with or without 10ca0716f5SRobert Watson * modification, are permitted provided that the following conditions 11ca0716f5SRobert Watson * are met: 12ca0716f5SRobert Watson * 1. Redistributions of source code must retain the above copyright 13ca0716f5SRobert Watson * notice, this list of conditions and the following disclaimer. 14ca0716f5SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 15ca0716f5SRobert Watson * notice, this list of conditions and the following disclaimer in the 16ca0716f5SRobert Watson * documentation and/or other materials provided with the distribution. 1752267f74SRobert Watson * 3. Neither the name of Apple Inc. ("Apple") nor the names of 18ca0716f5SRobert Watson * its contributors may be used to endorse or promote products derived 19ca0716f5SRobert Watson * from this software without specific prior written permission. 20ca0716f5SRobert Watson * 21ca0716f5SRobert Watson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 22ca0716f5SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23ca0716f5SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24ca0716f5SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 25ca0716f5SRobert Watson * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26ca0716f5SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27ca0716f5SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28ca0716f5SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 29ca0716f5SRobert Watson * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 30ca0716f5SRobert Watson * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31ca0716f5SRobert Watson * POSSIBILITY OF SUCH DAMAGE. 32ca0716f5SRobert Watson * 33597df30eSRobert Watson * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93 $ 34ca0716f5SRobert Watson */ 35ca0716f5SRobert Watson 36ca0716f5SRobert Watson #include <sys/types.h> 373b97a967SRobert Watson 383b97a967SRobert Watson #include <config/config.h> 397a0a89d2SRobert Watson #if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BE32ENC) 40ca0716f5SRobert Watson #include <sys/endian.h> 417a0a89d2SRobert Watson #else /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */ 423b97a967SRobert Watson #ifdef HAVE_MACHINE_ENDIAN_H 433b97a967SRobert Watson #include <machine/endian.h> 443b97a967SRobert Watson #else /* !HAVE_MACHINE_ENDIAN_H */ 453b97a967SRobert Watson #ifdef HAVE_ENDIAN_H 463b97a967SRobert Watson #include <endian.h> 473b97a967SRobert Watson #else /* !HAVE_ENDIAN_H */ 483b97a967SRobert Watson #error "No supported endian.h" 493b97a967SRobert Watson #endif /* !HAVE_ENDIAN_H */ 503b97a967SRobert Watson #endif /* !HAVE_MACHINE_ENDIAN_H */ 513b97a967SRobert Watson #include <compat/endian.h> 527a0a89d2SRobert Watson #endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */ 533b97a967SRobert Watson #ifdef HAVE_FULL_QUEUE_H 543b97a967SRobert Watson #include <sys/queue.h> 553b97a967SRobert Watson #else /* !HAVE_FULL_QUEUE_H */ 563b97a967SRobert Watson #include <compat/queue.h> 573b97a967SRobert Watson #endif /* !HAVE_FULL_QUEUE_H */ 583b97a967SRobert Watson 59ca0716f5SRobert Watson #include <sys/socket.h> 60ca0716f5SRobert Watson #include <sys/time.h> 61ca0716f5SRobert Watson #include <sys/un.h> 62ca0716f5SRobert Watson 63ca0716f5SRobert Watson #include <sys/ipc.h> 64ca0716f5SRobert Watson 65ca0716f5SRobert Watson #include <netinet/in.h> 66ca0716f5SRobert Watson #include <netinet/in_systm.h> 67ca0716f5SRobert Watson #include <netinet/ip.h> 68ca0716f5SRobert Watson 69ca0716f5SRobert Watson #include <assert.h> 70ca0716f5SRobert Watson #include <errno.h> 71ca0716f5SRobert Watson #include <string.h> 72ca0716f5SRobert Watson #include <stdlib.h> 73ca0716f5SRobert Watson #include <unistd.h> 74ca0716f5SRobert Watson 75ca0716f5SRobert Watson #include <bsm/audit_internal.h> 76ca0716f5SRobert Watson #include <bsm/libbsm.h> 77ca0716f5SRobert Watson 78ca0716f5SRobert Watson #define GET_TOKEN_AREA(t, dptr, length) do { \ 79ca0716f5SRobert Watson (t) = malloc(sizeof(token_t)); \ 80ca0716f5SRobert Watson if ((t) != NULL) { \ 81ca0716f5SRobert Watson (t)->len = (length); \ 82ca0716f5SRobert Watson (dptr) = (t->t_data) = malloc((length) * sizeof(u_char)); \ 83ca0716f5SRobert Watson if ((dptr) == NULL) { \ 84ca0716f5SRobert Watson free(t); \ 85ca0716f5SRobert Watson (t) = NULL; \ 86ca0716f5SRobert Watson } else \ 87ca0716f5SRobert Watson memset((dptr), 0, (length)); \ 88ca0716f5SRobert Watson } else \ 89ca0716f5SRobert Watson (dptr) = NULL; \ 9052267f74SRobert Watson assert((t) == NULL || (dptr) != NULL); \ 91ca0716f5SRobert Watson } while (0) 92ca0716f5SRobert Watson 93ca0716f5SRobert Watson /* 94ca0716f5SRobert Watson * token ID 1 byte 95ca0716f5SRobert Watson * argument # 1 byte 96ca0716f5SRobert Watson * argument value 4 bytes/8 bytes (32-bit/64-bit value) 97ca0716f5SRobert Watson * text length 2 bytes 98ca0716f5SRobert Watson * text N bytes + 1 terminating NULL byte 99ca0716f5SRobert Watson */ 100ca0716f5SRobert Watson token_t * 10152267f74SRobert Watson au_to_arg32(char n, const char *text, u_int32_t v) 102ca0716f5SRobert Watson { 103ca0716f5SRobert Watson token_t *t; 104ca0716f5SRobert Watson u_char *dptr = NULL; 105ca0716f5SRobert Watson u_int16_t textlen; 106ca0716f5SRobert Watson 107ca0716f5SRobert Watson textlen = strlen(text); 108ca0716f5SRobert Watson textlen += 1; 109ca0716f5SRobert Watson 110ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t) + 111ca0716f5SRobert Watson sizeof(u_int16_t) + textlen); 112ca0716f5SRobert Watson if (t == NULL) 113ca0716f5SRobert Watson return (NULL); 114ca0716f5SRobert Watson 115ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_ARG32); 116ca0716f5SRobert Watson ADD_U_CHAR(dptr, n); 117ca0716f5SRobert Watson ADD_U_INT32(dptr, v); 118ca0716f5SRobert Watson ADD_U_INT16(dptr, textlen); 119ca0716f5SRobert Watson ADD_STRING(dptr, text, textlen); 120ca0716f5SRobert Watson 121ca0716f5SRobert Watson return (t); 122ca0716f5SRobert Watson } 123ca0716f5SRobert Watson 124ca0716f5SRobert Watson token_t * 12552267f74SRobert Watson au_to_arg64(char n, const char *text, u_int64_t v) 126ca0716f5SRobert Watson { 127ca0716f5SRobert Watson token_t *t; 128ca0716f5SRobert Watson u_char *dptr = NULL; 129ca0716f5SRobert Watson u_int16_t textlen; 130ca0716f5SRobert Watson 131ca0716f5SRobert Watson textlen = strlen(text); 132ca0716f5SRobert Watson textlen += 1; 133ca0716f5SRobert Watson 134ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t) + 135ca0716f5SRobert Watson sizeof(u_int16_t) + textlen); 136ca0716f5SRobert Watson if (t == NULL) 137ca0716f5SRobert Watson return (NULL); 138ca0716f5SRobert Watson 139ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_ARG64); 140ca0716f5SRobert Watson ADD_U_CHAR(dptr, n); 141ca0716f5SRobert Watson ADD_U_INT64(dptr, v); 142ca0716f5SRobert Watson ADD_U_INT16(dptr, textlen); 143ca0716f5SRobert Watson ADD_STRING(dptr, text, textlen); 144ca0716f5SRobert Watson 145ca0716f5SRobert Watson return (t); 146ca0716f5SRobert Watson } 147ca0716f5SRobert Watson 148ca0716f5SRobert Watson token_t * 14952267f74SRobert Watson au_to_arg(char n, const char *text, u_int32_t v) 150ca0716f5SRobert Watson { 151ca0716f5SRobert Watson 152ca0716f5SRobert Watson return (au_to_arg32(n, text, v)); 153ca0716f5SRobert Watson } 154ca0716f5SRobert Watson 155ca0716f5SRobert Watson #if defined(_KERNEL) || defined(KERNEL) 156ca0716f5SRobert Watson /* 157ca0716f5SRobert Watson * token ID 1 byte 158ca0716f5SRobert Watson * file access mode 4 bytes 159ca0716f5SRobert Watson * owner user ID 4 bytes 160ca0716f5SRobert Watson * owner group ID 4 bytes 161ca0716f5SRobert Watson * file system ID 4 bytes 162ca0716f5SRobert Watson * node ID 8 bytes 163ca0716f5SRobert Watson * device 4 bytes/8 bytes (32-bit/64-bit) 164ca0716f5SRobert Watson */ 165ca0716f5SRobert Watson token_t * 166ca0716f5SRobert Watson au_to_attr32(struct vnode_au_info *vni) 167ca0716f5SRobert Watson { 168ca0716f5SRobert Watson token_t *t; 169ca0716f5SRobert Watson u_char *dptr = NULL; 170ca0716f5SRobert Watson u_int16_t pad0_16 = 0; 17106edd2f1SRobert Watson u_int32_t pad0_32 = 0; 172ca0716f5SRobert Watson 173ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 174ca0716f5SRobert Watson 3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); 175ca0716f5SRobert Watson if (t == NULL) 176ca0716f5SRobert Watson return (NULL); 177ca0716f5SRobert Watson 178ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_ATTR32); 179ca0716f5SRobert Watson 180ca0716f5SRobert Watson /* 1817a0a89d2SRobert Watson * BSD defines the size for the file mode as 2 bytes; BSM defines 4 1827a0a89d2SRobert Watson * so pad with 0. 1837a0a89d2SRobert Watson * 1847a0a89d2SRobert Watson * XXXRW: Possibly should be conditionally compiled. 1857a0a89d2SRobert Watson * 1867a0a89d2SRobert Watson * XXXRW: Should any conversions take place on the mode? 187ca0716f5SRobert Watson */ 188ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0_16); 189ca0716f5SRobert Watson ADD_U_INT16(dptr, vni->vn_mode); 190ca0716f5SRobert Watson 191ca0716f5SRobert Watson ADD_U_INT32(dptr, vni->vn_uid); 192ca0716f5SRobert Watson ADD_U_INT32(dptr, vni->vn_gid); 193ca0716f5SRobert Watson ADD_U_INT32(dptr, vni->vn_fsid); 194ca0716f5SRobert Watson 195ca0716f5SRobert Watson /* 19652267f74SRobert Watson * Some systems use 32-bit file ID's, others use 64-bit file IDs. 197ca0716f5SRobert Watson * Attempt to handle both, and let the compiler sort it out. If we 198ca0716f5SRobert Watson * could pick this out at compile-time, it would be better, so as to 199ca0716f5SRobert Watson * avoid the else case below. 200ca0716f5SRobert Watson */ 201ca0716f5SRobert Watson if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { 202ca0716f5SRobert Watson ADD_U_INT32(dptr, pad0_32); 203ca0716f5SRobert Watson ADD_U_INT32(dptr, vni->vn_fileid); 204ca0716f5SRobert Watson } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) 205ca0716f5SRobert Watson ADD_U_INT64(dptr, vni->vn_fileid); 206ca0716f5SRobert Watson else 207ca0716f5SRobert Watson ADD_U_INT64(dptr, 0LL); 208ca0716f5SRobert Watson 209ca0716f5SRobert Watson ADD_U_INT32(dptr, vni->vn_dev); 210ca0716f5SRobert Watson 211ca0716f5SRobert Watson return (t); 212ca0716f5SRobert Watson } 213ca0716f5SRobert Watson 214ca0716f5SRobert Watson token_t * 215ca0716f5SRobert Watson au_to_attr64(struct vnode_au_info *vni) 216ca0716f5SRobert Watson { 217bc168a6cSRobert Watson token_t *t; 218bc168a6cSRobert Watson u_char *dptr = NULL; 219bc168a6cSRobert Watson u_int16_t pad0_16 = 0; 22006edd2f1SRobert Watson u_int32_t pad0_32 = 0; 221ca0716f5SRobert Watson 222bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 223bc168a6cSRobert Watson 3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2); 224bc168a6cSRobert Watson if (t == NULL) 225ca0716f5SRobert Watson return (NULL); 226bc168a6cSRobert Watson 227bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_ATTR64); 228bc168a6cSRobert Watson 229bc168a6cSRobert Watson /* 2307a0a89d2SRobert Watson * BSD defines the size for the file mode as 2 bytes; BSM defines 4 2317a0a89d2SRobert Watson * so pad with 0. 2327a0a89d2SRobert Watson * 2337a0a89d2SRobert Watson * XXXRW: Possibly should be conditionally compiled. 2347a0a89d2SRobert Watson * 2357a0a89d2SRobert Watson * XXXRW: Should any conversions take place on the mode? 236bc168a6cSRobert Watson */ 237bc168a6cSRobert Watson ADD_U_INT16(dptr, pad0_16); 238bc168a6cSRobert Watson ADD_U_INT16(dptr, vni->vn_mode); 239bc168a6cSRobert Watson 240bc168a6cSRobert Watson ADD_U_INT32(dptr, vni->vn_uid); 241bc168a6cSRobert Watson ADD_U_INT32(dptr, vni->vn_gid); 242bc168a6cSRobert Watson ADD_U_INT32(dptr, vni->vn_fsid); 243bc168a6cSRobert Watson 244bc168a6cSRobert Watson /* 245bc168a6cSRobert Watson * Some systems use 32-bit file ID's, other's use 64-bit file IDs. 246bc168a6cSRobert Watson * Attempt to handle both, and let the compiler sort it out. If we 247bc168a6cSRobert Watson * could pick this out at compile-time, it would be better, so as to 248bc168a6cSRobert Watson * avoid the else case below. 249bc168a6cSRobert Watson */ 250bc168a6cSRobert Watson if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { 251bc168a6cSRobert Watson ADD_U_INT32(dptr, pad0_32); 252bc168a6cSRobert Watson ADD_U_INT32(dptr, vni->vn_fileid); 253bc168a6cSRobert Watson } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) 254bc168a6cSRobert Watson ADD_U_INT64(dptr, vni->vn_fileid); 255bc168a6cSRobert Watson else 256bc168a6cSRobert Watson ADD_U_INT64(dptr, 0LL); 257bc168a6cSRobert Watson 258bc168a6cSRobert Watson ADD_U_INT64(dptr, vni->vn_dev); 259bc168a6cSRobert Watson 260bc168a6cSRobert Watson return (t); 261ca0716f5SRobert Watson } 262ca0716f5SRobert Watson 263ca0716f5SRobert Watson token_t * 264ca0716f5SRobert Watson au_to_attr(struct vnode_au_info *vni) 265ca0716f5SRobert Watson { 266ca0716f5SRobert Watson 267ca0716f5SRobert Watson return (au_to_attr32(vni)); 268ca0716f5SRobert Watson } 269ca0716f5SRobert Watson #endif /* !(defined(_KERNEL) || defined(KERNEL) */ 270ca0716f5SRobert Watson 271ca0716f5SRobert Watson /* 272ca0716f5SRobert Watson * token ID 1 byte 273ca0716f5SRobert Watson * how to print 1 byte 274ca0716f5SRobert Watson * basic unit 1 byte 275ca0716f5SRobert Watson * unit count 1 byte 276ca0716f5SRobert Watson * data items (depends on basic unit) 277ca0716f5SRobert Watson */ 278ca0716f5SRobert Watson token_t * 27952267f74SRobert Watson au_to_data(char unit_print, char unit_type, char unit_count, const char *p) 280ca0716f5SRobert Watson { 281ca0716f5SRobert Watson token_t *t; 282ca0716f5SRobert Watson u_char *dptr = NULL; 283ca0716f5SRobert Watson size_t datasize, totdata; 284ca0716f5SRobert Watson 285ca0716f5SRobert Watson /* Determine the size of the basic unit. */ 286ca0716f5SRobert Watson switch (unit_type) { 287ca0716f5SRobert Watson case AUR_BYTE: 288506764c6SRobert Watson /* case AUR_CHAR: */ 289ca0716f5SRobert Watson datasize = AUR_BYTE_SIZE; 290ca0716f5SRobert Watson break; 291ca0716f5SRobert Watson 292ca0716f5SRobert Watson case AUR_SHORT: 293ca0716f5SRobert Watson datasize = AUR_SHORT_SIZE; 294ca0716f5SRobert Watson break; 295ca0716f5SRobert Watson 296506764c6SRobert Watson case AUR_INT32: 297506764c6SRobert Watson /* case AUR_INT: */ 298506764c6SRobert Watson datasize = AUR_INT32_SIZE; 299506764c6SRobert Watson break; 300506764c6SRobert Watson 301506764c6SRobert Watson case AUR_INT64: 302506764c6SRobert Watson datasize = AUR_INT64_SIZE; 303ca0716f5SRobert Watson break; 304ca0716f5SRobert Watson 305ca0716f5SRobert Watson default: 306ca0716f5SRobert Watson errno = EINVAL; 307ca0716f5SRobert Watson return (NULL); 308ca0716f5SRobert Watson } 309ca0716f5SRobert Watson 310ca0716f5SRobert Watson totdata = datasize * unit_count; 311ca0716f5SRobert Watson 312506764c6SRobert Watson GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); 313ca0716f5SRobert Watson if (t == NULL) 314ca0716f5SRobert Watson return (NULL); 315ca0716f5SRobert Watson 3167a0a89d2SRobert Watson /* 3177a0a89d2SRobert Watson * XXXRW: We should be byte-swapping each data item for multi-byte 3187a0a89d2SRobert Watson * types. 3197a0a89d2SRobert Watson */ 320ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_DATA); 321ca0716f5SRobert Watson ADD_U_CHAR(dptr, unit_print); 322ca0716f5SRobert Watson ADD_U_CHAR(dptr, unit_type); 323ca0716f5SRobert Watson ADD_U_CHAR(dptr, unit_count); 324ca0716f5SRobert Watson ADD_MEM(dptr, p, totdata); 325ca0716f5SRobert Watson 326ca0716f5SRobert Watson return (t); 327ca0716f5SRobert Watson } 328ca0716f5SRobert Watson 329ca0716f5SRobert Watson 330ca0716f5SRobert Watson /* 331ca0716f5SRobert Watson * token ID 1 byte 332ca0716f5SRobert Watson * status 4 bytes 333ca0716f5SRobert Watson * return value 4 bytes 334ca0716f5SRobert Watson */ 335ca0716f5SRobert Watson token_t * 336ca0716f5SRobert Watson au_to_exit(int retval, int err) 337ca0716f5SRobert Watson { 338ca0716f5SRobert Watson token_t *t; 339ca0716f5SRobert Watson u_char *dptr = NULL; 340ca0716f5SRobert Watson 341ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t)); 342ca0716f5SRobert Watson if (t == NULL) 343ca0716f5SRobert Watson return (NULL); 344ca0716f5SRobert Watson 345ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_EXIT); 346ca0716f5SRobert Watson ADD_U_INT32(dptr, err); 347ca0716f5SRobert Watson ADD_U_INT32(dptr, retval); 348ca0716f5SRobert Watson 349ca0716f5SRobert Watson return (t); 350ca0716f5SRobert Watson } 351ca0716f5SRobert Watson 352ca0716f5SRobert Watson /* 353ca0716f5SRobert Watson */ 354ca0716f5SRobert Watson token_t * 355ca0716f5SRobert Watson au_to_groups(int *groups) 356ca0716f5SRobert Watson { 357ca0716f5SRobert Watson 358bc168a6cSRobert Watson return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t *)groups)); 359ca0716f5SRobert Watson } 360ca0716f5SRobert Watson 361ca0716f5SRobert Watson /* 362ca0716f5SRobert Watson * token ID 1 byte 363ca0716f5SRobert Watson * number groups 2 bytes 364ca0716f5SRobert Watson * group list count * 4 bytes 365ca0716f5SRobert Watson */ 366ca0716f5SRobert Watson token_t * 367ca0716f5SRobert Watson au_to_newgroups(u_int16_t n, gid_t *groups) 368ca0716f5SRobert Watson { 369ca0716f5SRobert Watson token_t *t; 370ca0716f5SRobert Watson u_char *dptr = NULL; 371ca0716f5SRobert Watson int i; 372ca0716f5SRobert Watson 373ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 374ca0716f5SRobert Watson n * sizeof(u_int32_t)); 375ca0716f5SRobert Watson if (t == NULL) 376ca0716f5SRobert Watson return (NULL); 377ca0716f5SRobert Watson 378ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_NEWGROUPS); 379ca0716f5SRobert Watson ADD_U_INT16(dptr, n); 380ca0716f5SRobert Watson for (i = 0; i < n; i++) 381ca0716f5SRobert Watson ADD_U_INT32(dptr, groups[i]); 382ca0716f5SRobert Watson 383ca0716f5SRobert Watson return (t); 384ca0716f5SRobert Watson } 385ca0716f5SRobert Watson 386ca0716f5SRobert Watson /* 387ca0716f5SRobert Watson * token ID 1 byte 388ca0716f5SRobert Watson * internet address 4 bytes 389ca0716f5SRobert Watson */ 390ca0716f5SRobert Watson token_t * 391ca0716f5SRobert Watson au_to_in_addr(struct in_addr *internet_addr) 392ca0716f5SRobert Watson { 393ca0716f5SRobert Watson token_t *t; 394ca0716f5SRobert Watson u_char *dptr = NULL; 395ca0716f5SRobert Watson 396506764c6SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); 397ca0716f5SRobert Watson if (t == NULL) 398ca0716f5SRobert Watson return (NULL); 399ca0716f5SRobert Watson 400ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IN_ADDR); 401506764c6SRobert Watson ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); 402ca0716f5SRobert Watson 403ca0716f5SRobert Watson return (t); 404ca0716f5SRobert Watson } 405ca0716f5SRobert Watson 406ca0716f5SRobert Watson /* 407ca0716f5SRobert Watson * token ID 1 byte 408ca0716f5SRobert Watson * address type/length 4 bytes 40952267f74SRobert Watson * address 16 bytes 410ca0716f5SRobert Watson */ 411ca0716f5SRobert Watson token_t * 412ca0716f5SRobert Watson au_to_in_addr_ex(struct in6_addr *internet_addr) 413ca0716f5SRobert Watson { 414ca0716f5SRobert Watson token_t *t; 415ca0716f5SRobert Watson u_char *dptr = NULL; 4167a0a89d2SRobert Watson u_int32_t type = AU_IPv6; 417ca0716f5SRobert Watson 418506764c6SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); 419ca0716f5SRobert Watson if (t == NULL) 420ca0716f5SRobert Watson return (NULL); 421ca0716f5SRobert Watson 422ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); 423ca0716f5SRobert Watson ADD_U_INT32(dptr, type); 4240814440eSRobert Watson ADD_MEM(dptr, internet_addr, 4 * sizeof(uint32_t)); 425ca0716f5SRobert Watson 426ca0716f5SRobert Watson return (t); 427ca0716f5SRobert Watson } 428ca0716f5SRobert Watson 429ca0716f5SRobert Watson /* 430ca0716f5SRobert Watson * token ID 1 byte 431ca0716f5SRobert Watson * ip header 20 bytes 432bc168a6cSRobert Watson * 433bc168a6cSRobert Watson * The IP header should be submitted in network byte order. 434ca0716f5SRobert Watson */ 435ca0716f5SRobert Watson token_t * 436ca0716f5SRobert Watson au_to_ip(struct ip *ip) 437ca0716f5SRobert Watson { 438ca0716f5SRobert Watson token_t *t; 439ca0716f5SRobert Watson u_char *dptr = NULL; 440ca0716f5SRobert Watson 441ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip)); 442ca0716f5SRobert Watson if (t == NULL) 443ca0716f5SRobert Watson return (NULL); 444ca0716f5SRobert Watson 445ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IP); 446ca0716f5SRobert Watson ADD_MEM(dptr, ip, sizeof(struct ip)); 447ca0716f5SRobert Watson 448ca0716f5SRobert Watson return (t); 449ca0716f5SRobert Watson } 450ca0716f5SRobert Watson 451ca0716f5SRobert Watson /* 452ca0716f5SRobert Watson * token ID 1 byte 453ca0716f5SRobert Watson * object ID type 1 byte 454ca0716f5SRobert Watson * object ID 4 bytes 455ca0716f5SRobert Watson */ 456ca0716f5SRobert Watson token_t * 457ca0716f5SRobert Watson au_to_ipc(char type, int id) 458ca0716f5SRobert Watson { 459ca0716f5SRobert Watson token_t *t; 460ca0716f5SRobert Watson u_char *dptr = NULL; 461ca0716f5SRobert Watson 462ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); 463ca0716f5SRobert Watson if (t == NULL) 464ca0716f5SRobert Watson return (NULL); 465ca0716f5SRobert Watson 466ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IPC); 467ca0716f5SRobert Watson ADD_U_CHAR(dptr, type); 468ca0716f5SRobert Watson ADD_U_INT32(dptr, id); 469ca0716f5SRobert Watson 470ca0716f5SRobert Watson return (t); 471ca0716f5SRobert Watson } 472ca0716f5SRobert Watson 473ca0716f5SRobert Watson /* 474ca0716f5SRobert Watson * token ID 1 byte 475ca0716f5SRobert Watson * owner user ID 4 bytes 476ca0716f5SRobert Watson * owner group ID 4 bytes 477ca0716f5SRobert Watson * creator user ID 4 bytes 478ca0716f5SRobert Watson * creator group ID 4 bytes 479ca0716f5SRobert Watson * access mode 4 bytes 480ca0716f5SRobert Watson * slot sequence # 4 bytes 481ca0716f5SRobert Watson * key 4 bytes 482ca0716f5SRobert Watson */ 483ca0716f5SRobert Watson token_t * 484ca0716f5SRobert Watson au_to_ipc_perm(struct ipc_perm *perm) 485ca0716f5SRobert Watson { 486ca0716f5SRobert Watson token_t *t; 487ca0716f5SRobert Watson u_char *dptr = NULL; 488ca0716f5SRobert Watson u_int16_t pad0 = 0; 489ca0716f5SRobert Watson 49006edd2f1SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 12 * sizeof(u_int16_t) + 49106edd2f1SRobert Watson sizeof(u_int32_t)); 492ca0716f5SRobert Watson if (t == NULL) 493ca0716f5SRobert Watson return (NULL); 494ca0716f5SRobert Watson 495ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IPC_PERM); 496ca0716f5SRobert Watson 497ca0716f5SRobert Watson /* 4987a0a89d2SRobert Watson * Systems vary significantly in what types they use in struct 4997a0a89d2SRobert Watson * ipc_perm; at least a few still use 16-bit uid's and gid's, so 5007a0a89d2SRobert Watson * allow for that, as BSM define 32-bit values here. 5017a0a89d2SRobert Watson * Some systems define the sizes for ipc_perm members as 2 bytes; 5027a0a89d2SRobert Watson * BSM defines 4 so pad with 0. 5037a0a89d2SRobert Watson * 5047a0a89d2SRobert Watson * XXXRW: Possibly shoulid be conditionally compiled, and more cases 5057a0a89d2SRobert Watson * need to be handled. 506ca0716f5SRobert Watson */ 5077a0a89d2SRobert Watson if (sizeof(perm->uid) != sizeof(u_int32_t)) { 508ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 509ca0716f5SRobert Watson ADD_U_INT16(dptr, perm->uid); 510ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 511ca0716f5SRobert Watson ADD_U_INT16(dptr, perm->gid); 512ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 513ca0716f5SRobert Watson ADD_U_INT16(dptr, perm->cuid); 514ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 515ca0716f5SRobert Watson ADD_U_INT16(dptr, perm->cgid); 5167a0a89d2SRobert Watson } else { 5177a0a89d2SRobert Watson ADD_U_INT32(dptr, perm->uid); 5187a0a89d2SRobert Watson ADD_U_INT32(dptr, perm->gid); 5197a0a89d2SRobert Watson ADD_U_INT32(dptr, perm->cuid); 5207a0a89d2SRobert Watson ADD_U_INT32(dptr, perm->cgid); 5217a0a89d2SRobert Watson } 522ca0716f5SRobert Watson 523ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 524ca0716f5SRobert Watson ADD_U_INT16(dptr, perm->mode); 525ca0716f5SRobert Watson 526ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 527ca0716f5SRobert Watson 5283b97a967SRobert Watson #ifdef HAVE_IPC_PERM___SEQ 5293b97a967SRobert Watson ADD_U_INT16(dptr, perm->__seq); 53052267f74SRobert Watson #else /* HAVE_IPC_PERM___SEQ */ 53152267f74SRobert Watson #ifdef HAVE_IPC_PERM__SEQ 53252267f74SRobert Watson ADD_U_INT16(dptr, perm->_seq); 53352267f74SRobert Watson #else /* HAVE_IPC_PERM__SEQ */ 5343b97a967SRobert Watson ADD_U_INT16(dptr, perm->seq); 53552267f74SRobert Watson #endif /* HAVE_IPC_PERM__SEQ */ 53652267f74SRobert Watson #endif /* HAVE_IPC_PERM___SEQ */ 5373b97a967SRobert Watson 5383b97a967SRobert Watson #ifdef HAVE_IPC_PERM___KEY 5393b97a967SRobert Watson ADD_U_INT32(dptr, perm->__key); 54052267f74SRobert Watson #else /* HAVE_IPC_PERM___KEY */ 54152267f74SRobert Watson #ifdef HAVE_IPC_PERM__KEY 54252267f74SRobert Watson ADD_U_INT32(dptr, perm->_key); 54352267f74SRobert Watson #else /* HAVE_IPC_PERM__KEY */ 544ca0716f5SRobert Watson ADD_U_INT32(dptr, perm->key); 54552267f74SRobert Watson #endif /* HAVE_IPC_PERM__KEY */ 54652267f74SRobert Watson #endif /* HAVE_IPC_PERM___KEY */ 547ca0716f5SRobert Watson 548ca0716f5SRobert Watson return (t); 549ca0716f5SRobert Watson } 550ca0716f5SRobert Watson 551ca0716f5SRobert Watson /* 552ca0716f5SRobert Watson * token ID 1 byte 553ca0716f5SRobert Watson * port IP address 2 bytes 554ca0716f5SRobert Watson */ 555ca0716f5SRobert Watson token_t * 556ca0716f5SRobert Watson au_to_iport(u_int16_t iport) 557ca0716f5SRobert Watson { 558ca0716f5SRobert Watson token_t *t; 559ca0716f5SRobert Watson u_char *dptr = NULL; 560ca0716f5SRobert Watson 561ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t)); 562ca0716f5SRobert Watson if (t == NULL) 563ca0716f5SRobert Watson return (NULL); 564ca0716f5SRobert Watson 565ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IPORT); 566ca0716f5SRobert Watson ADD_U_INT16(dptr, iport); 567ca0716f5SRobert Watson 568ca0716f5SRobert Watson return (t); 569ca0716f5SRobert Watson } 570ca0716f5SRobert Watson 571ca0716f5SRobert Watson /* 572ca0716f5SRobert Watson * token ID 1 byte 573ca0716f5SRobert Watson * size 2 bytes 574ca0716f5SRobert Watson * data size bytes 575ca0716f5SRobert Watson */ 576ca0716f5SRobert Watson token_t * 57752267f74SRobert Watson au_to_opaque(const char *data, u_int16_t bytes) 578ca0716f5SRobert Watson { 579ca0716f5SRobert Watson token_t *t; 580ca0716f5SRobert Watson u_char *dptr = NULL; 581ca0716f5SRobert Watson 582ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + bytes); 583ca0716f5SRobert Watson if (t == NULL) 584ca0716f5SRobert Watson return (NULL); 585ca0716f5SRobert Watson 586ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_OPAQUE); 587ca0716f5SRobert Watson ADD_U_INT16(dptr, bytes); 588ca0716f5SRobert Watson ADD_MEM(dptr, data, bytes); 589ca0716f5SRobert Watson 590ca0716f5SRobert Watson return (t); 591ca0716f5SRobert Watson } 592ca0716f5SRobert Watson 593ca0716f5SRobert Watson /* 594ca0716f5SRobert Watson * token ID 1 byte 595ca0716f5SRobert Watson * seconds of time 4 bytes 596ca0716f5SRobert Watson * milliseconds of time 4 bytes 597ca0716f5SRobert Watson * file name len 2 bytes 598ca0716f5SRobert Watson * file pathname N bytes + 1 terminating NULL byte 599ca0716f5SRobert Watson */ 600ca0716f5SRobert Watson token_t * 60152267f74SRobert Watson au_to_file(const char *file, struct timeval tm) 602ca0716f5SRobert Watson { 603ca0716f5SRobert Watson token_t *t; 604ca0716f5SRobert Watson u_char *dptr = NULL; 605ca0716f5SRobert Watson u_int16_t filelen; 606ca0716f5SRobert Watson u_int32_t timems; 607ca0716f5SRobert Watson 608ca0716f5SRobert Watson filelen = strlen(file); 609ca0716f5SRobert Watson filelen += 1; 610ca0716f5SRobert Watson 611ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t) + 612ca0716f5SRobert Watson sizeof(u_int16_t) + filelen); 613ca0716f5SRobert Watson if (t == NULL) 614ca0716f5SRobert Watson return (NULL); 615ca0716f5SRobert Watson 616ca0716f5SRobert Watson timems = tm.tv_usec/1000; 617ca0716f5SRobert Watson 618ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_OTHER_FILE32); 619ca0716f5SRobert Watson ADD_U_INT32(dptr, tm.tv_sec); 620ca0716f5SRobert Watson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 621ca0716f5SRobert Watson ADD_U_INT16(dptr, filelen); 622ca0716f5SRobert Watson ADD_STRING(dptr, file, filelen); 623ca0716f5SRobert Watson 624ca0716f5SRobert Watson return (t); 625ca0716f5SRobert Watson } 626ca0716f5SRobert Watson 627ca0716f5SRobert Watson /* 628ca0716f5SRobert Watson * token ID 1 byte 629ca0716f5SRobert Watson * text length 2 bytes 630ca0716f5SRobert Watson * text N bytes + 1 terminating NULL byte 631ca0716f5SRobert Watson */ 632ca0716f5SRobert Watson token_t * 63352267f74SRobert Watson au_to_text(const char *text) 634ca0716f5SRobert Watson { 635ca0716f5SRobert Watson token_t *t; 636ca0716f5SRobert Watson u_char *dptr = NULL; 637ca0716f5SRobert Watson u_int16_t textlen; 638ca0716f5SRobert Watson 639ca0716f5SRobert Watson textlen = strlen(text); 640ca0716f5SRobert Watson textlen += 1; 641ca0716f5SRobert Watson 6427a0a89d2SRobert Watson /* XXXRW: Should validate length against token size limit. */ 6437a0a89d2SRobert Watson 644ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 645ca0716f5SRobert Watson if (t == NULL) 646ca0716f5SRobert Watson return (NULL); 647ca0716f5SRobert Watson 648ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_TEXT); 649ca0716f5SRobert Watson ADD_U_INT16(dptr, textlen); 650ca0716f5SRobert Watson ADD_STRING(dptr, text, textlen); 651ca0716f5SRobert Watson 652ca0716f5SRobert Watson return (t); 653ca0716f5SRobert Watson } 654ca0716f5SRobert Watson 655ca0716f5SRobert Watson /* 656ca0716f5SRobert Watson * token ID 1 byte 657ca0716f5SRobert Watson * path length 2 bytes 658ca0716f5SRobert Watson * path N bytes + 1 terminating NULL byte 659ca0716f5SRobert Watson */ 660ca0716f5SRobert Watson token_t * 66152267f74SRobert Watson au_to_path(const char *text) 662ca0716f5SRobert Watson { 663ca0716f5SRobert Watson token_t *t; 664ca0716f5SRobert Watson u_char *dptr = NULL; 665ca0716f5SRobert Watson u_int16_t textlen; 666ca0716f5SRobert Watson 667ca0716f5SRobert Watson textlen = strlen(text); 668ca0716f5SRobert Watson textlen += 1; 669ca0716f5SRobert Watson 670ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 671ca0716f5SRobert Watson if (t == NULL) 672ca0716f5SRobert Watson return (NULL); 673ca0716f5SRobert Watson 674ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_PATH); 675ca0716f5SRobert Watson ADD_U_INT16(dptr, textlen); 676ca0716f5SRobert Watson ADD_STRING(dptr, text, textlen); 677ca0716f5SRobert Watson 678ca0716f5SRobert Watson return (t); 679ca0716f5SRobert Watson } 680ca0716f5SRobert Watson 681ca0716f5SRobert Watson /* 682ca0716f5SRobert Watson * token ID 1 byte 683ca0716f5SRobert Watson * audit ID 4 bytes 684ca0716f5SRobert Watson * effective user ID 4 bytes 685ca0716f5SRobert Watson * effective group ID 4 bytes 686ca0716f5SRobert Watson * real user ID 4 bytes 687ca0716f5SRobert Watson * real group ID 4 bytes 688ca0716f5SRobert Watson * process ID 4 bytes 689ca0716f5SRobert Watson * session ID 4 bytes 690ca0716f5SRobert Watson * terminal ID 691ca0716f5SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 692ca0716f5SRobert Watson * machine address 4 bytes 693ca0716f5SRobert Watson */ 694ca0716f5SRobert Watson token_t * 695ca0716f5SRobert Watson au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 696ca0716f5SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 697ca0716f5SRobert Watson { 698ca0716f5SRobert Watson token_t *t; 699ca0716f5SRobert Watson u_char *dptr = NULL; 700ca0716f5SRobert Watson 701ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); 702ca0716f5SRobert Watson if (t == NULL) 703ca0716f5SRobert Watson return (NULL); 704ca0716f5SRobert Watson 705ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS32); 706ca0716f5SRobert Watson ADD_U_INT32(dptr, auid); 707ca0716f5SRobert Watson ADD_U_INT32(dptr, euid); 708ca0716f5SRobert Watson ADD_U_INT32(dptr, egid); 709ca0716f5SRobert Watson ADD_U_INT32(dptr, ruid); 710ca0716f5SRobert Watson ADD_U_INT32(dptr, rgid); 711ca0716f5SRobert Watson ADD_U_INT32(dptr, pid); 712ca0716f5SRobert Watson ADD_U_INT32(dptr, sid); 713ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->port); 7147a0a89d2SRobert Watson 7157a0a89d2SRobert Watson /* 7167a0a89d2SRobert Watson * Note: Solaris will write out IPv6 addresses here as a 32-bit 7177a0a89d2SRobert Watson * address type and 16 bytes of address, but for IPv4 addresses it 7187a0a89d2SRobert Watson * simply writes the 4-byte address directly. We support only IPv4 7197a0a89d2SRobert Watson * addresses for process32 tokens. 7207a0a89d2SRobert Watson */ 721506764c6SRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 722ca0716f5SRobert Watson 723ca0716f5SRobert Watson return (t); 724ca0716f5SRobert Watson } 725ca0716f5SRobert Watson 726ca0716f5SRobert Watson token_t * 727bc168a6cSRobert Watson au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 728bc168a6cSRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 729ca0716f5SRobert Watson { 730bc168a6cSRobert Watson token_t *t; 731bc168a6cSRobert Watson u_char *dptr = NULL; 732ca0716f5SRobert Watson 733bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) + 734bc168a6cSRobert Watson sizeof(u_int64_t)); 735bc168a6cSRobert Watson if (t == NULL) 736ca0716f5SRobert Watson return (NULL); 737bc168a6cSRobert Watson 738bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS64); 739bc168a6cSRobert Watson ADD_U_INT32(dptr, auid); 740bc168a6cSRobert Watson ADD_U_INT32(dptr, euid); 741bc168a6cSRobert Watson ADD_U_INT32(dptr, egid); 742bc168a6cSRobert Watson ADD_U_INT32(dptr, ruid); 743bc168a6cSRobert Watson ADD_U_INT32(dptr, rgid); 744bc168a6cSRobert Watson ADD_U_INT32(dptr, pid); 745bc168a6cSRobert Watson ADD_U_INT32(dptr, sid); 746bc168a6cSRobert Watson ADD_U_INT64(dptr, tid->port); 7477a0a89d2SRobert Watson 7487a0a89d2SRobert Watson /* 7497a0a89d2SRobert Watson * Note: Solaris will write out IPv6 addresses here as a 32-bit 7507a0a89d2SRobert Watson * address type and 16 bytes of address, but for IPv4 addresses it 7517a0a89d2SRobert Watson * simply writes the 4-byte address directly. We support only IPv4 7527a0a89d2SRobert Watson * addresses for process64 tokens. 7537a0a89d2SRobert Watson */ 754bc168a6cSRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 755bc168a6cSRobert Watson 756bc168a6cSRobert Watson return (t); 757ca0716f5SRobert Watson } 758ca0716f5SRobert Watson 759ca0716f5SRobert Watson token_t * 760bc168a6cSRobert Watson au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 761bc168a6cSRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 762ca0716f5SRobert Watson { 763ca0716f5SRobert Watson 764ca0716f5SRobert Watson return (au_to_process32(auid, euid, egid, ruid, rgid, pid, sid, 765ca0716f5SRobert Watson tid)); 766ca0716f5SRobert Watson } 767ca0716f5SRobert Watson 768ca0716f5SRobert Watson /* 769ca0716f5SRobert Watson * token ID 1 byte 770ca0716f5SRobert Watson * audit ID 4 bytes 771ca0716f5SRobert Watson * effective user ID 4 bytes 772ca0716f5SRobert Watson * effective group ID 4 bytes 773ca0716f5SRobert Watson * real user ID 4 bytes 774ca0716f5SRobert Watson * real group ID 4 bytes 775ca0716f5SRobert Watson * process ID 4 bytes 776ca0716f5SRobert Watson * session ID 4 bytes 777ca0716f5SRobert Watson * terminal ID 778ca0716f5SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 779ca0716f5SRobert Watson * address type-len 4 bytes 780ca0716f5SRobert Watson * machine address 16 bytes 781ca0716f5SRobert Watson */ 782ca0716f5SRobert Watson token_t * 783ca0716f5SRobert Watson au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 784ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 785ca0716f5SRobert Watson { 786ca0716f5SRobert Watson token_t *t; 787ca0716f5SRobert Watson u_char *dptr = NULL; 788ca0716f5SRobert Watson 789d9af45c4SRobert Watson if (tid->at_type == AU_IPv4) 790d9af45c4SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 791d9af45c4SRobert Watson 10 * sizeof(u_int32_t)); 792d9af45c4SRobert Watson else if (tid->at_type == AU_IPv6) 793d9af45c4SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 794d9af45c4SRobert Watson 13 * sizeof(u_int32_t)); 795d9af45c4SRobert Watson else { 796d9af45c4SRobert Watson errno = EINVAL; 797d9af45c4SRobert Watson return (NULL); 798d9af45c4SRobert Watson } 799ca0716f5SRobert Watson if (t == NULL) 800ca0716f5SRobert Watson return (NULL); 801ca0716f5SRobert Watson 802ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS32_EX); 803ca0716f5SRobert Watson ADD_U_INT32(dptr, auid); 804ca0716f5SRobert Watson ADD_U_INT32(dptr, euid); 805ca0716f5SRobert Watson ADD_U_INT32(dptr, egid); 806ca0716f5SRobert Watson ADD_U_INT32(dptr, ruid); 807ca0716f5SRobert Watson ADD_U_INT32(dptr, rgid); 808ca0716f5SRobert Watson ADD_U_INT32(dptr, pid); 809ca0716f5SRobert Watson ADD_U_INT32(dptr, sid); 810ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->at_port); 811ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->at_type); 812bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 813d9af45c4SRobert Watson if (tid->at_type == AU_IPv6) { 814bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); 815bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); 816bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); 817d9af45c4SRobert Watson } 818ca0716f5SRobert Watson 819ca0716f5SRobert Watson return (t); 820ca0716f5SRobert Watson } 821ca0716f5SRobert Watson 822ca0716f5SRobert Watson token_t * 823ca0716f5SRobert Watson au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 824ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 825ca0716f5SRobert Watson { 826bc168a6cSRobert Watson token_t *t; 827bc168a6cSRobert Watson u_char *dptr = NULL; 828ca0716f5SRobert Watson 829bc168a6cSRobert Watson if (tid->at_type == AU_IPv4) 830bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 831bc168a6cSRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 832bc168a6cSRobert Watson 2 * sizeof(u_int32_t)); 833bc168a6cSRobert Watson else if (tid->at_type == AU_IPv6) 834bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 835bc168a6cSRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 836bc168a6cSRobert Watson 5 * sizeof(u_int32_t)); 837bc168a6cSRobert Watson else { 838bc168a6cSRobert Watson errno = EINVAL; 839ca0716f5SRobert Watson return (NULL); 840ca0716f5SRobert Watson } 841bc168a6cSRobert Watson if (t == NULL) 842bc168a6cSRobert Watson return (NULL); 843bc168a6cSRobert Watson 844bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS64_EX); 845bc168a6cSRobert Watson ADD_U_INT32(dptr, auid); 846bc168a6cSRobert Watson ADD_U_INT32(dptr, euid); 847bc168a6cSRobert Watson ADD_U_INT32(dptr, egid); 848bc168a6cSRobert Watson ADD_U_INT32(dptr, ruid); 849bc168a6cSRobert Watson ADD_U_INT32(dptr, rgid); 850bc168a6cSRobert Watson ADD_U_INT32(dptr, pid); 851bc168a6cSRobert Watson ADD_U_INT32(dptr, sid); 852bc168a6cSRobert Watson ADD_U_INT64(dptr, tid->at_port); 853bc168a6cSRobert Watson ADD_U_INT32(dptr, tid->at_type); 854bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 855bc168a6cSRobert Watson if (tid->at_type == AU_IPv6) { 856bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); 857bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); 858bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); 859bc168a6cSRobert Watson } 860bc168a6cSRobert Watson 861bc168a6cSRobert Watson return (t); 862bc168a6cSRobert Watson } 863ca0716f5SRobert Watson 864ca0716f5SRobert Watson token_t * 865ca0716f5SRobert Watson au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 866ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 867ca0716f5SRobert Watson { 868ca0716f5SRobert Watson 869ca0716f5SRobert Watson return (au_to_process32_ex(auid, euid, egid, ruid, rgid, pid, sid, 870ca0716f5SRobert Watson tid)); 871ca0716f5SRobert Watson } 872ca0716f5SRobert Watson 873ca0716f5SRobert Watson /* 874ca0716f5SRobert Watson * token ID 1 byte 875ca0716f5SRobert Watson * error status 1 byte 876ca0716f5SRobert Watson * return value 4 bytes/8 bytes (32-bit/64-bit value) 877ca0716f5SRobert Watson */ 878ca0716f5SRobert Watson token_t * 879ca0716f5SRobert Watson au_to_return32(char status, u_int32_t ret) 880ca0716f5SRobert Watson { 881ca0716f5SRobert Watson token_t *t; 882ca0716f5SRobert Watson u_char *dptr = NULL; 883ca0716f5SRobert Watson 884ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); 885ca0716f5SRobert Watson if (t == NULL) 886ca0716f5SRobert Watson return (NULL); 887ca0716f5SRobert Watson 888ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_RETURN32); 889ca0716f5SRobert Watson ADD_U_CHAR(dptr, status); 890ca0716f5SRobert Watson ADD_U_INT32(dptr, ret); 891ca0716f5SRobert Watson 892ca0716f5SRobert Watson return (t); 893ca0716f5SRobert Watson } 894ca0716f5SRobert Watson 895ca0716f5SRobert Watson token_t * 896ca0716f5SRobert Watson au_to_return64(char status, u_int64_t ret) 897ca0716f5SRobert Watson { 898ca0716f5SRobert Watson token_t *t; 899ca0716f5SRobert Watson u_char *dptr = NULL; 900ca0716f5SRobert Watson 901ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t)); 902ca0716f5SRobert Watson if (t == NULL) 903ca0716f5SRobert Watson return (NULL); 904ca0716f5SRobert Watson 905ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_RETURN64); 906ca0716f5SRobert Watson ADD_U_CHAR(dptr, status); 907ca0716f5SRobert Watson ADD_U_INT64(dptr, ret); 908ca0716f5SRobert Watson 909ca0716f5SRobert Watson return (t); 910ca0716f5SRobert Watson } 911ca0716f5SRobert Watson 912ca0716f5SRobert Watson token_t * 913ca0716f5SRobert Watson au_to_return(char status, u_int32_t ret) 914ca0716f5SRobert Watson { 915ca0716f5SRobert Watson 916ca0716f5SRobert Watson return (au_to_return32(status, ret)); 917ca0716f5SRobert Watson } 918ca0716f5SRobert Watson 919ca0716f5SRobert Watson /* 920ca0716f5SRobert Watson * token ID 1 byte 921ca0716f5SRobert Watson * sequence number 4 bytes 922ca0716f5SRobert Watson */ 923ca0716f5SRobert Watson token_t * 924ca0716f5SRobert Watson au_to_seq(long audit_count) 925ca0716f5SRobert Watson { 926ca0716f5SRobert Watson token_t *t; 927ca0716f5SRobert Watson u_char *dptr = NULL; 928ca0716f5SRobert Watson 929ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); 930ca0716f5SRobert Watson if (t == NULL) 931ca0716f5SRobert Watson return (NULL); 932ca0716f5SRobert Watson 933ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_SEQ); 934ca0716f5SRobert Watson ADD_U_INT32(dptr, audit_count); 935ca0716f5SRobert Watson 936ca0716f5SRobert Watson return (t); 937ca0716f5SRobert Watson } 938ca0716f5SRobert Watson 939ca0716f5SRobert Watson /* 940ca0716f5SRobert Watson * token ID 1 byte 9417a0a89d2SRobert Watson * socket domain 2 bytes 9427a0a89d2SRobert Watson * socket type 2 bytes 9437a0a89d2SRobert Watson * address type 2 byte 9447a0a89d2SRobert Watson * local port 2 bytes 9457a0a89d2SRobert Watson * local address 4 bytes/16 bytes (IPv4/IPv6 address) 9467a0a89d2SRobert Watson * remote port 2 bytes 9477a0a89d2SRobert Watson * remote address 4 bytes/16 bytes (IPv4/IPv6 address) 948c74c7b73SRobert Watson * 949c74c7b73SRobert Watson * Domain and type arguments to this routine are assumed to already have been 950c74c7b73SRobert Watson * converted to the BSM constant space, so we don't do that here. 9517a0a89d2SRobert Watson */ 9527a0a89d2SRobert Watson token_t * 9537a0a89d2SRobert Watson au_to_socket_ex(u_short so_domain, u_short so_type, 9547a0a89d2SRobert Watson struct sockaddr *sa_local, struct sockaddr *sa_remote) 9557a0a89d2SRobert Watson { 9567a0a89d2SRobert Watson token_t *t; 9577a0a89d2SRobert Watson u_char *dptr = NULL; 9587a0a89d2SRobert Watson struct sockaddr_in *sin; 9597a0a89d2SRobert Watson struct sockaddr_in6 *sin6; 9607a0a89d2SRobert Watson 9617a0a89d2SRobert Watson if (so_domain == AF_INET) 9627a0a89d2SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9637a0a89d2SRobert Watson 5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); 9647a0a89d2SRobert Watson else if (so_domain == AF_INET6) 9657a0a89d2SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 96606edd2f1SRobert Watson 5 * sizeof(u_int16_t) + 8 * sizeof(u_int32_t)); 9677a0a89d2SRobert Watson else { 9687a0a89d2SRobert Watson errno = EINVAL; 9697a0a89d2SRobert Watson return (NULL); 9707a0a89d2SRobert Watson } 9717a0a89d2SRobert Watson 9727a0a89d2SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKET_EX); 97306edd2f1SRobert Watson ADD_U_INT16(dptr, au_domain_to_bsm(so_domain)); 97406edd2f1SRobert Watson ADD_U_INT16(dptr, au_socket_type_to_bsm(so_type)); 9757a0a89d2SRobert Watson if (so_domain == AF_INET) { 9767a0a89d2SRobert Watson ADD_U_INT16(dptr, AU_IPv4); 9777a0a89d2SRobert Watson sin = (struct sockaddr_in *)sa_local; 9787a0a89d2SRobert Watson ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t)); 9797a0a89d2SRobert Watson ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t)); 9807a0a89d2SRobert Watson sin = (struct sockaddr_in *)sa_remote; 9817a0a89d2SRobert Watson ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t)); 9827a0a89d2SRobert Watson ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t)); 9837a0a89d2SRobert Watson } else { 9847a0a89d2SRobert Watson ADD_U_INT16(dptr, AU_IPv6); 9857a0a89d2SRobert Watson sin6 = (struct sockaddr_in6 *)sa_local; 9867a0a89d2SRobert Watson ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t)); 9877a0a89d2SRobert Watson ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t)); 9887a0a89d2SRobert Watson sin6 = (struct sockaddr_in6 *)sa_remote; 9897a0a89d2SRobert Watson ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t)); 9907a0a89d2SRobert Watson ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t)); 9917a0a89d2SRobert Watson } 9927a0a89d2SRobert Watson 9937a0a89d2SRobert Watson return (t); 9947a0a89d2SRobert Watson } 9957a0a89d2SRobert Watson 9967a0a89d2SRobert Watson /* 9977a0a89d2SRobert Watson * token ID 1 byte 998ca0716f5SRobert Watson * socket family 2 bytes 999597df30eSRobert Watson * path (up to) 104 bytes + NULL (NULL terminated string) 1000ca0716f5SRobert Watson */ 1001ca0716f5SRobert Watson token_t * 1002ca0716f5SRobert Watson au_to_sock_unix(struct sockaddr_un *so) 1003ca0716f5SRobert Watson { 1004ca0716f5SRobert Watson token_t *t; 1005ca0716f5SRobert Watson u_char *dptr; 1006ca0716f5SRobert Watson 1007ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + strlen(so->sun_path) + 1); 1008ca0716f5SRobert Watson if (t == NULL) 1009ca0716f5SRobert Watson return (NULL); 1010ca0716f5SRobert Watson 101152267f74SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKUNIX); 1012ca0716f5SRobert Watson /* BSM token has two bytes for family */ 1013ca0716f5SRobert Watson ADD_U_CHAR(dptr, 0); 1014ca0716f5SRobert Watson ADD_U_CHAR(dptr, so->sun_family); 1015ca0716f5SRobert Watson ADD_STRING(dptr, so->sun_path, strlen(so->sun_path) + 1); 1016ca0716f5SRobert Watson 1017ca0716f5SRobert Watson return (t); 1018ca0716f5SRobert Watson } 1019ca0716f5SRobert Watson 1020ca0716f5SRobert Watson /* 1021ca0716f5SRobert Watson * token ID 1 byte 1022ca0716f5SRobert Watson * socket family 2 bytes 1023ca0716f5SRobert Watson * local port 2 bytes 1024ca0716f5SRobert Watson * socket address 4 bytes 1025ca0716f5SRobert Watson */ 1026ca0716f5SRobert Watson token_t * 1027ca0716f5SRobert Watson au_to_sock_inet32(struct sockaddr_in *so) 1028ca0716f5SRobert Watson { 1029ca0716f5SRobert Watson token_t *t; 1030ca0716f5SRobert Watson u_char *dptr = NULL; 1031506764c6SRobert Watson uint16_t family; 1032ca0716f5SRobert Watson 1033506764c6SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + 1034506764c6SRobert Watson sizeof(uint32_t)); 1035ca0716f5SRobert Watson if (t == NULL) 1036ca0716f5SRobert Watson return (NULL); 1037ca0716f5SRobert Watson 1038ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKINET32); 1039ca0716f5SRobert Watson /* 1040506764c6SRobert Watson * BSM defines the family field as 16 bits, but many operating 1041506764c6SRobert Watson * systems have an 8-bit sin_family field. Extend to 16 bits before 1042506764c6SRobert Watson * writing into the token. Assume that both the port and the address 1043506764c6SRobert Watson * in the sockaddr_in are already in network byte order, but family 1044506764c6SRobert Watson * is in local byte order. 1045506764c6SRobert Watson * 1046506764c6SRobert Watson * XXXRW: Should a name space conversion be taking place on the value 1047506764c6SRobert Watson * of sin_family? 1048ca0716f5SRobert Watson */ 1049506764c6SRobert Watson family = so->sin_family; 1050506764c6SRobert Watson ADD_U_INT16(dptr, family); 1051506764c6SRobert Watson ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); 1052506764c6SRobert Watson ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); 1053ca0716f5SRobert Watson 1054ca0716f5SRobert Watson return (t); 1055ca0716f5SRobert Watson } 1056ca0716f5SRobert Watson 1057ca0716f5SRobert Watson token_t * 1058ca0716f5SRobert Watson au_to_sock_inet128(struct sockaddr_in6 *so) 1059ca0716f5SRobert Watson { 1060ca0716f5SRobert Watson token_t *t; 1061ca0716f5SRobert Watson u_char *dptr = NULL; 1062ca0716f5SRobert Watson 1063ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + 1064ca0716f5SRobert Watson 4 * sizeof(u_int32_t)); 1065ca0716f5SRobert Watson if (t == NULL) 1066ca0716f5SRobert Watson return (NULL); 1067ca0716f5SRobert Watson 1068ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKINET128); 1069ca0716f5SRobert Watson /* 10707a0a89d2SRobert Watson * In BSD, sin6_family is one octet, but BSM defines the token to 10717a0a89d2SRobert Watson * store two. So we copy in a 0 first. XXXRW: Possibly should be 10727a0a89d2SRobert Watson * conditionally compiled. 1073ca0716f5SRobert Watson */ 1074ca0716f5SRobert Watson ADD_U_CHAR(dptr, 0); 1075ca0716f5SRobert Watson ADD_U_CHAR(dptr, so->sin6_family); 1076ca0716f5SRobert Watson 1077ca0716f5SRobert Watson ADD_U_INT16(dptr, so->sin6_port); 1078506764c6SRobert Watson ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); 1079ca0716f5SRobert Watson 1080ca0716f5SRobert Watson return (t); 1081ca0716f5SRobert Watson } 1082ca0716f5SRobert Watson 1083ca0716f5SRobert Watson token_t * 1084ca0716f5SRobert Watson au_to_sock_inet(struct sockaddr_in *so) 1085ca0716f5SRobert Watson { 1086ca0716f5SRobert Watson 1087ca0716f5SRobert Watson return (au_to_sock_inet32(so)); 1088ca0716f5SRobert Watson } 1089ca0716f5SRobert Watson 1090ca0716f5SRobert Watson /* 1091ca0716f5SRobert Watson * token ID 1 byte 1092ca0716f5SRobert Watson * audit ID 4 bytes 1093ca0716f5SRobert Watson * effective user ID 4 bytes 1094ca0716f5SRobert Watson * effective group ID 4 bytes 1095ca0716f5SRobert Watson * real user ID 4 bytes 1096ca0716f5SRobert Watson * real group ID 4 bytes 1097ca0716f5SRobert Watson * process ID 4 bytes 1098ca0716f5SRobert Watson * session ID 4 bytes 1099ca0716f5SRobert Watson * terminal ID 1100ca0716f5SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 1101ca0716f5SRobert Watson * machine address 4 bytes 1102ca0716f5SRobert Watson */ 1103ca0716f5SRobert Watson token_t * 1104ca0716f5SRobert Watson au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 1105ca0716f5SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 1106ca0716f5SRobert Watson { 1107ca0716f5SRobert Watson token_t *t; 1108ca0716f5SRobert Watson u_char *dptr = NULL; 1109ca0716f5SRobert Watson 1110ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); 1111ca0716f5SRobert Watson if (t == NULL) 1112ca0716f5SRobert Watson return (NULL); 1113ca0716f5SRobert Watson 1114ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT32); 1115ca0716f5SRobert Watson ADD_U_INT32(dptr, auid); 1116ca0716f5SRobert Watson ADD_U_INT32(dptr, euid); 1117ca0716f5SRobert Watson ADD_U_INT32(dptr, egid); 1118ca0716f5SRobert Watson ADD_U_INT32(dptr, ruid); 1119ca0716f5SRobert Watson ADD_U_INT32(dptr, rgid); 1120ca0716f5SRobert Watson ADD_U_INT32(dptr, pid); 1121ca0716f5SRobert Watson ADD_U_INT32(dptr, sid); 1122ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->port); 1123506764c6SRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 1124ca0716f5SRobert Watson 1125ca0716f5SRobert Watson return (t); 1126ca0716f5SRobert Watson } 1127ca0716f5SRobert Watson 1128ca0716f5SRobert Watson token_t * 1129ca0716f5SRobert Watson au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 1130ca0716f5SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 1131ca0716f5SRobert Watson { 1132bc168a6cSRobert Watson token_t *t; 1133bc168a6cSRobert Watson u_char *dptr = NULL; 1134ca0716f5SRobert Watson 1135bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + 1136bc168a6cSRobert Watson sizeof(u_int64_t) + sizeof(u_int32_t)); 1137bc168a6cSRobert Watson if (t == NULL) 1138ca0716f5SRobert Watson return (NULL); 1139bc168a6cSRobert Watson 1140bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT64); 1141bc168a6cSRobert Watson ADD_U_INT32(dptr, auid); 1142bc168a6cSRobert Watson ADD_U_INT32(dptr, euid); 1143bc168a6cSRobert Watson ADD_U_INT32(dptr, egid); 1144bc168a6cSRobert Watson ADD_U_INT32(dptr, ruid); 1145bc168a6cSRobert Watson ADD_U_INT32(dptr, rgid); 1146bc168a6cSRobert Watson ADD_U_INT32(dptr, pid); 1147bc168a6cSRobert Watson ADD_U_INT32(dptr, sid); 1148bc168a6cSRobert Watson ADD_U_INT64(dptr, tid->port); 1149bc168a6cSRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 1150bc168a6cSRobert Watson 1151bc168a6cSRobert Watson return (t); 1152ca0716f5SRobert Watson } 1153ca0716f5SRobert Watson 1154ca0716f5SRobert Watson token_t * 1155ca0716f5SRobert Watson au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 1156ca0716f5SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 1157ca0716f5SRobert Watson { 1158ca0716f5SRobert Watson 1159ca0716f5SRobert Watson return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 1160ca0716f5SRobert Watson tid)); 1161ca0716f5SRobert Watson } 1162ca0716f5SRobert Watson 1163ca0716f5SRobert Watson /* 1164ca0716f5SRobert Watson * token ID 1 byte 1165ca0716f5SRobert Watson * audit ID 4 bytes 1166ca0716f5SRobert Watson * effective user ID 4 bytes 1167ca0716f5SRobert Watson * effective group ID 4 bytes 1168ca0716f5SRobert Watson * real user ID 4 bytes 1169ca0716f5SRobert Watson * real group ID 4 bytes 1170ca0716f5SRobert Watson * process ID 4 bytes 1171ca0716f5SRobert Watson * session ID 4 bytes 1172ca0716f5SRobert Watson * terminal ID 1173ca0716f5SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 1174ca0716f5SRobert Watson * address type/length 4 bytes 1175ca0716f5SRobert Watson * machine address 16 bytes 1176ca0716f5SRobert Watson */ 1177ca0716f5SRobert Watson token_t * 1178ca0716f5SRobert Watson au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 1179ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 1180ca0716f5SRobert Watson { 1181ca0716f5SRobert Watson token_t *t; 1182ca0716f5SRobert Watson u_char *dptr = NULL; 1183ca0716f5SRobert Watson 1184d9af45c4SRobert Watson if (tid->at_type == AU_IPv4) 1185d9af45c4SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * 1186d9af45c4SRobert Watson sizeof(u_int32_t)); 1187d9af45c4SRobert Watson else if (tid->at_type == AU_IPv6) 1188d9af45c4SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * 1189d9af45c4SRobert Watson sizeof(u_int32_t)); 1190d9af45c4SRobert Watson else { 1191d9af45c4SRobert Watson errno = EINVAL; 1192d9af45c4SRobert Watson return (NULL); 1193d9af45c4SRobert Watson } 1194ca0716f5SRobert Watson if (t == NULL) 1195ca0716f5SRobert Watson return (NULL); 1196ca0716f5SRobert Watson 1197ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT32_EX); 1198ca0716f5SRobert Watson ADD_U_INT32(dptr, auid); 1199ca0716f5SRobert Watson ADD_U_INT32(dptr, euid); 1200ca0716f5SRobert Watson ADD_U_INT32(dptr, egid); 1201ca0716f5SRobert Watson ADD_U_INT32(dptr, ruid); 1202ca0716f5SRobert Watson ADD_U_INT32(dptr, rgid); 1203ca0716f5SRobert Watson ADD_U_INT32(dptr, pid); 1204ca0716f5SRobert Watson ADD_U_INT32(dptr, sid); 1205ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->at_port); 1206ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->at_type); 1207bc168a6cSRobert Watson if (tid->at_type == AU_IPv6) 1208bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); 1209bc168a6cSRobert Watson else 1210bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 1211ca0716f5SRobert Watson 1212ca0716f5SRobert Watson return (t); 1213ca0716f5SRobert Watson } 1214ca0716f5SRobert Watson 1215ca0716f5SRobert Watson token_t * 1216ca0716f5SRobert Watson au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 1217ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 1218ca0716f5SRobert Watson { 1219bc168a6cSRobert Watson token_t *t; 1220bc168a6cSRobert Watson u_char *dptr = NULL; 1221ca0716f5SRobert Watson 1222bc168a6cSRobert Watson if (tid->at_type == AU_IPv4) 1223bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 1224bc168a6cSRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 1225bc168a6cSRobert Watson 2 * sizeof(u_int32_t)); 1226bc168a6cSRobert Watson else if (tid->at_type == AU_IPv6) 1227bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 1228bc168a6cSRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 1229bc168a6cSRobert Watson 5 * sizeof(u_int32_t)); 1230bc168a6cSRobert Watson else { 1231bc168a6cSRobert Watson errno = EINVAL; 1232ca0716f5SRobert Watson return (NULL); 1233ca0716f5SRobert Watson } 1234bc168a6cSRobert Watson if (t == NULL) 1235bc168a6cSRobert Watson return (NULL); 1236bc168a6cSRobert Watson 1237bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT64_EX); 1238bc168a6cSRobert Watson ADD_U_INT32(dptr, auid); 1239bc168a6cSRobert Watson ADD_U_INT32(dptr, euid); 1240bc168a6cSRobert Watson ADD_U_INT32(dptr, egid); 1241bc168a6cSRobert Watson ADD_U_INT32(dptr, ruid); 1242bc168a6cSRobert Watson ADD_U_INT32(dptr, rgid); 1243bc168a6cSRobert Watson ADD_U_INT32(dptr, pid); 1244bc168a6cSRobert Watson ADD_U_INT32(dptr, sid); 1245bc168a6cSRobert Watson ADD_U_INT64(dptr, tid->at_port); 1246bc168a6cSRobert Watson ADD_U_INT32(dptr, tid->at_type); 1247bc168a6cSRobert Watson if (tid->at_type == AU_IPv6) 1248bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); 1249bc168a6cSRobert Watson else 1250bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 1251bc168a6cSRobert Watson 1252bc168a6cSRobert Watson return (t); 1253bc168a6cSRobert Watson } 1254ca0716f5SRobert Watson 1255ca0716f5SRobert Watson token_t * 1256ca0716f5SRobert Watson au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 1257ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 1258ca0716f5SRobert Watson { 1259ca0716f5SRobert Watson 1260ca0716f5SRobert Watson return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid, 1261ca0716f5SRobert Watson tid)); 1262ca0716f5SRobert Watson } 1263ca0716f5SRobert Watson 12643b97a967SRobert Watson #if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) 1265ca0716f5SRobert Watson /* 126652267f74SRobert Watson * Collects audit information for the current process and creates a subject 126752267f74SRobert Watson * token from it. 1268ca0716f5SRobert Watson */ 1269ca0716f5SRobert Watson token_t * 1270ca0716f5SRobert Watson au_to_me(void) 1271ca0716f5SRobert Watson { 1272ca0716f5SRobert Watson auditinfo_t auinfo; 1273597df30eSRobert Watson auditinfo_addr_t aia; 1274ca0716f5SRobert Watson 1275597df30eSRobert Watson /* 1276597df30eSRobert Watson * Try to use getaudit_addr(2) first. If this kernel does not support 1277597df30eSRobert Watson * it, then fall back on to getaudit(2). 1278597df30eSRobert Watson */ 1279597df30eSRobert Watson if (getaudit_addr(&aia, sizeof(aia)) != 0) { 1280597df30eSRobert Watson if (errno == ENOSYS) { 1281ca0716f5SRobert Watson if (getaudit(&auinfo) != 0) 1282ca0716f5SRobert Watson return (NULL); 1283597df30eSRobert Watson return (au_to_subject32(auinfo.ai_auid, geteuid(), 1284597df30eSRobert Watson getegid(), getuid(), getgid(), getpid(), 1285597df30eSRobert Watson auinfo.ai_asid, &auinfo.ai_termid)); 1286597df30eSRobert Watson } else { 1287597df30eSRobert Watson /* getaudit_addr(2) failed for some other reason. */ 1288597df30eSRobert Watson return (NULL); 1289597df30eSRobert Watson } 1290597df30eSRobert Watson } 1291ca0716f5SRobert Watson 1292597df30eSRobert Watson return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), 1293597df30eSRobert Watson getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); 1294ca0716f5SRobert Watson } 1295ca0716f5SRobert Watson #endif 1296ca0716f5SRobert Watson 1297ca0716f5SRobert Watson /* 1298ca0716f5SRobert Watson * token ID 1 byte 1299ca0716f5SRobert Watson * count 4 bytes 1300ca0716f5SRobert Watson * text count null-terminated strings 1301ca0716f5SRobert Watson */ 1302ca0716f5SRobert Watson token_t * 130385feadf6SRobert Watson au_to_exec_args(char **argv) 1304ca0716f5SRobert Watson { 1305ca0716f5SRobert Watson token_t *t; 1306ca0716f5SRobert Watson u_char *dptr = NULL; 1307ca0716f5SRobert Watson const char *nextarg; 1308ca0716f5SRobert Watson int i, count = 0; 1309ca0716f5SRobert Watson size_t totlen = 0; 1310ca0716f5SRobert Watson 131122ccb20dSRobert Watson nextarg = *argv; 1312ca0716f5SRobert Watson 1313ca0716f5SRobert Watson while (nextarg != NULL) { 1314ca0716f5SRobert Watson int nextlen; 1315ca0716f5SRobert Watson 1316ca0716f5SRobert Watson nextlen = strlen(nextarg); 1317ca0716f5SRobert Watson totlen += nextlen + 1; 1318ca0716f5SRobert Watson count++; 131922ccb20dSRobert Watson nextarg = *(argv + count); 1320ca0716f5SRobert Watson } 1321ca0716f5SRobert Watson 1322ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 1323ca0716f5SRobert Watson if (t == NULL) 1324ca0716f5SRobert Watson return (NULL); 1325ca0716f5SRobert Watson 1326ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_EXEC_ARGS); 1327ca0716f5SRobert Watson ADD_U_INT32(dptr, count); 1328ca0716f5SRobert Watson 1329ca0716f5SRobert Watson for (i = 0; i < count; i++) { 133022ccb20dSRobert Watson nextarg = *(argv + i); 1331ca0716f5SRobert Watson ADD_MEM(dptr, nextarg, strlen(nextarg) + 1); 1332ca0716f5SRobert Watson } 1333ca0716f5SRobert Watson 1334ca0716f5SRobert Watson return (t); 1335ca0716f5SRobert Watson } 1336ca0716f5SRobert Watson 1337ca0716f5SRobert Watson /* 1338ca0716f5SRobert Watson * token ID 1 byte 1339ca0716f5SRobert Watson * count 4 bytes 1340ca0716f5SRobert Watson * text count null-terminated strings 1341ca0716f5SRobert Watson */ 1342ca0716f5SRobert Watson token_t * 134385feadf6SRobert Watson au_to_exec_env(char **envp) 1344ca0716f5SRobert Watson { 1345ca0716f5SRobert Watson token_t *t; 1346ca0716f5SRobert Watson u_char *dptr = NULL; 1347ca0716f5SRobert Watson int i, count = 0; 1348ca0716f5SRobert Watson size_t totlen = 0; 1349ca0716f5SRobert Watson const char *nextenv; 1350ca0716f5SRobert Watson 135122ccb20dSRobert Watson nextenv = *envp; 1352ca0716f5SRobert Watson 1353ca0716f5SRobert Watson while (nextenv != NULL) { 1354ca0716f5SRobert Watson int nextlen; 1355ca0716f5SRobert Watson 1356ca0716f5SRobert Watson nextlen = strlen(nextenv); 1357ca0716f5SRobert Watson totlen += nextlen + 1; 1358ca0716f5SRobert Watson count++; 135922ccb20dSRobert Watson nextenv = *(envp + count); 1360ca0716f5SRobert Watson } 1361ca0716f5SRobert Watson 1362ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 1363ca0716f5SRobert Watson if (t == NULL) 1364ca0716f5SRobert Watson return (NULL); 1365ca0716f5SRobert Watson 1366ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_EXEC_ENV); 1367ca0716f5SRobert Watson ADD_U_INT32(dptr, count); 1368ca0716f5SRobert Watson 1369ca0716f5SRobert Watson for (i = 0; i < count; i++) { 137022ccb20dSRobert Watson nextenv = *(envp + i); 1371ca0716f5SRobert Watson ADD_MEM(dptr, nextenv, strlen(nextenv) + 1); 1372ca0716f5SRobert Watson } 1373ca0716f5SRobert Watson 1374ca0716f5SRobert Watson return (t); 1375ca0716f5SRobert Watson } 1376ca0716f5SRobert Watson 1377ca0716f5SRobert Watson /* 1378ca0716f5SRobert Watson * token ID 1 byte 13797a0a89d2SRobert Watson * zonename length 2 bytes 13807a0a89d2SRobert Watson * zonename N bytes + 1 terminating NULL byte 13817a0a89d2SRobert Watson */ 13827a0a89d2SRobert Watson token_t * 13837a0a89d2SRobert Watson au_to_zonename(const char *zonename) 13847a0a89d2SRobert Watson { 13857a0a89d2SRobert Watson u_char *dptr = NULL; 13867a0a89d2SRobert Watson u_int16_t textlen; 13877a0a89d2SRobert Watson token_t *t; 13887a0a89d2SRobert Watson 13897a0a89d2SRobert Watson textlen = strlen(zonename) + 1; 13907a0a89d2SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 13917a0a89d2SRobert Watson if (t == NULL) 13927a0a89d2SRobert Watson return (NULL); 13937a0a89d2SRobert Watson 13947a0a89d2SRobert Watson ADD_U_CHAR(dptr, AUT_ZONENAME); 13957a0a89d2SRobert Watson ADD_U_INT16(dptr, textlen); 13967a0a89d2SRobert Watson ADD_STRING(dptr, zonename, textlen); 13977a0a89d2SRobert Watson return (t); 13987a0a89d2SRobert Watson } 13997a0a89d2SRobert Watson 14007a0a89d2SRobert Watson /* 14017a0a89d2SRobert Watson * token ID 1 byte 1402ca0716f5SRobert Watson * record byte count 4 bytes 1403ca0716f5SRobert Watson * version # 1 byte [2] 1404ca0716f5SRobert Watson * event type 2 bytes 1405ca0716f5SRobert Watson * event modifier 2 bytes 1406ca0716f5SRobert Watson * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1407ca0716f5SRobert Watson * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1408ca0716f5SRobert Watson */ 1409ca0716f5SRobert Watson token_t * 1410506764c6SRobert Watson au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 1411ca0716f5SRobert Watson struct timeval tm) 1412ca0716f5SRobert Watson { 1413ca0716f5SRobert Watson token_t *t; 1414ca0716f5SRobert Watson u_char *dptr = NULL; 1415ca0716f5SRobert Watson u_int32_t timems; 1416ca0716f5SRobert Watson 1417ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 1418ca0716f5SRobert Watson sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); 1419ca0716f5SRobert Watson if (t == NULL) 1420ca0716f5SRobert Watson return (NULL); 1421ca0716f5SRobert Watson 1422ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_HEADER32); 1423ca0716f5SRobert Watson ADD_U_INT32(dptr, rec_size); 142422ccb20dSRobert Watson ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 1425ca0716f5SRobert Watson ADD_U_INT16(dptr, e_type); 1426ca0716f5SRobert Watson ADD_U_INT16(dptr, e_mod); 1427ca0716f5SRobert Watson 1428ca0716f5SRobert Watson timems = tm.tv_usec/1000; 1429ca0716f5SRobert Watson /* Add the timestamp */ 1430ca0716f5SRobert Watson ADD_U_INT32(dptr, tm.tv_sec); 1431ca0716f5SRobert Watson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 1432ca0716f5SRobert Watson 1433ca0716f5SRobert Watson return (t); 1434ca0716f5SRobert Watson } 1435ca0716f5SRobert Watson 143652267f74SRobert Watson /* 143752267f74SRobert Watson * token ID 1 byte 143852267f74SRobert Watson * record byte count 4 bytes 143952267f74SRobert Watson * version # 1 byte [2] 144052267f74SRobert Watson * event type 2 bytes 144152267f74SRobert Watson * event modifier 2 bytes 144252267f74SRobert Watson * address type/length 4 bytes 144352267f74SRobert Watson * machine address 4 bytes/16 bytes (IPv4/IPv6 address) 144452267f74SRobert Watson * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 144552267f74SRobert Watson * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 144652267f74SRobert Watson */ 144752267f74SRobert Watson token_t * 144852267f74SRobert Watson au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 144952267f74SRobert Watson struct timeval tm, struct auditinfo_addr *aia) 145052267f74SRobert Watson { 145152267f74SRobert Watson token_t *t; 145252267f74SRobert Watson u_char *dptr = NULL; 14537a0a89d2SRobert Watson u_int32_t timems; 14547a0a89d2SRobert Watson au_tid_addr_t *tid; 145552267f74SRobert Watson 14567a0a89d2SRobert Watson tid = &aia->ai_termid; 145752267f74SRobert Watson if (tid->at_type != AU_IPv4 && tid->at_type != AU_IPv6) 145852267f74SRobert Watson return (NULL); 145952267f74SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 146052267f74SRobert Watson sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * 146152267f74SRobert Watson sizeof(u_int32_t) + tid->at_type); 146252267f74SRobert Watson if (t == NULL) 146352267f74SRobert Watson return (NULL); 146452267f74SRobert Watson 146552267f74SRobert Watson ADD_U_CHAR(dptr, AUT_HEADER32_EX); 146652267f74SRobert Watson ADD_U_INT32(dptr, rec_size); 146752267f74SRobert Watson ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 146852267f74SRobert Watson ADD_U_INT16(dptr, e_type); 146952267f74SRobert Watson ADD_U_INT16(dptr, e_mod); 147052267f74SRobert Watson 147152267f74SRobert Watson ADD_U_INT32(dptr, tid->at_type); 147252267f74SRobert Watson if (tid->at_type == AU_IPv6) 147352267f74SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); 147452267f74SRobert Watson else 147552267f74SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 147652267f74SRobert Watson timems = tm.tv_usec/1000; 147752267f74SRobert Watson /* Add the timestamp */ 147852267f74SRobert Watson ADD_U_INT32(dptr, tm.tv_sec); 147952267f74SRobert Watson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 148052267f74SRobert Watson 148152267f74SRobert Watson return (t); 148252267f74SRobert Watson } 148352267f74SRobert Watson 1484bc168a6cSRobert Watson token_t * 1485bc168a6cSRobert Watson au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 1486bc168a6cSRobert Watson struct timeval tm) 1487bc168a6cSRobert Watson { 1488bc168a6cSRobert Watson token_t *t; 1489bc168a6cSRobert Watson u_char *dptr = NULL; 1490bc168a6cSRobert Watson u_int32_t timems; 1491bc168a6cSRobert Watson 1492bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 1493bc168a6cSRobert Watson sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t)); 1494bc168a6cSRobert Watson if (t == NULL) 1495bc168a6cSRobert Watson return (NULL); 1496bc168a6cSRobert Watson 1497bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_HEADER64); 1498bc168a6cSRobert Watson ADD_U_INT32(dptr, rec_size); 1499bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 1500bc168a6cSRobert Watson ADD_U_INT16(dptr, e_type); 1501bc168a6cSRobert Watson ADD_U_INT16(dptr, e_mod); 1502bc168a6cSRobert Watson 1503bc168a6cSRobert Watson timems = tm.tv_usec/1000; 1504bc168a6cSRobert Watson /* Add the timestamp */ 1505bc168a6cSRobert Watson ADD_U_INT64(dptr, tm.tv_sec); 1506bc168a6cSRobert Watson ADD_U_INT64(dptr, timems); /* We need time in ms. */ 1507bc168a6cSRobert Watson 1508bc168a6cSRobert Watson return (t); 1509bc168a6cSRobert Watson } 1510bc168a6cSRobert Watson 1511506764c6SRobert Watson #if !defined(KERNEL) && !defined(_KERNEL) 151252267f74SRobert Watson #ifdef HAVE_AUDIT_SYSCALLS 151352267f74SRobert Watson token_t * 151452267f74SRobert Watson au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) 151552267f74SRobert Watson { 151652267f74SRobert Watson struct timeval tm; 151752267f74SRobert Watson struct auditinfo_addr aia; 151852267f74SRobert Watson 151952267f74SRobert Watson if (gettimeofday(&tm, NULL) == -1) 152052267f74SRobert Watson return (NULL); 1521c0020399SRobert Watson if (audit_get_kaudit(&aia, sizeof(aia)) != 0) { 152252267f74SRobert Watson if (errno != ENOSYS) 152352267f74SRobert Watson return (NULL); 152452267f74SRobert Watson return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); 152552267f74SRobert Watson } 152652267f74SRobert Watson return (au_to_header32_ex_tm(rec_size, e_type, e_mod, tm, &aia)); 152752267f74SRobert Watson } 152852267f74SRobert Watson #endif /* HAVE_AUDIT_SYSCALLS */ 152952267f74SRobert Watson 1530506764c6SRobert Watson token_t * 1531506764c6SRobert Watson au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) 1532506764c6SRobert Watson { 1533506764c6SRobert Watson struct timeval tm; 1534506764c6SRobert Watson 1535506764c6SRobert Watson if (gettimeofday(&tm, NULL) == -1) 1536506764c6SRobert Watson return (NULL); 1537506764c6SRobert Watson return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); 1538506764c6SRobert Watson } 1539506764c6SRobert Watson 1540ca0716f5SRobert Watson token_t * 1541ca0716f5SRobert Watson au_to_header64(__unused int rec_size, __unused au_event_t e_type, 1542ca0716f5SRobert Watson __unused au_emod_t e_mod) 1543ca0716f5SRobert Watson { 1544bc168a6cSRobert Watson struct timeval tm; 1545ca0716f5SRobert Watson 1546bc168a6cSRobert Watson if (gettimeofday(&tm, NULL) == -1) 1547ca0716f5SRobert Watson return (NULL); 1548bc168a6cSRobert Watson return (au_to_header64_tm(rec_size, e_type, e_mod, tm)); 1549ca0716f5SRobert Watson } 1550ca0716f5SRobert Watson 1551ca0716f5SRobert Watson token_t * 1552ca0716f5SRobert Watson au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) 1553ca0716f5SRobert Watson { 1554ca0716f5SRobert Watson 1555ca0716f5SRobert Watson return (au_to_header32(rec_size, e_type, e_mod)); 1556ca0716f5SRobert Watson } 155752267f74SRobert Watson 155852267f74SRobert Watson #ifdef HAVE_AUDIT_SYSCALLS 155952267f74SRobert Watson token_t * 156052267f74SRobert Watson au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) 156152267f74SRobert Watson { 156252267f74SRobert Watson 156352267f74SRobert Watson return (au_to_header32_ex(rec_size, e_type, e_mod)); 156452267f74SRobert Watson } 156552267f74SRobert Watson #endif /* HAVE_AUDIT_SYSCALLS */ 156652267f74SRobert Watson #endif /* !defined(KERNEL) && !defined(_KERNEL) */ 1567ca0716f5SRobert Watson 1568ca0716f5SRobert Watson /* 1569ca0716f5SRobert Watson * token ID 1 byte 1570ca0716f5SRobert Watson * trailer magic number 2 bytes 1571ca0716f5SRobert Watson * record byte count 4 bytes 1572ca0716f5SRobert Watson */ 1573ca0716f5SRobert Watson token_t * 1574ca0716f5SRobert Watson au_to_trailer(int rec_size) 1575ca0716f5SRobert Watson { 1576ca0716f5SRobert Watson token_t *t; 1577ca0716f5SRobert Watson u_char *dptr = NULL; 15787a0a89d2SRobert Watson u_int16_t magic = AUT_TRAILER_MAGIC; 1579ca0716f5SRobert Watson 1580ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 1581ca0716f5SRobert Watson sizeof(u_int32_t)); 1582ca0716f5SRobert Watson if (t == NULL) 1583ca0716f5SRobert Watson return (NULL); 1584ca0716f5SRobert Watson 1585ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_TRAILER); 1586ca0716f5SRobert Watson ADD_U_INT16(dptr, magic); 1587ca0716f5SRobert Watson ADD_U_INT32(dptr, rec_size); 1588ca0716f5SRobert Watson 1589ca0716f5SRobert Watson return (t); 1590ca0716f5SRobert Watson } 1591