xref: /freebsd/contrib/openbsm/test/bsm/generate.c (revision 39ee7a7a6bdd1557b1c3532abf60d139798ac88b)
1 /*-
2  * Copyright (c) 2006-2007 Robert N. M. Watson
3  * Copyright (c) 2008 Apple Inc.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  *
27  * $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#14 $
28  */
29 
30 /*
31  * Generate a series of BSM token samples in the requested directory.
32  */
33 
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/stat.h>
37 
38 #include <netinet/in.h>
39 #include <netinet/in_systm.h>
40 #include <netinet/ip.h>
41 
42 #include <arpa/inet.h>
43 
44 #include <bsm/audit_kevents.h>
45 #include <bsm/libbsm.h>
46 
47 #include <err.h>
48 #include <errno.h>
49 #include <fcntl.h>
50 #include <limits.h>
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <string.h>
54 #include <sysexits.h>
55 #include <unistd.h>
56 
57 static int	do_records, do_tokens;
58 
59 static void
60 usage(void)
61 {
62 
63 	fprintf(stderr, "generate [-rt] path\n");
64 	exit(EX_USAGE);
65 }
66 
67 static int
68 open_file(const char *directory, const char *name)
69 {
70 	char pathname[PATH_MAX];
71 	int fd;
72 
73 	snprintf(pathname, PATH_MAX, "%s/%s", directory, name);
74 	(void)unlink(pathname);
75 	fd = open(pathname, O_WRONLY | O_CREAT | O_EXCL, 0600);
76 	if (fd < 0)
77 		err(EX_CANTCREAT, "open: %s", name);
78 	return (fd);
79 }
80 
81 static void
82 write_file(int fd, void *buffer, size_t buflen, const char *filename)
83 {
84 	ssize_t len;
85 
86 	len = write(fd, buffer, buflen);
87 	if (len < 0)
88 		err(EX_OSERR, "write_file: %s", filename);
89 	if (len < buflen)
90 		err(EX_OSERR, "write_file: short write: %s", filename);
91 }
92 
93 /*
94  * Write a single token to a file.
95  */
96 static void
97 write_token(const char *directory, const char *filename, token_t *tok)
98 {
99 	u_char buffer[MAX_AUDIT_RECORD_SIZE];
100 	size_t buflen;
101 	int fd;
102 
103 	buflen = MAX_AUDIT_RECORD_SIZE;
104 	if (au_close_token(tok, buffer, &buflen) < 0)
105 		err(EX_UNAVAILABLE, "au_close_token");
106 	fd = open_file(directory, filename);
107 	write_file(fd, buffer, buflen, filename);
108 	close(fd);
109 }
110 
111 /*
112  * Write a token to a file, wrapped in audit record header and trailer.
113  */
114 static void
115 write_record(const char *directory, const char *filename, token_t *tok,
116     short event)
117 {
118 	u_char buffer[MAX_AUDIT_RECORD_SIZE];
119 	size_t buflen;
120 	int au, fd;
121 
122 	au = au_open();
123 	if (au < 0)
124 		err(EX_UNAVAILABLE, "au_open");
125 	if (au_write(au, tok) < 0)
126 		err(EX_UNAVAILABLE, "au_write");
127 	buflen = MAX_AUDIT_RECORD_SIZE;
128 	if (au_close_buffer(au, event, buffer, &buflen) < 0)
129 		err(EX_UNAVAILABLE, "au_close_buffer");
130 	fd = open_file(directory, filename);
131 	write_file(fd, buffer, buflen, filename);
132 	close(fd);
133 }
134 
135 static struct timeval	 file_token_timeval = { 0x12345, 0x67890} ;
136 
137 static void
138 generate_file_token(const char *directory, const char *token_filename)
139 {
140 	token_t *file_token;
141 
142 	file_token = au_to_file("test", file_token_timeval);
143 	if (file_token == NULL)
144 		err(EX_UNAVAILABLE, "au_to_file");
145 	write_token(directory, token_filename, file_token);
146 }
147 
148 static void
149 generate_file_record(const char *directory, const char *record_filename)
150 {
151 	token_t *file_token;
152 
153 	file_token = au_to_file("test", file_token_timeval);
154 	if (file_token == NULL)
155 		err(EX_UNAVAILABLE, "au_to_file");
156 	write_record(directory, record_filename, file_token, AUE_NULL);
157 }
158 
159 /*
160  * AUT_OHEADER
161  */
162 
163 static int		 trailer_token_len = 0x12345678;
164 
165 static void
166 generate_trailer_token(const char *directory, const char *token_filename)
167 {
168 	token_t *trailer_token;
169 
170 	trailer_token = au_to_trailer(trailer_token_len);
171 	if (trailer_token == NULL)
172 		err(EX_UNAVAILABLE, "au_to_trailer");
173 	write_token(directory, token_filename, trailer_token);
174 }
175 
176 static int		 header32_token_len = 0x12345678;
177 static au_event_t	 header32_e_type = AUE_OPEN;
178 static au_emod_t	 header32_e_mod = 0x4567;
179 static struct timeval	 header32_tm = { 0x12345, 0x67890 };
180 
181 static void
182 generate_header32_token(const char *directory, const char *token_filename)
183 {
184 	token_t *header32_token;
185 
186 	header32_token = au_to_header32_tm(header32_token_len,
187 	    header32_e_type, header32_e_mod, header32_tm);
188 	if (header32_token == NULL)
189 		err(EX_UNAVAILABLE, "au_to_header32");
190 	write_token(directory, token_filename, header32_token);
191 }
192 
193 /*
194  * AUT_HEADER32_EX
195  */
196 
197 static char		 data_token_unit_print = AUP_STRING;
198 static char		 data_token_unit_type = AUR_CHAR;
199 static char		*data_token_data = "SomeData";
200 static char		 data_token_unit_count = sizeof("SomeData") + 1;
201 
202 static void
203 generate_data_token(const char *directory, const char *token_filename)
204 {
205 	token_t *data_token;
206 
207 	data_token = au_to_data(data_token_unit_print, data_token_unit_type,
208 	    data_token_unit_count, data_token_data);
209 	if (data_token == NULL)
210 		err(EX_UNAVAILABLE, "au_to_data");
211 	write_token(directory, token_filename, data_token);
212 }
213 
214 static void
215 generate_data_record(const char *directory, const char *record_filename)
216 {
217 	token_t *data_token;
218 
219 	data_token = au_to_data(data_token_unit_print, data_token_unit_type,
220 	    data_token_unit_count, data_token_data);
221 	if (data_token == NULL)
222 		err(EX_UNAVAILABLE, "au_to_data");
223 	write_record(directory, record_filename, data_token, AUE_NULL);
224 }
225 
226 static char		 ipc_type = AT_IPC_MSG;
227 static int		 ipc_id = 0x12345678;
228 
229 static void
230 generate_ipc_token(const char *directory, const char *token_filename)
231 {
232 	token_t *ipc_token;
233 
234 	ipc_token = au_to_ipc(ipc_type, ipc_id);
235 	if (ipc_token == NULL)
236 		err(EX_UNAVAILABLE, "au_to_ipc");
237 	write_token(directory, token_filename, ipc_token);
238 }
239 
240 static void
241 generate_ipc_record(const char *directory, const char *record_filename)
242 {
243 	token_t *ipc_token;
244 
245 	ipc_token = au_to_ipc(ipc_type, ipc_id);
246 	if (ipc_token == NULL)
247 		err(EX_UNAVAILABLE, "au_to_ipc");
248 	write_record(directory, record_filename, ipc_token, AUE_NULL);
249 }
250 
251 static char		*path_token_path = "/test/this/is/a/test";
252 
253 static void
254 generate_path_token(const char *directory, const char *token_filename)
255 {
256 	token_t *path_token;
257 
258 	path_token = au_to_path(path_token_path);
259 	if (path_token == NULL)
260 		err(EX_UNAVAILABLE, "au_to_path");
261 	write_token(directory, token_filename, path_token);
262 }
263 
264 static void
265 generate_path_record(const char *directory, const char *record_filename)
266 {
267 	token_t *path_token;
268 
269 	path_token = au_to_path(path_token_path);
270 	if (path_token == NULL)
271 		err(EX_UNAVAILABLE, "au_to_path");
272 	write_record(directory, record_filename, path_token, AUE_NULL);
273 }
274 
275 static au_id_t		 subject32_auid = 0x12345678;
276 static uid_t		 subject32_euid = 0x01234567;
277 static gid_t		 subject32_egid = 0x23456789;
278 static uid_t		 subject32_ruid = 0x98765432;
279 static gid_t		 subject32_rgid = 0x09876543;
280 static pid_t		 subject32_pid = 0x13243546;
281 static au_asid_t	 subject32_sid = 0x97867564;
282 static au_tid_t		 subject32_tid = { 0x16593746 };
283 static au_tid_addr_t	 subject32_tid_addr = { 0x16593746 };
284 
285 static void
286 generate_subject32_token(const char *directory, const char *token_filename)
287 {
288 	token_t *subject32_token;
289 
290 	subject32_tid.machine = inet_addr("127.0.0.1");
291 
292 	subject32_token = au_to_subject32(subject32_auid, subject32_euid,
293 	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
294 	    subject32_sid, &subject32_tid);
295 	if (subject32_token == NULL)
296 		err(EX_UNAVAILABLE, "au_to_subject32");
297 	write_token(directory, token_filename, subject32_token);
298 }
299 
300 static void
301 generate_subject32_record(const char *directory, const char *record_filename)
302 {
303 	token_t *subject32_token;
304 
305 	subject32_tid.machine = inet_addr("127.0.0.1");
306 
307 	subject32_token = au_to_subject32(subject32_auid, subject32_euid,
308 	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
309 	    subject32_sid, &subject32_tid);
310 	if (subject32_token == NULL)
311 		err(EX_UNAVAILABLE, "au_to_subject32");
312 	write_record(directory, record_filename, subject32_token, AUE_NULL);
313 }
314 
315 static void
316 generate_subject32ex_token(const char *directory, const char *token_filename,
317     u_int32_t type)
318 {
319 	token_t *subject32ex_token;
320 	char *buf;
321 
322 	buf = (char *)malloc(strlen(token_filename) + 6);
323 	if (type == AU_IPv6) {
324 		inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr);
325 		subject32_tid_addr.at_type = AU_IPv6;
326 		sprintf(buf, "%s%s", token_filename, "-IPv6");
327 	} else {
328 		subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
329 		subject32_tid_addr.at_type = AU_IPv4;
330 		sprintf(buf, "%s%s", token_filename, "-IPv4");
331 	}
332 
333 	subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid,
334 	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
335 	    subject32_sid, &subject32_tid_addr);
336 	if (subject32ex_token == NULL)
337 		err(EX_UNAVAILABLE, "au_to_subject32_ex");
338 	write_token(directory, buf, subject32ex_token);
339 	free(buf);
340 }
341 
342 static void
343 generate_subject32ex_record(const char *directory, const char *record_filename,
344     u_int32_t type)
345 {
346 	token_t *subject32ex_token;
347 	char *buf;
348 
349 	buf = (char *)malloc(strlen(record_filename) + 6);
350 	if (type == AU_IPv6) {
351 		inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr);
352 		subject32_tid_addr.at_type = AU_IPv6;
353 		sprintf(buf, "%s%s", record_filename, "-IPv6");
354 	} else {
355 		subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
356 		subject32_tid_addr.at_type = AU_IPv4;
357 		sprintf(buf, "%s%s", record_filename, "-IPv4");
358 	}
359 
360 	subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid,
361 	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
362 	    subject32_sid, &subject32_tid_addr);
363 	if (subject32ex_token == NULL)
364 		err(EX_UNAVAILABLE, "au_to_subject32_ex");
365 	write_record(directory, record_filename, subject32ex_token, AUE_NULL);
366 	free(buf);
367 }
368 
369 static au_id_t		 process32_auid = 0x12345678;
370 static uid_t		 process32_euid = 0x01234567;
371 static gid_t		 process32_egid = 0x23456789;
372 static uid_t		 process32_ruid = 0x98765432;
373 static gid_t		 process32_rgid = 0x09876543;
374 static pid_t		 process32_pid = 0x13243546;
375 static au_asid_t	 process32_sid = 0x97867564;
376 static au_tid_t		 process32_tid = { 0x16593746 };
377 static au_tid_addr_t	 process32_tid_addr = { 0x16593746 };
378 
379 static void
380 generate_process32_token(const char *directory, const char *token_filename)
381 {
382 	token_t *process32_token;
383 
384 	process32_tid.machine = inet_addr("127.0.0.1");
385 
386 	process32_token = au_to_process32(process32_auid, process32_euid,
387 	    process32_egid, process32_ruid, process32_rgid, process32_pid,
388 	    process32_sid, &process32_tid);
389 	if (process32_token == NULL)
390 		err(EX_UNAVAILABLE, "au_to_process32");
391 	write_token(directory, token_filename, process32_token);
392 }
393 
394 static void
395 generate_process32_record(const char *directory, const char *record_filename)
396 {
397 	token_t *process32_token;
398 
399 	process32_tid.machine = inet_addr("127.0.0.1");
400 
401 	process32_token = au_to_process32(process32_auid, process32_euid,
402 	    process32_egid, process32_ruid, process32_rgid, process32_pid,
403 	    process32_sid, &process32_tid);
404 	if (process32_token == NULL)
405 		err(EX_UNAVAILABLE, "au_ti_process32");
406 	write_record(directory, record_filename, process32_token, AUE_NULL);
407 }
408 
409 static void
410 generate_process32ex_token(const char *directory, const char *token_filename,
411     u_int32_t type)
412 {
413 	token_t *process32ex_token;
414 	char *buf;
415 
416 	buf = (char *)malloc(strlen(token_filename) + 6);
417 	if (type == AU_IPv6) {
418 		inet_pton(AF_INET6, "fe80::1", process32_tid_addr.at_addr);
419 		process32_tid_addr.at_type = AU_IPv6;
420 		sprintf(buf, "%s%s", token_filename, "-IPv6");
421 	} else {
422 		process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
423 		process32_tid_addr.at_type = AU_IPv4;
424 		sprintf(buf, "%s%s", token_filename, "-IPv4");
425 	}
426 
427 	process32ex_token = au_to_process32_ex(process32_auid, process32_euid,
428 	    process32_egid, process32_ruid, process32_rgid, process32_pid,
429 	    process32_sid, &process32_tid_addr);
430 	if (process32ex_token == NULL)
431 		err(EX_UNAVAILABLE, "au_to_process32_ex");
432 	write_token(directory, buf, process32ex_token);
433 	free(buf);
434 }
435 
436 static void
437 generate_process32ex_record(const char *directory, const char *record_filename,
438     u_int32_t type)
439 {
440 	token_t *process32ex_token;
441 	char *buf;
442 
443 	buf = (char *)malloc(strlen(record_filename) + 6);
444 	if (type == AU_IPv6) {
445 		inet_pton(AF_INET6, "fe80::1", process32_tid_addr.at_addr);
446 		process32_tid_addr.at_type = AU_IPv6;
447 		sprintf(buf, "%s%s", record_filename, "-IPv6");
448 	} else {
449 		process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
450 		process32_tid_addr.at_type = AU_IPv4;
451 		sprintf(buf, "%s%s", record_filename, "-IPv4");
452 	}
453 
454 	process32ex_token = au_to_process32_ex(process32_auid, process32_euid,
455 	    process32_egid, process32_ruid, process32_rgid, process32_pid,
456 	    process32_sid, &process32_tid_addr);
457 	if (process32ex_token == NULL)
458 		err(EX_UNAVAILABLE, "au_to_process32_ex");
459 	write_record(directory, buf, process32ex_token, AUE_NULL);
460 	free(buf);
461 }
462 
463 static au_id_t		 process64_auid = 0x12345678;
464 static uid_t		 process64_euid = 0x01234567;
465 static gid_t		 process64_egid = 0x23456789;
466 static uid_t		 process64_ruid = 0x98765432;
467 static gid_t		 process64_rgid = 0x09876543;
468 static pid_t		 process64_pid = 0x13243546;
469 static au_asid_t	 process64_sid = 0x97867564;
470 static au_tid_t		 process64_tid = { 0x16593746 };
471 static au_tid_addr_t	 process64_tid_addr = { 0x16593746 };
472 
473 static void
474 generate_process64_token(const char *directory, const char *token_filename)
475 {
476 	token_t *process64_token;
477 
478 	process64_tid.machine = inet_addr("127.0.0.1");
479 
480 	process64_token = au_to_process64(process64_auid, process64_euid,
481 	    process64_egid, process64_ruid, process64_rgid, process64_pid,
482 	    process64_sid, &process64_tid);
483 	if (process64_token == NULL)
484 		err(EX_UNAVAILABLE, "au_to_process64");
485 	write_token(directory, token_filename, process64_token);
486 }
487 
488 static void
489 generate_process64_record(const char *directory, const char *record_filename)
490 {
491 	token_t *process64_token;
492 
493 	process64_tid.machine = inet_addr("127.0.0.1");
494 
495 	process64_token = au_to_process64(process64_auid, process64_euid,
496 	    process64_egid, process64_ruid, process64_rgid, process64_pid,
497 	    process64_sid, &process64_tid);
498 	if (process64_token == NULL)
499 		err(EX_UNAVAILABLE, "au_ti_process64");
500 	write_record(directory, record_filename, process64_token, AUE_NULL);
501 }
502 
503 static void
504 generate_process64ex_token(const char *directory, const char *token_filename,
505     u_int32_t type)
506 {
507 	token_t *process64ex_token;
508 	char *buf;
509 
510 	buf = (char *)malloc(strlen(token_filename) + 6);
511 	if (type == AU_IPv6) {
512 		inet_pton(AF_INET6, "fe80::1", process64_tid_addr.at_addr);
513 		process64_tid_addr.at_type = AU_IPv6;
514 		sprintf(buf, "%s%s", token_filename, "-IPv6");
515 	} else {
516 		process64_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
517 		process64_tid_addr.at_type = AU_IPv4;
518 		sprintf(buf, "%s%s", token_filename, "-IPv4");
519 	}
520 
521 	process64ex_token = au_to_process64_ex(process64_auid, process64_euid,
522 	    process64_egid, process64_ruid, process64_rgid, process64_pid,
523 	    process64_sid, &process64_tid_addr);
524 	if (process64ex_token == NULL)
525 		err(EX_UNAVAILABLE, "au_to_process64_ex");
526 	write_token(directory, buf, process64ex_token);
527 	free(buf);
528 }
529 
530 static void
531 generate_process64ex_record(const char *directory, const char *record_filename,
532     u_int32_t type)
533 {
534 	token_t *process64ex_token;
535 	char *buf;
536 
537 	buf = (char *)malloc(strlen(record_filename) + 6);
538 	if (type == AU_IPv6) {
539 		inet_pton(AF_INET6, "fe80::1", process64_tid_addr.at_addr);
540 		process64_tid_addr.at_type = AU_IPv6;
541 		sprintf(buf, "%s%s", record_filename, "-IPv6");
542 	} else {
543 		process64_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
544 		process64_tid_addr.at_type = AU_IPv4;
545 		sprintf(buf, "%s%s", record_filename, "-IPv4");
546 	}
547 
548 	process64ex_token = au_to_process64_ex(process64_auid, process64_euid,
549 	    process64_egid, process64_ruid, process64_rgid, process64_pid,
550 	    process64_sid, &process64_tid_addr);
551 	if (process64ex_token == NULL)
552 		err(EX_UNAVAILABLE, "au_to_process64_ex");
553 	write_record(directory, buf, process64ex_token, AUE_NULL);
554 	free(buf);
555 }
556 
557 static char		 return32_status = EINVAL;
558 static uint32_t		 return32_ret = 0x12345678;
559 
560 static void
561 generate_return32_token(const char *directory, const char *token_filename)
562 {
563 	token_t *return32_token;
564 
565 	return32_token = au_to_return32(au_errno_to_bsm(return32_status),
566 	    return32_ret);
567 	if (return32_token == NULL)
568 		err(EX_UNAVAILABLE, "au_to_return32");
569 	write_token(directory, token_filename, return32_token);
570 }
571 
572 static void
573 generate_return32_record(const char *directory, const char *record_filename)
574 {
575 	token_t *return32_token;
576 
577 	return32_token = au_to_return32(au_errno_to_bsm(return32_status),
578 	    return32_ret);
579 	if (return32_token == NULL)
580 		err(EX_UNAVAILABLE, "au_to_return32");
581 	write_record(directory, record_filename, return32_token, AUE_NULL);
582 }
583 
584 static char		*text_token_text = "This is a test.";
585 
586 static void
587 generate_text_token(const char *directory, const char *token_filename)
588 {
589 	token_t *text_token;
590 
591 	text_token = au_to_text(text_token_text);
592 	if (text_token == NULL)
593 		err(EX_UNAVAILABLE, "au_to_text");
594 	write_token(directory, token_filename, text_token);
595 }
596 
597 static void
598 generate_text_record(const char *directory, const char *record_filename)
599 {
600 	token_t *text_token;
601 
602 	text_token = au_to_text(text_token_text);
603 	if (text_token == NULL)
604 		err(EX_UNAVAILABLE, "au_to_text");
605 	write_record(directory, record_filename, text_token, AUE_NULL);
606 }
607 
608 static char		 opaque_token_data[] = {0xaa, 0xbb, 0xcc, 0xdd};
609 static int		 opaque_token_bytes = sizeof(opaque_token_data);
610 
611 static void
612 generate_opaque_token(const char *directory, const char *token_filename)
613 {
614 	token_t *opaque_token;
615 
616 	opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes);
617 	if (opaque_token == NULL)
618 		err(EX_UNAVAILABLE, "au_to_opaque");
619 	write_token(directory, token_filename, opaque_token);
620 }
621 
622 static void
623 generate_opaque_record(const char *directory, const char *record_filename)
624 {
625 	token_t *opaque_token;
626 
627 	opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes);
628 	if (opaque_token == NULL)
629 		err(EX_UNAVAILABLE, "au_to_opaque");
630 	write_record(directory, record_filename, opaque_token, AUE_NULL);
631 }
632 
633 static struct in_addr	 in_addr_token_addr;
634 
635 static void
636 generate_in_addr_token(const char *directory, const char *token_filename)
637 {
638 	token_t *in_addr_token;
639 
640 	in_addr_token_addr.s_addr = inet_addr("192.168.100.15");
641 
642 	in_addr_token = au_to_in_addr(&in_addr_token_addr);
643 	if (in_addr_token == NULL)
644 		err(EX_UNAVAILABLE, "au_to_in_addr");
645 	write_token(directory, token_filename, in_addr_token);
646 }
647 
648 static void
649 generate_in_addr_record(const char *directory, const char *record_filename)
650 {
651 	token_t *in_addr_token;
652 
653 	in_addr_token_addr.s_addr = inet_addr("192.168.100.15");
654 
655 	in_addr_token = au_to_in_addr(&in_addr_token_addr);
656 	if (in_addr_token == NULL)
657 		err(EX_UNAVAILABLE, "au_to_in_addr");
658 	write_record(directory, record_filename, in_addr_token, AUE_NULL);
659 }
660 
661 static struct ip	 ip_token_ip;
662 static u_char		 ip_token_ip_v = 4;
663 static uint16_t		 ip_token_ip_id = 0x5478;
664 static u_char		 ip_token_ip_ttl = 64;
665 static u_char		 ip_token_ip_p = IPPROTO_ICMP;
666 static struct in_addr	 ip_token_ip_src;
667 static struct in_addr	 ip_token_ip_dst;
668 
669 static void
670 generate_ip_token(const char *directory, const char *token_filename)
671 {
672 	token_t *ip_token;
673 
674 	ip_token_ip_src.s_addr = inet_addr("192.168.100.155");
675 	ip_token_ip_dst.s_addr = inet_addr("192.168.110.48");
676 
677 	memset(&ip_token_ip, 0, sizeof(ip_token_ip));
678 	ip_token_ip.ip_v = ip_token_ip_v;
679 	ip_token_ip.ip_len = htons(sizeof(ip_token_ip));
680 	ip_token_ip.ip_id = htons(ip_token_ip_id);
681 	ip_token_ip.ip_ttl = ip_token_ip_ttl;
682 	ip_token_ip.ip_p = ip_token_ip_p;
683 	ip_token_ip.ip_src = ip_token_ip_src;
684 	ip_token_ip.ip_dst = ip_token_ip_dst;
685 
686 	ip_token = au_to_ip(&ip_token_ip);
687 	if (ip_token == NULL)
688 		err(EX_UNAVAILABLE, "au_to_ip");
689 	write_token(directory, token_filename, ip_token);
690 }
691 
692 static void
693 generate_ip_record(const char *directory, const char *record_filename)
694 {
695 	token_t *ip_token;
696 
697 	ip_token_ip_src.s_addr = inet_addr("192.168.100.155");
698 	ip_token_ip_dst.s_addr = inet_addr("192.168.110.48");
699 
700 	memset(&ip_token_ip, 0, sizeof(ip_token_ip));
701 	ip_token_ip.ip_v = ip_token_ip_v;
702 	ip_token_ip.ip_len = htons(sizeof(ip_token_ip));
703 	ip_token_ip.ip_id = htons(ip_token_ip_id);
704 	ip_token_ip.ip_ttl = ip_token_ip_ttl;
705 	ip_token_ip.ip_p = ip_token_ip_p;
706 	ip_token_ip.ip_src = ip_token_ip_src;
707 	ip_token_ip.ip_dst = ip_token_ip_dst;
708 
709 	ip_token = au_to_ip(&ip_token_ip);
710 	if (ip_token == NULL)
711 		err(EX_UNAVAILABLE, "au_to_ip");
712 	write_record(directory, record_filename, ip_token, AUE_NULL);
713 }
714 
715 static u_int16_t		 iport_token_iport;
716 
717 static void
718 generate_iport_token(const char *directory, const char *token_filename)
719 {
720 	token_t *iport_token;
721 
722 	iport_token_iport = htons(80);
723 
724 	iport_token = au_to_iport(iport_token_iport);
725 	if (iport_token == NULL)
726 		err(EX_UNAVAILABLE, "au_to_iport");
727 	write_token(directory, token_filename, iport_token);
728 }
729 
730 static void
731 generate_iport_record(const char *directory, const char *record_filename)
732 {
733 	token_t *iport_token;
734 
735 	iport_token_iport = htons(80);
736 
737 	iport_token = au_to_iport(iport_token_iport);
738 	if (iport_token == NULL)
739 		err(EX_UNAVAILABLE, "au_to_iport");
740 	write_record(directory, record_filename, iport_token, AUE_NULL);
741 }
742 
743 static char	 arg32_token_n = 3;
744 static char	*arg32_token_text = "test_arg32_token";
745 static uint32_t	 arg32_token_v = 0xabcdef00;
746 
747 static void
748 generate_arg32_token(const char *directory, const char *token_filename)
749 {
750 	token_t *arg32_token;
751 
752 	arg32_token = au_to_arg32(arg32_token_n, arg32_token_text,
753 	    arg32_token_v);
754 	if (arg32_token == NULL)
755 		err(EX_UNAVAILABLE, "au_to_arg32");
756 	write_token(directory, token_filename, arg32_token);
757 }
758 
759 static void
760 generate_arg32_record(const char *directory, const char *record_filename)
761 {
762 	token_t *arg32_token;
763 
764 	arg32_token = au_to_arg32(arg32_token_n, arg32_token_text,
765 	    arg32_token_v);
766 	if (arg32_token == NULL)
767 		err(EX_UNAVAILABLE, "au_to_arg32");
768 	write_record(directory, record_filename, arg32_token, AUE_NULL);
769 }
770 
771 static long	 seq_audit_count = 0x12345678;
772 
773 static void
774 generate_seq_token(const char *directory, const char *token_filename)
775 {
776 	token_t *seq_token;
777 
778 	seq_token = au_to_seq(seq_audit_count);
779 	if (seq_token == NULL)
780 		err(EX_UNAVAILABLE, "au_to_seq");
781 	write_token(directory, token_filename, seq_token);
782 }
783 
784 static void
785 generate_seq_record(const char *directory, const char *record_filename)
786 {
787 	token_t *seq_token;
788 
789 	seq_token = au_to_seq(seq_audit_count);
790 	if (seq_token == NULL)
791 		err(EX_UNAVAILABLE, "au_to_seq");
792 	write_record(directory, record_filename, seq_token, AUE_NULL);
793 }
794 
795 #if 0
796 /*
797  * AUT_ACL
798  */
799 
800 static void
801 generate_attr_token(const char *directory, const char *token_filename)
802 {
803 	token_t *attr_token;
804 
805 }
806 
807 static void
808 generate_attr_record(const char *directory, const char *record_filename)
809 {
810 	token_t *attr_token;
811 
812 }
813 
814 static void
815 generate_ipc_perm_token(const char *directory, const char *token_filename)
816 {
817 	token_t *ipc_perm_token;
818 
819 }
820 
821 static void
822 generate_ipc_perm_record(const char *directory, const char *record_filename)
823 {
824 	token_t *ipc_perm_token;
825 
826 }
827 #endif
828 
829 #if 0
830 /*
831  * AUT_LABEL
832  */
833 
834 static void
835 generate_groups_token(const char *directory, const char *token_filename)
836 {
837 	token_t *groups_token;
838 
839 }
840 
841 static void
842 generate_groups_record(const char *directory, const char *record_filename)
843 {
844 	token_t *groups_token;
845 
846 }
847 #endif
848 
849 /*
850  * AUT_ILABEL
851  */
852 
853 /*
854  * AUT_SLABEL
855  */
856 
857 /*
858  * AUT_CLEAR
859  */
860 
861 /*
862  * AUT_PRIV
863  */
864 
865 /*
866  * AUT_UPRIV
867  */
868 
869 /*
870  * AUT_LIAISON
871  */
872 
873 /*
874  * AUT_NEWGROUPS
875  */
876 
877 /*
878  * AUT_EXEC_ARGS
879  */
880 
881 /*
882  * AUT_EXEC_ENV
883  */
884 
885 #if 0
886 static void
887 generate_attr32_token(const char *directory, const char *token_filename)
888 {
889 	token_t *attr32_token;
890 
891 }
892 
893 static void
894 generate_attr32_record(const char *directory, const char *record_filename)
895 {
896 	token_t *attr32_token;
897 
898 }
899 #endif
900 
901 static char	*zonename_sample = "testzone";
902 
903 static void
904 generate_zonename_token(const char *directory, const char *token_filename)
905 {
906 	token_t *zonename_token;
907 
908 	zonename_token = au_to_zonename(zonename_sample);
909 	if (zonename_token == NULL)
910 		err(EX_UNAVAILABLE, "au_to_zonename");
911 	write_token(directory, token_filename, zonename_token);
912 }
913 
914 static void
915 generate_zonename_record(const char *directory, const char *record_filename)
916 {
917 	token_t *zonename_token;
918 
919 	zonename_token = au_to_zonename(zonename_sample);
920 	if (zonename_token == NULL)
921 		err(EX_UNAVAILABLE, "au_to_zonename");
922 	write_record(directory, record_filename, zonename_token, AUE_NULL);
923 }
924 
925 static u_short socketex_domain = PF_INET;
926 static u_short socketex_type = SOCK_STREAM;
927 static struct sockaddr_in socketex_laddr, socketex_raddr;
928 
929 static void
930 generate_socketex_token(const char *directory, const char *token_filename)
931 {
932 	token_t *socketex_token;
933 
934 	bzero(&socketex_laddr, sizeof(socketex_laddr));
935 	socketex_laddr.sin_family = AF_INET;
936 	socketex_laddr.sin_len = sizeof(socketex_laddr);
937 	socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
938 
939 	bzero(&socketex_raddr, sizeof(socketex_raddr));
940 	socketex_raddr.sin_family = AF_INET;
941 	socketex_raddr.sin_len = sizeof(socketex_raddr);
942 	socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
943 
944 	socketex_token = au_to_socket_ex(au_domain_to_bsm(socketex_domain),
945 	    au_socket_type_to_bsm(socketex_type),
946 	    (struct sockaddr *)&socketex_laddr,
947 	    (struct sockaddr *)&socketex_raddr);
948 	if (socketex_token == NULL)
949 		err(EX_UNAVAILABLE, "au_to_socket_ex");
950 	write_token(directory, token_filename, socketex_token);
951 }
952 
953 static void
954 generate_socketex_record(const char *directory, const char *record_filename)
955 {
956 	token_t *socketex_token;
957 
958 	bzero(&socketex_laddr, sizeof(socketex_laddr));
959 	socketex_laddr.sin_family = AF_INET;
960 	socketex_laddr.sin_len = sizeof(socketex_laddr);
961 	socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
962 
963 	bzero(&socketex_raddr, sizeof(socketex_raddr));
964 	socketex_raddr.sin_family = AF_INET;
965 	socketex_raddr.sin_len = sizeof(socketex_raddr);
966 	socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
967 
968 	socketex_token = au_to_socket_ex(au_domain_to_bsm(socketex_domain),
969 	    au_socket_type_to_bsm(socketex_type),
970 	    (struct sockaddr *)&socketex_laddr,
971 	    (struct sockaddr *)&socketex_raddr);
972 	if (socketex_token == NULL)
973 		err(EX_UNAVAILABLE, "au_to_socket_ex");
974 	write_record(directory, record_filename, socketex_token, AUE_NULL);
975 }
976 
977 /*
978  * Generate a series of error-number specific return tokens in records.
979  */
980 static void
981 generate_error_record(const char *directory, const char *filename, int error)
982 {
983 	char pathname[PATH_MAX];
984 	token_t *return32_token;
985 
986 	return32_token = au_to_return32(au_errno_to_bsm(error), -1);
987 	if (return32_token == NULL)
988 		err(EX_UNAVAILABLE, "au_to_return32");
989 	(void)snprintf(pathname, PATH_MAX, "%s_record", filename);
990 	write_record(directory, pathname, return32_token, AUE_NULL);
991 }
992 
993 /*
994  * Not all the error numbers, just a few present on all platforms for now.
995  */
996 const struct {
997 	int error_number;
998 	const char *error_name;
999 } error_list[] = {
1000 	{ EPERM, "EPERM" },
1001 	{ ENOENT, "ENOENT" },
1002 	{ ESRCH, "ESRCH" },
1003 	{ EINTR, "EINTR" },
1004 	{ EIO, "EIO" },
1005 	{ ENXIO, "ENXIO" },
1006 	{ E2BIG, "E2BIG" },
1007 	{ ENOEXEC, "ENOEXEC" },
1008 	{ EBADF, "EBADF" },
1009 	{ ECHILD, "ECHILD" },
1010 	{ EDEADLK, "EDEADLK" },
1011 	{ ENOMEM, "ENOMEM" },
1012 	{ EACCES, "EACCES" },
1013 	{ EFAULT, "EFAULT" },
1014 	{ ENOTBLK, "ENOTBLK" },
1015 	{ EBUSY, "EBUSY" },
1016 	{ EEXIST, "EEXIST" },
1017 	{ EXDEV, "EXDEV" },
1018 	{ ENODEV, "ENODEV" },
1019 	{ ENOTDIR, "ENOTDIR" },
1020 	{ EISDIR, "EISDIR" },
1021 	{ EINVAL, "EINVAL" },
1022 	{ ENFILE, "ENFILE" },
1023 	{ EMFILE, "EMFILE" },
1024 	{ ENOTTY, "ENOTTY" },
1025 	{ ETXTBSY, "ETXTBSY" },
1026 	{ EFBIG, "EFBIG" },
1027 	{ ENOSPC, "ENOSPC" },
1028 	{ ESPIPE, "ESPIPE" },
1029 	{ EROFS, "EROFS" },
1030 	{ EMLINK, "EMLINK" },
1031 	{ EPIPE, "EPIPE" }
1032 };
1033 const int error_list_count = sizeof(error_list)/sizeof(error_list[0]);
1034 
1035 static void
1036 do_error_records(const char *directory)
1037 {
1038 	int i;
1039 
1040 	for (i = 0; i < error_list_count; i++)
1041 		generate_error_record(directory, error_list[i].error_name,
1042 		    error_list[i].error_number);
1043 }
1044 
1045 int
1046 main(int argc, char *argv[])
1047 {
1048 	const char *directory;
1049 	int ch;
1050 
1051 	while ((ch = getopt(argc, argv, "rt")) != -1) {
1052 		switch (ch) {
1053 		case 'r':
1054 			do_records++;
1055 			break;
1056 
1057 		case 't':
1058 			do_tokens++;
1059 			break;
1060 
1061 		default:
1062 			usage();
1063 		}
1064 	}
1065 
1066 	argc -= optind;
1067 	argv += optind;
1068 
1069 	if (argc != 1)
1070 		usage();
1071 
1072 	directory = argv[0];
1073 
1074 	if (mkdir(directory, 0755) < 0 && errno != EEXIST)
1075 		err(EX_OSERR, "mkdir: %s", directory);
1076 
1077 	if (do_tokens) {
1078 		generate_file_token(directory, "file_token");
1079 		generate_trailer_token(directory, "trailer_token");
1080 		generate_header32_token(directory, "header32_token");
1081 		generate_data_token(directory, "data_token");
1082 		generate_ipc_token(directory, "ipc_token");
1083 		generate_path_token(directory, "path_token");
1084 		generate_subject32_token(directory, "subject32_token");
1085 		generate_subject32ex_token(directory, "subject32ex_token",
1086 		    AU_IPv4);
1087 		generate_subject32ex_token(directory, "subject32ex_token",
1088 		    AU_IPv6);
1089 		generate_process32_token(directory, "process32_token");
1090 		generate_process32ex_token(directory, "process32ex_token",
1091 		    AU_IPv4);
1092 		generate_process32ex_token(directory, "process32ex_token",
1093 		    AU_IPv6);
1094 		generate_process64_token(directory, "process64_token");
1095 		generate_process64ex_token(directory, "process64ex_token",
1096 		    AU_IPv4);
1097 		generate_process64ex_token(directory, "process64ex_token",
1098 		    AU_IPv6);
1099 		generate_return32_token(directory, "return32_token");
1100 		generate_text_token(directory, "text_token");
1101 		generate_opaque_token(directory, "opaque_token");
1102 		generate_in_addr_token(directory, "in_addr_token");
1103 		generate_ip_token(directory, "ip_token");
1104 		generate_iport_token(directory, "iport_token");
1105 		generate_arg32_token(directory, "arg32_token");
1106 		generate_seq_token(directory, "seq_token");
1107 #if 0
1108 		generate_attr_token(directory,  "attr_token");
1109 		generate_ipc_perm_token(directory, "ipc_perm_token");
1110 		generate_groups_token(directory, "groups_token");
1111 		generate_attr32_token(directory, "attr32_token");
1112 #endif
1113 		generate_zonename_token(directory, "zonename_token");
1114 		generate_socketex_token(directory, "socketex_token");
1115 	}
1116 
1117 	if (do_records) {
1118 		generate_file_record(directory, "file_record");
1119 		generate_data_record(directory, "data_record");
1120 		generate_ipc_record(directory, "ipc_record");
1121 		generate_path_record(directory, "path_record");
1122 		generate_subject32_record(directory, "subject32_record");
1123 		generate_subject32ex_record(directory, "subject32ex_record",
1124 		    AU_IPv4);
1125 		generate_subject32ex_record(directory, "subject32ex_record",
1126 		    AU_IPv6);
1127 		generate_process32_record(directory, "process32_record");
1128 		generate_process32ex_record(directory, "process32ex_record",
1129 		    AU_IPv4);
1130 		generate_process32ex_record(directory, "process32ex_record",
1131 		    AU_IPv6);
1132 		generate_process64_record(directory, "process64_record");
1133 		generate_process64ex_record(directory, "process64ex_record",
1134 		    AU_IPv4);
1135 		generate_process64ex_record(directory, "process64ex_record",
1136 		    AU_IPv6);
1137 		generate_return32_record(directory, "return32_record");
1138 		generate_text_record(directory, "text_record");
1139 		generate_opaque_record(directory, "opaque_record");
1140 		generate_in_addr_record(directory, "in_addr_record");
1141 		generate_ip_record(directory, "ip_record");
1142 		generate_iport_record(directory, "iport_record");
1143 		generate_arg32_record(directory, "arg32_record");
1144 		generate_seq_record(directory, "seq_record");
1145 #if 0
1146 		generate_attr_record(directory,  "attr_record");
1147 		generate_ipc_perm_record(directory, "ipc_perm_record");
1148 		generate_groups_record(directory, "groups_record");
1149 		generate_attr32_record(directory, "attr32_record");
1150 #endif
1151 		generate_zonename_record(directory, "zonename_record");
1152 		generate_socketex_record(directory, "socketex_record");
1153 		do_error_records(directory);
1154 	}
1155 
1156 	return (0);
1157 }
1158