1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * Token processing for auditreduce. 31 */ 32 33 #include <locale.h> 34 #include <sys/zone.h> 35 #include "auditr.h" 36 #include "toktable.h" 37 38 extern int re_exec2(char *); 39 40 static void anchor_path(char *path); 41 static char *collapse_path(char *s); 42 static void get_string(adr_t *adr, char **p); 43 static int ipc_type_match(int flag, char type); 44 static void skip_string(adr_t *adr); 45 static int xgeneric(adr_t *adr); 46 47 #if AUDIT_REC 48 void 49 print_id(int id) 50 { 51 char *suffix; 52 53 if ((id < 0) || (id > MAXTOKEN) || 54 (tokentable[id].func == NOFUNC)) { 55 (void) fprintf(stderr, 56 "token_processing: token %d not found\n", id); 57 return; 58 } 59 60 switch (id) { 61 case AUT_NEWGROUPS: 62 suffix = "_new"; 63 break; 64 case AUT_ATTR32: 65 suffix = "32"; 66 break; 67 case AUT_ARG64: 68 case AUT_RETURN64: 69 case AUT_ATTR64: 70 case AUT_HEADER64: 71 case AUT_SUBJECT64: 72 case AUT_PROCESS64: 73 case AUT_OTHER_FILE64: 74 suffix = "64"; 75 break; 76 case AUT_SOCKET_EX: 77 case AUT_IN_ADDR_EX: 78 suffix = "_ex"; 79 break; 80 case AUT_HEADER32_EX: 81 case AUT_SUBJECT32_EX: 82 case AUT_PROCESS32_EX: 83 suffix = "32_ex"; 84 break; 85 case AUT_HEADER64_EX: 86 case AUT_SUBJECT64_EX: 87 case AUT_PROCESS64_EX: 88 suffix = "64_ex"; 89 break; 90 default: 91 suffix = ""; 92 break; 93 } 94 (void) fprintf(stderr, "token_processing: %s%s\n", 95 tokentable[id].t_name, suffix); 96 } 97 #endif /* AUDIT_REC */ 98 99 /* 100 * Process a token in a record to determine whether the record is interesting. 101 */ 102 103 int 104 token_processing(adr_t *adr, int tokenid) 105 { 106 if ((tokenid > 0) && (tokenid <= MAXTOKEN) && 107 (tokentable[tokenid].func != NOFUNC)) { 108 #if AUDIT_REC 109 print_id(tokenid); 110 #endif /* AUDIT_REC */ 111 return ((*tokentable[tokenid].func)(adr)); 112 } 113 114 /* here if token id is not in table */ 115 return (-2); 116 } 117 118 119 /* There should not be any file or header tokens in the middle of a record */ 120 121 /* ARGSUSED */ 122 int 123 file_token(adr_t *adr) 124 { 125 return (-2); 126 } 127 128 /* ARGSUSED */ 129 int 130 file64_token(adr_t *adr) 131 { 132 return (-2); 133 } 134 135 /* ARGSUSED */ 136 int 137 header_token(adr_t *adr) 138 { 139 return (-2); 140 } 141 142 /* ARGSUSED */ 143 int 144 header32_ex_token(adr_t *adr) 145 { 146 return (-2); 147 } 148 149 /* ARGSUSED */ 150 int 151 header64_ex_token(adr_t *adr) 152 { 153 return (-2); 154 } 155 156 /* ARGSUSED */ 157 int 158 header64_token(adr_t *adr) 159 { 160 return (-2); 161 } 162 163 164 /* 165 * ====================================================== 166 * The following token processing routines return 167 * -1: if the record is not interesting 168 * -2: if an error is found 169 * ====================================================== 170 */ 171 172 int 173 trailer_token(adr_t *adr) 174 { 175 short magic_number; 176 uint32_t bytes; 177 178 adrm_u_short(adr, (ushort_t *)&magic_number, 1); 179 if (magic_number != AUT_TRAILER_MAGIC) { 180 (void) fprintf(stderr, "%s\n", 181 gettext("auditreduce: Bad trailer token")); 182 return (-2); 183 } 184 adrm_u_int32(adr, &bytes, 1); 185 186 return (-1); 187 } 188 189 190 /* 191 * Format of arbitrary data token: 192 * arbitrary data token id adr char 193 * how to print adr_char 194 * basic unit adr_char 195 * unit count adr_char, specifying number of units of 196 * data items depends on basic unit 197 * 198 */ 199 int 200 arbitrary_data_token(adr_t *adr) 201 { 202 int i; 203 char c1; 204 short c2; 205 int32_t c3; 206 int64_t c4; 207 char how_to_print, basic_unit, unit_count; 208 209 /* get how_to_print, basic_unit, and unit_count */ 210 adrm_char(adr, &how_to_print, 1); 211 adrm_char(adr, &basic_unit, 1); 212 adrm_char(adr, &unit_count, 1); 213 for (i = 0; i < unit_count; i++) { 214 switch (basic_unit) { 215 /* case AUR_BYTE: has same value as AUR_CHAR */ 216 case AUR_CHAR: 217 adrm_char(adr, &c1, 1); 218 break; 219 case AUR_SHORT: 220 adrm_short(adr, &c2, 1); 221 break; 222 case AUR_INT32: 223 adrm_int32(adr, (int32_t *)&c3, 1); 224 break; 225 case AUR_INT64: 226 adrm_int64(adr, (int64_t *)&c4, 1); 227 break; 228 default: 229 return (-2); 230 break; 231 } 232 } 233 return (-1); 234 } 235 236 237 /* 238 * Format of opaque token: 239 * opaque token id adr_char 240 * size adr_short 241 * data adr_char, size times 242 * 243 */ 244 int 245 opaque_token(adr_t *adr) 246 { 247 skip_string(adr); 248 return (-1); 249 } 250 251 252 253 /* 254 * Format of return32 value token: 255 * return value token id adr_char 256 * error number adr_char 257 * return value adr_u_int32 258 * 259 */ 260 int 261 return_value32_token(adr_t *adr) 262 { 263 char errnum; 264 uint32_t value; 265 266 adrm_char(adr, &errnum, 1); 267 adrm_u_int32(adr, &value, 1); 268 if ((flags & M_SORF) && 269 ((global_class & mask.am_success) && (errnum == 0)) || 270 ((global_class & mask.am_failure) && (errnum != 0))) { 271 checkflags |= M_SORF; 272 } 273 return (-1); 274 } 275 276 /* 277 * Format of return64 value token: 278 * return value token id adr_char 279 * error number adr_char 280 * return value adr_u_int64 281 * 282 */ 283 int 284 return_value64_token(adr_t *adr) 285 { 286 char errnum; 287 uint64_t value; 288 289 adrm_char(adr, &errnum, 1); 290 adrm_u_int64(adr, &value, 1); 291 if ((flags & M_SORF) && 292 ((global_class & mask.am_success) && (errnum == 0)) || 293 ((global_class & mask.am_failure) && (errnum != 0))) { 294 checkflags |= M_SORF; 295 } 296 return (-1); 297 } 298 299 300 /* 301 * Format of sequence token: 302 * sequence token id adr_char 303 * audit_count int32_t 304 * 305 */ 306 int 307 sequence_token(adr_t *adr) 308 { 309 int32_t audit_count; 310 311 adrm_int32(adr, &audit_count, 1); 312 return (-1); 313 } 314 315 316 /* 317 * Format of text token: 318 * text token id adr_char 319 * text adr_string 320 * 321 */ 322 int 323 text_token(adr_t *adr) 324 { 325 skip_string(adr); 326 return (-1); 327 } 328 329 330 /* 331 * Format of ip_addr token: 332 * ip token id adr_char 333 * address adr_int32 334 * 335 */ 336 int 337 ip_addr_token(adr_t *adr) 338 { 339 int32_t address; 340 341 adrm_char(adr, (char *)&address, 4); 342 343 return (-1); 344 } 345 346 /* 347 * Format of ip_addr_ex token: 348 * ip token id adr_char 349 * ip type adr_int32 350 * address 4*adr_int32 351 * 352 */ 353 int 354 ip_addr_ex_token(adr_t *adr) 355 { 356 int32_t address[4]; 357 int32_t type; 358 359 adrm_int32(adr, (int32_t *)&type, 1); 360 adrm_int32(adr, (int32_t *)&address, 4); 361 362 return (-1); 363 } 364 365 /* 366 * Format of ip token: 367 * ip header token id adr_char 368 * version adr_char 369 * type of service adr_char 370 * length adr_short 371 * id adr_u_short 372 * offset adr_u_short 373 * ttl adr_char 374 * protocol adr_char 375 * checksum adr_u_short 376 * source address adr_int32 377 * destination address adr_int32 378 * 379 */ 380 int 381 ip_token(adr_t *adr) 382 { 383 char version; 384 char type; 385 short len; 386 unsigned short id, offset, checksum; 387 char ttl, protocol; 388 int32_t src, dest; 389 390 adrm_char(adr, &version, 1); 391 adrm_char(adr, &type, 1); 392 adrm_short(adr, &len, 1); 393 adrm_u_short(adr, &id, 1); 394 adrm_u_short(adr, &offset, 1); 395 adrm_char(adr, &ttl, 1); 396 adrm_char(adr, &protocol, 1); 397 adrm_u_short(adr, &checksum, 1); 398 adrm_char(adr, (char *)&src, 4); 399 adrm_char(adr, (char *)&dest, 4); 400 401 return (-1); 402 } 403 404 405 /* 406 * Format of iport token: 407 * ip port address token id adr_char 408 * port address adr_short 409 * 410 */ 411 int 412 iport_token(adr_t *adr) 413 { 414 short address; 415 416 adrm_short(adr, &address, 1); 417 418 return (-1); 419 } 420 421 422 /* 423 * Format of groups token: 424 * group token id adr_char 425 * group list adr_int32, 16 times 426 * 427 */ 428 int 429 group_token(adr_t *adr) 430 { 431 int gid[16]; 432 int i; 433 int flag = 0; 434 435 for (i = 0; i < 16; i++) { 436 adrm_int32(adr, (int32_t *)&gid[i], 1); 437 if (flags & M_GROUPR) { 438 if ((unsigned short)m_groupr == gid[i]) 439 flag = 1; 440 } 441 } 442 443 if (flags & M_GROUPR) { 444 if (flag) 445 checkflags |= M_GROUPR; 446 } 447 return (-1); 448 } 449 450 /* 451 * Format of newgroups token: 452 * group token id adr_char 453 * number of groups adr_short 454 * group list adr_int32, "number" times 455 * 456 */ 457 int 458 newgroup_token(adr_t *adr) 459 { 460 gid_t gid; 461 int i; 462 short int number; 463 464 adrm_short(adr, &number, 1); 465 466 for (i = 0; i < number; i++) { 467 adrm_int32(adr, (int32_t *)&gid, 1); 468 if (flags & M_GROUPR) { 469 if (m_groupr == gid) 470 checkflags |= M_GROUPR; 471 } 472 } 473 474 return (-1); 475 } 476 477 /* 478 * Format of argument32 token: 479 * argument token id adr_char 480 * argument number adr_char 481 * argument value adr_int32 482 * argument description adr_string 483 * 484 */ 485 int 486 argument32_token(adr_t *adr) 487 { 488 char arg_num; 489 int32_t arg_val; 490 491 adrm_char(adr, &arg_num, 1); 492 adrm_int32(adr, &arg_val, 1); 493 skip_string(adr); 494 495 return (-1); 496 } 497 498 /* 499 * Format of argument64 token: 500 * argument token id adr_char 501 * argument number adr_char 502 * argument value adr_int64 503 * argument description adr_string 504 * 505 */ 506 int 507 argument64_token(adr_t *adr) 508 { 509 char arg_num; 510 int64_t arg_val; 511 512 adrm_char(adr, &arg_num, 1); 513 adrm_int64(adr, &arg_val, 1); 514 skip_string(adr); 515 516 return (-1); 517 } 518 519 int 520 acl_token(adr_t *adr) 521 { 522 523 int32_t id; 524 int32_t mode; 525 int32_t type; 526 527 adrm_int32(adr, &type, 1); 528 adrm_int32(adr, &id, 1); 529 adrm_int32(adr, &mode, 1); 530 531 return (-1); 532 } 533 534 /* 535 * Format of attribute token: (old pre SunOS 5.7 format) 536 * attribute token id adr_char 537 * mode adr_int32 (printed in octal) 538 * uid adr_int32 539 * gid adr_int32 540 * file system id adr_int32 541 * node id adr_int32 542 * device adr_int32 543 * 544 */ 545 int 546 attribute_token(adr_t *adr) 547 { 548 int32_t dev; 549 int32_t file_sysid; 550 int32_t gid; 551 int32_t mode; 552 int32_t nodeid; 553 int32_t uid; 554 555 adrm_int32(adr, &mode, 1); 556 adrm_int32(adr, &uid, 1); 557 adrm_int32(adr, &gid, 1); 558 adrm_int32(adr, &file_sysid, 1); 559 adrm_int32(adr, &nodeid, 1); 560 adrm_int32(adr, &dev, 1); 561 562 if (!new_mode && (flags & M_USERE)) { 563 if (m_usere == uid) 564 checkflags |= M_USERE; 565 } 566 if (!new_mode && (flags & M_GROUPE)) { 567 if (m_groupe == gid) 568 checkflags |= M_GROUPE; 569 } 570 571 if (flags & M_OBJECT) { 572 if ((obj_flag & OBJ_FGROUP) && 573 (obj_group == gid)) 574 checkflags |= M_OBJECT; 575 else if ((obj_flag & OBJ_FOWNER) && 576 (obj_owner == uid)) 577 checkflags |= M_OBJECT; 578 } 579 return (-1); 580 } 581 582 /* 583 * Format of attribute32 token: 584 * attribute token id adr_char 585 * mode adr_int32 (printed in octal) 586 * uid adr_int32 587 * gid adr_int32 588 * file system id adr_int32 589 * node id adr_int64 590 * device adr_int32 591 * 592 */ 593 int 594 attribute32_token(adr_t *adr) 595 { 596 int32_t dev; 597 int32_t file_sysid; 598 int32_t gid; 599 int32_t mode; 600 int64_t nodeid; 601 int32_t uid; 602 603 adrm_int32(adr, &mode, 1); 604 adrm_int32(adr, &uid, 1); 605 adrm_int32(adr, &gid, 1); 606 adrm_int32(adr, &file_sysid, 1); 607 adrm_int64(adr, &nodeid, 1); 608 adrm_int32(adr, &dev, 1); 609 610 if (!new_mode && (flags & M_USERE)) { 611 if (m_usere == uid) 612 checkflags |= M_USERE; 613 } 614 if (!new_mode && (flags & M_GROUPE)) { 615 if (m_groupe == gid) 616 checkflags |= M_GROUPE; 617 } 618 619 if (flags & M_OBJECT) { 620 if ((obj_flag & OBJ_FGROUP) && 621 (obj_group == gid)) 622 checkflags |= M_OBJECT; 623 else if ((obj_flag & OBJ_FOWNER) && 624 (obj_owner == uid)) 625 checkflags |= M_OBJECT; 626 } 627 return (-1); 628 } 629 630 /* 631 * Format of attribute64 token: 632 * attribute token id adr_char 633 * mode adr_int32 (printed in octal) 634 * uid adr_int32 635 * gid adr_int32 636 * file system id adr_int32 637 * node id adr_int64 638 * device adr_int64 639 * 640 */ 641 int 642 attribute64_token(adr_t *adr) 643 { 644 int64_t dev; 645 int32_t file_sysid; 646 int32_t gid; 647 int32_t mode; 648 int64_t nodeid; 649 int32_t uid; 650 651 adrm_int32(adr, &mode, 1); 652 adrm_int32(adr, &uid, 1); 653 adrm_int32(adr, &gid, 1); 654 adrm_int32(adr, &file_sysid, 1); 655 adrm_int64(adr, &nodeid, 1); 656 adrm_int64(adr, &dev, 1); 657 658 if (!new_mode && (flags & M_USERE)) { 659 if (m_usere == uid) 660 checkflags |= M_USERE; 661 } 662 if (!new_mode && (flags & M_GROUPE)) { 663 if (m_groupe == gid) 664 checkflags |= M_GROUPE; 665 } 666 667 if (flags & M_OBJECT) { 668 if ((obj_flag & OBJ_FGROUP) && 669 (obj_group == gid)) 670 checkflags |= M_OBJECT; 671 else if ((obj_flag & OBJ_FOWNER) && 672 (obj_owner == uid)) 673 checkflags |= M_OBJECT; 674 } 675 return (-1); 676 } 677 678 679 /* 680 * Format of command token: 681 * attribute token id adr_char 682 * argc adr_short 683 * argv len adr_short variable amount of argv len 684 * argv text argv len and text 685 * . 686 * . 687 * . 688 * envp count adr_short variable amount of envp len 689 * envp len adr_short and text 690 * envp text envp len 691 * . 692 * . 693 * . 694 * 695 */ 696 int 697 cmd_token(adr_t *adr) 698 { 699 short cnt; 700 short i; 701 702 adrm_short(adr, &cnt, 1); 703 704 for (i = 0; i < cnt; i++) 705 skip_string(adr); 706 707 adrm_short(adr, &cnt, 1); 708 709 for (i = 0; i < cnt; i++) 710 skip_string(adr); 711 712 return (-1); 713 } 714 715 716 /* 717 * Format of exit token: 718 * attribute token id adr_char 719 * return value adr_int32 720 * errno adr_int32 721 * 722 */ 723 int 724 exit_token(adr_t *adr) 725 { 726 int32_t retval; 727 int32_t errno; 728 729 adrm_int32(adr, &retval, 1); 730 adrm_int32(adr, &errno, 1); 731 return (-1); 732 } 733 734 /* 735 * Format of strings array token: 736 * token id adr_char 737 * count value adr_int32 738 * strings null terminated strings 739 */ 740 static int 741 strings_common_token(adr_t *adr) 742 { 743 int count, i; 744 char c; 745 746 adrm_int32(adr, (int32_t *)&count, 1); 747 for (i = 1; i <= count; i++) { 748 adrm_char(adr, &c, 1); 749 while (c != (char)0) 750 adrm_char(adr, &c, 1); 751 } 752 /* no dump option here, since we will have variable length fields */ 753 return (-1); 754 } 755 756 int 757 path_attr_token(adr_t *adr) 758 { 759 return (strings_common_token(adr)); 760 } 761 762 int 763 exec_args_token(adr_t *adr) 764 { 765 return (strings_common_token(adr)); 766 } 767 768 int 769 exec_env_token(adr_t *adr) 770 { 771 return (strings_common_token(adr)); 772 } 773 774 /* 775 * Format of liaison token: 776 */ 777 int 778 liaison_token(adr_t *adr) 779 { 780 int32_t li; 781 782 adrm_int32(adr, &li, 1); 783 return (-1); 784 } 785 786 787 /* 788 * Format of path token: 789 * path adr_string 790 */ 791 int 792 path_token(adr_t *adr) 793 { 794 if ((flags & M_OBJECT) && (obj_flag == OBJ_PATH)) { 795 char *path; 796 797 get_string(adr, &path); 798 if (path[0] != '/') 799 /* 800 * anchor the path. user apps may not do it. 801 */ 802 anchor_path(path); 803 /* 804 * match against the collapsed path. that is what user sees. 805 */ 806 if (re_exec2(collapse_path(path)) == 1) 807 checkflags |= M_OBJECT; 808 free(path); 809 } else { 810 skip_string(adr); 811 } 812 return (-1); 813 } 814 815 816 /* 817 * Format of System V IPC permission token: 818 * System V IPC permission token id adr_char 819 * uid adr_int32 820 * gid adr_int32 821 * cuid adr_int32 822 * cgid adr_int32 823 * mode adr_int32 824 * seq adr_int32 825 * key adr_int32 826 * label adr_opaque, sizeof (bslabel_t) 827 * bytes 828 */ 829 int 830 s5_IPC_perm_token(adr_t *adr) 831 { 832 int32_t uid, gid, cuid, cgid, mode, seq; 833 int32_t key; 834 835 adrm_int32(adr, &uid, 1); 836 adrm_int32(adr, &gid, 1); 837 adrm_int32(adr, &cuid, 1); 838 adrm_int32(adr, &cgid, 1); 839 adrm_int32(adr, &mode, 1); 840 adrm_int32(adr, &seq, 1); 841 adrm_int32(adr, &key, 1); 842 843 if (!new_mode && (flags & M_USERE)) { 844 if (m_usere == uid) 845 checkflags |= M_USERE; 846 } 847 848 if (!new_mode && (flags & M_USERE)) { 849 if (m_usere == cuid) 850 checkflags |= M_USERE; 851 } 852 853 if (!new_mode && (flags & M_GROUPR)) { 854 if (m_groupr == gid) 855 checkflags |= M_GROUPR; 856 } 857 858 if (!new_mode && (flags & M_GROUPR)) { 859 if (m_groupr == cgid) 860 checkflags |= M_GROUPR; 861 } 862 863 if ((flags & M_OBJECT) && 864 ((obj_owner == uid) || 865 (obj_owner == cuid) || 866 (obj_group == gid) || 867 (obj_group == cgid))) { 868 869 switch (obj_flag) { 870 case OBJ_MSGGROUP: 871 case OBJ_MSGOWNER: 872 if (ipc_type_match(OBJ_MSG, ipc_type)) 873 checkflags |= M_OBJECT; 874 break; 875 case OBJ_SEMGROUP: 876 case OBJ_SEMOWNER: 877 if (ipc_type_match(OBJ_SEM, ipc_type)) 878 checkflags |= M_OBJECT; 879 break; 880 case OBJ_SHMGROUP: 881 case OBJ_SHMOWNER: 882 if (ipc_type_match(OBJ_SHM, ipc_type)) 883 checkflags |= M_OBJECT; 884 break; 885 } 886 } 887 return (-1); 888 } 889 890 891 /* 892 * Format of process32 token: 893 * process token id adr_char 894 * auid adr_int32 895 * euid adr_int32 896 * egid adr_int32 897 * ruid adr_int32 898 * rgid adr_int32 899 * pid adr_int32 900 * sid adr_int32 901 * termid adr_int32*2 902 * 903 */ 904 int 905 process32_token(adr_t *adr) 906 { 907 int32_t auid, euid, egid, ruid, rgid, pid; 908 int32_t sid; 909 int32_t port, machine; 910 911 adrm_int32(adr, &auid, 1); 912 adrm_int32(adr, &euid, 1); 913 adrm_int32(adr, &egid, 1); 914 adrm_int32(adr, &ruid, 1); 915 adrm_int32(adr, &rgid, 1); 916 adrm_int32(adr, &pid, 1); 917 adrm_int32(adr, &sid, 1); 918 adrm_int32(adr, &port, 1); 919 adrm_int32(adr, &machine, 1); 920 921 if (!new_mode && (flags & M_USERA)) { 922 if (m_usera == auid) 923 checkflags |= M_USERA; 924 } 925 if (!new_mode && (flags & M_USERE)) { 926 if (m_usere == euid) 927 checkflags |= M_USERE; 928 } 929 if (!new_mode && (flags & M_USERR)) { 930 if (m_userr == ruid) 931 checkflags |= M_USERR; 932 } 933 if (!new_mode && (flags & M_GROUPR)) { 934 if (m_groupr == rgid) 935 checkflags |= M_GROUPR; 936 } 937 if (!new_mode && (flags & M_GROUPE)) { 938 if (m_groupe == egid) 939 checkflags |= M_GROUPE; 940 } 941 942 if (flags & M_OBJECT) { 943 if ((obj_flag & OBJ_PROC) && 944 (obj_id == pid)) { 945 checkflags |= M_OBJECT; 946 } else if ((obj_flag & OBJ_PGROUP) && 947 ((obj_group == egid) || 948 (obj_group == rgid))) { 949 checkflags |= M_OBJECT; 950 } else if ((obj_flag & OBJ_POWNER) && 951 ((obj_owner == euid) || 952 (obj_group == ruid))) { 953 checkflags |= M_OBJECT; 954 } 955 } 956 return (-1); 957 } 958 959 /* 960 * Format of process32 token: 961 * process token id adr_char 962 * auid adr_int32 963 * euid adr_int32 964 * egid adr_int32 965 * ruid adr_int32 966 * rgid adr_int32 967 * pid adr_int32 968 * sid adr_int32 969 * termid adr_int32*6 970 * 971 */ 972 int 973 process32_ex_token(adr_t *adr) 974 { 975 int32_t auid, euid, egid, ruid, rgid, pid; 976 int32_t sid; 977 int32_t port, type, addr[4]; 978 979 adrm_int32(adr, &auid, 1); 980 adrm_int32(adr, &euid, 1); 981 adrm_int32(adr, &egid, 1); 982 adrm_int32(adr, &ruid, 1); 983 adrm_int32(adr, &rgid, 1); 984 adrm_int32(adr, &pid, 1); 985 adrm_int32(adr, &sid, 1); 986 adrm_int32(adr, &port, 1); 987 adrm_int32(adr, &type, 1); 988 adrm_int32(adr, &addr[0], 4); 989 990 if (!new_mode && (flags & M_USERA)) { 991 if (m_usera == auid) 992 checkflags = checkflags | M_USERA; 993 } 994 if (!new_mode && (flags & M_USERE)) { 995 if (m_usere == euid) 996 checkflags = checkflags | M_USERE; 997 } 998 if (!new_mode && (flags & M_USERR)) { 999 if (m_userr == ruid) 1000 checkflags = checkflags | M_USERR; 1001 } 1002 if (!new_mode && (flags & M_GROUPR)) { 1003 if (m_groupr == egid) 1004 checkflags = checkflags | M_GROUPR; 1005 } 1006 if (!new_mode && (flags & M_GROUPE)) { 1007 if (m_groupe == egid) 1008 checkflags = checkflags | M_GROUPE; 1009 } 1010 1011 if (flags & M_OBJECT) { 1012 if ((obj_flag & OBJ_PROC) && 1013 (obj_id == pid)) { 1014 checkflags = checkflags | M_OBJECT; 1015 } else if ((obj_flag & OBJ_PGROUP) && 1016 ((obj_group == egid) || 1017 (obj_group == rgid))) { 1018 checkflags = checkflags | M_OBJECT; 1019 } else if ((obj_flag & OBJ_POWNER) && 1020 ((obj_owner == euid) || 1021 (obj_group == ruid))) { 1022 checkflags = checkflags | M_OBJECT; 1023 } 1024 } 1025 return (-1); 1026 } 1027 1028 /* 1029 * Format of process64 token: 1030 * process token id adr_char 1031 * auid adr_int32 1032 * euid adr_int32 1033 * egid adr_int32 1034 * ruid adr_int32 1035 * rgid adr_int32 1036 * pid adr_int32 1037 * sid adr_int32 1038 * termid adr_int64+adr_int32 1039 * 1040 */ 1041 int 1042 process64_token(adr_t *adr) 1043 { 1044 int32_t auid, euid, egid, ruid, rgid, pid; 1045 int32_t sid; 1046 int64_t port; 1047 int32_t machine; 1048 1049 adrm_int32(adr, &auid, 1); 1050 adrm_int32(adr, &euid, 1); 1051 adrm_int32(adr, &egid, 1); 1052 adrm_int32(adr, &ruid, 1); 1053 adrm_int32(adr, &rgid, 1); 1054 adrm_int32(adr, &pid, 1); 1055 adrm_int32(adr, &sid, 1); 1056 adrm_int64(adr, &port, 1); 1057 adrm_int32(adr, &machine, 1); 1058 1059 if (!new_mode && (flags & M_USERA)) { 1060 if (m_usera == auid) 1061 checkflags |= M_USERA; 1062 } 1063 if (!new_mode && (flags & M_USERE)) { 1064 if (m_usere == euid) 1065 checkflags |= M_USERE; 1066 } 1067 if (!new_mode && (flags & M_USERR)) { 1068 if (m_userr == ruid) 1069 checkflags |= M_USERR; 1070 } 1071 if (!new_mode && (flags & M_GROUPR)) { 1072 if (m_groupr == rgid) 1073 checkflags |= M_GROUPR; 1074 } 1075 if (!new_mode && (flags & M_GROUPE)) { 1076 if (m_groupe == egid) 1077 checkflags |= M_GROUPE; 1078 } 1079 1080 if (flags & M_OBJECT) { 1081 if ((obj_flag & OBJ_PROC) && 1082 (obj_id == pid)) { 1083 checkflags |= M_OBJECT; 1084 } else if ((obj_flag & OBJ_PGROUP) && 1085 ((obj_group == egid) || 1086 (obj_group == rgid))) { 1087 checkflags |= M_OBJECT; 1088 } else if ((obj_flag & OBJ_POWNER) && 1089 ((obj_owner == euid) || 1090 (obj_group == ruid))) { 1091 checkflags |= M_OBJECT; 1092 } 1093 } 1094 return (-1); 1095 } 1096 1097 /* 1098 * Format of process64 token: 1099 * process token id adr_char 1100 * auid adr_int32 1101 * euid adr_int32 1102 * egid adr_int32 1103 * ruid adr_int32 1104 * rgid adr_int32 1105 * pid adr_int32 1106 * sid adr_int32 1107 * termid adr_int64+5*adr_int32 1108 * 1109 */ 1110 int 1111 process64_ex_token(adr_t *adr) 1112 { 1113 int32_t auid, euid, egid, ruid, rgid, pid; 1114 int32_t sid; 1115 int64_t port; 1116 int32_t type, addr[4]; 1117 1118 adrm_int32(adr, &auid, 1); 1119 adrm_int32(adr, &euid, 1); 1120 adrm_int32(adr, &egid, 1); 1121 adrm_int32(adr, &ruid, 1); 1122 adrm_int32(adr, &rgid, 1); 1123 adrm_int32(adr, &pid, 1); 1124 adrm_int32(adr, &sid, 1); 1125 adrm_int64(adr, &port, 1); 1126 adrm_int32(adr, &type, 1); 1127 adrm_int32(adr, &addr[0], 4); 1128 1129 if (!new_mode && (flags & M_USERA)) { 1130 if (m_usera == auid) 1131 checkflags = checkflags | M_USERA; 1132 } 1133 if (!new_mode && (flags & M_USERE)) { 1134 if (m_usere == euid) 1135 checkflags = checkflags | M_USERE; 1136 } 1137 if (!new_mode && (flags & M_USERR)) { 1138 if (m_userr == ruid) 1139 checkflags = checkflags | M_USERR; 1140 } 1141 if (!new_mode && (flags & M_GROUPR)) { 1142 if (m_groupr == egid) 1143 checkflags = checkflags | M_GROUPR; 1144 } 1145 if (!new_mode && (flags & M_GROUPE)) { 1146 if (m_groupe == egid) 1147 checkflags = checkflags | M_GROUPE; 1148 } 1149 1150 if (flags & M_OBJECT) { 1151 if ((obj_flag & OBJ_PROC) && 1152 (obj_id == pid)) { 1153 checkflags = checkflags | M_OBJECT; 1154 } else if ((obj_flag & OBJ_PGROUP) && 1155 ((obj_group == egid) || 1156 (obj_group == rgid))) { 1157 checkflags = checkflags | M_OBJECT; 1158 } else if ((obj_flag & OBJ_POWNER) && 1159 ((obj_owner == euid) || 1160 (obj_group == ruid))) { 1161 checkflags = checkflags | M_OBJECT; 1162 } 1163 } 1164 return (-1); 1165 } 1166 1167 /* 1168 * Format of System V IPC token: 1169 * System V IPC token id adr_char 1170 * object id adr_int32 1171 * 1172 */ 1173 int 1174 s5_IPC_token(adr_t *adr) 1175 { 1176 int32_t ipc_id; 1177 1178 adrm_char(adr, &ipc_type, 1); /* Global */ 1179 adrm_int32(adr, &ipc_id, 1); 1180 1181 if ((flags & M_OBJECT) && 1182 ipc_type_match(obj_flag, ipc_type) && 1183 (obj_id == ipc_id)) 1184 checkflags |= M_OBJECT; 1185 1186 return (-1); 1187 } 1188 1189 1190 /* 1191 * Format of socket token: 1192 * socket_type adrm_short 1193 * remote_port adrm_short 1194 * remote_inaddr adrm_int32 1195 * 1196 */ 1197 int 1198 socket_token(adr_t *adr) 1199 { 1200 short socket_type; 1201 short remote_port; 1202 int32_t remote_inaddr; 1203 1204 adrm_short(adr, &socket_type, 1); 1205 adrm_short(adr, &remote_port, 1); 1206 adrm_char(adr, (char *)&remote_inaddr, 4); 1207 1208 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1209 if (socket_flag == SOCKFLG_MACHINE) { 1210 if (remote_inaddr == obj_id) 1211 checkflags |= M_OBJECT; 1212 } else if (socket_flag == SOCKFLG_PORT) { 1213 if (remote_port == obj_id) 1214 checkflags |= M_OBJECT; 1215 } 1216 } 1217 return (-1); 1218 } 1219 1220 1221 /* 1222 * Format of socket token: 1223 * socket_type adrm_short 1224 * remote_port adrm_short 1225 * remote_inaddr adrm_int32 1226 * 1227 */ 1228 int 1229 socket_ex_token(adr_t *adr) 1230 { 1231 short socket_domain; 1232 short socket_type; 1233 short ip_size; 1234 short local_port; 1235 int32_t local_inaddr[4]; 1236 short remote_port; 1237 int32_t remote_inaddr[4]; 1238 1239 adrm_short(adr, &socket_domain, 1); 1240 adrm_short(adr, &socket_type, 1); 1241 adrm_short(adr, &ip_size, 1); 1242 1243 /* validate ip size */ 1244 if ((ip_size != AU_IPv6) && (ip_size != AU_IPv4)) 1245 return (0); 1246 1247 adrm_short(adr, &local_port, 1); 1248 adrm_char(adr, (char *)local_inaddr, ip_size); 1249 1250 adrm_short(adr, &remote_port, 1); 1251 adrm_char(adr, (char *)remote_inaddr, ip_size); 1252 1253 /* if IP type mis-match, then nothing to do */ 1254 if (ip_size != ip_type) 1255 return (-1); 1256 1257 if ((flags & M_OBJECT) && (obj_flag == OBJ_SOCK)) { 1258 if (socket_flag == SOCKFLG_MACHINE) { 1259 if (ip_type == AU_IPv4) { 1260 if ((local_inaddr[0] == obj_id) || 1261 (remote_inaddr[0] == obj_id)) 1262 checkflags |= M_OBJECT; 1263 } else { 1264 if (((local_inaddr[0] == ip_ipv6[0]) && 1265 (local_inaddr[1] == ip_ipv6[1]) && 1266 (local_inaddr[2] == ip_ipv6[2]) && 1267 (local_inaddr[3] == ip_ipv6[3])) || 1268 ((remote_inaddr[0] == ip_ipv6[0]) && 1269 (remote_inaddr[1] == ip_ipv6[1]) && 1270 (remote_inaddr[2] == ip_ipv6[2]) && 1271 (remote_inaddr[3] == ip_ipv6[3]))) 1272 checkflags |= M_OBJECT; 1273 } 1274 } else if (socket_flag == SOCKFLG_PORT) { 1275 if ((local_port == obj_id) || (remote_port == obj_id)) 1276 checkflags |= M_OBJECT; 1277 } 1278 } 1279 return (-1); 1280 } 1281 1282 1283 /* 1284 * Format of subject32 token: 1285 * subject token id adr_char 1286 * auid adr_int32 1287 * euid adr_int32 1288 * egid adr_int32 1289 * ruid adr_int32 1290 * rgid adr_int32 1291 * pid adr_int32 1292 * sid adr_int32 1293 * termid adr_int32*2 1294 * 1295 */ 1296 int 1297 subject32_token(adr_t *adr) 1298 { 1299 int32_t auid, euid, egid, ruid, rgid, pid; 1300 int32_t sid; 1301 int32_t port, machine; 1302 1303 adrm_int32(adr, &auid, 1); 1304 adrm_int32(adr, &euid, 1); 1305 adrm_int32(adr, &egid, 1); 1306 adrm_int32(adr, &ruid, 1); 1307 adrm_int32(adr, &rgid, 1); 1308 adrm_int32(adr, &pid, 1); 1309 adrm_int32(adr, &sid, 1); 1310 adrm_int32(adr, &port, 1); 1311 adrm_int32(adr, &machine, 1); 1312 1313 if (flags & M_SUBJECT) { 1314 if (subj_id == pid) 1315 checkflags |= M_SUBJECT; 1316 } 1317 if (flags & M_USERA) { 1318 if (m_usera == auid) 1319 checkflags |= M_USERA; 1320 } 1321 if (flags & M_USERE) { 1322 if (m_usere == euid) 1323 checkflags |= M_USERE; 1324 } 1325 if (flags & M_USERR) { 1326 if (m_userr == ruid) 1327 checkflags |= M_USERR; 1328 } 1329 if (flags & M_GROUPR) { 1330 if (m_groupr == rgid) 1331 checkflags |= M_GROUPR; 1332 } 1333 if (flags & M_GROUPE) { 1334 if (m_groupe == egid) 1335 checkflags |= M_GROUPE; 1336 } 1337 if (flags & M_SID) { 1338 if (m_sid == sid) 1339 checkflags |= M_SID; 1340 } 1341 return (-1); 1342 } 1343 1344 /* 1345 * Format of subject32_ex token: 1346 * subject token id adr_char 1347 * auid adr_int32 1348 * euid adr_int32 1349 * egid adr_int32 1350 * ruid adr_int32 1351 * rgid adr_int32 1352 * pid adr_int32 1353 * sid adr_int32 1354 * termid_addr adr_int32*6 1355 * 1356 */ 1357 int 1358 subject32_ex_token(adr_t *adr) 1359 { 1360 int32_t auid, euid, egid, ruid, rgid, pid; 1361 int32_t sid; 1362 int32_t port, type, addr[4]; 1363 1364 adrm_int32(adr, &auid, 1); 1365 adrm_int32(adr, &euid, 1); 1366 adrm_int32(adr, &egid, 1); 1367 adrm_int32(adr, &ruid, 1); 1368 adrm_int32(adr, &rgid, 1); 1369 adrm_int32(adr, &pid, 1); 1370 adrm_int32(adr, &sid, 1); 1371 adrm_int32(adr, &port, 1); 1372 adrm_int32(adr, &type, 1); 1373 adrm_int32(adr, &addr[0], 4); 1374 1375 if (flags & M_SUBJECT) { 1376 if (subj_id == pid) 1377 checkflags = checkflags | M_SUBJECT; 1378 } 1379 if (flags & M_USERA) { 1380 if (m_usera == auid) 1381 checkflags = checkflags | M_USERA; 1382 } 1383 if (flags & M_USERE) { 1384 if (m_usere == euid) 1385 checkflags = checkflags | M_USERE; 1386 } 1387 if (flags & M_USERR) { 1388 if (m_userr == ruid) 1389 checkflags = checkflags | M_USERR; 1390 } 1391 if (flags & M_GROUPR) { 1392 if (m_groupr == egid) 1393 checkflags = checkflags | M_GROUPR; 1394 } 1395 if (flags & M_GROUPE) { 1396 if (m_groupe == egid) 1397 checkflags = checkflags | M_GROUPE; 1398 } 1399 if (flags & M_SID) { 1400 if (m_sid == sid) 1401 checkflags = checkflags | M_SID; 1402 } 1403 return (-1); 1404 } 1405 1406 /* 1407 * Format of subject64 token: 1408 * subject token id adr_char 1409 * auid adr_int32 1410 * euid adr_int32 1411 * egid adr_int32 1412 * ruid adr_int32 1413 * rgid adr_int32 1414 * pid adr_int32 1415 * sid adr_int32 1416 * termid adr_int64+adr_int32 1417 * 1418 */ 1419 int 1420 subject64_token(adr_t *adr) 1421 { 1422 int32_t auid, euid, egid, ruid, rgid, pid; 1423 int32_t sid; 1424 int64_t port; 1425 int32_t machine; 1426 1427 adrm_int32(adr, &auid, 1); 1428 adrm_int32(adr, &euid, 1); 1429 adrm_int32(adr, &egid, 1); 1430 adrm_int32(adr, &ruid, 1); 1431 adrm_int32(adr, &rgid, 1); 1432 adrm_int32(adr, &pid, 1); 1433 adrm_int32(adr, &sid, 1); 1434 adrm_int64(adr, &port, 1); 1435 adrm_int32(adr, &machine, 1); 1436 1437 if (flags & M_SUBJECT) { 1438 if (subj_id == pid) 1439 checkflags |= M_SUBJECT; 1440 } 1441 if (flags & M_USERA) { 1442 if (m_usera == auid) 1443 checkflags |= M_USERA; 1444 } 1445 if (flags & M_USERE) { 1446 if (m_usere == euid) 1447 checkflags |= M_USERE; 1448 } 1449 if (flags & M_USERR) { 1450 if (m_userr == ruid) 1451 checkflags |= M_USERR; 1452 } 1453 if (flags & M_GROUPR) { 1454 if (m_groupr == rgid) 1455 checkflags |= M_GROUPR; 1456 } 1457 if (flags & M_GROUPE) { 1458 if (m_groupe == egid) 1459 checkflags |= M_GROUPE; 1460 } 1461 if (flags & M_SID) { 1462 if (m_sid == sid) 1463 checkflags |= M_SID; 1464 } 1465 return (-1); 1466 } 1467 1468 /* 1469 * Format of subject64 token: 1470 * subject token id adr_char 1471 * auid adr_int32 1472 * euid adr_int32 1473 * egid adr_int32 1474 * ruid adr_int32 1475 * rgid adr_int32 1476 * pid adr_int32 1477 * sid adr_int32 1478 * termid adr_int64+5*adr_int32 1479 * 1480 */ 1481 int 1482 subject64_ex_token(adr_t *adr) 1483 { 1484 int32_t auid, euid, egid, ruid, rgid, pid; 1485 int32_t sid; 1486 int64_t port; 1487 int32_t type, addr[4]; 1488 1489 adrm_int32(adr, &auid, 1); 1490 adrm_int32(adr, &euid, 1); 1491 adrm_int32(adr, &egid, 1); 1492 adrm_int32(adr, &ruid, 1); 1493 adrm_int32(adr, &rgid, 1); 1494 adrm_int32(adr, &pid, 1); 1495 adrm_int32(adr, &sid, 1); 1496 adrm_int64(adr, &port, 1); 1497 adrm_int32(adr, &type, 1); 1498 adrm_int32(adr, &addr[0], 4); 1499 1500 if (flags & M_SUBJECT) { 1501 if (subj_id == pid) 1502 checkflags = checkflags | M_SUBJECT; 1503 } 1504 if (flags & M_USERA) { 1505 if (m_usera == auid) 1506 checkflags = checkflags | M_USERA; 1507 } 1508 if (flags & M_USERE) { 1509 if (m_usere == euid) 1510 checkflags = checkflags | M_USERE; 1511 } 1512 if (flags & M_USERR) { 1513 if (m_userr == ruid) 1514 checkflags = checkflags | M_USERR; 1515 } 1516 if (flags & M_GROUPR) { 1517 if (m_groupr == egid) 1518 checkflags = checkflags | M_GROUPR; 1519 } 1520 if (flags & M_GROUPE) { 1521 if (m_groupe == egid) 1522 checkflags = checkflags | M_GROUPE; 1523 } 1524 if (flags & M_SID) { 1525 if (m_sid == sid) 1526 checkflags = checkflags | M_SID; 1527 } 1528 return (-1); 1529 } 1530 1531 /* 1532 * ----------------------------------------------------------------------- 1533 * tid_token(): Process tid token and display contents 1534 * 1535 * Format of tid token: 1536 * tid token id adr_char 1537 * address type adr_char 1538 * For address type of AU_IPADR... 1539 * remote port adr_short 1540 * local port adr_short 1541 * IP type adr_int32 1542 * IP addr adr_int32 if IPv4 1543 * IP addr 4 x adr_int32 if IPv6 1544 * address types other than AU_IPADR are not yet defined 1545 * ----------------------------------------------------------------------- 1546 */ 1547 int 1548 tid_token(adr_t *adr) 1549 { 1550 int32_t address[4]; 1551 int32_t ip_type; 1552 char tid_type; 1553 short rport; 1554 short lport; 1555 1556 adrm_char(adr, &tid_type, 1); 1557 switch (tid_type) { 1558 case AU_IPADR: 1559 adrm_short(adr, &rport, 1); 1560 adrm_short(adr, &lport, 1); 1561 adrm_int32(adr, &ip_type, 1); 1562 adrm_char(adr, (char *)&address, ip_type); 1563 break; 1564 default: 1565 return (0); 1566 } 1567 return (-1); 1568 } 1569 1570 /* 1571 * ----------------------------------------------------------------------- 1572 * zonename_token(): Process zonename token and display contents 1573 * 1574 * Format of zonename token: 1575 * zonename token id adr_char 1576 * zone name adr_string 1577 * ----------------------------------------------------------------------- 1578 */ 1579 int 1580 zonename_token(adr_t *adr) 1581 { 1582 char *name; 1583 1584 if (flags & M_ZONENAME) { 1585 get_string(adr, &name); 1586 if (strncmp(zonename, name, ZONENAME_MAX) == 0) 1587 checkflags |= M_ZONENAME; 1588 free(name); 1589 } else { 1590 skip_string(adr); 1591 } 1592 return (-1); 1593 } 1594 1595 /* 1596 * Format of xatom token: 1597 */ 1598 int 1599 xatom_token(adr_t *adr) 1600 { 1601 skip_string(adr); 1602 1603 return (-1); 1604 } 1605 1606 /* 1607 * Format of xselect token: 1608 */ 1609 int 1610 xselect_token(adr_t *adr) 1611 { 1612 skip_string(adr); 1613 skip_string(adr); 1614 skip_string(adr); 1615 1616 return (-1); 1617 } 1618 1619 /* 1620 * anchor a path name with a slash 1621 * assume we have enough space 1622 */ 1623 void 1624 anchor_path(char *path) 1625 { 1626 (void) memmove((void *)(path + 1), (void *)path, strlen(path) + 1); 1627 *path = '/'; 1628 } 1629 1630 1631 /* 1632 * copy path to collapsed path. 1633 * collapsed path does not contain: 1634 * successive slashes 1635 * instances of dot-slash 1636 * instances of dot-dot-slash 1637 * passed path must be anchored with a '/' 1638 */ 1639 char * 1640 collapse_path(char *s) 1641 { 1642 int id; /* index of where we are in destination string */ 1643 int is; /* index of where we are in source string */ 1644 int slashseen; /* have we seen a slash */ 1645 int ls; /* length of source string */ 1646 1647 ls = strlen(s) + 1; 1648 1649 slashseen = 0; 1650 for (is = 0, id = 0; is < ls; is++) { 1651 /* thats all folks, we've reached the end of input */ 1652 if (s[is] == '\0') { 1653 if (id > 1 && s[id-1] == '/') { 1654 --id; 1655 } 1656 s[id++] = '\0'; 1657 break; 1658 } 1659 /* previous character was a / */ 1660 if (slashseen) { 1661 if (s[is] == '/') 1662 continue; /* another slash, ignore it */ 1663 } else if (s[is] == '/') { 1664 /* we see a /, just copy it and try again */ 1665 slashseen = 1; 1666 s[id++] = '/'; 1667 continue; 1668 } 1669 /* /./ seen */ 1670 if (s[is] == '.' && s[is+1] == '/') { 1671 is += 1; 1672 continue; 1673 } 1674 /* XXX/. seen */ 1675 if (s[is] == '.' && s[is+1] == '\0') { 1676 if (id > 1) 1677 id--; 1678 continue; 1679 } 1680 /* XXX/.. seen */ 1681 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '\0') { 1682 is += 1; 1683 if (id > 0) 1684 id--; 1685 while (id > 0 && s[--id] != '/'); 1686 id++; 1687 continue; 1688 } 1689 /* XXX/../ seen */ 1690 if (s[is] == '.' && s[is+1] == '.' && s[is+2] == '/') { 1691 is += 2; 1692 if (id > 0) 1693 id--; 1694 while (id > 0 && s[--id] != '/'); 1695 id++; 1696 continue; 1697 } 1698 while (is < ls && (s[id++] = s[is++]) != '/'); 1699 is--; 1700 } 1701 return (s); 1702 } 1703 1704 1705 int 1706 ipc_type_match(int flag, char type) 1707 { 1708 if (flag == OBJ_SEM && type == AT_IPC_SEM) 1709 return (1); 1710 1711 if (flag == OBJ_MSG && type == AT_IPC_MSG) 1712 return (1); 1713 1714 if (flag == OBJ_SHM && type == AT_IPC_SHM) 1715 return (1); 1716 1717 return (0); 1718 } 1719 1720 1721 void 1722 skip_string(adr_t *adr) 1723 { 1724 ushort_t c; 1725 1726 adrm_u_short(adr, &c, 1); 1727 adr->adr_now += c; 1728 } 1729 1730 1731 void 1732 get_string(adr_t *adr, char **p) 1733 { 1734 ushort_t c; 1735 1736 adrm_u_short(adr, &c, 1); 1737 *p = a_calloc(1, (size_t)c); 1738 adrm_char(adr, *p, c); 1739 } 1740 1741 1742 /* 1743 * Format of host token: 1744 * host ard_uint32 1745 */ 1746 int 1747 host_token(adr_t *adr) 1748 { 1749 uint32_t host; 1750 1751 adrm_u_int32(adr, &host, 1); 1752 1753 return (-1); 1754 } 1755 1756 /* 1757 * Format of useofauth token: 1758 * uauth token id adr_char 1759 * uauth adr_string 1760 * 1761 */ 1762 int 1763 useofauth_token(adr_t *adr) 1764 { 1765 skip_string(adr); 1766 return (-1); 1767 } 1768 1769 int 1770 xcolormap_token(adr_t *adr) 1771 { 1772 return (xgeneric(adr)); 1773 } 1774 1775 int 1776 xcursor_token(adr_t *adr) 1777 { 1778 return (xgeneric(adr)); 1779 } 1780 1781 int 1782 xfont_token(adr_t *adr) 1783 { 1784 return (xgeneric(adr)); 1785 } 1786 1787 int 1788 xgc_token(adr_t *adr) 1789 { 1790 return (xgeneric(adr)); 1791 } 1792 1793 int 1794 xpixmap_token(adr_t *adr) 1795 { 1796 return (xgeneric(adr)); 1797 } 1798 1799 int 1800 xwindow_token(adr_t *adr) 1801 { 1802 return (xgeneric(adr)); 1803 } 1804 1805 1806 /* 1807 * Format of xgeneric token: 1808 * XID adr_int32 1809 * creator UID adr_int32 1810 * 1811 * Includes: xcolormap, xcursor, xfont, xgc, xpixmap, and xwindow 1812 */ 1813 int 1814 xgeneric(adr_t *adr) 1815 { 1816 int32_t xid; 1817 int32_t uid; 1818 1819 adrm_int32(adr, &xid, 1); 1820 adrm_int32(adr, &uid, 1); 1821 1822 if (flags & M_USERE) { 1823 if (m_usere == uid) 1824 checkflags = checkflags | M_USERE; 1825 } 1826 1827 return (-1); 1828 } 1829 1830 1831 /* 1832 * Format of xproperty token: 1833 * XID adr_int32 1834 * creator UID adr_int32 1835 * atom string adr_string 1836 */ 1837 int 1838 xproperty_token(adr_t *adr) 1839 { 1840 int32_t xid; 1841 int32_t uid; 1842 1843 adrm_int32(adr, &xid, 1); 1844 adrm_int32(adr, &uid, 1); 1845 skip_string(adr); 1846 1847 if (flags & M_USERE) { 1848 if (m_usere == uid) 1849 checkflags = checkflags | M_USERE; 1850 } 1851 1852 return (-1); 1853 } 1854 1855 1856 /* 1857 * Format of xclient token: 1858 * xclient id adr_int32 1859 */ 1860 int 1861 xclient_token(adr_t *adr) 1862 { 1863 int32_t client_id; 1864 1865 adrm_int32(adr, &client_id, 1); 1866 1867 return (-1); 1868 } 1869 1870 /* 1871 * Format of clearance token: 1872 * clearance adr_char*(sizeof (bclear_t)) 1873 */ 1874 #ifndef TSOL 1875 /* ARGSUSED */ 1876 #endif /* !TSOL */ 1877 int 1878 clearance_token(adr_t *adr) 1879 { 1880 #ifdef TSOL 1881 bclear_t clearance; 1882 1883 adrm_char(adr, (char *)&clearance, sizeof (bclear_t)); 1884 return (-1); 1885 #else /* !TSOL */ 1886 return (-2); 1887 #endif /* TSOL */ 1888 } 1889 1890 1891 /* 1892 * Format of ilabel token: 1893 * ilabel adr_char*(sizeof (bilabel_t)) 1894 */ 1895 #ifndef TSOL 1896 /* ARGSUSED */ 1897 #endif /* !TSOL */ 1898 int 1899 ilabel_token(adr_t *adr) 1900 { 1901 #ifdef TSOL 1902 bilabel_t ilabel; 1903 1904 adrm_char(adr, (char *)&ilabel, sizeof (ilabel)); 1905 1906 return (-1); 1907 #else /* !TSOL */ 1908 return (-2); 1909 #endif /* TSOL */ 1910 } 1911 1912 /* 1913 * Format of privilege set token: 1914 * priv_set type string 1915 * priv_set string 1916 */ 1917 1918 int 1919 privilege_token(adr_t *adr) 1920 { 1921 skip_string(adr); /* set type name */ 1922 skip_string(adr); /* privilege set */ 1923 return (-1); 1924 } 1925 1926 /* 1927 * Format of slabel token: 1928 * slabel adr_char*(sizeof (bslabel_t)) 1929 */ 1930 #ifndef TSOL 1931 /* ARGSUSED */ 1932 #endif /* !TSOL */ 1933 int 1934 slabel_token(adr_t *adr) 1935 { 1936 #ifdef TSOL 1937 bslabel_t slabel; 1938 1939 adrm_char(adr, (char *)&slabel, sizeof (slabel)); 1940 1941 if (flags & M_SLABEL) { 1942 if (blinrange(&slabel, &m_slabel)) 1943 checkflags = checkflags | M_SLABEL; 1944 } 1945 1946 return (-1); 1947 #else /* !TSOL */ 1948 return (-2); 1949 #endif /* TSOL */ 1950 } 1951 1952 1953 /* 1954 * Format of useofpriv token: 1955 * success/failure adr_char 1956 * TSOL: 1957 * privilege adr_int32 1958 * SOL: 1959 * privilege(s) adr_string 1960 */ 1961 #ifndef TSOL 1962 /* ARGSUSED */ 1963 #endif /* !TSOL */ 1964 int 1965 useofpriv_token(adr_t *adr) 1966 { 1967 char flag; 1968 1969 #ifdef TSOL 1970 priv_t priv; 1971 1972 adrm_char(adr, &flag, 1); 1973 adrm_int32(adr, (int32_t *)&priv, 1); 1974 1975 return (-1); 1976 #else /* !TSOL */ 1977 1978 adrm_char(adr, &flag, 1); 1979 skip_string(adr); 1980 return (-1); 1981 #endif /* TSOL */ 1982 } 1983