xref: /freebsd/contrib/openbsm/test/bsm/generate.c (revision 9162f64b58d01ec01481d60b6cdc06ffd8e8c7fc)
1 /*-
2  * Copyright (c) 2006-2007 Robert N. M. Watson
3  * Copyright (c) 2008 Apple Inc.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  *
27  * $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#12 $
28  */
29 
30 /*
31  * Generate a series of BSM token samples in the requested directory.
32  */
33 
34 #include <sys/types.h>
35 #include <sys/socket.h>
36 #include <sys/stat.h>
37 
38 #include <netinet/in.h>
39 #include <netinet/in_systm.h>
40 #include <netinet/ip.h>
41 
42 #include <arpa/inet.h>
43 
44 #include <bsm/audit_kevents.h>
45 #include <bsm/libbsm.h>
46 
47 #include <err.h>
48 #include <errno.h>
49 #include <fcntl.h>
50 #include <limits.h>
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <string.h>
54 #include <sysexits.h>
55 #include <unistd.h>
56 
57 static int	do_records, do_tokens;
58 
59 static void
60 usage(void)
61 {
62 
63 	fprintf(stderr, "generate [-rt] path\n");
64 	exit(EX_USAGE);
65 }
66 
67 static int
68 open_file(const char *directory, const char *name)
69 {
70 	char pathname[PATH_MAX];
71 	int fd;
72 
73 	snprintf(pathname, PATH_MAX, "%s/%s", directory, name);
74 	(void)unlink(pathname);
75 	fd = open(pathname, O_WRONLY | O_CREAT | O_EXCL, 0600);
76 	if (fd < 0)
77 		err(EX_CANTCREAT, "open: %s", name);
78 	return (fd);
79 }
80 
81 static void
82 write_file(int fd, void *buffer, size_t buflen, const char *filename)
83 {
84 	ssize_t len;
85 
86 	len = write(fd, buffer, buflen);
87 	if (len < 0)
88 		err(EX_OSERR, "write_file: %s", filename);
89 	if (len < buflen)
90 		err(EX_OSERR, "write_file: short write: %s", filename);
91 }
92 
93 /*
94  * Write a single token to a file.
95  */
96 static void
97 write_token(const char *directory, const char *filename, token_t *tok)
98 {
99 	u_char buffer[MAX_AUDIT_RECORD_SIZE];
100 	size_t buflen;
101 	int fd;
102 
103 	buflen = MAX_AUDIT_RECORD_SIZE;
104 	if (au_close_token(tok, buffer, &buflen) < 0)
105 		err(EX_UNAVAILABLE, "au_close_token");
106 	fd = open_file(directory, filename);
107 	write_file(fd, buffer, buflen, filename);
108 	close(fd);
109 }
110 
111 /*
112  * Write a token to a file, wrapped in audit record header and trailer.
113  */
114 static void
115 write_record(const char *directory, const char *filename, token_t *tok,
116     short event)
117 {
118 	u_char buffer[MAX_AUDIT_RECORD_SIZE];
119 	size_t buflen;
120 	int au, fd;
121 
122 	au = au_open();
123 	if (au < 0)
124 		err(EX_UNAVAILABLE, "au_open");
125 	if (au_write(au, tok) < 0)
126 		err(EX_UNAVAILABLE, "au_write");
127 	buflen = MAX_AUDIT_RECORD_SIZE;
128 	if (au_close_buffer(au, event, buffer, &buflen) < 0)
129 		err(EX_UNAVAILABLE, "au_close_buffer");
130 	fd = open_file(directory, filename);
131 	write_file(fd, buffer, buflen, filename);
132 	close(fd);
133 }
134 
135 static struct timeval	 file_token_timeval = { 0x12345, 0x67890} ;
136 
137 static void
138 generate_file_token(const char *directory, const char *token_filename)
139 {
140 	token_t *file_token;
141 
142 	file_token = au_to_file("test", file_token_timeval);
143 	if (file_token == NULL)
144 		err(EX_UNAVAILABLE, "au_to_file");
145 	write_token(directory, token_filename, file_token);
146 }
147 
148 static void
149 generate_file_record(const char *directory, const char *record_filename)
150 {
151 	token_t *file_token;
152 
153 	file_token = au_to_file("test", file_token_timeval);
154 	if (file_token == NULL)
155 		err(EX_UNAVAILABLE, "au_to_file");
156 	write_record(directory, record_filename, file_token, AUE_NULL);
157 }
158 
159 /*
160  * AUT_OHEADER
161  */
162 
163 static int		 trailer_token_len = 0x12345678;
164 
165 static void
166 generate_trailer_token(const char *directory, const char *token_filename)
167 {
168 	token_t *trailer_token;
169 
170 	trailer_token = au_to_trailer(trailer_token_len);
171 	if (trailer_token == NULL)
172 		err(EX_UNAVAILABLE, "au_to_trailer");
173 	write_token(directory, token_filename, trailer_token);
174 }
175 
176 static int		 header32_token_len = 0x12345678;
177 static au_event_t	 header32_e_type = AUE_OPEN;
178 static au_emod_t	 header32_e_mod = 0x4567;
179 static struct timeval	 header32_tm = { 0x12345, 0x67890 };
180 
181 static void
182 generate_header32_token(const char *directory, const char *token_filename)
183 {
184 	token_t *header32_token;
185 
186 	header32_token = au_to_header32_tm(header32_token_len,
187 	    header32_e_type, header32_e_mod, header32_tm);
188 	if (header32_token == NULL)
189 		err(EX_UNAVAILABLE, "au_to_header32");
190 	write_token(directory, token_filename, header32_token);
191 }
192 
193 /*
194  * AUT_HEADER32_EX
195  */
196 
197 static char		 data_token_unit_print = AUP_STRING;
198 static char		 data_token_unit_type = AUR_CHAR;
199 static char		*data_token_data = "SomeData";
200 static char		 data_token_unit_count = sizeof("SomeData") + 1;
201 
202 static void
203 generate_data_token(const char *directory, const char *token_filename)
204 {
205 	token_t *data_token;
206 
207 	data_token = au_to_data(data_token_unit_print, data_token_unit_type,
208 	    data_token_unit_count, data_token_data);
209 	if (data_token == NULL)
210 		err(EX_UNAVAILABLE, "au_to_data");
211 	write_token(directory, token_filename, data_token);
212 }
213 
214 static void
215 generate_data_record(const char *directory, const char *record_filename)
216 {
217 	token_t *data_token;
218 
219 	data_token = au_to_data(data_token_unit_print, data_token_unit_type,
220 	    data_token_unit_count, data_token_data);
221 	if (data_token == NULL)
222 		err(EX_UNAVAILABLE, "au_to_data");
223 	write_record(directory, record_filename, data_token, AUE_NULL);
224 }
225 
226 static char		 ipc_type = AT_IPC_MSG;
227 static int		 ipc_id = 0x12345678;
228 
229 static void
230 generate_ipc_token(const char *directory, const char *token_filename)
231 {
232 	token_t *ipc_token;
233 
234 	ipc_token = au_to_ipc(ipc_type, ipc_id);
235 	if (ipc_token == NULL)
236 		err(EX_UNAVAILABLE, "au_to_ipc");
237 	write_token(directory, token_filename, ipc_token);
238 }
239 
240 static void
241 generate_ipc_record(const char *directory, const char *record_filename)
242 {
243 	token_t *ipc_token;
244 
245 	ipc_token = au_to_ipc(ipc_type, ipc_id);
246 	if (ipc_token == NULL)
247 		err(EX_UNAVAILABLE, "au_to_ipc");
248 	write_record(directory, record_filename, ipc_token, AUE_NULL);
249 }
250 
251 static char		*path_token_path = "/test/this/is/a/test";
252 
253 static void
254 generate_path_token(const char *directory, const char *token_filename)
255 {
256 	token_t *path_token;
257 
258 	path_token = au_to_path(path_token_path);
259 	if (path_token == NULL)
260 		err(EX_UNAVAILABLE, "au_to_path");
261 	write_token(directory, token_filename, path_token);
262 }
263 
264 static void
265 generate_path_record(const char *directory, const char *record_filename)
266 {
267 	token_t *path_token;
268 
269 	path_token = au_to_path(path_token_path);
270 	if (path_token == NULL)
271 		err(EX_UNAVAILABLE, "au_to_path");
272 	write_record(directory, record_filename, path_token, AUE_NULL);
273 }
274 
275 static au_id_t		 subject32_auid = 0x12345678;
276 static uid_t		 subject32_euid = 0x01234567;
277 static gid_t		 subject32_egid = 0x23456789;
278 static uid_t		 subject32_ruid = 0x98765432;
279 static gid_t		 subject32_rgid = 0x09876543;
280 static pid_t		 subject32_pid = 0x13243546;
281 static au_asid_t	 subject32_sid = 0x97867564;
282 static au_tid_t		 subject32_tid = { 0x16593746 };
283 static au_tid_addr_t	 subject32_tid_addr = { 0x16593746 };
284 
285 static void
286 generate_subject32_token(const char *directory, const char *token_filename)
287 {
288 	token_t *subject32_token;
289 
290 	subject32_tid.machine = inet_addr("127.0.0.1");
291 
292 	subject32_token = au_to_subject32(subject32_auid, subject32_euid,
293 	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
294 	    subject32_sid, &subject32_tid);
295 	if (subject32_token == NULL)
296 		err(EX_UNAVAILABLE, "au_to_subject32");
297 	write_token(directory, token_filename, subject32_token);
298 }
299 
300 static void
301 generate_subject32_record(const char *directory, const char *record_filename)
302 {
303 	token_t *subject32_token;
304 
305 	subject32_tid.machine = inet_addr("127.0.0.1");
306 
307 	subject32_token = au_to_subject32(subject32_auid, subject32_euid,
308 	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
309 	    subject32_sid, &subject32_tid);
310 	if (subject32_token == NULL)
311 		err(EX_UNAVAILABLE, "au_to_subject32");
312 	write_record(directory, record_filename, subject32_token, AUE_NULL);
313 }
314 
315 static void
316 generate_subject32ex_token(const char *directory, const char *token_filename,
317     u_int32_t type)
318 {
319 	token_t *subject32ex_token;
320 	char *buf;
321 
322 	buf = (char *)malloc(strlen(token_filename) + 6);
323 	if (type == AU_IPv6) {
324 		inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr);
325 		subject32_tid_addr.at_type = AU_IPv6;
326 		sprintf(buf, "%s%s", token_filename, "-IPv6");
327 	} else {
328 		subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
329 		subject32_tid_addr.at_type = AU_IPv4;
330 		sprintf(buf, "%s%s", token_filename, "-IPv4");
331 	}
332 
333 	subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid,
334 	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
335 	    subject32_sid, &subject32_tid_addr);
336 	if (subject32ex_token == NULL)
337 		err(EX_UNAVAILABLE, "au_to_subject32_ex");
338 	write_token(directory, buf, subject32ex_token);
339 	free(buf);
340 }
341 
342 static void
343 generate_subject32ex_record(const char *directory, const char *record_filename,
344     u_int32_t type)
345 {
346 	token_t *subject32ex_token;
347 	char *buf;
348 
349 	buf = (char *)malloc(strlen(record_filename) + 6);
350 	if (type == AU_IPv6) {
351 		inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr);
352 		subject32_tid_addr.at_type = AU_IPv6;
353 		sprintf(buf, "%s%s", record_filename, "-IPv6");
354 	} else {
355 		subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
356 		subject32_tid_addr.at_type = AU_IPv4;
357 		sprintf(buf, "%s%s", record_filename, "-IPv4");
358 	}
359 
360 	subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid,
361 	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
362 	    subject32_sid, &subject32_tid_addr);
363 	if (subject32ex_token == NULL)
364 		err(EX_UNAVAILABLE, "au_to_subject32_ex");
365 	write_record(directory, record_filename, subject32ex_token, AUE_NULL);
366 	free(buf);
367 }
368 
369 static au_id_t		 process32_auid = 0x12345678;
370 static uid_t		 process32_euid = 0x01234567;
371 static gid_t		 process32_egid = 0x23456789;
372 static uid_t		 process32_ruid = 0x98765432;
373 static gid_t		 process32_rgid = 0x09876543;
374 static pid_t		 process32_pid = 0x13243546;
375 static au_asid_t	 process32_sid = 0x97867564;
376 static au_tid_t		 process32_tid = { 0x16593746 };
377 static au_tid_addr_t	 process32_tid_addr = { 0x16593746 };
378 
379 static void
380 generate_process32_token(const char *directory, const char *token_filename)
381 {
382 	token_t *process32_token;
383 
384 	process32_tid.machine = inet_addr("127.0.0.1");
385 
386 	process32_token = au_to_process32(process32_auid, process32_euid,
387 	    process32_egid, process32_ruid, process32_rgid, process32_pid,
388 	    process32_sid, &process32_tid);
389 	if (process32_token == NULL)
390 		err(EX_UNAVAILABLE, "au_to_process32");
391 	write_token(directory, token_filename, process32_token);
392 }
393 
394 static void
395 generate_process32_record(const char *directory, const char *record_filename)
396 {
397 	token_t *process32_token;
398 
399 	process32_tid.machine = inet_addr("127.0.0.1");
400 
401 	process32_token = au_to_process32(process32_auid, process32_euid,
402 	    process32_egid, process32_ruid, process32_rgid, process32_pid,
403 	    process32_sid, &process32_tid);
404 	if (process32_token == NULL)
405 		err(EX_UNAVAILABLE, "au_ti_process32");
406 	write_record(directory, record_filename, process32_token, AUE_NULL);
407 }
408 
409 static void
410 generate_process32ex_token(const char *directory, const char *token_filename,
411     u_int32_t type)
412 {
413 	token_t *process32ex_token;
414 	char *buf;
415 
416 	buf = (char *)malloc(strlen(token_filename) + 6);
417 	if (type == AU_IPv6) {
418 		inet_pton(AF_INET6, "fe80::1", process32_tid_addr.at_addr);
419 		process32_tid_addr.at_type = AU_IPv6;
420 		sprintf(buf, "%s%s", token_filename, "-IPv6");
421 	} else {
422 		process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
423 		process32_tid_addr.at_type = AU_IPv4;
424 		sprintf(buf, "%s%s", token_filename, "-IPv4");
425 	}
426 
427 	process32ex_token = au_to_process32_ex(process32_auid, process32_euid,
428 	    process32_egid, process32_ruid, process32_rgid, process32_pid,
429 	    process32_sid, &process32_tid_addr);
430 	if (process32ex_token == NULL)
431 		err(EX_UNAVAILABLE, "au_to_process32_ex");
432 	write_token(directory, buf, process32ex_token);
433 	free(buf);
434 }
435 
436 static void
437 generate_process32ex_record(const char *directory, const char *record_filename,
438     u_int32_t type)
439 {
440 	token_t *process32ex_token;
441 	char *buf;
442 
443 	buf = (char *)malloc(strlen(record_filename) + 6);
444 	if (type == AU_IPv6) {
445 		inet_pton(AF_INET6, "fe80::1", process32_tid_addr.at_addr);
446 		process32_tid_addr.at_type = AU_IPv6;
447 		sprintf(buf, "%s%s", record_filename, "-IPv6");
448 	} else {
449 		process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
450 		process32_tid_addr.at_type = AU_IPv4;
451 		sprintf(buf, "%s%s", record_filename, "-IPv4");
452 	}
453 
454 	process32ex_token = au_to_process32_ex(process32_auid, process32_euid,
455 	    process32_egid, process32_ruid, process32_rgid, process32_pid,
456 	    process32_sid, &process32_tid_addr);
457 	if (process32ex_token == NULL)
458 		err(EX_UNAVAILABLE, "au_to_process32_ex");
459 	write_record(directory, buf, process32ex_token, AUE_NULL);
460 	free(buf);
461 }
462 
463 static au_id_t		 process64_auid = 0x12345678;
464 static uid_t		 process64_euid = 0x01234567;
465 static gid_t		 process64_egid = 0x23456789;
466 static uid_t		 process64_ruid = 0x98765432;
467 static gid_t		 process64_rgid = 0x09876543;
468 static pid_t		 process64_pid = 0x13243546;
469 static au_asid_t	 process64_sid = 0x97867564;
470 static au_tid_t		 process64_tid = { 0x16593746 };
471 static au_tid_addr_t	 process64_tid_addr = { 0x16593746 };
472 
473 static void
474 generate_process64_token(const char *directory, const char *token_filename)
475 {
476 	token_t *process64_token;
477 
478 	process64_tid.machine = inet_addr("127.0.0.1");
479 
480 	process64_token = au_to_process64(process64_auid, process64_euid,
481 	    process64_egid, process64_ruid, process64_rgid, process64_pid,
482 	    process64_sid, &process64_tid);
483 	if (process64_token == NULL)
484 		err(EX_UNAVAILABLE, "au_to_process64");
485 	write_token(directory, token_filename, process64_token);
486 }
487 
488 static void
489 generate_process64_record(const char *directory, const char *record_filename)
490 {
491 	token_t *process64_token;
492 
493 	process64_tid.machine = inet_addr("127.0.0.1");
494 
495 	process64_token = au_to_process64(process64_auid, process64_euid,
496 	    process64_egid, process64_ruid, process64_rgid, process64_pid,
497 	    process64_sid, &process64_tid);
498 	if (process64_token == NULL)
499 		err(EX_UNAVAILABLE, "au_ti_process64");
500 	write_record(directory, record_filename, process64_token, AUE_NULL);
501 }
502 
503 static void
504 generate_process64ex_token(const char *directory, const char *token_filename,
505     u_int32_t type)
506 {
507 	token_t *process64ex_token;
508 	char *buf;
509 
510 	buf = (char *)malloc(strlen(token_filename) + 6);
511 	if (type == AU_IPv6) {
512 		inet_pton(AF_INET6, "fe80::1", process64_tid_addr.at_addr);
513 		process64_tid_addr.at_type = AU_IPv6;
514 		sprintf(buf, "%s%s", token_filename, "-IPv6");
515 	} else {
516 		process64_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
517 		process64_tid_addr.at_type = AU_IPv4;
518 		sprintf(buf, "%s%s", token_filename, "-IPv4");
519 	}
520 
521 	process64ex_token = au_to_process64_ex(process64_auid, process64_euid,
522 	    process64_egid, process64_ruid, process64_rgid, process64_pid,
523 	    process64_sid, &process64_tid_addr);
524 	if (process64ex_token == NULL)
525 		err(EX_UNAVAILABLE, "au_to_process64_ex");
526 	write_token(directory, buf, process64ex_token);
527 	free(buf);
528 }
529 
530 static void
531 generate_process64ex_record(const char *directory, const char *record_filename,
532     u_int32_t type)
533 {
534 	token_t *process64ex_token;
535 	char *buf;
536 
537 	buf = (char *)malloc(strlen(record_filename) + 6);
538 	if (type == AU_IPv6) {
539 		inet_pton(AF_INET6, "fe80::1", process64_tid_addr.at_addr);
540 		process64_tid_addr.at_type = AU_IPv6;
541 		sprintf(buf, "%s%s", record_filename, "-IPv6");
542 	} else {
543 		process64_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
544 		process64_tid_addr.at_type = AU_IPv4;
545 		sprintf(buf, "%s%s", record_filename, "-IPv4");
546 	}
547 
548 	process64ex_token = au_to_process64_ex(process64_auid, process64_euid,
549 	    process64_egid, process64_ruid, process64_rgid, process64_pid,
550 	    process64_sid, &process64_tid_addr);
551 	if (process64ex_token == NULL)
552 		err(EX_UNAVAILABLE, "au_to_process64_ex");
553 	write_record(directory, buf, process64ex_token, AUE_NULL);
554 	free(buf);
555 }
556 
557 static char		 return32_status = EINVAL;
558 static uint32_t		 return32_ret = 0x12345678;
559 
560 static void
561 generate_return32_token(const char *directory, const char *token_filename)
562 {
563 	token_t *return32_token;
564 
565 	return32_token = au_to_return32(au_errno_to_bsm(return32_status),
566 	    return32_ret);
567 	if (return32_token == NULL)
568 		err(EX_UNAVAILABLE, "au_to_return32");
569 	write_token(directory, token_filename, return32_token);
570 }
571 
572 static void
573 generate_return32_record(const char *directory, const char *record_filename)
574 {
575 	token_t *return32_token;
576 
577 	return32_token = au_to_return32(au_errno_to_bsm(return32_status),
578 	    return32_ret);
579 	if (return32_token == NULL)
580 		err(EX_UNAVAILABLE, "au_to_return32");
581 	write_record(directory, record_filename, return32_token, AUE_NULL);
582 }
583 
584 static char		*text_token_text = "This is a test.";
585 
586 static void
587 generate_text_token(const char *directory, const char *token_filename)
588 {
589 	token_t *text_token;
590 
591 	text_token = au_to_text(text_token_text);
592 	if (text_token == NULL)
593 		err(EX_UNAVAILABLE, "au_to_text");
594 	write_token(directory, token_filename, text_token);
595 }
596 
597 static void
598 generate_text_record(const char *directory, const char *record_filename)
599 {
600 	token_t *text_token;
601 
602 	text_token = au_to_text(text_token_text);
603 	if (text_token == NULL)
604 		err(EX_UNAVAILABLE, "au_to_text");
605 	write_record(directory, record_filename, text_token, AUE_NULL);
606 }
607 
608 static char		 opaque_token_data[] = {0xaa, 0xbb, 0xcc, 0xdd};
609 static int		 opaque_token_bytes = sizeof(opaque_token_data);
610 
611 static void
612 generate_opaque_token(const char *directory, const char *token_filename)
613 {
614 	token_t *opaque_token;
615 
616 	opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes);
617 	if (opaque_token == NULL)
618 		err(EX_UNAVAILABLE, "au_to_opaque");
619 	write_token(directory, token_filename, opaque_token);
620 }
621 
622 static void
623 generate_opaque_record(const char *directory, const char *record_filename)
624 {
625 	token_t *opaque_token;
626 
627 	opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes);
628 	if (opaque_token == NULL)
629 		err(EX_UNAVAILABLE, "au_to_opaque");
630 	write_record(directory, record_filename, opaque_token, AUE_NULL);
631 }
632 
633 static struct in_addr	 in_addr_token_addr;
634 
635 static void
636 generate_in_addr_token(const char *directory, const char *token_filename)
637 {
638 	token_t *in_addr_token;
639 
640 	in_addr_token_addr.s_addr = inet_addr("192.168.100.15");
641 
642 	in_addr_token = au_to_in_addr(&in_addr_token_addr);
643 	if (in_addr_token == NULL)
644 		err(EX_UNAVAILABLE, "au_to_in_addr");
645 	write_token(directory, token_filename, in_addr_token);
646 }
647 
648 static void
649 generate_in_addr_record(const char *directory, const char *record_filename)
650 {
651 	token_t *in_addr_token;
652 
653 	in_addr_token_addr.s_addr = inet_addr("192.168.100.15");
654 
655 	in_addr_token = au_to_in_addr(&in_addr_token_addr);
656 	if (in_addr_token == NULL)
657 		err(EX_UNAVAILABLE, "au_to_in_addr");
658 	write_record(directory, record_filename, in_addr_token, AUE_NULL);
659 }
660 
661 static struct ip	 ip_token_ip;
662 static u_char		 ip_token_ip_v = 4;
663 static uint16_t		 ip_token_ip_id = 0x5478;
664 static u_char		 ip_token_ip_ttl = 64;
665 static u_char		 ip_token_ip_p = IPPROTO_ICMP;
666 static struct in_addr	 ip_token_ip_src;
667 static struct in_addr	 ip_token_ip_dst;
668 
669 static void
670 generate_ip_token(const char *directory, const char *token_filename)
671 {
672 	token_t *ip_token;
673 
674 	ip_token_ip_src.s_addr = inet_addr("192.168.100.155");
675 	ip_token_ip_dst.s_addr = inet_addr("192.168.110.48");
676 
677 	memset(&ip_token_ip, 0, sizeof(ip_token_ip));
678 	ip_token_ip.ip_v = ip_token_ip_v;
679 	ip_token_ip.ip_len = htons(sizeof(ip_token_ip));
680 	ip_token_ip.ip_id = htons(ip_token_ip_id);
681 	ip_token_ip.ip_ttl = ip_token_ip_ttl;
682 	ip_token_ip.ip_p = ip_token_ip_p;
683 	ip_token_ip.ip_src = ip_token_ip_src;
684 	ip_token_ip.ip_dst = ip_token_ip_dst;
685 
686 	ip_token = au_to_ip(&ip_token_ip);
687 	if (ip_token == NULL)
688 		err(EX_UNAVAILABLE, "au_to_ip");
689 	write_token(directory, token_filename, ip_token);
690 }
691 
692 static void
693 generate_ip_record(const char *directory, const char *record_filename)
694 {
695 	token_t *ip_token;
696 
697 	ip_token_ip_src.s_addr = inet_addr("192.168.100.155");
698 	ip_token_ip_dst.s_addr = inet_addr("192.168.110.48");
699 
700 	memset(&ip_token_ip, 0, sizeof(ip_token_ip));
701 	ip_token_ip.ip_v = ip_token_ip_v;
702 	ip_token_ip.ip_len = htons(sizeof(ip_token_ip));
703 	ip_token_ip.ip_id = htons(ip_token_ip_id);
704 	ip_token_ip.ip_ttl = ip_token_ip_ttl;
705 	ip_token_ip.ip_p = ip_token_ip_p;
706 	ip_token_ip.ip_src = ip_token_ip_src;
707 	ip_token_ip.ip_dst = ip_token_ip_dst;
708 
709 	ip_token = au_to_ip(&ip_token_ip);
710 	if (ip_token == NULL)
711 		err(EX_UNAVAILABLE, "au_to_ip");
712 	write_record(directory, record_filename, ip_token, AUE_NULL);
713 }
714 
715 static u_int16_t		 iport_token_iport;
716 
717 static void
718 generate_iport_token(const char *directory, const char *token_filename)
719 {
720 	token_t *iport_token;
721 
722 	iport_token_iport = htons(80);
723 
724 	iport_token = au_to_iport(iport_token_iport);
725 	if (iport_token == NULL)
726 		err(EX_UNAVAILABLE, "au_to_iport");
727 	write_token(directory, token_filename, iport_token);
728 }
729 
730 static void
731 generate_iport_record(const char *directory, const char *record_filename)
732 {
733 	token_t *iport_token;
734 
735 	iport_token_iport = htons(80);
736 
737 	iport_token = au_to_iport(iport_token_iport);
738 	if (iport_token == NULL)
739 		err(EX_UNAVAILABLE, "au_to_iport");
740 	write_record(directory, record_filename, iport_token, AUE_NULL);
741 }
742 
743 static char	 arg32_token_n = 3;
744 static char	*arg32_token_text = "test_arg32_token";
745 static uint32_t	 arg32_token_v = 0xabcdef00;
746 
747 static void
748 generate_arg32_token(const char *directory, const char *token_filename)
749 {
750 	token_t *arg32_token;
751 
752 	arg32_token = au_to_arg32(arg32_token_n, arg32_token_text,
753 	    arg32_token_v);
754 	if (arg32_token == NULL)
755 		err(EX_UNAVAILABLE, "au_to_arg32");
756 	write_token(directory, token_filename, arg32_token);
757 }
758 
759 static void
760 generate_arg32_record(const char *directory, const char *record_filename)
761 {
762 	token_t *arg32_token;
763 
764 	arg32_token = au_to_arg32(arg32_token_n, arg32_token_text,
765 	    arg32_token_v);
766 	if (arg32_token == NULL)
767 		err(EX_UNAVAILABLE, "au_to_arg32");
768 	write_record(directory, record_filename, arg32_token, AUE_NULL);
769 }
770 
771 static long	 seq_audit_count = 0x12345678;
772 
773 static void
774 generate_seq_token(const char *directory, const char *token_filename)
775 {
776 	token_t *seq_token;
777 
778 	seq_token = au_to_seq(seq_audit_count);
779 	if (seq_token == NULL)
780 		err(EX_UNAVAILABLE, "au_to_seq");
781 	write_token(directory, token_filename, seq_token);
782 }
783 
784 static void
785 generate_seq_record(const char *directory, const char *record_filename)
786 {
787 	token_t *seq_token;
788 
789 	seq_token = au_to_seq(seq_audit_count);
790 	if (seq_token == NULL)
791 		err(EX_UNAVAILABLE, "au_to_seq");
792 	write_record(directory, record_filename, seq_token, AUE_NULL);
793 }
794 
795 /*
796  * AUT_ACL
797  */
798 
799 static void
800 generate_attr_token(const char *directory, const char *token_filename)
801 {
802 	token_t *attr_token;
803 
804 }
805 
806 static void
807 generate_attr_record(const char *directory, const char *record_filename)
808 {
809 	token_t *attr_token;
810 
811 }
812 
813 static void
814 generate_ipc_perm_token(const char *directory, const char *token_filename)
815 {
816 	token_t *ipc_perm_token;
817 
818 }
819 
820 static void
821 generate_ipc_perm_record(const char *directory, const char *record_filename)
822 {
823 	token_t *ipc_perm_token;
824 
825 }
826 
827 /*
828  * AUT_LABEL
829  */
830 
831 static void
832 generate_groups_token(const char *directory, const char *token_filename)
833 {
834 	token_t *groups_token;
835 
836 }
837 
838 static void
839 generate_groups_record(const char *directory, const char *record_filename)
840 {
841 	token_t *groups_token;
842 
843 }
844 
845 /*
846  * AUT_ILABEL
847  */
848 
849 /*
850  * AUT_SLABEL
851  */
852 
853 /*
854  * AUT_CLEAR
855  */
856 
857 /*
858  * AUT_PRIV
859  */
860 
861 /*
862  * AUT_UPRIV
863  */
864 
865 /*
866  * AUT_LIAISON
867  */
868 
869 /*
870  * AUT_NEWGROUPS
871  */
872 
873 /*
874  * AUT_EXEC_ARGS
875  */
876 
877 /*
878  * AUT_EXEC_ENV
879  */
880 
881 static void
882 generate_attr32_token(const char *directory, const char *token_filename)
883 {
884 	token_t *attr32_token;
885 
886 }
887 
888 static void
889 generate_attr32_record(const char *directory, const char *record_filename)
890 {
891 	token_t *attr32_token;
892 
893 }
894 
895 static char	*zonename_sample = "testzone";
896 
897 static void
898 generate_zonename_token(const char *directory, const char *token_filename)
899 {
900 	token_t *zonename_token;
901 
902 	zonename_token = au_to_zonename(zonename_sample);
903 	if (zonename_token == NULL)
904 		err(EX_UNAVAILABLE, "au_to_zonename");
905 	write_token(directory, token_filename, zonename_token);
906 }
907 
908 static void
909 generate_zonename_record(const char *directory, const char *record_filename)
910 {
911 	token_t *zonename_token;
912 
913 	zonename_token = au_to_zonename(zonename_sample);
914 	if (zonename_token == NULL)
915 		err(EX_UNAVAILABLE, "au_to_zonename");
916 	write_record(directory, record_filename, zonename_token, AUE_NULL);
917 }
918 
919 static u_short socketex_domain = AF_INET;
920 static u_short socketex_type = SOCK_STREAM;
921 static struct sockaddr_in socketex_laddr, socketex_raddr;
922 
923 static void
924 generate_socketex_token(const char *directory, const char *token_filename)
925 {
926 	token_t *socketex_token;
927 
928 	bzero(&socketex_laddr, sizeof(socketex_laddr));
929 	socketex_laddr.sin_family = AF_INET;
930 	socketex_laddr.sin_len = sizeof(socketex_laddr);
931 	socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
932 
933 	bzero(&socketex_raddr, sizeof(socketex_raddr));
934 	socketex_raddr.sin_family = AF_INET;
935 	socketex_raddr.sin_len = sizeof(socketex_raddr);
936 	socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
937 
938 	socketex_token = au_to_socket_ex(socketex_domain, socketex_type,
939 	    (struct sockaddr *)&socketex_laddr,
940 	    (struct sockaddr *)&socketex_raddr);
941 	if (socketex_token == NULL)
942 		err(EX_UNAVAILABLE, "au_to_socket_ex");
943 	write_token(directory, token_filename, socketex_token);
944 }
945 
946 static void
947 generate_socketex_record(const char *directory, const char *record_filename)
948 {
949 	token_t *socketex_token;
950 
951 	bzero(&socketex_laddr, sizeof(socketex_laddr));
952 	socketex_laddr.sin_family = AF_INET;
953 	socketex_laddr.sin_len = sizeof(socketex_laddr);
954 	socketex_laddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
955 
956 	bzero(&socketex_raddr, sizeof(socketex_raddr));
957 	socketex_raddr.sin_family = AF_INET;
958 	socketex_raddr.sin_len = sizeof(socketex_raddr);
959 	socketex_raddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
960 
961 	socketex_token = au_to_socket_ex(socketex_domain, socketex_type,
962 	    (struct sockaddr *)&socketex_laddr,
963 	    (struct sockaddr *)&socketex_raddr);
964 	if (socketex_token == NULL)
965 		err(EX_UNAVAILABLE, "au_to_socket_ex");
966 	write_record(directory, record_filename, socketex_token, AUE_NULL);
967 }
968 
969 /*
970  * Generate a series of error-number specific return tokens in records.
971  */
972 static void
973 generate_error_record(const char *directory, const char *filename, int error)
974 {
975 	char pathname[PATH_MAX];
976 	token_t *return32_token;
977 
978 	return32_token = au_to_return32(au_errno_to_bsm(error), -1);
979 	if (return32_token == NULL)
980 		err(EX_UNAVAILABLE, "au_to_return32");
981 	(void)snprintf(pathname, PATH_MAX, "%s_record", filename);
982 	write_record(directory, pathname, return32_token, AUE_NULL);
983 }
984 
985 /*
986  * Not all the error numbers, just a few present on all platforms for now.
987  */
988 const struct {
989 	int error_number;
990 	const char *error_name;
991 } error_list[] = {
992 	{ EPERM, "EPERM" },
993 	{ ENOENT, "ENOENT" },
994 	{ ESRCH, "ESRCH" },
995 	{ EINTR, "EINTR" },
996 	{ EIO, "EIO" },
997 	{ ENXIO, "ENXIO" },
998 	{ E2BIG, "E2BIG" },
999 	{ ENOEXEC, "ENOEXEC" },
1000 	{ EBADF, "EBADF" },
1001 	{ ECHILD, "ECHILD" },
1002 	{ EDEADLK, "EDEADLK" },
1003 	{ ENOMEM, "ENOMEM" },
1004 	{ EACCES, "EACCES" },
1005 	{ EFAULT, "EFAULT" },
1006 	{ ENOTBLK, "ENOTBLK" },
1007 	{ EBUSY, "EBUSY" },
1008 	{ EEXIST, "EEXIST" },
1009 	{ EXDEV, "EXDEV" },
1010 	{ ENODEV, "ENODEV" },
1011 	{ ENOTDIR, "ENOTDIR" },
1012 	{ EISDIR, "EISDIR" },
1013 	{ EINVAL, "EINVAL" },
1014 	{ ENFILE, "ENFILE" },
1015 	{ EMFILE, "EMFILE" },
1016 	{ ENOTTY, "ENOTTY" },
1017 	{ ETXTBSY, "ETXTBSY" },
1018 	{ EFBIG, "EFBIG" },
1019 	{ ENOSPC, "ENOSPC" },
1020 	{ ESPIPE, "ESPIPE" },
1021 	{ EROFS, "EROFS" },
1022 	{ EMLINK, "EMLINK" },
1023 	{ EPIPE, "EPIPE" }
1024 };
1025 const int error_list_count = sizeof(error_list)/sizeof(error_list[0]);
1026 
1027 static void
1028 do_error_records(const char *directory)
1029 {
1030 	int i;
1031 
1032 	for (i = 0; i < error_list_count; i++)
1033 		generate_error_record(directory, error_list[i].error_name,
1034 		    error_list[i].error_number);
1035 }
1036 
1037 int
1038 main(int argc, char *argv[])
1039 {
1040 	const char *directory;
1041 	int ch;
1042 
1043 	while ((ch = getopt(argc, argv, "rt")) != -1) {
1044 		switch (ch) {
1045 		case 'r':
1046 			do_records++;
1047 			break;
1048 
1049 		case 't':
1050 			do_tokens++;
1051 			break;
1052 
1053 		default:
1054 			usage();
1055 		}
1056 	}
1057 
1058 	argc -= optind;
1059 	argv += optind;
1060 
1061 	if (argc != 1)
1062 		usage();
1063 
1064 	directory = argv[0];
1065 
1066 	if (mkdir(directory, 0755) < 0 && errno != EEXIST)
1067 		err(EX_OSERR, "mkdir: %s", directory);
1068 
1069 	if (do_tokens) {
1070 		generate_file_token(directory, "file_token");
1071 		generate_trailer_token(directory, "trailer_token");
1072 		generate_header32_token(directory, "header32_token");
1073 		generate_data_token(directory, "data_token");
1074 		generate_ipc_token(directory, "ipc_token");
1075 		generate_path_token(directory, "path_token");
1076 		generate_subject32_token(directory, "subject32_token");
1077 		generate_subject32ex_token(directory, "subject32ex_token",
1078 		    AU_IPv4);
1079 		generate_subject32ex_token(directory, "subject32ex_token",
1080 		    AU_IPv6);
1081 		generate_process32_token(directory, "process32_token");
1082 		generate_process32ex_token(directory, "process32ex_token",
1083 		    AU_IPv4);
1084 		generate_process32ex_token(directory, "process32ex_token",
1085 		    AU_IPv6);
1086 		generate_process64_token(directory, "process64_token");
1087 		generate_process64ex_token(directory, "process64ex_token",
1088 		    AU_IPv4);
1089 		generate_process64ex_token(directory, "process64ex_token",
1090 		    AU_IPv6);
1091 		generate_return32_token(directory, "return32_token");
1092 		generate_text_token(directory, "text_token");
1093 		generate_opaque_token(directory, "opaque_token");
1094 		generate_in_addr_token(directory, "in_addr_token");
1095 		generate_ip_token(directory, "ip_token");
1096 		generate_iport_token(directory, "iport_token");
1097 		generate_arg32_token(directory, "arg32_token");
1098 		generate_seq_token(directory, "seq_token");
1099 		generate_attr_token(directory,  "attr_token");
1100 		generate_ipc_perm_token(directory, "ipc_perm_token");
1101 		generate_groups_token(directory, "groups_token");
1102 		generate_attr32_token(directory, "attr32_token");
1103 		generate_zonename_token(directory, "zonename_token");
1104 		generate_socketex_token(directory, "socketex_token");
1105 	}
1106 
1107 	if (do_records) {
1108 		generate_file_record(directory, "file_record");
1109 		generate_data_record(directory, "data_record");
1110 		generate_ipc_record(directory, "ipc_record");
1111 		generate_path_record(directory, "path_record");
1112 		generate_subject32_record(directory, "subject32_record");
1113 		generate_subject32ex_record(directory, "subject32ex_record",
1114 		    AU_IPv4);
1115 		generate_subject32ex_record(directory, "subject32ex_record",
1116 		    AU_IPv6);
1117 		generate_process32_record(directory, "process32_record");
1118 		generate_process32ex_record(directory, "process32ex_record",
1119 		    AU_IPv4);
1120 		generate_process32ex_record(directory, "process32ex_record",
1121 		    AU_IPv6);
1122 		generate_process64_record(directory, "process64_record");
1123 		generate_process64ex_record(directory, "process64ex_record",
1124 		    AU_IPv4);
1125 		generate_process64ex_record(directory, "process64ex_record",
1126 		    AU_IPv6);
1127 		generate_return32_record(directory, "return32_record");
1128 		generate_text_record(directory, "text_record");
1129 		generate_opaque_record(directory, "opaque_record");
1130 		generate_in_addr_record(directory, "in_addr_record");
1131 		generate_ip_record(directory, "ip_record");
1132 		generate_iport_record(directory, "iport_record");
1133 		generate_arg32_record(directory, "arg32_record");
1134 		generate_seq_record(directory, "seq_record");
1135 		generate_attr_record(directory,  "attr_record");
1136 		generate_ipc_perm_record(directory, "ipc_perm_record");
1137 		generate_groups_record(directory, "groups_record");
1138 		generate_attr32_record(directory, "attr32_record");
1139 		generate_zonename_record(directory, "zonename_record");
1140 		generate_socketex_record(directory, "socketex_record");
1141 		do_error_records(directory);
1142 	}
1143 
1144 	return (0);
1145 }
1146