xref: /illumos-gate/usr/src/cmd/praudit/token.c (revision aa92d85b088543197e9fb4594eb30d5215fca2c1)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <ctype.h>
29 #include <dirent.h>
30 #include <grp.h>
31 #include <libintl.h>
32 #include <limits.h>
33 #include <locale.h>
34 #include <pwd.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <sys/types.h>
39 #include <sys/inttypes.h>
40 #include <sys/file.h>
41 #include <sys/param.h>
42 #include <sys/uio.h>
43 #include <sys/stat.h>
44 #include <sys/acl.h>
45 #include <sys/socket.h>
46 #include <sys/errno.h>
47 #include <sys/ipc.h>
48 #include <sys/sem.h>
49 #include <sys/systm.h>
50 #include <netinet/in.h>
51 #include <sys/tiuser.h>
52 #include <rpc/types.h>
53 #include <rpc/auth.h>
54 #include <rpc/auth_unix.h>
55 #include <rpc/svc.h>
56 #include <rpc/xdr.h>
57 #include <nfs/nfs.h>
58 #include <sys/fs/ufs_quota.h>
59 #include <sys/time.h>
60 #include <sys/mkdev.h>
61 #include <unistd.h>
62 
63 #include <bsm/audit.h>
64 #include <bsm/audit_record.h>
65 #include <bsm/libbsm.h>
66 
67 #include <tsol/label.h>
68 
69 #include "praudit.h"
70 #include "toktable.h"
71 
72 #include <netdb.h>
73 #include <arpa/inet.h>
74 
75 static char *anchor_path(char *);
76 static char *collapse_path(char *);
77 
78 
79 /*
80  * -----------------------------------------------------------------------
81  * is_file_token:
82  *		  Tests whether the specified token id represents a type
83  *		  of file token.
84  * return codes :  1 - tokenid is a file token type
85  *		:  0 - otherwise
86  * -----------------------------------------------------------------------
87  */
88 int
89 is_file_token(int tokenid)
90 {
91 	if ((tokenid == AUT_OTHER_FILE32) || (tokenid == AUT_OTHER_FILE64))
92 		return (1);
93 
94 	return (0);
95 }
96 
97 /*
98  * -----------------------------------------------------------------------
99  * is_header_token:
100  *		  Tests whether the specified token id represents a type
101  *		  of header token (signifying the start of a record).
102  * return codes :  1 - tokenid is a header type
103  *		:  0 - otherwise
104  * -----------------------------------------------------------------------
105  */
106 int
107 is_header_token(int tokenid)
108 {
109 	if ((tokenid == AUT_OHEADER) || (tokenid == AUT_HEADER32) ||
110 	    (tokenid == AUT_HEADER32_EX) || (tokenid == AUT_HEADER64) ||
111 	    (tokenid == AUT_HEADER64_EX))
112 		return (1);
113 
114 	return (0);
115 }
116 
117 /*
118  * -----------------------------------------------------------------------
119  * is_token:
120  *		  Tests whether the specified token id represents a true
121  *		  token, as opposed to a regular tag.
122  * return codes :  1 - tokenid is a true token
123  *		:  0 - otherwise
124  * -----------------------------------------------------------------------
125  */
126 int
127 is_token(int tokenid)
128 {
129 	if ((tokenid > 0) && (tokenid <= MAXTOKEN))
130 		return (1);
131 
132 	return (0);
133 }
134 
135 
136 /*
137  * -----------------------------------------------------------------------
138  * exit_token() 	: Process information label token and display contents
139  * return codes		: -1 - error
140  *			:  0 - successful
141  * NOTE: At the time of call, the label token id has been retrieved
142  *
143  * Format of exit token:
144  *	exit token id		adr_char
145  * -----------------------------------------------------------------------
146  */
147 int
148 exit_token(pr_context_t *context)
149 {
150 	int	returnstat;
151 	int	retval;
152 	uval_t	uval;
153 
154 	if ((returnstat = open_tag(context, TAG_ERRVAL)) != 0)
155 		return (returnstat);
156 
157 	if ((returnstat = pr_adr_int32(context, (int32_t *)&retval, 1)) == 0) {
158 		if (!(context->format & PRF_RAWM)) {
159 			char *emsg = strerror(retval);
160 
161 			if (emsg == NULL)
162 				uval.string_val = gettext("Unknown errno");
163 			else
164 				uval.string_val = gettext(emsg);
165 			uval.uvaltype = PRA_STRING;
166 		} else {
167 			uval.uvaltype = PRA_INT32;
168 			uval.int32_val = retval;
169 		}
170 		returnstat = pa_print(context, &uval, 0);
171 	}
172 	if (returnstat == 0)
173 		returnstat = close_tag(context, TAG_ERRVAL);
174 
175 	return (process_tag(context, TAG_RETVAL, returnstat, 1));
176 }
177 
178 /*
179  * ------------------------------------------------------------------
180  * file_token()	: prints out seconds of time and other file name
181  * return codes : -1 - error
182  *		:  0 - successful, valid file token fields
183  * At the time of entry, the file token ID has already been retrieved
184  *
185  * Format of file token:
186  *	file token id		adr_char
187  *	seconds of time		adr_u_int
188  *	name of other file	adr_string
189  * ------------------------------------------------------------------
190  */
191 int
192 file_token(pr_context_t *context)
193 {
194 	int	returnstat;
195 
196 	returnstat = pa_utime32(context, 0, 0);		/* time from usecs */
197 
198 	/* other file name */
199 	returnstat = pa_file_string(context, returnstat, 1);
200 
201 	return (returnstat);
202 }
203 
204 int
205 file64_token(pr_context_t *context)
206 {
207 	int	returnstat;
208 
209 	returnstat = pa_utime64(context, 0, 0);		/* time from usecs */
210 
211 	/* other file name */
212 	returnstat = pa_file_string(context, returnstat, 1);
213 
214 	return (returnstat);
215 }
216 
217 /*
218  * -----------------------------------------------------------------------
219  * header_token()	: Process record header token and display contents
220  * return codes		: -1 - error
221  *			:  0 - successful
222  *			:  1 - warning, password entry not found
223  *
224  * NOTE: At the time of call, the header token id has been retrieved
225  *
226  * Format of header token:
227  *	header token id 	adr_char
228  * 	record byte count	adr_u_int
229  *	event type		adr_u_short (printed either ASCII or raw)
230  *	event class		adr_u_int   (printed either ASCII or raw)
231  *	event action		adr_u_int
232  *	if extended:		extended host name (IPv4/IPv6)
233  *	seconds of time		adr_u_int   (printed either ASCII or raw)
234  *	nanoseconds of time	adr_u_int
235  * -----------------------------------------------------------------------
236  */
237 int
238 header_token(pr_context_t *context)
239 {
240 	int	returnstat;
241 
242 	returnstat = pa_reclen(context, 0);		/* record byte */
243 	/* version ID */
244 	returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0);
245 	/* event type */
246 	returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0);
247 	/* event modifier */
248 	returnstat = pa_event_modifier(context, returnstat, 0);
249 	/* time from nsec */
250 	returnstat = pa_ntime32(context, returnstat, 1);
251 
252 	return (returnstat);
253 }
254 
255 int
256 header64_token(pr_context_t *context)
257 {
258 	int	returnstat;
259 
260 	returnstat = pa_reclen(context, 0);		/* record byte */
261 	/* version ID */
262 	returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0);
263 	/* event type */
264 	returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0);
265 	/* event modifier */
266 	returnstat = pa_event_modifier(context, returnstat, 0);
267 	/* time from nsec */
268 	returnstat = pa_ntime64(context, returnstat, 1);
269 
270 	return (returnstat);
271 }
272 
273 int
274 header32_ex_token(pr_context_t *context)
275 {
276 	int	returnstat;
277 
278 	returnstat = pa_reclen(context, 0);		/* record byte */
279 	/* version ID */
280 	returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0);
281 	/* event type */
282 	returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0);
283 	/* event modifier */
284 	returnstat = pa_event_modifier(context, returnstat, 0);
285 	/* machine name */
286 	returnstat = pa_hostname_ex(context, returnstat, 0);
287 	/* time from nsec */
288 	returnstat = pa_ntime32(context, returnstat, 1);
289 
290 	return (returnstat);
291 }
292 
293 int
294 header64_ex_token(pr_context_t *context)
295 {
296 	int	returnstat;
297 
298 	returnstat = pa_reclen(context, 0);		/* record byte */
299 	/* version ID */
300 	returnstat = process_tag(context, TAG_TOKVERS, returnstat, 0);
301 	/* event type */
302 	returnstat = process_tag(context, TAG_EVTYPE, returnstat, 0);
303 	/* event modifier */
304 	returnstat = pa_event_modifier(context, returnstat, 0);
305 	/* machine name */
306 	returnstat = pa_hostname_ex(context, returnstat, 0);
307 	/* time from nsec */
308 	returnstat = pa_ntime64(context, returnstat, 1);
309 
310 	return (returnstat);
311 }
312 
313 /*
314  * -----------------------------------------------------------------------
315  * trailer_token()	: Process record trailer token and display contents
316  * return codes		: -1 - error
317  *			:  0 - successful
318  * NOTE: At the time of call, the trailer token id has already been
319  * retrieved
320  *
321  * Format of trailer token:
322  * 	trailer token id	adr_char
323  * 	record sequence no	adr_u_short (should be AUT_TRAILER_MAGIC)
324  *	record byte count	adr_u_int
325  * -----------------------------------------------------------------------
326  */
327 int
328 trailer_token(pr_context_t *context)
329 {
330 	short	magic_number;
331 
332 	if (pr_adr_u_short(context, (ushort_t *)&magic_number, 1) < 0) {
333 		(void) fprintf(stderr, gettext(
334 		    "praudit: Cannot retrieve trailer magic number\n"));
335 		return (-1);
336 	} else {
337 		if (magic_number != AUT_TRAILER_MAGIC) {
338 			(void) fprintf(stderr, gettext(
339 			    "praudit: Invalid trailer magic number\n"));
340 			return (-1);
341 		} else
342 			/* Do not display trailer in XML mode */
343 			if (context->format & PRF_XMLM) {
344 				uint32_t	junk;
345 				int		retstat;
346 
347 				retstat = pr_adr_u_int32(context, &junk, 1);
348 				return (retstat);
349 			} else {
350 				return (pa_adr_u_int32(context, 0, 1));
351 			}
352 	}
353 }
354 
355 /*
356  * -----------------------------------------------------------------------
357  * arbitrary_data_token():
358  *			  Process arbitrary data token and display contents
359  * return codes		: -1 - error
360  *			:  0 - successful
361  * NOTE: At the time of call, the arbitrary data token id has already
362  * been retrieved
363  *
364  * Format of arbitrary data token:
365  *	arbitrary data token id	adr char
366  * 	how to print		adr_char
367  *				From audit_record.h, this may be either:
368  *				AUP_BINARY	binary
369  *				AUP_OCTAL	octal
370  *				AUP_DECIMAL	decimal
371  *				AUP_HEX		hexadecimal
372  *	basic unit		adr_char
373  *				From audit_record.h, this may be either:
374  *				AUR_BYTE	byte
375  *				AUR_CHAR	char
376  *				AUR_SHORT	short
377  *				AUR_INT32	int32_t
378  *				AUR_INT64	int64_t
379  *	unit count		adr_char, specifying number of units of
380  *				data in the "data items" parameter below
381  *	data items		depends on basic unit
382  *
383  * -----------------------------------------------------------------------
384  */
385 int
386 arbitrary_data_token(pr_context_t *context)
387 {
388 	int	returnstat;
389 	int	i;
390 	char	c1;
391 	short	c2;
392 	int32_t	c3;
393 	int64_t c4;
394 	char	how_to_print, basic_unit, unit_count, fwid;
395 	char	*p;
396 	int	index = 0;
397 	char	*pformat = "%*s";
398 
399 	uval_t	uval;
400 
401 	if ((returnstat = pr_adr_char(context, &how_to_print, 1)) != 0)
402 		return (returnstat);
403 
404 	if ((returnstat = pr_adr_char(context, &basic_unit, 1)) != 0)
405 		return (returnstat);
406 
407 	if ((returnstat = pr_adr_char(context, &unit_count, 1)) != 0)
408 		return (returnstat);
409 
410 	if (!(context->format & PRF_RAWM)) {
411 		uval.uvaltype = PRA_STRING;
412 		uval.string_val = htp2string(how_to_print);
413 	} else {
414 		uval.uvaltype = PRA_INT32;
415 		uval.int32_val = (int)how_to_print;
416 	}
417 
418 	if ((returnstat = open_tag(context, TAG_ARBPRINT)) != 0)
419 		return (returnstat);
420 	if ((returnstat = pa_print(context, &uval, 0)) < 0)
421 		return (returnstat);
422 	if ((returnstat = close_tag(context, TAG_ARBPRINT)) != 0)
423 		return (returnstat);
424 
425 	if (!(context->format & PRF_RAWM)) {
426 		uval.uvaltype = PRA_STRING;
427 		uval.string_val = bu2string(basic_unit);
428 	} else {
429 		uval.uvaltype = PRA_INT32;
430 		uval.int32_val = (int32_t)basic_unit;
431 	}
432 
433 	if ((returnstat = open_tag(context, TAG_ARBTYPE)) != 0)
434 		return (returnstat);
435 	if ((returnstat = pa_print(context, &uval, 0)) < 0)
436 		return (returnstat);
437 	if ((returnstat = close_tag(context, TAG_ARBTYPE)) != 0)
438 		return (returnstat);
439 
440 	uval.uvaltype = PRA_INT32;
441 	uval.int32_val = (int32_t)unit_count;
442 
443 	if ((returnstat = open_tag(context, TAG_ARBCOUNT)) != 0)
444 		return (returnstat);
445 	if ((returnstat = pa_print(context, &uval, 1)) < 0)
446 		return (returnstat);
447 	if ((returnstat = close_tag(context, TAG_ARBCOUNT)) != 0)
448 		return (returnstat);
449 
450 	/* Done with attributes; force end of token open */
451 	if ((returnstat = finish_open_tag(context)) != 0)
452 		return (returnstat);
453 
454 	/* get the field width in case we need to format output */
455 	fwid = findfieldwidth(basic_unit, how_to_print);
456 	p = (char *)malloc(80);
457 
458 	/* now get the data items and print them */
459 	for (i = 0; (i < unit_count); i++) {
460 		switch (basic_unit) {
461 			/* case AUR_BYTE: */
462 		case AUR_CHAR:
463 			if (pr_adr_char(context, &c1, 1) == 0)
464 				(void) convert_char_to_string(how_to_print,
465 				    c1, p);
466 			else {
467 				free(p);
468 				return (-1);
469 			}
470 			break;
471 		case AUR_SHORT:
472 			if (pr_adr_short(context, &c2, 1) == 0)
473 				(void) convert_short_to_string(how_to_print,
474 				    c2, p);
475 			else {
476 				free(p);
477 				return (-1);
478 			}
479 			break;
480 		case AUR_INT32:
481 			if (pr_adr_int32(context, &c3, 1) == 0)
482 				(void) convert_int32_to_string(how_to_print,
483 				    c3, p);
484 			else {
485 				free(p);
486 				return (-1);
487 			}
488 			break;
489 		case AUR_INT64:
490 			if (pr_adr_int64(context, &c4, 1) == 0)
491 				(void) convert_int64_to_string(how_to_print,
492 				    c4, p);
493 			else {
494 				free(p);
495 				return (-1);
496 			}
497 			break;
498 		default:
499 			free(p);
500 			return (-1);
501 			/*NOTREACHED*/
502 		}
503 
504 		/*
505 		 * At this point, we have successfully retrieved a data
506 		 * item and converted it into an ASCII string pointed to
507 		 * by p. If all output is to be printed on one line,
508 		 * simply separate the data items by a space (or by the
509 		 * delimiter if this is the last data item), otherwise, we
510 		 * need to format the output before display.
511 		 */
512 		if (context->format & PRF_ONELINE) {
513 			returnstat = pr_printf(context, "%s", p);
514 			if ((returnstat >= 0) && (i == (unit_count - 1)))
515 				returnstat = pr_printf(context, "%s",
516 				    context->SEPARATOR);
517 			else
518 				returnstat = pr_putchar(context, ' ');
519 		} else {	/* format output */
520 			returnstat = pr_printf(context, pformat, fwid, p);
521 			index += fwid;
522 			if ((returnstat >= 0) &&
523 			    (((index + fwid) > 75) ||
524 			    (i == (unit_count - 1)))) {
525 				returnstat = pr_putchar(context, '\n');
526 				index = 0;
527 			}
528 		} /* else if PRF_ONELINE */
529 		if (returnstat < 0) {
530 			free(p);
531 			return (returnstat);
532 		}
533 	}
534 	free(p);
535 
536 	return (returnstat);
537 }
538 
539 /*
540  * -----------------------------------------------------------------------
541  * opaque_token() 	: Process opaque token and display contents
542  * return codes		: -1 - error
543  *			:  0 - successful
544  * NOTE: At the time of call, the opaque token id has already been
545  * retrieved
546  *
547  * Format of opaque token:
548  *	opaque token id		adr_char
549  *	size			adr_short
550  *	data			adr_char, size times
551  * -----------------------------------------------------------------------
552  */
553 int
554 opaque_token(pr_context_t *context)
555 {
556 	int	returnstat;
557 	short	size;
558 	char	*charp;
559 	uval_t	uval;
560 
561 
562 	/* print the size of the token */
563 	if (pr_adr_short(context, &size, 1) == 0) {
564 		uval.uvaltype = PRA_SHORT;
565 		uval.short_val = size;
566 		returnstat = pa_print(context, &uval, 0);
567 	} else
568 		returnstat = -1;
569 
570 	/* now print out the data field in hexadecimal */
571 	if (returnstat >= 0) {
572 		/* try to allocate memory for the character string */
573 		if ((charp = (char *)malloc(size * sizeof (char))) == NULL)
574 			returnstat = -1;
575 		else {
576 			if ((returnstat = pr_adr_char(context, charp,
577 			    size)) == 0) {
578 				/* print out in hexadecimal format */
579 				uval.uvaltype = PRA_STRING;
580 				uval.string_val = hexconvert(charp, size, size);
581 				if (uval.string_val) {
582 					returnstat = pa_print(context,
583 					    &uval, 1);
584 					free(uval.string_val);
585 				}
586 			}
587 			free(charp);
588 		}
589 	}
590 
591 	return (returnstat);
592 }
593 
594 /*
595  * -----------------------------------------------------------------------
596  * path_token() 	: Process path token and display contents
597  * return codes		: -1 - error
598  *			:  0 - successful
599  * NOTE: At the time of call, the path token id has been retrieved
600  *
601  * Format of path token:
602  *	token id	adr_char
603  *	path		adr_string
604  * -----------------------------------------------------------------------
605  */
606 int
607 path_token(pr_context_t *context)
608 {
609 	char	*path;	/* path */
610 	char	*apath;	/* anchored path */
611 	char	*cpath;	/* collapsed path */
612 	short	length;
613 	int	returnstat;
614 	uval_t	uval;
615 
616 	/*
617 	 * We need to know how much space to allocate for our string, so
618 	 * read the length first, then call pr_adr_char to read those bytes.
619 	 */
620 	if (pr_adr_short(context, &length, 1) == 0) {
621 		if ((path = (char *)malloc(length + 1)) == NULL) {
622 			returnstat = -1;
623 		} else if (pr_adr_char(context, path, length) == 0) {
624 			path[length] = '\0';
625 			uval.uvaltype = PRA_STRING;
626 			if (*path != '/') {
627 				apath = anchor_path(path);
628 				free(path);
629 			} else
630 				apath = path;
631 			cpath = collapse_path(apath);
632 			uval.string_val = cpath;
633 			returnstat = pa_print(context, &uval, 1);
634 			free(cpath);
635 		} else {
636 			free(path);
637 			returnstat = -1;
638 		}
639 		return (returnstat);
640 	} else
641 		return (-1);
642 }
643 
644 /*
645  * anchor a path name with a slash
646  */
647 char *
648 anchor_path(char *sp)
649 {
650 	char	*dp; /* destination path */
651 	char	*tp; /* temporary path */
652 	size_t	len;
653 
654 	len = strlen(sp) + 2;
655 	if ((dp = tp = (char *)calloc(1, len)) == (char *)0)
656 		return ((char *)0);
657 
658 	*dp++ = '/';
659 
660 	(void) strlcpy(dp, sp, len);
661 
662 	return (tp);
663 }
664 
665 /*
666  * copy path to collapsed path.
667  * collapsed path does not contain:
668  *	successive slashes
669  *	instances of dot-slash
670  *	instances of dot-dot-slash
671  * passed path must be anchored with a '/'
672  */
673 char *
674 collapse_path(char *s)
675 {
676 	int	id;	/* index of where we are in destination string */
677 	int	is;		/* index of where we are in source string */
678 	int	slashseen;	/* have we seen a slash */
679 	int	ls;		/* length of source string */
680 
681 	ls = strlen(s) + 1;
682 
683 	slashseen = 0;
684 	for (is = 0, id = 0; is < ls; is++) {
685 		/* thats all folks, we've reached the end of input */
686 		if (s[is] == '\0') {
687 			if (id > 1 && s[id-1] == '/') {
688 				--id;
689 			}
690 			s[id++] = '\0';
691 			break;
692 		}
693 		/* previous character was a / */
694 		if (slashseen) {
695 			if (s[is] == '/')
696 				continue;	/* another slash, ignore it */
697 		} else if (s[is] == '/') {
698 			/* we see a /, just copy it and try again */
699 			slashseen = 1;
700 			s[id++] = '/';
701 			continue;
702 		}
703 		/* /./ seen */
704 		if (s[is] == '.' && s[is+1] == '/') {
705 			is += 1;
706 			continue;
707 		}
708 		/* XXX/. seen */
709 		if (s[is] == '.' && s[is+1] == '\0') {
710 			if (id > 1)
711 				id--;
712 			continue;
713 		}
714 		/* XXX/.. seen */
715 		if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') {
716 			is += 1;
717 			if (id > 0)
718 				id--;
719 			while (id > 0 && s[--id] != '/')
720 				continue;
721 			id++;
722 			continue;
723 		}
724 		/* XXX/../ seen */
725 		if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') {
726 			is += 2;
727 			if (id > 0)
728 				id--;
729 			while (id > 0 && s[--id] != '/')
730 				continue;
731 			id++;
732 			continue;
733 		}
734 		while (is < ls && (s[id++] = s[is++]) != '/')
735 			continue;
736 		is--;
737 	}
738 	return (s);
739 }
740 
741 /*
742  * -----------------------------------------------------------------------
743  * cmd_token()		: Process cmd token and display contents
744  * return codes		: -1 - error
745  *			:  0 - successful
746  * NOTE: At the time of call, the cmd token id has been retrieved
747  *
748  * Format of command token:
749  *	token id	adr_char
750  *	argc		adr_short
751  *	N*argv[i]	adr_string (short, string)
752  *	env cnt		adr_short
753  *	N*arge[i]	adr_string (short, string)
754  * -----------------------------------------------------------------------
755  */
756 int
757 cmd_token(pr_context_t *context)
758 {
759 	int	returnstat;
760 	short num;
761 
762 	returnstat = pr_adr_short(context, &num, 1);
763 	if (returnstat < 0)
764 		return (returnstat);
765 
766 	if (!(context->format & PRF_XMLM)) {
767 		returnstat = pr_printf(context, "%s%s%d%s",
768 		    (context->format & PRF_ONELINE) ? "" : gettext("argcnt"),
769 		    (context->format & PRF_ONELINE) ? "" : context->SEPARATOR,
770 		    num, context->SEPARATOR);
771 		if (returnstat < 0)
772 			return (returnstat);
773 	}
774 
775 	for (; num > 0; num--) {
776 		if ((returnstat = process_tag(context, TAG_ARGV,
777 		    returnstat, 0)) < 0)
778 			return (returnstat);
779 	}
780 
781 	if ((returnstat = pr_adr_short(context, &num, 1)) < 0)
782 		return (returnstat);
783 
784 	if (!(context->format & PRF_XMLM)) {
785 		returnstat = pr_printf(context, "%s%s%d%s",
786 		    (context->format & PRF_ONELINE) ? "" : gettext("envcnt"),
787 		    (context->format & PRF_ONELINE) ? "" : context->SEPARATOR,
788 		    num, context->SEPARATOR);
789 		if (returnstat < 0)
790 			return (returnstat);
791 	}
792 
793 	if ((num == 0) && !(context->format & PRF_XMLM)) {
794 		returnstat = do_newline(context, 1);
795 		if (returnstat < 0)
796 			return (returnstat);
797 	}
798 
799 	for (; num > 1; num--) {
800 		if ((returnstat = process_tag(context, TAG_ARGE,
801 		    returnstat, 0)) < 0)
802 			return (returnstat);
803 	}
804 	if (num)
805 		returnstat = process_tag(context, TAG_ARGE, returnstat, 1);
806 
807 	return (returnstat);
808 
809 }
810 
811 /*
812  * -----------------------------------------------------------------------
813  * argument32_token()	: Process argument token and display contents
814  * return codes		: -1 - error
815  *			:  0 - successful
816  * NOTE: At the time of call, the arg token id has been retrieved
817  *
818  * Format of argument token:
819  *	current directory token id	adr_char
820  *	argument number			adr_char
821  *	argument value			adr_int32
822  *	argument description		adr_string
823  * -----------------------------------------------------------------------
824  */
825 int
826 argument32_token(pr_context_t *context)
827 {
828 	int	returnstat;
829 
830 	returnstat = process_tag(context, TAG_ARGNUM, 0, 0);
831 	returnstat = process_tag(context, TAG_ARGVAL32, returnstat, 0);
832 	returnstat = process_tag(context, TAG_ARGDESC, returnstat, 1);
833 
834 	return (returnstat);
835 
836 }
837 
838 /*
839  * -----------------------------------------------------------------------
840  * argument64_token()	: Process argument token and display contents
841  * return codes		: -1 - error
842  *			:  0 - successful
843  * NOTE: At the time of call, the arg token id has been retrieved
844  *
845  * Format of 64 bit argument token:
846  *	current directory token id	adr_char
847  *	argument number			adr_char
848  *	argument value			adr_int64
849  *	argument description		adr_string
850  * -----------------------------------------------------------------------
851  */
852 int
853 argument64_token(pr_context_t *context)
854 {
855 	int	returnstat;
856 
857 	returnstat = process_tag(context, TAG_ARGNUM, 0, 0);
858 	returnstat = process_tag(context, TAG_ARGVAL64, returnstat, 0);
859 	returnstat = process_tag(context, TAG_ARGDESC, returnstat, 1);
860 
861 	return (returnstat);
862 
863 }
864 
865 /*
866  * -----------------------------------------------------------------------
867  * process_token() 	: Process process token and display contents
868  * return codes		: -1 - error
869  *			:  0 - successful
870  * NOTE: At the time of call, the process token id has been retrieved
871  *
872  * Format of process token:
873  *	process token id	adr_char
874  *	auid			adr_u_int32
875  *	euid			adr_u_int32
876  *	egid			adr_u_int32
877  *	ruid			adr_u_int32
878  *	egid			adr_u_int32
879  *	pid			adr_u_int32
880  *	sid			adr_u_int32
881  *	tid			adr_u_int32, adr_u_int32
882  * -----------------------------------------------------------------------
883  */
884 int
885 process32_token(pr_context_t *context)
886 {
887 	int	returnstat;
888 
889 		/* auid */
890 	returnstat = process_tag(context, TAG_AUID, 0, 0);
891 		/* uid */
892 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
893 		/* gid */
894 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
895 		/* ruid */
896 	returnstat = process_tag(context, TAG_RUID, returnstat, 0);
897 		/* rgid */
898 	returnstat = process_tag(context, TAG_RGID, returnstat, 0);
899 		/* pid */
900 	returnstat = process_tag(context, TAG_PID, returnstat, 0);
901 		/* sid */
902 	returnstat = process_tag(context, TAG_SID, returnstat, 0);
903 		/* tid */
904 	returnstat = process_tag(context, TAG_TID32, returnstat, 1);
905 
906 	return (returnstat);
907 }
908 
909 int
910 process64_token(pr_context_t *context)
911 {
912 	int	returnstat;
913 
914 		/* auid */
915 	returnstat = process_tag(context, TAG_AUID, 0, 0);
916 		/* uid */
917 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
918 		/* gid */
919 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
920 		/* ruid */
921 	returnstat = process_tag(context, TAG_RUID, returnstat, 0);
922 		/* rgid */
923 	returnstat = process_tag(context, TAG_RGID, returnstat, 0);
924 		/* pid */
925 	returnstat = process_tag(context, TAG_PID, returnstat, 0);
926 		/* sid */
927 	returnstat = process_tag(context, TAG_SID, returnstat, 0);
928 		/* tid */
929 	returnstat = process_tag(context, TAG_TID64, returnstat, 1);
930 
931 	return (returnstat);
932 }
933 
934 /*
935  * -----------------------------------------------------------------------
936  * process_ex_token()	: Process process token and display contents
937  * return codes		: -1 - error
938  *			:  0 - successful
939  * NOTE: At the time of call, the process token id has been retrieved
940  *
941  * Format of extended process token:
942  *	process token id	adr_char
943  *	auid			adr_u_int32
944  *	euid			adr_u_int32
945  *	egid			adr_u_int32
946  *	ruid			adr_u_int32
947  *	egid			adr_u_int32
948  *	pid			adr_u_int32
949  *	sid			adr_u_int32
950  *	tid			adr_u_int32, adr_u_int32, 4*adr_u_int32
951  * -----------------------------------------------------------------------
952  */
953 int
954 process32_ex_token(pr_context_t *context)
955 {
956 	int	returnstat;
957 
958 		/* auid */
959 	returnstat = process_tag(context, TAG_AUID, 0, 0);
960 		/* uid */
961 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
962 		/* gid */
963 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
964 		/* ruid */
965 	returnstat = process_tag(context, TAG_RUID, returnstat, 0);
966 		/* rgid */
967 	returnstat = process_tag(context, TAG_RGID, returnstat, 0);
968 		/* pid */
969 	returnstat = process_tag(context, TAG_PID, returnstat, 0);
970 		/* sid */
971 	returnstat = process_tag(context, TAG_SID, returnstat, 0);
972 		/* tid */
973 	returnstat = process_tag(context, TAG_TID32_EX, returnstat, 1);
974 
975 	return (returnstat);
976 }
977 
978 int
979 process64_ex_token(pr_context_t *context)
980 {
981 	int	returnstat;
982 
983 		/* auid */
984 	returnstat = process_tag(context, TAG_AUID, 0, 0);
985 		/* uid */
986 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
987 		/* gid */
988 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
989 		/* ruid */
990 	returnstat = process_tag(context, TAG_RUID, returnstat, 0);
991 		/* rgid */
992 	returnstat = process_tag(context, TAG_RGID, returnstat, 0);
993 		/* pid */
994 	returnstat = process_tag(context, TAG_PID, returnstat, 0);
995 		/* sid */
996 	returnstat = process_tag(context, TAG_SID, returnstat, 0);
997 		/* tid */
998 	returnstat = process_tag(context, TAG_TID64_EX, returnstat, 1);
999 
1000 	return (returnstat);
1001 }
1002 
1003 /*
1004  * -----------------------------------------------------------------------
1005  * return_value32_token(): Process return value and display contents
1006  * return codes		: -1 - error
1007  *			:  0 - successful
1008  * NOTE: At the time of call, the return value token id has been retrieved
1009  *
1010  * Format of return value token:
1011  * 	return value token id	adr_char
1012  *	error number		adr_char
1013  *	return value		adr_int32
1014  * -----------------------------------------------------------------------
1015  */
1016 int
1017 return_value32_token(pr_context_t *context)
1018 {
1019 	int		returnstat;
1020 	uchar_t		number;
1021 	int32_t		value;
1022 	char		pb[512];    /* print buffer */
1023 	uval_t		uval;
1024 	bool_t		used_ret_val = 0;
1025 
1026 	/*
1027 	 * Every audit record generated contains a return token.
1028 	 *
1029 	 * The return token is a special token. It indicates the success
1030 	 * or failure of the event that contains it.
1031 	 * The return32 token contains two pieces of data:
1032 	 *
1033 	 * 	char	number;
1034 	 * 	int32_t	return_value;
1035 	 *
1036 	 * For audit records generated by the kernel:
1037 	 * The kernel always puts a positive value in "number".
1038 	 * Upon success "number" is 0.
1039 	 * Upon failure "number" is a positive errno value that is less than
1040 	 * sys_nerr.
1041 	 *
1042 	 * For audit records generated at the user level:
1043 	 * Upon success "number" is 0.
1044 	 * Upon failure "number" is -1.
1045 	 *
1046 	 * For both kernel and user land the value of "return_value" is
1047 	 * arbitrary. For the kernel it contains the return value of
1048 	 * the system call. For user land it contains an arbitrary return
1049 	 * value if it is less than ADT_FAIL_VALUE; ADT_FAIL_VALUE
1050 	 * and above are messages defined in adt_event.h.   ADT_FAIL_PAM and
1051 	 * above are messages from pam_strerror().  No interpretation is done
1052 	 * on "return_value" if it is outside the range of ADT_FAIL_VALUE_* or
1053 	 * ADT_FAIL_PAM values.
1054 	 */
1055 	if ((returnstat = open_tag(context, TAG_ERRVAL)) != 0)
1056 		return (returnstat);
1057 
1058 	if ((returnstat = pr_adr_u_char(context, &number, 1)) == 0) {
1059 		if (!(context->format & PRF_RAWM)) {
1060 			used_ret_val = 1;
1061 			pa_error(number, pb, sizeof (pb));
1062 			uval.uvaltype = PRA_STRING;
1063 			uval.string_val = pb;
1064 			if ((returnstat = pa_print(context, &uval, 0)) != 0)
1065 				return (returnstat);
1066 			if ((returnstat = close_tag(context, TAG_ERRVAL)) != 0)
1067 				return (returnstat);
1068 			if ((returnstat = open_tag(context, TAG_RETVAL)) != 0)
1069 				return (returnstat);
1070 
1071 			if ((returnstat = pr_adr_int32(
1072 			    context, &value, 1)) != 0)
1073 				return (returnstat);
1074 
1075 			pa_retval(number, value, pb, sizeof (pb));
1076 		} else {
1077 			uval.uvaltype = PRA_INT32;
1078 			if ((char)number == -1)
1079 				uval.int32_val = -1;
1080 			else
1081 				uval.int32_val = number;
1082 		}
1083 		returnstat = pa_print(context, &uval, used_ret_val);
1084 	}
1085 	if (used_ret_val) {
1086 		if (returnstat == 0)
1087 			returnstat = close_tag(context, TAG_RETVAL);
1088 		return (returnstat);
1089 	}
1090 	if (!returnstat)
1091 		if (returnstat = close_tag(context, TAG_ERRVAL))
1092 			return (returnstat);
1093 
1094 	return (process_tag(context, TAG_RETVAL, returnstat, 1));
1095 }
1096 
1097 /*
1098  * -----------------------------------------------------------------------
1099  * return_value64_token(): Process return value and display contents
1100  * return codes		: -1 - error
1101  *			:  0 - successful
1102  * NOTE: At the time of call, the return value token id has been retrieved
1103  *
1104  * Format of return value token:
1105  * 	return value token id	adr_char
1106  *	error number		adr_char
1107  *	return value		adr_int64
1108  *
1109  * HOWEVER, the 64 bit return value is a concatenation of two
1110  * 32 bit return values; the first of which is the same as is
1111  * carried in the return32 token.  The second 32 bits are ignored
1112  * here so that the displayed return token will have the same
1113  * number whether the application is 32 or 64 bits.
1114  * -----------------------------------------------------------------------
1115  */
1116 int
1117 return_value64_token(pr_context_t *context)
1118 {
1119 	int		returnstat;
1120 	uchar_t		number;
1121 	rval_t		rval;
1122 	char		pb[512];    /* print buffer */
1123 	uval_t		uval;
1124 
1125 	/*
1126 	 * Every audit record generated contains a return token.
1127 	 *
1128 	 * The return token is a special token. It indicates the success
1129 	 * or failure of the event that contains it.
1130 	 * The return64 token contains two pieces of data:
1131 	 *
1132 	 * 	char	number;
1133 	 * 	int64_t	return_value;
1134 	 *
1135 	 * For audit records generated by the kernel:
1136 	 * The kernel always puts a positive value in "number".
1137 	 * Upon success "number" is 0.
1138 	 * Upon failure "number" is a positive errno value that is less than
1139 	 * sys_nerr.
1140 	 *
1141 	 * For audit records generated at the user level:
1142 	 * Upon success "number" is 0.
1143 	 * Upon failure "number" is -1.
1144 	 *
1145 	 * For both kernel and user land the value of "return_value" is
1146 	 * arbitrary. For the kernel it contains the return value of
1147 	 * the system call. For user land it contains an arbitrary return
1148 	 * value if it is less than ADT_FAIL_VALUE; ADT_FAIL_VALUE
1149 	 * and above are messages defined in adt_event.h.   ADT_FAIL_PAM and
1150 	 * above are messages from pam_strerror().  No interpretation is done
1151 	 * on "return_value" if it is outside the range of ADT_FAIL_VALUE_* or
1152 	 * ADT_FAIL_PAM values.
1153 	 *
1154 	 * The 64 bit return value consists of two 32bit parts; for
1155 	 * system calls, the first part is the value returned by the
1156 	 * system call and the second part depends on the system call
1157 	 * implementation.  In most cases, the second part is either 0
1158 	 * or garbage; because of that, it is omitted from the praudit
1159 	 * output.
1160 	 */
1161 	if ((returnstat = open_tag(context, TAG_ERRVAL)) != 0)
1162 		return (returnstat);
1163 
1164 	if ((returnstat = pr_adr_u_char(context, &number, 1)) == 0) {
1165 		if (!(context->format & PRF_RAWM)) {
1166 			pa_error(number, pb, sizeof (pb));
1167 			uval.uvaltype = PRA_STRING;
1168 			uval.string_val = pb;
1169 			if ((returnstat = pa_print(context, &uval, 0)) != 0)
1170 				return (returnstat);
1171 
1172 			if ((returnstat = close_tag(context, TAG_ERRVAL)) != 0)
1173 				return (returnstat);
1174 			if ((returnstat = open_tag(context, TAG_RETVAL)) != 0)
1175 				return (returnstat);
1176 
1177 			if ((returnstat = pr_adr_int64(context,
1178 			    &rval.r_vals, 1)) != 0)
1179 				return (returnstat);
1180 			pa_retval(number, rval.r_val1, pb, sizeof (pb));
1181 		} else {
1182 			uval.uvaltype = PRA_INT32;
1183 			if ((char)number == -1)
1184 				uval.int32_val = -1;
1185 			else
1186 				uval.int32_val = number;
1187 
1188 			if ((returnstat = pa_print(context, &uval, 0)) != 0)
1189 				return (returnstat);
1190 
1191 			if ((returnstat = close_tag(context, TAG_ERRVAL)) != 0)
1192 				return (returnstat);
1193 			if ((returnstat = open_tag(context, TAG_RETVAL)) != 0)
1194 				return (returnstat);
1195 
1196 			if ((returnstat = pr_adr_int64(context,
1197 			    &rval.r_vals, 1)) != 0)
1198 				return (returnstat);
1199 			uval.int32_val = rval.r_val1;
1200 		}
1201 		returnstat = pa_print(context, &uval, 1);
1202 	} else {
1203 		return (returnstat);
1204 	}
1205 
1206 	if (returnstat == 0)
1207 		returnstat = close_tag(context, TAG_RETVAL);
1208 
1209 	return (returnstat);
1210 }
1211 
1212 /*
1213  * -----------------------------------------------------------------------
1214  * subject32_token()	: Process subject token and display contents
1215  * return codes		: -1 - error
1216  *			:  0 - successful
1217  * NOTE: At the time of call, the subject token id has been retrieved
1218  *
1219  * Format of subject token:
1220  *	subject token id	adr_char
1221  *	auid			adr_u_int32
1222  *	euid			adr_u_int32
1223  *	egid			adr_u_int32
1224  *	ruid			adr_u_int32
1225  *	egid			adr_u_int32
1226  *	pid			adr_u_int32
1227  *	sid			adr_u_int32
1228  *	tid			adr_u_int32, adr_u_int32
1229  * -----------------------------------------------------------------------
1230  */
1231 int
1232 subject32_token(pr_context_t *context)
1233 {
1234 	int	returnstat;
1235 
1236 		/* auid */
1237 	returnstat = process_tag(context, TAG_AUID, 0, 0);
1238 		/* uid */
1239 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
1240 		/* gid */
1241 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
1242 		/* ruid */
1243 	returnstat = process_tag(context, TAG_RUID, returnstat, 0);
1244 		/* rgid */
1245 	returnstat = process_tag(context, TAG_RGID, returnstat, 0);
1246 		/* pid */
1247 	returnstat = process_tag(context, TAG_PID, returnstat, 0);
1248 		/* sid */
1249 	returnstat = process_tag(context, TAG_SID, returnstat, 0);
1250 		/* tid */
1251 	returnstat = process_tag(context, TAG_TID32, returnstat, 1);
1252 
1253 	return (returnstat);
1254 }
1255 
1256 int
1257 subject64_token(pr_context_t *context)
1258 {
1259 	int	returnstat;
1260 
1261 		/* auid */
1262 	returnstat = process_tag(context, TAG_AUID, 0, 0);
1263 		/* uid */
1264 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
1265 		/* gid */
1266 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
1267 		/* ruid */
1268 	returnstat = process_tag(context, TAG_RUID, returnstat, 0);
1269 		/* rgid */
1270 	returnstat = process_tag(context, TAG_RGID, returnstat, 0);
1271 		/* pid */
1272 	returnstat = process_tag(context, TAG_PID, returnstat, 0);
1273 		/* sid */
1274 	returnstat = process_tag(context, TAG_SID, returnstat, 0);
1275 		/* tid */
1276 	returnstat = process_tag(context, TAG_TID64, returnstat, 1);
1277 
1278 	return (returnstat);
1279 }
1280 
1281 /*
1282  * -----------------------------------------------------------------------
1283  * subject_ex_token(): Process subject token and display contents
1284  * return codes		: -1 - error
1285  *			:  0 - successful
1286  * NOTE: At the time of call, the subject token id has been retrieved
1287  *
1288  * Format of extended subject token:
1289  *	subject token id	adr_char
1290  *	auid			adr_u_int32
1291  *	euid			adr_u_int32
1292  *	egid			adr_u_int32
1293  *	ruid			adr_u_int32
1294  *	egid			adr_u_int32
1295  *	pid			adr_u_int32
1296  *	sid			adr_u_int32
1297  *	tid			adr_u_int32, adr_u_int32
1298  * -----------------------------------------------------------------------
1299  */
1300 int
1301 subject32_ex_token(pr_context_t *context)
1302 {
1303 	int	returnstat;
1304 
1305 		/* auid */
1306 	returnstat = process_tag(context, TAG_AUID, 0, 0);
1307 		/* uid */
1308 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
1309 		/* gid */
1310 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
1311 		/* ruid */
1312 	returnstat = process_tag(context, TAG_RUID, returnstat, 0);
1313 		/* rgid */
1314 	returnstat = process_tag(context, TAG_RGID, returnstat, 0);
1315 		/* pid */
1316 	returnstat = process_tag(context, TAG_PID, returnstat, 0);
1317 		/* sid */
1318 	returnstat = process_tag(context, TAG_SID, returnstat, 0);
1319 		/* tid */
1320 	returnstat = process_tag(context, TAG_TID32_EX, returnstat, 1);
1321 
1322 	return (returnstat);
1323 }
1324 
1325 int
1326 subject64_ex_token(pr_context_t *context)
1327 {
1328 	int	returnstat;
1329 
1330 		/* auid */
1331 	returnstat = process_tag(context, TAG_AUID, 0, 0);
1332 		/* uid */
1333 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
1334 		/* gid */
1335 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
1336 		/* ruid */
1337 	returnstat = process_tag(context, TAG_RUID, returnstat, 0);
1338 		/* rgid */
1339 	returnstat = process_tag(context, TAG_RGID, returnstat, 0);
1340 		/* pid */
1341 	returnstat = process_tag(context, TAG_PID, returnstat, 0);
1342 		/* sid */
1343 	returnstat = process_tag(context, TAG_SID, returnstat, 0);
1344 		/* tid */
1345 	returnstat = process_tag(context, TAG_TID64_EX, returnstat, 1);
1346 
1347 	return (returnstat);
1348 }
1349 
1350 /*
1351  * -----------------------------------------------------------------------
1352  * s5_IPC_token()	: Process System V IPC token and display contents
1353  * return codes		: -1 - error
1354  *			:  0 - successful
1355  * NOTE: At the time of call, the System V IPC id has been retrieved
1356  *
1357  * Format of System V IPC token:
1358  *	System V IPC token id	adr_char
1359  *	object id		adr_int32
1360  * -----------------------------------------------------------------------
1361  */
1362 int
1363 s5_IPC_token(pr_context_t *context)
1364 {
1365 	int	returnstat;
1366 	uchar_t ipctype;
1367 	uval_t	uval;
1368 
1369 	/*
1370 	 * TRANSLATION_NOTE
1371 	 * These names refer to the type of System V IPC object:
1372 	 * message queue, semaphore, shared memory.
1373 	 */
1374 
1375 	if (pr_adr_u_char(context, &ipctype, 1) == 0) {
1376 		if ((returnstat = open_tag(context, TAG_IPCTYPE)) != 0)
1377 			return (returnstat);
1378 
1379 		if (!(context->format & PRF_RAWM)) {
1380 			/* print in ASCII form */
1381 			uval.uvaltype = PRA_STRING;
1382 			switch (ipctype) {
1383 			case AT_IPC_MSG:
1384 				uval.string_val = gettext("msg");
1385 				break;
1386 			case AT_IPC_SEM:
1387 				uval.string_val = gettext("sem");
1388 				break;
1389 			case AT_IPC_SHM:
1390 				uval.string_val = gettext("shm");
1391 				break;
1392 			}
1393 			returnstat = pa_print(context, &uval, 0);
1394 		}
1395 		/* print in integer form */
1396 		if ((context->format & PRF_RAWM) || (returnstat == 1)) {
1397 			uval.uvaltype = PRA_BYTE;
1398 			uval.char_val = ipctype;
1399 			returnstat = pa_print(context, &uval, 0);
1400 		}
1401 		if ((returnstat = close_tag(context, TAG_IPCTYPE)) != 0)
1402 			return (returnstat);
1403 
1404 		/* next get and print ipc id */
1405 		return (process_tag(context, TAG_IPCID, returnstat, 1));
1406 	} else {
1407 		/* cannot retrieve ipc type */
1408 		return (-1);
1409 	}
1410 }
1411 
1412 /*
1413  * -----------------------------------------------------------------------
1414  * text_token()	: Process text token and display contents
1415  * return codes	: -1 - error
1416  *		:  0 - successful
1417  * NOTE: At the time of call, the text token id has been retrieved
1418  *
1419  * Format of text token:
1420  *	text token id		adr_char
1421  * 	text			adr_string
1422  * -----------------------------------------------------------------------
1423  */
1424 int
1425 text_token(pr_context_t *context)
1426 {
1427 	return (pa_adr_string(context, 0, 1));
1428 }
1429 
1430 /*
1431  * -----------------------------------------------------------------------
1432  * tid_token()		: Process a generic terminal id token / AUT_TID
1433  * return codes 	: -1 - error
1434  *			:  0 - successful
1435  * NOTE: At the time of call, the token id has been retrieved
1436  *
1437  * Format of tid token:
1438  *	ip token id	adr_char
1439  *	terminal type	adr_char
1440  *  terminal type = AU_IPADR:
1441  *	remote port:	adr_short
1442  *	local port:	adr_short
1443  *	IP type:	adt_int32 -- AU_IPv4 or AU_IPv6
1444  *	address:	adr_int32 if IPv4, else 4 * adr_int32
1445  * -----------------------------------------------------------------------
1446  */
1447 int
1448 tid_token(pr_context_t *context)
1449 {
1450 	int		returnstat;
1451 	uchar_t		type;
1452 	uval_t		uval;
1453 
1454 	if ((returnstat = pr_adr_u_char(context, &type, 1)) != 0)
1455 		return (returnstat);
1456 	uval.uvaltype = PRA_STRING;
1457 	if ((returnstat = open_tag(context, TAG_TID_TYPE)) != 0)
1458 		return (returnstat);
1459 
1460 	switch (type) {
1461 	default:
1462 		return (-1);	/* other than IP type is not implemented */
1463 	case AU_IPADR:
1464 		uval.string_val = "ip";
1465 		returnstat = pa_print(context, &uval, 0);
1466 		returnstat = close_tag(context, TAG_TID_TYPE);
1467 		returnstat = open_tag(context, TAG_IP);
1468 		returnstat = process_tag(context, TAG_IP_REMOTE, returnstat, 0);
1469 		returnstat = process_tag(context, TAG_IP_LOCAL, returnstat, 0);
1470 		returnstat = process_tag(context, TAG_IP_ADR, returnstat, 1);
1471 		returnstat = close_tag(context, TAG_IP);
1472 		break;
1473 	}
1474 	return (returnstat);
1475 }
1476 
1477 /*
1478  * -----------------------------------------------------------------------
1479  * ip_addr_token() 	: Process ip token and display contents
1480  * return codes 	: -1 - error
1481  *			:  0 - successful
1482  * NOTE: At the time of call, the ip token id has been retrieved
1483  *
1484  * Format of ip address token:
1485  *	ip token id	adr_char
1486  *	address		adr_int32 (printed in hex)
1487  * -----------------------------------------------------------------------
1488  */
1489 
1490 int
1491 ip_addr_token(pr_context_t *context)
1492 {
1493 	return (pa_hostname(context, 0, 1));
1494 }
1495 
1496 int
1497 ip_addr_ex_token(pr_context_t *context)
1498 {
1499 	int	returnstat;
1500 	uint32_t	ip_addr[16];
1501 	uint32_t	ip_type;
1502 	struct in_addr	ia;
1503 	char		*ipstring;
1504 	char		buf[256];
1505 	uval_t		uval;
1506 
1507 	/* get address type */
1508 	if ((returnstat = pr_adr_u_int32(context, &ip_type, 1)) != 0)
1509 		return (returnstat);
1510 
1511 	/* legal address types are either AU_IPv4 or AU_IPv6 only */
1512 	if ((ip_type != AU_IPv4) && (ip_type != AU_IPv6))
1513 		return (-1);
1514 
1515 	/* get address (4/16) */
1516 	if ((returnstat = pr_adr_char(context, (char *)ip_addr, ip_type)) != 0)
1517 		return (returnstat);
1518 
1519 	uval.uvaltype = PRA_STRING;
1520 	if (ip_type == AU_IPv4) {
1521 		uval.string_val = buf;
1522 
1523 		if (!(context->format & PRF_RAWM)) {
1524 			get_Hname(ip_addr[0], buf, sizeof (buf));
1525 			return (pa_print(context, &uval, 1));
1526 		}
1527 
1528 		ia.s_addr = ip_addr[0];
1529 		if ((ipstring = inet_ntoa(ia)) == NULL)
1530 			return (-1);
1531 
1532 		(void) snprintf(buf, sizeof (buf), "%s", ipstring);
1533 
1534 	} else {
1535 		uval.string_val = buf;
1536 
1537 		if (!(context->format & PRF_RAWM)) {
1538 			get_Hname_ex(ip_addr, buf, sizeof (buf));
1539 			return (pa_print(context, &uval, 1));
1540 		}
1541 
1542 		(void) inet_ntop(AF_INET6, (void *) ip_addr, buf,
1543 		    sizeof (buf));
1544 
1545 	}
1546 
1547 	return (pa_print(context, &uval, 1));
1548 }
1549 
1550 /*
1551  * -----------------------------------------------------------------------
1552  * ip_token()		: Process ip header token and display contents
1553  * return codes 	: -1 - error
1554  *			:  0 - successful
1555  * NOTE: At the time of call, the ip token id has been retrieved
1556  *
1557  * Format of ip header token:
1558  *	ip header token id	adr_char
1559  *	version			adr_char (printed in hex)
1560  *	type of service		adr_char (printed in hex)
1561  *	length			adr_short
1562  *	id			adr_u_short
1563  *	offset			adr_u_short
1564  *	ttl			adr_char (printed in hex)
1565  *	protocol		adr_char (printed in hex)
1566  *	checksum		adr_u_short
1567  *	source address		adr_int32 (printed in hex)
1568  *	destination address	adr_int32 (printed in hex)
1569  * -----------------------------------------------------------------------
1570  */
1571 int
1572 ip_token(pr_context_t *context)
1573 {
1574 	int	returnstat;
1575 
1576 	returnstat = process_tag(context, TAG_IPVERS, 0, 0);
1577 	returnstat = process_tag(context, TAG_IPSERV, returnstat, 0);
1578 	returnstat = process_tag(context, TAG_IPLEN, returnstat, 0);
1579 	returnstat = process_tag(context, TAG_IPID, returnstat, 0);
1580 	returnstat = process_tag(context, TAG_IPOFFS, returnstat, 0);
1581 	returnstat = process_tag(context, TAG_IPTTL, returnstat, 0);
1582 	returnstat = process_tag(context, TAG_IPPROTO, returnstat, 0);
1583 	returnstat = process_tag(context, TAG_IPCKSUM, returnstat, 0);
1584 	returnstat = process_tag(context, TAG_IPSRC, returnstat, 0);
1585 	returnstat = process_tag(context, TAG_IPDEST, returnstat, 1);
1586 
1587 	return (returnstat);
1588 }
1589 
1590 /*
1591  * -----------------------------------------------------------------------
1592  * iport_token() 	: Process ip port address token and display contents
1593  * return codes		: -1 - error
1594  *			:  0 - successful
1595  * NOTE: At time of call, the ip port address token id has been retrieved
1596  *
1597  * Format of ip port token:
1598  *	ip port address token id	adr_char
1599  *	port address			adr_short (in_port_t == uint16_t)
1600  * -----------------------------------------------------------------------
1601  */
1602 int
1603 iport_token(pr_context_t *context)
1604 {
1605 	return (pa_adr_u_short(context, 0, 1));
1606 }
1607 
1608 /*
1609  * -----------------------------------------------------------------------
1610  * socket_token() 	: Process socket token and display contents
1611  * return codes		: -1 - error
1612  *			:  0 - successful
1613  * NOTE: At time of call, the socket token id has been retrieved
1614  *
1615  * Format of socket token:
1616  *	ip socket token id		adr_char
1617  *	socket type			adr_short (in hex)
1618  *	foreign port			adr_short (in hex)
1619  *	foreign internet address	adr_hostname/adr_int32 (in ascii/hex)
1620  * -----------------------------------------------------------------------
1621  *
1622  * Note: local port and local internet address have been removed for 5.x
1623  */
1624 int
1625 socket_token(pr_context_t *context)
1626 {
1627 	int	returnstat;
1628 
1629 	returnstat = process_tag(context, TAG_SOCKTYPE, 0, 0);
1630 	returnstat = process_tag(context, TAG_SOCKPORT, returnstat, 0);
1631 	if (returnstat != 0)
1632 		return (returnstat);
1633 
1634 	if ((returnstat = open_tag(context, TAG_SOCKADDR)) != 0)
1635 		return (returnstat);
1636 
1637 	if ((returnstat = pa_hostname(context, returnstat, 1)) != 0)
1638 		return (returnstat);
1639 
1640 	return (close_tag(context, TAG_SOCKADDR));
1641 }
1642 
1643 /*
1644  * -----------------------------------------------------------------------
1645  * socket_ex_token()	: Process socket token and display contents
1646  * return codes		: -1 - error
1647  *			:  0 - successful
1648  * NOTE: At time of call, the extended socket token id has been retrieved
1649  *
1650  * Format of extended socket token:
1651  *	token id			adr_char
1652  *	socket domain			adr_short (in hex)
1653  *	socket type			adr_short (in hex)
1654  *	IP address type			adr_short (in hex) [not displayed]
1655  *	local port			adr_short (in hex)
1656  *	local internet address		adr_hostname/adr_int32 (in ascii/hex)
1657  *	foreign port			adr_short (in hex)
1658  *	foreign internet address	adr_hostname/adr_int32 (in ascii/hex)
1659  * -----------------------------------------------------------------------
1660  *
1661  * Note: local port and local internet address have been removed for 5.x
1662  */
1663 int
1664 socket_ex_token(pr_context_t *context)
1665 {
1666 	int	returnstat;
1667 
1668 	returnstat = process_tag(context, TAG_SOCKEXDOM, 0, 0);
1669 	returnstat = process_tag(context, TAG_SOCKEXTYPE, returnstat, 0);
1670 	returnstat = pa_hostname_so(context, returnstat, 1);
1671 
1672 	return (returnstat);
1673 }
1674 
1675 /*
1676  * -----------------------------------------------------------------------
1677  * sequence_token()	: Process sequence token and display contents
1678  * return codes		: -1 - error
1679  *			:  0 - successful
1680  * NOTE: At time of call, the socket token id has been retrieved
1681  *
1682  * Format of sequence token:
1683  *	sequence token id		adr_char
1684  *	sequence number 		adr_u_int32 (in hex)
1685  * -----------------------------------------------------------------------
1686  */
1687 int
1688 sequence_token(pr_context_t *context)
1689 {
1690 	return (process_tag(context, TAG_SEQNUM, 0, 1));
1691 }
1692 
1693 /*
1694  * -----------------------------------------------------------------------
1695  * acl_token()	: Process access control list term
1696  * return codes	: -1 - error
1697  *		:  0 - successful
1698  *
1699  * Format of acl token:
1700  *	token id	adr_char
1701  *	term type	adr_u_int32
1702  *	term value	adr_u_int32 (depends on type)
1703  *	file mode	adr_u_int (in octal)
1704  * -----------------------------------------------------------------------
1705  */
1706 int
1707 acl_token(pr_context_t *context)
1708 {
1709 	int	returnstat;
1710 
1711 	returnstat = pa_pw_uid_gr_gid(context, 0, 0);
1712 
1713 	return (process_tag(context, TAG_MODE, returnstat, 1));
1714 }
1715 
1716 /*
1717  * -----------------------------------------------------------------------
1718  * ace_token()	: Process ZFS/NFSv4 access control list term
1719  * return codes	: -1 - error
1720  *		:  0 - successful
1721  *
1722  * Format of ace token:
1723  *	token id	adr_char
1724  *	term who	adr_u_int32 (uid/gid)
1725  *	term mask	adr_u_int32
1726  *	term flags	adr_u_int16
1727  *	term type	adr_u_int16
1728  * -----------------------------------------------------------------------
1729  */
1730 int
1731 ace_token(pr_context_t *context)
1732 {
1733 	return (pa_ace(context, 0, 1));
1734 }
1735 
1736 /*
1737  * -----------------------------------------------------------------------
1738  * attribute_token()	: Process attribute token and display contents
1739  * return codes 	: -1 - error
1740  *			:  0 - successful
1741  * NOTE: At the time of call, the attribute token id has been retrieved
1742  *
1743  * Format of attribute token:
1744  *	attribute token id	adr_char
1745  * 	mode			adr_u_int (printed in octal)
1746  *	uid			adr_u_int
1747  *	gid			adr_u_int
1748  *	file system id		adr_int
1749  *
1750  *	node id			adr_int		(attribute_token
1751  *						 pre SunOS 5.7)
1752  *	device			adr_u_int
1753  * or
1754  *	node id			adr_int64	(attribute32_token)
1755  *	device			adr_u_int
1756  * or
1757  *	node id			adr_int64	(attribute64_token)
1758  *	device			adr_u_int64
1759  * -----------------------------------------------------------------------
1760  */
1761 int
1762 attribute_token(pr_context_t *context)
1763 {
1764 	int	returnstat;
1765 
1766 	returnstat = process_tag(context, TAG_MODE, 0, 0);
1767 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
1768 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
1769 	returnstat = process_tag(context, TAG_FSID, returnstat, 0);
1770 	returnstat = process_tag(context, TAG_NODEID32, returnstat, 0);
1771 	returnstat = process_tag(context, TAG_DEVICE32, returnstat, 1);
1772 
1773 	return (returnstat);
1774 }
1775 
1776 int
1777 attribute32_token(pr_context_t *context)
1778 {
1779 	int	returnstat;
1780 
1781 	returnstat = process_tag(context, TAG_MODE, 0, 0);
1782 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
1783 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
1784 	returnstat = process_tag(context, TAG_FSID, returnstat, 0);
1785 	returnstat = process_tag(context, TAG_NODEID64, returnstat, 0);
1786 	returnstat = process_tag(context, TAG_DEVICE32, returnstat, 1);
1787 
1788 	return (returnstat);
1789 }
1790 
1791 int
1792 attribute64_token(pr_context_t *context)
1793 {
1794 	int	returnstat;
1795 
1796 	returnstat = process_tag(context, TAG_MODE, 0, 0);
1797 	returnstat = process_tag(context, TAG_UID, returnstat, 0);
1798 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
1799 	returnstat = process_tag(context, TAG_FSID, returnstat, 0);
1800 	returnstat = process_tag(context, TAG_NODEID64, returnstat, 0);
1801 	returnstat = process_tag(context, TAG_DEVICE64, returnstat, 1);
1802 
1803 	return (returnstat);
1804 }
1805 
1806 /*
1807  * -----------------------------------------------------------------------
1808  * group_token() 	: Process group token and display contents
1809  * return codes 	: -1 - error
1810  *			:  0 - successful
1811  * NOTE: At the time of call, the group token id has been retrieved
1812  *
1813  * Format of group token:
1814  *	group token id		adr_char
1815  *	group list		adr_long, 16 times
1816  * -----------------------------------------------------------------------
1817  */
1818 int
1819 group_token(pr_context_t *context)
1820 {
1821 	int	returnstat = 0;
1822 	int	i;
1823 
1824 	for (i = 0; i < NGROUPS_MAX - 1; i++) {
1825 		if ((returnstat = process_tag(context, TAG_GROUPID,
1826 		    returnstat, 0)) < 0)
1827 			return (returnstat);
1828 	}
1829 
1830 	return (process_tag(context, TAG_GROUPID, returnstat, 1));
1831 }
1832 
1833 /*
1834  * -----------------------------------------------------------------------
1835  * newgroup_token() 	: Process group token and display contents
1836  * return codes 	: -1 - error
1837  *			:  0 - successful
1838  * NOTE: At the time of call, the group token id has been retrieved
1839  *
1840  * Format of new group token:
1841  *	group token id		adr_char
1842  *	group number		adr_short
1843  *	group list		adr_int32, group number times
1844  * -----------------------------------------------------------------------
1845  */
1846 int
1847 newgroup_token(pr_context_t *context)
1848 {
1849 	int	returnstat;
1850 	int	i, num;
1851 	short	n_groups;
1852 
1853 	returnstat = pr_adr_short(context, &n_groups, 1);
1854 	if (returnstat != 0)
1855 		return (returnstat);
1856 
1857 	num = (int)n_groups;
1858 	if (num == 0) {
1859 		if (!(context->format & PRF_XMLM)) {
1860 			returnstat = do_newline(context, 1);
1861 		}
1862 		return (returnstat);
1863 	}
1864 	for (i = 0; i < num - 1; i++) {
1865 		if ((returnstat = process_tag(context, TAG_GROUPID,
1866 		    returnstat, 0)) < 0)
1867 			return (returnstat);
1868 	}
1869 
1870 	return (process_tag(context, TAG_GROUPID, returnstat, 1));
1871 }
1872 
1873 static int
1874 string_token_common(pr_context_t *context, int tag)
1875 {
1876 	int	returnstat;
1877 	int	num;
1878 
1879 	returnstat = pr_adr_int32(context, (int32_t *)&num, 1);
1880 	if (returnstat != 0)
1881 		return (returnstat);
1882 
1883 	if (!(context->format & PRF_XMLM)) {
1884 		returnstat = pr_printf(context, "%d%s", num,
1885 		    context->SEPARATOR);
1886 		if (returnstat != 0)
1887 			return (returnstat);
1888 	}
1889 
1890 	if (num == 0)
1891 		return (do_newline(context, 1));
1892 
1893 	for (; num > 1; num--) {
1894 		if ((returnstat = (process_tag(context, tag,
1895 		    returnstat, 0))) < 0)
1896 			return (returnstat);
1897 	}
1898 
1899 	return (process_tag(context, tag, returnstat, 1));
1900 }
1901 
1902 int
1903 path_attr_token(pr_context_t *context)
1904 {
1905 	return (string_token_common(context, TAG_XAT));
1906 }
1907 
1908 int
1909 exec_args_token(pr_context_t *context)
1910 {
1911 	return (string_token_common(context, TAG_ARG));
1912 }
1913 
1914 int
1915 exec_env_token(pr_context_t *context)
1916 {
1917 	return (string_token_common(context, TAG_ENV));
1918 }
1919 
1920 /*
1921  * -----------------------------------------------------------------------
1922  * s5_IPC_perm_token() : Process System V IPC permission token and display
1923  *			 contents
1924  * return codes 	: -1 - error
1925  *			:  0 - successful
1926  * NOTE: At the time of call, the System V IPC permission token id
1927  * has been retrieved
1928  *
1929  * Format of System V IPC permission token:
1930  *	System V IPC permission token id	adr_char
1931  * 	uid					adr_u_int32
1932  *	gid					adr_u_int32
1933  *	cuid					adr_u_int32
1934  *	cgid					adr_u_int32
1935  *	mode					adr_u_int32
1936  *	seq					adr_u_int32
1937  *	key					adr_int32
1938  * -----------------------------------------------------------------------
1939  */
1940 int
1941 s5_IPC_perm_token(pr_context_t *context)
1942 {
1943 	int	returnstat;
1944 
1945 	returnstat = process_tag(context, TAG_UID, 0, 0);
1946 	returnstat = process_tag(context, TAG_GID, returnstat, 0);
1947 	returnstat = process_tag(context, TAG_CUID, returnstat, 0);
1948 	returnstat = process_tag(context, TAG_CGID, returnstat, 0);
1949 	returnstat = process_tag(context, TAG_MODE, returnstat, 0);
1950 	returnstat = process_tag(context, TAG_SEQ, returnstat, 0);
1951 	returnstat = process_tag(context, TAG_KEY, returnstat, 1);
1952 
1953 	return (returnstat);
1954 }
1955 
1956 /*
1957  * -----------------------------------------------------------------------
1958  * host_token()	: Process host token and display contents
1959  * return codes	: -1 - error
1960  *		:  0 - successful
1961  * NOTE: At the time of call, the host token id has been retrieved
1962  *
1963  * Format of host token:
1964  *	host token id		adr_char
1965  *	hostid			adr_u_int32
1966  * -----------------------------------------------------------------------
1967  */
1968 int
1969 host_token(pr_context_t *context)
1970 {
1971 	return (pa_hostname(context, 0, 1));
1972 }
1973 
1974 /*
1975  * -----------------------------------------------------------------------
1976  * liaison_token()	: Process liaison token and display contents
1977  * return codes 	: -1 - error
1978  *			:  0 - successful
1979  * NOTE: At the time of call, the liaison token id has been retrieved
1980  *
1981  * Format of liaison token:
1982  *	liaison token id	adr_char
1983  *	liaison			adr_u_int32
1984  * -----------------------------------------------------------------------
1985  */
1986 int
1987 liaison_token(pr_context_t *context)
1988 {
1989 	return (pa_liaison(context, 0, 1));
1990 }
1991 
1992 /*
1993  * -----------------------------------------------------------------------
1994  * useofauth_token(): Process useofauth token and display contents
1995  * return codes	: -1 - error
1996  *		:  0 - successful
1997  * NOTE: At the time of call, the uauth token id has been retrieved
1998  *
1999  * Format of useofauth token:
2000  *	uauth token id		adr_char
2001  * 	uauth			adr_string
2002  * -----------------------------------------------------------------------
2003  */
2004 int
2005 useofauth_token(pr_context_t *context)
2006 {
2007 	return (pa_adr_string(context, 0, 1));
2008 }
2009 
2010 /*
2011  * -----------------------------------------------------------------------
2012  * zonename_token(): Process zonename token and display contents
2013  * return codes	: -1 - error
2014  *		:  0 - successful
2015  * NOTE: At the time of call, the zonename token id has been retrieved
2016  *
2017  * Format of zonename token:
2018  *	zonename token id	adr_char
2019  * 	zone name		adr_string
2020  * -----------------------------------------------------------------------
2021  */
2022 int
2023 zonename_token(pr_context_t *context)
2024 {
2025 	return (process_tag(context, TAG_ZONENAME, 0, 1));
2026 }
2027 
2028 /*
2029  * -----------------------------------------------------------------------
2030  * fmri_token(): Process fmri token and display contents
2031  * return codes	: -1 - error
2032  *		:  0 - successful
2033  * NOTE: At the time of call, the fmri token id has been retrieved
2034  *
2035  * Format of fmri token:
2036  *	fmri token id		adr_char
2037  * 	service instance name	adr_string
2038  * -----------------------------------------------------------------------
2039  */
2040 int
2041 fmri_token(pr_context_t *context)
2042 {
2043 	return (pa_adr_string(context, 0, 1));
2044 }
2045 
2046 /*
2047  * -----------------------------------------------------------------------
2048  * xatom_token()	: Process Xatom token and display contents in hex.
2049  * return codes		: -1 - error
2050  *			:  0 - successful
2051  * NOTE: At the time of call, the xatom token id has been retrieved
2052  *
2053  * Format of xatom token:
2054  *	token id		adr_char
2055  * 	length			adr_short
2056  * 	atom			adr_char length times
2057  * -----------------------------------------------------------------------
2058  */
2059 int
2060 xatom_token(pr_context_t *context)
2061 {
2062 	return (pa_adr_string(context, 0, 1));
2063 }
2064 
2065 int
2066 xcolormap_token(pr_context_t *context)
2067 {
2068 	return (pa_xgeneric(context));
2069 }
2070 
2071 int
2072 xcursor_token(pr_context_t *context)
2073 {
2074 	return (pa_xgeneric(context));
2075 }
2076 
2077 int
2078 xfont_token(pr_context_t *context)
2079 {
2080 	return (pa_xgeneric(context));
2081 }
2082 
2083 int
2084 xgc_token(pr_context_t *context)
2085 {
2086 	return (pa_xgeneric(context));
2087 }
2088 
2089 int
2090 xpixmap_token(pr_context_t *context)
2091 {
2092 	return (pa_xgeneric(context));
2093 }
2094 
2095 int
2096 xwindow_token(pr_context_t *context)
2097 {
2098 	return (pa_xgeneric(context));
2099 }
2100 
2101 /*
2102  * -----------------------------------------------------------------------
2103  * xproperty_token(): Process Xproperty token and display contents
2104  *
2105  * return codes		: -1 - error
2106  *			:  0 - successful
2107  * NOTE: At the time of call, the xproperty token id has been retrieved
2108  *
2109  * Format of xproperty token:
2110  *	token id		adr_char
2111  *	XID			adr_u_int32
2112  *	creator UID		adr_u_int32
2113  *	text			adr_text
2114  * -----------------------------------------------------------------------
2115  */
2116 int
2117 xproperty_token(pr_context_t *context)
2118 {
2119 	int	returnstat;
2120 
2121 	returnstat = process_tag(context, TAG_XID, 0, 0);
2122 	returnstat = process_tag(context, TAG_XCUID, returnstat, 0);
2123 
2124 	/* Done with attributes; force end of token open */
2125 	if (returnstat == 0)
2126 		returnstat = finish_open_tag(context);
2127 
2128 	returnstat = pa_adr_string(context, returnstat, 1);
2129 
2130 	return (returnstat);
2131 }
2132 
2133 /*
2134  * -----------------------------------------------------------------------
2135  * xselect_token(): Process Xselect token and display contents in hex
2136  *
2137  * return codes		: -1 - error
2138  *			:  0 - successful
2139  * NOTE: At the time of call, the xselect token id has been retrieved
2140  *
2141  * Format of xselect token
2142  *	text token id		adr_char
2143  * 	property text		adr_string
2144  * 	property type		adr_string
2145  * 	property data		adr_string
2146  * -----------------------------------------------------------------------
2147  */
2148 int
2149 xselect_token(pr_context_t *context)
2150 {
2151 	int	returnstat;
2152 
2153 	returnstat = process_tag(context, TAG_XSELTEXT, 0, 0);
2154 	returnstat = process_tag(context, TAG_XSELTYPE, returnstat, 0);
2155 	returnstat = process_tag(context, TAG_XSELDATA, returnstat, 1);
2156 
2157 	return (returnstat);
2158 }
2159 
2160 /*
2161  * -----------------------------------------------------------------------
2162  * xclient_token(): Process Xclient token and display contents in hex.
2163  *
2164  * return codes		: -1 - error
2165  *			:  0 - successful
2166  *
2167  * Format of xclient token:
2168  *	token id		adr_char
2169  * 	client			adr_int32
2170  * -----------------------------------------------------------------------
2171  */
2172 int
2173 xclient_token(pr_context_t *context)
2174 {
2175 	return (pa_adr_int32(context, 0, 1));
2176 }
2177 
2178 /*
2179  * -----------------------------------------------------------------------
2180  * label_token() 	: Process label token and display contents
2181  * return codes 	: -1 - error
2182  *			: 0 - successful
2183  * NOTE: At the time of call, the label token id has been retrieved
2184  *
2185  * Format of label token:
2186  *	label token id			adr_char
2187  *      label ID                	adr_char
2188  *      label compartment length	adr_char
2189  *      label classification		adr_short
2190  *      label compartment words		<compartment length> * 4 adr_char
2191  * -----------------------------------------------------------------------
2192  */
2193 /*ARGSUSED*/
2194 int
2195 label_token(pr_context_t *context)
2196 {
2197 	static m_label_t *label = NULL;
2198 	static size_t l_size;
2199 	int	len;
2200 	int	returnstat;
2201 	uval_t	uval;
2202 
2203 	if (label == NULL) {
2204 		if ((label = m_label_alloc(MAC_LABEL)) == NULL) {
2205 			return (-1);
2206 		}
2207 		l_size = blabel_size() - 4;
2208 	}
2209 	if ((returnstat = pr_adr_char(context, (char *)label, 4)) == 0) {
2210 		len = (int)(((char *)label)[1] * 4);
2211 		if ((len > l_size) ||
2212 		    (pr_adr_char(context, &((char *)label)[4], len) != 0)) {
2213 			return (-1);
2214 		}
2215 		uval.uvaltype = PRA_STRING;
2216 		if (!(context->format & PRF_RAWM)) {
2217 			/* print in ASCII form */
2218 			if (label_to_str(label, &uval.string_val, M_LABEL,
2219 			    DEF_NAMES) == 0) {
2220 				returnstat = pa_print(context, &uval, 1);
2221 			} else /* cannot convert to string */
2222 				returnstat = 1;
2223 		}
2224 		/* print in hexadecimal form */
2225 		if ((context->format & PRF_RAWM) || (returnstat == 1)) {
2226 			uval.string_val = hexconvert((char *)label, len, len);
2227 			if (uval.string_val) {
2228 				returnstat = pa_print(context, &uval, 1);
2229 			}
2230 		}
2231 		free(uval.string_val);
2232 	}
2233 	return (returnstat);
2234 }
2235 
2236 /*
2237  * -----------------------------------------------------------------------
2238  * useofpriv_token() : Process priv token and display contents
2239  * return codes 	: -1 - error
2240  *			:  0 - successful
2241  * NOTE: At the time of call, the useofpriv token id has been retrieved
2242  *
2243  * Format of useofpriv token:
2244  *	useofpriv token id	adr_char
2245  *	success/failure flag	adr_char
2246  *	priv			adr_int32 (Trusted Solaris)
2247  *	priv_set		'\0' separated privileges.
2248  * -----------------------------------------------------------------------
2249  */
2250 /*ARGSUSED*/
2251 int
2252 useofpriv_token(pr_context_t *context)
2253 {
2254 	int	returnstat;
2255 	char	sf;
2256 	uval_t	uval;
2257 
2258 	if ((returnstat = pr_adr_char(context, &sf, 1)) != 0) {
2259 		return (returnstat);
2260 	}
2261 	if (!(context->format & PRF_RAWM)) {
2262 		/* print in ASCII form */
2263 
2264 		if ((returnstat = open_tag(context, TAG_RESULT)) != 0)
2265 			return (returnstat);
2266 
2267 		uval.uvaltype = PRA_STRING;
2268 		if (sf) {
2269 			uval.string_val = gettext("successful use of priv");
2270 			returnstat = pa_print(context, &uval, 0);
2271 		} else {
2272 			uval.string_val = gettext("failed use of priv");
2273 			returnstat = pa_print(context, &uval, 0);
2274 		}
2275 		if (returnstat == 0)
2276 			returnstat = close_tag(context, TAG_RESULT);
2277 
2278 		/* Done with attributes; force end of token open */
2279 		if (returnstat == 0)
2280 			returnstat = finish_open_tag(context);
2281 	} else {
2282 		/* print in hexadecimal form */
2283 		if ((returnstat = open_tag(context, TAG_RESULT)) != 0)
2284 			return (returnstat);
2285 		uval.uvaltype = PRA_SHORT;
2286 		uval.short_val = sf;
2287 		returnstat = pa_print(context, &uval, 0);
2288 		if (returnstat == 0)
2289 			returnstat = close_tag(context, TAG_RESULT);
2290 
2291 		/* Done with attributes; force end of token open */
2292 		if (returnstat == 0)
2293 			returnstat = finish_open_tag(context);
2294 	}
2295 	return (pa_adr_string(context, 0, 1));
2296 }
2297 
2298 /*
2299  * -----------------------------------------------------------------------
2300  * privilege_token()	: Process privilege token and display contents
2301  * return codes 	: -1 - error
2302  *			:  0 - successful
2303  * NOTE: At the time of call, the privilege token id has been retrieved
2304  *
2305  * Format of privilege token:
2306  *	privilege token id	adr_char
2307  *	privilege type		adr_string
2308  *	privilege		adr_string
2309  * -----------------------------------------------------------------------
2310  */
2311 int
2312 privilege_token(pr_context_t *context)
2313 {
2314 	int	returnstat;
2315 
2316 	/* privilege type: */
2317 	returnstat = process_tag(context, TAG_SETTYPE, 0, 0);
2318 
2319 	/* Done with attributes; force end of token open */
2320 	if (returnstat == 0)
2321 		returnstat = finish_open_tag(context);
2322 
2323 	/* privilege: */
2324 	return (pa_adr_string(context, returnstat, 1));
2325 }
2326