1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/types.h> 29 #include <unistd.h> 30 #include <bsm/audit.h> 31 #include <bsm/audit_record.h> 32 #include <bsm/libbsm.h> 33 #include <priv.h> 34 #include <sys/ipc.h> 35 #include <sys/param.h> 36 #include <sys/socket.h> 37 #include <sys/time.h> 38 #include <sys/vnode.h> 39 #include <malloc.h> 40 #include <net/route.h> 41 #include <netinet/in.h> 42 #include <netinet/in_pcb.h> 43 #include <string.h> 44 #include <ucred.h> 45 #include <zone.h> 46 #include <sys/tsol/label.h> 47 48 #define NGROUPS 16 /* XXX - temporary */ 49 50 token_t *au_to_arg(char n, char *text, uint32_t v); 51 #pragma weak au_to_arg = au_to_arg32 52 token_t *au_to_return(char number, uint32_t value); 53 #pragma weak au_to_return = au_to_return32 54 55 static token_t *au_to_exec(char **, char); 56 57 static token_t * 58 get_token(int s) 59 { 60 token_t *token; /* Resultant token */ 61 62 if ((token = (token_t *)malloc(sizeof (token_t))) == NULL) 63 return (NULL); 64 if ((token->tt_data = malloc(s)) == NULL) { 65 free(token); 66 return (NULL); 67 } 68 token->tt_size = s; 69 token->tt_next = NULL; 70 return (token); 71 } 72 73 /* 74 * au_to_header 75 * return s: 76 * pointer to header token. 77 */ 78 token_t * 79 au_to_header(au_event_t e_type, au_emod_t e_mod) 80 { 81 adr_t adr; /* adr memory stream header */ 82 token_t *token; /* token pointer */ 83 char version = TOKEN_VERSION; /* version of token family */ 84 int32_t byte_count; 85 struct timeval tv; 86 #ifdef _LP64 87 char data_header = AUT_HEADER64; /* header for this token */ 88 89 token = get_token(2 * sizeof (char) + sizeof (int32_t) + 90 2 * sizeof (int64_t) + 2 * sizeof (short)); 91 #else 92 char data_header = AUT_HEADER32; 93 94 token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) + 95 2 * sizeof (short)); 96 #endif 97 98 if (token == NULL) 99 return (NULL); 100 adr_start(&adr, token->tt_data); 101 adr_char(&adr, &data_header, 1); /* token ID */ 102 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 103 adr_char(&adr, &version, 1); /* version of audit tokens */ 104 adr_short(&adr, &e_type, 1); /* event ID */ 105 adr_short(&adr, &e_mod, 1); /* event ID modifier */ 106 #ifdef _LP64 107 adr_int64(&adr, (int64_t *)&tv, 2); /* time & date */ 108 #else 109 adr_int32(&adr, (int32_t *)&tv, 2); /* time & date */ 110 #endif 111 return (token); 112 } 113 114 /* 115 * au_to_header_ex 116 * return s: 117 * pointer to header token. 118 */ 119 token_t * 120 au_to_header_ex(au_event_t e_type, au_emod_t e_mod) 121 { 122 adr_t adr; /* adr memory stream header */ 123 token_t *token; /* token pointer */ 124 char version = TOKEN_VERSION; /* version of token family */ 125 int32_t byte_count; 126 struct timeval tv; 127 auditinfo_addr_t audit_info; 128 au_tid_addr_t *host_info = &audit_info.ai_termid; 129 #ifdef _LP64 130 char data_header = AUT_HEADER64_EX; /* header for this token */ 131 #else 132 char data_header = AUT_HEADER32_EX; 133 #endif 134 135 /* If our host address can't be determined, revert to un-extended hdr */ 136 137 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info, 138 sizeof (audit_info)) < 0) 139 return (au_to_header(e_type, e_mod)); 140 141 if (host_info->at_type == AU_IPv6) 142 if (IN6_IS_ADDR_UNSPECIFIED((in6_addr_t *)host_info->at_addr)) 143 return (au_to_header(e_type, e_mod)); 144 else 145 if (host_info->at_addr[0] == htonl(INADDR_ANY)) 146 return (au_to_header(e_type, e_mod)); 147 148 #ifdef _LP64 149 token = get_token(2 * sizeof (char) + sizeof (int32_t) + 150 2 * sizeof (int64_t) + 2 * sizeof (short) + 151 sizeof (int32_t) + host_info->at_type); 152 #else 153 token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) + 154 2 * sizeof (short) + sizeof (int32_t) + host_info->at_type); 155 #endif 156 157 if (token == NULL) 158 return (NULL); 159 adr_start(&adr, token->tt_data); 160 adr_char(&adr, &data_header, 1); /* token ID */ 161 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 162 adr_char(&adr, &version, 1); /* version of audit tokens */ 163 adr_short(&adr, &e_type, 1); /* event ID */ 164 adr_short(&adr, &e_mod, 1); /* event ID modifier */ 165 adr_int32(&adr, (int32_t *)&host_info->at_type, 1); 166 adr_char(&adr, (char *)host_info->at_addr, 167 (int)host_info->at_type); 168 #ifdef _LP64 169 adr_int64(&adr, (int64_t *)&tv, 2); /* time & date */ 170 #else 171 adr_int32(&adr, (int32_t *)&tv, 2); /* time & date */ 172 #endif 173 return (token); 174 } 175 176 /* 177 * au_to_trailer 178 * return s: 179 * pointer to a trailer token. 180 */ 181 token_t * 182 au_to_trailer(void) 183 { 184 adr_t adr; /* adr memory stream header */ 185 token_t *token; /* token pointer */ 186 char data_header = AUT_TRAILER; /* header for this token */ 187 short magic = (short)AUT_TRAILER_MAGIC; /* trailer magic number */ 188 int32_t byte_count; 189 190 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (short)); 191 if (token == NULL) 192 return (NULL); 193 adr_start(&adr, token->tt_data); 194 adr_char(&adr, &data_header, 1); /* token ID */ 195 adr_short(&adr, &magic, 1); /* magic number */ 196 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 197 198 return (token); 199 } 200 201 /* 202 * au_to_arg32 203 * return s: 204 * pointer to an argument token. 205 */ 206 token_t * 207 au_to_arg32(char n, char *text, uint32_t v) 208 { 209 token_t *token; /* local token */ 210 adr_t adr; /* adr memory stream header */ 211 char data_header = AUT_ARG32; /* header for this token */ 212 short bytes; /* length of string */ 213 214 bytes = strlen(text) + 1; 215 216 token = get_token((int)(2 * sizeof (char) + sizeof (int32_t) + 217 sizeof (short) + bytes)); 218 if (token == NULL) 219 return (NULL); 220 adr_start(&adr, token->tt_data); 221 adr_char(&adr, &data_header, 1); /* token type */ 222 adr_char(&adr, &n, 1); /* argument id */ 223 adr_int32(&adr, (int32_t *)&v, 1); /* argument value */ 224 adr_short(&adr, &bytes, 1); 225 adr_char(&adr, text, bytes); 226 227 return (token); 228 } 229 230 /* 231 * au_to_arg64 232 * return s: 233 * pointer to an argument token. 234 */ 235 token_t * 236 au_to_arg64(char n, char *text, uint64_t v) 237 { 238 token_t *token; /* local token */ 239 adr_t adr; /* adr memory stream header */ 240 char data_header = AUT_ARG64; /* header for this token */ 241 short bytes; /* length of string */ 242 243 bytes = strlen(text) + 1; 244 245 token = get_token((int)(2 * sizeof (char) + sizeof (int64_t) + 246 sizeof (short) + bytes)); 247 if (token == NULL) 248 return (NULL); 249 adr_start(&adr, token->tt_data); 250 adr_char(&adr, &data_header, 1); /* token type */ 251 adr_char(&adr, &n, 1); /* argument id */ 252 adr_int64(&adr, (int64_t *)&v, 1); /* argument value */ 253 adr_short(&adr, &bytes, 1); 254 adr_char(&adr, text, bytes); 255 256 return (token); 257 } 258 259 260 /* 261 * au_to_attr 262 * return s: 263 * pointer to an attribute token. 264 */ 265 token_t * 266 au_to_attr(struct vattr *attr) 267 { 268 token_t *token; /* local token */ 269 adr_t adr; /* adr memory stream header */ 270 int32_t value; 271 #ifdef _LP64 272 char data_header = AUT_ATTR64; /* header for this token */ 273 274 token = get_token(sizeof (char) + 275 sizeof (int32_t) * 4 + 276 sizeof (int64_t) * 2); 277 #else 278 char data_header = AUT_ATTR32; 279 280 token = get_token(sizeof (char) + sizeof (int32_t) * 5 + 281 sizeof (int64_t)); 282 #endif 283 284 if (token == NULL) 285 return (NULL); 286 adr_start(&adr, token->tt_data); 287 adr_char(&adr, &data_header, 1); 288 value = (int32_t)attr->va_mode; 289 adr_int32(&adr, &value, 1); 290 value = (int32_t)attr->va_uid; 291 adr_int32(&adr, &value, 1); 292 value = (int32_t)attr->va_gid; 293 adr_int32(&adr, &value, 1); 294 adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1); 295 adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1); 296 #ifdef _LP64 297 adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1); 298 #else 299 adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1); 300 #endif 301 302 return (token); 303 } 304 305 /* 306 * au_to_data 307 * return s: 308 * pointer to a data token. 309 */ 310 token_t * 311 au_to_data(char unit_print, char unit_type, char unit_count, char *p) 312 { 313 adr_t adr; /* adr memory stream header */ 314 token_t *token; /* token pointer */ 315 char data_header = AUT_DATA; /* header for this token */ 316 int byte_count; /* number of bytes */ 317 318 if (p == NULL || unit_count < 1) 319 return (NULL); 320 321 /* 322 * Check validity of print type 323 */ 324 if (unit_print < AUP_BINARY || unit_print > AUP_STRING) 325 return (NULL); 326 327 switch (unit_type) { 328 case AUR_SHORT: 329 byte_count = unit_count * sizeof (short); 330 break; 331 case AUR_INT32: 332 byte_count = unit_count * sizeof (int32_t); 333 break; 334 case AUR_INT64: 335 byte_count = unit_count * sizeof (int64_t); 336 break; 337 /* case AUR_CHAR: */ 338 case AUR_BYTE: 339 byte_count = unit_count * sizeof (char); 340 break; 341 default: 342 return (NULL); 343 } 344 345 token = get_token((int)(4 * sizeof (char) + byte_count)); 346 if (token == NULL) 347 return (NULL); 348 adr_start(&adr, token->tt_data); 349 adr_char(&adr, &data_header, 1); 350 adr_char(&adr, &unit_print, 1); 351 adr_char(&adr, &unit_type, 1); 352 adr_char(&adr, &unit_count, 1); 353 354 switch (unit_type) { 355 case AUR_SHORT: 356 /* LINTED */ 357 adr_short(&adr, (short *)p, unit_count); 358 break; 359 case AUR_INT32: 360 /* LINTED */ 361 adr_int32(&adr, (int32_t *)p, unit_count); 362 break; 363 case AUR_INT64: 364 /* LINTED */ 365 adr_int64(&adr, (int64_t *)p, unit_count); 366 break; 367 /* case AUR_CHAR: */ 368 case AUR_BYTE: 369 adr_char(&adr, p, unit_count); 370 break; 371 } 372 373 return (token); 374 } 375 376 /* 377 * au_to_privset 378 * 379 * priv_type (LIMIT, INHERIT...) is the first string and privilege 380 * in translated into the second string. The format is as follows: 381 * 382 * token id adr_char 383 * priv type adr_string (short, string) 384 * priv set adr_string (short, string) 385 * 386 * return s: 387 * pointer to a AUT_PRIV token. 388 */ 389 token_t * 390 au_to_privset(const char *priv_type, const priv_set_t *privilege) 391 { 392 token_t *token; /* local token */ 393 adr_t adr; /* adr memory stream header */ 394 char data_header = AUT_PRIV; /* header for this token */ 395 short t_bytes; /* length of type string */ 396 short p_bytes; /* length of privilege string */ 397 char *priv_string; /* privilege string */ 398 399 t_bytes = strlen(priv_type) + 1; 400 401 if ((privilege == NULL) || (priv_string = 402 priv_set_to_str(privilege, ',', 403 PRIV_STR_LIT)) == NULL) 404 return (NULL); 405 406 p_bytes = strlen(priv_string) + 1; 407 408 token = get_token((int)(sizeof (char) + (2 * sizeof (short)) + t_bytes 409 + p_bytes)); 410 if (token == NULL) 411 return (NULL); 412 413 adr_start(&adr, token->tt_data); 414 adr_char(&adr, &data_header, 1); 415 adr_short(&adr, &t_bytes, 1); 416 adr_char(&adr, (char *)priv_type, t_bytes); 417 adr_short(&adr, &p_bytes, 1); 418 adr_char(&adr, priv_string, p_bytes); 419 420 free(priv_string); 421 422 return (token); 423 } 424 425 /* 426 * au_to_process 427 * return s: 428 * pointer to a process token. 429 */ 430 431 token_t * 432 au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 433 pid_t pid, au_asid_t sid, au_tid_t *tid) 434 { 435 token_t *token; /* local token */ 436 adr_t adr; /* adr memory stream header */ 437 #ifdef _LP64 438 char data_header = AUT_PROCESS64; /* header for this token */ 439 440 token = get_token(sizeof (char) + 8 * sizeof (int32_t) + 441 sizeof (int64_t)); 442 #else 443 char data_header = AUT_PROCESS32; 444 445 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 446 #endif 447 448 if (token == NULL) 449 return (NULL); 450 adr_start(&adr, token->tt_data); 451 adr_char(&adr, &data_header, 1); 452 adr_int32(&adr, (int32_t *)&auid, 1); 453 adr_int32(&adr, (int32_t *)&euid, 1); 454 adr_int32(&adr, (int32_t *)&egid, 1); 455 adr_int32(&adr, (int32_t *)&ruid, 1); 456 adr_int32(&adr, (int32_t *)&rgid, 1); 457 adr_int32(&adr, (int32_t *)&pid, 1); 458 adr_int32(&adr, (int32_t *)&sid, 1); 459 #ifdef _LP64 460 adr_int64(&adr, (int64_t *)&tid->port, 1); 461 #else 462 adr_int32(&adr, (int32_t *)&tid->port, 1); 463 #endif 464 adr_int32(&adr, (int32_t *)&tid->machine, 1); 465 466 return (token); 467 } 468 469 /* 470 * au_to_process_ex 471 * return s: 472 * pointer to a process_ex token. 473 */ 474 token_t * 475 au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 476 pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 477 { 478 token_t *token; /* local token */ 479 adr_t adr; /* adr memory stream header */ 480 char data_header; /* header for this token */ 481 482 #ifdef _LP64 483 if (tid->at_type == AU_IPv6) { 484 data_header = AUT_PROCESS64_EX; 485 token = get_token(sizeof (char) + sizeof (int64_t) + 486 12 * sizeof (int32_t)); 487 } else { 488 data_header = AUT_PROCESS64; 489 token = get_token(sizeof (char) + sizeof (int64_t) + 490 8 * sizeof (int32_t)); 491 } 492 #else 493 if (tid->at_type == AU_IPv6) { 494 data_header = AUT_PROCESS32_EX; 495 token = get_token(sizeof (char) + 13 * sizeof (int32_t)); 496 } else { 497 data_header = AUT_PROCESS32; 498 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 499 } 500 #endif 501 if (token == NULL) 502 return (NULL); 503 adr_start(&adr, token->tt_data); 504 adr_char(&adr, &data_header, 1); 505 adr_int32(&adr, (int32_t *)&auid, 1); 506 adr_int32(&adr, (int32_t *)&euid, 1); 507 adr_int32(&adr, (int32_t *)&egid, 1); 508 adr_int32(&adr, (int32_t *)&ruid, 1); 509 adr_int32(&adr, (int32_t *)&rgid, 1); 510 adr_int32(&adr, (int32_t *)&pid, 1); 511 adr_int32(&adr, (int32_t *)&sid, 1); 512 #ifdef _LP64 513 adr_int64(&adr, (int64_t *)&tid->at_port, 1); 514 #else 515 adr_int32(&adr, (int32_t *)&tid->at_port, 1); 516 #endif 517 if (tid->at_type == AU_IPv6) { 518 adr_int32(&adr, (int32_t *)&tid->at_type, 1); 519 adr_char(&adr, (char *)tid->at_addr, 16); 520 } else { 521 adr_char(&adr, (char *)tid->at_addr, 4); 522 } 523 524 return (token); 525 } 526 527 /* 528 * au_to_seq 529 * return s: 530 * pointer to token chain containing a sequence token 531 */ 532 token_t * 533 au_to_seq(int audit_count) 534 { 535 token_t *token; /* local token */ 536 adr_t adr; /* adr memory stream header */ 537 char data_header = AUT_SEQ; /* header for this token */ 538 539 token = get_token(sizeof (char) + sizeof (int32_t)); 540 if (token == NULL) 541 return (NULL); 542 adr_start(&adr, token->tt_data); 543 adr_char(&adr, &data_header, 1); 544 adr_int32(&adr, (int32_t *)&audit_count, 1); 545 546 return (token); 547 } 548 549 /* 550 * au_to_socket 551 * return s: 552 * pointer to mbuf chain containing a socket token. 553 */ 554 token_t * 555 au_to_socket(struct oldsocket *so) 556 { 557 adr_t adr; 558 token_t *token; 559 char data_header = AUT_SOCKET; 560 struct inpcb *inp = so->so_pcb; 561 562 token = get_token(sizeof (char) + sizeof (short) * 3 + 563 sizeof (int32_t) * 2); 564 if (token == NULL) 565 return (NULL); 566 adr_start(&adr, token->tt_data); 567 adr_char(&adr, &data_header, 1); 568 adr_short(&adr, (short *)&so->so_type, 1); 569 adr_short(&adr, (short *)&inp->inp_lport, 1); 570 adr_int32(&adr, (int32_t *)&inp->inp_laddr, 1); 571 adr_short(&adr, (short *)&inp->inp_fport, 1); 572 adr_int32(&adr, (int32_t *)&inp->inp_faddr, 1); 573 574 return (token); 575 } 576 577 /* 578 * au_to_subject 579 * return s: 580 * pointer to a process token. 581 */ 582 583 token_t * 584 au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 585 pid_t pid, au_asid_t sid, au_tid_t *tid) 586 { 587 token_t *token; /* local token */ 588 adr_t adr; /* adr memory stream header */ 589 #ifdef _LP64 590 char data_header = AUT_SUBJECT64; /* header for this token */ 591 592 token = get_token(sizeof (char) + sizeof (int64_t) + 593 8 * sizeof (int32_t)); 594 #else 595 char data_header = AUT_SUBJECT32; 596 597 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 598 #endif 599 600 if (token == NULL) 601 return (NULL); 602 adr_start(&adr, token->tt_data); 603 adr_char(&adr, &data_header, 1); 604 adr_int32(&adr, (int32_t *)&auid, 1); 605 adr_int32(&adr, (int32_t *)&euid, 1); 606 adr_int32(&adr, (int32_t *)&egid, 1); 607 adr_int32(&adr, (int32_t *)&ruid, 1); 608 adr_int32(&adr, (int32_t *)&rgid, 1); 609 adr_int32(&adr, (int32_t *)&pid, 1); 610 adr_int32(&adr, (int32_t *)&sid, 1); 611 #ifdef _LP64 612 adr_int64(&adr, (int64_t *)&tid->port, 1); 613 #else 614 adr_int32(&adr, (int32_t *)&tid->port, 1); 615 #endif 616 adr_int32(&adr, (int32_t *)&tid->machine, 1); 617 618 return (token); 619 } 620 621 /* 622 * au_to_subject_ex 623 * return s: 624 * pointer to a process token. 625 */ 626 627 token_t * 628 au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 629 pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 630 { 631 token_t *token; /* local token */ 632 adr_t adr; /* adr memory stream header */ 633 #ifdef _LP64 634 char data_header; /* header for this token */ 635 636 if (tid->at_type == AU_IPv6) { 637 data_header = AUT_SUBJECT64_EX; 638 token = get_token(sizeof (char) + sizeof (int64_t) + 639 12 * sizeof (int32_t)); 640 } else { 641 data_header = AUT_SUBJECT64; 642 token = get_token(sizeof (char) + sizeof (int64_t) + 643 8 * sizeof (int32_t)); 644 } 645 #else 646 char data_header; /* header for this token */ 647 648 if (tid->at_type == AU_IPv6) { 649 data_header = AUT_SUBJECT32_EX; 650 token = get_token(sizeof (char) + 13 * sizeof (int32_t)); 651 } else { 652 data_header = AUT_SUBJECT32; 653 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 654 } 655 #endif 656 657 if (token == NULL) 658 return (NULL); 659 adr_start(&adr, token->tt_data); 660 adr_char(&adr, &data_header, 1); 661 adr_int32(&adr, (int32_t *)&auid, 1); 662 adr_int32(&adr, (int32_t *)&euid, 1); 663 adr_int32(&adr, (int32_t *)&egid, 1); 664 adr_int32(&adr, (int32_t *)&ruid, 1); 665 adr_int32(&adr, (int32_t *)&rgid, 1); 666 adr_int32(&adr, (int32_t *)&pid, 1); 667 adr_int32(&adr, (int32_t *)&sid, 1); 668 #ifdef _LP64 669 adr_int64(&adr, (int64_t *)&tid->at_port, 1); 670 #else 671 adr_int32(&adr, (int32_t *)&tid->at_port, 1); 672 #endif 673 if (tid->at_type == AU_IPv6) { 674 adr_int32(&adr, (int32_t *)&tid->at_type, 1); 675 adr_char(&adr, (char *)tid->at_addr, 16); 676 } else { 677 adr_char(&adr, (char *)tid->at_addr, 4); 678 } 679 680 return (token); 681 } 682 683 /* 684 * au_to_me 685 * return s: 686 * pointer to a process token. 687 */ 688 689 token_t * 690 au_to_me(void) 691 { 692 auditinfo_addr_t info; 693 694 if (getaudit_addr(&info, sizeof (info))) 695 return (NULL); 696 return (au_to_subject_ex(info.ai_auid, geteuid(), getegid(), getuid(), 697 getgid(), getpid(), info.ai_asid, &info.ai_termid)); 698 } 699 /* 700 * au_to_text 701 * return s: 702 * pointer to a text token. 703 */ 704 token_t * 705 au_to_text(char *text) 706 { 707 token_t *token; /* local token */ 708 adr_t adr; /* adr memory stream header */ 709 char data_header = AUT_TEXT; /* header for this token */ 710 short bytes; /* length of string */ 711 712 bytes = strlen(text) + 1; 713 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 714 if (token == NULL) 715 return (NULL); 716 adr_start(&adr, token->tt_data); 717 adr_char(&adr, &data_header, 1); 718 adr_short(&adr, &bytes, 1); 719 adr_char(&adr, text, bytes); 720 721 return (token); 722 } 723 724 /* 725 * au_to_path 726 * return s: 727 * pointer to a path token. 728 */ 729 token_t * 730 au_to_path(char *path) 731 { 732 token_t *token; /* local token */ 733 adr_t adr; /* adr memory stream header */ 734 char data_header = AUT_PATH; /* header for this token */ 735 short bytes; /* length of string */ 736 737 bytes = (short)strlen(path) + 1; 738 739 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 740 if (token == NULL) 741 return (NULL); 742 adr_start(&adr, token->tt_data); 743 adr_char(&adr, &data_header, 1); 744 adr_short(&adr, &bytes, 1); 745 adr_char(&adr, path, bytes); 746 747 return (token); 748 } 749 750 /* 751 * au_to_cmd 752 * return s: 753 * pointer to an command line argument token 754 */ 755 token_t * 756 au_to_cmd(uint_t argc, char **argv, char **envp) 757 { 758 token_t *token; /* local token */ 759 adr_t adr; /* adr memory stream header */ 760 char data_header = AUT_CMD; /* header for this token */ 761 short len = 0; 762 short cnt = 0; 763 short envc = 0; 764 short largc = (short)argc; 765 766 /* 767 * one char for the header, one short for argc, 768 * one short for # envp strings. 769 */ 770 len = sizeof (char) + sizeof (short) + sizeof (short); 771 772 /* get sizes of strings */ 773 774 for (cnt = 0; cnt < argc; cnt++) { 775 len += (short)sizeof (short) + (short)(strlen(argv[cnt]) + 1); 776 } 777 778 if (envp != NULL) { 779 for (envc = 0; envp[envc] != NULL; envc++) { 780 len += (short)sizeof (short) + 781 (short)(strlen(envp[envc]) + 1); 782 } 783 } 784 785 token = get_token(len); 786 if (token == NULL) 787 return (NULL); 788 789 adr_start(&adr, token->tt_data); 790 adr_char(&adr, &data_header, 1); 791 792 adr_short(&adr, &largc, 1); 793 794 for (cnt = 0; cnt < argc; cnt++) { 795 len = (short)(strlen(argv[cnt]) + 1); 796 adr_short(&adr, &len, 1); 797 adr_char(&adr, argv[cnt], len); 798 } 799 800 adr_short(&adr, &envc, 1); 801 802 for (cnt = 0; cnt < envc; cnt++) { 803 len = (short)(strlen(envp[cnt]) + 1); 804 adr_short(&adr, &len, 1); 805 adr_char(&adr, envp[cnt], len); 806 } 807 808 return (token); 809 } 810 811 /* 812 * au_to_exit 813 * return s: 814 * pointer to a exit value token. 815 */ 816 token_t * 817 au_to_exit(int retval, int err) 818 { 819 token_t *token; /* local token */ 820 adr_t adr; /* adr memory stream header */ 821 char data_header = AUT_EXIT; /* header for this token */ 822 823 token = get_token(sizeof (char) + (2 * sizeof (int32_t))); 824 if (token == NULL) 825 return (NULL); 826 adr_start(&adr, token->tt_data); 827 adr_char(&adr, &data_header, 1); 828 adr_int32(&adr, (int32_t *)&retval, 1); 829 adr_int32(&adr, (int32_t *)&err, 1); 830 831 return (token); 832 } 833 834 /* 835 * au_to_return 836 * return s: 837 * pointer to a return value token. 838 */ 839 token_t * 840 au_to_return32(char number, uint32_t value) 841 { 842 token_t *token; /* local token */ 843 adr_t adr; /* adr memory stream header */ 844 char data_header = AUT_RETURN32; /* header for this token */ 845 846 token = get_token(2 * sizeof (char) + sizeof (int32_t)); 847 if (token == NULL) 848 return (NULL); 849 adr_start(&adr, token->tt_data); 850 adr_char(&adr, &data_header, 1); 851 adr_char(&adr, &number, 1); 852 adr_int32(&adr, (int32_t *)&value, 1); 853 854 return (token); 855 } 856 857 /* 858 * au_to_return 859 * return s: 860 * pointer to a return value token. 861 */ 862 token_t * 863 au_to_return64(char number, uint64_t value) 864 { 865 token_t *token; /* local token */ 866 adr_t adr; /* adr memory stream header */ 867 char data_header = AUT_RETURN64; /* header for this token */ 868 869 token = get_token(2 * sizeof (char) + sizeof (int64_t)); 870 if (token == NULL) 871 return (NULL); 872 adr_start(&adr, token->tt_data); 873 adr_char(&adr, &data_header, 1); 874 adr_char(&adr, &number, 1); 875 adr_int64(&adr, (int64_t *)&value, 1); 876 877 return (token); 878 } 879 880 881 /* 882 * au_to_opaque 883 * return s: 884 * pointer to a opaque token. 885 */ 886 token_t * 887 au_to_opaque(char *opaque, short bytes) 888 { 889 token_t *token; /* local token */ 890 adr_t adr; /* adr memory stream header */ 891 char data_header = AUT_OPAQUE; /* header for this token */ 892 893 if (bytes < 1) 894 return (NULL); 895 896 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 897 if (token == NULL) 898 return (NULL); 899 adr_start(&adr, token->tt_data); 900 adr_char(&adr, &data_header, 1); 901 adr_short(&adr, &bytes, 1); 902 adr_char(&adr, opaque, bytes); 903 904 return (token); 905 } 906 907 /* 908 * au_to_in_addr 909 * return s: 910 * pointer to an internet address token 911 */ 912 token_t * 913 au_to_in_addr(struct in_addr *internet_addr) 914 { 915 token_t *token; /* local token */ 916 adr_t adr; /* adr memory stream header */ 917 char data_header = AUT_IN_ADDR; /* header for this token */ 918 919 token = get_token(sizeof (char) + sizeof (struct in_addr)); 920 if (token == NULL) 921 return (NULL); 922 adr_start(&adr, token->tt_data); 923 adr_char(&adr, &data_header, 1); 924 adr_char(&adr, (char *)internet_addr, sizeof (struct in_addr)); 925 926 return (token); 927 } 928 929 /* 930 * au_to_in_addr_ex 931 * return s: 932 * pointer to an internet extended token 933 */ 934 token_t * 935 au_to_in_addr_ex(struct in6_addr *addr) 936 { 937 token_t *token; 938 adr_t adr; 939 char data_header = AUT_IN_ADDR_EX; 940 941 if ((token = get_token(sizeof (char) + sizeof (struct in6_addr))) 942 == NULL) { 943 return (NULL); 944 } 945 946 adr_start(&adr, token->tt_data); 947 adr_char(&adr, &data_header, 1); 948 adr_char(&adr, (char *)addr, sizeof (struct in6_addr)); 949 950 return (token); 951 } 952 953 /* 954 * au_to_iport 955 * return s: 956 * pointer to token chain containing a ip port address token 957 */ 958 token_t * 959 au_to_iport(ushort_t iport) 960 { 961 token_t *token; /* local token */ 962 adr_t adr; /* adr memory stream header */ 963 char data_header = AUT_IPORT; /* header for this token */ 964 965 token = get_token(sizeof (char) + sizeof (short)); 966 if (token == NULL) 967 return (NULL); 968 adr_start(&adr, token->tt_data); 969 adr_char(&adr, &data_header, 1); 970 adr_short(&adr, (short *)&iport, 1); 971 972 return (token); 973 } 974 975 token_t * 976 au_to_ipc(char type, int id) 977 { 978 token_t *token; /* local token */ 979 adr_t adr; /* adr memory stream header */ 980 char data_header = AUT_IPC; /* header for this token */ 981 982 token = get_token((2 * sizeof (char)) + sizeof (int32_t)); 983 if (token == NULL) 984 return (NULL); 985 adr_start(&adr, token->tt_data); 986 adr_char(&adr, &data_header, 1); 987 adr_char(&adr, &type, 1); 988 adr_int32(&adr, (int32_t *)&id, 1); 989 990 return (token); 991 } 992 993 /* 994 * au_to_tid 995 * 996 * output format depends on type; at present only IP v4 and v6 addresses 997 * are defined. 998 * 999 * IPv4 -- tid type, 16 bit remote port, 16 bit local port, ip type, 1000 * 32 bit IP address. 1001 * IPv6 -- tid type, 16 bit remote port, 16 bit local port, ip type, 1002 * 4 x 32 bit IP address. 1003 * 1004 */ 1005 token_t * 1006 au_to_tid(au_generic_tid_t *tid) 1007 { 1008 char data_header = AUT_TID; /* header for this token */ 1009 adr_t adr; /* adr memory stream header */ 1010 token_t *token; /* local token */ 1011 au_ip_t *ip; 1012 1013 switch (tid->gt_type) { 1014 case AU_IPADR: 1015 ip = &(tid->gt_adr.at_ip); 1016 token = get_token((int)(2 * sizeof (char) + 2 * sizeof (short) + 1017 sizeof (uint32_t) + ip->at_type)); 1018 if (token == NULL) 1019 return (NULL); 1020 1021 adr_start(&adr, token->tt_data); 1022 adr_char(&adr, &data_header, 1); 1023 adr_char(&adr, (char *)&(tid->gt_type), 1); 1024 adr_short(&adr, (short *)&(ip->at_r_port), 1); 1025 adr_short(&adr, (short *)&(ip->at_l_port), 1); 1026 adr_int32(&adr, (int32_t *)&(ip->at_type), 1); 1027 1028 adr_char(&adr, (char *)ip->at_addr, ip->at_type); 1029 1030 break; 1031 default: 1032 return (NULL); 1033 } 1034 return (token); 1035 } 1036 1037 /* 1038 * The Modifier tokens 1039 */ 1040 1041 /* 1042 * au_to_groups 1043 * return s: 1044 * pointer to a group list token. 1045 * 1046 * This function is obsolete. Please use au_to_newgroups. 1047 */ 1048 token_t * 1049 au_to_groups(int *groups) 1050 { 1051 token_t *token; /* local token */ 1052 adr_t adr; /* adr memory stream header */ 1053 char data_header = AUT_GROUPS; /* header for this token */ 1054 1055 token = get_token(sizeof (char) + NGROUPS * sizeof (int32_t)); 1056 if (token == NULL) 1057 return (NULL); 1058 adr_start(&adr, token->tt_data); 1059 adr_char(&adr, &data_header, 1); 1060 adr_int32(&adr, (int32_t *)groups, NGROUPS); 1061 1062 return (token); 1063 } 1064 1065 /* 1066 * au_to_newgroups 1067 * return s: 1068 * pointer to a group list token. 1069 */ 1070 token_t * 1071 au_to_newgroups(int n, gid_t *groups) 1072 { 1073 token_t *token; /* local token */ 1074 adr_t adr; /* adr memory stream header */ 1075 char data_header = AUT_NEWGROUPS; /* header for this token */ 1076 short n_groups; 1077 1078 if (n < NGROUPS_UMIN || n > NGROUPS_UMAX || groups == NULL) 1079 return (NULL); 1080 token = get_token(sizeof (char) + sizeof (short) + n * sizeof (gid_t)); 1081 if (token == NULL) 1082 return (NULL); 1083 n_groups = (short)n; 1084 adr_start(&adr, token->tt_data); 1085 adr_char(&adr, &data_header, 1); 1086 adr_short(&adr, &n_groups, 1); 1087 adr_int32(&adr, (int32_t *)groups, n_groups); 1088 1089 return (token); 1090 } 1091 1092 /* 1093 * au_to_exec_args 1094 * returns: 1095 * pointer to an exec args token. 1096 */ 1097 token_t * 1098 au_to_exec_args(char **argv) 1099 { 1100 return (au_to_exec(argv, AUT_EXEC_ARGS)); 1101 } 1102 1103 /* 1104 * au_to_exec_env 1105 * returns: 1106 * pointer to an exec args token. 1107 */ 1108 token_t * 1109 au_to_exec_env(char **envp) 1110 { 1111 return (au_to_exec(envp, AUT_EXEC_ENV)); 1112 } 1113 1114 /* 1115 * au_to_exec 1116 * returns: 1117 * pointer to an exec args token. 1118 */ 1119 static token_t * 1120 au_to_exec(char **v, char data_header) 1121 { 1122 token_t *token; 1123 adr_t adr; 1124 char **p; 1125 int32_t n = 0; 1126 int len = 0; 1127 1128 for (p = v; *p != NULL; p++) { 1129 len += strlen(*p) + 1; 1130 n++; 1131 } 1132 token = get_token(sizeof (char) + sizeof (int32_t) + len); 1133 if (token == (token_t *)NULL) 1134 return ((token_t *)NULL); 1135 adr_start(&adr, token->tt_data); 1136 adr_char(&adr, &data_header, 1); 1137 adr_int32(&adr, &n, 1); 1138 for (p = v; *p != NULL; p++) { 1139 adr_char(&adr, *p, strlen(*p) + 1); 1140 } 1141 return (token); 1142 } 1143 1144 /* 1145 * au_to_uauth 1146 * return s: 1147 * pointer to a uauth token. 1148 */ 1149 token_t * 1150 au_to_uauth(char *text) 1151 { 1152 token_t *token; /* local token */ 1153 adr_t adr; /* adr memory stream header */ 1154 char data_header = AUT_UAUTH; /* header for this token */ 1155 short bytes; /* length of string */ 1156 1157 bytes = strlen(text) + 1; 1158 1159 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1160 if (token == NULL) 1161 return (NULL); 1162 adr_start(&adr, token->tt_data); 1163 adr_char(&adr, &data_header, 1); 1164 adr_short(&adr, &bytes, 1); 1165 adr_char(&adr, text, bytes); 1166 1167 return (token); 1168 } 1169 1170 /* 1171 * au_to_upriv 1172 * return s: 1173 * pointer to a use of privilege token. 1174 */ 1175 token_t * 1176 au_to_upriv(char sorf, char *priv) 1177 { 1178 token_t *token; /* local token */ 1179 adr_t adr; /* adr memory stream header */ 1180 char data_header = AUT_UAUTH; /* header for this token */ 1181 short bytes; /* length of string */ 1182 1183 bytes = strlen(priv) + 1; 1184 1185 token = get_token(sizeof (char) + sizeof (char) + sizeof (short) + 1186 bytes); 1187 if (token == NULL) 1188 return (NULL); 1189 adr_start(&adr, token->tt_data); 1190 adr_char(&adr, &data_header, 1); 1191 adr_char(&adr, &sorf, 1); /* success/failure */ 1192 adr_short(&adr, &bytes, 1); 1193 adr_char(&adr, priv, bytes); 1194 1195 return (token); 1196 } 1197 1198 /* 1199 * au_to_xatom 1200 * return s: 1201 * pointer to a xatom token. 1202 */ 1203 token_t * 1204 au_to_xatom(char *atom) 1205 { 1206 token_t *token; /* local token */ 1207 adr_t adr; /* adr memory stream header */ 1208 char data_header = AUT_XATOM; /* header for this token */ 1209 short len; 1210 1211 len = strlen(atom) + 1; 1212 1213 token = get_token(sizeof (char) + sizeof (short) + len); 1214 if (token == NULL) 1215 return (NULL); 1216 adr_start(&adr, token->tt_data); 1217 adr_char(&adr, &data_header, 1); 1218 adr_short(&adr, (short *)&len, 1); 1219 adr_char(&adr, atom, len); 1220 1221 return (token); 1222 } 1223 1224 /* 1225 * au_to_xselect 1226 * return s: 1227 * pointer to a X select token. 1228 */ 1229 token_t * 1230 au_to_xselect(char *propname, char *proptype, char *windata) 1231 { 1232 token_t *token; /* local token */ 1233 adr_t adr; /* adr memory stream header */ 1234 char data_header = AUT_XSELECT; /* header for this token */ 1235 short proplen; 1236 short typelen; 1237 short datalen; 1238 1239 proplen = strlen(propname) + 1; 1240 typelen = strlen(proptype) + 1; 1241 datalen = strlen(windata) + 1; 1242 1243 token = get_token(sizeof (char) + (sizeof (short) * 3) + 1244 proplen + typelen + datalen); 1245 if (token == NULL) 1246 return (NULL); 1247 adr_start(&adr, token->tt_data); 1248 adr_char(&adr, &data_header, 1); 1249 adr_short(&adr, &proplen, 1); 1250 adr_char(&adr, propname, proplen); 1251 adr_short(&adr, &typelen, 1); 1252 adr_char(&adr, proptype, typelen); 1253 adr_short(&adr, &datalen, 1); 1254 adr_char(&adr, windata, datalen); 1255 1256 return (token); 1257 } 1258 1259 /* 1260 * x_common 1261 * return s: 1262 * pointer to a common X token. 1263 */ 1264 1265 static token_t * 1266 x_common(char data_header, int32_t xid, uid_t cuid) 1267 { 1268 token_t *token; /* local token */ 1269 adr_t adr; /* adr memory stream header */ 1270 1271 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (uid_t)); 1272 if (token == NULL) 1273 return (NULL); 1274 adr_start(&adr, token->tt_data); 1275 adr_char(&adr, &data_header, 1); 1276 adr_int32(&adr, &xid, 1); 1277 adr_uid(&adr, &cuid, 1); 1278 1279 return (token); 1280 } 1281 1282 /* 1283 * au_to_xcolormap 1284 * return s: 1285 * pointer to a X Colormap token. 1286 */ 1287 1288 token_t * 1289 au_to_xcolormap(int32_t xid, uid_t cuid) 1290 { 1291 return (x_common(AUT_XCOLORMAP, xid, cuid)); 1292 } 1293 1294 /* 1295 * au_to_xcursor 1296 * return s: 1297 * pointer to a X Cursor token. 1298 */ 1299 1300 token_t * 1301 au_to_xcursor(int32_t xid, uid_t cuid) 1302 { 1303 return (x_common(AUT_XCURSOR, xid, cuid)); 1304 } 1305 1306 /* 1307 * au_to_xfont 1308 * return s: 1309 * pointer to a X Font token. 1310 */ 1311 1312 token_t * 1313 au_to_xfont(int32_t xid, uid_t cuid) 1314 { 1315 return (x_common(AUT_XFONT, xid, cuid)); 1316 } 1317 1318 /* 1319 * au_to_xgc 1320 * return s: 1321 * pointer to a X Graphic Context token. 1322 */ 1323 1324 token_t * 1325 au_to_xgc(int32_t xid, uid_t cuid) 1326 { 1327 return (x_common(AUT_XGC, xid, cuid)); 1328 } 1329 1330 /* 1331 * au_to_xpixmap 1332 * return s: 1333 * pointer to a X Pixal Map token. 1334 */ 1335 1336 token_t * 1337 au_to_xpixmap(int32_t xid, uid_t cuid) 1338 { 1339 return (x_common(AUT_XPIXMAP, xid, cuid)); 1340 } 1341 1342 /* 1343 * au_to_xwindow 1344 * return s: 1345 * pointer to a X Window token. 1346 */ 1347 1348 token_t * 1349 au_to_xwindow(int32_t xid, uid_t cuid) 1350 { 1351 return (x_common(AUT_XWINDOW, xid, cuid)); 1352 } 1353 1354 /* 1355 * au_to_xproperty 1356 * return s: 1357 * pointer to a X Property token. 1358 */ 1359 1360 token_t * 1361 au_to_xproperty(int32_t xid, uid_t cuid, char *propname) 1362 { 1363 token_t *token; /* local token */ 1364 adr_t adr; /* adr memory stream header */ 1365 char data_header = AUT_XPROPERTY; /* header for this token */ 1366 short proplen; 1367 1368 proplen = strlen(propname) + 1; 1369 1370 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (uid_t) + 1371 sizeof (short) + proplen); 1372 if (token == NULL) 1373 return (NULL); 1374 adr_start(&adr, token->tt_data); 1375 adr_char(&adr, &data_header, 1); 1376 adr_int32(&adr, &xid, 1); 1377 adr_uid(&adr, &cuid, 1); 1378 adr_short(&adr, &proplen, 1); 1379 adr_char(&adr, propname, proplen); 1380 1381 return (token); 1382 } 1383 1384 /* 1385 * au_to_xclient 1386 * return s: 1387 * pointer to a X Client token 1388 */ 1389 1390 token_t * 1391 au_to_xclient(uint32_t client) 1392 { 1393 token_t *token; /* local token */ 1394 adr_t adr; /* adr memory stream header */ 1395 char data_header = AUT_XCLIENT; /* header for this token */ 1396 1397 token = get_token(sizeof (char) + sizeof (uint32_t)); 1398 if (token == NULL) 1399 return (NULL); 1400 adr_start(&adr, token->tt_data); 1401 adr_char(&adr, &data_header, 1); 1402 adr_int32(&adr, (int32_t *)&client, 1); 1403 1404 return (token); 1405 } 1406 1407 /* 1408 * au_to_label 1409 * return s: 1410 * pointer to a label token. 1411 */ 1412 token_t * 1413 au_to_label(m_label_t *label) 1414 { 1415 token_t *token; /* local token */ 1416 adr_t adr; /* adr memory stream header */ 1417 char data_header = AUT_LABEL; /* header for this token */ 1418 size_t llen = blabel_size(); 1419 1420 token = get_token(sizeof (char) + llen); 1421 if (token == NULL) { 1422 return (NULL); 1423 } else if (label == NULL) { 1424 free(token); 1425 return (NULL); 1426 } 1427 adr_start(&adr, token->tt_data); 1428 adr_char(&adr, &data_header, 1); 1429 adr_char(&adr, (char *)label, llen); 1430 1431 return (token); 1432 } 1433 1434 /* 1435 * au_to_mylabel 1436 * return s: 1437 * pointer to a label token. 1438 */ 1439 token_t * 1440 au_to_mylabel(void) 1441 { 1442 ucred_t *uc; 1443 token_t *token; 1444 1445 if ((uc = ucred_get(P_MYID)) == NULL) { 1446 return (NULL); 1447 } 1448 1449 token = au_to_label(ucred_getlabel(uc)); 1450 ucred_free(uc); 1451 return (token); 1452 } 1453 1454 /* 1455 * au_to_zonename 1456 * return s: 1457 * pointer to a zonename token. 1458 */ 1459 token_t * 1460 au_to_zonename(char *name) 1461 { 1462 token_t *token; /* local token */ 1463 adr_t adr; /* adr memory stream header */ 1464 char data_header = AUT_ZONENAME; /* header for this token */ 1465 short bytes; /* length of string */ 1466 1467 if (name == NULL) 1468 return (NULL); 1469 1470 bytes = strlen(name) + 1; 1471 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1472 if (token == NULL) 1473 return (NULL); 1474 adr_start(&adr, token->tt_data); 1475 adr_char(&adr, &data_header, 1); 1476 adr_short(&adr, &bytes, 1); 1477 adr_char(&adr, name, bytes); 1478 1479 return (token); 1480 } 1481 1482 /* 1483 * au_to_fmri 1484 * return s: 1485 * pointer to a fmri token. 1486 */ 1487 token_t * 1488 au_to_fmri(char *fmri) 1489 { 1490 token_t *token; /* local token */ 1491 adr_t adr; /* adr memory stream header */ 1492 char data_header = AUT_FMRI; /* header for this token */ 1493 short bytes; /* length of string */ 1494 1495 if (fmri == NULL) 1496 return (NULL); 1497 1498 bytes = strlen(fmri) + 1; 1499 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1500 if (token == NULL) 1501 return (NULL); 1502 adr_start(&adr, token->tt_data); 1503 adr_char(&adr, &data_header, 1); 1504 adr_short(&adr, &bytes, 1); 1505 adr_char(&adr, fmri, bytes); 1506 1507 return (token); 1508 } 1509