152267f74SRobert Watson /*- 252267f74SRobert Watson * Copyright (c) 2004-2008 Apple Inc. 3ca0716f5SRobert Watson * Copyright (c) 2005 SPARTA, Inc. 4ca0716f5SRobert Watson * All rights reserved. 5ca0716f5SRobert Watson * 6ca0716f5SRobert Watson * This code was developed in part by Robert N. M. Watson, Senior Principal 7ca0716f5SRobert Watson * Scientist, SPARTA, Inc. 8ca0716f5SRobert Watson * 9ca0716f5SRobert Watson * Redistribution and use in source and binary forms, with or without 10ca0716f5SRobert Watson * modification, are permitted provided that the following conditions 11ca0716f5SRobert Watson * are met: 12ca0716f5SRobert Watson * 1. Redistributions of source code must retain the above copyright 13ca0716f5SRobert Watson * notice, this list of conditions and the following disclaimer. 14ca0716f5SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 15ca0716f5SRobert Watson * notice, this list of conditions and the following disclaimer in the 16ca0716f5SRobert Watson * documentation and/or other materials provided with the distribution. 1752267f74SRobert Watson * 3. Neither the name of Apple Inc. ("Apple") nor the names of 18ca0716f5SRobert Watson * its contributors may be used to endorse or promote products derived 19ca0716f5SRobert Watson * from this software without specific prior written permission. 20ca0716f5SRobert Watson * 21ca0716f5SRobert Watson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 22ca0716f5SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23ca0716f5SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24ca0716f5SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 25ca0716f5SRobert Watson * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26ca0716f5SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27ca0716f5SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28ca0716f5SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 29ca0716f5SRobert Watson * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 30ca0716f5SRobert Watson * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31ca0716f5SRobert Watson * POSSIBILITY OF SUCH DAMAGE. 32ca0716f5SRobert Watson * 33c74c7b73SRobert Watson * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#86 $ 34ca0716f5SRobert Watson */ 35ca0716f5SRobert Watson 36ca0716f5SRobert Watson #include <sys/types.h> 373b97a967SRobert Watson 383b97a967SRobert Watson #include <config/config.h> 397a0a89d2SRobert Watson #if defined(HAVE_SYS_ENDIAN_H) && defined(HAVE_BE32ENC) 40ca0716f5SRobert Watson #include <sys/endian.h> 417a0a89d2SRobert Watson #else /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */ 423b97a967SRobert Watson #ifdef HAVE_MACHINE_ENDIAN_H 433b97a967SRobert Watson #include <machine/endian.h> 443b97a967SRobert Watson #else /* !HAVE_MACHINE_ENDIAN_H */ 453b97a967SRobert Watson #ifdef HAVE_ENDIAN_H 463b97a967SRobert Watson #include <endian.h> 473b97a967SRobert Watson #else /* !HAVE_ENDIAN_H */ 483b97a967SRobert Watson #error "No supported endian.h" 493b97a967SRobert Watson #endif /* !HAVE_ENDIAN_H */ 503b97a967SRobert Watson #endif /* !HAVE_MACHINE_ENDIAN_H */ 513b97a967SRobert Watson #include <compat/endian.h> 527a0a89d2SRobert Watson #endif /* !HAVE_SYS_ENDIAN_H || !HAVE_BE32ENC */ 533b97a967SRobert Watson #ifdef HAVE_FULL_QUEUE_H 543b97a967SRobert Watson #include <sys/queue.h> 553b97a967SRobert Watson #else /* !HAVE_FULL_QUEUE_H */ 563b97a967SRobert Watson #include <compat/queue.h> 573b97a967SRobert Watson #endif /* !HAVE_FULL_QUEUE_H */ 583b97a967SRobert Watson 59ca0716f5SRobert Watson #include <sys/socket.h> 60ca0716f5SRobert Watson #include <sys/time.h> 61ca0716f5SRobert Watson #include <sys/un.h> 62ca0716f5SRobert Watson 63ca0716f5SRobert Watson #include <sys/ipc.h> 64ca0716f5SRobert Watson 65ca0716f5SRobert Watson #include <netinet/in.h> 66ca0716f5SRobert Watson #include <netinet/in_systm.h> 67ca0716f5SRobert Watson #include <netinet/ip.h> 68ca0716f5SRobert Watson 69ca0716f5SRobert Watson #include <assert.h> 70ca0716f5SRobert Watson #include <errno.h> 71ca0716f5SRobert Watson #include <string.h> 72ca0716f5SRobert Watson #include <stdlib.h> 73ca0716f5SRobert Watson #include <unistd.h> 74ca0716f5SRobert Watson 75ca0716f5SRobert Watson #include <bsm/audit_internal.h> 76ca0716f5SRobert Watson #include <bsm/libbsm.h> 77ca0716f5SRobert Watson 78ca0716f5SRobert Watson #define GET_TOKEN_AREA(t, dptr, length) do { \ 79ca0716f5SRobert Watson (t) = malloc(sizeof(token_t)); \ 80ca0716f5SRobert Watson if ((t) != NULL) { \ 81ca0716f5SRobert Watson (t)->len = (length); \ 82ca0716f5SRobert Watson (dptr) = (t->t_data) = malloc((length) * sizeof(u_char)); \ 83ca0716f5SRobert Watson if ((dptr) == NULL) { \ 84ca0716f5SRobert Watson free(t); \ 85ca0716f5SRobert Watson (t) = NULL; \ 86ca0716f5SRobert Watson } else \ 87ca0716f5SRobert Watson memset((dptr), 0, (length)); \ 88ca0716f5SRobert Watson } else \ 89ca0716f5SRobert Watson (dptr) = NULL; \ 9052267f74SRobert Watson assert((t) == NULL || (dptr) != NULL); \ 91ca0716f5SRobert Watson } while (0) 92ca0716f5SRobert Watson 93ca0716f5SRobert Watson /* 94ca0716f5SRobert Watson * token ID 1 byte 95ca0716f5SRobert Watson * argument # 1 byte 96ca0716f5SRobert Watson * argument value 4 bytes/8 bytes (32-bit/64-bit value) 97ca0716f5SRobert Watson * text length 2 bytes 98ca0716f5SRobert Watson * text N bytes + 1 terminating NULL byte 99ca0716f5SRobert Watson */ 100ca0716f5SRobert Watson token_t * 10152267f74SRobert Watson au_to_arg32(char n, const char *text, u_int32_t v) 102ca0716f5SRobert Watson { 103ca0716f5SRobert Watson token_t *t; 104ca0716f5SRobert Watson u_char *dptr = NULL; 105ca0716f5SRobert Watson u_int16_t textlen; 106ca0716f5SRobert Watson 107ca0716f5SRobert Watson textlen = strlen(text); 108ca0716f5SRobert Watson textlen += 1; 109ca0716f5SRobert Watson 110ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t) + 111ca0716f5SRobert Watson sizeof(u_int16_t) + textlen); 112ca0716f5SRobert Watson if (t == NULL) 113ca0716f5SRobert Watson return (NULL); 114ca0716f5SRobert Watson 115ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_ARG32); 116ca0716f5SRobert Watson ADD_U_CHAR(dptr, n); 117ca0716f5SRobert Watson ADD_U_INT32(dptr, v); 118ca0716f5SRobert Watson ADD_U_INT16(dptr, textlen); 119ca0716f5SRobert Watson ADD_STRING(dptr, text, textlen); 120ca0716f5SRobert Watson 121ca0716f5SRobert Watson return (t); 122ca0716f5SRobert Watson } 123ca0716f5SRobert Watson 124ca0716f5SRobert Watson token_t * 12552267f74SRobert Watson au_to_arg64(char n, const char *text, u_int64_t v) 126ca0716f5SRobert Watson { 127ca0716f5SRobert Watson token_t *t; 128ca0716f5SRobert Watson u_char *dptr = NULL; 129ca0716f5SRobert Watson u_int16_t textlen; 130ca0716f5SRobert Watson 131ca0716f5SRobert Watson textlen = strlen(text); 132ca0716f5SRobert Watson textlen += 1; 133ca0716f5SRobert Watson 134ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t) + 135ca0716f5SRobert Watson sizeof(u_int16_t) + textlen); 136ca0716f5SRobert Watson if (t == NULL) 137ca0716f5SRobert Watson return (NULL); 138ca0716f5SRobert Watson 139ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_ARG64); 140ca0716f5SRobert Watson ADD_U_CHAR(dptr, n); 141ca0716f5SRobert Watson ADD_U_INT64(dptr, v); 142ca0716f5SRobert Watson ADD_U_INT16(dptr, textlen); 143ca0716f5SRobert Watson ADD_STRING(dptr, text, textlen); 144ca0716f5SRobert Watson 145ca0716f5SRobert Watson return (t); 146ca0716f5SRobert Watson } 147ca0716f5SRobert Watson 148ca0716f5SRobert Watson token_t * 14952267f74SRobert Watson au_to_arg(char n, const char *text, u_int32_t v) 150ca0716f5SRobert Watson { 151ca0716f5SRobert Watson 152ca0716f5SRobert Watson return (au_to_arg32(n, text, v)); 153ca0716f5SRobert Watson } 154ca0716f5SRobert Watson 155ca0716f5SRobert Watson #if defined(_KERNEL) || defined(KERNEL) 156ca0716f5SRobert Watson /* 157ca0716f5SRobert Watson * token ID 1 byte 158ca0716f5SRobert Watson * file access mode 4 bytes 159ca0716f5SRobert Watson * owner user ID 4 bytes 160ca0716f5SRobert Watson * owner group ID 4 bytes 161ca0716f5SRobert Watson * file system ID 4 bytes 162ca0716f5SRobert Watson * node ID 8 bytes 163ca0716f5SRobert Watson * device 4 bytes/8 bytes (32-bit/64-bit) 164ca0716f5SRobert Watson */ 165ca0716f5SRobert Watson token_t * 166ca0716f5SRobert Watson au_to_attr32(struct vnode_au_info *vni) 167ca0716f5SRobert Watson { 168ca0716f5SRobert Watson token_t *t; 169ca0716f5SRobert Watson u_char *dptr = NULL; 170ca0716f5SRobert Watson u_int16_t pad0_16 = 0; 171ca0716f5SRobert Watson u_int16_t pad0_32 = 0; 172ca0716f5SRobert Watson 173ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 174ca0716f5SRobert Watson 3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); 175ca0716f5SRobert Watson if (t == NULL) 176ca0716f5SRobert Watson return (NULL); 177ca0716f5SRobert Watson 178ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_ATTR32); 179ca0716f5SRobert Watson 180ca0716f5SRobert Watson /* 1817a0a89d2SRobert Watson * BSD defines the size for the file mode as 2 bytes; BSM defines 4 1827a0a89d2SRobert Watson * so pad with 0. 1837a0a89d2SRobert Watson * 1847a0a89d2SRobert Watson * XXXRW: Possibly should be conditionally compiled. 1857a0a89d2SRobert Watson * 1867a0a89d2SRobert Watson * XXXRW: Should any conversions take place on the mode? 187ca0716f5SRobert Watson */ 188ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0_16); 189ca0716f5SRobert Watson ADD_U_INT16(dptr, vni->vn_mode); 190ca0716f5SRobert Watson 191ca0716f5SRobert Watson ADD_U_INT32(dptr, vni->vn_uid); 192ca0716f5SRobert Watson ADD_U_INT32(dptr, vni->vn_gid); 193ca0716f5SRobert Watson ADD_U_INT32(dptr, vni->vn_fsid); 194ca0716f5SRobert Watson 195ca0716f5SRobert Watson /* 19652267f74SRobert Watson * Some systems use 32-bit file ID's, others use 64-bit file IDs. 197ca0716f5SRobert Watson * Attempt to handle both, and let the compiler sort it out. If we 198ca0716f5SRobert Watson * could pick this out at compile-time, it would be better, so as to 199ca0716f5SRobert Watson * avoid the else case below. 200ca0716f5SRobert Watson */ 201ca0716f5SRobert Watson if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { 202ca0716f5SRobert Watson ADD_U_INT32(dptr, pad0_32); 203ca0716f5SRobert Watson ADD_U_INT32(dptr, vni->vn_fileid); 204ca0716f5SRobert Watson } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) 205ca0716f5SRobert Watson ADD_U_INT64(dptr, vni->vn_fileid); 206ca0716f5SRobert Watson else 207ca0716f5SRobert Watson ADD_U_INT64(dptr, 0LL); 208ca0716f5SRobert Watson 209ca0716f5SRobert Watson ADD_U_INT32(dptr, vni->vn_dev); 210ca0716f5SRobert Watson 211ca0716f5SRobert Watson return (t); 212ca0716f5SRobert Watson } 213ca0716f5SRobert Watson 214ca0716f5SRobert Watson token_t * 215ca0716f5SRobert Watson au_to_attr64(struct vnode_au_info *vni) 216ca0716f5SRobert Watson { 217bc168a6cSRobert Watson token_t *t; 218bc168a6cSRobert Watson u_char *dptr = NULL; 219bc168a6cSRobert Watson u_int16_t pad0_16 = 0; 220bc168a6cSRobert Watson u_int16_t pad0_32 = 0; 221ca0716f5SRobert Watson 222bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 223bc168a6cSRobert Watson 3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2); 224bc168a6cSRobert Watson if (t == NULL) 225ca0716f5SRobert Watson return (NULL); 226bc168a6cSRobert Watson 227bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_ATTR64); 228bc168a6cSRobert Watson 229bc168a6cSRobert Watson /* 2307a0a89d2SRobert Watson * BSD defines the size for the file mode as 2 bytes; BSM defines 4 2317a0a89d2SRobert Watson * so pad with 0. 2327a0a89d2SRobert Watson * 2337a0a89d2SRobert Watson * XXXRW: Possibly should be conditionally compiled. 2347a0a89d2SRobert Watson * 2357a0a89d2SRobert Watson * XXXRW: Should any conversions take place on the mode? 236bc168a6cSRobert Watson */ 237bc168a6cSRobert Watson ADD_U_INT16(dptr, pad0_16); 238bc168a6cSRobert Watson ADD_U_INT16(dptr, vni->vn_mode); 239bc168a6cSRobert Watson 240bc168a6cSRobert Watson ADD_U_INT32(dptr, vni->vn_uid); 241bc168a6cSRobert Watson ADD_U_INT32(dptr, vni->vn_gid); 242bc168a6cSRobert Watson ADD_U_INT32(dptr, vni->vn_fsid); 243bc168a6cSRobert Watson 244bc168a6cSRobert Watson /* 245bc168a6cSRobert Watson * Some systems use 32-bit file ID's, other's use 64-bit file IDs. 246bc168a6cSRobert Watson * Attempt to handle both, and let the compiler sort it out. If we 247bc168a6cSRobert Watson * could pick this out at compile-time, it would be better, so as to 248bc168a6cSRobert Watson * avoid the else case below. 249bc168a6cSRobert Watson */ 250bc168a6cSRobert Watson if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { 251bc168a6cSRobert Watson ADD_U_INT32(dptr, pad0_32); 252bc168a6cSRobert Watson ADD_U_INT32(dptr, vni->vn_fileid); 253bc168a6cSRobert Watson } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) 254bc168a6cSRobert Watson ADD_U_INT64(dptr, vni->vn_fileid); 255bc168a6cSRobert Watson else 256bc168a6cSRobert Watson ADD_U_INT64(dptr, 0LL); 257bc168a6cSRobert Watson 258bc168a6cSRobert Watson ADD_U_INT64(dptr, vni->vn_dev); 259bc168a6cSRobert Watson 260bc168a6cSRobert Watson return (t); 261ca0716f5SRobert Watson } 262ca0716f5SRobert Watson 263ca0716f5SRobert Watson token_t * 264ca0716f5SRobert Watson au_to_attr(struct vnode_au_info *vni) 265ca0716f5SRobert Watson { 266ca0716f5SRobert Watson 267ca0716f5SRobert Watson return (au_to_attr32(vni)); 268ca0716f5SRobert Watson } 269ca0716f5SRobert Watson #endif /* !(defined(_KERNEL) || defined(KERNEL) */ 270ca0716f5SRobert Watson 271ca0716f5SRobert Watson /* 272ca0716f5SRobert Watson * token ID 1 byte 273ca0716f5SRobert Watson * how to print 1 byte 274ca0716f5SRobert Watson * basic unit 1 byte 275ca0716f5SRobert Watson * unit count 1 byte 276ca0716f5SRobert Watson * data items (depends on basic unit) 277ca0716f5SRobert Watson */ 278ca0716f5SRobert Watson token_t * 27952267f74SRobert Watson au_to_data(char unit_print, char unit_type, char unit_count, const char *p) 280ca0716f5SRobert Watson { 281ca0716f5SRobert Watson token_t *t; 282ca0716f5SRobert Watson u_char *dptr = NULL; 283ca0716f5SRobert Watson size_t datasize, totdata; 284ca0716f5SRobert Watson 285ca0716f5SRobert Watson /* Determine the size of the basic unit. */ 286ca0716f5SRobert Watson switch (unit_type) { 287ca0716f5SRobert Watson case AUR_BYTE: 288506764c6SRobert Watson /* case AUR_CHAR: */ 289ca0716f5SRobert Watson datasize = AUR_BYTE_SIZE; 290ca0716f5SRobert Watson break; 291ca0716f5SRobert Watson 292ca0716f5SRobert Watson case AUR_SHORT: 293ca0716f5SRobert Watson datasize = AUR_SHORT_SIZE; 294ca0716f5SRobert Watson break; 295ca0716f5SRobert Watson 296506764c6SRobert Watson case AUR_INT32: 297506764c6SRobert Watson /* case AUR_INT: */ 298506764c6SRobert Watson datasize = AUR_INT32_SIZE; 299506764c6SRobert Watson break; 300506764c6SRobert Watson 301506764c6SRobert Watson case AUR_INT64: 302506764c6SRobert Watson datasize = AUR_INT64_SIZE; 303ca0716f5SRobert Watson break; 304ca0716f5SRobert Watson 305ca0716f5SRobert Watson default: 306ca0716f5SRobert Watson errno = EINVAL; 307ca0716f5SRobert Watson return (NULL); 308ca0716f5SRobert Watson } 309ca0716f5SRobert Watson 310ca0716f5SRobert Watson totdata = datasize * unit_count; 311ca0716f5SRobert Watson 312506764c6SRobert Watson GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); 313ca0716f5SRobert Watson if (t == NULL) 314ca0716f5SRobert Watson return (NULL); 315ca0716f5SRobert Watson 3167a0a89d2SRobert Watson /* 3177a0a89d2SRobert Watson * XXXRW: We should be byte-swapping each data item for multi-byte 3187a0a89d2SRobert Watson * types. 3197a0a89d2SRobert Watson */ 320ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_DATA); 321ca0716f5SRobert Watson ADD_U_CHAR(dptr, unit_print); 322ca0716f5SRobert Watson ADD_U_CHAR(dptr, unit_type); 323ca0716f5SRobert Watson ADD_U_CHAR(dptr, unit_count); 324ca0716f5SRobert Watson ADD_MEM(dptr, p, totdata); 325ca0716f5SRobert Watson 326ca0716f5SRobert Watson return (t); 327ca0716f5SRobert Watson } 328ca0716f5SRobert Watson 329ca0716f5SRobert Watson 330ca0716f5SRobert Watson /* 331ca0716f5SRobert Watson * token ID 1 byte 332ca0716f5SRobert Watson * status 4 bytes 333ca0716f5SRobert Watson * return value 4 bytes 334ca0716f5SRobert Watson */ 335ca0716f5SRobert Watson token_t * 336ca0716f5SRobert Watson au_to_exit(int retval, int err) 337ca0716f5SRobert Watson { 338ca0716f5SRobert Watson token_t *t; 339ca0716f5SRobert Watson u_char *dptr = NULL; 340ca0716f5SRobert Watson 341ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t)); 342ca0716f5SRobert Watson if (t == NULL) 343ca0716f5SRobert Watson return (NULL); 344ca0716f5SRobert Watson 345ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_EXIT); 346ca0716f5SRobert Watson ADD_U_INT32(dptr, err); 347ca0716f5SRobert Watson ADD_U_INT32(dptr, retval); 348ca0716f5SRobert Watson 349ca0716f5SRobert Watson return (t); 350ca0716f5SRobert Watson } 351ca0716f5SRobert Watson 352ca0716f5SRobert Watson /* 353ca0716f5SRobert Watson */ 354ca0716f5SRobert Watson token_t * 355ca0716f5SRobert Watson au_to_groups(int *groups) 356ca0716f5SRobert Watson { 357ca0716f5SRobert Watson 358bc168a6cSRobert Watson return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t *)groups)); 359ca0716f5SRobert Watson } 360ca0716f5SRobert Watson 361ca0716f5SRobert Watson /* 362ca0716f5SRobert Watson * token ID 1 byte 363ca0716f5SRobert Watson * number groups 2 bytes 364ca0716f5SRobert Watson * group list count * 4 bytes 365ca0716f5SRobert Watson */ 366ca0716f5SRobert Watson token_t * 367ca0716f5SRobert Watson au_to_newgroups(u_int16_t n, gid_t *groups) 368ca0716f5SRobert Watson { 369ca0716f5SRobert Watson token_t *t; 370ca0716f5SRobert Watson u_char *dptr = NULL; 371ca0716f5SRobert Watson int i; 372ca0716f5SRobert Watson 373ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 374ca0716f5SRobert Watson n * sizeof(u_int32_t)); 375ca0716f5SRobert Watson if (t == NULL) 376ca0716f5SRobert Watson return (NULL); 377ca0716f5SRobert Watson 378ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_NEWGROUPS); 379ca0716f5SRobert Watson ADD_U_INT16(dptr, n); 380ca0716f5SRobert Watson for (i = 0; i < n; i++) 381ca0716f5SRobert Watson ADD_U_INT32(dptr, groups[i]); 382ca0716f5SRobert Watson 383ca0716f5SRobert Watson return (t); 384ca0716f5SRobert Watson } 385ca0716f5SRobert Watson 386ca0716f5SRobert Watson /* 387ca0716f5SRobert Watson * token ID 1 byte 388ca0716f5SRobert Watson * internet address 4 bytes 389ca0716f5SRobert Watson */ 390ca0716f5SRobert Watson token_t * 391ca0716f5SRobert Watson au_to_in_addr(struct in_addr *internet_addr) 392ca0716f5SRobert Watson { 393ca0716f5SRobert Watson token_t *t; 394ca0716f5SRobert Watson u_char *dptr = NULL; 395ca0716f5SRobert Watson 396506764c6SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); 397ca0716f5SRobert Watson if (t == NULL) 398ca0716f5SRobert Watson return (NULL); 399ca0716f5SRobert Watson 400ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IN_ADDR); 401506764c6SRobert Watson ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); 402ca0716f5SRobert Watson 403ca0716f5SRobert Watson return (t); 404ca0716f5SRobert Watson } 405ca0716f5SRobert Watson 406ca0716f5SRobert Watson /* 407ca0716f5SRobert Watson * token ID 1 byte 408ca0716f5SRobert Watson * address type/length 4 bytes 40952267f74SRobert Watson * address 16 bytes 410ca0716f5SRobert Watson */ 411ca0716f5SRobert Watson token_t * 412ca0716f5SRobert Watson au_to_in_addr_ex(struct in6_addr *internet_addr) 413ca0716f5SRobert Watson { 414ca0716f5SRobert Watson token_t *t; 415ca0716f5SRobert Watson u_char *dptr = NULL; 4167a0a89d2SRobert Watson u_int32_t type = AU_IPv6; 417ca0716f5SRobert Watson 418506764c6SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); 419ca0716f5SRobert Watson if (t == NULL) 420ca0716f5SRobert Watson return (NULL); 421ca0716f5SRobert Watson 422ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); 423ca0716f5SRobert Watson ADD_U_INT32(dptr, type); 4240814440eSRobert Watson ADD_MEM(dptr, internet_addr, 4 * sizeof(uint32_t)); 425ca0716f5SRobert Watson 426ca0716f5SRobert Watson return (t); 427ca0716f5SRobert Watson } 428ca0716f5SRobert Watson 429ca0716f5SRobert Watson /* 430ca0716f5SRobert Watson * token ID 1 byte 431ca0716f5SRobert Watson * ip header 20 bytes 432bc168a6cSRobert Watson * 433bc168a6cSRobert Watson * The IP header should be submitted in network byte order. 434ca0716f5SRobert Watson */ 435ca0716f5SRobert Watson token_t * 436ca0716f5SRobert Watson au_to_ip(struct ip *ip) 437ca0716f5SRobert Watson { 438ca0716f5SRobert Watson token_t *t; 439ca0716f5SRobert Watson u_char *dptr = NULL; 440ca0716f5SRobert Watson 441ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip)); 442ca0716f5SRobert Watson if (t == NULL) 443ca0716f5SRobert Watson return (NULL); 444ca0716f5SRobert Watson 445ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IP); 446ca0716f5SRobert Watson ADD_MEM(dptr, ip, sizeof(struct ip)); 447ca0716f5SRobert Watson 448ca0716f5SRobert Watson return (t); 449ca0716f5SRobert Watson } 450ca0716f5SRobert Watson 451ca0716f5SRobert Watson /* 452ca0716f5SRobert Watson * token ID 1 byte 453ca0716f5SRobert Watson * object ID type 1 byte 454ca0716f5SRobert Watson * object ID 4 bytes 455ca0716f5SRobert Watson */ 456ca0716f5SRobert Watson token_t * 457ca0716f5SRobert Watson au_to_ipc(char type, int id) 458ca0716f5SRobert Watson { 459ca0716f5SRobert Watson token_t *t; 460ca0716f5SRobert Watson u_char *dptr = NULL; 461ca0716f5SRobert Watson 462ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); 463ca0716f5SRobert Watson if (t == NULL) 464ca0716f5SRobert Watson return (NULL); 465ca0716f5SRobert Watson 466ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IPC); 467ca0716f5SRobert Watson ADD_U_CHAR(dptr, type); 468ca0716f5SRobert Watson ADD_U_INT32(dptr, id); 469ca0716f5SRobert Watson 470ca0716f5SRobert Watson return (t); 471ca0716f5SRobert Watson } 472ca0716f5SRobert Watson 473ca0716f5SRobert Watson /* 474ca0716f5SRobert Watson * token ID 1 byte 475ca0716f5SRobert Watson * owner user ID 4 bytes 476ca0716f5SRobert Watson * owner group ID 4 bytes 477ca0716f5SRobert Watson * creator user ID 4 bytes 478ca0716f5SRobert Watson * creator group ID 4 bytes 479ca0716f5SRobert Watson * access mode 4 bytes 480ca0716f5SRobert Watson * slot sequence # 4 bytes 481ca0716f5SRobert Watson * key 4 bytes 482ca0716f5SRobert Watson */ 483ca0716f5SRobert Watson token_t * 484ca0716f5SRobert Watson au_to_ipc_perm(struct ipc_perm *perm) 485ca0716f5SRobert Watson { 486ca0716f5SRobert Watson token_t *t; 487ca0716f5SRobert Watson u_char *dptr = NULL; 488ca0716f5SRobert Watson u_int16_t pad0 = 0; 489ca0716f5SRobert Watson 490ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 12 * sizeof(u_int16_t) + sizeof(u_int32_t)); 491ca0716f5SRobert Watson if (t == NULL) 492ca0716f5SRobert Watson return (NULL); 493ca0716f5SRobert Watson 494ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IPC_PERM); 495ca0716f5SRobert Watson 496ca0716f5SRobert Watson /* 4977a0a89d2SRobert Watson * Systems vary significantly in what types they use in struct 4987a0a89d2SRobert Watson * ipc_perm; at least a few still use 16-bit uid's and gid's, so 4997a0a89d2SRobert Watson * allow for that, as BSM define 32-bit values here. 5007a0a89d2SRobert Watson * Some systems define the sizes for ipc_perm members as 2 bytes; 5017a0a89d2SRobert Watson * BSM defines 4 so pad with 0. 5027a0a89d2SRobert Watson * 5037a0a89d2SRobert Watson * XXXRW: Possibly shoulid be conditionally compiled, and more cases 5047a0a89d2SRobert Watson * need to be handled. 505ca0716f5SRobert Watson */ 5067a0a89d2SRobert Watson if (sizeof(perm->uid) != sizeof(u_int32_t)) { 507ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 508ca0716f5SRobert Watson ADD_U_INT16(dptr, perm->uid); 509ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 510ca0716f5SRobert Watson ADD_U_INT16(dptr, perm->gid); 511ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 512ca0716f5SRobert Watson ADD_U_INT16(dptr, perm->cuid); 513ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 514ca0716f5SRobert Watson ADD_U_INT16(dptr, perm->cgid); 5157a0a89d2SRobert Watson } else { 5167a0a89d2SRobert Watson ADD_U_INT32(dptr, perm->uid); 5177a0a89d2SRobert Watson ADD_U_INT32(dptr, perm->gid); 5187a0a89d2SRobert Watson ADD_U_INT32(dptr, perm->cuid); 5197a0a89d2SRobert Watson ADD_U_INT32(dptr, perm->cgid); 5207a0a89d2SRobert Watson } 521ca0716f5SRobert Watson 522ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 523ca0716f5SRobert Watson ADD_U_INT16(dptr, perm->mode); 524ca0716f5SRobert Watson 525ca0716f5SRobert Watson ADD_U_INT16(dptr, pad0); 526ca0716f5SRobert Watson 5273b97a967SRobert Watson #ifdef HAVE_IPC_PERM___SEQ 5283b97a967SRobert Watson ADD_U_INT16(dptr, perm->__seq); 52952267f74SRobert Watson #else /* HAVE_IPC_PERM___SEQ */ 53052267f74SRobert Watson #ifdef HAVE_IPC_PERM__SEQ 53152267f74SRobert Watson ADD_U_INT16(dptr, perm->_seq); 53252267f74SRobert Watson #else /* HAVE_IPC_PERM__SEQ */ 5333b97a967SRobert Watson ADD_U_INT16(dptr, perm->seq); 53452267f74SRobert Watson #endif /* HAVE_IPC_PERM__SEQ */ 53552267f74SRobert Watson #endif /* HAVE_IPC_PERM___SEQ */ 5363b97a967SRobert Watson 5373b97a967SRobert Watson #ifdef HAVE_IPC_PERM___KEY 5383b97a967SRobert Watson ADD_U_INT32(dptr, perm->__key); 53952267f74SRobert Watson #else /* HAVE_IPC_PERM___KEY */ 54052267f74SRobert Watson #ifdef HAVE_IPC_PERM__KEY 54152267f74SRobert Watson ADD_U_INT32(dptr, perm->_key); 54252267f74SRobert Watson #else /* HAVE_IPC_PERM__KEY */ 543ca0716f5SRobert Watson ADD_U_INT32(dptr, perm->key); 54452267f74SRobert Watson #endif /* HAVE_IPC_PERM__KEY */ 54552267f74SRobert Watson #endif /* HAVE_IPC_PERM___KEY */ 546ca0716f5SRobert Watson 547ca0716f5SRobert Watson return (t); 548ca0716f5SRobert Watson } 549ca0716f5SRobert Watson 550ca0716f5SRobert Watson /* 551ca0716f5SRobert Watson * token ID 1 byte 552ca0716f5SRobert Watson * port IP address 2 bytes 553ca0716f5SRobert Watson */ 554ca0716f5SRobert Watson token_t * 555ca0716f5SRobert Watson au_to_iport(u_int16_t iport) 556ca0716f5SRobert Watson { 557ca0716f5SRobert Watson token_t *t; 558ca0716f5SRobert Watson u_char *dptr = NULL; 559ca0716f5SRobert Watson 560ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t)); 561ca0716f5SRobert Watson if (t == NULL) 562ca0716f5SRobert Watson return (NULL); 563ca0716f5SRobert Watson 564ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_IPORT); 565ca0716f5SRobert Watson ADD_U_INT16(dptr, iport); 566ca0716f5SRobert Watson 567ca0716f5SRobert Watson return (t); 568ca0716f5SRobert Watson } 569ca0716f5SRobert Watson 570ca0716f5SRobert Watson /* 571ca0716f5SRobert Watson * token ID 1 byte 572ca0716f5SRobert Watson * size 2 bytes 573ca0716f5SRobert Watson * data size bytes 574ca0716f5SRobert Watson */ 575ca0716f5SRobert Watson token_t * 57652267f74SRobert Watson au_to_opaque(const char *data, u_int16_t bytes) 577ca0716f5SRobert Watson { 578ca0716f5SRobert Watson token_t *t; 579ca0716f5SRobert Watson u_char *dptr = NULL; 580ca0716f5SRobert Watson 581ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + bytes); 582ca0716f5SRobert Watson if (t == NULL) 583ca0716f5SRobert Watson return (NULL); 584ca0716f5SRobert Watson 585ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_OPAQUE); 586ca0716f5SRobert Watson ADD_U_INT16(dptr, bytes); 587ca0716f5SRobert Watson ADD_MEM(dptr, data, bytes); 588ca0716f5SRobert Watson 589ca0716f5SRobert Watson return (t); 590ca0716f5SRobert Watson } 591ca0716f5SRobert Watson 592ca0716f5SRobert Watson /* 593ca0716f5SRobert Watson * token ID 1 byte 594ca0716f5SRobert Watson * seconds of time 4 bytes 595ca0716f5SRobert Watson * milliseconds of time 4 bytes 596ca0716f5SRobert Watson * file name len 2 bytes 597ca0716f5SRobert Watson * file pathname N bytes + 1 terminating NULL byte 598ca0716f5SRobert Watson */ 599ca0716f5SRobert Watson token_t * 60052267f74SRobert Watson au_to_file(const char *file, struct timeval tm) 601ca0716f5SRobert Watson { 602ca0716f5SRobert Watson token_t *t; 603ca0716f5SRobert Watson u_char *dptr = NULL; 604ca0716f5SRobert Watson u_int16_t filelen; 605ca0716f5SRobert Watson u_int32_t timems; 606ca0716f5SRobert Watson 607ca0716f5SRobert Watson filelen = strlen(file); 608ca0716f5SRobert Watson filelen += 1; 609ca0716f5SRobert Watson 610ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t) + 611ca0716f5SRobert Watson sizeof(u_int16_t) + filelen); 612ca0716f5SRobert Watson if (t == NULL) 613ca0716f5SRobert Watson return (NULL); 614ca0716f5SRobert Watson 615ca0716f5SRobert Watson timems = tm.tv_usec/1000; 616ca0716f5SRobert Watson 617ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_OTHER_FILE32); 618ca0716f5SRobert Watson ADD_U_INT32(dptr, tm.tv_sec); 619ca0716f5SRobert Watson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 620ca0716f5SRobert Watson ADD_U_INT16(dptr, filelen); 621ca0716f5SRobert Watson ADD_STRING(dptr, file, filelen); 622ca0716f5SRobert Watson 623ca0716f5SRobert Watson return (t); 624ca0716f5SRobert Watson } 625ca0716f5SRobert Watson 626ca0716f5SRobert Watson /* 627ca0716f5SRobert Watson * token ID 1 byte 628ca0716f5SRobert Watson * text length 2 bytes 629ca0716f5SRobert Watson * text N bytes + 1 terminating NULL byte 630ca0716f5SRobert Watson */ 631ca0716f5SRobert Watson token_t * 63252267f74SRobert Watson au_to_text(const char *text) 633ca0716f5SRobert Watson { 634ca0716f5SRobert Watson token_t *t; 635ca0716f5SRobert Watson u_char *dptr = NULL; 636ca0716f5SRobert Watson u_int16_t textlen; 637ca0716f5SRobert Watson 638ca0716f5SRobert Watson textlen = strlen(text); 639ca0716f5SRobert Watson textlen += 1; 640ca0716f5SRobert Watson 6417a0a89d2SRobert Watson /* XXXRW: Should validate length against token size limit. */ 6427a0a89d2SRobert Watson 643ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 644ca0716f5SRobert Watson if (t == NULL) 645ca0716f5SRobert Watson return (NULL); 646ca0716f5SRobert Watson 647ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_TEXT); 648ca0716f5SRobert Watson ADD_U_INT16(dptr, textlen); 649ca0716f5SRobert Watson ADD_STRING(dptr, text, textlen); 650ca0716f5SRobert Watson 651ca0716f5SRobert Watson return (t); 652ca0716f5SRobert Watson } 653ca0716f5SRobert Watson 654ca0716f5SRobert Watson /* 655ca0716f5SRobert Watson * token ID 1 byte 656ca0716f5SRobert Watson * path length 2 bytes 657ca0716f5SRobert Watson * path N bytes + 1 terminating NULL byte 658ca0716f5SRobert Watson */ 659ca0716f5SRobert Watson token_t * 66052267f74SRobert Watson au_to_path(const char *text) 661ca0716f5SRobert Watson { 662ca0716f5SRobert Watson token_t *t; 663ca0716f5SRobert Watson u_char *dptr = NULL; 664ca0716f5SRobert Watson u_int16_t textlen; 665ca0716f5SRobert Watson 666ca0716f5SRobert Watson textlen = strlen(text); 667ca0716f5SRobert Watson textlen += 1; 668ca0716f5SRobert Watson 669ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 670ca0716f5SRobert Watson if (t == NULL) 671ca0716f5SRobert Watson return (NULL); 672ca0716f5SRobert Watson 673ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_PATH); 674ca0716f5SRobert Watson ADD_U_INT16(dptr, textlen); 675ca0716f5SRobert Watson ADD_STRING(dptr, text, textlen); 676ca0716f5SRobert Watson 677ca0716f5SRobert Watson return (t); 678ca0716f5SRobert Watson } 679ca0716f5SRobert Watson 680ca0716f5SRobert Watson /* 681ca0716f5SRobert Watson * token ID 1 byte 682ca0716f5SRobert Watson * audit ID 4 bytes 683ca0716f5SRobert Watson * effective user ID 4 bytes 684ca0716f5SRobert Watson * effective group ID 4 bytes 685ca0716f5SRobert Watson * real user ID 4 bytes 686ca0716f5SRobert Watson * real group ID 4 bytes 687ca0716f5SRobert Watson * process ID 4 bytes 688ca0716f5SRobert Watson * session ID 4 bytes 689ca0716f5SRobert Watson * terminal ID 690ca0716f5SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 691ca0716f5SRobert Watson * machine address 4 bytes 692ca0716f5SRobert Watson */ 693ca0716f5SRobert Watson token_t * 694ca0716f5SRobert Watson au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 695ca0716f5SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 696ca0716f5SRobert Watson { 697ca0716f5SRobert Watson token_t *t; 698ca0716f5SRobert Watson u_char *dptr = NULL; 699ca0716f5SRobert Watson 700ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); 701ca0716f5SRobert Watson if (t == NULL) 702ca0716f5SRobert Watson return (NULL); 703ca0716f5SRobert Watson 704ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS32); 705ca0716f5SRobert Watson ADD_U_INT32(dptr, auid); 706ca0716f5SRobert Watson ADD_U_INT32(dptr, euid); 707ca0716f5SRobert Watson ADD_U_INT32(dptr, egid); 708ca0716f5SRobert Watson ADD_U_INT32(dptr, ruid); 709ca0716f5SRobert Watson ADD_U_INT32(dptr, rgid); 710ca0716f5SRobert Watson ADD_U_INT32(dptr, pid); 711ca0716f5SRobert Watson ADD_U_INT32(dptr, sid); 712ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->port); 7137a0a89d2SRobert Watson 7147a0a89d2SRobert Watson /* 7157a0a89d2SRobert Watson * Note: Solaris will write out IPv6 addresses here as a 32-bit 7167a0a89d2SRobert Watson * address type and 16 bytes of address, but for IPv4 addresses it 7177a0a89d2SRobert Watson * simply writes the 4-byte address directly. We support only IPv4 7187a0a89d2SRobert Watson * addresses for process32 tokens. 7197a0a89d2SRobert Watson */ 720506764c6SRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 721ca0716f5SRobert Watson 722ca0716f5SRobert Watson return (t); 723ca0716f5SRobert Watson } 724ca0716f5SRobert Watson 725ca0716f5SRobert Watson token_t * 726bc168a6cSRobert Watson au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 727bc168a6cSRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 728ca0716f5SRobert Watson { 729bc168a6cSRobert Watson token_t *t; 730bc168a6cSRobert Watson u_char *dptr = NULL; 731ca0716f5SRobert Watson 732bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) + 733bc168a6cSRobert Watson sizeof(u_int64_t)); 734bc168a6cSRobert Watson if (t == NULL) 735ca0716f5SRobert Watson return (NULL); 736bc168a6cSRobert Watson 737bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS64); 738bc168a6cSRobert Watson ADD_U_INT32(dptr, auid); 739bc168a6cSRobert Watson ADD_U_INT32(dptr, euid); 740bc168a6cSRobert Watson ADD_U_INT32(dptr, egid); 741bc168a6cSRobert Watson ADD_U_INT32(dptr, ruid); 742bc168a6cSRobert Watson ADD_U_INT32(dptr, rgid); 743bc168a6cSRobert Watson ADD_U_INT32(dptr, pid); 744bc168a6cSRobert Watson ADD_U_INT32(dptr, sid); 745bc168a6cSRobert Watson ADD_U_INT64(dptr, tid->port); 7467a0a89d2SRobert Watson 7477a0a89d2SRobert Watson /* 7487a0a89d2SRobert Watson * Note: Solaris will write out IPv6 addresses here as a 32-bit 7497a0a89d2SRobert Watson * address type and 16 bytes of address, but for IPv4 addresses it 7507a0a89d2SRobert Watson * simply writes the 4-byte address directly. We support only IPv4 7517a0a89d2SRobert Watson * addresses for process64 tokens. 7527a0a89d2SRobert Watson */ 753bc168a6cSRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 754bc168a6cSRobert Watson 755bc168a6cSRobert Watson return (t); 756ca0716f5SRobert Watson } 757ca0716f5SRobert Watson 758ca0716f5SRobert Watson token_t * 759bc168a6cSRobert Watson au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 760bc168a6cSRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 761ca0716f5SRobert Watson { 762ca0716f5SRobert Watson 763ca0716f5SRobert Watson return (au_to_process32(auid, euid, egid, ruid, rgid, pid, sid, 764ca0716f5SRobert Watson tid)); 765ca0716f5SRobert Watson } 766ca0716f5SRobert Watson 767ca0716f5SRobert Watson /* 768ca0716f5SRobert Watson * token ID 1 byte 769ca0716f5SRobert Watson * audit ID 4 bytes 770ca0716f5SRobert Watson * effective user ID 4 bytes 771ca0716f5SRobert Watson * effective group ID 4 bytes 772ca0716f5SRobert Watson * real user ID 4 bytes 773ca0716f5SRobert Watson * real group ID 4 bytes 774ca0716f5SRobert Watson * process ID 4 bytes 775ca0716f5SRobert Watson * session ID 4 bytes 776ca0716f5SRobert Watson * terminal ID 777ca0716f5SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 778ca0716f5SRobert Watson * address type-len 4 bytes 779ca0716f5SRobert Watson * machine address 16 bytes 780ca0716f5SRobert Watson */ 781ca0716f5SRobert Watson token_t * 782ca0716f5SRobert Watson au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 783ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 784ca0716f5SRobert Watson { 785ca0716f5SRobert Watson token_t *t; 786ca0716f5SRobert Watson u_char *dptr = NULL; 787ca0716f5SRobert Watson 788d9af45c4SRobert Watson if (tid->at_type == AU_IPv4) 789d9af45c4SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 790d9af45c4SRobert Watson 10 * sizeof(u_int32_t)); 791d9af45c4SRobert Watson else if (tid->at_type == AU_IPv6) 792d9af45c4SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 793d9af45c4SRobert Watson 13 * sizeof(u_int32_t)); 794d9af45c4SRobert Watson else { 795d9af45c4SRobert Watson errno = EINVAL; 796d9af45c4SRobert Watson return (NULL); 797d9af45c4SRobert Watson } 798ca0716f5SRobert Watson if (t == NULL) 799ca0716f5SRobert Watson return (NULL); 800ca0716f5SRobert Watson 801ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS32_EX); 802ca0716f5SRobert Watson ADD_U_INT32(dptr, auid); 803ca0716f5SRobert Watson ADD_U_INT32(dptr, euid); 804ca0716f5SRobert Watson ADD_U_INT32(dptr, egid); 805ca0716f5SRobert Watson ADD_U_INT32(dptr, ruid); 806ca0716f5SRobert Watson ADD_U_INT32(dptr, rgid); 807ca0716f5SRobert Watson ADD_U_INT32(dptr, pid); 808ca0716f5SRobert Watson ADD_U_INT32(dptr, sid); 809ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->at_port); 810ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->at_type); 811bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 812d9af45c4SRobert Watson if (tid->at_type == AU_IPv6) { 813bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); 814bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); 815bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); 816d9af45c4SRobert Watson } 817ca0716f5SRobert Watson 818ca0716f5SRobert Watson return (t); 819ca0716f5SRobert Watson } 820ca0716f5SRobert Watson 821ca0716f5SRobert Watson token_t * 822ca0716f5SRobert Watson au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 823ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 824ca0716f5SRobert Watson { 825bc168a6cSRobert Watson token_t *t; 826bc168a6cSRobert Watson u_char *dptr = NULL; 827ca0716f5SRobert Watson 828bc168a6cSRobert Watson if (tid->at_type == AU_IPv4) 829bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 830bc168a6cSRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 831bc168a6cSRobert Watson 2 * sizeof(u_int32_t)); 832bc168a6cSRobert Watson else if (tid->at_type == AU_IPv6) 833bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 834bc168a6cSRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 835bc168a6cSRobert Watson 5 * sizeof(u_int32_t)); 836bc168a6cSRobert Watson else { 837bc168a6cSRobert Watson errno = EINVAL; 838ca0716f5SRobert Watson return (NULL); 839ca0716f5SRobert Watson } 840bc168a6cSRobert Watson if (t == NULL) 841bc168a6cSRobert Watson return (NULL); 842bc168a6cSRobert Watson 843bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS64_EX); 844bc168a6cSRobert Watson ADD_U_INT32(dptr, auid); 845bc168a6cSRobert Watson ADD_U_INT32(dptr, euid); 846bc168a6cSRobert Watson ADD_U_INT32(dptr, egid); 847bc168a6cSRobert Watson ADD_U_INT32(dptr, ruid); 848bc168a6cSRobert Watson ADD_U_INT32(dptr, rgid); 849bc168a6cSRobert Watson ADD_U_INT32(dptr, pid); 850bc168a6cSRobert Watson ADD_U_INT32(dptr, sid); 851bc168a6cSRobert Watson ADD_U_INT64(dptr, tid->at_port); 852bc168a6cSRobert Watson ADD_U_INT32(dptr, tid->at_type); 853bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 854bc168a6cSRobert Watson if (tid->at_type == AU_IPv6) { 855bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); 856bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); 857bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); 858bc168a6cSRobert Watson } 859bc168a6cSRobert Watson 860bc168a6cSRobert Watson return (t); 861bc168a6cSRobert Watson } 862ca0716f5SRobert Watson 863ca0716f5SRobert Watson token_t * 864ca0716f5SRobert Watson au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 865ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 866ca0716f5SRobert Watson { 867ca0716f5SRobert Watson 868ca0716f5SRobert Watson return (au_to_process32_ex(auid, euid, egid, ruid, rgid, pid, sid, 869ca0716f5SRobert Watson tid)); 870ca0716f5SRobert Watson } 871ca0716f5SRobert Watson 872ca0716f5SRobert Watson /* 873ca0716f5SRobert Watson * token ID 1 byte 874ca0716f5SRobert Watson * error status 1 byte 875ca0716f5SRobert Watson * return value 4 bytes/8 bytes (32-bit/64-bit value) 876ca0716f5SRobert Watson */ 877ca0716f5SRobert Watson token_t * 878ca0716f5SRobert Watson au_to_return32(char status, u_int32_t ret) 879ca0716f5SRobert Watson { 880ca0716f5SRobert Watson token_t *t; 881ca0716f5SRobert Watson u_char *dptr = NULL; 882ca0716f5SRobert Watson 883ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); 884ca0716f5SRobert Watson if (t == NULL) 885ca0716f5SRobert Watson return (NULL); 886ca0716f5SRobert Watson 887ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_RETURN32); 888ca0716f5SRobert Watson ADD_U_CHAR(dptr, status); 889ca0716f5SRobert Watson ADD_U_INT32(dptr, ret); 890ca0716f5SRobert Watson 891ca0716f5SRobert Watson return (t); 892ca0716f5SRobert Watson } 893ca0716f5SRobert Watson 894ca0716f5SRobert Watson token_t * 895ca0716f5SRobert Watson au_to_return64(char status, u_int64_t ret) 896ca0716f5SRobert Watson { 897ca0716f5SRobert Watson token_t *t; 898ca0716f5SRobert Watson u_char *dptr = NULL; 899ca0716f5SRobert Watson 900ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t)); 901ca0716f5SRobert Watson if (t == NULL) 902ca0716f5SRobert Watson return (NULL); 903ca0716f5SRobert Watson 904ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_RETURN64); 905ca0716f5SRobert Watson ADD_U_CHAR(dptr, status); 906ca0716f5SRobert Watson ADD_U_INT64(dptr, ret); 907ca0716f5SRobert Watson 908ca0716f5SRobert Watson return (t); 909ca0716f5SRobert Watson } 910ca0716f5SRobert Watson 911ca0716f5SRobert Watson token_t * 912ca0716f5SRobert Watson au_to_return(char status, u_int32_t ret) 913ca0716f5SRobert Watson { 914ca0716f5SRobert Watson 915ca0716f5SRobert Watson return (au_to_return32(status, ret)); 916ca0716f5SRobert Watson } 917ca0716f5SRobert Watson 918ca0716f5SRobert Watson /* 919ca0716f5SRobert Watson * token ID 1 byte 920ca0716f5SRobert Watson * sequence number 4 bytes 921ca0716f5SRobert Watson */ 922ca0716f5SRobert Watson token_t * 923ca0716f5SRobert Watson au_to_seq(long audit_count) 924ca0716f5SRobert Watson { 925ca0716f5SRobert Watson token_t *t; 926ca0716f5SRobert Watson u_char *dptr = NULL; 927ca0716f5SRobert Watson 928ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); 929ca0716f5SRobert Watson if (t == NULL) 930ca0716f5SRobert Watson return (NULL); 931ca0716f5SRobert Watson 932ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_SEQ); 933ca0716f5SRobert Watson ADD_U_INT32(dptr, audit_count); 934ca0716f5SRobert Watson 935ca0716f5SRobert Watson return (t); 936ca0716f5SRobert Watson } 937ca0716f5SRobert Watson 938ca0716f5SRobert Watson /* 939ca0716f5SRobert Watson * token ID 1 byte 9407a0a89d2SRobert Watson * socket domain 2 bytes 9417a0a89d2SRobert Watson * socket type 2 bytes 9427a0a89d2SRobert Watson * address type 2 byte 9437a0a89d2SRobert Watson * local port 2 bytes 9447a0a89d2SRobert Watson * local address 4 bytes/16 bytes (IPv4/IPv6 address) 9457a0a89d2SRobert Watson * remote port 2 bytes 9467a0a89d2SRobert Watson * remote address 4 bytes/16 bytes (IPv4/IPv6 address) 947c74c7b73SRobert Watson * 948c74c7b73SRobert Watson * Domain and type arguments to this routine are assumed to already have been 949c74c7b73SRobert Watson * converted to the BSM constant space, so we don't do that here. 9507a0a89d2SRobert Watson */ 9517a0a89d2SRobert Watson token_t * 9527a0a89d2SRobert Watson au_to_socket_ex(u_short so_domain, u_short so_type, 9537a0a89d2SRobert Watson struct sockaddr *sa_local, struct sockaddr *sa_remote) 9547a0a89d2SRobert Watson { 9557a0a89d2SRobert Watson token_t *t; 9567a0a89d2SRobert Watson u_char *dptr = NULL; 9577a0a89d2SRobert Watson struct sockaddr_in *sin; 9587a0a89d2SRobert Watson struct sockaddr_in6 *sin6; 9597a0a89d2SRobert Watson 9607a0a89d2SRobert Watson if (so_domain == AF_INET) 9617a0a89d2SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9627a0a89d2SRobert Watson 5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); 9637a0a89d2SRobert Watson else if (so_domain == AF_INET6) 9647a0a89d2SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9657a0a89d2SRobert Watson 5 * sizeof(u_int16_t) + 16 * sizeof(u_int32_t)); 9667a0a89d2SRobert Watson else { 9677a0a89d2SRobert Watson errno = EINVAL; 9687a0a89d2SRobert Watson return (NULL); 9697a0a89d2SRobert Watson } 9707a0a89d2SRobert Watson 9717a0a89d2SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKET_EX); 9727a0a89d2SRobert Watson ADD_U_INT16(dptr, so_domain); /* XXXRW: explicitly convert? */ 9737a0a89d2SRobert Watson ADD_U_INT16(dptr, so_type); /* XXXRW: explicitly convert? */ 9747a0a89d2SRobert Watson if (so_domain == AF_INET) { 9757a0a89d2SRobert Watson ADD_U_INT16(dptr, AU_IPv4); 9767a0a89d2SRobert Watson sin = (struct sockaddr_in *)sa_local; 9777a0a89d2SRobert Watson ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t)); 9787a0a89d2SRobert Watson ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t)); 9797a0a89d2SRobert Watson sin = (struct sockaddr_in *)sa_remote; 9807a0a89d2SRobert Watson ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t)); 9817a0a89d2SRobert Watson ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t)); 9827a0a89d2SRobert Watson } else { 9837a0a89d2SRobert Watson ADD_U_INT16(dptr, AU_IPv6); 9847a0a89d2SRobert Watson sin6 = (struct sockaddr_in6 *)sa_local; 9857a0a89d2SRobert Watson ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t)); 9867a0a89d2SRobert Watson ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t)); 9877a0a89d2SRobert Watson sin6 = (struct sockaddr_in6 *)sa_remote; 9887a0a89d2SRobert Watson ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t)); 9897a0a89d2SRobert Watson ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t)); 9907a0a89d2SRobert Watson } 9917a0a89d2SRobert Watson 9927a0a89d2SRobert Watson return (t); 9937a0a89d2SRobert Watson } 9947a0a89d2SRobert Watson 9957a0a89d2SRobert Watson /* 9967a0a89d2SRobert Watson * token ID 1 byte 997ca0716f5SRobert Watson * socket family 2 bytes 998ca0716f5SRobert Watson * path 104 bytes 999ca0716f5SRobert Watson */ 1000ca0716f5SRobert Watson token_t * 1001ca0716f5SRobert Watson au_to_sock_unix(struct sockaddr_un *so) 1002ca0716f5SRobert Watson { 1003ca0716f5SRobert Watson token_t *t; 1004ca0716f5SRobert Watson u_char *dptr; 1005ca0716f5SRobert Watson 1006ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + strlen(so->sun_path) + 1); 1007ca0716f5SRobert Watson if (t == NULL) 1008ca0716f5SRobert Watson return (NULL); 1009ca0716f5SRobert Watson 101052267f74SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKUNIX); 1011ca0716f5SRobert Watson /* BSM token has two bytes for family */ 1012ca0716f5SRobert Watson ADD_U_CHAR(dptr, 0); 1013ca0716f5SRobert Watson ADD_U_CHAR(dptr, so->sun_family); 1014ca0716f5SRobert Watson ADD_STRING(dptr, so->sun_path, strlen(so->sun_path) + 1); 1015ca0716f5SRobert Watson 1016ca0716f5SRobert Watson return (t); 1017ca0716f5SRobert Watson } 1018ca0716f5SRobert Watson 1019ca0716f5SRobert Watson /* 1020ca0716f5SRobert Watson * token ID 1 byte 1021ca0716f5SRobert Watson * socket family 2 bytes 1022ca0716f5SRobert Watson * local port 2 bytes 1023ca0716f5SRobert Watson * socket address 4 bytes 1024ca0716f5SRobert Watson */ 1025ca0716f5SRobert Watson token_t * 1026ca0716f5SRobert Watson au_to_sock_inet32(struct sockaddr_in *so) 1027ca0716f5SRobert Watson { 1028ca0716f5SRobert Watson token_t *t; 1029ca0716f5SRobert Watson u_char *dptr = NULL; 1030506764c6SRobert Watson uint16_t family; 1031ca0716f5SRobert Watson 1032506764c6SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + 1033506764c6SRobert Watson sizeof(uint32_t)); 1034ca0716f5SRobert Watson if (t == NULL) 1035ca0716f5SRobert Watson return (NULL); 1036ca0716f5SRobert Watson 1037ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKINET32); 1038ca0716f5SRobert Watson /* 1039506764c6SRobert Watson * BSM defines the family field as 16 bits, but many operating 1040506764c6SRobert Watson * systems have an 8-bit sin_family field. Extend to 16 bits before 1041506764c6SRobert Watson * writing into the token. Assume that both the port and the address 1042506764c6SRobert Watson * in the sockaddr_in are already in network byte order, but family 1043506764c6SRobert Watson * is in local byte order. 1044506764c6SRobert Watson * 1045506764c6SRobert Watson * XXXRW: Should a name space conversion be taking place on the value 1046506764c6SRobert Watson * of sin_family? 1047ca0716f5SRobert Watson */ 1048506764c6SRobert Watson family = so->sin_family; 1049506764c6SRobert Watson ADD_U_INT16(dptr, family); 1050506764c6SRobert Watson ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); 1051506764c6SRobert Watson ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); 1052ca0716f5SRobert Watson 1053ca0716f5SRobert Watson return (t); 1054ca0716f5SRobert Watson } 1055ca0716f5SRobert Watson 1056ca0716f5SRobert Watson token_t * 1057ca0716f5SRobert Watson au_to_sock_inet128(struct sockaddr_in6 *so) 1058ca0716f5SRobert Watson { 1059ca0716f5SRobert Watson token_t *t; 1060ca0716f5SRobert Watson u_char *dptr = NULL; 1061ca0716f5SRobert Watson 1062ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + 1063ca0716f5SRobert Watson 4 * sizeof(u_int32_t)); 1064ca0716f5SRobert Watson if (t == NULL) 1065ca0716f5SRobert Watson return (NULL); 1066ca0716f5SRobert Watson 1067ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKINET128); 1068ca0716f5SRobert Watson /* 10697a0a89d2SRobert Watson * In BSD, sin6_family is one octet, but BSM defines the token to 10707a0a89d2SRobert Watson * store two. So we copy in a 0 first. XXXRW: Possibly should be 10717a0a89d2SRobert Watson * conditionally compiled. 1072ca0716f5SRobert Watson */ 1073ca0716f5SRobert Watson ADD_U_CHAR(dptr, 0); 1074ca0716f5SRobert Watson ADD_U_CHAR(dptr, so->sin6_family); 1075ca0716f5SRobert Watson 1076ca0716f5SRobert Watson ADD_U_INT16(dptr, so->sin6_port); 1077506764c6SRobert Watson ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); 1078ca0716f5SRobert Watson 1079ca0716f5SRobert Watson return (t); 1080ca0716f5SRobert Watson } 1081ca0716f5SRobert Watson 1082ca0716f5SRobert Watson token_t * 1083ca0716f5SRobert Watson au_to_sock_inet(struct sockaddr_in *so) 1084ca0716f5SRobert Watson { 1085ca0716f5SRobert Watson 1086ca0716f5SRobert Watson return (au_to_sock_inet32(so)); 1087ca0716f5SRobert Watson } 1088ca0716f5SRobert Watson 1089ca0716f5SRobert Watson /* 1090ca0716f5SRobert Watson * token ID 1 byte 1091ca0716f5SRobert Watson * audit ID 4 bytes 1092ca0716f5SRobert Watson * effective user ID 4 bytes 1093ca0716f5SRobert Watson * effective group ID 4 bytes 1094ca0716f5SRobert Watson * real user ID 4 bytes 1095ca0716f5SRobert Watson * real group ID 4 bytes 1096ca0716f5SRobert Watson * process ID 4 bytes 1097ca0716f5SRobert Watson * session ID 4 bytes 1098ca0716f5SRobert Watson * terminal ID 1099ca0716f5SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 1100ca0716f5SRobert Watson * machine address 4 bytes 1101ca0716f5SRobert Watson */ 1102ca0716f5SRobert Watson token_t * 1103ca0716f5SRobert Watson au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 1104ca0716f5SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 1105ca0716f5SRobert Watson { 1106ca0716f5SRobert Watson token_t *t; 1107ca0716f5SRobert Watson u_char *dptr = NULL; 1108ca0716f5SRobert Watson 1109ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); 1110ca0716f5SRobert Watson if (t == NULL) 1111ca0716f5SRobert Watson return (NULL); 1112ca0716f5SRobert Watson 1113ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT32); 1114ca0716f5SRobert Watson ADD_U_INT32(dptr, auid); 1115ca0716f5SRobert Watson ADD_U_INT32(dptr, euid); 1116ca0716f5SRobert Watson ADD_U_INT32(dptr, egid); 1117ca0716f5SRobert Watson ADD_U_INT32(dptr, ruid); 1118ca0716f5SRobert Watson ADD_U_INT32(dptr, rgid); 1119ca0716f5SRobert Watson ADD_U_INT32(dptr, pid); 1120ca0716f5SRobert Watson ADD_U_INT32(dptr, sid); 1121ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->port); 1122506764c6SRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 1123ca0716f5SRobert Watson 1124ca0716f5SRobert Watson return (t); 1125ca0716f5SRobert Watson } 1126ca0716f5SRobert Watson 1127ca0716f5SRobert Watson token_t * 1128ca0716f5SRobert Watson au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 1129ca0716f5SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 1130ca0716f5SRobert Watson { 1131bc168a6cSRobert Watson token_t *t; 1132bc168a6cSRobert Watson u_char *dptr = NULL; 1133ca0716f5SRobert Watson 1134bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + 1135bc168a6cSRobert Watson sizeof(u_int64_t) + sizeof(u_int32_t)); 1136bc168a6cSRobert Watson if (t == NULL) 1137ca0716f5SRobert Watson return (NULL); 1138bc168a6cSRobert Watson 1139bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT64); 1140bc168a6cSRobert Watson ADD_U_INT32(dptr, auid); 1141bc168a6cSRobert Watson ADD_U_INT32(dptr, euid); 1142bc168a6cSRobert Watson ADD_U_INT32(dptr, egid); 1143bc168a6cSRobert Watson ADD_U_INT32(dptr, ruid); 1144bc168a6cSRobert Watson ADD_U_INT32(dptr, rgid); 1145bc168a6cSRobert Watson ADD_U_INT32(dptr, pid); 1146bc168a6cSRobert Watson ADD_U_INT32(dptr, sid); 1147bc168a6cSRobert Watson ADD_U_INT64(dptr, tid->port); 1148bc168a6cSRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 1149bc168a6cSRobert Watson 1150bc168a6cSRobert Watson return (t); 1151ca0716f5SRobert Watson } 1152ca0716f5SRobert Watson 1153ca0716f5SRobert Watson token_t * 1154ca0716f5SRobert Watson au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 1155ca0716f5SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 1156ca0716f5SRobert Watson { 1157ca0716f5SRobert Watson 1158ca0716f5SRobert Watson return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 1159ca0716f5SRobert Watson tid)); 1160ca0716f5SRobert Watson } 1161ca0716f5SRobert Watson 1162ca0716f5SRobert Watson /* 1163ca0716f5SRobert Watson * token ID 1 byte 1164ca0716f5SRobert Watson * audit ID 4 bytes 1165ca0716f5SRobert Watson * effective user ID 4 bytes 1166ca0716f5SRobert Watson * effective group ID 4 bytes 1167ca0716f5SRobert Watson * real user ID 4 bytes 1168ca0716f5SRobert Watson * real group ID 4 bytes 1169ca0716f5SRobert Watson * process ID 4 bytes 1170ca0716f5SRobert Watson * session ID 4 bytes 1171ca0716f5SRobert Watson * terminal ID 1172ca0716f5SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 1173ca0716f5SRobert Watson * address type/length 4 bytes 1174ca0716f5SRobert Watson * machine address 16 bytes 1175ca0716f5SRobert Watson */ 1176ca0716f5SRobert Watson token_t * 1177ca0716f5SRobert Watson au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 1178ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 1179ca0716f5SRobert Watson { 1180ca0716f5SRobert Watson token_t *t; 1181ca0716f5SRobert Watson u_char *dptr = NULL; 1182ca0716f5SRobert Watson 1183d9af45c4SRobert Watson if (tid->at_type == AU_IPv4) 1184d9af45c4SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * 1185d9af45c4SRobert Watson sizeof(u_int32_t)); 1186d9af45c4SRobert Watson else if (tid->at_type == AU_IPv6) 1187d9af45c4SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * 1188d9af45c4SRobert Watson sizeof(u_int32_t)); 1189d9af45c4SRobert Watson else { 1190d9af45c4SRobert Watson errno = EINVAL; 1191d9af45c4SRobert Watson return (NULL); 1192d9af45c4SRobert Watson } 1193ca0716f5SRobert Watson if (t == NULL) 1194ca0716f5SRobert Watson return (NULL); 1195ca0716f5SRobert Watson 1196ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT32_EX); 1197ca0716f5SRobert Watson ADD_U_INT32(dptr, auid); 1198ca0716f5SRobert Watson ADD_U_INT32(dptr, euid); 1199ca0716f5SRobert Watson ADD_U_INT32(dptr, egid); 1200ca0716f5SRobert Watson ADD_U_INT32(dptr, ruid); 1201ca0716f5SRobert Watson ADD_U_INT32(dptr, rgid); 1202ca0716f5SRobert Watson ADD_U_INT32(dptr, pid); 1203ca0716f5SRobert Watson ADD_U_INT32(dptr, sid); 1204ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->at_port); 1205ca0716f5SRobert Watson ADD_U_INT32(dptr, tid->at_type); 1206bc168a6cSRobert Watson if (tid->at_type == AU_IPv6) 1207bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); 1208bc168a6cSRobert Watson else 1209bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 1210ca0716f5SRobert Watson 1211ca0716f5SRobert Watson return (t); 1212ca0716f5SRobert Watson } 1213ca0716f5SRobert Watson 1214ca0716f5SRobert Watson token_t * 1215ca0716f5SRobert Watson au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 1216ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 1217ca0716f5SRobert Watson { 1218bc168a6cSRobert Watson token_t *t; 1219bc168a6cSRobert Watson u_char *dptr = NULL; 1220ca0716f5SRobert Watson 1221bc168a6cSRobert Watson if (tid->at_type == AU_IPv4) 1222bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 1223bc168a6cSRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 1224bc168a6cSRobert Watson 2 * sizeof(u_int32_t)); 1225bc168a6cSRobert Watson else if (tid->at_type == AU_IPv6) 1226bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 1227bc168a6cSRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 1228bc168a6cSRobert Watson 5 * sizeof(u_int32_t)); 1229bc168a6cSRobert Watson else { 1230bc168a6cSRobert Watson errno = EINVAL; 1231ca0716f5SRobert Watson return (NULL); 1232ca0716f5SRobert Watson } 1233bc168a6cSRobert Watson if (t == NULL) 1234bc168a6cSRobert Watson return (NULL); 1235bc168a6cSRobert Watson 1236bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT64_EX); 1237bc168a6cSRobert Watson ADD_U_INT32(dptr, auid); 1238bc168a6cSRobert Watson ADD_U_INT32(dptr, euid); 1239bc168a6cSRobert Watson ADD_U_INT32(dptr, egid); 1240bc168a6cSRobert Watson ADD_U_INT32(dptr, ruid); 1241bc168a6cSRobert Watson ADD_U_INT32(dptr, rgid); 1242bc168a6cSRobert Watson ADD_U_INT32(dptr, pid); 1243bc168a6cSRobert Watson ADD_U_INT32(dptr, sid); 1244bc168a6cSRobert Watson ADD_U_INT64(dptr, tid->at_port); 1245bc168a6cSRobert Watson ADD_U_INT32(dptr, tid->at_type); 1246bc168a6cSRobert Watson if (tid->at_type == AU_IPv6) 1247bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); 1248bc168a6cSRobert Watson else 1249bc168a6cSRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 1250bc168a6cSRobert Watson 1251bc168a6cSRobert Watson return (t); 1252bc168a6cSRobert Watson } 1253ca0716f5SRobert Watson 1254ca0716f5SRobert Watson token_t * 1255ca0716f5SRobert Watson au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 1256ca0716f5SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 1257ca0716f5SRobert Watson { 1258ca0716f5SRobert Watson 1259ca0716f5SRobert Watson return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid, 1260ca0716f5SRobert Watson tid)); 1261ca0716f5SRobert Watson } 1262ca0716f5SRobert Watson 12633b97a967SRobert Watson #if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) 1264ca0716f5SRobert Watson /* 126552267f74SRobert Watson * Collects audit information for the current process and creates a subject 126652267f74SRobert Watson * token from it. 1267ca0716f5SRobert Watson */ 1268ca0716f5SRobert Watson token_t * 1269ca0716f5SRobert Watson au_to_me(void) 1270ca0716f5SRobert Watson { 1271ca0716f5SRobert Watson auditinfo_t auinfo; 1272ca0716f5SRobert Watson 1273ca0716f5SRobert Watson if (getaudit(&auinfo) != 0) 1274ca0716f5SRobert Watson return (NULL); 1275ca0716f5SRobert Watson 1276ca0716f5SRobert Watson return (au_to_subject32(auinfo.ai_auid, geteuid(), getegid(), 1277ca0716f5SRobert Watson getuid(), getgid(), getpid(), auinfo.ai_asid, &auinfo.ai_termid)); 1278ca0716f5SRobert Watson } 1279ca0716f5SRobert Watson #endif 1280ca0716f5SRobert Watson 1281ca0716f5SRobert Watson /* 1282ca0716f5SRobert Watson * token ID 1 byte 1283ca0716f5SRobert Watson * count 4 bytes 1284ca0716f5SRobert Watson * text count null-terminated strings 1285ca0716f5SRobert Watson */ 1286ca0716f5SRobert Watson token_t * 128785feadf6SRobert Watson au_to_exec_args(char **argv) 1288ca0716f5SRobert Watson { 1289ca0716f5SRobert Watson token_t *t; 1290ca0716f5SRobert Watson u_char *dptr = NULL; 1291ca0716f5SRobert Watson const char *nextarg; 1292ca0716f5SRobert Watson int i, count = 0; 1293ca0716f5SRobert Watson size_t totlen = 0; 1294ca0716f5SRobert Watson 129522ccb20dSRobert Watson nextarg = *argv; 1296ca0716f5SRobert Watson 1297ca0716f5SRobert Watson while (nextarg != NULL) { 1298ca0716f5SRobert Watson int nextlen; 1299ca0716f5SRobert Watson 1300ca0716f5SRobert Watson nextlen = strlen(nextarg); 1301ca0716f5SRobert Watson totlen += nextlen + 1; 1302ca0716f5SRobert Watson count++; 130322ccb20dSRobert Watson nextarg = *(argv + count); 1304ca0716f5SRobert Watson } 1305ca0716f5SRobert Watson 1306ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 1307ca0716f5SRobert Watson if (t == NULL) 1308ca0716f5SRobert Watson return (NULL); 1309ca0716f5SRobert Watson 1310ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_EXEC_ARGS); 1311ca0716f5SRobert Watson ADD_U_INT32(dptr, count); 1312ca0716f5SRobert Watson 1313ca0716f5SRobert Watson for (i = 0; i < count; i++) { 131422ccb20dSRobert Watson nextarg = *(argv + i); 1315ca0716f5SRobert Watson ADD_MEM(dptr, nextarg, strlen(nextarg) + 1); 1316ca0716f5SRobert Watson } 1317ca0716f5SRobert Watson 1318ca0716f5SRobert Watson return (t); 1319ca0716f5SRobert Watson } 1320ca0716f5SRobert Watson 1321ca0716f5SRobert Watson /* 1322ca0716f5SRobert Watson * token ID 1 byte 1323ca0716f5SRobert Watson * count 4 bytes 1324ca0716f5SRobert Watson * text count null-terminated strings 1325ca0716f5SRobert Watson */ 1326ca0716f5SRobert Watson token_t * 132785feadf6SRobert Watson au_to_exec_env(char **envp) 1328ca0716f5SRobert Watson { 1329ca0716f5SRobert Watson token_t *t; 1330ca0716f5SRobert Watson u_char *dptr = NULL; 1331ca0716f5SRobert Watson int i, count = 0; 1332ca0716f5SRobert Watson size_t totlen = 0; 1333ca0716f5SRobert Watson const char *nextenv; 1334ca0716f5SRobert Watson 133522ccb20dSRobert Watson nextenv = *envp; 1336ca0716f5SRobert Watson 1337ca0716f5SRobert Watson while (nextenv != NULL) { 1338ca0716f5SRobert Watson int nextlen; 1339ca0716f5SRobert Watson 1340ca0716f5SRobert Watson nextlen = strlen(nextenv); 1341ca0716f5SRobert Watson totlen += nextlen + 1; 1342ca0716f5SRobert Watson count++; 134322ccb20dSRobert Watson nextenv = *(envp + count); 1344ca0716f5SRobert Watson } 1345ca0716f5SRobert Watson 1346ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 1347ca0716f5SRobert Watson if (t == NULL) 1348ca0716f5SRobert Watson return (NULL); 1349ca0716f5SRobert Watson 1350ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_EXEC_ENV); 1351ca0716f5SRobert Watson ADD_U_INT32(dptr, count); 1352ca0716f5SRobert Watson 1353ca0716f5SRobert Watson for (i = 0; i < count; i++) { 135422ccb20dSRobert Watson nextenv = *(envp + i); 1355ca0716f5SRobert Watson ADD_MEM(dptr, nextenv, strlen(nextenv) + 1); 1356ca0716f5SRobert Watson } 1357ca0716f5SRobert Watson 1358ca0716f5SRobert Watson return (t); 1359ca0716f5SRobert Watson } 1360ca0716f5SRobert Watson 1361ca0716f5SRobert Watson /* 1362ca0716f5SRobert Watson * token ID 1 byte 13637a0a89d2SRobert Watson * zonename length 2 bytes 13647a0a89d2SRobert Watson * zonename N bytes + 1 terminating NULL byte 13657a0a89d2SRobert Watson */ 13667a0a89d2SRobert Watson token_t * 13677a0a89d2SRobert Watson au_to_zonename(const char *zonename) 13687a0a89d2SRobert Watson { 13697a0a89d2SRobert Watson u_char *dptr = NULL; 13707a0a89d2SRobert Watson u_int16_t textlen; 13717a0a89d2SRobert Watson token_t *t; 13727a0a89d2SRobert Watson 13737a0a89d2SRobert Watson textlen = strlen(zonename) + 1; 13747a0a89d2SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 13757a0a89d2SRobert Watson if (t == NULL) 13767a0a89d2SRobert Watson return (NULL); 13777a0a89d2SRobert Watson 13787a0a89d2SRobert Watson ADD_U_CHAR(dptr, AUT_ZONENAME); 13797a0a89d2SRobert Watson ADD_U_INT16(dptr, textlen); 13807a0a89d2SRobert Watson ADD_STRING(dptr, zonename, textlen); 13817a0a89d2SRobert Watson return (t); 13827a0a89d2SRobert Watson } 13837a0a89d2SRobert Watson 13847a0a89d2SRobert Watson /* 13857a0a89d2SRobert Watson * token ID 1 byte 1386ca0716f5SRobert Watson * record byte count 4 bytes 1387ca0716f5SRobert Watson * version # 1 byte [2] 1388ca0716f5SRobert Watson * event type 2 bytes 1389ca0716f5SRobert Watson * event modifier 2 bytes 1390ca0716f5SRobert Watson * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1391ca0716f5SRobert Watson * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1392ca0716f5SRobert Watson */ 1393ca0716f5SRobert Watson token_t * 1394506764c6SRobert Watson au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 1395ca0716f5SRobert Watson struct timeval tm) 1396ca0716f5SRobert Watson { 1397ca0716f5SRobert Watson token_t *t; 1398ca0716f5SRobert Watson u_char *dptr = NULL; 1399ca0716f5SRobert Watson u_int32_t timems; 1400ca0716f5SRobert Watson 1401ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 1402ca0716f5SRobert Watson sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); 1403ca0716f5SRobert Watson if (t == NULL) 1404ca0716f5SRobert Watson return (NULL); 1405ca0716f5SRobert Watson 1406ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_HEADER32); 1407ca0716f5SRobert Watson ADD_U_INT32(dptr, rec_size); 140822ccb20dSRobert Watson ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 1409ca0716f5SRobert Watson ADD_U_INT16(dptr, e_type); 1410ca0716f5SRobert Watson ADD_U_INT16(dptr, e_mod); 1411ca0716f5SRobert Watson 1412ca0716f5SRobert Watson timems = tm.tv_usec/1000; 1413ca0716f5SRobert Watson /* Add the timestamp */ 1414ca0716f5SRobert Watson ADD_U_INT32(dptr, tm.tv_sec); 1415ca0716f5SRobert Watson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 1416ca0716f5SRobert Watson 1417ca0716f5SRobert Watson return (t); 1418ca0716f5SRobert Watson } 1419ca0716f5SRobert Watson 142052267f74SRobert Watson /* 142152267f74SRobert Watson * token ID 1 byte 142252267f74SRobert Watson * record byte count 4 bytes 142352267f74SRobert Watson * version # 1 byte [2] 142452267f74SRobert Watson * event type 2 bytes 142552267f74SRobert Watson * event modifier 2 bytes 142652267f74SRobert Watson * address type/length 4 bytes 142752267f74SRobert Watson * machine address 4 bytes/16 bytes (IPv4/IPv6 address) 142852267f74SRobert Watson * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 142952267f74SRobert Watson * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 143052267f74SRobert Watson */ 143152267f74SRobert Watson token_t * 143252267f74SRobert Watson au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 143352267f74SRobert Watson struct timeval tm, struct auditinfo_addr *aia) 143452267f74SRobert Watson { 143552267f74SRobert Watson token_t *t; 143652267f74SRobert Watson u_char *dptr = NULL; 14377a0a89d2SRobert Watson u_int32_t timems; 14387a0a89d2SRobert Watson au_tid_addr_t *tid; 143952267f74SRobert Watson 14407a0a89d2SRobert Watson tid = &aia->ai_termid; 144152267f74SRobert Watson if (tid->at_type != AU_IPv4 && tid->at_type != AU_IPv6) 144252267f74SRobert Watson return (NULL); 144352267f74SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 144452267f74SRobert Watson sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * 144552267f74SRobert Watson sizeof(u_int32_t) + tid->at_type); 144652267f74SRobert Watson if (t == NULL) 144752267f74SRobert Watson return (NULL); 144852267f74SRobert Watson 144952267f74SRobert Watson ADD_U_CHAR(dptr, AUT_HEADER32_EX); 145052267f74SRobert Watson ADD_U_INT32(dptr, rec_size); 145152267f74SRobert Watson ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 145252267f74SRobert Watson ADD_U_INT16(dptr, e_type); 145352267f74SRobert Watson ADD_U_INT16(dptr, e_mod); 145452267f74SRobert Watson 145552267f74SRobert Watson ADD_U_INT32(dptr, tid->at_type); 145652267f74SRobert Watson if (tid->at_type == AU_IPv6) 145752267f74SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); 145852267f74SRobert Watson else 145952267f74SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 146052267f74SRobert Watson timems = tm.tv_usec/1000; 146152267f74SRobert Watson /* Add the timestamp */ 146252267f74SRobert Watson ADD_U_INT32(dptr, tm.tv_sec); 146352267f74SRobert Watson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 146452267f74SRobert Watson 146552267f74SRobert Watson return (t); 146652267f74SRobert Watson } 146752267f74SRobert Watson 1468bc168a6cSRobert Watson token_t * 1469bc168a6cSRobert Watson au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 1470bc168a6cSRobert Watson struct timeval tm) 1471bc168a6cSRobert Watson { 1472bc168a6cSRobert Watson token_t *t; 1473bc168a6cSRobert Watson u_char *dptr = NULL; 1474bc168a6cSRobert Watson u_int32_t timems; 1475bc168a6cSRobert Watson 1476bc168a6cSRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 1477bc168a6cSRobert Watson sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t)); 1478bc168a6cSRobert Watson if (t == NULL) 1479bc168a6cSRobert Watson return (NULL); 1480bc168a6cSRobert Watson 1481bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUT_HEADER64); 1482bc168a6cSRobert Watson ADD_U_INT32(dptr, rec_size); 1483bc168a6cSRobert Watson ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 1484bc168a6cSRobert Watson ADD_U_INT16(dptr, e_type); 1485bc168a6cSRobert Watson ADD_U_INT16(dptr, e_mod); 1486bc168a6cSRobert Watson 1487bc168a6cSRobert Watson timems = tm.tv_usec/1000; 1488bc168a6cSRobert Watson /* Add the timestamp */ 1489bc168a6cSRobert Watson ADD_U_INT64(dptr, tm.tv_sec); 1490bc168a6cSRobert Watson ADD_U_INT64(dptr, timems); /* We need time in ms. */ 1491bc168a6cSRobert Watson 1492bc168a6cSRobert Watson return (t); 1493bc168a6cSRobert Watson } 1494bc168a6cSRobert Watson 1495506764c6SRobert Watson #if !defined(KERNEL) && !defined(_KERNEL) 149652267f74SRobert Watson #ifdef HAVE_AUDIT_SYSCALLS 149752267f74SRobert Watson token_t * 149852267f74SRobert Watson au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) 149952267f74SRobert Watson { 150052267f74SRobert Watson struct timeval tm; 150152267f74SRobert Watson struct auditinfo_addr aia; 150252267f74SRobert Watson 150352267f74SRobert Watson if (gettimeofday(&tm, NULL) == -1) 150452267f74SRobert Watson return (NULL); 150552267f74SRobert Watson if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) { 150652267f74SRobert Watson if (errno != ENOSYS) 150752267f74SRobert Watson return (NULL); 150852267f74SRobert Watson return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); 150952267f74SRobert Watson } 151052267f74SRobert Watson return (au_to_header32_ex_tm(rec_size, e_type, e_mod, tm, &aia)); 151152267f74SRobert Watson } 151252267f74SRobert Watson #endif /* HAVE_AUDIT_SYSCALLS */ 151352267f74SRobert Watson 1514506764c6SRobert Watson token_t * 1515506764c6SRobert Watson au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) 1516506764c6SRobert Watson { 1517506764c6SRobert Watson struct timeval tm; 1518506764c6SRobert Watson 1519506764c6SRobert Watson if (gettimeofday(&tm, NULL) == -1) 1520506764c6SRobert Watson return (NULL); 1521506764c6SRobert Watson return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); 1522506764c6SRobert Watson } 1523506764c6SRobert Watson 1524ca0716f5SRobert Watson token_t * 1525ca0716f5SRobert Watson au_to_header64(__unused int rec_size, __unused au_event_t e_type, 1526ca0716f5SRobert Watson __unused au_emod_t e_mod) 1527ca0716f5SRobert Watson { 1528bc168a6cSRobert Watson struct timeval tm; 1529ca0716f5SRobert Watson 1530bc168a6cSRobert Watson if (gettimeofday(&tm, NULL) == -1) 1531ca0716f5SRobert Watson return (NULL); 1532bc168a6cSRobert Watson return (au_to_header64_tm(rec_size, e_type, e_mod, tm)); 1533ca0716f5SRobert Watson } 1534ca0716f5SRobert Watson 1535ca0716f5SRobert Watson token_t * 1536ca0716f5SRobert Watson au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) 1537ca0716f5SRobert Watson { 1538ca0716f5SRobert Watson 1539ca0716f5SRobert Watson return (au_to_header32(rec_size, e_type, e_mod)); 1540ca0716f5SRobert Watson } 154152267f74SRobert Watson 154252267f74SRobert Watson #ifdef HAVE_AUDIT_SYSCALLS 154352267f74SRobert Watson token_t * 154452267f74SRobert Watson au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) 154552267f74SRobert Watson { 154652267f74SRobert Watson 154752267f74SRobert Watson return (au_to_header32_ex(rec_size, e_type, e_mod)); 154852267f74SRobert Watson } 154952267f74SRobert Watson #endif /* HAVE_AUDIT_SYSCALLS */ 155052267f74SRobert Watson #endif /* !defined(KERNEL) && !defined(_KERNEL) */ 1551ca0716f5SRobert Watson 1552ca0716f5SRobert Watson /* 1553ca0716f5SRobert Watson * token ID 1 byte 1554ca0716f5SRobert Watson * trailer magic number 2 bytes 1555ca0716f5SRobert Watson * record byte count 4 bytes 1556ca0716f5SRobert Watson */ 1557ca0716f5SRobert Watson token_t * 1558ca0716f5SRobert Watson au_to_trailer(int rec_size) 1559ca0716f5SRobert Watson { 1560ca0716f5SRobert Watson token_t *t; 1561ca0716f5SRobert Watson u_char *dptr = NULL; 15627a0a89d2SRobert Watson u_int16_t magic = AUT_TRAILER_MAGIC; 1563ca0716f5SRobert Watson 1564ca0716f5SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 1565ca0716f5SRobert Watson sizeof(u_int32_t)); 1566ca0716f5SRobert Watson if (t == NULL) 1567ca0716f5SRobert Watson return (NULL); 1568ca0716f5SRobert Watson 1569ca0716f5SRobert Watson ADD_U_CHAR(dptr, AUT_TRAILER); 1570ca0716f5SRobert Watson ADD_U_INT16(dptr, magic); 1571ca0716f5SRobert Watson ADD_U_INT32(dptr, rec_size); 1572ca0716f5SRobert Watson 1573ca0716f5SRobert Watson return (t); 1574ca0716f5SRobert Watson } 1575