1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27 /* 28 * Token processing for auditreduce. 29 */ 30 31 #include <locale.h> 32 #include <sys/zone.h> 33 #include "auditr.h" 34 #include "toktable.h" 35 36 extern int re_exec2(char *); 37 38 static void anchor_path(char *path); 39 static char *collapse_path(char *s); 40 static void get_string(adr_t *adr, char **p); 41 static int ipc_type_match(int flag, char type); 42 static void skip_string(adr_t *adr); 43 static int xgeneric(adr_t *adr); 44 45 #if AUDIT_REC 46 void 47 print_id(int id) 48 { 49 char *suffix; 50 51 if ((id < 0) || (id > MAXTOKEN) || 52 (tokentable[id].func == NOFUNC)) { 53 (void) fprintf(stderr, 54 "token_processing: token %d not found\n", id); 55 return; 56 } 57 58 switch (id) { 59 case AUT_NEWGROUPS: 60 suffix = "_new"; 61 break; 62 case AUT_ATTR32: 63 suffix = "32"; 64 break; 65 case AUT_ARG64: 66 case AUT_RETURN64: 67 case AUT_ATTR64: 68 case AUT_HEADER64: 69 case AUT_SUBJECT64: 70 case AUT_PROCESS64: 71 case AUT_OTHER_FILE64: 72 suffix = "64"; 73 break; 74 case AUT_SOCKET_EX: 75 case AUT_IN_ADDR_EX: 76 suffix = "_ex"; 77 break; 78 case AUT_HEADER32_EX: 79 case AUT_SUBJECT32_EX: 80 case AUT_PROCESS32_EX: 81 suffix = "32_ex"; 82 break; 83 case AUT_HEADER64_EX: 84 case AUT_SUBJECT64_EX: 85 case AUT_PROCESS64_EX: 86 suffix = "64_ex"; 87 break; 88 default: 89 suffix = ""; 90 break; 91 } 92 (void) fprintf(stderr, "token_processing: %s%s\n", 93 tokentable[id].t_name, suffix); 94 } 95 #endif /* AUDIT_REC */ 96 97 /* 98 * Process a token in a record to determine whether the record is interesting. 99 */ 100 101 int 102 token_processing(adr_t *adr, int tokenid) 103 { 104 if ((tokenid > 0) && (tokenid <= MAXTOKEN) && 105 (tokentable[tokenid].func != NOFUNC)) { 106 #if AUDIT_REC 107 print_id(tokenid); 108 #endif /* AUDIT_REC */ 109 return ((*tokentable[tokenid].func)(adr)); 110 } 111 112 /* here if token id is not in table */ 113 return (-2); 114 } 115 116 117 /* There should not be any file or header tokens in the middle of a record */ 118 119 /* ARGSUSED */ 120 int 121 file_token(adr_t *adr) 122 { 123 return (-2); 124 } 125 126 /* ARGSUSED */ 127 int 128 file64_token(adr_t *adr) 129 { 130 return (-2); 131 } 132 133 /* ARGSUSED */ 134 int 135 header_token(adr_t *adr) 136 { 137 return (-2); 138 } 139 140 /* ARGSUSED */ 141 int 142 header32_ex_token(adr_t *adr) 143 { 144 return (-2); 145 } 146 147 /* ARGSUSED */ 148 int 149 header64_ex_token(adr_t *adr) 150 { 151 return (-2); 152 } 153 154 /* ARGSUSED */ 155 int 156 header64_token(adr_t *adr) 157 { 158 return (-2); 159 } 160 161 162 /* 163 * ====================================================== 164 * The following token processing routines return 165 * -1: if the record is not interesting 166 * -2: if an error is found 167 * ====================================================== 168 */ 169 170 int 171 trailer_token(adr_t *adr) 172 { 173 short magic_number; 174 uint32_t bytes; 175 176 adrm_u_short(adr, (ushort_t *)&magic_number, 1); 177 if (magic_number != AUT_TRAILER_MAGIC) { 178 (void) fprintf(stderr, "%s\n", 179 gettext("auditreduce: Bad trailer token")); 180 return (-2); 181 } 182 adrm_u_int32(adr, &bytes, 1); 183 184 return (-1); 185 } 186 187 188 /* 189 * Format of arbitrary data token: 190 * arbitrary data token id adr char 191 * how to print adr_char 192 * basic unit adr_char 193 * unit count adr_char, specifying number of units of 194 * data items depends on basic unit 195 * 196 */ 197 int 198 arbitrary_data_token(adr_t *adr) 199 { 200 int i; 201 char c1; 202 short c2; 203 int32_t c3; 204 int64_t c4; 205 char how_to_print, basic_unit, unit_count; 206 207 /* get how_to_print, basic_unit, and unit_count */ 208 adrm_char(adr, &how_to_print, 1); 209 adrm_char(adr, &basic_unit, 1); 210 adrm_char(adr, &unit_count, 1); 211 for (i = 0; i < unit_count; i++) { 212 switch (basic_unit) { 213 /* case AUR_BYTE: has same value as AUR_CHAR */ 214 case AUR_CHAR: 215 adrm_char(adr, &c1, 1); 216 break; 217 case AUR_SHORT: 218 adrm_short(adr, &c2, 1); 219 break; 220 case AUR_INT32: 221 adrm_int32(adr, (int32_t *)&c3, 1); 222 break; 223 case AUR_INT64: 224 adrm_int64(adr, (int64_t *)&c4, 1); 225 break; 226 default: 227 return (-2); 228 break; 229 } 230 } 231 return (-1); 232 } 233 234 235 /* 236 * Format of opaque token: 237 * opaque token id adr_char 238 * size adr_short 239 * data adr_char, size times 240 * 241 */ 242 int 243 opaque_token(adr_t *adr) 244 { 245 skip_string(adr); 246 return (-1); 247 } 248 249 250 251 /* 252 * Format of return32 value token: 253 * return value token id adr_char 254 * error number adr_char 255 * return value adr_u_int32 256 * 257 */ 258 int 259 return_value32_token(adr_t *adr) 260 { 261 char errnum; 262 uint32_t value; 263 264 adrm_char(adr, &errnum, 1); 265 adrm_u_int32(adr, &value, 1); 266 if ((flags & M_SORF) && 267 ((global_class & mask.am_success) && (errnum == 0)) || 268 ((global_class & mask.am_failure) && (errnum != 0))) { 269 checkflags |= M_SORF; 270 } 271 return (-1); 272 } 273 274 /* 275 * Format of return64 value token: 276 * return value token id adr_char 277 * error number adr_char 278 * return value adr_u_int64 279 * 280 */ 281 int 282 return_value64_token(adr_t *adr) 283 { 284 char errnum; 285 uint64_t value; 286 287 adrm_char(adr, &errnum, 1); 288 adrm_u_int64(adr, &value, 1); 289 if ((flags & M_SORF) && 290 ((global_class & mask.am_success) && (errnum == 0)) || 291 ((global_class & mask.am_failure) && (errnum != 0))) { 292 checkflags |= M_SORF; 293 } 294 return (-1); 295 } 296 297 298 /* 299 * Format of sequence token: 300 * sequence token id adr_char 301 * audit_count int32_t 302 * 303 */ 304 int 305 sequence_token(adr_t *adr) 306 { 307 int32_t audit_count; 308 309 adrm_int32(adr, &audit_count, 1); 310 return (-1); 311 } 312 313 314 /* 315 * Format of text token: 316 * text token id adr_char 317 * text adr_string 318 * 319 */ 320 int 321 text_token(adr_t *adr) 322 { 323 skip_string(adr); 324 return (-1); 325 } 326 327 328 /* 329 * Format of ip_addr token: 330 * ip token id adr_char 331 * address adr_int32 332 * 333 */ 334 int 335 ip_addr_token(adr_t *adr) 336 { 337 int32_t address; 338 339 adrm_char(adr, (char *)&address, 4); 340 341 return (-1); 342 } 343 344 /* 345 * Format of ip_addr_ex token: 346 * ip token id adr_char 347 * ip type adr_int32 348 * address 4*adr_int32 349 * 350 */ 351 int 352 ip_addr_ex_token(adr_t *adr) 353 { 354 int32_t address[4]; 355 int32_t type; 356 357 adrm_int32(adr, (int32_t *)&type, 1); 358 adrm_int32(adr, (int32_t *)&address, 4); 359 360 return (-1); 361 } 362 363 /* 364 * Format of ip token: 365 * ip header token id adr_char 366 * version adr_char 367 * type of service adr_char 368 * length adr_short 369 * id adr_u_short 370 * offset adr_u_short 371 * ttl adr_char 372 * protocol adr_char 373 * checksum adr_u_short 374 * source address adr_int32 375 * destination address adr_int32 376 * 377 */ 378 int 379 ip_token(adr_t *adr) 380 { 381 char version; 382 char type; 383 short len; 384 unsigned short id, offset, checksum; 385 char ttl, protocol; 386 int32_t src, dest; 387 388 adrm_char(adr, &version, 1); 389 adrm_char(adr, &type, 1); 390 adrm_short(adr, &len, 1); 391 adrm_u_short(adr, &id, 1); 392 adrm_u_short(adr, &offset, 1); 393 adrm_char(adr, &ttl, 1); 394 adrm_char(adr, &protocol, 1); 395 adrm_u_short(adr, &checksum, 1); 396 adrm_char(adr, (char *)&src, 4); 397 adrm_char(adr, (char *)&dest, 4); 398 399 return (-1); 400 } 401 402 403 /* 404 * Format of iport token: 405 * ip port address token id adr_char 406 * port address adr_short 407 * 408 */ 409 int 410 iport_token(adr_t *adr) 411 { 412 short address; 413 414 adrm_short(adr, &address, 1); 415 416 return (-1); 417 } 418 419 420 /* 421 * Format of groups token: 422 * group token id adr_char 423 * group list adr_int32, 16 times 424 * 425 */ 426 int 427 group_token(adr_t *adr) 428 { 429 int gid[16]; 430 int i; 431 int flag = 0; 432 433 for (i = 0; i < 16; i++) { 434 adrm_int32(adr, (int32_t *)&gid[i], 1); 435 if (flags & M_GROUPR) { 436 if ((unsigned short)m_groupr == gid[i]) 437 flag = 1; 438 } 439 } 440 441 if (flags & M_GROUPR) { 442 if (flag) 443 checkflags |= M_GROUPR; 444 } 445 return (-1); 446 } 447 448 /* 449 * Format of newgroups token: 450 * group token id adr_char 451 * number of groups adr_short 452 * group list adr_int32, "number" times 453 * 454 */ 455 int 456 newgroup_token(adr_t *adr) 457 { 458 gid_t gid; 459 int i; 460 short int number; 461 462 adrm_short(adr, &number, 1); 463 464 for (i = 0; i < number; i++) { 465 adrm_int32(adr, (int32_t *)&gid, 1); 466 if (flags & M_GROUPR) { 467 if (m_groupr == gid) 468 checkflags |= M_GROUPR; 469 } 470 } 471 472 return (-1); 473 } 474 475 /* 476 * Format of argument32 token: 477 * argument token id adr_char 478 * argument number adr_char 479 * argument value adr_int32 480 * argument description adr_string 481 * 482 */ 483 int 484 argument32_token(adr_t *adr) 485 { 486 char arg_num; 487 int32_t arg_val; 488 489 adrm_char(adr, &arg_num, 1); 490 adrm_int32(adr, &arg_val, 1); 491 skip_string(adr); 492 493 return (-1); 494 } 495 496 /* 497 * Format of argument64 token: 498 * argument token id adr_char 499 * argument number adr_char 500 * argument value adr_int64 501 * argument description adr_string 502 * 503 */ 504 int 505 argument64_token(adr_t *adr) 506 { 507 char arg_num; 508 int64_t arg_val; 509 510 adrm_char(adr, &arg_num, 1); 511 adrm_int64(adr, &arg_val, 1); 512 skip_string(adr); 513 514 return (-1); 515 } 516 517 /* 518 * Format of acl token: 519 * acl token id adr_char 520 * acl type adr_u_int32 521 * acl value adr_u_int32 (depends on type) 522 * file mode adr_u_int (in octal) 523 */ 524 int 525 acl_token(adr_t *adr) 526 { 527 528 int32_t id; 529 int32_t mode; 530 int32_t type; 531 532 adrm_int32(adr, &type, 1); 533 adrm_int32(adr, &id, 1); 534 adrm_int32(adr, &mode, 1); 535 536 return (-1); 537 } 538 539 /* 540 * Format of ace token: 541 * ace token id adr_char 542 * ace who adr_u_int32 (uid/gid) 543 * access mask adr_u_int32 544 * ace flags adr_u_int16 545 * ace type adr_u_int16 546 */ 547 int 548 ace_token(adr_t *adr) 549 { 550 uid_t who; 551 uint32_t access_mask; 552 uint16_t flags, type; 553 554 adrm_uid(adr, &who, 1); 555 adrm_u_int32(adr, &access_mask, 1); 556 adrm_u_short(adr, &flags, 1); 557 adrm_u_short(adr, &type, 1); 558 559 return (-1); 560 } 561 562 /* 563 * Format of attribute token: (old pre SunOS 5.7 format) 564 * attribute token id adr_char 565 * mode adr_int32 (printed in octal) 566 * uid adr_int32 567 * gid adr_int32 568 * file system id adr_int32 569 * node id adr_int32 570 * device adr_int32 571 * 572 */ 573 int 574 attribute_token(adr_t *adr) 575 { 576 int32_t dev; 577 int32_t file_sysid; 578 int32_t gid; 579 int32_t mode; 580 int32_t nodeid; 581 int32_t uid; 582 583 adrm_int32(adr, &mode, 1); 584 adrm_int32(adr, &uid, 1); 585 adrm_int32(adr, &gid, 1); 586 adrm_int32(adr, &file_sysid, 1); 587 adrm_int32(adr, &nodeid, 1); 588 adrm_int32(adr, &dev, 1); 589 590 if (!new_mode && (flags & M_USERE)) { 591 if (m_usere == uid) 592 checkflags |= M_USERE; 593 } 594 if (!new_mode && (flags & M_GROUPE)) { 595 if (m_groupe == gid) 596 checkflags |= M_GROUPE; 597 } 598 599 if (flags & M_OBJECT) { 600 if ((obj_flag & OBJ_FGROUP) && 601 (obj_group == gid)) 602 checkflags |= M_OBJECT; 603 else if ((obj_flag & OBJ_FOWNER) && 604 (obj_owner == uid)) 605 checkflags |= M_OBJECT; 606 } 607 return (-1); 608 } 609 610 /* 611 * Format of attribute32 token: 612 * attribute token id adr_char 613 * mode adr_int32 (printed in octal) 614 * uid adr_int32 615 * gid adr_int32 616 * file system id adr_int32 617 * node id adr_int64 618 * device adr_int32 619 * 620 */ 621 int 622 attribute32_token(adr_t *adr) 623 { 624 int32_t dev; 625 int32_t file_sysid; 626 int32_t gid; 627 int32_t mode; 628 int64_t nodeid; 629 int32_t uid; 630 631 adrm_int32(adr, &mode, 1); 632 adrm_int32(adr, &uid, 1); 633 adrm_int32(adr, &gid, 1); 634 adrm_int32(adr, &file_sysid, 1); 635 adrm_int64(adr, &nodeid, 1); 636 adrm_int32(adr, &dev, 1); 637 638 if (!new_mode && (flags & M_USERE)) { 639 if (m_usere == uid) 640 checkflags |= M_USERE; 641 } 642 if (!new_mode && (flags & M_GROUPE)) { 643 if (m_groupe == gid) 644 checkflags |= M_GROUPE; 645 } 646 647 if (flags & M_OBJECT) { 648 if ((obj_flag & OBJ_FGROUP) && 649 (obj_group == gid)) 650 checkflags |= M_OBJECT; 651 else if ((obj_flag & OBJ_FOWNER) && 652 (obj_owner == uid)) 653 checkflags |= M_OBJECT; 654 } 655 return (-1); 656 } 657 658 /* 659 * Format of attribute64 token: 660 * attribute token id adr_char 661 * mode adr_int32 (printed in octal) 662 * uid adr_int32 663 * gid adr_int32 664 * file system id adr_int32 665 * node id adr_int64 666 * device adr_int64 667 * 668 */ 669 int 670 attribute64_token(adr_t *adr) 671 { 672 int64_t dev; 673 int32_t file_sysid; 674 int32_t gid; 675 int32_t mode; 676 int64_t nodeid; 677 int32_t uid; 678 679 adrm_int32(adr, &mode, 1); 680 adrm_int32(adr, &uid, 1); 681 adrm_int32(adr, &gid, 1); 682 adrm_int32(adr, &file_sysid, 1); 683 adrm_int64(adr, &nodeid, 1); 684 adrm_int64(adr, &dev, 1); 685 686 if (!new_mode && (flags & M_USERE)) { 687 if (m_usere == uid) 688 checkflags |= M_USERE; 689 } 690 if (!new_mode && (flags & M_GROUPE)) { 691 if (m_groupe == gid) 692 checkflags |= M_GROUPE; 693 } 694 695 if (flags & M_OBJECT) { 696 if ((obj_flag & OBJ_FGROUP) && 697 (obj_group == gid)) 698 checkflags |= M_OBJECT; 699 else if ((obj_flag & OBJ_FOWNER) && 700 (obj_owner == uid)) 701 checkflags |= M_OBJECT; 702 } 703 return (-1); 704 } 705 706 707 /* 708 * Format of command token: 709 * attribute token id adr_char 710 * argc adr_short 711 * argv len adr_short variable amount of argv len 712 * argv text argv len and text 713 * . 714 * . 715 * . 716 * envp count adr_short variable amount of envp len 717 * envp len adr_short and text 718 * envp text envp len 719 * . 720 * . 721 * . 722 * 723 */ 724 int 725 cmd_token(adr_t *adr) 726 { 727 short cnt; 728 short i; 729 730 adrm_short(adr, &cnt, 1); 731 732 for (i = 0; i < cnt; i++) 733 skip_string(adr); 734 735 adrm_short(adr, &cnt, 1); 736 737 for (i = 0; i < cnt; i++) 738 skip_string(adr); 739 740 return (-1); 741 } 742 743 744 /* 745 * Format of exit token: 746 * attribute token id adr_char 747 * return value adr_int32 748 * errno adr_int32 749 * 750 */ 751 int 752 exit_token(adr_t *adr) 753 { 754 int32_t retval; 755 int32_t errno; 756 757 adrm_int32(adr, &retval, 1); 758 adrm_int32(adr, &errno, 1); 759 return (-1); 760 } 761 762 /* 763 * Format of strings array token: 764 * token id adr_char 765 * count value adr_int32 766 * strings null terminated strings 767 */ 768 static int 769 strings_common_token(adr_t *adr) 770 { 771 int count, i; 772 char c; 773 774 adrm_int32(adr, (int32_t *)&count, 1); 775 for (i = 1; i <= count; i++) { 776 adrm_char(adr, &c, 1); 777 while (c != (char)0) 778 adrm_char(adr, &c, 1); 779 } 780 /* no dump option here, since we will have variable length fields */ 781 return (-1); 782 } 783 784 int 785 path_attr_token(adr_t *adr) 786 { 787 return (strings_common_token(adr)); 788 } 789 790 int 791 exec_args_token(adr_t *adr) 792 { 793 return (strings_common_token(adr)); 794 } 795 796 int 797 exec_env_token(adr_t *adr) 798 { 799 return (strings_common_token(adr)); 800 } 801 802 /* 803 * Format of liaison token: 804 */ 805 int 806 liaison_token(adr_t *adr) 807 { 808 int32_t li; 809 810 adrm_int32(adr, &li, 1); 811 return (-1); 812 } 813 814 815 /* 816 * Format of path token: 817 * path adr_string 818 */ 819 int 820 path_token(adr_t *adr) 821 { 822 if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) { 823 char *path; 824 825 get_string(adr, &path); 826 if (path[0] != '/') 827 /* 828 * anchor the path. user apps may not do it. 829 */ 830 anchor_path(path); 831 /* 832 * match against the collapsed path. that is what user sees. 833 */ 834 if (re_exec2(collapse_path(path)) == 1) 835 checkflags |= M_OBJECT; 836 free(path); 837 } else { 838 skip_string(adr); 839 } 840 return (-1); 841 } 842 843 844 /* 845 * Format of System V IPC permission token: 846 * System V IPC permission token id adr_char 847 * uid adr_int32 848 * gid adr_int32 849 * cuid adr_int32 850 * cgid adr_int32 851 * mode adr_int32 852 * seq adr_int32 853 * key adr_int32 854 */ 855 int 856 s5_IPC_perm_token(adr_t *adr) 857 { 858 int32_t uid, gid, cuid, cgid, mode, seq; 859 int32_t key; 860 861 adrm_int32(adr, &uid, 1); 862 adrm_int32(adr, &gid, 1); 863 adrm_int32(adr, &cuid, 1); 864 adrm_int32(adr, &cgid, 1); 865 adrm_int32(adr, &mode, 1); 866 adrm_int32(adr, &seq, 1); 867 adrm_int32(adr, &key, 1); 868 869 if (!new_mode && (flags & M_USERE)) { 870 if (m_usere == uid) 871 checkflags |= M_USERE; 872 } 873 874 if (!new_mode && (flags & M_USERE)) { 875 if (m_usere == cuid) 876 checkflags |= M_USERE; 877 } 878 879 if (!new_mode && (flags & M_GROUPR)) { 880 if (m_groupr == gid) 881 checkflags |= M_GROUPR; 882 } 883 884 if (!new_mode && (flags & M_GROUPR)) { 885 if (m_groupr == cgid) 886 checkflags |= M_GROUPR; 887 } 888 889 if ((flags & M_OBJECT) && 890 ((obj_owner == uid) || 891 (obj_owner == cuid) || 892 (obj_group == gid) || 893 (obj_group == cgid))) { 894 895 switch (obj_flag) { 896 case OBJ_MSGGROUP: 897 case OBJ_MSGOWNER: 898 if (ipc_type_match(OBJ_MSG, ipc_type)) 899 checkflags |= M_OBJECT; 900 break; 901 case OBJ_SEMGROUP: 902 case OBJ_SEMOWNER: 903 if (ipc_type_match(OBJ_SEM, ipc_type)) 904 checkflags |= M_OBJECT; 905 break; 906 case OBJ_SHMGROUP: 907 case OBJ_SHMOWNER: 908 if (ipc_type_match(OBJ_SHM, ipc_type)) 909 checkflags |= M_OBJECT; 910 break; 911 } 912 } 913 return (-1); 914 } 915 916 917 /* 918 * Format of process32 token: 919 * process token id adr_char 920 * auid adr_int32 921 * euid adr_int32 922 * egid adr_int32 923 * ruid adr_int32 924 * rgid adr_int32 925 * pid adr_int32 926 * sid adr_int32 927 * termid adr_int32*2 928 * 929 */ 930 int 931 process32_token(adr_t *adr) 932 { 933 int32_t auid, euid, egid, ruid, rgid, pid; 934 int32_t sid; 935 int32_t port, machine; 936 937 adrm_int32(adr, &auid, 1); 938 adrm_int32(adr, &euid, 1); 939 adrm_int32(adr, &egid, 1); 940 adrm_int32(adr, &ruid, 1); 941 adrm_int32(adr, &rgid, 1); 942 adrm_int32(adr, &pid, 1); 943 adrm_int32(adr, &sid, 1); 944 adrm_int32(adr, &port, 1); 945 adrm_int32(adr, &machine, 1); 946 947 if (!new_mode && (flags & M_USERA)) { 948 if (m_usera == auid) 949 checkflags |= M_USERA; 950 } 951 if (!new_mode && (flags & M_USERE)) { 952 if (m_usere == euid) 953 checkflags |= M_USERE; 954 } 955 if (!new_mode && (flags & M_USERR)) { 956 if (m_userr == ruid) 957 checkflags |= M_USERR; 958 } 959 if (!new_mode && (flags & M_GROUPR)) { 960 if (m_groupr == rgid) 961 checkflags |= M_GROUPR; 962 } 963 if (!new_mode && (flags & M_GROUPE)) { 964 if (m_groupe == egid) 965 checkflags |= M_GROUPE; 966 } 967 968 if (flags & M_OBJECT) { 969 if ((obj_flag & OBJ_PROC) && 970 (obj_id == pid)) { 971 checkflags |= M_OBJECT; 972 } else if ((obj_flag & OBJ_PGROUP) && 973 ((obj_group == egid) || 974 (obj_group == rgid))) { 975 checkflags |= M_OBJECT; 976 } else if ((obj_flag & OBJ_POWNER) && 977 ((obj_owner == euid) || 978 (obj_group == ruid))) { 979 checkflags |= M_OBJECT; 980 } 981 } 982 return (-1); 983 } 984 985 /* 986 * Format of process32 token: 987 * process token id adr_char 988 * auid adr_int32 989 * euid adr_int32 990 * egid adr_int32 991 * ruid adr_int32 992 * rgid adr_int32 993 * pid adr_int32 994 * sid adr_int32 995 * termid adr_int32*6 996 * 997 */ 998 int 999 process32_ex_token(adr_t *adr) 1000 { 1001 int32_t auid, euid, egid, ruid, rgid, pid; 1002 int32_t sid; 1003 int32_t port, type, addr[4]; 1004 1005 adrm_int32(adr, &auid, 1); 1006 adrm_int32(adr, &euid, 1); 1007 adrm_int32(adr, &egid, 1); 1008 adrm_int32(adr, &ruid, 1); 1009 adrm_int32(adr, &rgid, 1); 1010 adrm_int32(adr, &pid, 1); 1011 adrm_int32(adr, &sid, 1); 1012 adrm_int32(adr, &port, 1); 1013 adrm_int32(adr, &type, 1); 1014 adrm_int32(adr, &addr[0], 4); 1015 1016 if (!new_mode && (flags & M_USERA)) { 1017 if (m_usera == auid) 1018 checkflags = checkflags | M_USERA; 1019 } 1020 if (!new_mode && (flags & M_USERE)) { 1021 if (m_usere == euid) 1022 checkflags = checkflags | M_USERE; 1023 } 1024 if (!new_mode && (flags & M_USERR)) { 1025 if (m_userr == ruid) 1026 checkflags = checkflags | M_USERR; 1027 } 1028 if (!new_mode && (flags & M_GROUPR)) { 1029 if (m_groupr == egid) 1030 checkflags = checkflags | M_GROUPR; 1031 } 1032 if (!new_mode && (flags & M_GROUPE)) { 1033 if (m_groupe == egid) 1034 checkflags = checkflags | M_GROUPE; 1035 } 1036 1037 if (flags & M_OBJECT) { 1038 if ((obj_flag & OBJ_PROC) && 1039 (obj_id == pid)) { 1040 checkflags = checkflags | M_OBJECT; 1041 } else if ((obj_flag & OBJ_PGROUP) && 1042 ((obj_group == egid) || 1043 (obj_group == rgid))) { 1044 checkflags = checkflags | M_OBJECT; 1045 } else if ((obj_flag & OBJ_POWNER) && 1046 ((obj_owner == euid) || 1047 (obj_group == ruid))) { 1048 checkflags = checkflags | M_OBJECT; 1049 } 1050 } 1051 return (-1); 1052 } 1053 1054 /* 1055 * Format of process64 token: 1056 * process token id adr_char 1057 * auid adr_int32 1058 * euid adr_int32 1059 * egid adr_int32 1060 * ruid adr_int32 1061 * rgid adr_int32 1062 * pid adr_int32 1063 * sid adr_int32 1064 * termid adr_int64+adr_int32 1065 * 1066 */ 1067 int 1068 process64_token(adr_t *adr) 1069 { 1070 int32_t auid, euid, egid, ruid, rgid, pid; 1071 int32_t sid; 1072 int64_t port; 1073 int32_t machine; 1074 1075 adrm_int32(adr, &auid, 1); 1076 adrm_int32(adr, &euid, 1); 1077 adrm_int32(adr, &egid, 1); 1078 adrm_int32(adr, &ruid, 1); 1079 adrm_int32(adr, &rgid, 1); 1080 adrm_int32(adr, &pid, 1); 1081 adrm_int32(adr, &sid, 1); 1082 adrm_int64(adr, &port, 1); 1083 adrm_int32(adr, &machine, 1); 1084 1085 if (!new_mode && (flags & M_USERA)) { 1086 if (m_usera == auid) 1087 checkflags |= M_USERA; 1088 } 1089 if (!new_mode && (flags & M_USERE)) { 1090 if (m_usere == euid) 1091 checkflags |= M_USERE; 1092 } 1093 if (!new_mode && (flags & M_USERR)) { 1094 if (m_userr == ruid) 1095 checkflags |= M_USERR; 1096 } 1097 if (!new_mode && (flags & M_GROUPR)) { 1098 if (m_groupr == rgid) 1099 checkflags |= M_GROUPR; 1100 } 1101 if (!new_mode && (flags & M_GROUPE)) { 1102 if (m_groupe == egid) 1103 checkflags |= M_GROUPE; 1104 } 1105 1106 if (flags & M_OBJECT) { 1107 if ((obj_flag & OBJ_PROC) && 1108 (obj_id == pid)) { 1109 checkflags |= M_OBJECT; 1110 } else if ((obj_flag & OBJ_PGROUP) && 1111 ((obj_group == egid) || 1112 (obj_group == rgid))) { 1113 checkflags |= M_OBJECT; 1114 } else if ((obj_flag & OBJ_POWNER) && 1115 ((obj_owner == euid) || 1116 (obj_group == ruid))) { 1117 checkflags |= M_OBJECT; 1118 } 1119 } 1120 return (-1); 1121 } 1122 1123 /* 1124 * Format of process64 token: 1125 * process token id adr_char 1126 * auid adr_int32 1127 * euid adr_int32 1128 * egid adr_int32 1129 * ruid adr_int32 1130 * rgid adr_int32 1131 * pid adr_int32 1132 * sid adr_int32 1133 * termid adr_int64+5*adr_int32 1134 * 1135 */ 1136 int 1137 process64_ex_token(adr_t *adr) 1138 { 1139 int32_t auid, euid, egid, ruid, rgid, pid; 1140 int32_t sid; 1141 int64_t port; 1142 int32_t type, addr[4]; 1143 1144 adrm_int32(adr, &auid, 1); 1145 adrm_int32(adr, &euid, 1); 1146 adrm_int32(adr, &egid, 1); 1147 adrm_int32(adr, &ruid, 1); 1148 adrm_int32(adr, &rgid, 1); 1149 adrm_int32(adr, &pid, 1); 1150 adrm_int32(adr, &sid, 1); 1151 adrm_int64(adr, &port, 1); 1152 adrm_int32(adr, &type, 1); 1153 adrm_int32(adr, &addr[0], 4); 1154 1155 if (!new_mode && (flags & M_USERA)) { 1156 if (m_usera == auid) 1157 checkflags = checkflags | M_USERA; 1158 } 1159 if (!new_mode && (flags & M_USERE)) { 1160 if (m_usere == euid) 1161 checkflags = checkflags | M_USERE; 1162 } 1163 if (!new_mode && (flags & M_USERR)) { 1164 if (m_userr == ruid) 1165 checkflags = checkflags | M_USERR; 1166 } 1167 if (!new_mode && (flags & M_GROUPR)) { 1168 if (m_groupr == egid) 1169 checkflags = checkflags | M_GROUPR; 1170 } 1171 if (!new_mode && (flags & M_GROUPE)) { 1172 if (m_groupe == egid) 1173 checkflags = checkflags | M_GROUPE; 1174 } 1175 1176 if (flags & M_OBJECT) { 1177 if ((obj_flag & OBJ_PROC) && 1178 (obj_id == pid)) { 1179 checkflags = checkflags | M_OBJECT; 1180 } else if ((obj_flag & OBJ_PGROUP) && 1181 ((obj_group == egid) || 1182 (obj_group == rgid))) { 1183 checkflags = checkflags | M_OBJECT; 1184 } else if ((obj_flag & OBJ_POWNER) && 1185 ((obj_owner == euid) || 1186 (obj_group == ruid))) { 1187 checkflags = checkflags | M_OBJECT; 1188 } 1189 } 1190 return (-1); 1191 } 1192 1193 /* 1194 * Format of System V IPC token: 1195 * System V IPC token id adr_char 1196 * object id adr_int32 1197 * 1198 */ 1199 int 1200 s5_IPC_token(adr_t *adr) 1201 { 1202 int32_t ipc_id; 1203 1204 adrm_char(adr, &ipc_type, 1); /* Global */ 1205 adrm_int32(adr, &ipc_id, 1); 1206 1207 if ((flags & M_OBJECT) && 1208 ipc_type_match(obj_flag, ipc_type) && 1209 (obj_id == ipc_id)) 1210 checkflags |= M_OBJECT; 1211 1212 return (-1); 1213 } 1214 1215 1216 /* 1217 * Format of socket token: 1218 * socket_type adrm_short 1219 * remote_port adrm_short 1220 * remote_inaddr adrm_int32 1221 * 1222 */ 1223 int 1224 socket_token(adr_t *adr) 1225 { 1226 short socket_type; 1227 short remote_port; 1228 int32_t remote_inaddr; 1229 1230 adrm_short(adr, &socket_type, 1); 1231 adrm_short(adr, &remote_port, 1); 1232 adrm_char(adr, (char *)&remote_inaddr, 4); 1233 1234 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1235 if (socket_flag == SOCKFLG_MACHINE) { 1236 if (remote_inaddr == obj_id) 1237 checkflags |= M_OBJECT; 1238 } else if (socket_flag == SOCKFLG_PORT) { 1239 if (remote_port == obj_id) 1240 checkflags |= M_OBJECT; 1241 } 1242 } 1243 return (-1); 1244 } 1245 1246 1247 /* 1248 * Format of socket token: 1249 * socket_type adrm_short 1250 * remote_port adrm_short 1251 * remote_inaddr adrm_int32 1252 * 1253 */ 1254 int 1255 socket_ex_token(adr_t *adr) 1256 { 1257 short socket_domain; 1258 short socket_type; 1259 short ip_size; 1260 short local_port; 1261 int32_t local_inaddr[4]; 1262 short remote_port; 1263 int32_t remote_inaddr[4]; 1264 1265 adrm_short(adr, &socket_domain, 1); 1266 adrm_short(adr, &socket_type, 1); 1267 adrm_short(adr, &ip_size, 1); 1268 1269 /* validate ip size */ 1270 if ((ip_size != AU_IPv6) && (ip_size != AU_IPv4)) 1271 return (0); 1272 1273 adrm_short(adr, &local_port, 1); 1274 adrm_char(adr, (char *)local_inaddr, ip_size); 1275 1276 adrm_short(adr, &remote_port, 1); 1277 adrm_char(adr, (char *)remote_inaddr, ip_size); 1278 1279 /* if IP type mis-match, then nothing to do */ 1280 if (ip_size != ip_type) 1281 return (-1); 1282 1283 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1284 if (socket_flag == SOCKFLG_MACHINE) { 1285 if (ip_type == AU_IPv4) { 1286 if ((local_inaddr[0] == obj_id) || 1287 (remote_inaddr[0] == obj_id)) 1288 checkflags |= M_OBJECT; 1289 } else { 1290 if (((local_inaddr[0] == ip_ipv6[0]) && 1291 (local_inaddr[1] == ip_ipv6[1]) && 1292 (local_inaddr[2] == ip_ipv6[2]) && 1293 (local_inaddr[3] == ip_ipv6[3])) || 1294 ((remote_inaddr[0] == ip_ipv6[0]) && 1295 (remote_inaddr[1] == ip_ipv6[1]) && 1296 (remote_inaddr[2] == ip_ipv6[2]) && 1297 (remote_inaddr[3] == ip_ipv6[3]))) 1298 checkflags |= M_OBJECT; 1299 } 1300 } else if (socket_flag == SOCKFLG_PORT) { 1301 if ((local_port == obj_id) || (remote_port == obj_id)) 1302 checkflags |= M_OBJECT; 1303 } 1304 } 1305 return (-1); 1306 } 1307 1308 1309 /* 1310 * Format of subject32 token: 1311 * subject token id adr_char 1312 * auid adr_int32 1313 * euid adr_int32 1314 * egid adr_int32 1315 * ruid adr_int32 1316 * rgid adr_int32 1317 * pid adr_int32 1318 * sid adr_int32 1319 * termid adr_int32*2 1320 * 1321 */ 1322 int 1323 subject32_token(adr_t *adr) 1324 { 1325 int32_t auid, euid, egid, ruid, rgid, pid; 1326 int32_t sid; 1327 int32_t port, machine; 1328 1329 adrm_int32(adr, &auid, 1); 1330 adrm_int32(adr, &euid, 1); 1331 adrm_int32(adr, &egid, 1); 1332 adrm_int32(adr, &ruid, 1); 1333 adrm_int32(adr, &rgid, 1); 1334 adrm_int32(adr, &pid, 1); 1335 adrm_int32(adr, &sid, 1); 1336 adrm_int32(adr, &port, 1); 1337 adrm_int32(adr, &machine, 1); 1338 1339 if (flags & M_SUBJECT) { 1340 if (subj_id == pid) 1341 checkflags |= M_SUBJECT; 1342 } 1343 if (flags & M_USERA) { 1344 if (m_usera == auid) 1345 checkflags |= M_USERA; 1346 } 1347 if (flags & M_USERE) { 1348 if (m_usere == euid) 1349 checkflags |= M_USERE; 1350 } 1351 if (flags & M_USERR) { 1352 if (m_userr == ruid) 1353 checkflags |= M_USERR; 1354 } 1355 if (flags & M_GROUPR) { 1356 if (m_groupr == rgid) 1357 checkflags |= M_GROUPR; 1358 } 1359 if (flags & M_GROUPE) { 1360 if (m_groupe == egid) 1361 checkflags |= M_GROUPE; 1362 } 1363 if (flags & M_SID) { 1364 if (m_sid == (au_asid_t)sid) 1365 checkflags |= M_SID; 1366 } 1367 return (-1); 1368 } 1369 1370 /* 1371 * Format of subject32_ex token: 1372 * subject token id adr_char 1373 * auid adr_int32 1374 * euid adr_int32 1375 * egid adr_int32 1376 * ruid adr_int32 1377 * rgid adr_int32 1378 * pid adr_int32 1379 * sid adr_int32 1380 * termid_addr adr_int32*6 1381 * 1382 */ 1383 int 1384 subject32_ex_token(adr_t *adr) 1385 { 1386 int32_t auid, euid, egid, ruid, rgid, pid; 1387 int32_t sid; 1388 int32_t port, type, addr[4]; 1389 1390 adrm_int32(adr, &auid, 1); 1391 adrm_int32(adr, &euid, 1); 1392 adrm_int32(adr, &egid, 1); 1393 adrm_int32(adr, &ruid, 1); 1394 adrm_int32(adr, &rgid, 1); 1395 adrm_int32(adr, &pid, 1); 1396 adrm_int32(adr, &sid, 1); 1397 adrm_int32(adr, &port, 1); 1398 adrm_int32(adr, &type, 1); 1399 adrm_int32(adr, &addr[0], 4); 1400 1401 if (flags & M_SUBJECT) { 1402 if (subj_id == pid) 1403 checkflags = checkflags | M_SUBJECT; 1404 } 1405 if (flags & M_USERA) { 1406 if (m_usera == auid) 1407 checkflags = checkflags | M_USERA; 1408 } 1409 if (flags & M_USERE) { 1410 if (m_usere == euid) 1411 checkflags = checkflags | M_USERE; 1412 } 1413 if (flags & M_USERR) { 1414 if (m_userr == ruid) 1415 checkflags = checkflags | M_USERR; 1416 } 1417 if (flags & M_GROUPR) { 1418 if (m_groupr == egid) 1419 checkflags = checkflags | M_GROUPR; 1420 } 1421 if (flags & M_GROUPE) { 1422 if (m_groupe == egid) 1423 checkflags = checkflags | M_GROUPE; 1424 } 1425 if (flags & M_SID) { 1426 if (m_sid == (au_asid_t)sid) 1427 checkflags = checkflags | M_SID; 1428 } 1429 return (-1); 1430 } 1431 1432 /* 1433 * Format of subject64 token: 1434 * subject token id adr_char 1435 * auid adr_int32 1436 * euid adr_int32 1437 * egid adr_int32 1438 * ruid adr_int32 1439 * rgid adr_int32 1440 * pid adr_int32 1441 * sid adr_int32 1442 * termid adr_int64+adr_int32 1443 * 1444 */ 1445 int 1446 subject64_token(adr_t *adr) 1447 { 1448 int32_t auid, euid, egid, ruid, rgid, pid; 1449 int32_t sid; 1450 int64_t port; 1451 int32_t machine; 1452 1453 adrm_int32(adr, &auid, 1); 1454 adrm_int32(adr, &euid, 1); 1455 adrm_int32(adr, &egid, 1); 1456 adrm_int32(adr, &ruid, 1); 1457 adrm_int32(adr, &rgid, 1); 1458 adrm_int32(adr, &pid, 1); 1459 adrm_int32(adr, &sid, 1); 1460 adrm_int64(adr, &port, 1); 1461 adrm_int32(adr, &machine, 1); 1462 1463 if (flags & M_SUBJECT) { 1464 if (subj_id == pid) 1465 checkflags |= M_SUBJECT; 1466 } 1467 if (flags & M_USERA) { 1468 if (m_usera == auid) 1469 checkflags |= M_USERA; 1470 } 1471 if (flags & M_USERE) { 1472 if (m_usere == euid) 1473 checkflags |= M_USERE; 1474 } 1475 if (flags & M_USERR) { 1476 if (m_userr == ruid) 1477 checkflags |= M_USERR; 1478 } 1479 if (flags & M_GROUPR) { 1480 if (m_groupr == rgid) 1481 checkflags |= M_GROUPR; 1482 } 1483 if (flags & M_GROUPE) { 1484 if (m_groupe == egid) 1485 checkflags |= M_GROUPE; 1486 } 1487 if (flags & M_SID) { 1488 if (m_sid == (au_asid_t)sid) 1489 checkflags |= M_SID; 1490 } 1491 return (-1); 1492 } 1493 1494 /* 1495 * Format of subject64 token: 1496 * subject token id adr_char 1497 * auid adr_int32 1498 * euid adr_int32 1499 * egid adr_int32 1500 * ruid adr_int32 1501 * rgid adr_int32 1502 * pid adr_int32 1503 * sid adr_int32 1504 * termid adr_int64+5*adr_int32 1505 * 1506 */ 1507 int 1508 subject64_ex_token(adr_t *adr) 1509 { 1510 int32_t auid, euid, egid, ruid, rgid, pid; 1511 int32_t sid; 1512 int64_t port; 1513 int32_t type, addr[4]; 1514 1515 adrm_int32(adr, &auid, 1); 1516 adrm_int32(adr, &euid, 1); 1517 adrm_int32(adr, &egid, 1); 1518 adrm_int32(adr, &ruid, 1); 1519 adrm_int32(adr, &rgid, 1); 1520 adrm_int32(adr, &pid, 1); 1521 adrm_int32(adr, &sid, 1); 1522 adrm_int64(adr, &port, 1); 1523 adrm_int32(adr, &type, 1); 1524 adrm_int32(adr, &addr[0], 4); 1525 1526 if (flags & M_SUBJECT) { 1527 if (subj_id == pid) 1528 checkflags = checkflags | M_SUBJECT; 1529 } 1530 if (flags & M_USERA) { 1531 if (m_usera == auid) 1532 checkflags = checkflags | M_USERA; 1533 } 1534 if (flags & M_USERE) { 1535 if (m_usere == euid) 1536 checkflags = checkflags | M_USERE; 1537 } 1538 if (flags & M_USERR) { 1539 if (m_userr == ruid) 1540 checkflags = checkflags | M_USERR; 1541 } 1542 if (flags & M_GROUPR) { 1543 if (m_groupr == egid) 1544 checkflags = checkflags | M_GROUPR; 1545 } 1546 if (flags & M_GROUPE) { 1547 if (m_groupe == egid) 1548 checkflags = checkflags | M_GROUPE; 1549 } 1550 if (flags & M_SID) { 1551 if (m_sid == (au_asid_t)sid) 1552 checkflags = checkflags | M_SID; 1553 } 1554 return (-1); 1555 } 1556 1557 /* 1558 * ----------------------------------------------------------------------- 1559 * tid_token(): Process tid token and display contents 1560 * 1561 * Format of tid token: 1562 * tid token id adr_char 1563 * address type adr_char 1564 * For address type of AU_IPADR... 1565 * remote port adr_short 1566 * local port adr_short 1567 * IP type adr_int32 1568 * IP addr adr_int32 if IPv4 1569 * IP addr 4 x adr_int32 if IPv6 1570 * address types other than AU_IPADR are not yet defined 1571 * ----------------------------------------------------------------------- 1572 */ 1573 int 1574 tid_token(adr_t *adr) 1575 { 1576 int32_t address[4]; 1577 int32_t ip_type; 1578 char tid_type; 1579 short rport; 1580 short lport; 1581 1582 adrm_char(adr, &tid_type, 1); 1583 switch (tid_type) { 1584 case AU_IPADR: 1585 adrm_short(adr, &rport, 1); 1586 adrm_short(adr, &lport, 1); 1587 adrm_int32(adr, &ip_type, 1); 1588 adrm_char(adr, (char *)&address, ip_type); 1589 break; 1590 default: 1591 return (0); 1592 } 1593 return (-1); 1594 } 1595 1596 /* 1597 * ----------------------------------------------------------------------- 1598 * zonename_token(): Process zonename token and display contents 1599 * 1600 * Format of zonename token: 1601 * zonename token id adr_char 1602 * zone name adr_string 1603 * ----------------------------------------------------------------------- 1604 */ 1605 int 1606 zonename_token(adr_t *adr) 1607 { 1608 char *name; 1609 1610 if (flags & M_ZONENAME) { 1611 get_string(adr, &name); 1612 if (strncmp(zonename, name, ZONENAME_MAX) == 0) 1613 checkflags |= M_ZONENAME; 1614 free(name); 1615 } else { 1616 skip_string(adr); 1617 } 1618 return (-1); 1619 } 1620 1621 /* 1622 * fmri_token(): 1623 * 1624 * Format of fmri token: 1625 * fmri adr_string 1626 */ 1627 int 1628 fmri_token(adr_t *adr) 1629 { 1630 if ((flags & M_OBJECT) && (obj_flag == OBJ_FMRI)) { 1631 char *fmri_name; 1632 1633 get_string(adr, &fmri_name); 1634 1635 /* match token against service instance */ 1636 if (scf_cmp_pattern(fmri_name, &fmri) == 1) { 1637 checkflags |= M_OBJECT; 1638 } 1639 free(fmri_name); 1640 } else { 1641 skip_string(adr); 1642 } 1643 return (-1); 1644 } 1645 1646 /* 1647 * Format of xatom token: 1648 */ 1649 int 1650 xatom_token(adr_t *adr) 1651 { 1652 skip_string(adr); 1653 1654 return (-1); 1655 } 1656 1657 /* 1658 * Format of xselect token: 1659 */ 1660 int 1661 xselect_token(adr_t *adr) 1662 { 1663 skip_string(adr); 1664 skip_string(adr); 1665 skip_string(adr); 1666 1667 return (-1); 1668 } 1669 1670 /* 1671 * anchor a path name with a slash 1672 * assume we have enough space 1673 */ 1674 void 1675 anchor_path(char *path) 1676 { 1677 (void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1); 1678 *path = '/'; 1679 } 1680 1681 1682 /* 1683 * copy path to collapsed path. 1684 * collapsed path does not contain: 1685 * successive slashes 1686 * instances of dot-slash 1687 * instances of dot-dot-slash 1688 * passed path must be anchored with a '/' 1689 */ 1690 char * 1691 collapse_path(char *s) 1692 { 1693 int id; /* index of where we are in destination string */ 1694 int is; /* index of where we are in source string */ 1695 int slashseen; /* have we seen a slash */ 1696 int ls; /* length of source string */ 1697 1698 ls = strlen(s) + 1; 1699 1700 slashseen = 0; 1701 for (is = 0, id = 0; is < ls; is++) { 1702 /* thats all folks, we've reached the end of input */ 1703 if (s[is] == '\0') { 1704 if (id > 1 && s[id-1] == '/') { 1705 --id; 1706 } 1707 s[id++] = '\0'; 1708 break; 1709 } 1710 /* previous character was a / */ 1711 if (slashseen) { 1712 if (s[is] == '/') 1713 continue; /* another slash, ignore it */ 1714 } else if (s[is] == '/') { 1715 /* we see a /, just copy it and try again */ 1716 slashseen = 1; 1717 s[id++] = '/'; 1718 continue; 1719 } 1720 /* /./ seen */ 1721 if (s[is] == '.' && s[is+1] == '/') { 1722 is += 1; 1723 continue; 1724 } 1725 /* XXX/. seen */ 1726 if (s[is] == '.' && s[is+1] == '\0') { 1727 if (id > 1) 1728 id--; 1729 continue; 1730 } 1731 /* XXX/.. seen */ 1732 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') { 1733 is += 1; 1734 if (id > 0) 1735 id--; 1736 while (id > 0 && s[--id] != '/') 1737 ; 1738 id++; 1739 continue; 1740 } 1741 /* XXX/../ seen */ 1742 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') { 1743 is += 2; 1744 if (id > 0) 1745 id--; 1746 while (id > 0 && s[--id] != '/') 1747 ; 1748 id++; 1749 continue; 1750 } 1751 while (is < ls && (s[id++] = s[is++]) != '/') 1752 ; 1753 is--; 1754 } 1755 return (s); 1756 } 1757 1758 1759 int 1760 ipc_type_match(int flag, char type) 1761 { 1762 if (flag == OBJ_SEM && type == AT_IPC_SEM) 1763 return (1); 1764 1765 if (flag == OBJ_MSG && type == AT_IPC_MSG) 1766 return (1); 1767 1768 if (flag == OBJ_SHM && type == AT_IPC_SHM) 1769 return (1); 1770 1771 return (0); 1772 } 1773 1774 1775 void 1776 skip_string(adr_t *adr) 1777 { 1778 ushort_t c; 1779 1780 adrm_u_short(adr, &c, 1); 1781 adr->adr_now += c; 1782 } 1783 1784 1785 void 1786 get_string(adr_t *adr, char **p) 1787 { 1788 ushort_t c; 1789 1790 adrm_u_short(adr, &c, 1); 1791 *p = a_calloc(1, (size_t)c); 1792 adrm_char(adr, *p, c); 1793 } 1794 1795 1796 /* 1797 * Format of host token: 1798 * host ard_uint32 1799 */ 1800 int 1801 host_token(adr_t *adr) 1802 { 1803 uint32_t host; 1804 1805 adrm_u_int32(adr, &host, 1); 1806 1807 return (-1); 1808 } 1809 1810 /* 1811 * Format of useofauth token: 1812 * uauth token id adr_char 1813 * uauth adr_string 1814 * 1815 */ 1816 int 1817 useofauth_token(adr_t *adr) 1818 { 1819 skip_string(adr); 1820 return (-1); 1821 } 1822 1823 int 1824 xcolormap_token(adr_t *adr) 1825 { 1826 return (xgeneric(adr)); 1827 } 1828 1829 int 1830 xcursor_token(adr_t *adr) 1831 { 1832 return (xgeneric(adr)); 1833 } 1834 1835 int 1836 xfont_token(adr_t *adr) 1837 { 1838 return (xgeneric(adr)); 1839 } 1840 1841 int 1842 xgc_token(adr_t *adr) 1843 { 1844 return (xgeneric(adr)); 1845 } 1846 1847 int 1848 xpixmap_token(adr_t *adr) 1849 { 1850 return (xgeneric(adr)); 1851 } 1852 1853 int 1854 xwindow_token(adr_t *adr) 1855 { 1856 return (xgeneric(adr)); 1857 } 1858 1859 1860 /* 1861 * Format of xgeneric token: 1862 * XID adr_int32 1863 * creator UID adr_int32 1864 * 1865 * Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow 1866 */ 1867 int 1868 xgeneric(adr_t *adr) 1869 { 1870 int32_t xid; 1871 int32_t uid; 1872 1873 adrm_int32(adr, &xid, 1); 1874 adrm_int32(adr, &uid, 1); 1875 1876 if (flags & M_USERE) { 1877 if (m_usere == uid) 1878 checkflags = checkflags | M_USERE; 1879 } 1880 1881 return (-1); 1882 } 1883 1884 1885 /* 1886 * Format of xproperty token: 1887 * XID adr_int32 1888 * creator UID adr_int32 1889 * atom string adr_string 1890 */ 1891 int 1892 xproperty_token(adr_t *adr) 1893 { 1894 int32_t xid; 1895 int32_t uid; 1896 1897 adrm_int32(adr, &xid, 1); 1898 adrm_int32(adr, &uid, 1); 1899 skip_string(adr); 1900 1901 if (flags & M_USERE) { 1902 if (m_usere == uid) 1903 checkflags = checkflags | M_USERE; 1904 } 1905 1906 return (-1); 1907 } 1908 1909 1910 /* 1911 * Format of xclient token: 1912 * xclient id adr_int32 1913 */ 1914 int 1915 xclient_token(adr_t *adr) 1916 { 1917 int32_t client_id; 1918 1919 adrm_int32(adr, &client_id, 1); 1920 1921 return (-1); 1922 } 1923 1924 /* 1925 * Format of privilege set token: 1926 * priv_set type string 1927 * priv_set string 1928 */ 1929 1930 int 1931 privilege_token(adr_t *adr) 1932 { 1933 skip_string(adr); /* set type name */ 1934 skip_string(adr); /* privilege set */ 1935 return (-1); 1936 } 1937 1938 /* 1939 * Format of label token: 1940 * label ID 1 byte 1941 * compartment length 1 byte 1942 * classification 2 bytes 1943 * compartment words <compartment length> * 4 bytes 1944 */ 1945 int 1946 label_token(adr_t *adr) 1947 { 1948 static m_label_t *label = NULL; 1949 static size_t l_size; 1950 int len; 1951 1952 if (label == NULL) { 1953 label = m_label_alloc(MAC_LABEL); 1954 l_size = blabel_size() - 4; 1955 } 1956 1957 if (label == NULL) { 1958 /* out of memory, should never happen; skip label */ 1959 char l; /* length */ 1960 1961 adr->adr_now += sizeof (char); 1962 adrm_char(adr, (char *)&l, 1); 1963 adr->adr_now += sizeof (short) + (4 * l); 1964 return (-1); 1965 } 1966 1967 adrm_char(adr, (char *)label, 4); 1968 len = (int)(((char *)label)[1] * 4); 1969 if (len > l_size) { 1970 return (-1); 1971 } 1972 adrm_char(adr, &((char *)label)[4], len); 1973 1974 if (flags & M_LABEL) { 1975 if (blinrange(label, m_label)) 1976 checkflags = checkflags | M_LABEL; 1977 } 1978 1979 return (-1); 1980 } 1981 1982 1983 /* 1984 * Format of useofpriv token: 1985 * success/failure adr_char 1986 * privilege(s) adr_string 1987 */ 1988 /* ARGSUSED */ 1989 int 1990 useofpriv_token(adr_t *adr) 1991 { 1992 char flag; 1993 1994 adrm_char(adr, &flag, 1); 1995 skip_string(adr); 1996 return (-1); 1997 } 1998