16f1cbda7SRobert Watson /*- 26f1cbda7SRobert Watson * Copyright (c) 2004-2009 Apple Inc. 36f1cbda7SRobert Watson * Copyright (c) 2005 SPARTA, Inc. 46f1cbda7SRobert Watson * All rights reserved. 56f1cbda7SRobert Watson * 66f1cbda7SRobert Watson * This code was developed in part by Robert N. M. Watson, Senior Principal 76f1cbda7SRobert Watson * Scientist, SPARTA, Inc. 86f1cbda7SRobert Watson * 96f1cbda7SRobert Watson * Redistribution and use in source and binary forms, with or without 106f1cbda7SRobert Watson * modification, are permitted provided that the following conditions 116f1cbda7SRobert Watson * are met: 126f1cbda7SRobert Watson * 1. Redistributions of source code must retain the above copyright 136f1cbda7SRobert Watson * notice, this list of conditions and the following disclaimer. 146f1cbda7SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 156f1cbda7SRobert Watson * notice, this list of conditions and the following disclaimer in the 166f1cbda7SRobert Watson * documentation and/or other materials provided with the distribution. 176f1cbda7SRobert Watson * 3. Neither the name of Apple Inc. ("Apple") nor the names of 186f1cbda7SRobert Watson * its contributors may be used to endorse or promote products derived 196f1cbda7SRobert Watson * from this software without specific prior written permission. 206f1cbda7SRobert Watson * 216f1cbda7SRobert Watson * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 226f1cbda7SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 236f1cbda7SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 246f1cbda7SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 256f1cbda7SRobert Watson * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 266f1cbda7SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 276f1cbda7SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 286f1cbda7SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 296f1cbda7SRobert Watson * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 306f1cbda7SRobert Watson * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 316f1cbda7SRobert Watson * POSSIBILITY OF SUCH DAMAGE. 326f1cbda7SRobert Watson * 336f1cbda7SRobert Watson * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99 346f1cbda7SRobert Watson */ 356f1cbda7SRobert Watson 366f1cbda7SRobert Watson #include <sys/cdefs.h> 376f1cbda7SRobert Watson __FBSDID("$FreeBSD$"); 386f1cbda7SRobert Watson 396f1cbda7SRobert Watson #include <sys/param.h> 406f1cbda7SRobert Watson #include <sys/types.h> 416f1cbda7SRobert Watson #include <sys/endian.h> 426f1cbda7SRobert Watson #include <sys/queue.h> 436f1cbda7SRobert Watson #include <sys/socket.h> 446f1cbda7SRobert Watson #include <sys/time.h> 456f1cbda7SRobert Watson 466f1cbda7SRobert Watson #include <sys/ipc.h> 476f1cbda7SRobert Watson #include <sys/libkern.h> 486f1cbda7SRobert Watson #include <sys/malloc.h> 496f1cbda7SRobert Watson #include <sys/un.h> 506f1cbda7SRobert Watson 516f1cbda7SRobert Watson #include <netinet/in.h> 526f1cbda7SRobert Watson #include <netinet/in_systm.h> 536f1cbda7SRobert Watson #include <netinet/ip.h> 546f1cbda7SRobert Watson 556f1cbda7SRobert Watson 566f1cbda7SRobert Watson #include <bsm/audit.h> 576f1cbda7SRobert Watson #include <bsm/audit_internal.h> 586f1cbda7SRobert Watson #include <bsm/audit_record.h> 596f1cbda7SRobert Watson #include <security/audit/audit.h> 606f1cbda7SRobert Watson #include <security/audit/audit_private.h> 616f1cbda7SRobert Watson 626f1cbda7SRobert Watson #define GET_TOKEN_AREA(t, dptr, length) do { \ 636f1cbda7SRobert Watson t = malloc(sizeof(token_t), M_AUDITBSM, M_WAITOK); \ 646f1cbda7SRobert Watson t->t_data = malloc(length, M_AUDITBSM, M_WAITOK | M_ZERO); \ 656f1cbda7SRobert Watson t->len = length; \ 666f1cbda7SRobert Watson dptr = t->t_data; \ 676f1cbda7SRobert Watson } while (0) 686f1cbda7SRobert Watson 696f1cbda7SRobert Watson /* 706f1cbda7SRobert Watson * token ID 1 byte 716f1cbda7SRobert Watson * success/failure 1 byte 726f1cbda7SRobert Watson * privstrlen 2 bytes 736f1cbda7SRobert Watson * privstr N bytes + 1 (\0 byte) 746f1cbda7SRobert Watson */ 756f1cbda7SRobert Watson token_t * 766f1cbda7SRobert Watson au_to_upriv(char sorf, char *priv) 776f1cbda7SRobert Watson { 786f1cbda7SRobert Watson u_int16_t textlen; 796f1cbda7SRobert Watson u_char *dptr; 806f1cbda7SRobert Watson token_t *t; 816f1cbda7SRobert Watson 826f1cbda7SRobert Watson textlen = strlen(priv) + 1; 836f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) + 846f1cbda7SRobert Watson sizeof(u_int16_t) + textlen); 856f1cbda7SRobert Watson 866f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_UPRIV); 876f1cbda7SRobert Watson ADD_U_CHAR(dptr, sorf); 886f1cbda7SRobert Watson ADD_U_INT16(dptr, textlen); 896f1cbda7SRobert Watson ADD_STRING(dptr, priv, textlen); 906f1cbda7SRobert Watson return (t); 916f1cbda7SRobert Watson } 926f1cbda7SRobert Watson 936f1cbda7SRobert Watson /* 946f1cbda7SRobert Watson * token ID 1 byte 956f1cbda7SRobert Watson * privtstrlen 2 bytes 966f1cbda7SRobert Watson * privtstr N bytes + 1 976f1cbda7SRobert Watson * privstrlen 2 bytes 986f1cbda7SRobert Watson * privstr N bytes + 1 996f1cbda7SRobert Watson */ 1006f1cbda7SRobert Watson token_t * 1016f1cbda7SRobert Watson au_to_privset(char *privtypestr, char *privstr) 1026f1cbda7SRobert Watson { 1036f1cbda7SRobert Watson u_int16_t type_len, priv_len; 1046f1cbda7SRobert Watson u_char *dptr; 1056f1cbda7SRobert Watson token_t *t; 1066f1cbda7SRobert Watson 1076f1cbda7SRobert Watson type_len = strlen(privtypestr) + 1; 1086f1cbda7SRobert Watson priv_len = strlen(privstr) + 1; 1096f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 1106f1cbda7SRobert Watson sizeof(u_int16_t) + type_len + priv_len); 1116f1cbda7SRobert Watson 1126f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_PRIV); 1136f1cbda7SRobert Watson ADD_U_INT16(dptr, type_len); 1146f1cbda7SRobert Watson ADD_STRING(dptr, privtypestr, type_len); 1156f1cbda7SRobert Watson ADD_U_INT16(dptr, priv_len); 1166f1cbda7SRobert Watson ADD_STRING(dptr, privstr, priv_len); 1176f1cbda7SRobert Watson return (t); 1186f1cbda7SRobert Watson } 1196f1cbda7SRobert Watson 1206f1cbda7SRobert Watson /* 1216f1cbda7SRobert Watson * token ID 1 byte 1226f1cbda7SRobert Watson * argument # 1 byte 1236f1cbda7SRobert Watson * argument value 4 bytes/8 bytes (32-bit/64-bit value) 1246f1cbda7SRobert Watson * text length 2 bytes 1256f1cbda7SRobert Watson * text N bytes + 1 terminating NULL byte 1266f1cbda7SRobert Watson */ 1276f1cbda7SRobert Watson token_t * 1286f1cbda7SRobert Watson au_to_arg32(char n, const char *text, u_int32_t v) 1296f1cbda7SRobert Watson { 1306f1cbda7SRobert Watson token_t *t; 1316f1cbda7SRobert Watson u_char *dptr = NULL; 1326f1cbda7SRobert Watson u_int16_t textlen; 1336f1cbda7SRobert Watson 1346f1cbda7SRobert Watson textlen = strlen(text); 1356f1cbda7SRobert Watson textlen += 1; 1366f1cbda7SRobert Watson 1376f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t) + 1386f1cbda7SRobert Watson sizeof(u_int16_t) + textlen); 1396f1cbda7SRobert Watson 1406f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_ARG32); 1416f1cbda7SRobert Watson ADD_U_CHAR(dptr, n); 1426f1cbda7SRobert Watson ADD_U_INT32(dptr, v); 1436f1cbda7SRobert Watson ADD_U_INT16(dptr, textlen); 1446f1cbda7SRobert Watson ADD_STRING(dptr, text, textlen); 1456f1cbda7SRobert Watson 1466f1cbda7SRobert Watson return (t); 1476f1cbda7SRobert Watson } 1486f1cbda7SRobert Watson 1496f1cbda7SRobert Watson token_t * 1506f1cbda7SRobert Watson au_to_arg64(char n, const char *text, u_int64_t v) 1516f1cbda7SRobert Watson { 1526f1cbda7SRobert Watson token_t *t; 1536f1cbda7SRobert Watson u_char *dptr = NULL; 1546f1cbda7SRobert Watson u_int16_t textlen; 1556f1cbda7SRobert Watson 1566f1cbda7SRobert Watson textlen = strlen(text); 1576f1cbda7SRobert Watson textlen += 1; 1586f1cbda7SRobert Watson 1596f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t) + 1606f1cbda7SRobert Watson sizeof(u_int16_t) + textlen); 1616f1cbda7SRobert Watson 1626f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_ARG64); 1636f1cbda7SRobert Watson ADD_U_CHAR(dptr, n); 1646f1cbda7SRobert Watson ADD_U_INT64(dptr, v); 1656f1cbda7SRobert Watson ADD_U_INT16(dptr, textlen); 1666f1cbda7SRobert Watson ADD_STRING(dptr, text, textlen); 1676f1cbda7SRobert Watson 1686f1cbda7SRobert Watson return (t); 1696f1cbda7SRobert Watson } 1706f1cbda7SRobert Watson 1716f1cbda7SRobert Watson token_t * 1726f1cbda7SRobert Watson au_to_arg(char n, const char *text, u_int32_t v) 1736f1cbda7SRobert Watson { 1746f1cbda7SRobert Watson 1756f1cbda7SRobert Watson return (au_to_arg32(n, text, v)); 1766f1cbda7SRobert Watson } 1776f1cbda7SRobert Watson 1786f1cbda7SRobert Watson #if defined(_KERNEL) || defined(KERNEL) 1796f1cbda7SRobert Watson /* 1806f1cbda7SRobert Watson * token ID 1 byte 1816f1cbda7SRobert Watson * file access mode 4 bytes 1826f1cbda7SRobert Watson * owner user ID 4 bytes 1836f1cbda7SRobert Watson * owner group ID 4 bytes 1846f1cbda7SRobert Watson * file system ID 4 bytes 1856f1cbda7SRobert Watson * node ID 8 bytes 1866f1cbda7SRobert Watson * device 4 bytes/8 bytes (32-bit/64-bit) 1876f1cbda7SRobert Watson */ 1886f1cbda7SRobert Watson token_t * 1896f1cbda7SRobert Watson au_to_attr32(struct vnode_au_info *vni) 1906f1cbda7SRobert Watson { 1916f1cbda7SRobert Watson token_t *t; 1926f1cbda7SRobert Watson u_char *dptr = NULL; 1936f1cbda7SRobert Watson u_int16_t pad0_16 = 0; 1946f1cbda7SRobert Watson u_int32_t pad0_32 = 0; 1956f1cbda7SRobert Watson 1966f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 1976f1cbda7SRobert Watson 3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t)); 1986f1cbda7SRobert Watson 1996f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_ATTR32); 2006f1cbda7SRobert Watson 2016f1cbda7SRobert Watson /* 2026f1cbda7SRobert Watson * BSD defines the size for the file mode as 2 bytes; BSM defines 4 2036f1cbda7SRobert Watson * so pad with 0. 2046f1cbda7SRobert Watson * 2056f1cbda7SRobert Watson * XXXRW: Possibly should be conditionally compiled. 2066f1cbda7SRobert Watson * 2076f1cbda7SRobert Watson * XXXRW: Should any conversions take place on the mode? 2086f1cbda7SRobert Watson */ 2096f1cbda7SRobert Watson ADD_U_INT16(dptr, pad0_16); 2106f1cbda7SRobert Watson ADD_U_INT16(dptr, vni->vn_mode); 2116f1cbda7SRobert Watson 2126f1cbda7SRobert Watson ADD_U_INT32(dptr, vni->vn_uid); 2136f1cbda7SRobert Watson ADD_U_INT32(dptr, vni->vn_gid); 2146f1cbda7SRobert Watson ADD_U_INT32(dptr, vni->vn_fsid); 2156f1cbda7SRobert Watson 2166f1cbda7SRobert Watson /* 2176f1cbda7SRobert Watson * Some systems use 32-bit file ID's, others use 64-bit file IDs. 2186f1cbda7SRobert Watson * Attempt to handle both, and let the compiler sort it out. If we 2196f1cbda7SRobert Watson * could pick this out at compile-time, it would be better, so as to 2206f1cbda7SRobert Watson * avoid the else case below. 2216f1cbda7SRobert Watson */ 2226f1cbda7SRobert Watson if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { 2236f1cbda7SRobert Watson ADD_U_INT32(dptr, pad0_32); 2246f1cbda7SRobert Watson ADD_U_INT32(dptr, vni->vn_fileid); 2256f1cbda7SRobert Watson } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) 2266f1cbda7SRobert Watson ADD_U_INT64(dptr, vni->vn_fileid); 2276f1cbda7SRobert Watson else 2286f1cbda7SRobert Watson ADD_U_INT64(dptr, 0LL); 2296f1cbda7SRobert Watson 2306f1cbda7SRobert Watson ADD_U_INT32(dptr, vni->vn_dev); 2316f1cbda7SRobert Watson 2326f1cbda7SRobert Watson return (t); 2336f1cbda7SRobert Watson } 2346f1cbda7SRobert Watson 2356f1cbda7SRobert Watson token_t * 2366f1cbda7SRobert Watson au_to_attr64(struct vnode_au_info *vni) 2376f1cbda7SRobert Watson { 2386f1cbda7SRobert Watson token_t *t; 2396f1cbda7SRobert Watson u_char *dptr = NULL; 2406f1cbda7SRobert Watson u_int16_t pad0_16 = 0; 2416f1cbda7SRobert Watson u_int32_t pad0_32 = 0; 2426f1cbda7SRobert Watson 2436f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 2446f1cbda7SRobert Watson 3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2); 2456f1cbda7SRobert Watson 2466f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_ATTR64); 2476f1cbda7SRobert Watson 2486f1cbda7SRobert Watson /* 2496f1cbda7SRobert Watson * BSD defines the size for the file mode as 2 bytes; BSM defines 4 2506f1cbda7SRobert Watson * so pad with 0. 2516f1cbda7SRobert Watson * 2526f1cbda7SRobert Watson * XXXRW: Possibly should be conditionally compiled. 2536f1cbda7SRobert Watson * 2546f1cbda7SRobert Watson * XXXRW: Should any conversions take place on the mode? 2556f1cbda7SRobert Watson */ 2566f1cbda7SRobert Watson ADD_U_INT16(dptr, pad0_16); 2576f1cbda7SRobert Watson ADD_U_INT16(dptr, vni->vn_mode); 2586f1cbda7SRobert Watson 2596f1cbda7SRobert Watson ADD_U_INT32(dptr, vni->vn_uid); 2606f1cbda7SRobert Watson ADD_U_INT32(dptr, vni->vn_gid); 2616f1cbda7SRobert Watson ADD_U_INT32(dptr, vni->vn_fsid); 2626f1cbda7SRobert Watson 2636f1cbda7SRobert Watson /* 2646f1cbda7SRobert Watson * Some systems use 32-bit file ID's, other's use 64-bit file IDs. 2656f1cbda7SRobert Watson * Attempt to handle both, and let the compiler sort it out. If we 2666f1cbda7SRobert Watson * could pick this out at compile-time, it would be better, so as to 2676f1cbda7SRobert Watson * avoid the else case below. 2686f1cbda7SRobert Watson */ 2696f1cbda7SRobert Watson if (sizeof(vni->vn_fileid) == sizeof(uint32_t)) { 2706f1cbda7SRobert Watson ADD_U_INT32(dptr, pad0_32); 2716f1cbda7SRobert Watson ADD_U_INT32(dptr, vni->vn_fileid); 2726f1cbda7SRobert Watson } else if (sizeof(vni->vn_fileid) == sizeof(uint64_t)) 2736f1cbda7SRobert Watson ADD_U_INT64(dptr, vni->vn_fileid); 2746f1cbda7SRobert Watson else 2756f1cbda7SRobert Watson ADD_U_INT64(dptr, 0LL); 2766f1cbda7SRobert Watson 2776f1cbda7SRobert Watson ADD_U_INT64(dptr, vni->vn_dev); 2786f1cbda7SRobert Watson 2796f1cbda7SRobert Watson return (t); 2806f1cbda7SRobert Watson } 2816f1cbda7SRobert Watson 2826f1cbda7SRobert Watson token_t * 2836f1cbda7SRobert Watson au_to_attr(struct vnode_au_info *vni) 2846f1cbda7SRobert Watson { 2856f1cbda7SRobert Watson 2866f1cbda7SRobert Watson return (au_to_attr32(vni)); 2876f1cbda7SRobert Watson } 2886f1cbda7SRobert Watson #endif /* !(defined(_KERNEL) || defined(KERNEL) */ 2896f1cbda7SRobert Watson 2906f1cbda7SRobert Watson /* 2916f1cbda7SRobert Watson * token ID 1 byte 2926f1cbda7SRobert Watson * how to print 1 byte 2936f1cbda7SRobert Watson * basic unit 1 byte 2946f1cbda7SRobert Watson * unit count 1 byte 2956f1cbda7SRobert Watson * data items (depends on basic unit) 2966f1cbda7SRobert Watson */ 2976f1cbda7SRobert Watson token_t * 2986f1cbda7SRobert Watson au_to_data(char unit_print, char unit_type, char unit_count, const char *p) 2996f1cbda7SRobert Watson { 3006f1cbda7SRobert Watson token_t *t; 3016f1cbda7SRobert Watson u_char *dptr = NULL; 3026f1cbda7SRobert Watson size_t datasize, totdata; 3036f1cbda7SRobert Watson 3046f1cbda7SRobert Watson /* Determine the size of the basic unit. */ 3056f1cbda7SRobert Watson switch (unit_type) { 3066f1cbda7SRobert Watson case AUR_BYTE: 3076f1cbda7SRobert Watson /* case AUR_CHAR: */ 3086f1cbda7SRobert Watson datasize = AUR_BYTE_SIZE; 3096f1cbda7SRobert Watson break; 3106f1cbda7SRobert Watson 3116f1cbda7SRobert Watson case AUR_SHORT: 3126f1cbda7SRobert Watson datasize = AUR_SHORT_SIZE; 3136f1cbda7SRobert Watson break; 3146f1cbda7SRobert Watson 3156f1cbda7SRobert Watson case AUR_INT32: 3166f1cbda7SRobert Watson /* case AUR_INT: */ 3176f1cbda7SRobert Watson datasize = AUR_INT32_SIZE; 3186f1cbda7SRobert Watson break; 3196f1cbda7SRobert Watson 3206f1cbda7SRobert Watson case AUR_INT64: 3216f1cbda7SRobert Watson datasize = AUR_INT64_SIZE; 3226f1cbda7SRobert Watson break; 3236f1cbda7SRobert Watson 3246f1cbda7SRobert Watson default: 3256f1cbda7SRobert Watson return (NULL); 3266f1cbda7SRobert Watson } 3276f1cbda7SRobert Watson 3286f1cbda7SRobert Watson totdata = datasize * unit_count; 3296f1cbda7SRobert Watson 3306f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata); 3316f1cbda7SRobert Watson 3326f1cbda7SRobert Watson /* 3336f1cbda7SRobert Watson * XXXRW: We should be byte-swapping each data item for multi-byte 3346f1cbda7SRobert Watson * types. 3356f1cbda7SRobert Watson */ 3366f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_DATA); 3376f1cbda7SRobert Watson ADD_U_CHAR(dptr, unit_print); 3386f1cbda7SRobert Watson ADD_U_CHAR(dptr, unit_type); 3396f1cbda7SRobert Watson ADD_U_CHAR(dptr, unit_count); 3406f1cbda7SRobert Watson ADD_MEM(dptr, p, totdata); 3416f1cbda7SRobert Watson 3426f1cbda7SRobert Watson return (t); 3436f1cbda7SRobert Watson } 3446f1cbda7SRobert Watson 3456f1cbda7SRobert Watson 3466f1cbda7SRobert Watson /* 3476f1cbda7SRobert Watson * token ID 1 byte 3486f1cbda7SRobert Watson * status 4 bytes 3496f1cbda7SRobert Watson * return value 4 bytes 3506f1cbda7SRobert Watson */ 3516f1cbda7SRobert Watson token_t * 3526f1cbda7SRobert Watson au_to_exit(int retval, int err) 3536f1cbda7SRobert Watson { 3546f1cbda7SRobert Watson token_t *t; 3556f1cbda7SRobert Watson u_char *dptr = NULL; 3566f1cbda7SRobert Watson 3576f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t)); 3586f1cbda7SRobert Watson 3596f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_EXIT); 3606f1cbda7SRobert Watson ADD_U_INT32(dptr, err); 3616f1cbda7SRobert Watson ADD_U_INT32(dptr, retval); 3626f1cbda7SRobert Watson 3636f1cbda7SRobert Watson return (t); 3646f1cbda7SRobert Watson } 3656f1cbda7SRobert Watson 3666f1cbda7SRobert Watson /* 3676f1cbda7SRobert Watson */ 3686f1cbda7SRobert Watson token_t * 3696f1cbda7SRobert Watson au_to_groups(int *groups) 3706f1cbda7SRobert Watson { 3716f1cbda7SRobert Watson 3726f1cbda7SRobert Watson return (au_to_newgroups(AUDIT_MAX_GROUPS, (gid_t *)groups)); 3736f1cbda7SRobert Watson } 3746f1cbda7SRobert Watson 3756f1cbda7SRobert Watson /* 3766f1cbda7SRobert Watson * token ID 1 byte 3776f1cbda7SRobert Watson * number groups 2 bytes 3786f1cbda7SRobert Watson * group list count * 4 bytes 3796f1cbda7SRobert Watson */ 3806f1cbda7SRobert Watson token_t * 3816f1cbda7SRobert Watson au_to_newgroups(u_int16_t n, gid_t *groups) 3826f1cbda7SRobert Watson { 3836f1cbda7SRobert Watson token_t *t; 3846f1cbda7SRobert Watson u_char *dptr = NULL; 3856f1cbda7SRobert Watson int i; 3866f1cbda7SRobert Watson 3876f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 3886f1cbda7SRobert Watson n * sizeof(u_int32_t)); 3896f1cbda7SRobert Watson 3906f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_NEWGROUPS); 3916f1cbda7SRobert Watson ADD_U_INT16(dptr, n); 3926f1cbda7SRobert Watson for (i = 0; i < n; i++) 3936f1cbda7SRobert Watson ADD_U_INT32(dptr, groups[i]); 3946f1cbda7SRobert Watson 3956f1cbda7SRobert Watson return (t); 3966f1cbda7SRobert Watson } 3976f1cbda7SRobert Watson 3986f1cbda7SRobert Watson /* 3996f1cbda7SRobert Watson * token ID 1 byte 4006f1cbda7SRobert Watson * internet address 4 bytes 4016f1cbda7SRobert Watson */ 4026f1cbda7SRobert Watson token_t * 4036f1cbda7SRobert Watson au_to_in_addr(struct in_addr *internet_addr) 4046f1cbda7SRobert Watson { 4056f1cbda7SRobert Watson token_t *t; 4066f1cbda7SRobert Watson u_char *dptr = NULL; 4076f1cbda7SRobert Watson 4086f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t)); 4096f1cbda7SRobert Watson 4106f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_IN_ADDR); 4116f1cbda7SRobert Watson ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t)); 4126f1cbda7SRobert Watson 4136f1cbda7SRobert Watson return (t); 4146f1cbda7SRobert Watson } 4156f1cbda7SRobert Watson 4166f1cbda7SRobert Watson /* 4176f1cbda7SRobert Watson * token ID 1 byte 4186f1cbda7SRobert Watson * address type/length 4 bytes 4196f1cbda7SRobert Watson * address 16 bytes 4206f1cbda7SRobert Watson */ 4216f1cbda7SRobert Watson token_t * 4226f1cbda7SRobert Watson au_to_in_addr_ex(struct in6_addr *internet_addr) 4236f1cbda7SRobert Watson { 4246f1cbda7SRobert Watson token_t *t; 4256f1cbda7SRobert Watson u_char *dptr = NULL; 4266f1cbda7SRobert Watson u_int32_t type = AU_IPv6; 4276f1cbda7SRobert Watson 4286f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); 4296f1cbda7SRobert Watson 4306f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); 4316f1cbda7SRobert Watson ADD_U_INT32(dptr, type); 4326f1cbda7SRobert Watson ADD_MEM(dptr, internet_addr, 4 * sizeof(uint32_t)); 4336f1cbda7SRobert Watson 4346f1cbda7SRobert Watson return (t); 4356f1cbda7SRobert Watson } 4366f1cbda7SRobert Watson 4376f1cbda7SRobert Watson /* 4386f1cbda7SRobert Watson * token ID 1 byte 4396f1cbda7SRobert Watson * ip header 20 bytes 4406f1cbda7SRobert Watson * 4416f1cbda7SRobert Watson * The IP header should be submitted in network byte order. 4426f1cbda7SRobert Watson */ 4436f1cbda7SRobert Watson token_t * 4446f1cbda7SRobert Watson au_to_ip(struct ip *ip) 4456f1cbda7SRobert Watson { 4466f1cbda7SRobert Watson token_t *t; 4476f1cbda7SRobert Watson u_char *dptr = NULL; 4486f1cbda7SRobert Watson 4496f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip)); 4506f1cbda7SRobert Watson 4516f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_IP); 4526f1cbda7SRobert Watson ADD_MEM(dptr, ip, sizeof(struct ip)); 4536f1cbda7SRobert Watson 4546f1cbda7SRobert Watson return (t); 4556f1cbda7SRobert Watson } 4566f1cbda7SRobert Watson 4576f1cbda7SRobert Watson /* 4586f1cbda7SRobert Watson * token ID 1 byte 4596f1cbda7SRobert Watson * object ID type 1 byte 4606f1cbda7SRobert Watson * object ID 4 bytes 4616f1cbda7SRobert Watson */ 4626f1cbda7SRobert Watson token_t * 4636f1cbda7SRobert Watson au_to_ipc(char type, int id) 4646f1cbda7SRobert Watson { 4656f1cbda7SRobert Watson token_t *t; 4666f1cbda7SRobert Watson u_char *dptr = NULL; 4676f1cbda7SRobert Watson 4686f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); 4696f1cbda7SRobert Watson 4706f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_IPC); 4716f1cbda7SRobert Watson ADD_U_CHAR(dptr, type); 4726f1cbda7SRobert Watson ADD_U_INT32(dptr, id); 4736f1cbda7SRobert Watson 4746f1cbda7SRobert Watson return (t); 4756f1cbda7SRobert Watson } 4766f1cbda7SRobert Watson 4776f1cbda7SRobert Watson /* 4786f1cbda7SRobert Watson * token ID 1 byte 4796f1cbda7SRobert Watson * owner user ID 4 bytes 4806f1cbda7SRobert Watson * owner group ID 4 bytes 4816f1cbda7SRobert Watson * creator user ID 4 bytes 4826f1cbda7SRobert Watson * creator group ID 4 bytes 4836f1cbda7SRobert Watson * access mode 4 bytes 4846f1cbda7SRobert Watson * slot sequence # 4 bytes 4856f1cbda7SRobert Watson * key 4 bytes 4866f1cbda7SRobert Watson */ 4876f1cbda7SRobert Watson token_t * 4886f1cbda7SRobert Watson au_to_ipc_perm(struct ipc_perm *perm) 4896f1cbda7SRobert Watson { 4906f1cbda7SRobert Watson token_t *t; 4916f1cbda7SRobert Watson u_char *dptr = NULL; 4926f1cbda7SRobert Watson u_int16_t pad0 = 0; 4936f1cbda7SRobert Watson 4946f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 12 * sizeof(u_int16_t) + 4956f1cbda7SRobert Watson sizeof(u_int32_t)); 4966f1cbda7SRobert Watson 4976f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_IPC_PERM); 4986f1cbda7SRobert Watson 4996f1cbda7SRobert Watson /* 5006f1cbda7SRobert Watson * Systems vary significantly in what types they use in struct 5016f1cbda7SRobert Watson * ipc_perm; at least a few still use 16-bit uid's and gid's, so 5026f1cbda7SRobert Watson * allow for that, as BSM define 32-bit values here. 5036f1cbda7SRobert Watson * Some systems define the sizes for ipc_perm members as 2 bytes; 5046f1cbda7SRobert Watson * BSM defines 4 so pad with 0. 5056f1cbda7SRobert Watson * 5066f1cbda7SRobert Watson * XXXRW: Possibly shoulid be conditionally compiled, and more cases 5076f1cbda7SRobert Watson * need to be handled. 5086f1cbda7SRobert Watson */ 5096f1cbda7SRobert Watson if (sizeof(perm->uid) != sizeof(u_int32_t)) { 5106f1cbda7SRobert Watson ADD_U_INT16(dptr, pad0); 5116f1cbda7SRobert Watson ADD_U_INT16(dptr, perm->uid); 5126f1cbda7SRobert Watson ADD_U_INT16(dptr, pad0); 5136f1cbda7SRobert Watson ADD_U_INT16(dptr, perm->gid); 5146f1cbda7SRobert Watson ADD_U_INT16(dptr, pad0); 5156f1cbda7SRobert Watson ADD_U_INT16(dptr, perm->cuid); 5166f1cbda7SRobert Watson ADD_U_INT16(dptr, pad0); 5176f1cbda7SRobert Watson ADD_U_INT16(dptr, perm->cgid); 5186f1cbda7SRobert Watson } else { 5196f1cbda7SRobert Watson ADD_U_INT32(dptr, perm->uid); 5206f1cbda7SRobert Watson ADD_U_INT32(dptr, perm->gid); 5216f1cbda7SRobert Watson ADD_U_INT32(dptr, perm->cuid); 5226f1cbda7SRobert Watson ADD_U_INT32(dptr, perm->cgid); 5236f1cbda7SRobert Watson } 5246f1cbda7SRobert Watson 5256f1cbda7SRobert Watson ADD_U_INT16(dptr, pad0); 5266f1cbda7SRobert Watson ADD_U_INT16(dptr, perm->mode); 5276f1cbda7SRobert Watson 5286f1cbda7SRobert Watson ADD_U_INT16(dptr, pad0); 5296f1cbda7SRobert Watson 5306f1cbda7SRobert Watson ADD_U_INT16(dptr, perm->seq); 5316f1cbda7SRobert Watson 5326f1cbda7SRobert Watson ADD_U_INT32(dptr, perm->key); 5336f1cbda7SRobert Watson 5346f1cbda7SRobert Watson return (t); 5356f1cbda7SRobert Watson } 5366f1cbda7SRobert Watson 5376f1cbda7SRobert Watson /* 5386f1cbda7SRobert Watson * token ID 1 byte 5396f1cbda7SRobert Watson * port IP address 2 bytes 5406f1cbda7SRobert Watson */ 5416f1cbda7SRobert Watson token_t * 5426f1cbda7SRobert Watson au_to_iport(u_int16_t iport) 5436f1cbda7SRobert Watson { 5446f1cbda7SRobert Watson token_t *t; 5456f1cbda7SRobert Watson u_char *dptr = NULL; 5466f1cbda7SRobert Watson 5476f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t)); 5486f1cbda7SRobert Watson 5496f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_IPORT); 5506f1cbda7SRobert Watson ADD_U_INT16(dptr, iport); 5516f1cbda7SRobert Watson 5526f1cbda7SRobert Watson return (t); 5536f1cbda7SRobert Watson } 5546f1cbda7SRobert Watson 5556f1cbda7SRobert Watson /* 5566f1cbda7SRobert Watson * token ID 1 byte 5576f1cbda7SRobert Watson * size 2 bytes 5586f1cbda7SRobert Watson * data size bytes 5596f1cbda7SRobert Watson */ 5606f1cbda7SRobert Watson token_t * 5616f1cbda7SRobert Watson au_to_opaque(const char *data, u_int16_t bytes) 5626f1cbda7SRobert Watson { 5636f1cbda7SRobert Watson token_t *t; 5646f1cbda7SRobert Watson u_char *dptr = NULL; 5656f1cbda7SRobert Watson 5666f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + bytes); 5676f1cbda7SRobert Watson 5686f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_OPAQUE); 5696f1cbda7SRobert Watson ADD_U_INT16(dptr, bytes); 5706f1cbda7SRobert Watson ADD_MEM(dptr, data, bytes); 5716f1cbda7SRobert Watson 5726f1cbda7SRobert Watson return (t); 5736f1cbda7SRobert Watson } 5746f1cbda7SRobert Watson 5756f1cbda7SRobert Watson /* 5766f1cbda7SRobert Watson * token ID 1 byte 5776f1cbda7SRobert Watson * seconds of time 4 bytes 5786f1cbda7SRobert Watson * milliseconds of time 4 bytes 5796f1cbda7SRobert Watson * file name len 2 bytes 5806f1cbda7SRobert Watson * file pathname N bytes + 1 terminating NULL byte 5816f1cbda7SRobert Watson */ 5826f1cbda7SRobert Watson token_t * 5836f1cbda7SRobert Watson au_to_file(const char *file, struct timeval tm) 5846f1cbda7SRobert Watson { 5856f1cbda7SRobert Watson token_t *t; 5866f1cbda7SRobert Watson u_char *dptr = NULL; 5876f1cbda7SRobert Watson u_int16_t filelen; 5886f1cbda7SRobert Watson u_int32_t timems; 5896f1cbda7SRobert Watson 5906f1cbda7SRobert Watson filelen = strlen(file); 5916f1cbda7SRobert Watson filelen += 1; 5926f1cbda7SRobert Watson 5936f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int32_t) + 5946f1cbda7SRobert Watson sizeof(u_int16_t) + filelen); 5956f1cbda7SRobert Watson 5966f1cbda7SRobert Watson timems = tm.tv_usec/1000; 5976f1cbda7SRobert Watson 5986f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_OTHER_FILE32); 5996f1cbda7SRobert Watson ADD_U_INT32(dptr, tm.tv_sec); 6006f1cbda7SRobert Watson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 6016f1cbda7SRobert Watson ADD_U_INT16(dptr, filelen); 6026f1cbda7SRobert Watson ADD_STRING(dptr, file, filelen); 6036f1cbda7SRobert Watson 6046f1cbda7SRobert Watson return (t); 6056f1cbda7SRobert Watson } 6066f1cbda7SRobert Watson 6076f1cbda7SRobert Watson /* 6086f1cbda7SRobert Watson * token ID 1 byte 6096f1cbda7SRobert Watson * text length 2 bytes 6106f1cbda7SRobert Watson * text N bytes + 1 terminating NULL byte 6116f1cbda7SRobert Watson */ 6126f1cbda7SRobert Watson token_t * 6136f1cbda7SRobert Watson au_to_text(const char *text) 6146f1cbda7SRobert Watson { 6156f1cbda7SRobert Watson token_t *t; 6166f1cbda7SRobert Watson u_char *dptr = NULL; 6176f1cbda7SRobert Watson u_int16_t textlen; 6186f1cbda7SRobert Watson 6196f1cbda7SRobert Watson textlen = strlen(text); 6206f1cbda7SRobert Watson textlen += 1; 6216f1cbda7SRobert Watson 6226f1cbda7SRobert Watson /* XXXRW: Should validate length against token size limit. */ 6236f1cbda7SRobert Watson 6246f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 6256f1cbda7SRobert Watson 6266f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_TEXT); 6276f1cbda7SRobert Watson ADD_U_INT16(dptr, textlen); 6286f1cbda7SRobert Watson ADD_STRING(dptr, text, textlen); 6296f1cbda7SRobert Watson 6306f1cbda7SRobert Watson return (t); 6316f1cbda7SRobert Watson } 6326f1cbda7SRobert Watson 6336f1cbda7SRobert Watson /* 6346f1cbda7SRobert Watson * token ID 1 byte 6356f1cbda7SRobert Watson * path length 2 bytes 6366f1cbda7SRobert Watson * path N bytes + 1 terminating NULL byte 6376f1cbda7SRobert Watson */ 6386f1cbda7SRobert Watson token_t * 6396f1cbda7SRobert Watson au_to_path(const char *text) 6406f1cbda7SRobert Watson { 6416f1cbda7SRobert Watson token_t *t; 6426f1cbda7SRobert Watson u_char *dptr = NULL; 6436f1cbda7SRobert Watson u_int16_t textlen; 6446f1cbda7SRobert Watson 6456f1cbda7SRobert Watson textlen = strlen(text); 6466f1cbda7SRobert Watson textlen += 1; 6476f1cbda7SRobert Watson 6486f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 6496f1cbda7SRobert Watson 6506f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_PATH); 6516f1cbda7SRobert Watson ADD_U_INT16(dptr, textlen); 6526f1cbda7SRobert Watson ADD_STRING(dptr, text, textlen); 6536f1cbda7SRobert Watson 6546f1cbda7SRobert Watson return (t); 6556f1cbda7SRobert Watson } 6566f1cbda7SRobert Watson 6576f1cbda7SRobert Watson /* 6586f1cbda7SRobert Watson * token ID 1 byte 6596f1cbda7SRobert Watson * audit ID 4 bytes 6606f1cbda7SRobert Watson * effective user ID 4 bytes 6616f1cbda7SRobert Watson * effective group ID 4 bytes 6626f1cbda7SRobert Watson * real user ID 4 bytes 6636f1cbda7SRobert Watson * real group ID 4 bytes 6646f1cbda7SRobert Watson * process ID 4 bytes 6656f1cbda7SRobert Watson * session ID 4 bytes 6666f1cbda7SRobert Watson * terminal ID 6676f1cbda7SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 6686f1cbda7SRobert Watson * machine address 4 bytes 6696f1cbda7SRobert Watson */ 6706f1cbda7SRobert Watson token_t * 6716f1cbda7SRobert Watson au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 6726f1cbda7SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 6736f1cbda7SRobert Watson { 6746f1cbda7SRobert Watson token_t *t; 6756f1cbda7SRobert Watson u_char *dptr = NULL; 6766f1cbda7SRobert Watson 6776f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); 6786f1cbda7SRobert Watson 6796f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS32); 6806f1cbda7SRobert Watson ADD_U_INT32(dptr, auid); 6816f1cbda7SRobert Watson ADD_U_INT32(dptr, euid); 6826f1cbda7SRobert Watson ADD_U_INT32(dptr, egid); 6836f1cbda7SRobert Watson ADD_U_INT32(dptr, ruid); 6846f1cbda7SRobert Watson ADD_U_INT32(dptr, rgid); 6856f1cbda7SRobert Watson ADD_U_INT32(dptr, pid); 6866f1cbda7SRobert Watson ADD_U_INT32(dptr, sid); 6876f1cbda7SRobert Watson ADD_U_INT32(dptr, tid->port); 6886f1cbda7SRobert Watson 6896f1cbda7SRobert Watson /* 6906f1cbda7SRobert Watson * Note: Solaris will write out IPv6 addresses here as a 32-bit 6916f1cbda7SRobert Watson * address type and 16 bytes of address, but for IPv4 addresses it 6926f1cbda7SRobert Watson * simply writes the 4-byte address directly. We support only IPv4 6936f1cbda7SRobert Watson * addresses for process32 tokens. 6946f1cbda7SRobert Watson */ 6956f1cbda7SRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 6966f1cbda7SRobert Watson 6976f1cbda7SRobert Watson return (t); 6986f1cbda7SRobert Watson } 6996f1cbda7SRobert Watson 7006f1cbda7SRobert Watson token_t * 7016f1cbda7SRobert Watson au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 7026f1cbda7SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 7036f1cbda7SRobert Watson { 7046f1cbda7SRobert Watson token_t *t; 7056f1cbda7SRobert Watson u_char *dptr = NULL; 7066f1cbda7SRobert Watson 7076f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) + 7086f1cbda7SRobert Watson sizeof(u_int64_t)); 7096f1cbda7SRobert Watson 7106f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS64); 7116f1cbda7SRobert Watson ADD_U_INT32(dptr, auid); 7126f1cbda7SRobert Watson ADD_U_INT32(dptr, euid); 7136f1cbda7SRobert Watson ADD_U_INT32(dptr, egid); 7146f1cbda7SRobert Watson ADD_U_INT32(dptr, ruid); 7156f1cbda7SRobert Watson ADD_U_INT32(dptr, rgid); 7166f1cbda7SRobert Watson ADD_U_INT32(dptr, pid); 7176f1cbda7SRobert Watson ADD_U_INT32(dptr, sid); 7186f1cbda7SRobert Watson ADD_U_INT64(dptr, tid->port); 7196f1cbda7SRobert Watson 7206f1cbda7SRobert Watson /* 7216f1cbda7SRobert Watson * Note: Solaris will write out IPv6 addresses here as a 32-bit 7226f1cbda7SRobert Watson * address type and 16 bytes of address, but for IPv4 addresses it 7236f1cbda7SRobert Watson * simply writes the 4-byte address directly. We support only IPv4 7246f1cbda7SRobert Watson * addresses for process64 tokens. 7256f1cbda7SRobert Watson */ 7266f1cbda7SRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 7276f1cbda7SRobert Watson 7286f1cbda7SRobert Watson return (t); 7296f1cbda7SRobert Watson } 7306f1cbda7SRobert Watson 7316f1cbda7SRobert Watson token_t * 7326f1cbda7SRobert Watson au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 7336f1cbda7SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 7346f1cbda7SRobert Watson { 7356f1cbda7SRobert Watson 7366f1cbda7SRobert Watson return (au_to_process32(auid, euid, egid, ruid, rgid, pid, sid, 7376f1cbda7SRobert Watson tid)); 7386f1cbda7SRobert Watson } 7396f1cbda7SRobert Watson 7406f1cbda7SRobert Watson /* 7416f1cbda7SRobert Watson * token ID 1 byte 7426f1cbda7SRobert Watson * audit ID 4 bytes 7436f1cbda7SRobert Watson * effective user ID 4 bytes 7446f1cbda7SRobert Watson * effective group ID 4 bytes 7456f1cbda7SRobert Watson * real user ID 4 bytes 7466f1cbda7SRobert Watson * real group ID 4 bytes 7476f1cbda7SRobert Watson * process ID 4 bytes 7486f1cbda7SRobert Watson * session ID 4 bytes 7496f1cbda7SRobert Watson * terminal ID 7506f1cbda7SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 7516f1cbda7SRobert Watson * address type-len 4 bytes 7526f1cbda7SRobert Watson * machine address 16 bytes 7536f1cbda7SRobert Watson */ 7546f1cbda7SRobert Watson token_t * 7556f1cbda7SRobert Watson au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 7566f1cbda7SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 7576f1cbda7SRobert Watson { 7586f1cbda7SRobert Watson token_t *t; 7596f1cbda7SRobert Watson u_char *dptr = NULL; 7606f1cbda7SRobert Watson 7616f1cbda7SRobert Watson KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6), 7626f1cbda7SRobert Watson ("au_to_process32_ex: type %u", (unsigned int)tid->at_type)); 7636f1cbda7SRobert Watson if (tid->at_type == AU_IPv4) 7646f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7656f1cbda7SRobert Watson 10 * sizeof(u_int32_t)); 7666f1cbda7SRobert Watson else 7676f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7686f1cbda7SRobert Watson 13 * sizeof(u_int32_t)); 7696f1cbda7SRobert Watson 7706f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS32_EX); 7716f1cbda7SRobert Watson ADD_U_INT32(dptr, auid); 7726f1cbda7SRobert Watson ADD_U_INT32(dptr, euid); 7736f1cbda7SRobert Watson ADD_U_INT32(dptr, egid); 7746f1cbda7SRobert Watson ADD_U_INT32(dptr, ruid); 7756f1cbda7SRobert Watson ADD_U_INT32(dptr, rgid); 7766f1cbda7SRobert Watson ADD_U_INT32(dptr, pid); 7776f1cbda7SRobert Watson ADD_U_INT32(dptr, sid); 7786f1cbda7SRobert Watson ADD_U_INT32(dptr, tid->at_port); 7796f1cbda7SRobert Watson ADD_U_INT32(dptr, tid->at_type); 7806f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 7816f1cbda7SRobert Watson if (tid->at_type == AU_IPv6) { 7826f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); 7836f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); 7846f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); 7856f1cbda7SRobert Watson } 7866f1cbda7SRobert Watson 7876f1cbda7SRobert Watson return (t); 7886f1cbda7SRobert Watson } 7896f1cbda7SRobert Watson 7906f1cbda7SRobert Watson token_t * 7916f1cbda7SRobert Watson au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 7926f1cbda7SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 7936f1cbda7SRobert Watson { 7946f1cbda7SRobert Watson token_t *t; 7956f1cbda7SRobert Watson u_char *dptr = NULL; 7966f1cbda7SRobert Watson 7976f1cbda7SRobert Watson if (tid->at_type == AU_IPv4) 7986f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7996f1cbda7SRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 8006f1cbda7SRobert Watson 2 * sizeof(u_int32_t)); 8016f1cbda7SRobert Watson else if (tid->at_type == AU_IPv6) 8026f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8036f1cbda7SRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 8046f1cbda7SRobert Watson 5 * sizeof(u_int32_t)); 8056f1cbda7SRobert Watson else 8066f1cbda7SRobert Watson panic("au_to_process64_ex: invalidate at_type (%d)", 8076f1cbda7SRobert Watson tid->at_type); 8086f1cbda7SRobert Watson 8096f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_PROCESS64_EX); 8106f1cbda7SRobert Watson ADD_U_INT32(dptr, auid); 8116f1cbda7SRobert Watson ADD_U_INT32(dptr, euid); 8126f1cbda7SRobert Watson ADD_U_INT32(dptr, egid); 8136f1cbda7SRobert Watson ADD_U_INT32(dptr, ruid); 8146f1cbda7SRobert Watson ADD_U_INT32(dptr, rgid); 8156f1cbda7SRobert Watson ADD_U_INT32(dptr, pid); 8166f1cbda7SRobert Watson ADD_U_INT32(dptr, sid); 8176f1cbda7SRobert Watson ADD_U_INT64(dptr, tid->at_port); 8186f1cbda7SRobert Watson ADD_U_INT32(dptr, tid->at_type); 8196f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 8206f1cbda7SRobert Watson if (tid->at_type == AU_IPv6) { 8216f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[1], sizeof(u_int32_t)); 8226f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[2], sizeof(u_int32_t)); 8236f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[3], sizeof(u_int32_t)); 8246f1cbda7SRobert Watson } 8256f1cbda7SRobert Watson 8266f1cbda7SRobert Watson return (t); 8276f1cbda7SRobert Watson } 8286f1cbda7SRobert Watson 8296f1cbda7SRobert Watson token_t * 8306f1cbda7SRobert Watson au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 8316f1cbda7SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 8326f1cbda7SRobert Watson { 8336f1cbda7SRobert Watson 8346f1cbda7SRobert Watson return (au_to_process32_ex(auid, euid, egid, ruid, rgid, pid, sid, 8356f1cbda7SRobert Watson tid)); 8366f1cbda7SRobert Watson } 8376f1cbda7SRobert Watson 838*7008be5bSPawel Jakub Dawidek token_t * 839*7008be5bSPawel Jakub Dawidek au_to_rights(cap_rights_t *rightsp) 840*7008be5bSPawel Jakub Dawidek { 841*7008be5bSPawel Jakub Dawidek token_t *t; 842*7008be5bSPawel Jakub Dawidek u_char *dptr; 843*7008be5bSPawel Jakub Dawidek int i; 844*7008be5bSPawel Jakub Dawidek 845*7008be5bSPawel Jakub Dawidek GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(*rightsp)); 846*7008be5bSPawel Jakub Dawidek 847*7008be5bSPawel Jakub Dawidek ADD_U_CHAR(dptr, AUT_RIGHTS); 848*7008be5bSPawel Jakub Dawidek for (i = 0; i < nitems(rightsp->cr_rights); i++) 849*7008be5bSPawel Jakub Dawidek ADD_U_INT64(dptr, rightsp->cr_rights[i]); 850*7008be5bSPawel Jakub Dawidek 851*7008be5bSPawel Jakub Dawidek return (t); 852*7008be5bSPawel Jakub Dawidek } 853*7008be5bSPawel Jakub Dawidek 8546f1cbda7SRobert Watson /* 8556f1cbda7SRobert Watson * token ID 1 byte 8566f1cbda7SRobert Watson * error status 1 byte 8576f1cbda7SRobert Watson * return value 4 bytes/8 bytes (32-bit/64-bit value) 8586f1cbda7SRobert Watson */ 8596f1cbda7SRobert Watson token_t * 8606f1cbda7SRobert Watson au_to_return32(char status, u_int32_t ret) 8616f1cbda7SRobert Watson { 8626f1cbda7SRobert Watson token_t *t; 8636f1cbda7SRobert Watson u_char *dptr = NULL; 8646f1cbda7SRobert Watson 8656f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int32_t)); 8666f1cbda7SRobert Watson 8676f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_RETURN32); 8686f1cbda7SRobert Watson ADD_U_CHAR(dptr, status); 8696f1cbda7SRobert Watson ADD_U_INT32(dptr, ret); 8706f1cbda7SRobert Watson 8716f1cbda7SRobert Watson return (t); 8726f1cbda7SRobert Watson } 8736f1cbda7SRobert Watson 8746f1cbda7SRobert Watson token_t * 8756f1cbda7SRobert Watson au_to_return64(char status, u_int64_t ret) 8766f1cbda7SRobert Watson { 8776f1cbda7SRobert Watson token_t *t; 8786f1cbda7SRobert Watson u_char *dptr = NULL; 8796f1cbda7SRobert Watson 8806f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, 2 * sizeof(u_char) + sizeof(u_int64_t)); 8816f1cbda7SRobert Watson 8826f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_RETURN64); 8836f1cbda7SRobert Watson ADD_U_CHAR(dptr, status); 8846f1cbda7SRobert Watson ADD_U_INT64(dptr, ret); 8856f1cbda7SRobert Watson 8866f1cbda7SRobert Watson return (t); 8876f1cbda7SRobert Watson } 8886f1cbda7SRobert Watson 8896f1cbda7SRobert Watson token_t * 8906f1cbda7SRobert Watson au_to_return(char status, u_int32_t ret) 8916f1cbda7SRobert Watson { 8926f1cbda7SRobert Watson 8936f1cbda7SRobert Watson return (au_to_return32(status, ret)); 8946f1cbda7SRobert Watson } 8956f1cbda7SRobert Watson 8966f1cbda7SRobert Watson /* 8976f1cbda7SRobert Watson * token ID 1 byte 8986f1cbda7SRobert Watson * sequence number 4 bytes 8996f1cbda7SRobert Watson */ 9006f1cbda7SRobert Watson token_t * 9016f1cbda7SRobert Watson au_to_seq(long audit_count) 9026f1cbda7SRobert Watson { 9036f1cbda7SRobert Watson token_t *t; 9046f1cbda7SRobert Watson u_char *dptr = NULL; 9056f1cbda7SRobert Watson 9066f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); 9076f1cbda7SRobert Watson 9086f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_SEQ); 9096f1cbda7SRobert Watson ADD_U_INT32(dptr, audit_count); 9106f1cbda7SRobert Watson 9116f1cbda7SRobert Watson return (t); 9126f1cbda7SRobert Watson } 9136f1cbda7SRobert Watson 9146f1cbda7SRobert Watson /* 9156f1cbda7SRobert Watson * token ID 1 byte 9166f1cbda7SRobert Watson * socket domain 2 bytes 9176f1cbda7SRobert Watson * socket type 2 bytes 9186f1cbda7SRobert Watson * address type 2 byte 9196f1cbda7SRobert Watson * local port 2 bytes 9206f1cbda7SRobert Watson * local address 4 bytes/16 bytes (IPv4/IPv6 address) 9216f1cbda7SRobert Watson * remote port 2 bytes 9226f1cbda7SRobert Watson * remote address 4 bytes/16 bytes (IPv4/IPv6 address) 9236f1cbda7SRobert Watson * 9246f1cbda7SRobert Watson * Domain and type arguments to this routine are assumed to already have been 9256f1cbda7SRobert Watson * converted to the BSM constant space, so we don't do that here. 9266f1cbda7SRobert Watson */ 9276f1cbda7SRobert Watson token_t * 9286f1cbda7SRobert Watson au_to_socket_ex(u_short so_domain, u_short so_type, 9296f1cbda7SRobert Watson struct sockaddr *sa_local, struct sockaddr *sa_remote) 9306f1cbda7SRobert Watson { 9316f1cbda7SRobert Watson token_t *t; 9326f1cbda7SRobert Watson u_char *dptr = NULL; 9336f1cbda7SRobert Watson struct sockaddr_in *sin; 9346f1cbda7SRobert Watson struct sockaddr_in6 *sin6; 9356f1cbda7SRobert Watson 9366f1cbda7SRobert Watson if (so_domain == AF_INET) 9376f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9386f1cbda7SRobert Watson 5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); 9396f1cbda7SRobert Watson else if (so_domain == AF_INET6) 9406f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9416f1cbda7SRobert Watson 5 * sizeof(u_int16_t) + 8 * sizeof(u_int32_t)); 9426f1cbda7SRobert Watson else 9436f1cbda7SRobert Watson return (NULL); 9446f1cbda7SRobert Watson 9456f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKET_EX); 9466f1cbda7SRobert Watson ADD_U_INT16(dptr, au_domain_to_bsm(so_domain)); 9476f1cbda7SRobert Watson ADD_U_INT16(dptr, au_socket_type_to_bsm(so_type)); 9486f1cbda7SRobert Watson if (so_domain == AF_INET) { 9496f1cbda7SRobert Watson ADD_U_INT16(dptr, AU_IPv4); 9506f1cbda7SRobert Watson sin = (struct sockaddr_in *)sa_local; 9516f1cbda7SRobert Watson ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t)); 9526f1cbda7SRobert Watson ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t)); 9536f1cbda7SRobert Watson sin = (struct sockaddr_in *)sa_remote; 9546f1cbda7SRobert Watson ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t)); 9556f1cbda7SRobert Watson ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t)); 9566f1cbda7SRobert Watson } else { 9576f1cbda7SRobert Watson ADD_U_INT16(dptr, AU_IPv6); 9586f1cbda7SRobert Watson sin6 = (struct sockaddr_in6 *)sa_local; 9596f1cbda7SRobert Watson ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t)); 9606f1cbda7SRobert Watson ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t)); 9616f1cbda7SRobert Watson sin6 = (struct sockaddr_in6 *)sa_remote; 9626f1cbda7SRobert Watson ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t)); 9636f1cbda7SRobert Watson ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t)); 9646f1cbda7SRobert Watson } 9656f1cbda7SRobert Watson 9666f1cbda7SRobert Watson return (t); 9676f1cbda7SRobert Watson } 9686f1cbda7SRobert Watson 9696f1cbda7SRobert Watson /* 9706f1cbda7SRobert Watson * Kernel-specific version of the above function. 9716f1cbda7SRobert Watson * 9726f1cbda7SRobert Watson * XXXRW: Should now use au_to_socket_ex() here. 9736f1cbda7SRobert Watson */ 9746f1cbda7SRobert Watson #ifdef _KERNEL 9756f1cbda7SRobert Watson token_t * 9766f1cbda7SRobert Watson kau_to_socket(struct socket_au_info *soi) 9776f1cbda7SRobert Watson { 9786f1cbda7SRobert Watson token_t *t; 9796f1cbda7SRobert Watson u_char *dptr; 9806f1cbda7SRobert Watson u_int16_t so_type; 9816f1cbda7SRobert Watson 9826f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) + 9836f1cbda7SRobert Watson sizeof(u_int32_t) + sizeof(u_int16_t) + sizeof(u_int32_t)); 9846f1cbda7SRobert Watson 9856f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKET); 9866f1cbda7SRobert Watson /* Coerce the socket type into a short value */ 9876f1cbda7SRobert Watson so_type = soi->so_type; 9886f1cbda7SRobert Watson ADD_U_INT16(dptr, so_type); 9896f1cbda7SRobert Watson ADD_U_INT16(dptr, soi->so_lport); 9906f1cbda7SRobert Watson ADD_U_INT32(dptr, soi->so_laddr); 9916f1cbda7SRobert Watson ADD_U_INT16(dptr, soi->so_rport); 9926f1cbda7SRobert Watson ADD_U_INT32(dptr, soi->so_raddr); 9936f1cbda7SRobert Watson 9946f1cbda7SRobert Watson return (t); 9956f1cbda7SRobert Watson } 9966f1cbda7SRobert Watson #endif 9976f1cbda7SRobert Watson 9986f1cbda7SRobert Watson /* 9996f1cbda7SRobert Watson * token ID 1 byte 10006f1cbda7SRobert Watson * socket family 2 bytes 10016f1cbda7SRobert Watson * path (up to) 104 bytes + NULL (NULL terminated string) 10026f1cbda7SRobert Watson */ 10036f1cbda7SRobert Watson token_t * 10046f1cbda7SRobert Watson au_to_sock_unix(struct sockaddr_un *so) 10056f1cbda7SRobert Watson { 10066f1cbda7SRobert Watson token_t *t; 10076f1cbda7SRobert Watson u_char *dptr; 10086f1cbda7SRobert Watson 10096f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + strlen(so->sun_path) + 1); 10106f1cbda7SRobert Watson 10116f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKUNIX); 10126f1cbda7SRobert Watson /* BSM token has two bytes for family */ 10136f1cbda7SRobert Watson ADD_U_CHAR(dptr, 0); 10146f1cbda7SRobert Watson ADD_U_CHAR(dptr, so->sun_family); 10156f1cbda7SRobert Watson ADD_STRING(dptr, so->sun_path, strlen(so->sun_path) + 1); 10166f1cbda7SRobert Watson 10176f1cbda7SRobert Watson return (t); 10186f1cbda7SRobert Watson } 10196f1cbda7SRobert Watson 10206f1cbda7SRobert Watson /* 10216f1cbda7SRobert Watson * token ID 1 byte 10226f1cbda7SRobert Watson * socket family 2 bytes 10236f1cbda7SRobert Watson * local port 2 bytes 10246f1cbda7SRobert Watson * socket address 4 bytes 10256f1cbda7SRobert Watson */ 10266f1cbda7SRobert Watson token_t * 10276f1cbda7SRobert Watson au_to_sock_inet32(struct sockaddr_in *so) 10286f1cbda7SRobert Watson { 10296f1cbda7SRobert Watson token_t *t; 10306f1cbda7SRobert Watson u_char *dptr = NULL; 10316f1cbda7SRobert Watson uint16_t family; 10326f1cbda7SRobert Watson 10336f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) + 10346f1cbda7SRobert Watson sizeof(uint32_t)); 10356f1cbda7SRobert Watson 10366f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKINET32); 10376f1cbda7SRobert Watson /* 10386f1cbda7SRobert Watson * BSM defines the family field as 16 bits, but many operating 10396f1cbda7SRobert Watson * systems have an 8-bit sin_family field. Extend to 16 bits before 10406f1cbda7SRobert Watson * writing into the token. Assume that both the port and the address 10416f1cbda7SRobert Watson * in the sockaddr_in are already in network byte order, but family 10426f1cbda7SRobert Watson * is in local byte order. 10436f1cbda7SRobert Watson * 10446f1cbda7SRobert Watson * XXXRW: Should a name space conversion be taking place on the value 10456f1cbda7SRobert Watson * of sin_family? 10466f1cbda7SRobert Watson */ 10476f1cbda7SRobert Watson family = so->sin_family; 10486f1cbda7SRobert Watson ADD_U_INT16(dptr, family); 10496f1cbda7SRobert Watson ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t)); 10506f1cbda7SRobert Watson ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t)); 10516f1cbda7SRobert Watson 10526f1cbda7SRobert Watson return (t); 10536f1cbda7SRobert Watson } 10546f1cbda7SRobert Watson 10556f1cbda7SRobert Watson token_t * 10566f1cbda7SRobert Watson au_to_sock_inet128(struct sockaddr_in6 *so) 10576f1cbda7SRobert Watson { 10586f1cbda7SRobert Watson token_t *t; 10596f1cbda7SRobert Watson u_char *dptr = NULL; 10606f1cbda7SRobert Watson 10616f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) + 10626f1cbda7SRobert Watson 4 * sizeof(u_int32_t)); 10636f1cbda7SRobert Watson 10646f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_SOCKINET128); 10656f1cbda7SRobert Watson /* 10666f1cbda7SRobert Watson * In BSD, sin6_family is one octet, but BSM defines the token to 10676f1cbda7SRobert Watson * store two. So we copy in a 0 first. XXXRW: Possibly should be 10686f1cbda7SRobert Watson * conditionally compiled. 10696f1cbda7SRobert Watson */ 10706f1cbda7SRobert Watson ADD_U_CHAR(dptr, 0); 10716f1cbda7SRobert Watson ADD_U_CHAR(dptr, so->sin6_family); 10726f1cbda7SRobert Watson 10736f1cbda7SRobert Watson ADD_U_INT16(dptr, so->sin6_port); 10746f1cbda7SRobert Watson ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t)); 10756f1cbda7SRobert Watson 10766f1cbda7SRobert Watson return (t); 10776f1cbda7SRobert Watson } 10786f1cbda7SRobert Watson 10796f1cbda7SRobert Watson token_t * 10806f1cbda7SRobert Watson au_to_sock_inet(struct sockaddr_in *so) 10816f1cbda7SRobert Watson { 10826f1cbda7SRobert Watson 10836f1cbda7SRobert Watson return (au_to_sock_inet32(so)); 10846f1cbda7SRobert Watson } 10856f1cbda7SRobert Watson 10866f1cbda7SRobert Watson /* 10876f1cbda7SRobert Watson * token ID 1 byte 10886f1cbda7SRobert Watson * audit ID 4 bytes 10896f1cbda7SRobert Watson * effective user ID 4 bytes 10906f1cbda7SRobert Watson * effective group ID 4 bytes 10916f1cbda7SRobert Watson * real user ID 4 bytes 10926f1cbda7SRobert Watson * real group ID 4 bytes 10936f1cbda7SRobert Watson * process ID 4 bytes 10946f1cbda7SRobert Watson * session ID 4 bytes 10956f1cbda7SRobert Watson * terminal ID 10966f1cbda7SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 10976f1cbda7SRobert Watson * machine address 4 bytes 10986f1cbda7SRobert Watson */ 10996f1cbda7SRobert Watson token_t * 11006f1cbda7SRobert Watson au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 11016f1cbda7SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 11026f1cbda7SRobert Watson { 11036f1cbda7SRobert Watson token_t *t; 11046f1cbda7SRobert Watson u_char *dptr = NULL; 11056f1cbda7SRobert Watson 11066f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t)); 11076f1cbda7SRobert Watson 11086f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT32); 11096f1cbda7SRobert Watson ADD_U_INT32(dptr, auid); 11106f1cbda7SRobert Watson ADD_U_INT32(dptr, euid); 11116f1cbda7SRobert Watson ADD_U_INT32(dptr, egid); 11126f1cbda7SRobert Watson ADD_U_INT32(dptr, ruid); 11136f1cbda7SRobert Watson ADD_U_INT32(dptr, rgid); 11146f1cbda7SRobert Watson ADD_U_INT32(dptr, pid); 11156f1cbda7SRobert Watson ADD_U_INT32(dptr, sid); 11166f1cbda7SRobert Watson ADD_U_INT32(dptr, tid->port); 11176f1cbda7SRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 11186f1cbda7SRobert Watson 11196f1cbda7SRobert Watson return (t); 11206f1cbda7SRobert Watson } 11216f1cbda7SRobert Watson 11226f1cbda7SRobert Watson token_t * 11236f1cbda7SRobert Watson au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 11246f1cbda7SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 11256f1cbda7SRobert Watson { 11266f1cbda7SRobert Watson token_t *t; 11276f1cbda7SRobert Watson u_char *dptr = NULL; 11286f1cbda7SRobert Watson 11296f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) + 11306f1cbda7SRobert Watson sizeof(u_int64_t) + sizeof(u_int32_t)); 11316f1cbda7SRobert Watson 11326f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT64); 11336f1cbda7SRobert Watson ADD_U_INT32(dptr, auid); 11346f1cbda7SRobert Watson ADD_U_INT32(dptr, euid); 11356f1cbda7SRobert Watson ADD_U_INT32(dptr, egid); 11366f1cbda7SRobert Watson ADD_U_INT32(dptr, ruid); 11376f1cbda7SRobert Watson ADD_U_INT32(dptr, rgid); 11386f1cbda7SRobert Watson ADD_U_INT32(dptr, pid); 11396f1cbda7SRobert Watson ADD_U_INT32(dptr, sid); 11406f1cbda7SRobert Watson ADD_U_INT64(dptr, tid->port); 11416f1cbda7SRobert Watson ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t)); 11426f1cbda7SRobert Watson 11436f1cbda7SRobert Watson return (t); 11446f1cbda7SRobert Watson } 11456f1cbda7SRobert Watson 11466f1cbda7SRobert Watson token_t * 11476f1cbda7SRobert Watson au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 11486f1cbda7SRobert Watson pid_t pid, au_asid_t sid, au_tid_t *tid) 11496f1cbda7SRobert Watson { 11506f1cbda7SRobert Watson 11516f1cbda7SRobert Watson return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 11526f1cbda7SRobert Watson tid)); 11536f1cbda7SRobert Watson } 11546f1cbda7SRobert Watson 11556f1cbda7SRobert Watson /* 11566f1cbda7SRobert Watson * token ID 1 byte 11576f1cbda7SRobert Watson * audit ID 4 bytes 11586f1cbda7SRobert Watson * effective user ID 4 bytes 11596f1cbda7SRobert Watson * effective group ID 4 bytes 11606f1cbda7SRobert Watson * real user ID 4 bytes 11616f1cbda7SRobert Watson * real group ID 4 bytes 11626f1cbda7SRobert Watson * process ID 4 bytes 11636f1cbda7SRobert Watson * session ID 4 bytes 11646f1cbda7SRobert Watson * terminal ID 11656f1cbda7SRobert Watson * port ID 4 bytes/8 bytes (32-bit/64-bit value) 11666f1cbda7SRobert Watson * address type/length 4 bytes 11676f1cbda7SRobert Watson * machine address 16 bytes 11686f1cbda7SRobert Watson */ 11696f1cbda7SRobert Watson token_t * 11706f1cbda7SRobert Watson au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 11716f1cbda7SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 11726f1cbda7SRobert Watson { 11736f1cbda7SRobert Watson token_t *t; 11746f1cbda7SRobert Watson u_char *dptr = NULL; 11756f1cbda7SRobert Watson 11766f1cbda7SRobert Watson KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6), 11776f1cbda7SRobert Watson ("au_to_subject32_ex: type %u", (unsigned int)tid->at_type)); 11786f1cbda7SRobert Watson 11796f1cbda7SRobert Watson if (tid->at_type == AU_IPv4) 11806f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * 11816f1cbda7SRobert Watson sizeof(u_int32_t)); 11826f1cbda7SRobert Watson else 11836f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * 11846f1cbda7SRobert Watson sizeof(u_int32_t)); 11856f1cbda7SRobert Watson 11866f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT32_EX); 11876f1cbda7SRobert Watson ADD_U_INT32(dptr, auid); 11886f1cbda7SRobert Watson ADD_U_INT32(dptr, euid); 11896f1cbda7SRobert Watson ADD_U_INT32(dptr, egid); 11906f1cbda7SRobert Watson ADD_U_INT32(dptr, ruid); 11916f1cbda7SRobert Watson ADD_U_INT32(dptr, rgid); 11926f1cbda7SRobert Watson ADD_U_INT32(dptr, pid); 11936f1cbda7SRobert Watson ADD_U_INT32(dptr, sid); 11946f1cbda7SRobert Watson ADD_U_INT32(dptr, tid->at_port); 11956f1cbda7SRobert Watson ADD_U_INT32(dptr, tid->at_type); 11966f1cbda7SRobert Watson if (tid->at_type == AU_IPv6) 11976f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); 11986f1cbda7SRobert Watson else 11996f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 12006f1cbda7SRobert Watson 12016f1cbda7SRobert Watson return (t); 12026f1cbda7SRobert Watson } 12036f1cbda7SRobert Watson 12046f1cbda7SRobert Watson token_t * 12056f1cbda7SRobert Watson au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 12066f1cbda7SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 12076f1cbda7SRobert Watson { 12086f1cbda7SRobert Watson token_t *t; 12096f1cbda7SRobert Watson u_char *dptr = NULL; 12106f1cbda7SRobert Watson 12116f1cbda7SRobert Watson KASSERT((tid->at_type == AU_IPv4) || (tid->at_type == AU_IPv6), 12126f1cbda7SRobert Watson ("au_to_subject64_ex: type %u", (unsigned int)tid->at_type)); 12136f1cbda7SRobert Watson 12146f1cbda7SRobert Watson if (tid->at_type == AU_IPv4) 12156f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 12166f1cbda7SRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 12176f1cbda7SRobert Watson 2 * sizeof(u_int32_t)); 12186f1cbda7SRobert Watson else 12196f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 12206f1cbda7SRobert Watson 7 * sizeof(u_int32_t) + sizeof(u_int64_t) + 12216f1cbda7SRobert Watson 5 * sizeof(u_int32_t)); 12226f1cbda7SRobert Watson 12236f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_SUBJECT64_EX); 12246f1cbda7SRobert Watson ADD_U_INT32(dptr, auid); 12256f1cbda7SRobert Watson ADD_U_INT32(dptr, euid); 12266f1cbda7SRobert Watson ADD_U_INT32(dptr, egid); 12276f1cbda7SRobert Watson ADD_U_INT32(dptr, ruid); 12286f1cbda7SRobert Watson ADD_U_INT32(dptr, rgid); 12296f1cbda7SRobert Watson ADD_U_INT32(dptr, pid); 12306f1cbda7SRobert Watson ADD_U_INT32(dptr, sid); 12316f1cbda7SRobert Watson ADD_U_INT64(dptr, tid->at_port); 12326f1cbda7SRobert Watson ADD_U_INT32(dptr, tid->at_type); 12336f1cbda7SRobert Watson if (tid->at_type == AU_IPv6) 12346f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); 12356f1cbda7SRobert Watson else 12366f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 12376f1cbda7SRobert Watson 12386f1cbda7SRobert Watson return (t); 12396f1cbda7SRobert Watson } 12406f1cbda7SRobert Watson 12416f1cbda7SRobert Watson token_t * 12426f1cbda7SRobert Watson au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, 12436f1cbda7SRobert Watson gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 12446f1cbda7SRobert Watson { 12456f1cbda7SRobert Watson 12466f1cbda7SRobert Watson return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid, 12476f1cbda7SRobert Watson tid)); 12486f1cbda7SRobert Watson } 12496f1cbda7SRobert Watson 12506f1cbda7SRobert Watson #if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS) 12516f1cbda7SRobert Watson /* 12526f1cbda7SRobert Watson * Collects audit information for the current process and creates a subject 12536f1cbda7SRobert Watson * token from it. 12546f1cbda7SRobert Watson */ 12556f1cbda7SRobert Watson token_t * 12566f1cbda7SRobert Watson au_to_me(void) 12576f1cbda7SRobert Watson { 12586f1cbda7SRobert Watson auditinfo_t auinfo; 12596f1cbda7SRobert Watson auditinfo_addr_t aia; 12606f1cbda7SRobert Watson 12616f1cbda7SRobert Watson /* 12626f1cbda7SRobert Watson * Try to use getaudit_addr(2) first. If this kernel does not support 12636f1cbda7SRobert Watson * it, then fall back on to getaudit(2). 12646f1cbda7SRobert Watson */ 12656f1cbda7SRobert Watson if (getaudit_addr(&aia, sizeof(aia)) != 0) { 12666f1cbda7SRobert Watson if (errno == ENOSYS) { 12676f1cbda7SRobert Watson if (getaudit(&auinfo) != 0) 12686f1cbda7SRobert Watson return (NULL); 12696f1cbda7SRobert Watson return (au_to_subject32(auinfo.ai_auid, geteuid(), 12706f1cbda7SRobert Watson getegid(), getuid(), getgid(), getpid(), 12716f1cbda7SRobert Watson auinfo.ai_asid, &auinfo.ai_termid)); 12726f1cbda7SRobert Watson } else { 12736f1cbda7SRobert Watson /* getaudit_addr(2) failed for some other reason. */ 12746f1cbda7SRobert Watson return (NULL); 12756f1cbda7SRobert Watson } 12766f1cbda7SRobert Watson } 12776f1cbda7SRobert Watson 12786f1cbda7SRobert Watson return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), 12796f1cbda7SRobert Watson getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); 12806f1cbda7SRobert Watson } 12816f1cbda7SRobert Watson #endif 12826f1cbda7SRobert Watson 12836f1cbda7SRobert Watson #if defined(_KERNEL) || defined(KERNEL) 12846f1cbda7SRobert Watson static token_t * 12856f1cbda7SRobert Watson au_to_exec_strings(char *strs, int count, u_char type) 12866f1cbda7SRobert Watson { 12876f1cbda7SRobert Watson token_t *t; 12886f1cbda7SRobert Watson u_char *dptr = NULL; 12896f1cbda7SRobert Watson u_int32_t totlen; 12906f1cbda7SRobert Watson int ctr; 12916f1cbda7SRobert Watson char *p; 12926f1cbda7SRobert Watson 12936f1cbda7SRobert Watson totlen = 0; 12946f1cbda7SRobert Watson ctr = count; 12956f1cbda7SRobert Watson p = strs; 12966f1cbda7SRobert Watson while (ctr-- > 0) { 12976f1cbda7SRobert Watson totlen += strlen(p) + 1; 12986f1cbda7SRobert Watson p = strs + totlen; 12996f1cbda7SRobert Watson } 13006f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 13016f1cbda7SRobert Watson ADD_U_CHAR(dptr, type); 13026f1cbda7SRobert Watson ADD_U_INT32(dptr, count); 13036f1cbda7SRobert Watson ADD_STRING(dptr, strs, totlen); 13046f1cbda7SRobert Watson 13056f1cbda7SRobert Watson return (t); 13066f1cbda7SRobert Watson } 13076f1cbda7SRobert Watson 13086f1cbda7SRobert Watson /* 13096f1cbda7SRobert Watson * token ID 1 byte 13106f1cbda7SRobert Watson * count 4 bytes 13116f1cbda7SRobert Watson * text count null-terminated strings 13126f1cbda7SRobert Watson */ 13136f1cbda7SRobert Watson token_t * 13146f1cbda7SRobert Watson au_to_exec_args(char *args, int argc) 13156f1cbda7SRobert Watson { 13166f1cbda7SRobert Watson 13176f1cbda7SRobert Watson return (au_to_exec_strings(args, argc, AUT_EXEC_ARGS)); 13186f1cbda7SRobert Watson } 13196f1cbda7SRobert Watson 13206f1cbda7SRobert Watson /* 13216f1cbda7SRobert Watson * token ID 1 byte 13226f1cbda7SRobert Watson * count 4 bytes 13236f1cbda7SRobert Watson * text count null-terminated strings 13246f1cbda7SRobert Watson */ 13256f1cbda7SRobert Watson token_t * 13266f1cbda7SRobert Watson au_to_exec_env(char *envs, int envc) 13276f1cbda7SRobert Watson { 13286f1cbda7SRobert Watson 13296f1cbda7SRobert Watson return (au_to_exec_strings(envs, envc, AUT_EXEC_ENV)); 13306f1cbda7SRobert Watson } 13316f1cbda7SRobert Watson #else 13326f1cbda7SRobert Watson /* 13336f1cbda7SRobert Watson * token ID 1 byte 13346f1cbda7SRobert Watson * count 4 bytes 13356f1cbda7SRobert Watson * text count null-terminated strings 13366f1cbda7SRobert Watson */ 13376f1cbda7SRobert Watson token_t * 13386f1cbda7SRobert Watson au_to_exec_args(char **argv) 13396f1cbda7SRobert Watson { 13406f1cbda7SRobert Watson token_t *t; 13416f1cbda7SRobert Watson u_char *dptr = NULL; 13426f1cbda7SRobert Watson const char *nextarg; 13436f1cbda7SRobert Watson int i, count = 0; 13446f1cbda7SRobert Watson size_t totlen = 0; 13456f1cbda7SRobert Watson 13466f1cbda7SRobert Watson nextarg = *argv; 13476f1cbda7SRobert Watson 13486f1cbda7SRobert Watson while (nextarg != NULL) { 13496f1cbda7SRobert Watson int nextlen; 13506f1cbda7SRobert Watson 13516f1cbda7SRobert Watson nextlen = strlen(nextarg); 13526f1cbda7SRobert Watson totlen += nextlen + 1; 13536f1cbda7SRobert Watson count++; 13546f1cbda7SRobert Watson nextarg = *(argv + count); 13556f1cbda7SRobert Watson } 13566f1cbda7SRobert Watson 13576f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 13586f1cbda7SRobert Watson 13596f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_EXEC_ARGS); 13606f1cbda7SRobert Watson ADD_U_INT32(dptr, count); 13616f1cbda7SRobert Watson 13626f1cbda7SRobert Watson for (i = 0; i < count; i++) { 13636f1cbda7SRobert Watson nextarg = *(argv + i); 13646f1cbda7SRobert Watson ADD_MEM(dptr, nextarg, strlen(nextarg) + 1); 13656f1cbda7SRobert Watson } 13666f1cbda7SRobert Watson 13676f1cbda7SRobert Watson return (t); 13686f1cbda7SRobert Watson } 13696f1cbda7SRobert Watson 13706f1cbda7SRobert Watson /* 13716f1cbda7SRobert Watson * token ID 1 byte 13726f1cbda7SRobert Watson * count 4 bytes 13736f1cbda7SRobert Watson * text count null-terminated strings 13746f1cbda7SRobert Watson */ 13756f1cbda7SRobert Watson token_t * 13766f1cbda7SRobert Watson au_to_exec_env(char **envp) 13776f1cbda7SRobert Watson { 13786f1cbda7SRobert Watson token_t *t; 13796f1cbda7SRobert Watson u_char *dptr = NULL; 13806f1cbda7SRobert Watson int i, count = 0; 13816f1cbda7SRobert Watson size_t totlen = 0; 13826f1cbda7SRobert Watson const char *nextenv; 13836f1cbda7SRobert Watson 13846f1cbda7SRobert Watson nextenv = *envp; 13856f1cbda7SRobert Watson 13866f1cbda7SRobert Watson while (nextenv != NULL) { 13876f1cbda7SRobert Watson int nextlen; 13886f1cbda7SRobert Watson 13896f1cbda7SRobert Watson nextlen = strlen(nextenv); 13906f1cbda7SRobert Watson totlen += nextlen + 1; 13916f1cbda7SRobert Watson count++; 13926f1cbda7SRobert Watson nextenv = *(envp + count); 13936f1cbda7SRobert Watson } 13946f1cbda7SRobert Watson 13956f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen); 13966f1cbda7SRobert Watson 13976f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_EXEC_ENV); 13986f1cbda7SRobert Watson ADD_U_INT32(dptr, count); 13996f1cbda7SRobert Watson 14006f1cbda7SRobert Watson for (i = 0; i < count; i++) { 14016f1cbda7SRobert Watson nextenv = *(envp + i); 14026f1cbda7SRobert Watson ADD_MEM(dptr, nextenv, strlen(nextenv) + 1); 14036f1cbda7SRobert Watson } 14046f1cbda7SRobert Watson 14056f1cbda7SRobert Watson return (t); 14066f1cbda7SRobert Watson } 14076f1cbda7SRobert Watson #endif 14086f1cbda7SRobert Watson 14096f1cbda7SRobert Watson /* 14106f1cbda7SRobert Watson * token ID 1 byte 14116f1cbda7SRobert Watson * zonename length 2 bytes 14126f1cbda7SRobert Watson * zonename N bytes + 1 terminating NULL byte 14136f1cbda7SRobert Watson */ 14146f1cbda7SRobert Watson token_t * 14156f1cbda7SRobert Watson au_to_zonename(const char *zonename) 14166f1cbda7SRobert Watson { 14176f1cbda7SRobert Watson u_char *dptr = NULL; 14186f1cbda7SRobert Watson u_int16_t textlen; 14196f1cbda7SRobert Watson token_t *t; 14206f1cbda7SRobert Watson 14216f1cbda7SRobert Watson textlen = strlen(zonename) + 1; 14226f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen); 14236f1cbda7SRobert Watson 14246f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_ZONENAME); 14256f1cbda7SRobert Watson ADD_U_INT16(dptr, textlen); 14266f1cbda7SRobert Watson ADD_STRING(dptr, zonename, textlen); 14276f1cbda7SRobert Watson return (t); 14286f1cbda7SRobert Watson } 14296f1cbda7SRobert Watson 14306f1cbda7SRobert Watson /* 14316f1cbda7SRobert Watson * token ID 1 byte 14326f1cbda7SRobert Watson * record byte count 4 bytes 14336f1cbda7SRobert Watson * version # 1 byte [2] 14346f1cbda7SRobert Watson * event type 2 bytes 14356f1cbda7SRobert Watson * event modifier 2 bytes 14366f1cbda7SRobert Watson * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 14376f1cbda7SRobert Watson * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 14386f1cbda7SRobert Watson */ 14396f1cbda7SRobert Watson token_t * 14406f1cbda7SRobert Watson au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 14416f1cbda7SRobert Watson struct timeval tm) 14426f1cbda7SRobert Watson { 14436f1cbda7SRobert Watson token_t *t; 14446f1cbda7SRobert Watson u_char *dptr = NULL; 14456f1cbda7SRobert Watson u_int32_t timems; 14466f1cbda7SRobert Watson 14476f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 14486f1cbda7SRobert Watson sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t)); 14496f1cbda7SRobert Watson 14506f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_HEADER32); 14516f1cbda7SRobert Watson ADD_U_INT32(dptr, rec_size); 14526f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 14536f1cbda7SRobert Watson ADD_U_INT16(dptr, e_type); 14546f1cbda7SRobert Watson ADD_U_INT16(dptr, e_mod); 14556f1cbda7SRobert Watson 14566f1cbda7SRobert Watson timems = tm.tv_usec/1000; 14576f1cbda7SRobert Watson /* Add the timestamp */ 14586f1cbda7SRobert Watson ADD_U_INT32(dptr, tm.tv_sec); 14596f1cbda7SRobert Watson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 14606f1cbda7SRobert Watson 14616f1cbda7SRobert Watson return (t); 14626f1cbda7SRobert Watson } 14636f1cbda7SRobert Watson 14646f1cbda7SRobert Watson /* 14656f1cbda7SRobert Watson * token ID 1 byte 14666f1cbda7SRobert Watson * record byte count 4 bytes 14676f1cbda7SRobert Watson * version # 1 byte [2] 14686f1cbda7SRobert Watson * event type 2 bytes 14696f1cbda7SRobert Watson * event modifier 2 bytes 14706f1cbda7SRobert Watson * address type/length 4 bytes 14716f1cbda7SRobert Watson * machine address 4 bytes/16 bytes (IPv4/IPv6 address) 14726f1cbda7SRobert Watson * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 14736f1cbda7SRobert Watson * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 14746f1cbda7SRobert Watson */ 14756f1cbda7SRobert Watson token_t * 14766f1cbda7SRobert Watson au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 14776f1cbda7SRobert Watson struct timeval tm, struct auditinfo_addr *aia) 14786f1cbda7SRobert Watson { 14796f1cbda7SRobert Watson token_t *t; 14806f1cbda7SRobert Watson u_char *dptr = NULL; 14816f1cbda7SRobert Watson u_int32_t timems; 14826f1cbda7SRobert Watson au_tid_addr_t *tid; 14836f1cbda7SRobert Watson 14846f1cbda7SRobert Watson tid = &aia->ai_termid; 14856f1cbda7SRobert Watson KASSERT(tid->at_type == AU_IPv4 || tid->at_type == AU_IPv6, 14866f1cbda7SRobert Watson ("au_to_header32_ex_tm: invalid address family")); 14876f1cbda7SRobert Watson 14886f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 14896f1cbda7SRobert Watson sizeof(u_char) + 2 * sizeof(u_int16_t) + 3 * 14906f1cbda7SRobert Watson sizeof(u_int32_t) + tid->at_type); 14916f1cbda7SRobert Watson 14926f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_HEADER32_EX); 14936f1cbda7SRobert Watson ADD_U_INT32(dptr, rec_size); 14946f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 14956f1cbda7SRobert Watson ADD_U_INT16(dptr, e_type); 14966f1cbda7SRobert Watson ADD_U_INT16(dptr, e_mod); 14976f1cbda7SRobert Watson 14986f1cbda7SRobert Watson ADD_U_INT32(dptr, tid->at_type); 14996f1cbda7SRobert Watson if (tid->at_type == AU_IPv6) 15006f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); 15016f1cbda7SRobert Watson else 15026f1cbda7SRobert Watson ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); 15036f1cbda7SRobert Watson timems = tm.tv_usec/1000; 15046f1cbda7SRobert Watson /* Add the timestamp */ 15056f1cbda7SRobert Watson ADD_U_INT32(dptr, tm.tv_sec); 15066f1cbda7SRobert Watson ADD_U_INT32(dptr, timems); /* We need time in ms. */ 15076f1cbda7SRobert Watson 15086f1cbda7SRobert Watson return (t); 15096f1cbda7SRobert Watson } 15106f1cbda7SRobert Watson 15116f1cbda7SRobert Watson token_t * 15126f1cbda7SRobert Watson au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod, 15136f1cbda7SRobert Watson struct timeval tm) 15146f1cbda7SRobert Watson { 15156f1cbda7SRobert Watson token_t *t; 15166f1cbda7SRobert Watson u_char *dptr = NULL; 15176f1cbda7SRobert Watson u_int32_t timems; 15186f1cbda7SRobert Watson 15196f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + 15206f1cbda7SRobert Watson sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int64_t)); 15216f1cbda7SRobert Watson 15226f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_HEADER64); 15236f1cbda7SRobert Watson ADD_U_INT32(dptr, rec_size); 15246f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUDIT_HEADER_VERSION_OPENBSM); 15256f1cbda7SRobert Watson ADD_U_INT16(dptr, e_type); 15266f1cbda7SRobert Watson ADD_U_INT16(dptr, e_mod); 15276f1cbda7SRobert Watson 15286f1cbda7SRobert Watson timems = tm.tv_usec/1000; 15296f1cbda7SRobert Watson /* Add the timestamp */ 15306f1cbda7SRobert Watson ADD_U_INT64(dptr, tm.tv_sec); 15316f1cbda7SRobert Watson ADD_U_INT64(dptr, timems); /* We need time in ms. */ 15326f1cbda7SRobert Watson 15336f1cbda7SRobert Watson return (t); 15346f1cbda7SRobert Watson } 15356f1cbda7SRobert Watson 15366f1cbda7SRobert Watson #if !defined(KERNEL) && !defined(_KERNEL) 15376f1cbda7SRobert Watson #ifdef HAVE_AUDIT_SYSCALLS 15386f1cbda7SRobert Watson token_t * 15396f1cbda7SRobert Watson au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) 15406f1cbda7SRobert Watson { 15416f1cbda7SRobert Watson struct timeval tm; 15426f1cbda7SRobert Watson struct auditinfo_addr aia; 15436f1cbda7SRobert Watson 15446f1cbda7SRobert Watson if (gettimeofday(&tm, NULL) == -1) 15456f1cbda7SRobert Watson return (NULL); 15466f1cbda7SRobert Watson if (audit_get_kaudit(&aia, sizeof(aia)) != 0) { 15476f1cbda7SRobert Watson if (errno != ENOSYS) 15486f1cbda7SRobert Watson return (NULL); 15496f1cbda7SRobert Watson return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); 15506f1cbda7SRobert Watson } 15516f1cbda7SRobert Watson return (au_to_header32_ex_tm(rec_size, e_type, e_mod, tm, &aia)); 15526f1cbda7SRobert Watson } 15536f1cbda7SRobert Watson #endif /* HAVE_AUDIT_SYSCALLS */ 15546f1cbda7SRobert Watson 15556f1cbda7SRobert Watson token_t * 15566f1cbda7SRobert Watson au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod) 15576f1cbda7SRobert Watson { 15586f1cbda7SRobert Watson struct timeval tm; 15596f1cbda7SRobert Watson 15606f1cbda7SRobert Watson if (gettimeofday(&tm, NULL) == -1) 15616f1cbda7SRobert Watson return (NULL); 15626f1cbda7SRobert Watson return (au_to_header32_tm(rec_size, e_type, e_mod, tm)); 15636f1cbda7SRobert Watson } 15646f1cbda7SRobert Watson 15656f1cbda7SRobert Watson token_t * 15666f1cbda7SRobert Watson au_to_header64(__unused int rec_size, __unused au_event_t e_type, 15676f1cbda7SRobert Watson __unused au_emod_t e_mod) 15686f1cbda7SRobert Watson { 15696f1cbda7SRobert Watson struct timeval tm; 15706f1cbda7SRobert Watson 15716f1cbda7SRobert Watson if (gettimeofday(&tm, NULL) == -1) 15726f1cbda7SRobert Watson return (NULL); 15736f1cbda7SRobert Watson return (au_to_header64_tm(rec_size, e_type, e_mod, tm)); 15746f1cbda7SRobert Watson } 15756f1cbda7SRobert Watson 15766f1cbda7SRobert Watson token_t * 15776f1cbda7SRobert Watson au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod) 15786f1cbda7SRobert Watson { 15796f1cbda7SRobert Watson 15806f1cbda7SRobert Watson return (au_to_header32(rec_size, e_type, e_mod)); 15816f1cbda7SRobert Watson } 15826f1cbda7SRobert Watson 15836f1cbda7SRobert Watson #ifdef HAVE_AUDIT_SYSCALLS 15846f1cbda7SRobert Watson token_t * 15856f1cbda7SRobert Watson au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod) 15866f1cbda7SRobert Watson { 15876f1cbda7SRobert Watson 15886f1cbda7SRobert Watson return (au_to_header32_ex(rec_size, e_type, e_mod)); 15896f1cbda7SRobert Watson } 15906f1cbda7SRobert Watson #endif /* HAVE_AUDIT_SYSCALLS */ 15916f1cbda7SRobert Watson #endif /* !defined(KERNEL) && !defined(_KERNEL) */ 15926f1cbda7SRobert Watson 15936f1cbda7SRobert Watson /* 15946f1cbda7SRobert Watson * token ID 1 byte 15956f1cbda7SRobert Watson * trailer magic number 2 bytes 15966f1cbda7SRobert Watson * record byte count 4 bytes 15976f1cbda7SRobert Watson */ 15986f1cbda7SRobert Watson token_t * 15996f1cbda7SRobert Watson au_to_trailer(int rec_size) 16006f1cbda7SRobert Watson { 16016f1cbda7SRobert Watson token_t *t; 16026f1cbda7SRobert Watson u_char *dptr = NULL; 16036f1cbda7SRobert Watson u_int16_t magic = AUT_TRAILER_MAGIC; 16046f1cbda7SRobert Watson 16056f1cbda7SRobert Watson GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + 16066f1cbda7SRobert Watson sizeof(u_int32_t)); 16076f1cbda7SRobert Watson 16086f1cbda7SRobert Watson ADD_U_CHAR(dptr, AUT_TRAILER); 16096f1cbda7SRobert Watson ADD_U_INT16(dptr, magic); 16106f1cbda7SRobert Watson ADD_U_INT32(dptr, rec_size); 16116f1cbda7SRobert Watson 16126f1cbda7SRobert Watson return (t); 16136f1cbda7SRobert Watson } 1614