1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/types.h> 29 #include <unistd.h> 30 #include <bsm/audit.h> 31 #include <bsm/audit_record.h> 32 #include <bsm/libbsm.h> 33 #include <priv.h> 34 #include <sys/ipc.h> 35 #include <sys/param.h> 36 #include <sys/socket.h> 37 #include <sys/time.h> 38 #include <sys/vnode.h> 39 #include <malloc.h> 40 #include <net/route.h> 41 #include <netinet/in.h> 42 #include <netinet/in_pcb.h> 43 #include <string.h> 44 #include <ucred.h> 45 #include <zone.h> 46 #include <sys/tsol/label.h> 47 48 #define NGROUPS 16 /* XXX - temporary */ 49 50 token_t *au_to_arg(char n, char *text, uint32_t v); 51 #pragma weak au_to_arg = au_to_arg32 52 token_t *au_to_return(char number, uint32_t value); 53 #pragma weak au_to_return = au_to_return32 54 55 static token_t *au_to_exec(char **, char); 56 57 static token_t * 58 get_token(int s) 59 { 60 token_t *token; /* Resultant token */ 61 62 if ((token = (token_t *)malloc(sizeof (token_t))) == NULL) 63 return (NULL); 64 if ((token->tt_data = malloc(s)) == NULL) { 65 free(token); 66 return (NULL); 67 } 68 token->tt_size = s; 69 token->tt_next = NULL; 70 return (token); 71 } 72 73 /* 74 * au_to_header 75 * return s: 76 * pointer to header token. 77 */ 78 token_t * 79 au_to_header(au_event_t e_type, au_emod_t e_mod) 80 { 81 adr_t adr; /* adr memory stream header */ 82 token_t *token; /* token pointer */ 83 char version = TOKEN_VERSION; /* version of token family */ 84 int32_t byte_count; 85 struct timeval tv; 86 #ifdef _LP64 87 char data_header = AUT_HEADER64; /* header for this token */ 88 89 token = get_token(2 * sizeof (char) + sizeof (int32_t) + 90 2 * sizeof (int64_t) + 2 * sizeof (short)); 91 #else 92 char data_header = AUT_HEADER32; 93 94 token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) + 95 2 * sizeof (short)); 96 #endif 97 98 if (token == NULL) 99 return (NULL); 100 adr_start(&adr, token->tt_data); 101 adr_char(&adr, &data_header, 1); /* token ID */ 102 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 103 adr_char(&adr, &version, 1); /* version of audit tokens */ 104 adr_short(&adr, &e_type, 1); /* event ID */ 105 adr_short(&adr, &e_mod, 1); /* event ID modifier */ 106 #ifdef _LP64 107 adr_int64(&adr, (int64_t *)&tv, 2); /* time & date */ 108 #else 109 adr_int32(&adr, (int32_t *)&tv, 2); /* time & date */ 110 #endif 111 return (token); 112 } 113 114 /* 115 * au_to_header_ex 116 * return s: 117 * pointer to header token. 118 */ 119 token_t * 120 au_to_header_ex(au_event_t e_type, au_emod_t e_mod) 121 { 122 adr_t adr; /* adr memory stream header */ 123 token_t *token; /* token pointer */ 124 char version = TOKEN_VERSION; /* version of token family */ 125 int32_t byte_count; 126 struct timeval tv; 127 auditinfo_addr_t audit_info; 128 au_tid_addr_t *host_info = &audit_info.ai_termid; 129 #ifdef _LP64 130 char data_header = AUT_HEADER64_EX; /* header for this token */ 131 #else 132 char data_header = AUT_HEADER32_EX; 133 #endif 134 135 /* If our host address can't be determined, revert to un-extended hdr */ 136 137 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info, 138 sizeof (audit_info)) < 0) 139 return (au_to_header(e_type, e_mod)); 140 141 if (host_info->at_type == AU_IPv6) 142 if (IN6_IS_ADDR_UNSPECIFIED((in6_addr_t *)host_info->at_addr)) 143 return (au_to_header(e_type, e_mod)); 144 else 145 if (host_info->at_addr[0] == htonl(INADDR_ANY)) 146 return (au_to_header(e_type, e_mod)); 147 148 #ifdef _LP64 149 token = get_token(2 * sizeof (char) + sizeof (int32_t) + 150 2 * sizeof (int64_t) + 2 * sizeof (short) + 151 sizeof (int32_t) + host_info->at_type); 152 #else 153 token = get_token(2 * sizeof (char) + 3 * sizeof (int32_t) + 154 2 * sizeof (short) + sizeof (int32_t) + host_info->at_type); 155 #endif 156 157 if (token == NULL) 158 return (NULL); 159 adr_start(&adr, token->tt_data); 160 adr_char(&adr, &data_header, 1); /* token ID */ 161 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 162 adr_char(&adr, &version, 1); /* version of audit tokens */ 163 adr_short(&adr, &e_type, 1); /* event ID */ 164 adr_short(&adr, &e_mod, 1); /* event ID modifier */ 165 adr_int32(&adr, (int32_t *)&host_info->at_type, 1); 166 adr_char(&adr, (char *)host_info->at_addr, 167 (int)host_info->at_type); 168 #ifdef _LP64 169 adr_int64(&adr, (int64_t *)&tv, 2); /* time & date */ 170 #else 171 adr_int32(&adr, (int32_t *)&tv, 2); /* time & date */ 172 #endif 173 return (token); 174 } 175 176 /* 177 * au_to_trailer 178 * return s: 179 * pointer to a trailer token. 180 */ 181 token_t * 182 au_to_trailer(void) 183 { 184 adr_t adr; /* adr memory stream header */ 185 token_t *token; /* token pointer */ 186 char data_header = AUT_TRAILER; /* header for this token */ 187 short magic = (short)AUT_TRAILER_MAGIC; /* trailer magic number */ 188 int32_t byte_count; 189 190 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (short)); 191 if (token == NULL) 192 return (NULL); 193 adr_start(&adr, token->tt_data); 194 adr_char(&adr, &data_header, 1); /* token ID */ 195 adr_short(&adr, &magic, 1); /* magic number */ 196 adr_int32(&adr, &byte_count, 1); /* length of audit record */ 197 198 return (token); 199 } 200 201 /* 202 * au_to_arg32 203 * return s: 204 * pointer to an argument token. 205 */ 206 token_t * 207 au_to_arg32(char n, char *text, uint32_t v) 208 { 209 token_t *token; /* local token */ 210 adr_t adr; /* adr memory stream header */ 211 char data_header = AUT_ARG32; /* header for this token */ 212 short bytes; /* length of string */ 213 214 bytes = strlen(text) + 1; 215 216 token = get_token((int)(2 * sizeof (char) + sizeof (int32_t) + 217 sizeof (short) + bytes)); 218 if (token == NULL) 219 return (NULL); 220 adr_start(&adr, token->tt_data); 221 adr_char(&adr, &data_header, 1); /* token type */ 222 adr_char(&adr, &n, 1); /* argument id */ 223 adr_int32(&adr, (int32_t *)&v, 1); /* argument value */ 224 adr_short(&adr, &bytes, 1); 225 adr_char(&adr, text, bytes); 226 227 return (token); 228 } 229 230 /* 231 * au_to_arg64 232 * return s: 233 * pointer to an argument token. 234 */ 235 token_t * 236 au_to_arg64(char n, char *text, uint64_t v) 237 { 238 token_t *token; /* local token */ 239 adr_t adr; /* adr memory stream header */ 240 char data_header = AUT_ARG64; /* header for this token */ 241 short bytes; /* length of string */ 242 243 bytes = strlen(text) + 1; 244 245 token = get_token((int)(2 * sizeof (char) + sizeof (int64_t) + 246 sizeof (short) + bytes)); 247 if (token == NULL) 248 return (NULL); 249 adr_start(&adr, token->tt_data); 250 adr_char(&adr, &data_header, 1); /* token type */ 251 adr_char(&adr, &n, 1); /* argument id */ 252 adr_int64(&adr, (int64_t *)&v, 1); /* argument value */ 253 adr_short(&adr, &bytes, 1); 254 adr_char(&adr, text, bytes); 255 256 return (token); 257 } 258 259 260 /* 261 * au_to_attr 262 * return s: 263 * pointer to an attribute token. 264 */ 265 token_t * 266 au_to_attr(struct vattr *attr) 267 { 268 token_t *token; /* local token */ 269 adr_t adr; /* adr memory stream header */ 270 int32_t value; 271 #ifdef _LP64 272 char data_header = AUT_ATTR64; /* header for this token */ 273 274 token = get_token(sizeof (char) + 275 sizeof (int32_t) * 4 + 276 sizeof (int64_t) * 2); 277 #else 278 char data_header = AUT_ATTR32; 279 280 token = get_token(sizeof (char) + sizeof (int32_t) * 5 + 281 sizeof (int64_t)); 282 #endif 283 284 if (token == NULL) 285 return (NULL); 286 adr_start(&adr, token->tt_data); 287 adr_char(&adr, &data_header, 1); 288 value = (int32_t)attr->va_mode; 289 adr_int32(&adr, &value, 1); 290 value = (int32_t)attr->va_uid; 291 adr_int32(&adr, &value, 1); 292 value = (int32_t)attr->va_gid; 293 adr_int32(&adr, &value, 1); 294 adr_int32(&adr, (int32_t *)&(attr->va_fsid), 1); 295 adr_int64(&adr, (int64_t *)&(attr->va_nodeid), 1); 296 #ifdef _LP64 297 adr_int64(&adr, (int64_t *)&(attr->va_rdev), 1); 298 #else 299 adr_int32(&adr, (int32_t *)&(attr->va_rdev), 1); 300 #endif 301 302 return (token); 303 } 304 305 /* 306 * au_to_data 307 * return s: 308 * pointer to a data token. 309 */ 310 token_t * 311 au_to_data(char unit_print, char unit_type, char unit_count, char *p) 312 { 313 adr_t adr; /* adr memory stream header */ 314 token_t *token; /* token pointer */ 315 char data_header = AUT_DATA; /* header for this token */ 316 int byte_count; /* number of bytes */ 317 318 if (p == NULL || unit_count < 1) 319 return (NULL); 320 321 /* 322 * Check validity of print type 323 */ 324 if (unit_print < AUP_BINARY || unit_print > AUP_STRING) 325 return (NULL); 326 327 switch (unit_type) { 328 case AUR_SHORT: 329 byte_count = unit_count * sizeof (short); 330 break; 331 case AUR_INT32: 332 byte_count = unit_count * sizeof (int32_t); 333 break; 334 case AUR_INT64: 335 byte_count = unit_count * sizeof (int64_t); 336 break; 337 /* case AUR_CHAR: */ 338 case AUR_BYTE: 339 byte_count = unit_count * sizeof (char); 340 break; 341 default: 342 return (NULL); 343 } 344 345 token = get_token((int)(4 * sizeof (char) + byte_count)); 346 if (token == NULL) 347 return (NULL); 348 adr_start(&adr, token->tt_data); 349 adr_char(&adr, &data_header, 1); 350 adr_char(&adr, &unit_print, 1); 351 adr_char(&adr, &unit_type, 1); 352 adr_char(&adr, &unit_count, 1); 353 354 switch (unit_type) { 355 case AUR_SHORT: 356 /* LINTED */ 357 adr_short(&adr, (short *)p, unit_count); 358 break; 359 case AUR_INT32: 360 /* LINTED */ 361 adr_int32(&adr, (int32_t *)p, unit_count); 362 break; 363 case AUR_INT64: 364 /* LINTED */ 365 adr_int64(&adr, (int64_t *)p, unit_count); 366 break; 367 /* case AUR_CHAR: */ 368 case AUR_BYTE: 369 adr_char(&adr, p, unit_count); 370 break; 371 } 372 373 return (token); 374 } 375 376 /* 377 * au_to_privset 378 * 379 * priv_type (LIMIT, INHERIT...) is the first string and privilege 380 * in translated into the second string. The format is as follows: 381 * 382 * token id adr_char 383 * priv type adr_string (short, string) 384 * priv set adr_string (short, string) 385 * 386 * return s: 387 * pointer to a AUT_PRIV token. 388 */ 389 token_t * 390 au_to_privset(const char *priv_type, const priv_set_t *privilege) 391 { 392 token_t *token; /* local token */ 393 adr_t adr; /* adr memory stream header */ 394 char data_header = AUT_PRIV; /* header for this token */ 395 short t_bytes; /* length of type string */ 396 short p_bytes; /* length of privilege string */ 397 char *priv_string; /* privilege string */ 398 399 t_bytes = strlen(priv_type) + 1; 400 401 if ((privilege == NULL) || (priv_string = 402 priv_set_to_str(privilege, ',', 403 PRIV_STR_LIT)) == NULL) 404 return (NULL); 405 406 p_bytes = strlen(priv_string) + 1; 407 408 token = get_token((int)(sizeof (char) + (2 * sizeof (short)) + t_bytes 409 + p_bytes)); 410 if (token == NULL) 411 return (NULL); 412 413 adr_start(&adr, token->tt_data); 414 adr_char(&adr, &data_header, 1); 415 adr_short(&adr, &t_bytes, 1); 416 adr_char(&adr, (char *)priv_type, t_bytes); 417 adr_short(&adr, &p_bytes, 1); 418 adr_char(&adr, priv_string, p_bytes); 419 420 free(priv_string); 421 422 return (token); 423 } 424 425 /* 426 * au_to_process 427 * return s: 428 * pointer to a process token. 429 */ 430 431 token_t * 432 au_to_process(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 433 pid_t pid, au_asid_t sid, au_tid_t *tid) 434 { 435 token_t *token; /* local token */ 436 adr_t adr; /* adr memory stream header */ 437 #ifdef _LP64 438 char data_header = AUT_PROCESS64; /* header for this token */ 439 440 token = get_token(sizeof (char) + 8 * sizeof (int32_t) + 441 sizeof (int64_t)); 442 #else 443 char data_header = AUT_PROCESS32; 444 445 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 446 #endif 447 448 if (token == NULL) 449 return (NULL); 450 adr_start(&adr, token->tt_data); 451 adr_char(&adr, &data_header, 1); 452 adr_int32(&adr, (int32_t *)&auid, 1); 453 adr_int32(&adr, (int32_t *)&euid, 1); 454 adr_int32(&adr, (int32_t *)&egid, 1); 455 adr_int32(&adr, (int32_t *)&ruid, 1); 456 adr_int32(&adr, (int32_t *)&rgid, 1); 457 adr_int32(&adr, (int32_t *)&pid, 1); 458 adr_int32(&adr, (int32_t *)&sid, 1); 459 #ifdef _LP64 460 adr_int64(&adr, (int64_t *)&tid->port, 1); 461 #else 462 adr_int32(&adr, (int32_t *)&tid->port, 1); 463 #endif 464 adr_int32(&adr, (int32_t *)&tid->machine, 1); 465 466 return (token); 467 } 468 469 /* 470 * au_to_process_ex 471 * return s: 472 * pointer to a process_ex token. 473 */ 474 token_t * 475 au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 476 pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 477 { 478 token_t *token; /* local token */ 479 adr_t adr; /* adr memory stream header */ 480 char data_header; /* header for this token */ 481 482 #ifdef _LP64 483 if (tid->at_type == AU_IPv6) { 484 data_header = AUT_PROCESS64_EX; 485 token = get_token(sizeof (char) + sizeof (int64_t) + 486 12 * sizeof (int32_t)); 487 } else { 488 data_header = AUT_PROCESS64; 489 token = get_token(sizeof (char) + sizeof (int64_t) + 490 8 * sizeof (int32_t)); 491 } 492 #else 493 if (tid->at_type == AU_IPv6) { 494 data_header = AUT_PROCESS32_EX; 495 token = get_token(sizeof (char) + 13 * sizeof (int32_t)); 496 } else { 497 data_header = AUT_PROCESS32; 498 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 499 } 500 #endif 501 if (token == NULL) 502 return (NULL); 503 adr_start(&adr, token->tt_data); 504 adr_char(&adr, &data_header, 1); 505 adr_int32(&adr, (int32_t *)&auid, 1); 506 adr_int32(&adr, (int32_t *)&euid, 1); 507 adr_int32(&adr, (int32_t *)&egid, 1); 508 adr_int32(&adr, (int32_t *)&ruid, 1); 509 adr_int32(&adr, (int32_t *)&rgid, 1); 510 adr_int32(&adr, (int32_t *)&pid, 1); 511 adr_int32(&adr, (int32_t *)&sid, 1); 512 #ifdef _LP64 513 adr_int64(&adr, (int64_t *)&tid->at_port, 1); 514 #else 515 adr_int32(&adr, (int32_t *)&tid->at_port, 1); 516 #endif 517 if (tid->at_type == AU_IPv6) { 518 adr_int32(&adr, (int32_t *)&tid->at_type, 1); 519 adr_char(&adr, (char *)tid->at_addr, 16); 520 } else { 521 adr_char(&adr, (char *)tid->at_addr, 4); 522 } 523 524 return (token); 525 } 526 527 /* 528 * au_to_seq 529 * return s: 530 * pointer to token chain containing a sequence token 531 */ 532 token_t * 533 au_to_seq(int audit_count) 534 { 535 token_t *token; /* local token */ 536 adr_t adr; /* adr memory stream header */ 537 char data_header = AUT_SEQ; /* header for this token */ 538 539 token = get_token(sizeof (char) + sizeof (int32_t)); 540 if (token == NULL) 541 return (NULL); 542 adr_start(&adr, token->tt_data); 543 adr_char(&adr, &data_header, 1); 544 adr_int32(&adr, (int32_t *)&audit_count, 1); 545 546 return (token); 547 } 548 549 /* 550 * au_to_socket 551 * return s: 552 * pointer to mbuf chain containing a socket token. 553 */ 554 token_t * 555 au_to_socket(struct oldsocket *so) 556 { 557 adr_t adr; 558 token_t *token; 559 char data_header = AUT_SOCKET; 560 struct inpcb *inp = so->so_pcb; 561 562 token = get_token(sizeof (char) + sizeof (short) * 3 + 563 sizeof (int32_t) * 2); 564 if (token == NULL) 565 return (NULL); 566 adr_start(&adr, token->tt_data); 567 adr_char(&adr, &data_header, 1); 568 adr_short(&adr, (short *)&so->so_type, 1); 569 adr_short(&adr, (short *)&inp->inp_lport, 1); 570 adr_int32(&adr, (int32_t *)&inp->inp_laddr, 1); 571 adr_short(&adr, (short *)&inp->inp_fport, 1); 572 adr_int32(&adr, (int32_t *)&inp->inp_faddr, 1); 573 574 return (token); 575 } 576 577 /* 578 * au_to_subject 579 * return s: 580 * pointer to a process token. 581 */ 582 583 token_t * 584 au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 585 pid_t pid, au_asid_t sid, au_tid_t *tid) 586 { 587 token_t *token; /* local token */ 588 adr_t adr; /* adr memory stream header */ 589 #ifdef _LP64 590 char data_header = AUT_SUBJECT64; /* header for this token */ 591 592 token = get_token(sizeof (char) + sizeof (int64_t) + 593 8 * sizeof (int32_t)); 594 #else 595 char data_header = AUT_SUBJECT32; 596 597 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 598 #endif 599 600 if (token == NULL) 601 return (NULL); 602 adr_start(&adr, token->tt_data); 603 adr_char(&adr, &data_header, 1); 604 adr_int32(&adr, (int32_t *)&auid, 1); 605 adr_int32(&adr, (int32_t *)&euid, 1); 606 adr_int32(&adr, (int32_t *)&egid, 1); 607 adr_int32(&adr, (int32_t *)&ruid, 1); 608 adr_int32(&adr, (int32_t *)&rgid, 1); 609 adr_int32(&adr, (int32_t *)&pid, 1); 610 adr_int32(&adr, (int32_t *)&sid, 1); 611 #ifdef _LP64 612 adr_int64(&adr, (int64_t *)&tid->port, 1); 613 #else 614 adr_int32(&adr, (int32_t *)&tid->port, 1); 615 #endif 616 adr_int32(&adr, (int32_t *)&tid->machine, 1); 617 618 return (token); 619 } 620 621 /* 622 * au_to_subject_ex 623 * return s: 624 * pointer to a process token. 625 */ 626 627 token_t * 628 au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, 629 pid_t pid, au_asid_t sid, au_tid_addr_t *tid) 630 { 631 token_t *token; /* local token */ 632 adr_t adr; /* adr memory stream header */ 633 #ifdef _LP64 634 char data_header; /* header for this token */ 635 636 if (tid->at_type == AU_IPv6) { 637 data_header = AUT_SUBJECT64_EX; 638 token = get_token(sizeof (char) + sizeof (int64_t) + 639 12 * sizeof (int32_t)); 640 } else { 641 data_header = AUT_SUBJECT64; 642 token = get_token(sizeof (char) + sizeof (int64_t) + 643 8 * sizeof (int32_t)); 644 } 645 #else 646 char data_header; /* header for this token */ 647 648 if (tid->at_type == AU_IPv6) { 649 data_header = AUT_SUBJECT32_EX; 650 token = get_token(sizeof (char) + 13 * sizeof (int32_t)); 651 } else { 652 data_header = AUT_SUBJECT32; 653 token = get_token(sizeof (char) + 9 * sizeof (int32_t)); 654 } 655 #endif 656 657 if (token == NULL) 658 return (NULL); 659 adr_start(&adr, token->tt_data); 660 adr_char(&adr, &data_header, 1); 661 adr_int32(&adr, (int32_t *)&auid, 1); 662 adr_int32(&adr, (int32_t *)&euid, 1); 663 adr_int32(&adr, (int32_t *)&egid, 1); 664 adr_int32(&adr, (int32_t *)&ruid, 1); 665 adr_int32(&adr, (int32_t *)&rgid, 1); 666 adr_int32(&adr, (int32_t *)&pid, 1); 667 adr_int32(&adr, (int32_t *)&sid, 1); 668 #ifdef _LP64 669 adr_int64(&adr, (int64_t *)&tid->at_port, 1); 670 #else 671 adr_int32(&adr, (int32_t *)&tid->at_port, 1); 672 #endif 673 if (tid->at_type == AU_IPv6) { 674 adr_int32(&adr, (int32_t *)&tid->at_type, 1); 675 adr_char(&adr, (char *)tid->at_addr, 16); 676 } else { 677 adr_char(&adr, (char *)tid->at_addr, 4); 678 } 679 680 return (token); 681 } 682 683 /* 684 * au_to_me 685 * return s: 686 * pointer to a process token. 687 */ 688 689 token_t * 690 au_to_me(void) 691 { 692 auditinfo_addr_t info; 693 694 if (getaudit_addr(&info, sizeof (info))) 695 return (NULL); 696 return (au_to_subject_ex(info.ai_auid, geteuid(), getegid(), getuid(), 697 getgid(), getpid(), info.ai_asid, &info.ai_termid)); 698 } 699 /* 700 * au_to_text 701 * return s: 702 * pointer to a text token. 703 */ 704 token_t * 705 au_to_text(char *text) 706 { 707 token_t *token; /* local token */ 708 adr_t adr; /* adr memory stream header */ 709 char data_header = AUT_TEXT; /* header for this token */ 710 short bytes; /* length of string */ 711 712 bytes = strlen(text) + 1; 713 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 714 if (token == NULL) 715 return (NULL); 716 adr_start(&adr, token->tt_data); 717 adr_char(&adr, &data_header, 1); 718 adr_short(&adr, &bytes, 1); 719 adr_char(&adr, text, bytes); 720 721 return (token); 722 } 723 724 /* 725 * au_to_path 726 * return s: 727 * pointer to a path token. 728 */ 729 token_t * 730 au_to_path(char *path) 731 { 732 token_t *token; /* local token */ 733 adr_t adr; /* adr memory stream header */ 734 char data_header = AUT_PATH; /* header for this token */ 735 short bytes; /* length of string */ 736 737 bytes = (short)strlen(path) + 1; 738 739 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 740 if (token == NULL) 741 return (NULL); 742 adr_start(&adr, token->tt_data); 743 adr_char(&adr, &data_header, 1); 744 adr_short(&adr, &bytes, 1); 745 adr_char(&adr, path, bytes); 746 747 return (token); 748 } 749 750 /* 751 * au_to_cmd 752 * return s: 753 * pointer to an command line argument token 754 */ 755 token_t * 756 au_to_cmd(uint_t argc, char **argv, char **envp) 757 { 758 token_t *token; /* local token */ 759 adr_t adr; /* adr memory stream header */ 760 char data_header = AUT_CMD; /* header for this token */ 761 short len = 0; 762 short cnt = 0; 763 short envc = 0; 764 short largc = (short)argc; 765 766 /* 767 * one char for the header, one short for argc, 768 * one short for # envp strings. 769 */ 770 len = sizeof (char) + sizeof (short) + sizeof (short); 771 772 /* get sizes of strings */ 773 774 for (cnt = 0; cnt < argc; cnt++) { 775 len += (short)sizeof (short) + (short)(strlen(argv[cnt]) + 1); 776 } 777 778 if (envp != NULL) { 779 for (envc = 0; envp[envc] != NULL; envc++) { 780 len += (short)sizeof (short) + 781 (short)(strlen(envp[envc]) + 1); 782 } 783 } 784 785 token = get_token(len); 786 if (token == NULL) 787 return (NULL); 788 789 adr_start(&adr, token->tt_data); 790 adr_char(&adr, &data_header, 1); 791 792 adr_short(&adr, &largc, 1); 793 794 for (cnt = 0; cnt < argc; cnt++) { 795 len = (short)(strlen(argv[cnt]) + 1); 796 adr_short(&adr, &len, 1); 797 adr_char(&adr, argv[cnt], len); 798 } 799 800 adr_short(&adr, &envc, 1); 801 802 for (cnt = 0; cnt < envc; cnt++) { 803 len = (short)(strlen(envp[cnt]) + 1); 804 adr_short(&adr, &len, 1); 805 adr_char(&adr, envp[cnt], len); 806 } 807 808 return (token); 809 } 810 811 /* 812 * au_to_exit 813 * return s: 814 * pointer to a exit value token. 815 */ 816 token_t * 817 au_to_exit(int retval, int err) 818 { 819 token_t *token; /* local token */ 820 adr_t adr; /* adr memory stream header */ 821 char data_header = AUT_EXIT; /* header for this token */ 822 823 token = get_token(sizeof (char) + (2 * sizeof (int32_t))); 824 if (token == NULL) 825 return (NULL); 826 adr_start(&adr, token->tt_data); 827 adr_char(&adr, &data_header, 1); 828 adr_int32(&adr, (int32_t *)&retval, 1); 829 adr_int32(&adr, (int32_t *)&err, 1); 830 831 return (token); 832 } 833 834 /* 835 * au_to_return 836 * return s: 837 * pointer to a return value token. 838 */ 839 token_t * 840 au_to_return32(char number, uint32_t value) 841 { 842 token_t *token; /* local token */ 843 adr_t adr; /* adr memory stream header */ 844 char data_header = AUT_RETURN32; /* header for this token */ 845 846 token = get_token(2 * sizeof (char) + sizeof (int32_t)); 847 if (token == NULL) 848 return (NULL); 849 adr_start(&adr, token->tt_data); 850 adr_char(&adr, &data_header, 1); 851 adr_char(&adr, &number, 1); 852 adr_int32(&adr, (int32_t *)&value, 1); 853 854 return (token); 855 } 856 857 /* 858 * au_to_return 859 * return s: 860 * pointer to a return value token. 861 */ 862 token_t * 863 au_to_return64(char number, uint64_t value) 864 { 865 token_t *token; /* local token */ 866 adr_t adr; /* adr memory stream header */ 867 char data_header = AUT_RETURN64; /* header for this token */ 868 869 token = get_token(2 * sizeof (char) + sizeof (int64_t)); 870 if (token == NULL) 871 return (NULL); 872 adr_start(&adr, token->tt_data); 873 adr_char(&adr, &data_header, 1); 874 adr_char(&adr, &number, 1); 875 adr_int64(&adr, (int64_t *)&value, 1); 876 877 return (token); 878 } 879 880 881 /* 882 * au_to_opaque 883 * return s: 884 * pointer to a opaque token. 885 */ 886 token_t * 887 au_to_opaque(char *opaque, short bytes) 888 { 889 token_t *token; /* local token */ 890 adr_t adr; /* adr memory stream header */ 891 char data_header = AUT_OPAQUE; /* header for this token */ 892 893 if (bytes < 1) 894 return (NULL); 895 896 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 897 if (token == NULL) 898 return (NULL); 899 adr_start(&adr, token->tt_data); 900 adr_char(&adr, &data_header, 1); 901 adr_short(&adr, &bytes, 1); 902 adr_char(&adr, opaque, bytes); 903 904 return (token); 905 } 906 907 /* 908 * au_to_in_addr 909 * return s: 910 * pointer to a internet address token 911 */ 912 token_t * 913 au_to_in_addr(struct in_addr *internet_addr) 914 { 915 token_t *token; /* local token */ 916 adr_t adr; /* adr memory stream header */ 917 char data_header = AUT_IN_ADDR; /* header for this token */ 918 919 token = get_token(sizeof (char) + sizeof (uint32_t)); 920 if (token == NULL) 921 return (NULL); 922 adr_start(&adr, token->tt_data); 923 adr_char(&adr, &data_header, 1); 924 adr_int32(&adr, (int32_t *)internet_addr, 1); 925 926 return (token); 927 } 928 929 /* 930 * au_to_iport 931 * return s: 932 * pointer to token chain containing a ip port address token 933 */ 934 token_t * 935 au_to_iport(ushort_t iport) 936 { 937 token_t *token; /* local token */ 938 adr_t adr; /* adr memory stream header */ 939 char data_header = AUT_IPORT; /* header for this token */ 940 941 token = get_token(sizeof (char) + sizeof (short)); 942 if (token == NULL) 943 return (NULL); 944 adr_start(&adr, token->tt_data); 945 adr_char(&adr, &data_header, 1); 946 adr_short(&adr, (short *)&iport, 1); 947 948 return (token); 949 } 950 951 token_t * 952 au_to_ipc(char type, int id) 953 { 954 token_t *token; /* local token */ 955 adr_t adr; /* adr memory stream header */ 956 char data_header = AUT_IPC; /* header for this token */ 957 958 token = get_token((2 * sizeof (char)) + sizeof (int32_t)); 959 if (token == NULL) 960 return (NULL); 961 adr_start(&adr, token->tt_data); 962 adr_char(&adr, &data_header, 1); 963 adr_char(&adr, &type, 1); 964 adr_int32(&adr, (int32_t *)&id, 1); 965 966 return (token); 967 } 968 969 /* 970 * au_to_tid 971 * 972 * output format depends on type; at present only IP v4 and v6 addresses 973 * are defined. 974 * 975 * IPv4 -- tid type, 16 bit remote port, 16 bit local port, ip type, 976 * 32 bit IP address. 977 * IPv6 -- tid type, 16 bit remote port, 16 bit local port, ip type, 978 * 4 x 32 bit IP address. 979 * 980 */ 981 token_t * 982 au_to_tid(au_generic_tid_t *tid) 983 { 984 char data_header = AUT_TID; /* header for this token */ 985 adr_t adr; /* adr memory stream header */ 986 token_t *token; /* local token */ 987 au_ip_t *ip; 988 989 switch (tid->gt_type) { 990 case AU_IPADR: 991 ip = &(tid->gt_adr.at_ip); 992 token = get_token((int)(2 * sizeof (char) + 2 * sizeof (short) + 993 sizeof (uint32_t) + ip->at_type)); 994 if (token == NULL) 995 return (NULL); 996 997 adr_start(&adr, token->tt_data); 998 adr_char(&adr, &data_header, 1); 999 adr_char(&adr, (char *)&(tid->gt_type), 1); 1000 adr_short(&adr, (short *)&(ip->at_r_port), 1); 1001 adr_short(&adr, (short *)&(ip->at_l_port), 1); 1002 adr_int32(&adr, (int32_t *)&(ip->at_type), 1); 1003 1004 adr_char(&adr, (char *)ip->at_addr, ip->at_type); 1005 1006 break; 1007 default: 1008 return (NULL); 1009 } 1010 return (token); 1011 } 1012 1013 /* 1014 * The Modifier tokens 1015 */ 1016 1017 /* 1018 * au_to_groups 1019 * return s: 1020 * pointer to a group list token. 1021 * 1022 * This function is obsolete. Please use au_to_newgroups. 1023 */ 1024 token_t * 1025 au_to_groups(int *groups) 1026 { 1027 token_t *token; /* local token */ 1028 adr_t adr; /* adr memory stream header */ 1029 char data_header = AUT_GROUPS; /* header for this token */ 1030 1031 token = get_token(sizeof (char) + NGROUPS * sizeof (int32_t)); 1032 if (token == NULL) 1033 return (NULL); 1034 adr_start(&adr, token->tt_data); 1035 adr_char(&adr, &data_header, 1); 1036 adr_int32(&adr, (int32_t *)groups, NGROUPS); 1037 1038 return (token); 1039 } 1040 1041 /* 1042 * au_to_newgroups 1043 * return s: 1044 * pointer to a group list token. 1045 */ 1046 token_t * 1047 au_to_newgroups(int n, gid_t *groups) 1048 { 1049 token_t *token; /* local token */ 1050 adr_t adr; /* adr memory stream header */ 1051 char data_header = AUT_NEWGROUPS; /* header for this token */ 1052 short n_groups; 1053 1054 if (n < NGROUPS_UMIN || n > NGROUPS_UMAX || groups == NULL) 1055 return (NULL); 1056 token = get_token(sizeof (char) + sizeof (short) + n * sizeof (gid_t)); 1057 if (token == NULL) 1058 return (NULL); 1059 n_groups = (short)n; 1060 adr_start(&adr, token->tt_data); 1061 adr_char(&adr, &data_header, 1); 1062 adr_short(&adr, &n_groups, 1); 1063 adr_int32(&adr, (int32_t *)groups, n_groups); 1064 1065 return (token); 1066 } 1067 1068 /* 1069 * au_to_exec_args 1070 * returns: 1071 * pointer to an exec args token. 1072 */ 1073 token_t * 1074 au_to_exec_args(char **argv) 1075 { 1076 return (au_to_exec(argv, AUT_EXEC_ARGS)); 1077 } 1078 1079 /* 1080 * au_to_exec_env 1081 * returns: 1082 * pointer to an exec args token. 1083 */ 1084 token_t * 1085 au_to_exec_env(char **envp) 1086 { 1087 return (au_to_exec(envp, AUT_EXEC_ENV)); 1088 } 1089 1090 /* 1091 * au_to_exec 1092 * returns: 1093 * pointer to an exec args token. 1094 */ 1095 static token_t * 1096 au_to_exec(char **v, char data_header) 1097 { 1098 token_t *token; 1099 adr_t adr; 1100 char **p; 1101 int32_t n = 0; 1102 int len = 0; 1103 1104 for (p = v; *p != NULL; p++) { 1105 len += strlen(*p) + 1; 1106 n++; 1107 } 1108 token = get_token(sizeof (char) + sizeof (int32_t) + len); 1109 if (token == (token_t *)NULL) 1110 return ((token_t *)NULL); 1111 adr_start(&adr, token->tt_data); 1112 adr_char(&adr, &data_header, 1); 1113 adr_int32(&adr, &n, 1); 1114 for (p = v; *p != NULL; p++) { 1115 adr_char(&adr, *p, strlen(*p) + 1); 1116 } 1117 return (token); 1118 } 1119 1120 /* 1121 * au_to_uauth 1122 * return s: 1123 * pointer to a uauth token. 1124 */ 1125 token_t * 1126 au_to_uauth(char *text) 1127 { 1128 token_t *token; /* local token */ 1129 adr_t adr; /* adr memory stream header */ 1130 char data_header = AUT_UAUTH; /* header for this token */ 1131 short bytes; /* length of string */ 1132 1133 bytes = strlen(text) + 1; 1134 1135 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1136 if (token == NULL) 1137 return (NULL); 1138 adr_start(&adr, token->tt_data); 1139 adr_char(&adr, &data_header, 1); 1140 adr_short(&adr, &bytes, 1); 1141 adr_char(&adr, text, bytes); 1142 1143 return (token); 1144 } 1145 1146 /* 1147 * au_to_upriv 1148 * return s: 1149 * pointer to a use of privilege token. 1150 */ 1151 token_t * 1152 au_to_upriv(char sorf, char *priv) 1153 { 1154 token_t *token; /* local token */ 1155 adr_t adr; /* adr memory stream header */ 1156 char data_header = AUT_UAUTH; /* header for this token */ 1157 short bytes; /* length of string */ 1158 1159 bytes = strlen(priv) + 1; 1160 1161 token = get_token(sizeof (char) + sizeof (char) + sizeof (short) + 1162 bytes); 1163 if (token == NULL) 1164 return (NULL); 1165 adr_start(&adr, token->tt_data); 1166 adr_char(&adr, &data_header, 1); 1167 adr_char(&adr, &sorf, 1); /* success/failure */ 1168 adr_short(&adr, &bytes, 1); 1169 adr_char(&adr, priv, bytes); 1170 1171 return (token); 1172 } 1173 1174 /* 1175 * au_to_xatom 1176 * return s: 1177 * pointer to a xatom token. 1178 */ 1179 token_t * 1180 au_to_xatom(char *atom) 1181 { 1182 token_t *token; /* local token */ 1183 adr_t adr; /* adr memory stream header */ 1184 char data_header = AUT_XATOM; /* header for this token */ 1185 short len; 1186 1187 len = strlen(atom) + 1; 1188 1189 token = get_token(sizeof (char) + sizeof (short) + len); 1190 if (token == NULL) 1191 return (NULL); 1192 adr_start(&adr, token->tt_data); 1193 adr_char(&adr, &data_header, 1); 1194 adr_short(&adr, (short *)&len, 1); 1195 adr_char(&adr, atom, len); 1196 1197 return (token); 1198 } 1199 1200 /* 1201 * au_to_xselect 1202 * return s: 1203 * pointer to a X select token. 1204 */ 1205 token_t * 1206 au_to_xselect(char *propname, char *proptype, char *windata) 1207 { 1208 token_t *token; /* local token */ 1209 adr_t adr; /* adr memory stream header */ 1210 char data_header = AUT_XSELECT; /* header for this token */ 1211 short proplen; 1212 short typelen; 1213 short datalen; 1214 1215 proplen = strlen(propname) + 1; 1216 typelen = strlen(proptype) + 1; 1217 datalen = strlen(windata) + 1; 1218 1219 token = get_token(sizeof (char) + (sizeof (short) * 3) + 1220 proplen + typelen + datalen); 1221 if (token == NULL) 1222 return (NULL); 1223 adr_start(&adr, token->tt_data); 1224 adr_char(&adr, &data_header, 1); 1225 adr_short(&adr, &proplen, 1); 1226 adr_char(&adr, propname, proplen); 1227 adr_short(&adr, &typelen, 1); 1228 adr_char(&adr, proptype, typelen); 1229 adr_short(&adr, &datalen, 1); 1230 adr_char(&adr, windata, datalen); 1231 1232 return (token); 1233 } 1234 1235 /* 1236 * x_common 1237 * return s: 1238 * pointer to a common X token. 1239 */ 1240 1241 static token_t * 1242 x_common(char data_header, int32_t xid, uid_t cuid) 1243 { 1244 token_t *token; /* local token */ 1245 adr_t adr; /* adr memory stream header */ 1246 1247 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (uid_t)); 1248 if (token == NULL) 1249 return (NULL); 1250 adr_start(&adr, token->tt_data); 1251 adr_char(&adr, &data_header, 1); 1252 adr_int32(&adr, &xid, 1); 1253 adr_uid(&adr, &cuid, 1); 1254 1255 return (token); 1256 } 1257 1258 /* 1259 * au_to_xcolormap 1260 * return s: 1261 * pointer to a X Colormap token. 1262 */ 1263 1264 token_t * 1265 au_to_xcolormap(int32_t xid, uid_t cuid) 1266 { 1267 return (x_common(AUT_XCOLORMAP, xid, cuid)); 1268 } 1269 1270 /* 1271 * au_to_xcursor 1272 * return s: 1273 * pointer to a X Cursor token. 1274 */ 1275 1276 token_t * 1277 au_to_xcursor(int32_t xid, uid_t cuid) 1278 { 1279 return (x_common(AUT_XCURSOR, xid, cuid)); 1280 } 1281 1282 /* 1283 * au_to_xfont 1284 * return s: 1285 * pointer to a X Font token. 1286 */ 1287 1288 token_t * 1289 au_to_xfont(int32_t xid, uid_t cuid) 1290 { 1291 return (x_common(AUT_XFONT, xid, cuid)); 1292 } 1293 1294 /* 1295 * au_to_xgc 1296 * return s: 1297 * pointer to a X Graphic Context token. 1298 */ 1299 1300 token_t * 1301 au_to_xgc(int32_t xid, uid_t cuid) 1302 { 1303 return (x_common(AUT_XGC, xid, cuid)); 1304 } 1305 1306 /* 1307 * au_to_xpixmap 1308 * return s: 1309 * pointer to a X Pixal Map token. 1310 */ 1311 1312 token_t * 1313 au_to_xpixmap(int32_t xid, uid_t cuid) 1314 { 1315 return (x_common(AUT_XPIXMAP, xid, cuid)); 1316 } 1317 1318 /* 1319 * au_to_xwindow 1320 * return s: 1321 * pointer to a X Window token. 1322 */ 1323 1324 token_t * 1325 au_to_xwindow(int32_t xid, uid_t cuid) 1326 { 1327 return (x_common(AUT_XWINDOW, xid, cuid)); 1328 } 1329 1330 /* 1331 * au_to_xproperty 1332 * return s: 1333 * pointer to a X Property token. 1334 */ 1335 1336 token_t * 1337 au_to_xproperty(int32_t xid, uid_t cuid, char *propname) 1338 { 1339 token_t *token; /* local token */ 1340 adr_t adr; /* adr memory stream header */ 1341 char data_header = AUT_XPROPERTY; /* header for this token */ 1342 short proplen; 1343 1344 proplen = strlen(propname) + 1; 1345 1346 token = get_token(sizeof (char) + sizeof (int32_t) + sizeof (uid_t) + 1347 sizeof (short) + proplen); 1348 if (token == NULL) 1349 return (NULL); 1350 adr_start(&adr, token->tt_data); 1351 adr_char(&adr, &data_header, 1); 1352 adr_int32(&adr, &xid, 1); 1353 adr_uid(&adr, &cuid, 1); 1354 adr_short(&adr, &proplen, 1); 1355 adr_char(&adr, propname, proplen); 1356 1357 return (token); 1358 } 1359 1360 /* 1361 * au_to_xclient 1362 * return s: 1363 * pointer to a X Client token 1364 */ 1365 1366 token_t * 1367 au_to_xclient(uint32_t client) 1368 { 1369 token_t *token; /* local token */ 1370 adr_t adr; /* adr memory stream header */ 1371 char data_header = AUT_XCLIENT; /* header for this token */ 1372 1373 token = get_token(sizeof (char) + sizeof (uint32_t)); 1374 if (token == NULL) 1375 return (NULL); 1376 adr_start(&adr, token->tt_data); 1377 adr_char(&adr, &data_header, 1); 1378 adr_int32(&adr, (int32_t *)&client, 1); 1379 1380 return (token); 1381 } 1382 1383 /* 1384 * au_to_label 1385 * return s: 1386 * pointer to a label token. 1387 */ 1388 token_t * 1389 au_to_label(m_label_t *label) 1390 { 1391 token_t *token; /* local token */ 1392 adr_t adr; /* adr memory stream header */ 1393 char data_header = AUT_LABEL; /* header for this token */ 1394 size_t llen = blabel_size(); 1395 1396 token = get_token(sizeof (char) + llen); 1397 if (token == NULL) { 1398 return (NULL); 1399 } else if (label == NULL) { 1400 free(token); 1401 return (NULL); 1402 } 1403 adr_start(&adr, token->tt_data); 1404 adr_char(&adr, &data_header, 1); 1405 adr_char(&adr, (char *)label, llen); 1406 1407 return (token); 1408 } 1409 1410 /* 1411 * au_to_mylabel 1412 * return s: 1413 * pointer to a label token. 1414 */ 1415 token_t * 1416 au_to_mylabel(void) 1417 { 1418 ucred_t *uc; 1419 token_t *token; 1420 1421 if ((uc = ucred_get(P_MYID)) == NULL) { 1422 return (NULL); 1423 } 1424 1425 token = au_to_label(ucred_getlabel(uc)); 1426 ucred_free(uc); 1427 return (token); 1428 } 1429 1430 /* 1431 * au_to_zonename 1432 * return s: 1433 * pointer to a zonename token. 1434 */ 1435 token_t * 1436 au_to_zonename(char *name) 1437 { 1438 token_t *token; /* local token */ 1439 adr_t adr; /* adr memory stream header */ 1440 char data_header = AUT_ZONENAME; /* header for this token */ 1441 short bytes; /* length of string */ 1442 1443 if (name == NULL) 1444 return (NULL); 1445 1446 bytes = strlen(name) + 1; 1447 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1448 if (token == NULL) 1449 return (NULL); 1450 adr_start(&adr, token->tt_data); 1451 adr_char(&adr, &data_header, 1); 1452 adr_short(&adr, &bytes, 1); 1453 adr_char(&adr, name, bytes); 1454 1455 return (token); 1456 } 1457 1458 /* 1459 * au_to_fmri 1460 * return s: 1461 * pointer to a fmri token. 1462 */ 1463 token_t * 1464 au_to_fmri(char *fmri) 1465 { 1466 token_t *token; /* local token */ 1467 adr_t adr; /* adr memory stream header */ 1468 char data_header = AUT_FMRI; /* header for this token */ 1469 short bytes; /* length of string */ 1470 1471 if (fmri == NULL) 1472 return (NULL); 1473 1474 bytes = strlen(fmri) + 1; 1475 token = get_token((int)(sizeof (char) + sizeof (short) + bytes)); 1476 if (token == NULL) 1477 return (NULL); 1478 adr_start(&adr, token->tt_data); 1479 adr_char(&adr, &data_header, 1); 1480 adr_short(&adr, &bytes, 1); 1481 adr_char(&adr, fmri, bytes); 1482 1483 return (token); 1484 } 1485